3COM NETBuilder User Manual

NETBuilder

®

Family Software

Version 11.1 Release Notes

3Com provides a documentation CD-ROM that includes all NETBuilder
software version 11.1 manuals. To obtain a hardcopy version of the 11.1
documentation, order part number

You can order the documentation CD-ROM using part number 3C6461P.
Additionally, all documentation for NETBuilder software version 11.1 is located

on the 3Com website:

http://infodeli.3com.com/infodeli/tools/bridrout/index.htm

3C6460P .

®

http://www.3com.com/

Part No. 86-0595-001
Published July 1998

3Com Corporation
5400 Bayfront Plaza
Santa Clara, California
95052-8145

Copyright © 3Com Corporation, 1998. All rights reserved. No part of this documentation may be
reproduced in any form or by any means or used to make any derivative work (such as translation,
transformation, or adaptation) without permission from 3Com Corporation.

3Com Corporation reserves the right to revise this documentation and to make changes in content from
time to time without obligation on the part of 3Com Corporation to provide notification of such revision or
change.

3Com Corporation provides this documentation without warranty of any kind, either implied or expressed,
including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose.
3Com may make improvements or changes in the product(s) and/or the program(s) described in this
documentation at any time.

UNITED STATES GOVERNMENT LEGENDS:

If you are a United States government agency, then this documentation and the software described herein
are provided to you subject to the following restricted rights:

For units of the Department of Defense:

Restricted Rights Legend: Use, duplication, or disclosure by the Government is subject to restrictions as set

forth in subparagraph (c) (1) (ii) for Restricted Rights in Technical Data and Computer Software Clause at 48
C.F.R. 52.227-7013. 3Com Corporation, 5400 Bayfront Plaza, Santa Clara, California 95052-8145.

For civilian agencies:

Restricted Rights Legend: Use, reproduction, or disclosure is subject to restrictions set forth in subparagraph

(a) through (d) of the Commercial Computer Software – Restricted Rights Clause at 48 C.F.R. 52.227-19 and
the limitations set forth in 3Com Corporation’s standard commercial agreement for the software.
Unpublished rights reserved under the copyright laws of the United States.

If there is any software on removable media described in this documentation, it is furnished under a license
agreement included with the product as a separate document, in the hard copy documentation, or on the
removable media in a directory file named LICENSE.TXT. If you are unable to locate a copy, please contact
3Com and a copy will be provided to you.

The software you have received may contain strong data encryption code that cannot be
exported outside of the U.S. or Canada. You agree that you will not export/reexport, either
physically or electronically, the encryption software or accompanying documentation (or copies
thereof) or any products utilizing the encryption software or such documentation without
obtaining written authorization from the U.S. Department of Commerce.

Unless otherwise indicated, 3Com registered trademarks are register ed in the United States and may or may
not be registered in other countries.

3Com, AccessBuilder, Boundary Routing, NETBuilder, NETBuilder II, OfficeConnect, SuperStack, and
Transcend are registered trademarks and Edge Server and Total Control are trademarks of 3Com
Corporation.

IBM, AS/400, SNA, and LAN Net Manager are registered trademarks of International Business Machines
Corporation. Advanced Peer-to-Peer Networking and APPN are trademarks of International Business
Machines Corporation. DECnet is a registered trademark of Digital Equipment Corporation. AppleTalk is a
registered trademark of Apple Computer, Inc. NetWare is a registered trademark of Novell, Inc. RealPlayer is
a trademark of Real Networks. UNIX is a registered trademark in the United States and other countries,
licensed exclusively through X/Open Company, Ltd. VINES is a registered trademark of Banyan Systems.
SunOS is a trademark of Sun Microsystems, Inc. XNS is a trademark of Xerox Corporation.

Other brand and product names may be registered trademarks or trademarks of their respective holders.

C

ONTENTS

NETB

Encryption Packages Notice 9
Supported Platforms 10
New Products 10

Supported PC Flash Memory Cards 10
Approved DRAM SIMMs 11
New Features 11

New Features Application Notes 17

11.1 Software Packages 20

Item Not Supported 30
NETBuilder Upgrade Management Utilities 30

Upgrade Management Known Issues 32

UILDER

SuperStack II SI 5xx (4-port) 10

VPN Features 11
New and Enhanced Protocol Features 13
System Features 15
Legacy/ATM Features 15
Network Management Features 16

Placing a Data Over Voice Call 17
Digi64S2 18
ASCII Boot 18

NETBuilder II 20
SuperStack II SI 22
SuperStack II Token Ring 24
OfficeConnect 25

Downloading NETBuilder Upgrade Management Utilities 30
UNIX Files 30
Windows Files 30
Executing

profile.bat 31
Version 11.1 NETBuilder Upgrade Management Utilities 31
Upgrading to 11.1 Utilities with Transcend Enterprise Manager 31

bcmdiagnose Error Message 32
Unreleased Netscape Communicator Version 32
SuperStack II NETBuilder Token Ring Upgrades 32
Sysupgrade Not Supported 32
IP Address Link 32
Concurrent Usage 32
bcmdiagnose and HP-UX 32

S

OFTWARE

V

ERSION

11.1 R

ELEASE

N

OTES

bcmfdinteg 32
File Conversion Considerations 33
Upgrading From Release 8.3 or Earlier 33
Upgrade Link and Netscape Browser Scroll Bars 34
Upgrade Link Window Resizing 34

Notes and Cautions 34

APPN Connections to 3174 through Token Ring 34
Asynch Tunnelling on Serial Ports 34
ATM LAN Emulation Clients and Large 802.3 Frames 34
Automatic Line Detection 34
Bandwidth-on-

Demand Timer Precedence 34
Baud Rates for WAN Ports in DCE Mode 35
Supported Modems 35
BGP Configuration Files 35
BSC Cabling and Clocking 35
Boundary Routing and NetView Service Point 36
Compression Requirements 36
Configuring BSC and NCPs 36
CONNectUsage Parameter Default Change 36
DLSw Circuit Balancing 36
DLSw Prioritization 36
Disaster Recovery on Ports Without Leased Lines 36
DTR Modems 36
Firmware Configuration 36
Firmware Update 36
IBM-Related Services in Token Ring 37
IPX Routing, Route Receive and Route Advertisement Policies 38
LAN Network Manager with NETBuilder II Systems 39
LLC2 Frames and PPP 39
Remote Access Default Change 39
SuperStack II and OfficeConnect Boot Path 39
V.25bis Modem Setup 39
Web Link Documentation Path 39
Zmodem Time Out 39

Known Problems 39

APPN CP-CP Sessions and SNA Boundary Routing 39
APPN CP-CP Sessions on Parallel TGs 40
ATM Connection Table 40
Baud Rates for

Async PPP 40
BGP MaxPeers Parameter Changes 40
Boot Cycle Continuous Loop 40
Change Configuration and Diagnostic Menu 40
Changing the Transfer Mode Parameter Default Value 40
CHAP Rejection Message 40
CPU Utilization Statistic 41
Deleting ATM Neighbors 41

DHCP Address Pool Changes 41
Displaying Configuration Profiles 41
Dynamic Paths 41
Extensible Authentication Protocol 41
File System Error 41
Frame Relay Congestion Control 41
History-Based Compression Negotiation Failure 42
IPX to Non-IPX Configuration Error 42
MBRI Ownership During Board Swapping 42
Microsoft MPPE Patches and Updates 42
MOSPF DLSw Multicast 42
Multiple Paths to BootP Server 42
NAT Service - Many to One Outbound Translation 42
NAT Service - TCP/UDP Port Mappings 42
PPP Configuration Display Errors 42
PPTP Tunnel Security Validation 43
RAS Ports with Manual Dial Configured Tunnels 43
Remote Office RAS Clients and Virtual Port Attributes 43
SPID Wizard Detection Errors 43
STP AutoMode Does Not Select the Right Mode 43
Syntax Checking in PPP AuthRemoteUser Command 44
UI Response Time With Large SDLC configuration 44
VTAM Program Temporary Fixes 44
Web Link Boundary Router Remote LAN Type Display 44
Web Link Firewall Service Support 44
Web Link Login Support 44
Web Link Reload Button 44

Limitations 45

ACCM Not Configurable 45
APPN 45
APPN DLUr Connections to 3174 Systems 45
ATM Emulated LANs 45
Auto Start-up Does Not Include Async 45
BSC and Leased Lines 45
DLSw and IBM Boundary Routing in Large Networks 45
Front-End Processor/Frame Relay Access for LLC2 Traffic 46
History Compression Not Allowed With Async PPP 46
HPR and ISR Configurations 46
IBM Boundary Routing Topology Disaster Recovery 46
Maximum BSC Line Speed 47
Multilink PPP Configurations 47
Multiport MBRI Module SNMP Management 47
NAT Proxy ARP 47
RouteDiscovery 47
SDHLC Half-Duplex Mode 47
SDLC 47
SDLC Adjacent Link Stations for APPN 48
Source Route Transparent Bridging Gateway (SRTG) Interoperability 48

SDLC Ports and NetView Service Point 48
Source-Route Transparent Gateway 48
Token Ring+ Modules 48
VRRP Configuration 48

C

ONFIGURING

Configuring IPsec 51

Creating Policies 51
Creating Key Sets 52
Configuring Manual Key Information 53
Enabling IPsec 54
Setting up a

VPN PPTP Tunnel 54
Establishing the Dialup Tunnel 56

How IPsec Works 56

Policies 57
Encapsulation Security Payload (ESP) 57
Authentication Header (AH) 58

IPSEC S

CONFiguration 61
CONTrol 61
KeyEncryptionKey 61
KeySet 62
ManualKeyInfo 63
manualPOLicy 63

ERVICE

IP

SEC

P

ARAMETERS

RSVP S

CONFiguration 67
CONTrol 67
MaxFlowRate 68
REQuest 68
RESerVation 68
UDPEndcap 68

SR S

AllRoutes 69
ROUte 70

SYS S

CONFiguration 73

ERVICE

ERVICE

ERVICE

P

P

ARAMETERS

ARAMETERS

P

ARAMETERS

INK

WEBL

StatPollInterval 75

ERVICE

S

ARAMETERS

P

NETB

11.1 R

These release notes provide information on the following topics for NETBuilder
software version 11.1:

Encryption Packages Notice

■

■

Supported platforms

■

New products
Supported PC flash memory cards

■

■

Approved DRAM SIMMs for the DPE Module

■

New Features and application notes

11.1 Software Packages

■

■

NETBuilder Upgrade Management Utilities

■

Notes and cautions
Known problems

■

■

Limitations

■

Changes and additions to the following guides:

Reference for NETBuilder Family Software
Using NETBuilder Family Software

UILDER

ELEASE

S

OFTWARE

OTES

N

V

ERSION

®

Encryption
Packages
Notice

Part No. 86-0595-001
Published July 1998

If you have questions about the software, the guides, or these release notes,
contact 3Com or your network supplier.

For information on the command syntax used in these release notes, see “About
This Guide” in

The NETBuilder bridge/router software version 11.1 may contain strong
data encryption that cannot be exported outside the United States or
Canada. It is unlawful to export/re-export or transfer, either physically or
electronically, the encryption software or accompanying documentation
(or copies thereof) or any product(s) utilizing the encryption software or
such documentation without obtaining written authorization from the US
Department of Commerce.

Do not place NETBuilder software version 11.1 packages with encryption
on networks or servers that are accessible to users outside of the U.S. and
Canada.

Software packages with encryption include the following:

■

NETBuilder II

Using NETBuilder Family Software .

®

NETB

UILDER

OFTWARE

S

V

10

ERSION

11.1 R

ELEASE

N

OTES

Multi-protocol Router with 56-bit Encryption (DE)
Multi-protocol Router with 128-bit Encryption (DS)

■

SuperStack

®

II
IP/IPX/AT Router with 56-bit Encryption (NE) (SI model)
IP/IPX/AT Router with 128-bit Encryption (NS) (SI model)
Multi-protocol Router with 56-bit Encryption (CE) (SI model)
Multi-protocol Router with 128-bit Encryption (CS) (SI model)
Multi-protocol Router with 56-bit Encryption (TE) (Token Ring

models 327 and 527)

■

OfficeConnect

®

IP/IPX/AT Router with 56-bit Encryption (NE)
IP/IPX/AT Router with 128-bit Encryption (NS)
Multi-protocol Router with Quick Step VPN and 56-bit Encryption (VE)
Multi-protocol Router with 56-bit Encryption (OE)
Multi-protocol Router with 128-bit Encryption (OS)

Supported Platforms

New Products

SuperStack II SI 5xx

(4-port)

Supported PC Flash
Memory Cards

NETBuilder software version 11.1 is available for the following platforms:

■

NETBuilder II
SuperStack II NETBuilder models 327 and 527

■

■

SuperStack II NETBuilder SI models 43x, 44x, 45x, 46x, 53x, 54x, 55x, and 56x

■

OfficeConnect NETBuilder models 11x, 12x (K and T variants),13x, and
14x (U and ST variants)

NETBuilder software version 11.1 supports the following new products:
This release integrates the 4-port WAN platform into the NETBuilder software

version 11.1 code base, which makes it possible to support all SuperStack II
NETBuilder SI, NETBuilder II, OfficeConnect NETBuilder, and SuperStack NETBuilder
327/527 bridge/routers on the same release of software.

Table 1 lists 3Com

®_

approved vendors of the PC flash memory card.

The 20 MB flash memory card has a formatted capacity of 19.86 MB. For dual
image and full dump capability, 3Com recommends using a 20 MB card.

You can also purchase the blank flash memory card from 3Com:

■

DPE 20 MB card is 3C6086

Table 1 Approved 20 MB Flash Memory Cards

Vendor and Description

Intel Series 2
Intel Series 2+ iMC020FLSP
AMD Series D AmC020DFLKA

Part Number

iMC020FLSA

Approved DRAM SIMMs 11

Approved DRAM
SIMMs

New Features

VPN Features Layer Two Tunneling Protocol

Table 2 lists 3Com–approved vendors of the 32 MB DRAM SIMM for upgrading
the DPE 40 module.

Table 2 3Com–approved DRAM SIMMs

Size
32 MB

72-pin 8Mx32 60 ns page mode

Vendor and Description Part Number

NEC MC428000A32B-60
Toshiba THM328020S-60
Toshiba THM328020B5-60

This section describes new features in software version 11.1 for the
NETBuilder II, SuperStack II, and OfficeConnect NETBuilder bridge/routers.

Layer Two Tunnelling Protocol (L2TP) is a standards-based protocol created from
combining two similar but incompatible proprietary tunneling protocols,
Point-to-Point Tunneling Protocol (PPTP) and L2F (Cisco’s tunneling protocol). L2TP
is primarily used in Virtual Private Networking (VPN) environments and allows the
creation of a tunnel between a remote site and a central site in order to transport
Layer 3 multiprotocol traffic (such as IP, IPX, and AppleTalk) over a public IP
network.

L2TP is a connection-oriented protocol that provides flow control, packet
sequencing, and retransmission capabilities. The transport network of L2TP can be
any packet-oriented network, but for this release, UDP/IP is the supported
transport network type. Similar to a PPTP connection, L2TP puts the data inside a
PPP frame and then encapsulates the frame with a UDP/IP header.

A notable difference between L2TP and PPTP is that PPTP precedes Layer 3 frames
with a GRE header and forwards them to IP via TCP, but L2TP precedes Layer 3
frames with its own protocol header (which looks similar to a GRE header) and
forwards them to IP via UDP.

From a security standpoint, L2TP by itself, like PPTP by itself, does not provide data
encryption, authentication, or integrity functions (other than those that exist with
IP and PPP) that are critical to maintaining VPN privacy. Also, L2TP does not provide
a mechanism for key management. These areas are for further development.

IPX RAS

With this release, the NETBuilder RAS service has been extended to include IPX
RAS support. The IPX RAS functionality implemented is Proxy routing (unlike IP
RAS which can be either LAN Extension or Proxy Routing). The NETBuilder
bridge/router routes IPX traffic between the external IPX network and the internal
“Proxy” IPX network. All the IPX clients share a single Proxy IPX network and sit
logically on the Proxy IPX network. Forwarding IPX traf fic to clients is based on the
Node ID (MAC address) of each client.

UILDER SOFTWARE VERSION 11.1 RELEASE NOTES

NETB

Additional RAS Enhancements

The RAS service has been enhanced in this release to add support for routers
acting as RAS clients. Support was added for the RADIUS attributes
“Framed_Route” and “Framed_Netmask.” Previous releases of software ignored
these attributes when/if the RADIUS server responded with them and provided a
"host" address and subnet mask to all RAS callers.

RAS services have been added to the SuperStack II NETBuilder SI (CF package) and
the NETBuilder II multiprotocol nonencrypted software (DW package).

Extensible Authentication Protocol

The PPP Extensible Authentication Protocol (EAP) is a general protocol for PPP
authentication that supports multiple authentication mechanisms. It is being
included in Windows NT 5.0 and simplifies support of token-based authentication.
This feature supports customers who use token card authentication systems with
NETBuilder bridge/routers as their network access servers. Specifically, only the
following authentication methods are supported:

12

■ MD5-Challenge

■ Generic Token Card

The Default Authentication Protocol parameter for the PPP Service does not
include a configuration option for EAP at the time of the 11.1 release. The
functionality will be available in a patch release for 11.1. Contact your 3Com
support representative for a patch version of the software that allows you to set
this parameter.

DHCP Proxy

During an IPCP negotiation, a remote client may ask for an IP address to be
assigned. The IP address can be obtained either through an internal IP address
pool or from an external DHCP server. To support dynamic IP address assignment
for RAS clients through an external DHCP server, the NETBuilder bridge/router
must act as a proxy agent on behalf of each remote client.

Encryption Strength

New levels of encryption strength and algorithms have been added to this release.
3Com has extended the encryption software to support up to 128 bits. RC5 and
3DES-2key have been added to the IPSEC feature set (MPPE will continue to use
RC4). For this release of 3DES, the key length is limited to up to 128 bits. In
3DES-2key (the implementation for 11.1) the first key is also used for the last key
(first key, second key, first key).

The “strong” encryption software upgrades and hardware ship kits are
recognizable via the 3CR number and the package identifiers.

<

128 bit support packages/kits contain:

■ A package identifier ending in ‘S’ (example, NS)

■ A 3CR number containing/ending in ‘92’ (examples, 3CR856792,

3CR

6452P92FLASH)

New Features 13

< 56 bit support packages/kits contain:

■ A package identifier ending in ‘E’ (example, NE)

■ A 3CR number containing/ending in ‘91’ (examples, 3CR856791,

3CR

6452P91FLASH)

Table 3 contains a summary of the encryption strengths and the associated
package ids.

Table 3 Summary of Encryption Strengths

Encryption Key

Algorithm Package ID

RC4 xE 40

xS 128

RC5 xE 56

xS 128

DES xE 56

xS 56

3DES (2 key) xS 112

Length

New and Enhanced

Protocol Features

RSVP

RSVP is a dynamic quality of service (QoS) setup protocol that enables IPv4-based
real time applications to reserve resources at network nodes along the
sender-to-receiver data path to meet its quality of service requirements. RSVP
monitors and enforces bandwidth reservations for outbound QoS traffic on PPP
and Frame Relay virtual ports. The Phase 1 RSVP message processing engine
conforms to RFC 2205 and its application to Integrated Services as defined in RFC

2210. NETBuilder bridge/router-specific flow admission control, packet
classification, and packet scheduling mechanisms are implemented to provide the
controlled-load QoS control services as specified in RFC 2211. Both IPv4 unicast
and multicast (over DVMRP/MOSPF domains) flows are supported.

This section describes new and enhanced protocol features.

Virtual Router Redundancy Protocol (VRRP) Phase 2

The Virtual Router Redundancy Protocol (VRRP) is designed to eliminate the single
point of failure inherent in the static default routed environment. VRRP specifies
an election protocol that dynamically assigns responsibility for a virtual router to
one of the VRRP routers on a LAN. This is the second phase of VRRP. This phase
adds FDDI to the currently supported media (Ethernet and Fast Ethernet). Phase II
(similar to the initial implementation) will not support source route for VRRP
advertisements (that is, the VRRP routers that belong to the same VRID cannot be
separated by source route bridges.)

Virtual Circuit Prioritization

Frame Relay Virtual Circuit Prioritization extends the current queue handling
capabilities of PPP ports to Frame Relay virtual circuits. The FR virtual circuit can be
either a FR virtual port or a virtual circuit associated only with the parent port. All

14 NETBUILDER SOFTWARE VERSION 11.1 RELEASE NOTES

of the queue policies, Priority Queuing, and Protocol Reservation are supported. In
addition to the currently supported policies, a metering algorithm has been added.
If the queue handler detects that the underlying bandwidth exceeds a certain
threshold specified, then the queueing and metering functions are effectively
bypassed and packets are transmitted directly without queuing. This optimizes
high-speed interfaces in which the customer assumes that everything presented to
the interface can be transmitted without going through the prioritization or
metering processing and without much fear of packet loss.

Firewall Enhancements

The recent enormous growth in the Internet has increased the security risks to
corporate and government networks. The existing Firewall Service has been
enhanced to support more predefined filters for popular applications, to allow you
to create your own filter definitions, and to combine noncontiguous IP addresses
into named groups to which firewall policies may be applied.

Firewall enhancements include:

■ Predefined service filters for multimedia applications such as Real Networks’

RealPlayer.

■ The ability to define a service and group of IP addresses.

■ Support for traceroute.

■ Additional predefined service filters.

■ Secure HTTP

■ BGP-4

■ Finger

■ Whois

■ SOCKS

■ DNS client-to-server.

■ IPSEC support for Encapsulated Security Payload (ESP) headers and

Authentication Headers (AH).

IP Version 6 (Phase II)

IPv6 Phase II features include the BGP-4 multiprotocol extensions for IPv6
inter-domain routing plus native IPv6 routing over PPP and point-to-point ATM
PVCs.

BGP-4 Enhancements

Enhancements have been incorporated that address the scaling issues with the
current BGP implementation. The new implementation also includes BGP-4+
features. BGP-4+ is an extension to the existing BGP protocol for handling
multiprotocol routing. For example, it enables interdomain routing of IPv4
multicast, IPv6 unicast, and IPv6 multicast network layers. The following network
layer reachability information attributes are implemented:

■ Multiprotocol Reachable NLRI

■ Multiprotocol Unreachable NLRI

New Features 15

OSPF Not-So-Stubby-Area (NSSA)

For inter-area routing, the Area Border Router (the only attachment to the
backbone for leaf sites) advertised a default route. However, when fairly complex
leaf sites are connected to the backbone via a Stub Area, inter-area routing into
and out of the leaf site is not optimal with only a default route. RFC 1587
proposes a new kind of area known as NSSA (Not-So-Stubby-Ar ea) to addr ess this
problem. NETBuilder software version 11.1 implements this new functionality.

Frame Relay PVC Q.933 Support

ITU Q.933 Annex A Frame Relay PVC signaling is the latest defined by ITU that
supports asynchronous bidirectional PVC control procedure. With the
implementation of this new signaling standard, you can signal the network for the
activation or deactivation of individual PVCs. Additionally, you can query the
network regarding the operational status of the PVC. Q.933 Annex A is a super set
of the existing LMI supported in the NETBuilder bridge/router platforms.

Data Over Voice (B-Channel ISDN Specification)

This feature enables the bridge/router to initiate an ISDN 56 Kbps data call over
the ISDN voice bearer channel. Connection at the remote end must be able to
accept the incoming call and supply the proper signal to disable echo suppressors.
This feature is sometimes referred to as Switched 56 Permissive mode or TollSaver.
See “Placing a Data Over Voice Call” on page 17 for brief description of how to
use this feature.

System Features This release implements the following general system features.

Boundary Router Remote LAN Detection

Central site support of Boundary Routing Architecture has been enhanced to
detect the LAN media type of the connected remote boundary routers.

MBRI Digi64S2 Support

This release implements the German dual point-to-point leased line switch
specification Digi64S2, on the NETBuilder II bridge/router 8-port BRI Module.
Digi64S2 was implemented in prior releases of the OfficeConnect NETBuilder
bridge/router and SuperStack II NETBuilder SI bridge/router product lines
containing ISDN interfaces. This feature allows each ISDN port on the NETBuilder
to be connected to either the same or different r emote node locations as a leased
line. See “Digi64S2” on page 18 for a brief description of how to use this feature.

Legacy/ATM Features This software release implements the following legacy and ATM features.

Multiprotocol over ATM (MPOA)

An ATM network can be divided into multiple logical internet subnets (LISs) or
emulated LANs (ELANs), which requires that all ELAN traffic go through routers
that are connected to the ELANs. The NETBuilder II bridge/router in a LAN
emulation topology is used to perform the routing between the ELANs in which
the NETBuilder II bridge/router has joined. On a large site, it is quite likely that
there would be two or more routers on the data path between the edge devices. If

16 NETBUILDER SOFTWARE VERSION 11.1 RELEASE NOTES

the two edge devices are both physically attached to the same ATM network
fabric, then the edge devices should be able to communicate directly with each
other, bypassing one or more intermediate routers in the data path.

Multiprotocol Over ATM (MPOA) is used to bypass the intermediate routers. It
allows the edge devices to resolve their ATM address and setup the short-cut
connections between each other. MPOA consists of the MPOA server (co-located
with routers) and the MPOA client (co-located with edge devices). The NETBuilder
II bridge/router serves as an MPOA server, which provides the information required
by MPOA clients (edge devices) to setup the short-cut connections.

Token Ring in Fast Ethernet (TIFE)

Token Ring in Fast Ethernet (TIFE) is a method for tunneling token ring frames,
including source route information, through a Fast Ethernet network. For
customers with an existing token ring infrastructure, TIFE provides a gradual
migration path to an Ethernet LAN, preserving the investment in capital
equipment and source route sensitive applications. For the NETBuilder
bridge/router, TIFE provides a means to support token ring media without
requiring a token ring interface. In addition, the 802.1Q VLAN support required
for TIFE allows the routing protocols to access Ethernet and Fast Ethernet VLANs.
(VLAN over FDDI or token ring is not supported with this release.)

Network Management

Features

This release adds the following new network management features.

ASCII Boot

The ASCII LoadConfigs feature on the NETBuilder bridge/router has been
expanded to provide a way for an ASCII text file to be executed automatically
when the router is booted. Along with this new functionality, a new Transcend

®

Network Application Tool (available Fall 1998) called NETBuilder Configurator, will
provide an easy mechanism for setting up multiple routers to use the ASCII boot
feature. NETBuilder Configurator will provide a straightforward spreadsheet GUI
interface for you to build and deploy ASCII text files based on custom made
templates.

The ASCII boot feature simplifies the management of a network allowing you to
mange the configuration of your own router with a single ASCII text configuration
file.

56/64K CSU/DSU External Loopback

OfficeConnect NETBuilder and SuperStack II SI NETBuilder bridge/router platforms
with a CSU/DSU option installed have a new remote loopback capability. The
remote loopback functions include Remote CSU Loopback and Remote DSU
Loopback. The Remote Loopback can be started/terminated via SNMP. The
Remote initiated Local V54 loopback has the same functionality as the existing
V54 Loopback from the console.

NETBuilder Web Link Improvements

The NETBuilder Web Link application has been improved to include the following
enhancements:

New Features Application Notes 17

■ Improved error handling

■ Help frame resizing now persists across page changes

■ A logout icon for improved security

■ Port list support

■ Support for user-level password changing

Upgrade Management Utilities and NETBuilder Upgrade Link

The remote upgrade process consists of providing customers with a reliable, easy,
and clearly defined way of upgrading their NETBuilder bridge/routers to a newer
version of software and/or firmware. The following changes have been
implemented in this release:

■ Default support for upgrades from 8.x, 9.x, 10.x, or 11.0 to version 11.1

■ Support for FTP file transfers

■ Named backup and restores

■ Improved Upgrade Link user interface with the following:

New Features
Application Notes

■ FTP file transfers

■ Stage control

■ Ability to delete old packages

■ Ability to run in client/server mode

See “NETBuilder Upgrade Management Utilities” on page 30 for more
information and Upgrading NETBuilder Family Software for Upgrade Link
operating instructions.

Flash Load

The prior (software versions 11.0 and earlier) flash load process was limited to
formatting the on-board Flash PROM file storage and copying the bundle image to
the firmware and the NETBuilder core boot file onto the file system. With the
introduction of Web, this process needed to be modified to include flash copying
all the appropriate Web Link files as well. This feature allows for multiple file
loading support with the flash load command. This functionality is limited to the
OfficeConnect NETBuilder and SuperStack II SI NETBuilder bridge/router platforms.

This section provides application notes for the following features:

■ Data over Voice (B-Channel ISDN Specification)

Placing a Data Over

Voice Call

■ Digi64S2

■ ASCII Boot

In many areas, voice calls over ISDN are charged at a lower rate than data calls.
This release of software allows you to specify that calls to a given number be
established as voice calls. This feature is sometimes referred to as a TollSaver
capability. Telephone companies often refer to this type of call as Switched 56
Permissive. The answering device must be capable of generating the 2.1KHz tone

18 NETBUILDER SOFTWARE VERSION 11.1 RELEASE NOTES

needed to disable any echo cancellers on the line. Consult with the owner of the
destination equipment to see whether it has this capability.

In order to configure this feature, you must define the DialNoList entry with a type
of BriV, by entering:

ADD !<port> -POrt DialNoList "<phone number>" Type=BriV

The Baud specifier in the ADD command, although not disallowed, is ignored if
present. Data sent over the B channel will only be sent at 56 Kbps.

Example

To place a data over voice call on port 2 to an ISP with the phone number
453-4444, enter:

ADD !2 -POrt DialNoList “4534444” Type=BriV
DIal !2

Digi64S2 There are two ISDN leased line linetypes for ISDN lease lines in Germany: Digi64S

and Digi64S2. Digi64S can run only on the B1 channel, but Digi64S2 can run on
both the B1 and the B2 channels.

1 To enable the Digi64S2 feature, first set the linetype parameter to Digi64S2. Type:

SETDefault !2.1 -PAth LineType = Digi64S2 ( abbreviated d64s2 )
SETDefault !2.2 -PAth LineType = Digi64S2

2 Toggle the respective paths. Type:

SETDefault !2.1 -PAth cont=e
SETDefault !2.2 -PAth cont=e

Path 2.1 is mapped to the B1 channel and path 2.2 is mapped to the B2 channel.
This mapping is not interchangeable.

If one of the paths is set to Digi64S2, the path in the same connector line is also
set to Digi64S2. Mixtures of line types within a single connector are not
supported.

3 On systems using the HSS 8 port BRI module, make the paths static before you

change the line type.

SETDefault !2e.1 -PAth DialCONTrol=STAtic
SETDefault !2e.2 -PAth DialCONTrol=STAtic
ADD !2e.1 -POrt PAth 2e.1
ADD !2e.2 -POrt PAth 2e.2
SETDefault !2e.1 -PAth LineType=Digi64s2 CONTrol=e
SETDefault !2e.2 -PAth LineType=Digi64s2 CONTrol=e

ASCII Boot The LoadConfigs function has been enhanced to provide a way to maintain the

configuration of the router in a single ASCII text file. During router initialization,
the old configuration is deleted, and the router is reconfigured from scratch by
executing an ASCII text file. This feature is invoked by setting up the ASCII text file
in the configuration directory with the name BOOT.CFG.

New Features Application Notes 19

WARNING: For network security, do not include security sensitive information
such as passwords. The ASCII text file is not encyrpted, which means the
passwords are readable by anyone who has access to the file.

When the router is booted and the BOOT.CFG file is detected in the configuration
directory, all existing configuration files (except CCSMACRO and IOXM) in the
configuration directory are deleted. The configuration commands in the
BOOT.CFG file are then executed. If a configuration command fails to execute
successfully , it does not stop, but continues with the next confi guration command.
Just as when you enter a configuration command on the command line, new
encoded configuration files are created. As long as the file BOOT.CFG is detected
in the configuration directory, this operation is repeated every time the router is
rebooted.

To suspend this operation and use the encoded configuration files when the router
is rebooted, the BOOT.CFG file can be renamed (ReName command is now
supported by LoadConfigs) as the last command in the BOOT.CFG file.

To minimize the impact of executing configuration commands at boot time, the
configuration commands are not displayed. However, as with normal LoadConfigs
operations, a log file is created, which contains the configuration commands that
were executed along with any comments from the BOOT.CFG file and system
messages that may have been generated.

If the router has intelligent I/O modules (6 port Ethernet, ATM module, Multiport
BRI modules), they are loaded before any of the commands are executed. The
"System Initialized and Running" message is not displayed (that is, no user
interaction is possible) until after all of the commands in the BOOT.CFG file have
executed. If the ASCII boot feature has been invoked, a message appears as part
of the SysconF command Boot Statistics information to indicate this.

Configuration changes executed after the router is booted are not automatically
captured in the BOOT.CFG file and would be lost if the router was rebooted. Also,
the execution of the ASCII boot feature does not affect any macr os that have been
defined or the SysconF configuration.

After booting with the boot.cfg file, any changes made to the device via telnet,
console, SNMP, or web interface are not saved to the boot.cfg file. It is
recommended that you make all changes in the boot.cfg file directly.

20 NETBUILDER SOFTWARE VERSION 11.1 RELEASE NOTES

11.1 Software
Packages

The tables in this section list the features in the packages available in software
version 11.1 for the NETBuilder bridge/router platforms.

NETBuilder II Table 4 lists the software features of each package for NETBuilder II bridge/routers.

Table 4 NETBuilder II Software Features

Software Package

APPN/Connection
Services (AC)

Feature

Bridging X X X X
Boundary Routing® central node X X X X

Routing Protocols

IPv4 X X X X
IPv6 X X X
IP services:

Multicast IP X X X X
OSPF X X X X
Network Address

Translation (NAT)
BGP X X X
VRRP X X X X
DHCP X X X X
DHCP Proxy X X X X
RIP/RIP v2/NTP X X X X
IP connection services X
RSVP X X X X

IP security:

IPsec X X
DES X X
3DES X
RC5 X X
MPPE/RC4 X X
MS-CHAP X X X
Firewall X X X X
RAS X X X

IPX RAS X X X
RAS Traps X X X
IPX X X X X
XNS X X X X
OSI X X X X

OSI connection services X
VINES X X X
DECnet X X X
AppleTalk X X X X

WAN Protocols

PPP/Multilink PPP X X X X
PPTP X X X X
L2TP X X X X
EAP X X X

X X X X

Multiprotocol Router (DW)

Multiprotocol
Router with 56-bit
Encryption (DE)

Multiprotocol Router
with 128-bit
Encryption (DS)

11.1 Software Packages 21

Table 4 NETBuilder II Software Features (continued)

Software Package

APPN/Connection
Services (AC)

Feature

Frame Relay X X X X
SMDS X X X X
X.25 X X X X
X.25 switching/tunneling X X X X

IBM Protocols

APPN X
DLSw X X X X
BRITSS X X X X
LAA X X X X
LNM X X X X
Polled ASYNC/

BISYNC Passthrough
NetView Service Point X X X
SDLC X X X X
SHDLC X X X X
BSC conversion X X X
QLLC/LLC2 conversion X X X

Other Features

FTP X X X X
Data over Voice
MPOA X X X X
ASCII Boot X X X X
Zmodem X X X X
Dial-on-demand X X X X
Web Link X X X X
Virtual Ports (512 max.) X X X X
ISDN X X X X
TIFE X X X X

X X X X

Multiprotocol Router (DW)

Multiprotocol
Router with 56-bit
Encryption (DE)

Multiprotocol Router
with 128-bit
Encryption (DS)

NETBuilder II Firmware Requirements

The NETBuilder II I/O modules require firmware upgrades to support the
NETBuilder software version 11.1 (see Table 5 for firmware requirements).

You can determine your I/O module firmware version through the software by
entering:

SHow -SYS IOI

Table 5 NETBuilder II Firmware Requirements

Module 11.1 Firmware Version Strings

DPE FW/DPE-BOOT1,1.4

FW/DPE-BOOT2,1.4
MP 6-port Ethernet FW/6ETH-FW,1.4.0.70
Fast Ethernet 100Base FW/ETH100-FW,1.9
BRI 8-port FW/8BRI-FW,1.2
MP ATMLink FW/ATM-FW,1.1.0.70

22 NETBUILDER SOFTWARE VERSION 11.1 RELEASE NOTES

Table 5 NETBuilder II Firmware Requirements

Module 11.1 Firmware Version Strings

HSS 3-port (V.35) FW/HSS3-V35,1.1.9
HSS 3-port (RS449) FW/HSS3-449,1.1.9
HSS 3-port (RS232) FW/HSS3-232,1.1.9
HSS 4-port FW/4PORTWAN-FW,1.2

SuperStack II SI Table 6 lists the software features of each package for SuperStack II SI

bridge/routers.

Table 6 SuperStack II NETBuilder SI Software Features

Model and Software Package

432, 442,
432, 442,
452, 462,

432, 442,
452, 462,
532, 542,
552, 562

IP/IPX/AT
Router

Feature

Bridging X X X X X X X X
Boundary Routing® central

node
Boundary Routing leaf node X

Routing Protocols

IPv4 X X X X X X X
IP services:

Multicast IP X X X X X X X
OSPF X X X X X X X
Network Address

Translation (NAT)
BGP
VRRP X X X X X X X
DHCP X X X X X X X
DHCP Proxy X X X X X X X
RIP/RIP v2/NTP X X X X X X X X
IPCP X X X X X X X
IP connection services X

IP security:

IPsec X X X X
DES X X X X
3DES X X
RC5 X X X X
MPPE/RC4 X X X X
MS-CHAP X X X X X X
Firewall X X X X X X X
RAS X X X X X
IPX RAS X X X X X

(NW)

532, 542,
552, 562

IP/IPX/AT
Router
with 56-bit
Encryption
(NE)

X X X X X X X

452, 462,

532, 542,

552, 562

IP/IPX/AT

Router

with

128-bit

Encryption

(NS)

431, 441,
451, 461

Boundary
Router
(BF)

437, 447,
457, 467,
537, 547,
557, 567

Multi­protocol
Router
(CF)

437, 447,
457, 467,
537, 547,
557, 567

Multi­protocol
Router with
56-bit
Encryption
(CE)

X X X

437, 447,
457, 467,
537, 547,
557, 567

Multi­protocol
Router with
128-bit
Encryption
(CS)

438, 448,
458, 468

APPN/
Connection
Services
(AX)

11.1 Software Packages 23

Table 6 SuperStack II NETBuilder SI Software Features (continued)

Model and Software Package

Feature

432, 442,
452, 462,
532, 542,
552, 562

IP/IPX/AT
Router
(NW)

432, 442,
452, 462,
532, 542,
552, 562

IP/IPX/AT
Router
with 56-bit
Encryption
(NE)

432, 442,
452, 462,
532, 542,
552, 562

IP/IPX/AT
Router
with
128-bit
Encryption
(NS)

431, 441,
451, 461

Boundary
Router
(BF)

437, 447,
457, 467,
537, 547,
557, 567

Multi­protocol
Router
(CF)

437, 447,
457, 467,
537, 547,
557, 567

Multi­protocol
Router with
56-bit
Encryption
(CE)

437, 447,
457, 467,
537, 547,
557, 567

Multi­protocol
Router with
128-bit
Encryption

(CS)
RAS Traps X X X X X
IPX X X X X X X X
XNS X X X X
OSI X X X X

OSI connection

services
VINES X X X
DECnet X X X
AppleTalk X X X X X X X
BR Remote LAN Detection X

WAN Protocols

PPP/Multilink PPP X X X X X X X X
PPTP X X X X X X X
L2TP X X X X X X X
EAP X X X X X
Frame Relay X X X X X X X X
SMDS X X X X X X
X.25 X X X X X X X X
X.25 switching/tunneling X X X X X X X

IBM Protocols

APPN X
DLSw X X X X X
BRITSS X X X X X
LAA X X X X X X X X
NetView Service Point X X X
Polled ASYNC/

X X X X X

BISYNC Passthrough
SDLC X X X X X
SHDLC X X X X X
BSC conversion X X X
QLLC/LLC2 conversion X X X X X

Other Features

Data over Voice X X X X X X X X
CSU/DSU Loopback X X X X X X X
FTP X X X X X X X X
Zmodem X X X X X X X X
Dial-on-demand X X X X X X X X
Web Link X X X X X X X X
ASCII BOOT X X X X X X X X
TIFE X X X X X X X X

438, 448,
458, 468

APPN/
Connection
Services
(AX)

X