Cabletron Systems CSX1000, CSX1200 User Manual

Download

WORKGROUP

REMOTE ACCESS SWITCH

USER’S GUIDE

Release 7.2

Cabletron Systems

(603) 332-9400 phone (603) 337-3075 fax support@ctron.com

USER’S GUIDE

CAUTION

NOTICE

You may post this document on a network server for public use as long as no modifications are ma de to th e do cu ment.

Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made.

The hardware, firmware, or software described in this manual is subject to change without notice.

IN NO EVENT SHALL CABLETRON SYSTEMS BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF OR RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT, EVEN IF CABLETRON SYSTEMS HAS BEEN ADVISED OF, KNOWN, OR SHOULD HAVE KNOWN, THE POSSIBILITY OF SUCH DAMAGES.

Only qualified personnel should pe rform installation procedures.

Cabletron Systems, Inc. P.O. Box 5005 Rochester, NH 03866-500 5

Order Number: 9032187-02

VIRU S D ISCLAIMER

Cabletron Systems has tested its software with current virus checking technologies. H owev er, because no anti-virus sy stem is 100% rel iable, we strongly cauti on you to wr ite pro tect and th en verif y that th e Licen sed Sof tware, pr ior to installing it, is virus-free with an anti-viru s system in which yo u have confi denc e.

Cabletron Systems makes no representations or warranties to the effec t that t he Licensed Software is virus-free.

2 CyberSWITCH

TRADEMARKS

Cabletron Systems, CyberSWITCH, MMAC-Plus, SmartSWITCH, SPECTRUM, and SecureFast Virtual Remote Access Manager are trademarks of Cabletron Systems, Inc.

All other product names m entioned in this manual are tradema rks or registered trademarks of their re sp e ctive companies.

COPYRIGHTS

All of the code for this product is copyright ed by Cable tron System s , Inc.

Portio ns of the code for this p roduct are co pyrighted by the follow ing corpor ations:

Stac El e c tronics Stac Electronics 1993, including one or more U.S. Patents No. 4701745, 5016009, 5126739 and 5146221 and other pending patents.

FCC NOTICE

This device complies with Part 15 of the FCC r ules. Operation is subject to the following two conditions: (1) this de vice m a y no t caus e ha r mful interference, and (2) this device must accept any int erference received, includ ing interference that may caus e undesired op e ra ti on.

NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment uses, generates, and can radiate radio frequency energy and if not installed in accordance with the operator’s manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause interference in which case the user will be required to correct the interference at his own expense.

Workgroup Remote Access Switch 3

USER’S GUIDE

WARNING : Changes or modific ations made to this d evice wh ich ar e not expr essly

approved by the party responsible for compliance could void the user’s authority to operate the equipment.

DOC NOTICE

This digital apparatus do es not exceed the Class A limits for radio no ise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications.

Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la class A prescrites dans le Règlement sur le brouillage radioélectrique édicté par le ministère des Communicatio ns du Cana d a.

VCCI NOTICE

This is a Class 1 product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If th is equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions.

CABLETRON SYSTEMS, INC. PROGRAM LICENSE AGREEMENT

IMPORTANT: Before utilizing this product, carefully read this License Agreement.

This document is an agreement between you, the end user, and Cabletron Systems, Inc. ("Cabletron") that sets forth your rights and obligations with respect to the Cabletron software program (the "Program") contained in this package. The Progra m may be contai ned in fi rmware, ch ips or ot her media. BY UTILIZ ING THE ENCLOSED PRODUCT, YOU ARE AGREEING TO BECOME BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE AND THE LIMITATION OF WA RRANTY A ND DISCLAIMER O F LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, PROMPTLY RETURN THE UNUSED PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND.

4 CyberSWITCH

Using this Guide 23

Documentation Set 24 Guide Conventions 25

SYSTEM OVERVIEW 26

The CyberSW ITCH 27

The Cybe rS W I TC H Ne t w or k 27 Unique System Featur es 28 Interoperability Overv iew 30

Interoperability Protocols 30

Interoperability Devices 31 Security Overview 32 Network Interface Overview 32 System Compon e nts 33 Remote ISDN Devices 34 Switches Supported 35

Hardware Overvi ew 36

Safety Considerations 36 System Platforms 37

The CSX1000 and NE Link 1000 (a Network Express Product) 37

Platform Descri p tio n 3 8 System Characteristics 40

The CSX1200 42

Platform Descri p tio n 4 3 System Characteristics 43

Cabling Information 44

LAN Acces s 44 Back-to-Back Setup 45 WAN Acces s 46 Administration Console Access 47

System Modules 48

The CSX1200-E11-MOD 48

The CSX1200-U4-MOD 50

Software Overview 51

Overview 51 System software 51 System Files 51

Configuration Files 51

Operational Files 52

User Level Security Files 53

Workgroup Remote Access Switch 5

USER’S GUIDE

SYSTEM INSTALLATION 54

Orderi n g IS DN Service (U S On ly ) 56

Overview 56 Orde ring NI-1 Lines Using EZ-ISDN Codes 56 Orde ring NI-1 Lines Using NI-1 ISDN Ordering Co des 56 Ordering BRI ISDN Lines using Provisioning Settings 56

Provisioning Settings for AT&T 5ESS Switches 57

AT&T 5ESS NI-1 Service 58 AT&T 5ESS Custom Point-to-Point Service 59

Provision Sett ings for Northern Telecom DMS-100 Switches 60

Northern Telecom DMS100 NI-1 Service 60 Northern Telecom DMS100 Custom Service 61

Basic Inf o rm a tio n f or Ord e ring PRI ISDN Li nes 61

Hardware Installat ion 63

Pre-Installation Requirements 63 Installing the CSX1200-E11-MOD 64 Installing the CSX1200-U4-MOD 65

Cabling 66

Accessing the CyberSWITCH 67

Overview 67 Making Connections 67

Direct Co nne ction 67

Null-Modem Connection to a PC 67

Chan g i n g th e B a u d Rate 68 Remote Connec tion using Telnet 69 Remote Connection using a Modem 69

Establishing an Administration Session 70 Powering On 70 Accessing th e Re lease Notes 72

Upgrading System Software 73

Overview 73 Upgrading Software 73

CD File Structure 73 Local Software Upgrade 76

Local Upgrade of the Second Stage Boot (SSB) 76

Local Upgrade of the Operational Software (OSW) 77 Remote Software Upgrade 77

Remote Upgrade of the Second Stage Boot (SSB) 78

Remote Upgrade of the Operational Software (OSW) 79

Chan g e De faults to Se c u re S y stem 80 Return Conf iguration to Factory Defau lts 81 Accessing th e Re lease Notes 81

6 CyberSWITCH

BASIC CONFIGURATION 82

Configuration Tools 83

Overview 83 CFGEDI T 83

Executing CFG EDIT 83 Saving CFGEDIT Changes 84

Dynamic Management 84

Executing Dynamic Management 84 Utility Dynamic Management Commands 85 Saving Dynamic Managem e n t Changes 85

Default Configuration 86 Using the Network Worksheets 86 Using the Configuration Chap ters 87

Configuring Resources and Lines 88

Overview 88 Resources 88

Configuring Resour ces 88 Resource Configuration Elements 90 Resource B ackground Information 90

Lines 92

Configuring Line s 92

Configuring a Line for a BRI Resource 92

Configuring Changes for a COM M P O RT Res ou rc e 92

Configuring a Line for a PRI Resource 93 Line Configuration Elements 94 Line Background Information 98

Subaddresses 99

Configuring a Subaddress 99 Subaddress Configuration Elements 99 Subaddresses Background Information 99

Configuring Basic Bridging 100

Overview 100 MAC Layer Bridging Option 100

Enabling/Disabling Bridging 100 MAC Layer Bridging Configuration Elements 100 MAC Layer Bridging Background Info rma tion 101

Configuring Basic IP Rou ting 102

Overview 102 Interne t P rotocol (IP) Option 102

Enabling IP 102 IP Option Configurati on Elements 103 IP Background Information 103

IP Operating Mode 103

Configuring the IP Operating Mode 103 IP Operating Mode Configuration Elements 104 IP Operating Mode Background Information 104

Workgroup Remote Access Switch 7

USER’S GUIDE

IP Network Interf aces 105

Configuring Interfaces 105 Network Interface Configuration Elements 107 IP Network Inte rface Background Inform ation 112

IP RIP and the IP Network Interfaces 117

IP RIP over Dedicated Connections 120

IP Host Operating Mode and the IP Network Interfaces 122

Using Multiple IP Addres ses 122

Static Routes 124

Configuring Static Routes 124 Static Route Configurati on Elements 126 Static Route Background Information 128

Default Routes 129

Configuring Default Routes 129 Default Route Configuration Elements 129

Routing Information Protocol (RIP) Option 130

Enabling/Disabling IP RIP 130 IP RIP Configuration Elemen ts 131 IP RIP Background Information 131

SECURITY 132

Security Overview 133

Overview 133 Security Level 133 Syste m Options and I nf ormati o n 13 4 Device Level Databases 134 User Level Databases 135 Off-node Server Information 135 Network Login Information 135

Configuring Security Level 136

Overview 136 No Security 138

Configuring No Secur ity 138

Device Level Security 139

Configuring Device Level Security 139 Device Level Security Backgr ound Info rma ti on 139

Overvie w of Device Authe ntication Pr ocess 140

User Level Security 140

Configuring User Lev e l Securit y 140 User Level Security Backgr ou nd Info rma tion 140

Authentication Using a Security Token Card 141

System Requirements 142

Authenti cation Process with User Level Security 143

Device and User Level Security 144

Configuring Device an d Us er Level S ecur ity 14 4 Device and User Level Backgroun d In formation 145

8 CyberSWITCH

Configuring System Options and Information 146

Overview 146 System Options 146

Configuring System Options 146 Syste m Options Confi g uration El e m e n t s 147 System Options Background Information 149

System Information 150

Configuring Syst em Information 150 System Information Configuration Elements 150 System Information Background Information 151

Administ rative Session 151

Configuring Administrative Sessions 151 Administrativ e Sessio n Conf igur ation Ele m ent s 152 Administrative Session Background In formation 153

Alterna tive Database Location Background Inf o rmation 153

Session Inactiv i ty Background Information 153

Number of Administrative Telnet Sess ions Background Information 153

Telnet Server TCP Port Number Background Information 153

Emergency Telnet Server Port Number Background Information 154

Configuring Device Level Databas e s 15 5

Overview 155 On-node Devi ce Database 155

Configuring an On-node Device Database 155

On-node Device Entries 156

Configuring On-node Device Entries 156 On-node Dev ice Database Con f iguration El ements 163

General Configuration Ele m ent s 163

ISDN Configuration Elements 163

Frame Relay Access Configur ation Ele m ent s 165

X.25 Access Configur ation Elements 165

Authentication Configuration Elements 165

IP Information Configuration Elements 167

IPX Information Configur ation Elements 167

AppleTalk Information Configuration Elements 168

Bridge Information Co nfiguration Elements 169

Compression Configuration Elements 170 On-node Device Database Bac k ground Informat ion 170

On-node Dev ice Database Se cu rity Requirements 170

Off-node Device Database Location 174

Configuring Off-node Device Database Location 174 Off-node Device Database Location Configuration Elements 175 Off-node Device Database Location Background Information 175

Configuring User Level Databases 176

Overview 176 User Le vel Auth e nticati o n D a ta b a s e Lo c ation 176

Configuring Authentication Database Location 176 User Level Authen tica tion Datab as e Loc ation Co nfigur a tion Ele me nt s 177 User Level Authentication Database Location Background Inform ation 177

Workgroup Remote Access Switch 9

USER’S GUIDE

Configuring Off-node Server Information 178

Overview 178

Multiple Administration Login Names 178

VRA Manager Authentication Serve r 179

Configuring VRA Manager Authentication Server 179 VRA Manager Authentication Serve r Configuratio n Elements 180 VRA Manager Authentication Server Background Informati on 180

RADIUS Authe ntication Server 180

Configuring a RADIUS Authentication Server 180 RADIUS Authentication Se rver Configuration Elements 182 RADIUS Authentication Server Backgrou nd Information 182

TACACS Authenti cation Server 183

Configuring a TACACS Authentication Server 183 TACACS Authentication Server Configuration Elements 184 TACACS Authentication Server Background Informati on 184

ACE Authentication Server 185

Configuring an ACE Authenti cation Server 185

Alternate Method of Configurati on 186 ACE Authentication Server Configuration Elements 186 ACE Authentication Server Background Information 187

Configuring Network Login Infor mation 188

Overview 188 Network Login General Configuration 188

Configuring General Network Login Information 188 Network Login General Configuration Background Information 189

Network Login Banners 190

Configuring Netw ork Lo gin Banner s 190 Network Login Banners Background Information 190

Configuring RADIU S Serve r Login Info rma tion 191 Login Configuration Specific to RADIUS Server Background Information 192

Configuring TACACS Server Login Information 192 Login Configuration Specif i c to TACAC S Serve r Backg round Information 194

ADVANCED CONFIGURATION 195

Configuring Alternate Accesses 196

Overview 196 Dedi ca te d Access e s 1 9 6

Configuring a Dedicat ed Acc es s 196 Dedicated Access Config uration Elem ents 1 96 Dedicated Access Background Information 197

X.25 Accesses 198

Configuring an X.25 Ac cess 198

Basic Configuration Inf orm a tion 198

LAPB Configura tion Info rma tion 1 99

X.25 Configuration Information 199

Permanent Virtual Circuit Information 201

10 CyberSWITCH

X.25 Configuratio n Elements 201

X.25 Line Configuration Elements 201

LAPB Configuration Elements 202

X.25 Access Configur ation Elements 203

PVC Configuration Elements 206 X.25 Access Background Inf orm ation 207

Current X.25 Restrictions 209

Frame Relay Accesses 209

Configurin g a Frame Relay Access 209

Configuring General Ac ces s Informa tion 209

Configuring a PVC 210 Frame Relay General Configuration Elements 211 Frame Relay PVC Configuration Elements 212 Frame Relay Access Background Information 214

The Local Manageme nt Interface Overview 215

Data Rate Control Overview 215

Congestion Control Overview 216

Curren t Re strictions 216

Configuring Advanced Bridgin g 21 8

Overview 218 Bridge Dial Out 218

Configuring the Device List for Bridge Dial Out 219

Spanning Tr ee Protocol 220

Configuring Spanning Tree Protocol 220 Spanning Tree Protocol Co nfigura tion Elem e nts 220

Bridge Mode of Operation 220

Configuring the Bridge Mode of Operation 220 Bridge Mode of Opera tion Co nfigu ra tion Elem ent s 220 Bridge Mode of Operation Background Infor matio n 221

Unrestricted Bridge Mode 221

Restricted Bridge Mode 221

Bridge Filters 222

Configuring Bridge Filters 222 Bridge Filter Configur atio n Elem ent s 224

Protocol Definition Configuration Elements 224

Bridge Filter Configur atio n Elem ent s 224 Bridge Filters Backgrou nd Info rma tion 225

Protocol Definition s 226

Bridge Filter Definitions 227

Dial Out Using Bridge Filters 233

Example: Bridge Dial Out Using a Destina tion MAC Add ress Filter 233

Known Connect List 235

Configuring the Known Co nnec t List 235

Using CFGEDIT 23 5 Known Connect List Configur ation Ele m ent s 236 Known Connect List Back ground Infor matio n 236

Workgroup Remote Access Switch 11

USER’S GUIDE

Configur in g A dva n c ed IP Ro uting 237

Overview 237 Static ARP Table Entries 238

Configuring Static AR P Table Entries 238 Static ARP Table Entries Conf igur ation Elements 238 Static ARP Table Entries Backgroun d Infor m ation 238

The Isolate d M ode 239

Configuring the Isolate d Mode 239 Isolated Mode Configuration Elements 239 Isolated Mode Backgroun d In formation 239

Static Route Lookup via RADIUS 239

Configuring Stati c Route Lookup via RADIUS 239 Static Route via RADIUS Configuration Elements 240 Static Route Lookup via RADIUS Background Information 240

IP Address Pool 240

Configuring an IP Address Pool 240 IP Address Pool Configuration Elements 240 IP Address Pool Background Information 241

IP Filters 241

Initiating the IP Filter Configuration 241 Configuring Packet Types 242

Configuring the Comm on IP Portio n 243

Configuring TCP 244

Configuring UDP 244

Configuring ICMP 245 Configuring Forward ing Filt ers 246 Configuring Connection Filters 247

Using CFGEDIT 24 7 Configuring Exception Filter 248

Modifying the Final Condition for a Filter 249 Applying Filters 249

Applying Filters to Network Interfaces 249

Applying the Global Forwarding Filter 249

Applying per-device Forwarding Filters 249 IP Filters Configuration Elements 250 IP Filters Background Information 251

Filter Compositio n 252

Types of Filters 252

Role of Filters in the IP Processing Flow 253

Packet Types 254 Limitations 255 Example of an IP Filter Configuration 256

DHCP Relay Agent 258

Configuring a DHCP Relay Agent 258 DHCP Configuration Elements 259 DHCP Background Information 259

DHCP/BOOTP Relay Agen t Env ironm ent s 259

Example DHCP Configurations 261

DHCP Proxy Client 265

Configuring the DHCP Proxy Client 265 DHCP Configuration Elements and Background Information 266

Sample Configuration: IP Router with DHCP Proxy Client 267

12 CyberSWITCH

Configuring IPX 269

Overview 269 Configuring IPX Information 270 IPX Routing Op tion 271

Enabling/Disabling IPX 271 IPX Option Configuration Element 271 IPX Option Background Information 272

IPX Internal Network Number 272

Configuring the IPX Internal Network Number 272 IPX Internal Network Number Configuration Element 272 IPX Network Number Background Information 273

IPX Network Interf aces 273

Configurin g IPX Net work Interfaces 273 IPX Network Interface Configuration Elements 275

General IPX Network Interface Configuration Elements 275

RIP IPX Network Interface Con figuration Elements 275

SAP IPX Network Interface Configuration Elements 276 IPX Network Interface Background Information 277

IPX Routing P rotocols 278

Configuring IPX Routing Protocols 278 IPX Routing P rotocol Configuration Ele ments 278 IPX Routing P rotocol Background Information 279

Routing/Service Tables 279

Special Conside r ations - Remo te LA N Inter f ace 280

IPX Static Routes 281

Configurin g IPX Static Routes 281 IPX Static Routes Confi g uration Elements 282 IPX Static Routes Background Information 282

IPX NetWare Static Servi ces 283

Configuring IPX NetWare Static Services 283 IPX NetWare Static Servi ces Configuration Elements 284 IPX NetWare Static Servi ces Background Information 285

IPX Spoofing 285

Configuring IPX Spoofing 285 IPX Spoofing Configuration Elements 286 IPX Spoofing Background Information 286

Watchdog Protocol 287

SPX Protocol 287

IPX Type 20 Packet Handling 288

Configuring IPX Type 20 Packet Handling 288 IPX Type 20 Packet Handling Configuration Elements 289

IPX Type 20 Packet Handling Device Configuration Elements 289 IPX Type 20 Packet Handling Background Informati on 289

IPX Isolated Mode 289

Configurin g IPX Isolated Mode 289 IPX Isolated Mode Configuration Elements 289 IPX Isolated Mode Background Information 290

IPX Triggered RIP/SAP 290

Displaying WAN Peer List 290 Configuring Triggered RIP/SAP Global Timers 291 Configuration Elements 291 Triggered RIP/SAP Back groun d In formation 292

Workgroup Remote Access Switch 13

USER’S GUIDE

IPX-Specific Infor mation for Devices 292

Configuring IPX Device s 292

WAN Devices 292

Remote LAN Devices 295 IPX Configuration Elements for Devices 296 IPX Background Information for Devices 297

IPX Triggered RIP/SAP Device Background 297

Configuring SNMP 298

Overview 298 Configuring SNMP 298 SNMP Configuration Elements 300 SNMP Background Information 301

Configuring AppleTalk Routing 3 0 5

Overview 305 AppleTalk Rou ting Option 305

Enabling AppleTalk Routing 305 AppleTalk Rou ting Option Confi guration Element 306 AppleTalk Routi ng Background Information 306

AppleTalk Ports 306

Configuring AppleTalk Ports 306 AppleTalk Ports Configuration Elements 307 AppleTalk Ports B ackground Information 308

The AppleTalk Network Type 308

Dynami c Node Address Assignment 308

The Zone Concept 309

AppleTalk Remote LAN 309

AppleTalk Static Rout e s 310

Configuring AppleTalk Static Routes 310 AppleTalk Routi ng Static Routes Conf iguration Elemen ts 311 AppleTalk Routi ng Static Routes Background Informati on 311

AppleTalk Capacities 311

Configuring AppleTalk Capacities 311 AppleTalk Capacities Configuration Elements 311 AppleTalk Capacities Background Information 312

AppleTalk Isolated Mode 312

Configuring the AppleTalk Isolated Mode 312 AppleTalk Isolated Mode Configuration Elements 312

Configuring Call Control 31 3

Overview 313 Throughput Monitor 313

Configuring the Throughp ut Monitor 313 Throughput Monitor Configuration Elements 314 Throughput Monitor Background Information 315

Overload Condition Monitori ng 316

Underload Condition Monitoring 316

Idle Condition Monit oring 317

Throughput Monitor Configuration Example 317

14 CyberSWITCH

Call Int erval Param ete r s 3 1 8

Configuring the Call Inter val P arameters 318 Call Interval Config urat ion Element s 318 Call Interval Background Information 318

Monthly Call Charge 319

Configuring Monthly Call Charge 319 Monthly Call Charge Configuration Elements 319 Monthly Call Charge Background Info rmation 319

Call Restrictions 320

Configuring Call Re strict ion s 320 Call Restriction Configuration Elements 320 Call Rest ri c tions Backg round Info rm a t ion 322

Bandwidth Reservation 323

Configuring Bandw idt h Res erv ation 323 Bandwidth Rese rvatio n Configur a tion Elem ent s 325 Bandwidth Reservation Background Information 326

Semipermanent Connections 326

Configuring Semipermanent Connections 326 Semipermanent Connections Configuration Elements 328 Semipermanent Connection s Background Information 328

Interactions with Other Features 328

VRA Manager as a Call Contro l Mana ger 33 0

Configuring VRA Mana ger for Ca ll Contro l 330 Configuration Elements 330 Background Informati on 331

Call Control Manage m ent 331

Limitations/Considerations 332

Configu ring Other Advance d O p tions 333

Overview 333 PPP Configuration 333

Configuring PPP 333 PPP Configuration Elements 334 PPP Background Information 335

PPP Link Failure Detection 335

PPP Reference Documents 336

Default Line Protocol 337

Configuring Default Line P rotocol 337 Default Li ne Protocol Configuration Ele ments 337 Default Line Protocol Background Informatio n 337

Log Options 338

Configuring Log Options 338 Log Options Configuration Elem ents 338 Log Options B ackground Information 339

Local Log File Overvie w 339

Syslog Server Overview 339

CDR Log Report Overview 340

Compression Options 345

Configur ing Compression Options 345 Compression Options Configuration Elements 345 Compression Option s Background Information 346

Compr ession and CCP 347

Workgroup Remote Access Switch 15

USER’S GUIDE

TFTP 348

Configuring TF TP 348 TFTP Configura tion Elem en ts 349 TFTP Background Information 349

File Attributes 350

Configuring File Attributes 350 File Attributes Configuration Elem ent s 350 File Attributes Background Inf orm ation 3 50

TROUBLESHOOTING 352

System Verification 353

Overview 353 Verifying Hardware Resources are Operational 353 Verifying WAN Lines are Available for Use 354 Verifying LAN Connecti o n is Operational 354 Verifying Bridge is Initialized 355 Verifying IP Router is Initialized 355 Verifying a Dedicated Con nection 356 Verifying a Frame Relay Connection 356 Verifying an X.25 Connecti on 357 Verifying Remote Device Connectivity 357 Verifying Multi-Level Security 357 Verifying IP Host Mode is Operational 359

Verifying IP Host is Initialized 359 Verifying IP Host Mode is Operational 359

Verifying I P Host Mode Operation ov e r a LAN co nne ction 359

Verifyi ng I P Host Mode Operation ov e r a WAN con nection 360

Verifying IP Routing Over Interfaces 360

Verifying IP Routing Over a LAN Interface 360 Verifying IP Routing Over a WAN Interface 361 Verifying IP Routing Over a WAN (Direct Host) Interface 363 Verifying IP Routing Over a WAN Remote LAN Interface 364 Verifying IP Routing Over a WAN UnNumbered Interface 365

Verifying IP Filters 366 Verifying IP RIP 366

Verifying IP RIP is Initialized 366 Verifying IP RIP Output Processing on a LAN Interface 367 Verifying I P RIP I nput Processi ng on a LAN Interface 368 Verifying IP RIP Output Processing on a WAN Interface 368 Verify IP RIP Inpu t Processing Oper ational on a WAN Interfac e 369

Verifying IPX Router is Initialized 370 Verifying IPX Routing is Operational 370

Verifying IPX Routing over a LAN Connection 3 71 Verifying an IPX Remote LAN Connecti on 371 Verifying IPX Rou ti ng over a WAN Connection 372 Verifying Triggered RIP/SA P 372

16 CyberSWITCH

Verifying the AppleTalk Routing Feature 372

Verifying AppleTalk Routing is Initialized 372 Verifying AppleTalk Routing is Operational 373

Verifying AppleTalk Routing Operational over the LAN connection 374

Verifying AppleTalk Routing Operation over a WAN connection 374

Verifying SNMP is Operational 375 Verifying the Dial Out Feature 376 Verifying Call Detail Recording 376 Verifying Compressio n is Op erational 3 77 Verifying Reserved Bandwidth is Operational 377 Verifying PPP Link Failure Detection is Operational 377 Verifying DHCP Relay Agent 378

Verifying DHCP Relay Agent Initialization 378 Verifying the Relay Agent is Enabled 379 Verifying the Relay Agent is Operational 379

Verifying DHCP: Proxy Client 380

Verifying DHCP Proxy Client Initialization 380 Verifying the Proxy Client is Enabled 381 Verifying the Proxy Client is Operational 381

UDP Ports 381

IP Address Pool 382

Verifying a Semipermanen t Conne cti on 382 Verifying Proxy ARP is Operational 382

Problem Diagnosis 384

Overview 384

General Procedures 384

LAN Adapter 384 Bridge Initializa tion 385 IP Routing Initialization 385 WAN Line Availability 385 Dedicated Co nnections 387 Frame Relay Connections 387 X.25 Connections 388 Remote Device Connectivity 389 Multi-Level Security 390 LAN Attach ment 390 IP Host Mode 391

IP Host Initialization 391 IP Host Mode Operation over the LAN connection 391 IP Host Mode Operation over the WAN connection 392

IP Routing Over Interface Connections 392

IP Routing Over the LAN Interf ace Co nnec tion 3 92 IP Routing Over a WAN Interface Connecti on 393 IP Routing Over a WAN (Direct Host) Interface Connection 394 IP Routing Over a WAN RLAN Interface Connection 395 IP Routing Over a WAN UnNumbered Interface Connection 396

IP Filters 396

Workgroup Remote Access Switch 17

USER’S GUIDE

IP RIP 397

IP RIP Initialization 397 IP RIP Output P rocessing on a LAN Interface 398 IP RIP Input Processing on a LAN Interface 398 IP RIP Output P rocessing on a WAN Interface 399 IP RIP Input Processing on a WAN Interface 399

IPX Routing 400

IPX Routing Initialization 400 IPX Routing ove r the LAN Connection 400 IPX Routing ove r the Remote LAN Connection 401 IPX Routing ove r the WAN Connection 402

IPX Routing and Service Tables 403

Triggered RIP/SAP Start Up 404 Triggered RIP/SAP Operation 404

AppleTalk Routing 404

AppleTalk Routi ng Initialization 405 AppleTalk Routing Operational ov er the LAN connection 405 AppleTalk Routing Operational ov er the WAN connection 407

SNMP 408 Dial Out 410 Call Detail Recording 411 Compression 412 DHCP: Relay Agent 413

Relay Agent Initializa tion 413 Enabling the Relay Agent 413 Relay Agent Operatio n 414

DHCP: Proxy Client 414

Proxy Client Initialization 414 Enabling the Proxy Client 415 Proxy Client Operation 415

Proxy ARP Operation 416

LED Indicators 418

Overview 418 Local Area Network LED Indicators 418 WAN LED Indicators 418

BRI LED Indicators 418 PRI LED Indicators 419 LANVIEW LEDs (CSX1200-E11-MOD) 420 NT1 Status LEDs (CSX1200-U4-MOD only) 421

Service I ndicator 422

Service I ndicator Re ma ins Lit 422 Service Indicator Blinks 423

Alarm LEDs (PRI Only) 424

18 CyberSWITCH

System Messages 426

Overview 426 Informational Messages 426

Boot Messages 427 Initialization Messages 427 Normal Operation Messages 427 Status Messages 427 Spanning Tree Messages 428

Warning Messages 428 Error Messages 428 System Message Summary 428

Trace Messages 487

Overview 487 Call Trace Messages 488

Call Trace Message Summary 489

IP Filters Trace Messages 494 PPP Packet Trace Messages 495

WAN FR_IETF Trace Messages 497

X.25 Trace Messages 497

X.25 Trace Message Summary 497

X.25 (LAPB) Trace Messages 500

X.25 (LAPB) Trace Message Summary 500

SYSTEM MAINTENANCE 502

Remote Management 503

Overview 503 SNMP 504

Installation and Configuration 504 Usage Instru ctions 505

Telnet 506

Installation and Configuration 507 Usage Instru ctions 508

TFTP 509

Installation and Configuration 509 Usage Instru ctions 510

Remote Installation with USER2 511

System Commands 513

Overview 513 Accessing Admin istration Servic es 513 Setti n g th e I P Ad d r e s s 5 14 Boot Device Comma nds 514 Accessing Dynamic Managem ent 515 Viewing Operational Inf orm ation 515 Viewing Throughput Information 520

Throughput Monitor Contents 521

Saving Operational Information 521

Workgroup Remote Access Switch 19

USER’S GUIDE

Clearing Opera tional Inf orm atio n 522

Configuration-R ela te d Comm an d s 522

Restarting the CyberSWITCH 523 Setti n g the D ate and Ti me 523 File Utility Commands 523 Terminating Admin istration Session s 524 AppleTalk Routing Commands 525 Bridge Commands 530 Call Control Co m ma nd s 531 Call Detail Recording Commands 534 Call Restriction Commands 534 Compression Information Commands 535 DHCP Com m an ds 53 5 Frame Relay Commands 535 IP Routing Commands 537 IPX Rou ting Commands 542 ISDN Usage Commands 544 LAN Commands 545 Log Commands 545 Packet Capture Commands 545 RADIUS Command s 549 SNMP Co mma nds 551 TCP Commands 551 Telnet Commands 551 Termina l Commands 554 TFTP Commands 555 Trace Commands 556 UDP Command s 5 5 7 User Level Security Commands 557 WAN Comm an ds 558 X.25 Commands 558

System Statistics 560

Overview 560 Connectivity Statistics 560 Call Restriction Statistics 560 Call Statistics 561 Throughput Monitoring Statistics 561 AppleTalk Statisti cs 562

AppleTalk Protocol Statistics 562

AppleTalk Data Delivery Protocol (DDP) Statist ic s 562

AppleTalk Echo Protocol (AEP) Sta ti stics 563

AppleTalk Rou ting Table Maintenance Protocol (RTMP) Statistics 564

AppleTalk Zone Informati on Protocol (ZIP) Stati stics 564

AppleTalk Name Binding Protocol (NBP) Statistics 565

AppleTalk Transaction Protocol (ATP) Statistics 565 AppleTalk Port Statistics 566

Bridge Statistics 567 Call Detail Recording Stat istic s 567 Compression St atistics 568

Compression Related Statistics 568 Decompressi on Related Stati stics 568

20 CyberSWITCH

DHCP Statistics 569

Common DHCP Statisti cs 569 DHCP Relay Agent Statistic s 570 DHCP Proxy Client Statistics 571

Frame Relay Statisti cs 572

Access Related Statis tics 572 PVC Related Statist i cs 574

LAN Stati st ics 575 IP Statistics 576

IP Group Statistics 576 ICMP Group Statistics 577

IPX Statistics 579

IPX General Statistics 579

IPX Basic System Table Statistics 579

IPX Advanced System Table Stati stics 580 IPX RIP Statis tics 581 IPX Triggered RIP Statistics 582 IPX Route Statistics 582 IPX SAP Statistics 583 IPX Triggered SAP Statistics 583 IPX Service Statistics 583

RIP Statist ics 584

RIP Global Stati stics 584 RIP Interface Statistics 584

SNMP Statistics 585 TCP Statistics 587 TFTP Statistics 588

Statistics for Serve r or Rem o te initia ted TF TP Ac tiv ity 588 Statistics for Loca l or Clien t Initia ted TFTP Ac tiv ity 589 Statistics for all TFTP Activity 589

UDP Statistics 590 WAN FR_IETF Statistics 591 WAN L1P Statistics 591

PRI S/T (T1/E1) Interface Statistics 591 Layer 1 PRI Error Stat istics 592 Layer 1 General Stati stics 592

WAN Statistics 593 X.25 Statistics 594

X.25 Access Related Statistics 594 X.25 Virtual Circuit (VC) Rel ated Statistics 595

Routine Maintena nce 59 7

Overview 597 Installing/Upgrading System Software 597 Executing Configu ration Changes 597

Configuration Files 597 Making Changes Using CFGEDIT 597 Making Changes Using Manage Mode 598

Configuration Backup and Restore 598 Obtaining System Custom Information 598

Workgroup Remote Access Switch 21

USER’S GUIDE

APPENDICES 599

System Worksheets 600

Network Topology 601 System Details 602

Resources 602 Lines 602 Accesses 603

Device Information 604 Bridging and Routing Info rm ation 605

Bridging 605 IP Routing 60 5 IPX Routing 606 AppleTalk Routing 607

CFGEDIT Map 608

Overview 608 Main Menu 608 Physical Resources Menu 609 Options Menu 610 Security Menu 613

Getting Assistance 616

Reporting Problems 616 Contacting Cablet ron Sy stems 616

Administrative Console Commands Table 618 Manage Mode Commands Table 625 Cause Code s Ta ble 629

INDEX 636

22 CyberSWITCH

SING THIS GUIDE

The User’s Guide is divided into the following parts:

YSTEM OVERVIEW

We begin with an overview of bridging, routing, and specific CyberSWITCH features. Next, we provide an overview for both the system software and hardware.

YSTEM INSTALLATION

In this sec tio n of the User’s Guide we provide guidelines for ordering ISDN service in the US, and a step-by-step descr iption of installi ng hardw a re and upgrading software.

ASIC CONFIGURATION

We define basic configuration as the configura tion n eeded by most devices . These are the areas of configuration that will get your system up and running. Note that not all configuration steps in this part are required. For example, if you are only using bridging, you will have no need to complete the configuration steps included in the chapter titled Configuring Basic IP Routing.

ECURITY CONFIGURATION

The CyberSWITCH pr ovides a great varie t y of security option s. For example, you may us e device level se cu rity, use r l eve l secur ity , or i f pr efe rred , no secu ri ty. You m ay al so perfo rm auth enti ca tion of a device/ user in different ways. The securi ty information may be store d on several dif f erent types of databases, either local ly or on a variety of remote databases.

System secu rity also allows the configurat ion of administ rative session (Telnet session) enhancements. This provides secure access to the system along with flexible control.

DVANCED CONFIGURATION

We defi n e advance d co n f igurati on as a way to fin e tu ne y o u r system, or to config ure opti ons that are not necessarily needed by the majority of devices. For example, use this sectio n to configure an alternate access, or to set up SNMP to manage your system.

ROUBLESHOOTING

Troubleshooting begins with information for verifying your system installation, and continues with steps to take if there are problems with the installation. Next, it includes a description of system LED indicators, followed by system messages and trace messag e s. Each message listing in these chapters provides the message itself, a message definition, and where appropriate, possible corrective actions.

YSTEM MAINTENANCE

In this section, we provide information to help you maintain your CyberSWITCH once it is operating. System maintenance information includes information regarding remote management, a chapter on both the system commands and the system sta tistics, and routine maintenance procedures.

USER’S GUIDE

APPENDICES

The User’s Guide provides the following appendices:

ETWORK WORKSHEETS

These worksheets are provided to help you gather pertinent infor mat i on for co n fi guring your

system. We recommend that you print copies of these blank forms and fill in the appropriate

information before you begin configuring your system.

CFGEDI T M

This map provides a guide thro ugh the Conf igur ation Ed itor str ucture, and may be a helpful

reference when configuring the CyberSWITCH using the CFGEDIT utility.

ETTING ASSISTANCE

This appendix provides information for getting assistance if you run into problems when

installing your system. A FAX form is included. You can print this form, fill out the information

requested, and FAX it to Cabletron Systems, using the provided FAX number.

DMINISTRATION CONSOLE COMMANDS

Provide s a tab ular listing of the syste m admi nistration console commands and their use s.

ANAGE MODE COMMANDS

Provide s a tab ular listing of the Manage Mode commands and their uses.

AUSE CODES

Provides a tabular listing of Q.931 Cause Codes and their meanings. These cause codes may

appear in call trace messages.

DOCUMENTATION SET

This guide, the User’ s Gu ide, provides information to install and configure your system. It also provides information you may need to refer to keep your system running efficiently after it is up and running. For example, it provides a li sting of system messages. Each message l i sting provides a definition of w hat the message means, and where appropriate, corrective action you can take. Many other subjects are covered, including routine maintenance, hardware information, system verifi cation, and problem diagnosi s.

This gu ide is one in teg ral part of th e e n t i re do cu m e n t a tion set. Pl ease refer to th e do cuments described below for additional information.

The Example Networks Guide includes several example networks, beginning with a simple network, and progressing to m ore complex networks. These example network chapters provide configuration instructions that you may find helpful in configuring your own similar network.

The Quick Start pro v ides abbr eviat ed insta lla tion and co nfiguration instructions for exper ie nced users. Specific instructions for setting up various ty p e s of remote devi ce s are also included.

The R ADIUS Authentication User’s Guide describ e s the setup of the RADIUS server software on a UNIX-based system. RADIUS (Remote Authentication Dial In User Service) provides multiple

24 CyberSWITCH

systems c entr al databa se ac cess for sec urity authenti catio n purpos es. I nstru ctions for ob tainin g th is electronic document ca n be found in Configuring Off -node Server Informatio n. If you have Internet access, you may obtain this guide by following the steps outlined below:

• Use your Web browser to get to the following address:

http:// ser vice.nei.com

• From the re su lting screen, click on Public.

•Click on the Radius director y.

•Click on the Docs directory. The guide will be under this directory.

The Release Notes provide release highlights and important information related to this release. The Release Notes may be disp layed during software ins tallation (or upgrade). They may also be displayed after the system is operatin g by issuing the

GUIDE CONVENTIONS

The following conventions are used throughout the documentation:

Syste m Commands All system comma nds (A dm inist rati on and Mana ge Mo de com mand s) are italic iz ed, and in a different font than the general text. For example, if you are instruct ed to enter the command to test for proper LAN connections, the command would appear as follows:

lan stats

list rel_note.txt

SING THIS GUIDE

Guide Conventions

console command.

CFGEDI T S CREENS Screens that appear on the monitor as you are configuring your system using the CFGEDIT utility will be displayed using the style shown b elow:

Main Menu:

1) Physical Resources

2) Options

3) Security

4) Save Changes

Select function from above or <RET> to exit:

ONITOR DISPLAYS

M Any messages or text that is displayed on your monitor w ill be shown in the style be low:

LAN Port <port #> is now in the LISTENING state

WAN Port <port #> is now in the FORWARDING state

LAN Port <port #> is now in the LEARNING state

LAN Port <port #> is now in the FORWARDING state

OCUMENTATION TITLES

All references to CyberSWITCH documentation titles will use the same font as normal text, but will be italicized. For example, all references to the User’s Guide will appear as:

User’s Guide

Workgroup Remote Access Switch 25

YSTEM OVERVIEW

We inc l u de th e f ollowin g ch a p te rs in the Syst em Overv i ew segment of the User’s Guide.

• The CyberSWITCH

Provides the “big picture” view of a CyberSWITCH network. We include an overview of

unique system features, interoperability, security, interfaces, system components, remote

devices, and switches supported.

• Hardware Overview

A description of system platforms.

• Software Overview

A description of the CyberSWITCH’s system and adminis trative software. We also include a

description of system files.

HE CYBER

Because of the strong personal computer presence in the business environment, a move to graphical user interfaces, and the need to make the best use of available resources, there is a growing demand for high speed LAN access for remote devices. PC users need to be part of a workgroup or ente rprise LAN, and remote access from home , field offices, and other r e mote locati ons has become a necessity.

With the de mand for remote LAN access, the remote device’s requireme nt for bandwi dth has exceeded the capabilities of traditional analog modems. High-speed digital dedicated lines can certainly provide su fficie nt band wi dt h for LAN inter con n ect ion . How ever , beca use of the high monthly charges associated with dedicated services, the costs are prohibitive for individual users.

New forms of networking are now possible and affordable using the Integrated Services Digital Network (ISDN) . ISDN is being deploy ed by majo r teleco mmunications companie s world- w ide.

With ISDN ser vices, t he costs o f LAN inte rconnect ion are b ased on ac tual usa ge — the user gets the bandwidth of dedicated digital service at dial-up prices.

Our products offer internetworking solutions for small businesses as well as large corporations.

SWITCH

THE CYBER SWI TCH NETWORK

This pa rti cul ar Cyb er SWIT CH model co nsi sts of an embe dded co mmun ica ti ons p la tf or m. It use s a flash file system (instead of a hard disk) an d a t wo-stage boot device to initi al ize the platform and download the system software. The system softw a re is preconf igured to allow immediate connect ion to a local area netwo rk (LAN) or a wide area net work (WAN) with Teln et and/or TFTP access.

This system is geared toward the small office, supporting two to eight (depending on model) simultane ous connection s. Yet the product offers a small of fice a variety of internetworking capabilities.

USER’S GUIDE

Workstation

Remote ISDN Bridge

Workstation

Host

BRI

CSX5500

ISDN

BRI

File Server

BRI

WORKGROUP REMOTE ACCESS SWITCH

Workstation

CSX1200

LAN

B1 B3

10BASE-TRXTXSERVICE

POWER

B2 B4

E1 ONLYB-CHANNELS

B25B27

B29

B31

B21B23

B17B19

B13B15

B9B11

B5 B7

E1DT1

B26B28

B30L1

B22B24

B18B20

B14B16

B10B12

B6 B8

Workstation

UNIQUE SYSTEM FEATURES

The CyberSWITCH combines unique features that improve cost-effectiveness, reliability, and performance for wide area network connections to remote devices. These features include:

• Authentication Servers

Provide a central database for networks with more than one CyberSWITCH. The central

database consists of manag e able, informational data (ref e rred to as the Device List or Device

Table). This data is acces sed and used for aut hentication when a n ew connection is esta blished

to the system.

• Bandwidth Agility

The system dynamically controls the bandwidth in use between itself and other PPP devices.

This is accomplished by estab lishing a nd dis c onn ecting calls . The num be r of calls is limited

only by the types and number of lines av ailable. The system monitors the connections for

utilization and will add and remove the connections based on user- configurable throughput

parameters. As network ba ndw id th requirem ent s increa se or decrea se, the system will

Workstation

(with BRI ISDN TA)

28 CyberSWITCH

THE C

YBER

Unique System Features

automati cally adju st th e nu mber of ne twork con nect ion s. Thus, your n et work costs w il l ref lec t

the actual bandwidth being used.

• Filtering

Allows you to control the flow of frames through the network. Filtering becom es nec essary if

you need to re strict remote access or con trol widespread transmission of sporadic messages.

Customer-defined filters can forward messages based on addresses, protocol, or packet data.

• Data Compressi on

Allows the system to negotiate compression algorithms with another device on the network.

After successfully negotiating com p re ssion, data is compressed by the remote device and

transmi tte d to the system. The system deco mp resses the data, processes the information

contained in the user data, and forwards the data as required. The system can receive data

coming over a WAN or a LAN, and compress the data before transmitting it to another device

on the network. The net effect is to increase interconnect bandwidth by de creasing

transmi ssion time. If neg o tiation for compression fails, data is transmitted uncompressed.

• Dial Out Capability

The system will dial out to remo te dev ices . Th is featur e allows the sy st em to accep t user data

receiv e d on the Ethernet LAN or I S DN network and initiate a data connection to the remote

device specified in the user data. This allows devices on the local LAN to initiate connections

to networks connected to the system over th e switched di gital network. The system monitors

the connection for utilization and will rem ove the connection when it becomes idle.

SWITCH

• Dynamic Management

Provides a “real-time” management mechanism that allows many system parameters to be

changed with out interrupting the curren t e xecution state of the system sof tware. This feature

consists of a series of con sole commands that enable a user to display current system

paramet ers , c ha ng e man y par ame ter s d yna mica lly , and wri t e cha ng es t o d isk f il es s o th at the y

remain permanent.

• High Speed Digital Connections

The system supp orts 56Kbps and 64Kbps co nnections to remote locatio ns. These dial- up digital

connections provide re liable high throughpu t connections for efficient data tr ansfer for the

same cost as analog connections. If any r e mote devices conn e cted to the system support multi-

link PPP, up to 32 parallel connections can be made at either 56Kbps or 64Kbps.

• IP Filters

The IP filters allow you to control the transmission of individual IP packets based on the packet

type. You can specify packet type by IP address (source or destination) or by IP protocol (TCP,

UDP, ICMP).

Once you specify a packet type, two forms of IP filtering are available:

• Forwarding Filters, applied at discrete points of the IP processing path to determine if a packet continues its normal processing, and a

• Connection Filter, which determines if an IP packet requiring a WAN connection may continue.

•Packet Capture In order to monitor incoming LAN data, the CyberSWITCH packet capture feature will allow you to capture, display, save, and load bridged or routed data packets.

Workgroup Remote Access Switch 29

USER’S GUIDE

• Protocol Discrimin ation It is possible for multiple types of remote devices to use the same line. The system can determine the device type and the protocol encapsulation used by remote devices.

• RS232 Port: Dual Usage If your installation requires you to process PPP-Async data, this feature allows you to use the RS232 port for either console acc ess or a serial data connection. This dual usage is possible throu gh the CyberS W ITCH’s s u p p or t o f Au t osense mo de and Ter minal mo de :

• Autosense mode determines whether you are trying to connect using a VT emulation or PPP-

• Terminal mode assumes that y ou o nly wa nt to co nnec t usi ng VT emul atio n. A logi n prom pt

•Security Security is a key issue for all central site network mana gers and is a priority with the CyberSWITCHs. The modules provide high level features that help prevent unauthorized or inadver tent acc ess to c riti cal data and reso urces. The mo dules su pport ex tensiv e secu rity lev els including:

• PPP PAP and CHAP

• User n a me a n d pa ssword

• Calling Line ID (CLID)

• Ethernet Address

• User Authentication

• Device Authentication

• SecureFas t Virtual Remote Access (SFVRA)

• TACACS Client with Radius Server

•RADIUS

• Security Dynamic’s ACE/SecurID

Async, and connects you appropriately. (VT emulation requires you to perform four carriage returns to receive a login prompt.)

is displayed as soon as the connection is made.

• Simultaneous Connections The system supp orts simultaneo u s connectio n s to multiple l o ca t i ons. Thes e lo ca tions can connect by using different channels on the same line, or they can connect on different lines. This pooling of lines among many potential loc ations is more cost effective than alternative pointto-point lines.

INTEROPERABILITY OVERVIEW

“Interoperability” is the ability to operate and exchange information in a heterogeneous network. The CyberSWITCH supports interoperability with many different remote devices over ISDN.

INTEROPERABILITY PROTOCOLS

In order to commun icate wi th vari ous remot e devic es over I SDN, the CyberSWI TCH must i dentif y the device type and the protocol it is using.

The CyberSWITCH supports the following line protocols:

• HDLC Ethernet Frames

• Ordered Protocol for Ethernet Frames

• Point-to-Point Protocol (PPP) Encapsulation for IP Datagrams

30 CyberSWITCH

The CyberSWITCH supports the following PPP protocols:

• Link Control Protoc ol (LCP)

• Multilink Protocol (MLP)

• Authentication Protocols

Challenge Handshake Authentication Protocol (CHAP) Password Authentication Protocol (PAP)

• Network Con trol Protocols (NCP)

Interne t P rotocol Control Protocol for TCP/IP (I PCP) Intern e t work Packet Exchange Co ntrol Protoc ol for IPX (IPXCP) Bridge Control Pro toc ol for bridg es (BCP)

• Compressi on Contro l Protocol ( CCP)

• AppleTalk Control Protocol (ATCP)

The CyberSWITCH supports the fo llowing AppleTalk protocols:

• EtherTalk Link Access Protocol (ELAP)

• AppleTalk Address Resolution Protocol (AA RP )

• PPP AppleTalk/AppleTalk Control Protocol (ATCP)

• Datagram Delivery Protoco l (DDP )

• Routing Tab le Maintenance Protocol (RTMP)

• AppleTalk Echo Protocol (AEP)

• Name Binding Protocol (N BP)

• Zone Inform ation Protocol (ZIP)

THE C

YBER

SWITCH

Interoperability Overview

INTEROPERABILITY DEVICES

Remote devi ces that may connect to the Cyb erSWITCH incl ude the follow in g:

• MAC Lay er Bridges

•IP Host Devices

• IP Router Dev ices

• IPX Route rs

• AppleTalk Routers

MAC layer bridge s connec t to the syste m using the HD LC bridge encap sula tion line p rotoc ol . These devi ces send transpar ently bridged E therne t frames to the sy stem. MAC layer br idges do not process ne twork layer protocols. The y forward all packets based on source and destination MAC addresses.

IP Host devices are single workstations or PCs that co nne ct to the system at the IP network layer. These devices use either the RFC1294 based protocol or PPP to communicat e with the system.

IP router devices are single devices that represent many ot her IP hosts and routers to the system. They must use the CHAP or PAP protocol to identify themselves to the system . IP routers usually provide IP network address information at connection time (and use PPP to send user data to the system).

IPX routers are single devices that perform netw ork layer tasks (addressing, routing, and switchin g) to move packets from one location on the network to anot her. IPX ro u te rs use the Internetwork Packet Exchange (IPX) protocol, typical of the NetWare environment.

AppleTalk routers route AppleTalk datagrams based on address information. They support the following protocols: RTMP, NBP, and ZIP.

Workgroup Remote Access Switch 31

USER’S GUIDE

SECURITY OVERVIEW

The system provides se veral options for valid ating remote devices and for managing netwo rk security. The security options available are dependen t on the remote device type, type of access , and the level of security required.

Levels of security include no security, device level security, user level security, and multi-level security. Device level security is an authentication process between devices, based on protocol and preconfigured information. Sec urity information is configured either in the system’s On-node Device Dat abase, or in a central databa se su ch as the VRA Manager. Here the networ k administrator specifies all of the security inform ati on for each indiv idua l user. A portion o f this information is used to identify the remote device. The remaining data is used to perform user validation after user identification has been complete d.

User level security is an interactive process. It is currently supported on t he system through the TACACS or ACE server programmed for use with secu rity token cards. With user level security,

the potential network user explicitly connects to the server and must properly “converse” with it in orde r to co n ne c t with othe r de vi c e s b e yond the se rver.

Import ant to user leve l authentication is the security token card. This card, programmed in conjun ction with the authenti cation server, gene rates random passwords . Th ese passwo rds must be supplied correctly at syst em login tim e, or acces s to the networ k will be den ied. The secur ity token cards should be issue d to each user on the network to properly maintain system integrity.

Multi-level security provides device level security for all remote devices. Individual devices may be configu red for user level authentication as wel l. In this case, device level authen tication takes place between the system and the remote device. Then a specific user must initiate user level authentication by starting a Telne t se ssion. Both levels of authen tication must be satisfie d before traff ic can pass.

NETWORK INTERFACE OVERVIEW

The network interface is the physical connection of the CyberSWITCH to a data network. For example, the Ethernet resource in the system provides a net work interface to an Ethernet LAN. The ISDN lines in th e s yste m prov i de netw ork i nter fac es t o mu ltip le r emote net wor ks. Beca use of th eir switched nature, the ISDN lines provide virtual network interfaces. That is, the same physical ISDN line can actually c onnect to different remote networks by d ialing a different phone number.

The CyberSWITCH provi des a set of network interfaces that give you a wide range of flexibility. The network interfaces provi ded by the system are:

• LAN IP Network Interface

• LAN IPX Network Interface

• WAN IP Network Inte rface

• WAN (Direct Host) IP Network Interface

• WAN RLAN IP N etwork Interface

• WAN RLAN IPX Network Interface

• WAN (UnNumbered) Network Interface

32 CyberSWITCH

THE C

YBER

SWITCH

System Components

The variety of network interfaces allows the installation of a wide range of de vices at remote sites. As illustrated below, you can simultaneously choose bridges, routers, or host devices based on the speci f ic re mote si te re qu i r e ments.

192.1.1.2

128.1.1.3 Host

128.1.1.2 Host

Host

(or Router)

WAN Direct Host

Interface

WORKGROUP REMOTE ACCESS SWITCH

ISDN

POWER

192.1.1.3 Router

(or Host)

WAN

Interface

192.1.1.1

LAN

B13B15

B9B11

B5 B7

B1 B3

10BASE-TRXTXSERVICE

E1DT1

B14B16

B10B12

B6 B8

B2 B4

E1 ONLYB-CHANNELS

B25B27

B29

B31

B21B23

B17B19

B26B28

B30L1

B22B24

B18B20

RLAN Interface

100.1.1.1

100.1.1.2

Remote

Bridge

100.1.1.3

Remote

Bridge

In the diagram above, t he LAN Interface 128.1. 1.1 is attach ed to the IP network 128. 1.0.0. The WAN Direct Host Int erface represent s LAN Interface 128. 1.1.1 and all ows the remote IP h osts to share the network address space of 128.1.0.0. The WAN Interface 192.1.1.1 is logically attached to the IP network 192.1.1.0. The RLAN Interface 100.1.1.1 is logically attached to the IP network 100.1.1.0.

SYSTEM COMPONENTS

The majo r co m p o ne nt s of th e CyberSWI TC H ar e :

• System hardware consisting of a platform and an administration port provided by the platform.

• Four main categories of system software: The boot device gains control at power-up. It runs diagnostics, downloads new versions of operational software , and prepares the host processor for execution of operational software. The flash file system store s a compressed image of operational software and I/O system software. It also stores other necessary files for configuration and information storage. The operational software provides system functionality, such as download and initialization of the I/O subsystem. The I/O subsystem handles LAN I/O.

• Remote I S DN devices which interop e rate with the system and allow device ac ce ss to network resources.

More deta iled desc ripti ons of sy stem so ftware an d hardwar e are included in the nex t two chap ters . The following section describes remote I S DN devices.

LAN Interface 128.1.1.1

Workgroup Remote Access Switch 33

USER’S GUIDE

REMOTE ISDN DEVICES

The CyberSWITCH provi des a centralized concentrator function for remote ISDN devices. The devices can be separated into the following categories:

• remote ISDN bridge devices

• PC based terminal adapters

• ISDN enabled workstations

• other ISDN routers

Typical remote ISDN bridges provide one Ethernet port and one basic rate ISDN port. The basic rate port is connected to the switched digital network and is used to make connections to the CyberSWITCH. The Ethernet port is used to connect to a remote LAN. The remote bridge device sends Ethernet frames from devices on the remote LAN over the swi tched network.

PC-based terminal adapters connect to a remote personal computer an d us e the switched d igital network to con nect to the system. The terminal adap te r sends network protocol specific frames from the host PC device over the switched network.

Workstat ion-based terminal adapters con nect to a workstation and use the swi tched digital network to con nect to the system. The terminal adap te r sends network protocol specific frames from the wor kstation over the switche d network.

34 CyberSWITCH

SWITCHES SUPPORTED

Switch types supported by the CyberSWITCH’s basic rate and primary rate ISDN adapters:

Type of Switch Basic Rate Primary Rate

AT&T #4ESS NA Yes AT&T #5ESS Yes Yes

AT&T Definity Yes Yes

AT&T Legend Yes NA

NET3 Yes NA

NET5 NA Yes NT DMS 100 Yes Yes NT DMS 250 NA Yes

NT SL-100 Yes Yes

THE C

YBER

SWITCH

Switches Supported

NTT Yes Yes

NI-1 Yes NA TS013 Yes NA TS014 NA Yes

1TR6 Yes Yes

Switch support may vary from country to country. Use the following as a guideline:

Country Switches supported

(BRI lines)

Australia TS013

NET3

Germany 1TR6

NET3

Japan NTT NTT

United States AT&T 5ESS

AT&T Definity

AT&T Legend

NT DMS 100

NI-1

Switches supported

(PRI lines)

TS014 NET5

1TR6

NET5

AT&T 4ESS AT&T 5ESS

AT&T Definity

NT DMS 100 NT DMS 250

NT SL-100

International NET3 NET5

Workgroup Remote Access Switch 35

ARDWARE OVERVIEW

The Cybe rS W I TC H is an embedded communications platform. It uses a flash file system (instead of a hard disk) an d a two-stage boot device to initialize the pla tform and download system softwa re. System so ftware is pre configured to allow immediat e connection via a Local Area Network (L AN) or Wid e Ar ea Ne two rk (WAN) wi th Te lnet and/ or TF TP a ccess. T he s oft ware can also be accessed via the RS232 por t on the system, and a terminal - e m u l a tion soft wa r e p a ck a ge .

The Cybe rS W I TC H offers flexibility. With its internetworking capabilities, you may use it as a

stand-alone devi ce to service small businesses. Or , you may use it as a router with a larger “hub,” fielding data packets and forwarding them.

The Cybe rS W I TC H works with a mix of bridges, routers, hosts, P Cs, and workstations. These combinations provide internetworking capabilities that will allow LAN-to-LAN applications such as telecommuting, electr on ic mail, mult i-m e dia transm is sion, imaging, and CAD.

This chapter includes safe ty conside r ations and a des crip tion of Wor kgrou p Cybe r SWIT CH platforms and modules.

SAFETY CONSIDERATIONS

The CyberSWIT CH contains a lithium battery to supp ort its time-keeping functi ons. It is a longlasting battery, and was not intended to be user-replaceable. In the unlikely event that you have a problem wi th the battery , contact your distri butor for rep lacement.

CAUTION: Danger of explosion if battery is incorrectly replaced. Replace only with the same or

equivalent type recommended by the manufacturer. Di scard used batteries according to the manufacturer’s instructions.

SYSTEM PLATFORMS

THE CSX1000 AND NE LINK 1000 (A NETWORK EXPRESS PRODUCT)

The following table summarizes the CSX1000 an d NE Link 1000 platform options.

Model # Ports # Connections

CSX1001 one BRI port two connections NE Link 1000-B2 one BRI port two connections NE Link 1000-B4 two BRI ports four connections NE Link 1000-B8 four BRI ports eig h t co n nection s

The platform shown below, the NE Link 1000 B8 platform, support s four BRI ports or eight

connect ions . The B2’ s fro nt p anel is si mil ar, but h as one b ank of WAN LED indi cator s fo r i ts sin gle BRI line.The B4’s front panel is also similar, but ha s two banks of WAN LED ind icators for its two BRI lines.

ARDWARE OVERVIEW

System Platforms

Network

Express

BRI (Termination switches behind plate; see diagram

LINK

-1000

Power

LAN

AUI

10BASE - T

CAUTION

FOR CONTINUED PROTECTION AGAINST RISK OF FIRE, REPLACE ONLY WITH SAME TYPE AND RATING OF FUSE.

Service

The NE Link 1000 B8

Line

CH-1 CH-2

CH-1 CH-2 CH-1 CH-2 CH-1 CH-2

SYNC D-CHAN

10Base-T

Line

SYNC D-CHAN

FUSE TYPE: IEC 127/ III RATED F1.6AL-250V

Line

SYNC D-CHAN

INPUT

85-250V 47-63 - 1.6A MAX

CONSOLE

Workgroup Remote Access Switch 37

USER’S GUIDE

The CSX1001, shown below, is equivalent to the NE Link 1000 B 2.

WORKGROUP REMOTE ACCESS SWITCH

LATFORM DESCRIPTION

The NE Link 1000 and CSX1000 platforms consi sts of two processors (the 80386 EX and the 80960 SA), system memory, a nd interface adapters. The front of the platforms have a series of LED indicators. These indicat ors light up to indicate power, service, LAN access, and WAN access. On the back of the platfor m is the ON/OFF switch, connectors for power, the LAN, the W AN, and an administr ation port for local or rem ote adminis trati on consol e attachmen t. There is a fan housed in the rear of the platform, as well as side venting on the unit.

BRI (Termination switches behind plate; see diagram

POWER

LAN

10BASE-TRXTXSERVICE

CAUTION

FOR CONTINUED PROTECTION AGAINST RISK OF FIRE, REPLACE ONLY WITH SAME TYPE AND RATING OF FUSE.

AUI

The CSX1001

LINE

CH-2

CH-1

D-CH

SYNC

INPUT

85-250V 47-63 - 1.6A MAX

10Base-T

CONSOLE

FUSE TYPE: IEC 127/ III RATED F1.6AL-250V

AGI

The front panel has a series of indicators. The POWER indicator will remain lit while the unit is on. There are also LAN, WAN, and service indicators. For a more detailed description of each LED indica t or , re f e r to L ED Indicators.

The unit’s ON/OFF switch is located in the upper right corner of the back panel. Directly below this switch ar e the AC power input and fuse bo x. Note that the unit requir es a 250V, 5 x 20 mm timelag fuse rated at 1.6 amps. The back panel also provides connectors for WAN and LAN access, as well an RS232 port for an adminis tration console. The RS232 port is also available for PPP-Async data transfer. The fan grill on the back panel, as well as the venting on the side panel, should not be obstructed.

38 CyberSWITCH

ARDWARE OVERVIEW

System Platforms

The two connectors available for LAN access are the AUI Ethernet and the 10Base-T. Only one of the two ports may be activated at a time. If you a ttempt to use both, the system hardware automatically defaults to the 10Base-T port. Note that the AUI port has a slide-latch mechanism to lock that connection into place.

The back panel also provides connectors for BRI lines. Depending upon platform option, connectors are available for one, two, or f our BRI lines (providi ng from two to e ig ht connecti ons). These lines are identified by the numbers 1 thr ough 4 stamped on the plate adjacent t o the port. The plate can be rem oved by taking out the two screws. Underneath thi s plate are one, two, or four pairs of DIP switches (again, option dependent). These switches control the terminating resistors for the Basic Ra te I nt erfac e a nd s h oul d be set in th e sa me d ire cti on. If th e s witc he s are UP, t he swit che s are

“on,” meani ng the resistors for the connector are providing term ination for the BRI line. I n the event that both switc hes are no t set in the same direc tion, i mproper oper ation may r esult. Note that the system is shipped with the switches activated (ON). For further clarification, refer to the following illustration.

BRI port, plate on:

Screws which secure plate

BRI port, plate off:

line 4 switches line 3 switches line 2 switches line 1 switches

If both switches in pair are in UP position, switches are ON.

switches 3&4 control line 1 (ON in illustration)

switches 1&2 control line 2 (ON in illustration)

For the B2 platform option, switches 3&4 control line 1;

switches 1&2 are not used.

1 2 3 4

For all types of co nnec tion s, there must be ter minati ng resis tor s at each en d of the li ne. For a Pointto-Poin t connection, the 1000 platform is at the end of the line, so these DIP switches must be ON to provide proper termination. In a Point-Multipoint connection, DIP switch settings are dependent upon the physical configuration of the line. If the 1000 platform is at the end of the line, the terminating resistors should be activated (DIP switches ON). If another device at the end of the line is providing termination, the 1000 platform’s terminating resistors should be deactivated (DIP switches OFF) .

Workgroup Remote Access Switch 39

USER’S GUIDE

Refer to the following figure, which illustrates a BRI Point-Multipoint configuration.

1 2 3 4

Workstation

(Terminating resistor OFF)

Telephone Company

WORKGROUP REMOTE ACCESS SWITCH

YSTEM CHARACTERISTICS

LINE

LAN

POWER

10BASE-TRXTXSERVICE

CH-2

CH-1

D-CH

SYNC

(Terminating resistor ON;

end of the line)

Physical Char acteristics:

Height: 76.2 mm (3 in) Width: 304.8 mm (12 in) Depth: 228.6 mm (9 in) Weight: approximately 3.2 kg (7 lb)

Environmenta l Characterist ics:

Operating Temp: 0° to 40° C (32° to 104° F) Operating Humid ity: 5–95% non-condensing

Operating Altitude: 3000 m maximum (10, 000 ft maximum) Non-operating Shock: 50 G, 11 ms, 1/2 sinewave Storage Temperature: -40° to 85° C (-40° to 185° F)

AGI

OFF

WORKGROUP REMOTE ACCESS SWITCH

1 2 3 4

LINE

LAN

10BASE-TRXTXSERVICE

POWER

CH-2

CH-1

D-CH

SYNC

(Terminating resistor OFF)

AGI

Telephone

(Terminating resistor OFF)

NT-1

(Terminating resistor ON;

end of the line)

Electrical Characteristics AC Power Input:

Voltage: 100-125 VAC/200-240 VAC Frequency: 50/60 Hz Fuse: 1.0/0.5 am p s , 25 0 V Power: 50 watts maximum

Note: Main circuit card fuse labeled F1 is rated at 0.5A 63V. This fuse protects the 12V

40 CyberSWITCH

AUI circuitry on the main board. This fuse is a factory servic eab le item only.

Regulatory Compliance:

Meets or exceeds the following: Safety: UL 1950, CSA C22.2 No. 950, EN 60950, IEC 950,

EMI: FCC Part 15, EN 55022, CSA 108.8, EN 50082-1,

and 72/23/EEC

VCCI V-3, and 89/336/EEC

ARDWARE OVERVIEW

System Platforms

Workgroup Remote Access Switch 41

USER’S GUIDE

THE CSX1200

The following table summarizes the CSX1200 platform options.

The platform s hown below i s the PRI versi on of t he CSX1200 (t he CSX1223) . Note t hat all CSX1200’s back panels have two slots for future add- on mo du les.

Model # Ports # Connections CSX1201 one BRI port 2 connec ti on s CSX1204 four BRI ports 8 connections CSX1223 one PRI port 23 T1 connections or

30 E1 connections

WORKGROUP REMOTE ACCESS SWITCH

SLOT 1

AIS LOF RAI LOS

POWER

LAN

10BASE-TRXTXSERVICE

AUI

CSX1223 - PRI Version

SLOT 2

B1 B3

B2 B4

B5 B7

B6 B8

10Base-T

B9 B11

B10 B12

S L O T

4 S

L O T

CONSOLE

B13 B15

B14 B16

E1 ONLYB-CHANNELS

B25 B27

B29

B21 B23

B17 B19

E1 D

B22 B24

B18 B20

B31

T1 D

B26 B28

B30 L1

42 CyberSWITCH

ARDWARE OVERVIEW

System Platforms

Below we illustrate the front panel of the CSX1204 - the four port BRI version of the CSX1200.

WORKGROUP REMOTE ACCESS SWITCH

LATFORM DESCRIPTION

The CSX1200 platform was designed to provide distributed network access for a branch office or small central site. The CSX1200 is based on th e NE Link 1000 platform with two major additions. The NE Link 1000 is available only with a BRI interface, whereas the CSX1200 is available with either a BRI or a PRI interface. Also, unlike the NE Link 1000, the CSX1200 includ es two slots for user installed add-on module s.

Refer to the NE Link 1000 platfor m des cription for information relevant to the CSX1200’s BRI version.

The chassis of the CSX1200’s PRI versi on is similar to the BRI versio n with th e following differences:

• the line LEDs are labeled differently (front panel), reflecting the differences between PRI and BRI lines

• the PRI version has an extra bank of LEDs on its back panel

• there is no removable plate over the PRI connector (no DIP switches to set for the PRI versi on)

POWER

CSX1204 - BRI Version

LAN

10BASE-TRXTXSERVICE

LINE

CH-1

SYNC

LINE

CH-2

CH-1

D-CH

SYNC

LINE

CH-2

CH-1

D-CH

SYNC

LINE

CH-2 D-CH

CH-2

CH-1

D-CH

SYNC

AGI

For a description of the LED indicators, refe r to the LED Indicators chapter.

YSTEM CHARACTERISTICS

Physical Char acteristics:

Height: 76.2 mm (3 in) Width: 304.8 mm (12 in) Depth: 228.6 mm (9 in) Weight: approximately 3.2 kg (7 lb)

Environmenta l Characterist ics:

Operating Temp: 5° to 40° C (41° to 104° F) Operating Humidity: 5 to 95% non-condensing Operating Altitude: 3000 m maximum (10, 000 ft maximum) Non-operating Shock: 50 G, 11 ms, 1/2 sinewave Storage Temperature: -30° to 90° C (-22° to 194° F)

Workgroup Remote Access Switch 43

USER’S GUIDE

Electrical Characteristics AC Power Input:

Voltage: 100-125 VAC/200-240 VAC Frequency: 50/60 Hz Fuse: 1.0/0.5 am p s , 25 0 V Power: 50 watts maximum

Note: Main circuit card fuse labeled F1 is rated at 0.5A 63V. This fuse protects the 12V

Regulatory Compliance

Meets or exceeds the following: Safety: UL 1950, CSA C22.2 No. 950, EN 60950, IEC 950,

EMI: FCC Part 15, EN 55022, CSA 108.8, EN 50082-1,

CABLING INFORMATION

The following sections provide cabling information for the following accesses:

•LAN

• Back-to-Back

•WAN

• Administration Console

AUI circuitry on the main board. This fuse is a factory servic eab le item only.

and 72/23/EEC

VCCI V-3, and 89/336/EEC

LAN A

CCESS

The Cybe rS W I TC H’ s int e rna l Et he rnet interfa ce p ro vid e s dir e ct su pp o rt fo r a sin gl e Et h e rn et (or

802.3) LA N, which allows remote routing of LAN data. Since the system is a factory-customized

product, there is no need to install specific adapter boards. Access to the LAN is very simple via connectors on the syst e m’s back panel . Connections to the Et hernet LAN may be made ei ther through the 15-pi n AUI connector (10Base5) or the RJ45 connector (10Base-T). A 10Base2 connection is also possible with the AUI connector by using a 10Base2 conversion MAU. Once a particu lar connection is made to either the AUI or the 10Base-T, the system’s LAN interface hardware activates that connection.

For coax connections, a Media Access Unit (MAU) is required for the LAN port on the CyberSWI TCH. This is not normally included with our product. To reiterate, the options for connection are:

1. 10Base-T (Twisted Wire Ethernet) RJ-45

2. 10Base5 (Thick Ethernet) AUI External MAU required

3. 10Base2 (Thick Ethernet) AUI 10Base2 conversion MAU required

An AUI cable can be used between the Ethernet LAN adapter and the MAU. The AUI cables (as well as the MAU) are not shipped with our product.

44 CyberSWITCH

ARDWARE OVERVIEW

System Platforms

For informational purposes, here are the pin list and signal assignments for the 10Base - T LAN connector:

Pin Signal Function

1 Transmit +

2 Transmit -

3 Receive +

4 NC No Connect 5 NC No Connect 6 Recei ve -

7 NC No Connect 8 NC No Connect

Note: The 10Base-T connecto r an d the W AN conn ect or are both RJ 45 con necto rs . Howe ver , th ey

do have different electrical interfaces. Take care to keep these separate.

ACK-TO-BACK SETUP

A back-to-b ack se tup all ows you t o connec t a Cyber SWITCH to a PC (or other dev ice) using 10Ba seT and without going thr ou gh the LAN Hub. In order to accommodate such a set u p , y ou will need a 10Base-T cr ossover patch cord. (This patch cor d plugs into the 1 0Base-T LAN port on the CyberSWITCH, and then directly connects to the other device). This patch cord should be terminated with two RJ 45 connect ors, with the following wire crossover:

12345678

Ethernet 10Base-T Crossover Patch Cord

wht/ora ora/wht wht/blu blu/wht wht/grn grn/wht wht/brn brn/wht

1 2 4 5 3 6 7 8

12345678

Workgroup Remote Access Switch 45

USER’S GUIDE

WAN ACCESS

Since the CyberSWITCH is a factory-customized product, there is no need to install specific adapter boards in order to acces s the WAN. Connections for the internal BRI interface are made at the sys-

tem’s back panel. On the B2, a basic rate line will connect to the RJ-45 connector labeled 1. On the B4, up to two basic rate lines will connect to the ports labeled 1 and 2. On the B8, up to four basic rate lines will connect to the ports labeled 1 through 4.

For informational purposes, the pin list for the BRI connector follows:

Pin and Si gnal Assignment for the RJ-45 Connector

Pin Signal Function

1 NC No Connect 2 NC No Connect 3 TX + to Network Transmit to Line (T) 4 RX + from Network Receive from Line (T) 5 RX - from Network Receive from Line (R)

Note: The 10Base-T connecto r an d the W AN conn ect or are both RJ 45 con necto rs . Howe ver , th ey

do have different electrical interfaces. Take care to keep these separate.

Basic Rate Interface

Accessing service s such as NTT's INS-64, BOC's Centrex Basic Rate ISDN, or PBX's basic rate li nes is possible using the system’s BRI interface.

Each BRI por t on the system provides two 64 Kbps channels for data and a 16Kbps signaling channel ( 2B+D ). Both B ch ann el c on necti ons ca n be acti ve at the sa me ti me, to the s ame o r dif fer ent destinations.

The internal BRI i nterface provides up t o four 4-wire S/T in terfaces wit h separate RJ-45 c onnectors. It uses external NT1s (when necessary) to connect to the public ISDN. External ISDN terminal adapters are not needed.

In Japan, NTT provides a dedicated service called High Speed Digital-I that uses the same BRI interface. This can be ei ther a 64Kb or 12 8Kbps leased circuit. The BRI int erface supports from one to four HSD-I circuits, depending on the model.

6 TX - to N e t work Transmit to Line (R) 7 NC No Connect 8 NC No Connect

46 CyberSWITCH

ADMINISTRATION CONSOLE ACCESS

The Console connector is an RS232 connector which provides dedicated asyn chronous connection . This async connection is available for administration console management or PPP-Async data transfer. The intern al RS232 i nt erface is preconfigured for DTE, provid ing a male 9- pin por t connector for the administration console hook -up. The default baud rate is 9600.

For informational purposes, the pin list for the console follows:

Pin and Signal Assignment for the RS232 Connector(s)

Pin Signal Function

1 CD Carrier Detect 2 RXD Receive Data 3 TXD Transmit Data 4 DTR Data Terminal Ready 5 GND Ground

ARDWARE OVERVIEW

System Platforms

6 DSR Data Set Ready 7 RTS Request to Send 8 CTS Clear to Send 9 RI Ring Indicator

Workgroup Remote Access Switch 47

USER’S GUIDE

SYSTEM MODULES

THE CSX1200-E11-MOD

The CSX1200-E11-MOD is an i nternal 11 por t Ethernet hu b option card for t he CSX1200 family. The CSX1200-E11-MOD is availabl e for both th e BRI (CSX1201, CSX1204) and PRI (CSX1223) models. The CSX1223 is shown below.

WORKGROUP REMOTE ACCESS SWITCH

B21 B23

B22 B24

E1 ONLYB-CHANNELS

B25 B27

B29

B31

T1 D

B26 B28

B30 L1

9 8 7 11 10

AIS LOF

RAI LOS

SLOT 1

POWER

6 5 4 3 2 1

AUI

LAN

B1 B3

10BASE-TRXTXSERVICE

B2 B4

SLOT 2

B5 B7

B6 B8

B9 B11

B10 B12

10Base-T

B13 B15

B14 B16

S L O T

4 S

L O T

CONSOLE

B17 B19

E1 D

B18 B20

CSX1223 with CSX1200-E11-MOD

The internal hub addition provides affordable LAN device co nnectivity. The ba ckplane has eleven RJ-45 modular jacks. Ten of those jacks may be used to connect to PCs. One jack is used to provide the internal hub with LAN connectivity to the CSX1200 device (see following graphic).

48 CyberSWITCH

ARDWARE OVERVIEW

System Modules

9 8 7 11 10

SLOT 1

AIS LOF RAI LOS

6 5 4 3 2 1

SLOT 2

AUI

10Base-T

S L O T

4 S

L O T

CONSOLE

LAN Connectivity

PC Connectivity

The hub is equipped with LANVIEW LEDs. These LEDs are comprised of three types: receive, link, and collision. Refer to the LED Indicators chapt e r fo r furt h er information.

For instal lation instructions refer to the Hardwa re Inst allat ion chapter.

Workgroup Remote Access Switch 49

USER’S GUIDE

THE CSX1200-U4-MOD

The CSX1200-U4-MOD is a U-interface option card for the CSX1200 family. This m odule is only relevant for applications in North America, since North American telephone companies typically do not provide the needed U-interface conversion. The CSX1200-U4-MOD performs the function of an external NT1, and i s avail able for the BRI (1201, 1204) CSX1 200 mode ls. Below, we show the module installe d in a CSX1 2 23.

WORKGROUP REMOTE ACCESS SWITCH

B21 B23

B22 B24

E1 ONLYB-CHANNELS

B25 B27

B29

B31

T1 D

B26 B28

B30 L1

SLOT 1

POWER

LAN

B1 B3

10BASE-TRXTXSERVICE

B2 B4

S/T U S/T U S/T U S/T U

1234

SLOT 2

AUI

B5 B7

B6 B8

10Base-T

B9 B11

B10 B12

B13 B15

B14 B16

S L O T

4 S

L O T

CONSOLE

B17 B19

E1 D

B18 B20

CSX1223 with CSX1200-U4-MOD

The module consists of four pairs of numbered RJ 45 p orts. To activate the instal led module, you must properly connect the CSX1200 BRI ports to the corresponding S/T interface ports on th e U4 module. Th is process, along with comp lete install ation instructions, is detailed in the Hardware

Installation chapter.

This module is also equipped with four NT1 Status LEDs to indicate the status of each of the ports. Refer to the LED Indicators chapte r for further info rm a t i on .

50 CyberSWITCH

OFTWARE OVERVIEW

OVERVIEW

The Cybe rS W I TC H so ft wa r e pro v ide s :

• system so f tware for the CyberSWITCH, LAN and WAN interfac e s, and admini stration function s

• system files containing configuration and operational information

This chapter provides an overview for each of the above software categories.

SYSTEM SOFTWARE

Included with each CyberSWITCH is a CD containing upgrade software and utility software. (Note that initial system software is factory-installed). The following system software files are available on the CD:

upgrade.osw

All the system files needed for upgrading the CyberSWITCH are combined in this file.

defltcfg.osw

All of the system files needed to return your system configuration to the factory default are combined in this file.

SYSTEM FILES

The CyberSWITCH uses a flash file system (instead of a hard disk) and a two-stage boot de vice to initialize the platform and download the system software. The flash file system basically performs the same as a ha rd d isk, b ut it ha s n o dr ive l et ter . Just as on a har d disk, t he f lash fi le has dir ect ories with files.

CONFIGURATION FILES

The configuration files store the configuration da ta. These fi les are located in the system’s \config directory. You can maintain these files by using the CFGEDIT configuration utility,

which is delivered with the system. You can also make changes to these files through Manage Mode.

The configuration files associated with the system are:

network.nei

This configuration file contains info rma tion about the switched netw ork.

devdb.nei

This file contains the On-node Device Database configuration information about each remote device.

USER’S GUIDE

node.nei

This configuration file contains node -spec if ic informat ion like resou rce s, lines, Cybe rSW ITC H operating mode and security options, along with the Throughput Monitor Configuration information. If enabled, SNMP configuration information is also in this file.

lan.nei

This file contains configuration information used when the bridge is enabled. This file also contains information for the Spann ing Tr e e protoco l used for the bridge. Information from this file is configured and used only when the bridge is enabled.

ip.nei

This file contains configuratio n info rma tion used when th e IP routing is enable d. This file also contains information regarding network interfaces, RIP, and static routes. Information from this file is configured and used only when the IP routing is enabled.

ipx.nei

This file contains configuration information used when the IPX routing is enabled. This file also contains information regarding network interfaces, RIP, and static routes. Information from this file is configured and used only when the IPX routing is enabled.

filter.nei

This file contains all filter configuration information (bridge, hardware, and IP). This file is new to Release 7.2 software, but is compatible with previous software versions, which contained filter information in the lan.nei and/or ip.nei files. With Release 7.2 configuration changes and configuration file updates, this filter information will be moved to filter.nei.

atalk.nei

This file contains configuration information used when AppleTalk Routing is enabled. This file also contains information regarding ports and static routes. Information from this file is configured and used only when the AppleTalk routing is enabled.

sdconf.rec

This is not a system file; it is a configuration file delivered on the ACE Server. However, you may

TFTP th i s file to the sy st e m’s \config directory as an alternate method of providing the system with ACE Server configurat ion inf ormat ion.

OPERATIONAL FILES

While the Cyb e rSWITCH is running, it col lects system statistics and logs system messages. The system maintains these statistics and messages in two separate memory-resident tables. The ten most recent versions of each table are available on the system disk.

You can re t ri eve and vie w the curren t me m o ry - r e sident tab le s a t an y time by using the fo ll o w i ng console commands:

dr ds

You can write the tables to disk by using the following commands:

wr ws

This command will display system messages. This comma nd will display system statistics.

This command will write the current system messages to disk. This command will write the current system statistics to disk.

Note: When the system is shut down, the tables are automatically written to disk.

52 CyberSWITCH

The system stores the tables in ASCII format files on the System disk. When the system writes system messages to disk, it stores them in the followin g location:

Directory: \log File Name: rprt_log.nn

Where “nn” is an integer that is incr ement ed e ach time a new file is written.

When the system writes system stati stics to disk, it stores them in the following locations:

Directory: \log File Name: stat_log.nn Where “nn” is an integer that is incr ement ed e ach time a new file is written.

USER LEVEL SECURITY FILES

As administrator, you may create a welcome banner file as well as a message-of-the-day file to display at login with user level security. Neither file should exceed the limits of 80 characters in width and 21 lines in length, and must reside in the \config directory. The creation of these fi l es is option al; if you choose to use th e m, create the files, and TFTP th e m to th e Cy b e rSWITCH.

OFTWARE OVERVIEW

System Files

welcome.nei

This file co ntain s the text of the admini strat or-defi ned wel come banner. It is displ ayed whe n a user initiates a network login.

motd.nei

This file contains the text for t he administrator-defined message of the day. It is di splayed when the user is validated after log-in.

Workgroup Remote Access Switch 53

YSTEM INSTALLATION

We include the followin g chap ter s in this segment of the User’s Guide:

• Ordering ISDN Servic e

Provides guidelines for ordering ISDN service in the United States.

• Hardware Installation

Step-by-step instructions for installing hardware components.

• Accessing the CyberSWITCH

Provides a description of the possible ways to access the CyberSWITCH (for diagnostic purposes, or for software upgrade).

• Upgrading S ystem Software

A description of the software upgrade process.

Workgroup Remote Access Switch 55

RDERING

ISDN S

ERVICE

(US O

NLY

OVERVIEW

This chapter was designed to be a guideline f or orderin g ISDN serv ice in the United Stat es.

For BRI ISDN Service: If you are using NI-1 lines, try using EZ-ISDN Code s to order BRI service. If your s ervi ce provi der does not support EZ-ISDN Codes , try using the NI-1 ISDN Order ing Code s .

If your ser vice prov iders do es not su pport ei ther type s of codes , or, if you are usin g a non-NI-1 l ine, refer to Ordering BRI ISDN Lines using Provisioning Information.

For PRI ISDN Service: If you are using PRI lines, refer to Ordering PRI ISDN Lines.

ORDERING NI-1 LINES USING EZ-ISDN CODES

If you are using a NI-1 switch type and your service provider supports EZ-ISDN codes, we recommend using the EZ-ISDN 1 code. EZ-ISDN 1 provid es alternate circuit-switched voice/data on both B-Channels. There is a CSV/D terminal associated with each of the B-channels.

)

The B-channels will be given a unique primary directory number capable of making/receiving one circuit-switched voice or circuit-switched data call. Additionally, calling line Id is also supported.

ORDERING NI-1 LINES USING NI-1 ISDN ORDERING CODES

If you are using a NI-1 switch type and your service provider supports ordering codes, we recommend NI-1 ISDN Capability Package I. This package includes circuit-switched data on two B channels. Data capabilities include Calling Line Id. No voice capabilities are provided. The lack of voice feature may save you money. However, package K or M will also work.

ORDERING BRI ISDN LINES USING PROVISIONING SETTINGS

If your service provider does not su p por t EZ- IS DN or ISDN Ordering Co de s , or you a re u sin g a non-NI-1 line, use this section when ordering your BRI ISDN line.

When the phone company installs the line, they assign it certai n characteristi cs. These are differ ent

depending on the type of ISDN switch to which the line is attached. AT&T’s 5ESS NI-1 and Northern Telecom’s DMS100 NI-1 are among the most popular.

When ordering an ISDN line, there are general steps to follow that apply to all types, and there are steps specific to your line type. The general steps to follow are:

1. Contact your service provider to determine the type of available switch.

2. Ask your service provider for the available types of ISDN services.

RDERING

Ordering BRI ISDN Lines using Provisioning Settings

ISDN S

ERVICE

(US O

NLY

If the AT&T 5ESS switch type is available, the ISDN services available will be one of the following:

•NI-1

• Custom Poi nt-to-Point

If Northern Telecom DMS-100 switch type is available, the ISDN services available will be one of the following:

•NI-1

• DMS-100 Custom

3. Ref e r to se ction in this document t hat applies to your se rvice type.

4. Order your ISDN service. If available, ask for two telephone numbers and two SPIDs for your ISDN line.

5. If necessary, provide your service provider with the appropriate provisioning settings in this document.

6. After installation, make sure you have the following information:

• switch type

• telephone numbers

• SPIDs

)

The following sections provide provisioning settings for your specific service type.

PROVISIONING SETTINGS FOR AT&T 5ESS SWITCHES

The ISDN services supported by AT&T 5ESS switches are as follows (in order of preference of usage):

1. NI-1

2. AT&T Cus tom Point-to- Point

The sections below provide t he settings f or each 5 ESS servic e type. Note t hat your service provider may not be able to of f e r all of the fe atu res listed.

Workgroup Remote Access Switch 57

USER’S GUIDE

AT&T 5ESS NI-1 SERVICE

Note that some of the elements below are set per directory number. With NI-1 Se rvice, you will typica l ly ha ve two direc to ry numbe r s.

AT&T #5ESS NI-1 Service

Prov isioning E l e ment Setting

Term Typ e A

CSV 1

CSV ACO unrestricted

CSV limit 2

CSV NB limit 1

CSD 1

CSD ACO unrestricted

CSD limit 2

CSD NB limit 1

EKTS no

ACO yes

58 CyberSWITCH

AT&T 5ESS CUSTOM POINT-TO-POINT SERVICE

Note that some of the elements below are set per directory number. With Custom Point-t o- Point Service, you will have two directory numbers.

AT&T Custom Point-to-Point Service

Prov isioning E l e ment Setting

Term Typ e E

CA 1

CA quantity 1

CSV 0 CSV CHL no CSV limit 2

CSD 2

RDERING

ISDN S

ERVICE

(US O

NLY

Ordering BRI ISDN Lines using Provisioning Settings

)

CSD CHL any

CSD limit 2

DSL CLS PP

Workgroup Remote Access Switch 59

USER’S GUIDE

PROVISION SETTINGS FOR NORTHERN TELECOM DMS-100 SWITCHES

The ISDN services supported by Northern Tele com DMS-100 swit ches are as follows (in order of preference of usage):

1. NI-1

2. Custom Service

The sections below provide the settings for each DMS-100 service type. Note that your service provider may not be able to of f e r all of the features listed .

ORTHERN TELECOM DMS100 NI-1 SERVICE

Note that you mu st set eith e r EKTS or ACO to yes. You may not set both of them to yes.

Northern Telecom DMS100 NI-1 Service

Provisioning Element Setting

signaling functional

PVC 2

TEI assignment dynamic

maxkeys 3 is preferable

1-64 is acceptable

release key no

ringing indicator no

EKTS no ACO yes

number of call

appearances

notification busy limit 1

LCC ISDNKSET

number may vary depending

(always one less than number

2 is standard

on voice features ordered

of call appearances)

60 CyberSWITCH

NORTHERN TELECOM DM S100 CUSTOM SERVICE

Note that you mu st set eith e r EKTS or ACO to yes. You may not set both of them to yes.

Northern Tel ecom DMS100 Custom Service

Provisioning Element Setting

signaling functional

PVC 1

TEI assignment dynamic

maxkeys 3 is preferable

release key no

ringing indicator no

EKTS no

RDERING

Ordering BRI ISDN Lines using Provisioning Settings

ISDN S

ERVICE

(US O

NLY

1-64 is acceptable

)

ACO yes

number of call

appearances

LCC ISDNKSET

version functional

CS yes

PS no

BASIC INFORMATION FOR ORDERING PRI ISDN LINES

ISDN Primary Rate is a communications se rvice that allows the system to make up to 23 connections over a sin gle line. It uses a 4-wir e T1 line that carries 24 chann els, each providing 64000 bps bandwidth. The service uses channels 1 to 23 as bearer (B) chan nels to carry connections between two systems. The 24th channel is used for signaling information (the data link).

The customer should request the following options for a Pri mary Rate Line that is connected directly to a Cyb e rSWITCH:

• B8ZS encoding

• ESF framing

• all channels should be Circuit Switched Data

• Hunt Group (if desired)

• call bandwidth su pported (56Kbps, 64Kbps, and/or 384Kbps)

• CLID (calling line Id); usually there is no charge for this

In order to connect to the Primary Rate line, the customer needs a Channel Service Unit (CSU), which is now integrated into the CyberSWITCH. If the line is provided by a LEC or IXC, the CSU is required by the phone company to protect the phone network from any problems with customer

Workgroup Remote Access Switch 61

USER’S GUIDE

premise equipment. At the time that the line is ordered, the customer may be asked for the FCC registration number for the CyberSWITCH that is being used.

The cabling between the wall jack and the CyberSWITCH is very important, an d is also where most problems occur. The system’s PRI RJ-45 adapter uses the internati on al standard of pins 3, 4, 5, and 6 for transmit and recei ve. Most T1 lines in the United States use the traditional 1, 2, 4, and 5 pins. We provide an RJ-45 to RJ-45 Adapter that will co nv e rt between the two wiring systems. When the line is installed, the customer must ask the phone company the following questions:

1. What are the phone numbers for the line? (There may be more than one.)

2. Do I need to use any prefix when I dial? (For example, “9” for a Centrex line.)

3. What type of switch is the line connected to?

4. For #4 ES S , what relea se of so f t wa r e is ru n ni ng on the switch?

5. What is the decibel attenuation value for the line?

When the phone company installs the line, they assign it certain characteristics (sometimes called translations). These are different depending on the type of ISDN switch to which the line is attached. The customer must know what type of switch is being used.

The following table provides correct settings for important configuration options.

Option Local Be ll Operating Company AT&T

Network

Type of Switch #5ESS DM S100 #4ESS DMS250

Encoding B8ZS B8ZS B8ZS B8ZS

Framing ESF ESF ESF ESF Network

Facilities

Echo

Cancellation

NA NA SDS or

Call-By-Call

NA NA NA OFF

U.S. Sprint &

MCI

(Disabled)

62 CyberSWITCH

ARDWARE INSTALLATION

PRE-INSTALLATION REQUIREMENTS

Before you begin the installation process, be sure to:

• Choose a suitable setup location

Make sure the location is dry, ventilated, dust free, static free, and free from corrosive chemicals

• Verify system power requirements

Voltage Range Current and Frequency

85-264 V .6 A

The appropriate standard power cord is supplied with the system. The power supply will accept any input voltage from 85 to 264 volts without the need to select a voltage range.

• Verify cabling requir ements

The cabling shipped with your system should include:

• BRI/PRI/LAN patch cables, 5 meters each.

• RS232 cable, 1.8 meters. This is for the console por t. This cable is a 9-pin female to 9-pin female nu ll mo dem cable. Jack screw s are inclu de d .

47-63 Hz

Note: The BRI/PRI/LAN cables are straight-through CAT5 patch cables. The quantity

shipped varies, based on device requirements. These cables are not distinguished from each other in the carton.

We provide a cable for the 10Base-T port since it is typically used for the LAN connection. However, if you plan to use the A UI port instead, you must provide your own cabling a nd MAU for this connection. If you need additional cabling (other than what was shipped), contact you r distributor.

• Verify administration console requirements

In order to install system software, you must have a PC or workstation available. (One is not provid e d with the system.) This PC or workstation will connec t u p t o the system via the RS232 port. You will also need a communications package that supports terminal emulation software (in order to tra nsfer softwa re to the system).

For details on software installation, refer to the Software Installation chapter.

USER’S GUIDE

INSTALLING THE CSX1200-E11-MOD

The CSX1200-E11-MOD (E11) is an internal 11 port Ethernet hub option card for the CSX1200 family. The CSX1200-E11-MOD can be insta lled in the BRI (1201, 1204) and PRI (1223) CSX1200 models.

To help eliminate any potential problems during or after installation, please be sure to read and understand all instruct ions in this section and in the releas e not es suppl ie d with the E11 .

Only qualified personnel should pe rform installation procedures.

CAUTION

To avoid damage due to static discharge, use the anti static wrist strap supplied with the E11 and observ e all antistati c precautions du ring this proce dure. Failure to do so could result in damage to the CSX1200, E11, or both.

The E11 can be installed in either of the two slots at the top, rear of the CSX1200 chassis. To install the E11:

1. Power down the CSX1200 .

2. Attach one end of the anti static wrist strap to your wrist and the other end to an approved electrical ground.

3. Unpa ck the E11 care fully , first re moving it from the sh ipping box , then remov ing its pr otecti ve bag. Do not cut the bag, this co uld damage the modu le. If there are an y signs of damage , contact Cabletron Support.

4. Remove the CSX1200’s cover plate.

5. Holdin g the si des of the E1 1, ali gn th e E11 wit h the gui de rai ls on th e chas sis, as show n below . Ensure that the port numbers on the E11 faceplate are aligned correctly.

6. Slide the E11 into the chassis until it is completely seated. Be sure the E11 slides in straight.

7. Secure the E11 to the chassis by tightening the E11 faceplate screws.

64 CyberSWITCH

S L O

10Base-T

T 4 S

L O T

CONSOLE

9 8 7 11 10

AIS LOF

RAI LOS

6 5 4 3 2 1

SLOT 1

SLOT 2

AUI

INSTALLING THE CSX1200-U4-MOD

The CSX1200-U4-MOD (U4) is a U-interface option card for the CSX1200 family. The CSX1200-U4MOD can be installed in the BRI (1201, 1204) CSX1200 models.

To help eliminate any potential problems during or after installation, please be sure to read and understand all instruct ions in this section and in the releas e not es suppl ie d with the U4.

Only qualified personnel should pe rform installation procedures.

ARDWARE INSTALLATION

Installing the CSX1200-U4-MOD

CAUTION

To avoid damage due to static discharge, use the anti static wrist strap supplied with the U4 and observe all antistatic prec autions during this procedure . Failure to do so could result in damage to the CSX1200, U4, or both.

The U4 can be installed in either of the two slots at the top, rear of the CSX1200 chassis. To install the U4:

1. Power down the CSX1200 .

2. Attach one end of the anti static wrist strap to your wrist and the other end to an approved electrical ground.

3. Unpack the U4 carefully, first removing it from the shipping box, then removing its protective bag. Do not cut the bag, as this could damage the module. If there are any signs of damage, contact Cabletron Support.

4. Remove the CSX1200’s cover plate.

5. Holding the sides of the U4, align the U4 wit h the guide rails on the chassis, as shown bel ow. Ensure that the port numbers on the U4 faceplate are aligned correctly.

6. Slide the U4 into the chassis until it is completely seate d. Be sure the U4 slide s in straigh t.

7. Secure the U4 to the chassis by tighten ing the U4 faceplate screws.

S L

T 4 S

10Base-T

T 3

CONSOLE

S/T U S/T U S/T U S/T U

1234

SLOT 2

AUI

Workgroup Remote Access Switch 65

USER’S GUIDE

CABLING

Note that the modul e consists of f our pairs of numbered RJ45 ports; you must properly connect th e CSX1200 BRI ports to the corresponding U4 S/T interface ports of eac h pair on the module. We provide four 6-inch, category 5, twisted-pair cables (with RJ45 connec tors) for this purpose:

1. Using the twisted-pair cables, connect BRI port 1 to the S/T interface port labelled number 1, BRI port 2 to S/T interface port number 2, and so on. The module then converts the S/T interface to a U interface for each pair o f ports.

2. Next , use the category 5 straight- through interface cables (with RJ 45 connectors) to link the U-

port in each pair to the service provider’s ISDN jack.

Note: For network safety , use on ly 26A WG or h eavie r ( i.e. , a low er n umer ica l val ue) c abl e for all

TELEPHONE

SWITCH

CSX1200 and U4 interfaces.

S L O T

10Base-T

4 S

L O T

CONSOLE

ST ST ST STUU UU

1234

SLOT 1

SLOT 2

AUI

66 CyberSWITCH

CCESSING THE CYBER

OVERVIEW

This chapter describes acc essing yo ur Cyber SWIT CH , w hich includes:

• making proper connections

• establishing an administration session

• powering on the system

• accessing Release Notes

MAKING CONNECTIONS

There are a numbe r of way s to make a connec tion to the system, which inclu de:

• direct connection using a termi nal

• null-modem conne ction using a null- modem cable and a PC

• remote connection us ing Telnet

• remote connection using mod ems and a remote PC

All connections but the Telnet connection use the serial port (labeled COMMPORT or Console) on the back of the sy stem. The Telnet connection is made through the syste m’s ISDN line .

SWITCH

DIRECT CONNECTION

This is t he simp lest co nnecti on; you merel y connec t up an A SCII ter minal to the Co nsole por t. Ho wever, thi s method can only b e used to configu re or man age the sy stem. To install or upgrad e system software, you must use the null-modem connection.

NULL-MODEM CONNECTION TO A PC

To inst all or u p gr ade system softwa re , you must use a PC or workstation to connect to the syste m. Since the CyberSWITCH does not have a CD-ROM drive, you mus t upgrade or i nstal l the software through an attached PC, UNIX workstation, or any device that meets the following req u irements:

• provides an RS232 terminal program

• has X-Modem communications capability (required for software upgrade only)

• has ASCII transfer capability (required for SSB recovery)

Any computer or terminal that meets these requirements and connects to the administrat ion port on the syste m can op e rate as an administration console.

USER’S GUIDE

Using the provided RS232 null modem cable, attach an administrati on console to the system. The administrat ion port is a 9-pin, male RS232 serial adapt er as shown below:

Connect one e nd of a null modem cabl e to the console po rt on the CyberSWI TCH, and the other end to the communication port on the PC. On the PC you must then execute a communication package to emulat e a terminal (VT100). Your communication package should support file transfer (Xmodem a nd ASCII) for software upgrades and install a tions.

BRI (Termination switches behind plate; see diagram

AUI

CAUTION

FOR CONTINUED PROTECTION AGAINST RISK OF FIRE, REPLACE ONLY WITH SAME TYPE AND RATING OF FUSE.

10Base-T

RS232 Adapter

CONSOLE

INPUT

85-250V 47-63 - 1.6A MAX

FUSE TYPE: IEC 127/ III RATED F1.6AL-250V

Use the following default values for your communication package:

Baud rate 9600 Parity None Data b its 8 Stop bits 1 Duplex Full

HANGING THE BAUD RATE

The baud rat e is change able. The d efault r ate perfor ms well for config uration ch anges. A faster rate is useful, however, to download new software upgrades to your system.

To change the b aud rate through CFGEDIT:

1. Select Physical Re sources from the main menu.

2. Select Data Line from the physical resources menu.

3. Follow the instructions to make ch anges to the ASYNCMDM.

4. When asked, enter the baud rate you w ant to use.

5. Step through the remaining parameters. The last entry will ask you if you would like to save your cha n ges. Answer yes.

6. To make the new baud rate eff e ctive, restart the system (with the

7. Change the communications package you are using to the same baud rate.

68 CyberSWITCH

restart

command).

REMOTE CONNECTION USING TELNET

You can access the CyberSWITCH with Telnet. To do this, you must use Telnet client software.The CyberSWITCH has default IP addresses configured to allow Telnet access. The default LA N IP

address is 1.1.1.1. To access the CyberSWITCH you must set the device’s IP address to be on the same subnet as th e CyberSWITCH. We r ecom mend that you use 1.1 .1. 2 and do thi s on a LAN that is not connected to the internet. Then place the CyberSWITCH on the LAN and Telnet to the address.

This default address allows immediate access to the system for installation purposes. Be sure to change this I P address as soon as possible to one on your local subnet.

Note: Do NOT place more than o ne Cyber SWIT CH on a LA N wi th the d efau lt set tin g. W ith b oth

having the same IP address, unpredictable results will occur.

You may also Telnet in via the WAN connection. The general procedures are:

1. Connect the system to the ( WA N) ISDN line.

2. From a remote device that supports unnumbered IP connections, dial in as a PPP CHAP device USER1 (USER1 as sec ret). Provide Telnet with the CyberSWITCH address.

CCESSING THE CYBER

Making Connections

SWITCH

3. From a remote device only supporting numbered IP connections, set up an IP Address 2.2.2. 3 and have it dial as a PPP CHAP device USER2 (USER2 as secret). Provide Telnet with the CyberSWITCH address of 2.2.2.2.

After you make a Telnet connection, you will be present ed with a login prom p t. Proceed to

Establishing an Administrative Session.

For more information on Telnet, refer to the Remote Management chapter.

REMOTE CONNECTION USING A MODEM

In order to establish an administration session via an analog line, you must have a preconfigured modem for attachment to the CyberSWITCH. Note that the modem is NOT configurable through the CyberSWITCH! The modem must be configured to a b aud rate that is ei ther equal to or l e ss than that of the Cyb e rSWITCH.

Once the modem is properly configured, attach it to the seri al port of the CyberSWITCH. You may now access the CyberSWITCH through a remote PC and modem by dialing int o the modem attached to the CyberSWITCH. Note that the CyberSWITCH supports dual usage of its serial port for either async-PPP data transfer or administration console management. Async-PPP data transfer (through autosense mode) is the default.

To establ ish an admi nistrati on cons ole sess ion from t he remot e site, th e remote us er must ty pe four carria ge returns within five s e conds of call connecti on. Refer to Resources and the background information for the COMMPOR T for additional information. Refer to C onfigur ing Cha ng es for a

COMMPORT Resou rce to change de f a u l t s.

Workgroup Remote Access Switch 69

USER’S GUIDE

ESTABLISHING AN ADMINISTR ATION SESSION

If a login prompt is displayed after the power-on initialization, the system software was preinstalled. Comp l e te the login:

1. The login controls which class of commands the user can access. Each access level (guest or administrator) is protected by a u nique login password. This allows managers to assign different responsibility levels to their system users. Enter the following login:

admin

Note: When using off-node authentication, administration ac ce ss level actually supports up to

101 different login names, from admin and ad mi n0 0 to admin99. These different login names must be configured on the off-node server in order to function properly. For local a dminist rati on acces s, onl y the guest and the singular admin login access levels are valid.

2. All preinstalled systems are preco nfigur ed with the same password. Thi s is the password that is used the first time a login occurs. Using all lowercase letters, enter the preconfigured password as shown be l ow:

admin

3. It is recommended that the preconfigured password be changed to a user-defined password. To do this, e nter the following command at the system prompt:

pswd

Follow the prompts to c hange the current password. A password must be a 3 to 16 nonblank character string. Passwords are uppercase and lowercase sens it i ve.

Note: User-level security is not available at time of initial installation and configuration.

If a DOS pr ompt is di spla yed after the power-on initialization, the software has not been preinstalled. You must first boot up with diskette #1 before continuing:

1. Insert software diskette #1 into the system dis kette drive.

2. Reboot the CyberSWITCH.

At this point, if you need to install new or upgraded software, refer to the Upgrading System Software chapter. I f s oft ware has be en pr eins tall ed by yo ur di stri butor , s kip to Configuration Tools chapter to begin the configuration process.

POWERING ON

However, once this option is configured, you will have additional security steps before establi shing an administrative session. Refe r to Responding to LOGIN Prompts in the Configuring Security Level chapter for more information.

1. Ensure that the POWER-ON button is in the OFF posi tion for both th e administrati on console and the Cyb erS WITCH.

2. Ensure tha t the admi nistr ati on c onsole is pro perl y co nnec ted to th e admi ni strat io n port o n the CyberSWITCH (an RS232 cable attached to each machine through the RS232 serial adapters).

70 CyberSWITCH

CCESSING THE CYBER

SWITCH

Powering On

3. Plug the syst em’s pow er cor d into a grou nded ele ctrical outle t. An ap propri ate sta ndard p ower cord is supplied with the system for y o u r sp ecific country.

4. Turn on the administration console, and execute the communications pr ogram so that your terminal emulator ac cesses the RS232 port connected to the system.

5. Turn on the system by pressin g the POWER-ON switch located on the back of the machine. The power light emitting diode (LED) on the front panel confirms the power supply is functioning properly.

6. During power-on initialization, the First Stage Boot (FSB) displays a brief inventory of the system. The FSB then writes the following message to the administration console:

Waiting for Commands:

During initial installation, no commands need to be entered at this point. Once this message is displayed, the system waits 10 seconds before proceeding with the Second Stage Boot (stored in flash memory ). If th is me ssag e is not displ a yed, and th e Serv ice LE D is blink ing, refe r to t he

LED Indicators chapter f or in st ru c tions.

7. When the Second Stage Boot (SSB) begins executing, it performs a series of diagnostic tests called the power-on self tests (POSTs). Nothing is displayed while these tests are running unless a failure is detected. In the unlikely event of a failure, messages are displayed on the console screen. Immedi ately after the POSTs have be e n c ompleted, a summary of available resources and syste m info rma tion is displa yed sim ilar to the follow ing:

SSB Ver: 001.003.001 4 MBytes DRAM Detected. 3 MBytes Flash Detected. 512 KBytes I/O DRAM Detected. 512 KBytes BUF DRAM Detected.

If no First Stage Boot commands were e ntered, and valid system softwar e is detected, the Second Stage Boot begins to load the system software. Dots (...) are displayed to indicate progres s. The displ a y will look like th e following:

Booting System Software...............

Successfully Loaded Release 7.1 Issue 8

8. Log-in and password p rom pts will be displ ayed after completion of power-on initializa tion (approximately 15 sec on ds after the “Booting System Softw are” message):

Administration session active Enter login id:

The log-in for the system controls which class of commands users can access. A unique log-in password protects each access level (“guest” or “administrator”). This lets managers ass ign different responsibi lity leve ls to system users. Enter the follow ing login:

admin

9. Follow the prompts to enter a new password. A password must be a 3 to 16 character string without b lanks. Password s are case sensi tive. If your software was pr eviously acce ssed by your distributor, your passwor d will be adm in (in lower case).

Workgroup Remote Access Switch 71

USER’S GUIDE

ACCESSING THE RELEASE NOTES

The Rele ase Not es provide release highlights and important information related to this release that

should be re viewed befor e you b e gin the system’s installation and confi guration.

The Release Notes are located on CD, and they ar e also locat e d on the system’s FLASH file system.

The Release N ote s on C D are loc ate d in th e RE L_NOTE. TXT fil e. This fi le i s a D OS te xt fi le yo u can read on a DOS mach i ne. Insert the CD int o the drive, change to the proper directory, and en ter the following command at the DOS prompt:

[CD-ROM drive]:\[platform di rectory][ISDN standard directory][option directory]> type REL_NOTE.TXT | more

For example, if your CD-ROM is designat ed a s drive D, the platform you are installing is a CSX1200, you are using US ISDN standards, and have purchased the IPX option, you would use the following path:

D:\CSX1200\US\IP X> type REL_NOTE.TXT | more

The release notes located on the system’s FLASH file system are also in a file called REL_NOTE.TXT. To display the release notes on the system, enter the following command at the system prompt:

[product name]> LIST REL_NOTE.TXT

72 CyberSWITCH

PGRADING SYSTEM SOFTWARE

OVERVIEW

This chapter describes how to install system software onto the CyberSWITCH. Instructions are included for the following actions:

• upg r ading sy st e m s of t wa re

• changing def a u lts to secure sy stem

• returning configuration to factory defaults

• accessing Release Notes

The following sections provide instructions to help you complete each of these actions.

UPGRADING SOFTWARE

An upgrade o f sys tem soft ware ma y involve the upg rade of two co mponents: the second stage boot (SSB) and the operational software (OSW). For most upgrades, if you have a working SSB, you will only need to upgrade the OSW. If the new OSW requires an upgraded SSB, you will be alerted in the Release Notes.

The Cy b e rS WITCH of fe rs two di ffe rent me tho ds of upg ra de—loc a l and remote.

• To perform a local upgrade refer to the section titled Local Software Upgrade. (A local upgrade is performed via the administration console attached to the system’s RS23 2 port) .

• To perform a remote upgrade refer to the section titled Remote Software Upgrade . (A remote upgrade is performed over the network using Telnet and TFTP).

For countries other than Japan, upgrade files are located on the CSX1200 CD. Refer to t he immediately following section for CD file structure information.

For Japan, refer to th e CSX1200 CD for documentation only . Note that Japanese upgra de files ar e provided on diskettes. Keep this in mind while reading through the following file structure and upgrade in structions.

CD FILE STRUCTURE

The CSX1200 CD contains installation, user documentation and upgrade files. The CD file structure is as follows:

Directory Contents <ROOT>\ installation progr am file s (SET UP. *) \CSXDOCS\ CSX1200 user documentation an d Acrobat reader \product name\country or switch-

type\protocol or access package

UPGRADE.OSW, DEFLTCFG.OSW, RECOVER1, RECOVER2, REL_NOTE.TXT

USER’S GUIDE

For system upgrade, you will need to follow a specific upgrade path (\product name\country or switchtype\protocol or access package). This path not only depends upon product, but also the ISDN

Standard you will be using, the software options you have purchased, and in many cases, the switch type. For example:

• If you are installing a CSX1223 in a geographical area that uses US ISDN standards, and you have purchased the IP/IPX software option, use the files found in the \CSX1 223\US\ipipx di- rectory.

• If you are installing a CSX1204 using a NET3 international switch, and have purchased the IP, IPX, AppleTalk and Frame Relay options, use the files found in the \CSX1204\intnet3\ipipx- at.fr dir e ct or y.

The following chart lists possible upgrade path directories. For more information on the switches supported for your country , refer to the table in the System Overview.

Product Country or

Switchtype

CSX1201 USA csx1201 \us\ipipx

CSX1201 NET3 csx1201\intnet3\ipipx

CSX1201 1TR6 csx1201\int1tr6\ipip x

Directories

\ipipx.fr

\ipipx.x25

\ipipxat

\ipipxat.fr

\ipipxat.pkt

\ipipx.pkt

\ipipxat.x25

\ipipx.fr

\ipipx.x25

\ipipxat

\ipipxat.fr

\ipipxat.pkt

\ipipx.pkt

\ipipxat.x25

\ipipx.fr

\ipipx.x25

\ipipxat

\ipipxat.fr

\ipipxat.pkt

\ipipx.pkt

\ipipxat.x25

74 CyberSWITCH

CSX1201 TS013 csx1201\intts013\ipipx

\ipipx.fr

\ipipx.x25

\ipipxat

\ipipxat.fr

\ipipxat.pkt

\ipipx.pkt

\ipipxat.x25

PGRADING SYSTEM SOFTWARE

CSX1204 USA csx1204\us\ipipx

\ipipx.fr

\ipipx.x25

\ipipxat

\ipipxat.fr

\ipipxat.pkt

\ipipx.pkt

\ipipxat.x25

CSX1204 NET3 csx1204\intnet3\ipipx

\ipipx.fr

\ipipx.x25

\ipipxat

\ipipxat.fr

\ipipxat.pkt

\ipipx.pkt

\ipipxat.x25

CSX1204 1TR6 csx1204\int1tr6\ipip x

\ipipx.fr

\ipipx.x25

\ipipxat

\ipipxat.fr

\ipipxat.pkt

\ipipx.pkt

\ipipxat.x25

Upgrading Software

CSX1204 TS013 csx1204\intts013\ipipx

\ipipx.fr

\ipipx.x25

\ipipxat

\ipipxat.fr

\ipipxat.pkt

\ipipx.pkt

\ipipxat.x25

CSX1223 USA csx1223\us\ipipx

\ipipx.fr

\ipipx.x25

\ipipxat

\ipipxat.fr

\ipipxat.pkt

\ipipx.pkt

\ipipxat.x25

CSX1223 NET5 csx1223\intnet5\ipipx

\ipipx.fr

\ipipx.x25

\ipipxat

\ipipxat.fr

\ipipxat.pkt

\ipipx.pkt

\ipipxat.x25

Workgroup Remote Access Switch 75

USER’S GUIDE

If you choose to install this CD information onto your hard drive, it will be placed under the following base directory:

CSX1223 1TR6 csx1223\int1tr6\ipip x

\ipipx.fr

\ipipx.x25

\ipipxat

\ipipxat.fr

\ipipxat.pkt

\ipipx.pkt

\ipipxat.x25

CSX1223 TS014 csx1204\intts014\ipipx

\ipipx.fr

\ipipx.x25

\ipipxat

\ipipxat.fr

\ipipxat.pkt

\ipipx.pkt

\ipipxat.x25

([drive]:\Program Files\Cabletron Systems, Inc.\)

Note that th e se f iles will be specif ic to the configuration opti ons you choose during installation.

LOCAL SOFTWARE UPGRADE

To perform a local upgrade, use any valid local administration console as described in Making

Connections. Update the SSB first, if the Rele ase Notes indicate this is nece ssary, and then follow

with the update of the OSW.

OCAL UPGRADE OF THE SECOND STAGE BOOT (SSB)

1. Restart the CyberSWITCH.

2. When “Waiting for Commands:” appears on the system screen, enter the following command:

recover

3. Wait for the system to respond with the prompt “Ready for Hex Download”. Using your communications program:

• Select ASCII to be the protocol used for the file transfer. Note that your communications

program may use other terminology in place of “ASCII,” for example, some programs use “Send as a text file.”

• Change character spacing to “0”. (This may be c alled by another name in some

comm un ications packages. For e xa mple, som e pr ograms cal l i t cha r a cter pacing . )

• Set line spacing (or pacing) to “0”.

• Insert the CSX CD into the CD drive of your administration console.

• Enter the name of the file to be transferred, using the complete pathname. For example,

D:\CSX1204\US\IPIPX\RECOVER1.

4. You will receive a message if the upgrade completes successfully. The system will then automatically reboot.

76 CyberSWITCH

LOCAL UPGRADE OF THE OPERATIONAL SOFTWARE (OSW )

To locally upgrade the operational software (OSW) of your system, follow these steps:

1. Change the CyberSWIT CH system’s baud rate to be the faste st baud rate supported by yo u r

communications package (up to 115.2 Kbps). Use the change the b aud rate.

2. Login to th e Cy b e r S W ITCH as admin.

3. At the system prompt, enter the command:

flash update

This message i s disp layed:

>flash update

WARNING: You are about to restart the system. You should allow 30 seconds before a system restart occurs. Do you still wish to restart (Y or N)?

autobaud

PGRADING SYSTEM SOFTWARE

Upgrading Software

boot device command to

4. At this time you should press “Y” <RET>. After 30 seconds, you will see the startup messages.

5. When i t di sp lays the download message, “Ready for Xmodem Download,” return to your communication program and use the “XMODEM ” pr otocol for the software download.

6. Enter the name of the file that is to be downloaded, using the c omplete pathname. For example, D:\CSX1204\US\IPIPX\UPGRADE.OSW.

Note: Your terminal pr ogra m may d isplay a charac ter f or th e NAK contro l code, typ ically the

character “§“. This will be displayed every second until the download has started.

7. After the file has been downloaded, the sy stem will reboot automatically and load usi ng the new soft ware.

REMOTE SOFTWARE UPGRADE

Note: For security pu rp oses, we recommend that you dis a b le the TFTP Server after the upgrade

is complete.

The following remote upgrade procedure is supported for version 1.1.1 or newer of the Second Stage Boot (SSB), and softwar e release 1.2 or greater of the Operatio nal Software (OSW). If you are unsure of the version of software current ly running on your CyberSWITCH, issue the command to display this information.

ver

To remotely upgrade the system, you are required to have a PC/workstation that is connected to the system’s network. It must have the following features:

• ability to read CDs

• TELNET clien t

• TFTP client

Workgroup Remote Access Switch 77

USER’S GUIDE

To perform a remote upgrade, first upgrade to the latest SSB, if required, then upgrade the OSW. The Release Notes will indicate whether or not the SSB needs to be upgraded.

Note: If, during a re mote upg rade, th e compr essed file set cann ot be un compres sed i nto th e Flash

File System due to a lack of space, the compressed file set will not be deleted from the Flash File System and the previous version of the OSW will be booted. If the OSW determines there is a comp ressed file set (a file suf fix of .OSW) in the Flash File System, the n the following message is logged in the system log:

OSW, <OSWFileName>, found in the Flash File System. The OSW has not been

updated from this file due to insufficient Flash File System space. Please delete unnecessary files from the system.

It is possible that you will not have enough room in the \SYSTEM director y to TFTP th e upgrade file to the system. In this case:

• Delete all files in the directory except nex.bin and iop.bin.

•Issue a

flash reclaim

command to gai n th e lost sp ace ( t his wi ll d est ro y the backu p copy of your configuration, you will be unable to issue restore command unle ss you have sa v e d at least o ne se t o f changes) .

• If the upgrade still fails, delete the nex.bin and iop.bin and again reclaim the space. Your upgr ade shou ld now wor k. I MPORTANT: Do not re start th e CyberSW ITCH unti l the upgrade is complete.

If you are upgrading from a previous version of system software, the above message will not be display ed. In this ca se, the system con tinually restarts, att empting to ins tall the OSW package each time.

EMOTE UPGRADE OF THE SECOND STAGE BOOT (SSB)

WARNING:

If power is lost on the remote CyberSWITCH during this process, a local upgrade of the SSB may be necessary before the system can again functi on .

To remotely upgrade the SSB, follow these steps:

1. Telnet to the CyberSWITCH and login as admin.

2. Enable TFTP, the TFTP client, and th e TF TP se rver with admin access righ ts.

3. Using the TFTP client on the remote workstation, TFTP the recover1 file to the CyberSWITCH in binary mode. Be sure to use the file’s full pathname (for example: D:\CSX1204\US\IPIPX\RECOVER1). The exact method to transfer varies, depending upon your TFTP client.

4. At the system prompt, recover the SSB by issuing the following command:

flash recover

The system will ask you if you are sure you want to remotely recover the SSB, and warn you of the potential ri sk in case of a power failure while th e SSB i s being re covered. Answer “yes” to the prompt. The window of vulnerability ends after 5 or 10 seconds, when the system tells you that the SSB was su ccessfully recovered.

78 CyberSWITCH

5. After the recovery, delete the file by issuin g the co mma nd :

del \system\recover1

6. Recover lost space with the command:

flash reclaim

Console Messages during SSB Upgrade:

Message Suggested Action

can’t open recover file If you entered a filename after the flash reco ver

command, makes sure that the file exists on the system. If you did not enter a filename, make sure that \SYSTEM\RECOVER 1 exi sts on the system.

PGRADING SYSTEM SOFTWARE

Upgrading Software

not enough DRAM to create b in a ry i m a g e

Remove DRAM-greedy activities on the system, such as connec ti on s to ot he r de v ice s , co mpressio n, and authentica tio n . Reboot if n e cessary.

error in recovery file Make sure that the recover file that you are using is

correct. Delete, Recover, and reTFTP if necessary.

Unable to remotely recover SSB

Hardware failure in the boot device. Contact you r distributor immediately for a replacement.

successfully updated The SSB has been successfully updated.

EMOTE UPGRADE OF THE OPERATIONAL SOFTWARE (OSW)

To remotely upgrade the operational software, follow these steps:

1. From th e PC /workstation , Telnet to th e Cy b e rSWITCH and login as admi n.

2. Verify that the system is ready to receive TFTP upgrades:

• Enter MANAGE MODE by typing

manage

•Using the MANAGE MODE command

• TFTP feature is enabled

• TFTP server is enabled

• TFTP server is assigned ADMIN file access rights

•Using the MANAGE MODE command

• ADMIN has READ/WRIT E access to CONFIG fi les

• ADMIN has READ/WRITE acces s to OTHER files

• Exit MANAGE MODE by typing

exit

<RET> at the system prompt.

tftp

, verify that:

fileattr

, verify that:

<RET>.

3. Using the TFTP client on the remote workstation, TFTP the UPGRADE.OSW file to the CyberSWITCH in binary mode. Be sure to include the file’s full pathname (for example: D:\CSX1204\US\IPIPX\UPGRADE.OSW). The exact method to transfer varies, depending upon your TFTP client.

Note: If you experience a tr ansmiss ion timeou t, che ck the retr ansmiss ion set ting on t he TFTP

package. A retr ansmi s sion ra te of 10 se conds i s usual ly suffi cien t ; val ues l es s than t ha t may not work properly.

Workgroup Remote Access Switch 79

USER’S GUIDE

If you expe rience a problem transferring the file with TFTP, wait about three mi nutes for the TFTP to fail, delete the incomplete file, and try again.

4. Using Telnet, reboot the system by issuin g the command:

restart

It should take ap p r oximate l y 3 minute s fo r th e system to restart and install the upgrade.

5. Login via Telnet and type the correctl y. I f the upgrade did no t occu r, ch eck th e syst em lo g wit h the potential problems , and retry .

ver

command to confirm that the system software upgraded

CHANGE DEFAULTS TO SECURE SYSTEM

The system is preconfigured with defaults that were designed to make it possible to have your system up and running quickly. After your machine is functioning properly, some of these defaults shou ld b e changed to ma ke y our system more secure . The follo w i ng co nf i gu r a ti o n ch a nges are needed to provide this security:

command to find any

1. Either de l e te Us er1 and User2 or change their names and secrets.

Use Dynamic Management’s ma nage mode to carry out either of these f unctions. To enter the manage mode, type device s ( PPP dev ices) , si mpl y d ele te t hes e two de vi ces . At t he manag e m ode pro mpt, en te r the following command:

manage

at the system prompt. If you have no need for these types of

device delete

Follow the onscreen instructions for deleting each device.

To change the preconfigured devices’ names and secrets to secure the access to the system, enter the following command at the manage mode prompt:

device change

Follow the prompts to change the device name and secret for User1 and User2. After you have either deleted or changed the device information, make these changes permanent by entering the

commit

2. Disable TFTP Server.

Disable through Dynamic Management’s manage mode. This will secure important device information. Device information must be secure to prevent unauth orized access to the CyberSWITCH. To disable this access, enter the fol lowing command at the manage mode prompt:

command

tftp change

Then follow the onscreen instructions to disable the TFTP feature.

80 CyberSWITCH

3. Change the admin and guest system passwords.

If your system was previously accessed by your distributor, the preconfigured password will be admin (in lowe r cas e ) . Ch a nge this pa ss word to secure you r sy s t e m. To make th i s change, enter th e following command at the system prompt:

pswd

Then follow the prompts to enter a new password. Your password must be a 3 to 16 nonbl a nk character string. Be careful, passwords are uppercase and lowercase sensitive.

RETURN CONFIGURATION TO FACTORY DEFAULTS

The default configuration files are located on the CSX1200 CD. If you wish to return to the default configuration, download the DEFLTCFG.OSW file. Fol l ow th e sa m e steps for Local or Remote Upgrade except download the file DEFLTCFG.OSW instead of the UPGRADE.OSW file.

ACCESSING THE RELEASE NOTES

PGRADING SYSTEM SOFTWARE

Return Configuration to Factory Defaults

The Rele ase Not es provide release highlights and important information related to this release that

should be re viewed befor e you b e gin the system’s installation and confi guration.

The Release Notes are located on CD as well as on the system’s FLASH file system.

[CD-ROM drive]:\[platform di rectory][ISDN standard directory][option directory]> type REL_NOTE.TXT | more

For example, if your CD-ROM is designat ed a s drive D, you are installin g a CS X 1204, using US ISDN standa rds and the IP/IPX option, you would use the following p ath:

D:\CSX1204\US\IPI P X> ty pe REL_NOTE. TXT | more

Workgroup Remote Access Switch 81

ASIC CONFIGURATION

We define basic configuration as the configuration needed by most users. Basic configuration will get your system up and running. Note that not all configuration steps in this part are required. For example, if you are only using bridging, you will have no need to complete the configuration steps included in Configuring Basic IP Routing.

We inc l u de th e f ollowin g ch a p te rs in the Basic Configura tion segment of the User’ s Gu ide:

• Configuration Tools

A description of the configuration tools provided for configuring the CyberSWITCH.

• Configuring Lines and Resources

Instructions for con f iguring your system’s lines and resources.

• Configuring Basic Brid ging

Instructions for configuring your system’s basic bridging information. Basic bridging includes: enabling/disabling bridging and bridge dial-out.

• Configuring Basic IP Routin g

Instructions for configuring your system’s basic IP routing information. Basic IP routing includes enabling/disabling IP, IP operating mode, network interfaces, static routes, and enabling/disabling IP RIP.

ONFIGURATION TOOLS

OVERVIEW

We provide the following configuration tools to set up and/or alter your configuration:

• CFGEDIT, the configuratio n utility

• Manage Mode, the dynamic management utility

Your CyberSWITCH is shipped with a defau lt set of configuration files that are preinstalled. These configuration files provide basic functions which will allow you to perform initial installation tests with no additional conf iguration. Howe ver, once you perform these initial installation tests, you will need to customize your configuration to suit your needs.

CFGEDIT is the comprehensive utility you use to initially set up your system; you may use it later to make conf ig ur ati on c hang es as we ll. Ho weve r, CFGE DIT is NOT dy nami c . Th is me a ns yo u will have to interrupt normal system operations in order to update configuration files. (You may do so by either rebooting, or issuing the

Manage Mode provides a real-time management mechanism that allows you to change the config uration , withou t inte rrupti ng the curren t exec ution s tate of the s ystem so ftwa re. Bu t, beca use it is dynamic, Manage Mode does have its limitations. So, when making configuration changes, you usually ne e d to use a combination of both of these two tools.

restart

command).

You may onl y have one CFGED IT or Dyn amic Mana gement sessio n activ e at a ti me per s ystem. F or example, if a user is making changes directly to the system using Dynamic Management, and then a second person at a different location using Telnet attempts changes, access will be denied to the second person.

With two exceptions, it is possible to completely configure your system using CFGEDIT. The exceptions are:

1. TFTP configuration

2. file attributes configuration

These two elements can only be configured using Manage Mode.

CFGEDIT

CFGEDIT is a menu-driven utility. It consists of multiple, detailed submenus which allow you to set up or cha n ge co n f ig uration p a ra meters. T o be tter und erstand the st ru cture of CF G ED I T , re f e r to the CFGEDIT Map.

CFGEDIT allows you to configure your system while the system software is still executing. These configuration changes are saved in a temporary copy of configuration data. At a convenient time, you may then reboot the system to make these changes permanent.

EXECUTING CFGEDIT

After the system software has been loaded, you can start CFGEDIT by entering the following command at the system prompt as shown below:

[product name]>

cfgedit

USER’S GUIDE

As long as there is no other “change” session active (CFGEDIT or Manage Mode), access is granted, and the following menu is displayed:

Main Menu:

1) Physical Resources

2) Options

3) Security

4) Save Changes

Select function from above or <RET> to exit:

From this screen you will begin the configuration process. Refer to Basic Configuration and succeeding chapters for details on using this utility to perform specific configuration tasks.

Remember, changes to CFGEDIT are NOT dynamic. Changes are saved in a temporary copy of configuration data, and will not affec t the curren t operation of the sy stem in any way.

SAVING CFGEDIT CHANGES

To terminate the session, return to the main CF GED IT menu. If you have made changes, select option 4 (Save Changes) before exiting. If you attempt to exit without saving, you will be prompted to do one of the f ollowing:

• save changes (Y) and exit

• do not save changes (N) and exit

• do not save chan ges as yet, but return to the Main Menu for further configuration <RET>

To save change s a t th is point, an s wer Y for yes:

Save changes and exit (Y or N)? or press <RET> for previous menu:

The save p rocess also includes a ll unsaved Manage Mode ch a nges which were made prior to the CFGEDIT session, if any.

At your earliest possible convenience, restart the CyberSWITCH. This will then activate the new configuration data.

DYNAMIC MANAGE MENT

EXECUTING DYNAMIC MANAGEMENT

The Dynami c Manag emen t fea tur e prov i des a real -t i me man age ment me chan ism; al lo win g yo u to change th e system’s configuration wi thout interrupting the execution of the system software . This feature c onsi sts of con sole co mman ds that en abl e you to d isp lay cu rren t s ystem par amet e r, ch ange many parame te rs dynam ically, and write changes to d isk files so tha t they remain permanent.

Before using Dynamic Management commands, you must first enter the special Manage Mode by typing the following command at the system prompt:

>manage

84 CyberSWITCH

Once Manage Mode is entered, the pr ompt changes from [system name]> to [system name]: MANAGE>. Whil e opera ting i n Manag e Mode, only Dy namic Manageme nt co mmand s are ava ila ble.

All other system commands are ignored until you exit Manage Mode.

The <CTRL><C> key sequence will terminate the current command and return you to the MANAGE> prompt. This is useful if you are in the process of responding to a series of prompts and you wish to abort the command without responding to the remaining prompts .

Note: To use a command, you may enter the full command name as it appears in the HELP list,

or you may shorten the command to the point that it can still be distinguished from all other Dynamic Management commands.

UTILITY DYNAMIC MANAGEMENT COMMANDS

There a re several Manage Mode commands that are used for f unctions other than to conf igure the system. They are as follows:

cls

Clears the display screen. This command is also available as an administration command.

ONFIGURATION TOOLS

Dynamic Management

help

The Manage Mode help comma nd lists the available Dyna m ic Manage m ent comma nds an d instructs the user to enter the comman d f ollowed by a questi on mark to see hel p information for that specific command.

readme

Displays helpful tips on how to use the Dynamic Management commands.

SAVING DYNAMIC MANAGEMENT CHANGES

The Dynamic Management commands allow s ystem data to be ch a nged in real-time . These changes take effect immediately upon the execution of the command and remain in effect until the system is restarted. Once a software restart occurs, the changes are lost because the software reads its initial system data values from a series of configuration files.

To prevent desired data changes from being overwritten by the restart process, the command should be executed. This command writes the current system data to the appropriate disk files, thus making all changes pe rmanent, even if the system software is restarted.

The

commit status

using ea ch Dynamic Manageme nt command since the last

To return to the normal operating mode after y ou have committed your changes, issue the following command:

MANAGE>

command displays the number of dyna mic changes that have been made

exit

commit

was performed.

commit

Workgroup Remote Access Switch 85

USER’S GUIDE

DEFAULT CONFIGURAT ION

The default configuration files will allow IP access over both the LAN and the WAN interfaces. This will allow you to PING, TELNET and TFTP into the CyberSWITCH. For example, these defaults will allow you to TELNET into the system and log in. Once logged in, you may execute any of the console commands available.

Once you perform initial testing, you must set the proper IP addresses. Most of these defaults will be country-independent. As with any set of defaults, there may be specific cases where these are not correct and must be changed before th e units are connected to the networks.

Default Configuration Summary:

•Bridging Disabled

• IP Routing Enabled

• IP LAN Interface with IP address 1.1.1.1

• Device Level Security

•CHAP enabled

• USER1 configured as PPP device (USER1 as secret) UnNumbered IP

• USER2 configured as PPP device (USER2 as secret) IP address 002.002.002.003

• Single BRI line and resource configured on country- sp e cific b asis (for BRI platforms):

JAPAN: Point-Multipoint Automatic TEI

Switch type: NTT INS

EUROPE: Point-Mul tipoint Automatic TEI

Switch type: NET3 (default country code: Norway)

U.S.: Point-to-point lines

BRI_5ESS

• Single PRI line and resource c onfigured on country-specific basis (for PRI platforms):

JAPAN: Switch type : NT T I NS EURO PE: S witch typ e : NET5

(default country code: Norway)

U.S.: 4ESS

• Single data link (with no SPID) configur ed (for BRI platform s)

• IP WAN Interface with IP address 2.2.2.2

• TELNET and TFT P enabled

• TFTP allows all files to be changed by ADMIN

USING THE NETWORK WORKSHEETS

Please take the time to fill out the requirements worksheets located in System Worksheets. Th e requirements worksheets ar e:

• Network Topology Worksheet

• System De tails Worksheet

• System Device List Worksheet(s)

• Bridging/Routing Worksheets

86 CyberSWITCH

These worksheets will be helpful in configur ing an d managing your system. They capture import ant network information. To see examples of comp leted worksheets, refer to the Example Networks Guide.

USING THE CONFIGURATION CHAPTERS

The configuration chapters follow a basic format for explaining the configuration process of each system feature. The format is:

1. A brief outline of the configuration procedur e using CFGEDIT (if applicable).

Note: In this guide we have included a map of the configuration utility CFGEDIT.

2. A brief outline of the configuration procedure using Manage Mode (if applicable).

3. A definition of each configuration element.

4. Background feature information providing a more detailed explanation of the feature.

ONFIGURATION TOOLS

Using the Configuration Chapters

Workgroup Remote Access Switch 87

ONFIGURING RESOURCES AND LINES

OVERVIEW

Resource refers to the compute r re sources that are p a rt of the CyberSWITCH. A WAN resource is the physical interface for the attachment of lines (i.e., connections) to your system.

Lines are communication facilities from the carriers. These lines directly attach to your system. From the system perspective, lines provide the physical connection to switched networks. Lines are not required for LAN connections.

There is an optional element, the system subaddress, that you may conf igure for a point-multipoint line. This element is a call screening method. A subaddress is only needed if you have a line interface type of point-multipoint, and you choose the subaddress call screening method.

RESOURCES

Physical Resources may or may not be configurable, depending upon the country of operation. The WAN resource, Ethernet resource and Serial resource (COMMPORT) are preinstalled and preconfigured on all systems. However, switch type selection is country-dependent. Refer to the country or switch type descriptions below.

CONFIGURING RESOURCES

USING CFGEDIT

To configure the CyberSWITCH’s resources, sele ct Physical Resources from the Main Menu. The following will then be displayed:

Physical Resources

1) Resources

2) Data Lines

3) Accesses

4) ISDN Subaddress

Select function from above or <RET> for previous menu:

1. Press 1 to begin the configuration of the resources. This selection will provide a display of preconfigured resources, and the pertine nt slot numbers and switch type s for those resources.

2. Refer to the following country-dependent (or switch type) information to determine which options are configurable.

Japan, 1TR6, TS013 and TS014: For these configurations, the Current Resource Configuration is not changeable. Upon selection of this option, you wi ll view a display of pr econfigured resources onl y.

ONFIGURING RESOURCES AND LINES

Resources

United States: For the U.S. resource configuration, switch type is configurable, but Ethernet Resource or COMMPORT is not. Select Resources to display a screen similar to the following:

id Name Slot Switch Type 1 Basic_Rate 1 BRI_5ESS 2 Ethernet_1 2 3 COMMPORT

Enter(1)to Change a Resource or press <RET> for previous menu:

To configure a different switch type, first se le ct (1) to change the Basic Rate or Primary Rate resource. Then select the switch type from the list presented.

If you select the Ethernet or COMMPORT resource, you are informed that there are no userconfigurable options for this resource. Press any key to continue.

For all others (International configurations other than Japan, US, 1TR6, TS013 and TS014 users): The default switch type is NET3 (or NET5 for primary rate). You must specify the region and then country in which the switch is to operate. Select Resources to display the following:

id Name Slot Switch Type 1 Basic_Rate 1 NET3 2 Ethernet_1 2 3 COMMPORT

Enter(1)to Change a Resource or press <RET> for previous menu:

1. Enter (1) to Change a Resource.

2. Select NET3 or NET5. This will bring up the following Region Menu:

1) DEFAULT

2) AFRICA

3) AMERICAS

4) ASIA

5) EUROPEAN

6) PACIFIC-RIM

Region from above [default = 1]:

3. Select the appropriate region. Based upon the region you select, a list of countries will be displayed.

4. Select the country of operation.

5. If you cannot find your country on any list, return to the Region Menu and se le ct the de f ault value (1).

Notes:In addition to NET3 or NET5, some countries support other switch types (such as 1TR6 in

Germany or TS013/TS014 in Australia). In order to use your CyberSWITCH with one of these other switches, you must download the specific software for the switch you plan to use. Refer to Upgrading Software for more information. CFGEDIT will then correctly reflect this alternate switch type.

Preconfigured resources (i.e., the Ethernet or COMMPORT resource) and their slot numbers are not configurable.

Workgroup Remote Access Switch 89

USER’S GUIDE

USING MANAGE MODE COMMANDS

resource

Displays the current re sou rce configuration.

RESOURCE CONFIGURATION ELEMENTS

RESOURCE TYPE The type of adapter (resource) that plug into the system. WAN adapters are the physical interface for the attachment of lines (i.e ., connections) to your system.

ESOURCE SLOT

The slot number into which the resource is plugged.

NTERNAL SWITCH TYPE

For ISDN resources ( BRI and PRI) only. The switch type you wi sh to configur e .

EGION

For NET3 and NET5 switchtypes. When configuring switches, first identify the r egion of operation, and then the country.

OUNTRY

For the NET3 and NET5 switchtypes. The country in which the system is operating.

ENERIC NUMBER

For PRI_4ESS primary rate switch type only. The software load (generic #) the switch is running.

YNCHRONIZATION TYPE

For Primary adapters only. Eve ry framed tran smission line requires a clock source from which it must deriv e th e appro pri ate bit ti min g and c hannel tim ing r elati v e to t he star t of a fra me. For mos t CPE gear, the clocking is derived from th e received signal and the tran smission clock is thus a

“slave” to the network. H owever, if the line is to provide its own clocking, i t must derive a clock from an inte rnal source rather than a receive d si g nal. The line is the n a “master” clock sou rce.

RESOURCE BACKGROUND INFORMATION

The basic rate (BRI) resource directly terminates a standard USOC RJ45 connector. It is supplied with a standard S/T interface. A U interface option is not available for this adapter. The BRI resource supports 1 or 4 connections/ports depending on which option you purchase. It provides support for the following switch types:

•NTT

•5ESS

• DMS100

•NI1

•1TR6

•NET3

• Definity

• Legend

• TS0-13

90 CyberSWITCH

ONFIGURING RESOURCES AND LINES

Resources

The T1-E 1-P R I ca n b e use d for any T1, E1, or PRI resource , an d di r ec t ly te rm i na t e s a sta nd a rd USOC RJ45 conne ctor. It is supplied with a standard S/T interface and supports one port. It also provides support for the following switch types:

•NTT

•4ESS

•5ESS

• Definity

• DMS100, DMS250

• SL100

•NET5

•1TR6

• TS0-14

The ethernet-1 resour ce provides d irect support for one stand ard AUI LAN c onnection. Th ese AUI interfaces provide connections for 10Base2, 10Base5 or 10BaseT transceivers.

The COMMPORT resource provid e s access to the CyberSWITCH’s serial port ( COM 1) for serial (asynchronous) communications. This includes access for local console management, as well as local async-PPP data transfer.

The following figure illustrates how the CyberSWITCH handles this asynchronous data when it is in autosen se m ode ( the sy ste m defau lt) . T he dat a ar riv es t hroug h th e COM 1 p ort, and i s se nt t o an interna l As y nchronou s Usa g e Di s criminato r ( A UD), which mo n it o rs the data st re a m . Th e A UD determines if this is to be a PPP connection, or a remote console connection. This determination is made within a configurable time frame:

•if the AUD detects PPP LCP frames, it connects t he data to a PPP stac k. The Cy berSWITCH sen ds the data to th e LAN as appropriate.

•if the AUD detects four carriage returns from a console device, it will provide analog console access by presenting a CyberSWITCH login prompt to the console.

• if neither situation is detected within the configured time frame, the connection is turned over to PPP.

PPP

Stack

Console

Manager

(Login Prompt)

Null Modem

Connection

Console

Port

Asynchronous

Usage

Discriminator

PPP LCP

Frames

4 CRs

(Carriage Returns)

Workgroup Remote Access Switch 91

USER’S GUIDE

LINES

To parallel the preconfigured serial resource (COMMPORT), there is also a preconfigured serial line named ASYNDMPORT. This line may not be deleted fro m the CyberSWITCH configurati on , but its values (including mode of operation) are changeable.

A single WAN line and resource are also preconfigured.

To change configuration or configure additional lines, follow the instructions below.

CONFIGURING LINES

USING CFGEDIT

To configure lines, select Data Lines from the Physic al Resources menu. Fo llow the instr uctions belo w for the type of line you are configuring.

ONFIGURING A LINE FOR A BRI RESOURCE

1. Enter the line name.

2. Select the line’s slot and port combination.

3. Choose e ither a point-to-point or a point-multipoint interface type.

4. If you select a line interface type of point-multipoint, you will need to choose one of the following call screening methods: none, subaddress, or telephone number. If you choose the subaddress screening method, you must configure a su baddress. Refer to Configuring a

Subaddress.

5. Add th e necessary data links. a. Select Automatic TEI Nego t iation UN LESS this is a point-to-point NTT line. b. If you need to assign a TEI Negotiation value, the default value of 0 is normally correct. c. Only if you plan on using X.25 over the D-Channel on this line, answer yes to the fol lowi ng

prompt:

Will this Data Link support X.25 communications (Y/N)? [default N]

6. If the line uses a NI-1 or a DMS-100 switch type, you must also enter the following: a. SPID(s) - supplied by your carrier b. Directory Number(s) associated with the SPID(s) - supplied by your carrier c. Number of digi ts to verify.

ONFIGURING CHANGES FOR A COMMP OR T RESOURCE

1. Select Cha n ge from the D ata Lines menu of Phys ical Resources.

2. Select AS YNC DMPORT .

3. You will be prompted to accept the default or provide n ew inform ation f or the follow ing: a. baud rate b. data bits c. stop bits

92 CyberSWITCH

d. parity value e. flow co n t ro l ty p e f. mode:

• Autosense (default): can be either terminal or PPP-async. Requires user interaction (four carriage returns) to get to terminal mode.

• Term: ter minal mode only. Login prompt automatically sent to remote console.

ONFIGURING A LINE FOR A PRI RESOURCE

1. Enter the line name.

2. Select th e line’s slot and port combi n ation.

3. Select following line characteristics:

• framing type

• line coding type

• T1 signaling method

If you are un su re of your line' s character istics, try the followin g defaults:

ONFIGURING RESOURCES AND LINES

Lines

Characteristic PRI/T1 lin es E1 line

Framing type ESF Multifram e CRC

Line coding ty pe B8ZS N/A

Signaling Method Common_Channel N/A

4. Select the correct T1 line build out value (US only). If you are using an external CSU, specify a short haul build out (line length in meters). If you do not have an external CSU, specify a long haul build out (decibel attenuation value from Telco).

5. A data link is assigned to the line upon completion of the line configu rati on. Add more data links or modify the existing data link. a. Only if you plan on using X.25 over the D-Channel on this line, answer yes to the foll owin g

prompt:

Will this Data Link support X.25 communications (Y/N)? [default N]

b. Assign a TEI Negotiation value of 0.

Note: You must delete the data link for a Robbed Bit line.

SING MANAGE MODE COMMANDS

line

Displays the current line configuration.

datalink

Display the current data link configuration.

Workgroup Remote Access Switch 93

USER’S GUIDE

datalink add

Allows you to add a data link. The following sample screen shows how a data link is added.

Current LINE Configuration:

id LINE NAME TYPE SLOT PORT

-------------------------------------------------------------------------------1 LINE.BASICRATE1 BR_ISDN 1 1 2 LINE.BASICRATE2 BR_ISDN 1 2 3 DMS100.LINE1 BR_ISDN 2 1

Select line id for new data link or press <RET> to cancel: 3<RET>

Automatic TEI negotiation (Y or N) [default = Y]? N<RET>

TEI value [default = 1]? <RET>

Service Profile ID (enter 0 for no SPID) [default = NO SPID]? 13135551212<RET>

Directory number [default = 13135551212]? 5551212<RET>

Number of digits to verify [default = 7]? <RET>

The DATALINK configuration has been updated successfully.

datalink change

Changes an existing data link.

datalink delete

Deletes an existing data link.

ampconf

Allows you to change the AMP port configuration.

LINE CONFIGURATION ELEMENTS

LINE NAME A 1 to 16 us er-defin ed char acter strin g (using all non -blank char acter s) t hat identifies the l ine. Each line must have a unique name.

INE SLOT

The slot n u m b er as signed to th e re s o u rc e th a t will termin a t e this line.

INE PORT

The port number of the resource that will terminate this line.

INE INTERFACE TYPE

For basic rate lines only. Ch oice of poi nt-to-point or point-multipoi nt. The point-to-point interface type is the ty pe most often use d in the U.S.; point- multipoint i s most often used in Japan.

UTO TEI

For basic rate lines only.The default setting for automatic TEI negotiation is “yes”. For #5ESS and

DMS100 lines, you s hould not change t he sett in g. For NTT point-to -poin t lines, you s hould disabl e the au to m atic TEI n e g o tiation b y ans wering “no” to the p r o m p t f or this fea ture.

94 CyberSWITCH

ONFIGURING RESOURCES AND LINES

Lines

CALL SCREENING METHODS For basic rate lines only. If you select a line interface type of point-multipoint, choose one of the followi ng call screening methods: none, sub address , or telephone number. The paragraphs below define ea ch met h o d.

1. None All calls will be accepted.

2. Subaddress Uses a configured subaddress for this site. If the subaddress method is chosen, and a subaddres s h as not be en c onf igur ed f or th is s i te, an er ror mes sage w ill be disp lay ed. You mu s t either choose another method, or configure a subaddress for this site.

3. Telephone Number Telephone number(s) for your site used for call screening. Only calls directed to that specific telephone number will be accepted. If there is more than one, enter the list of telephone numbers separated by commas. After entering the telephone numbers, you will then be asked to enter the maximum number of digits (st a rting at the rightmost dig it) to be verif ied.

Note: If the telephone number(s) entered here do not exactly match the number(s) for the site,

you will be warned at this time. (The number of digits compared will be the number of digits you chose to use for verification.)

ATA LINKS

A data link is a data communications link to the telephone switch. Your Carrier Service can provide you with the data link values you need to configure. All switch types, except the D MS 100 an d the NI-1, require a single data link per line. The NI-1 switch type can have either one or two data links per line. The DMS100s generally require tw o data links per line, one for each B channel. For both NI-1 and DMS100 switch types, contact your Servi ce Prov i der for the number of data links required.

The table below summarizes the number of dat a li n ks an d SPIDs that are required for each switch type.

Switch Type Number of Data

Links

Number of SPIDs Number of

Directory Numbers

DMS100 custom 2 2 2

NI-1 1 or 2 1 or 2 1 or 2

all oth er 1 0 0

When adding a data l ink for BRI lines , designate whether to use Automa tic TEI Negotiation. Automatic TEI Negotiation is used UNLESS this is a point-to-point NTT line. If you do not use Automatic TEI Negotiation, a TEI value is required. The default TEI value is 0, which is normally correct for a point-to-point NTT line. For PRI lines, use the default TEI value of 0.

Data link s are handled differently for DMS and N I-1 switches. For most switches, the BRI line has only one phone number (for the Data Link), but it can handle two calls (one for each bearer

Workgroup Remote Access Switch 95

USER’S GUIDE

channel). For DMS and NI-1 switc hes, the BRI line has two SPIDs, and two phone numbers. Note that either SPID can use either bearer channel. There is no one-to-one correspondence. You must enter the numb e r of digits to verify (starting at the right-most di git), so that wh e n the system receives a phone call it can determine on which bearer to accept the phone call. The maximum number of digits should be 7, which is the defa u lt value in most cases.

ERVICE PROFILE ID (SPID)

For basic rate lines only. SPIDs are only required for DMS100 and NI-1 switch types. A SPID is a number that identifies ISDN equipment attached to your ISDN line. Depending on the type of ISDN service you have, you may have one, 2, or no SPIDs. When ordering your ISDN service, your service p rovider should supply you with SP ID information.

A SPID is usually derived from t he ISDN line’s telephone number. It may include the area code. It may also include a special prefix and/or suffix (for example, a prefix of 9 for Centrex lines).

The SPID format for AT&T 5ESS NI-1 Service is:

01nnnnnnn0tt

where nnnnnnn is the 7 digit phone number (no area code) of the BRI line

tt is a user assigned 2 digit terminal Id code, 00 is normally used

The SPID format for AT&T 5ESS Custom Multipoint Service is:

01nnnnnnn0

where nnnnnnn is the 7 digit phone number (no area code) of the BRI line

The SPID format for Northern Telecom DMS-100 NI-1 Servi ce is:

aaannnnnnnss

where aaa is the 3 digit area code of the BRI line

nnnnnnn is the 7 digit phone number of the BRI line ss is the SPID suffix (optional, 01 can be used for one number, 02 fo r the other)

The SPID format for Northern Tel ecom DMS-100 Custom Service is:

aaannnnnnnsstt

where aaa is the 3 digit area code of the BRI line

nnnnnnn is the 7 digit phone number of the BRI line ss is the SPID suffix (optional, 01 can be used for one number, 02 fo r the other) tt is a user assigned 2 digit terminal Id code, 00 is normally used

If the DMS100 requires two data links per line, it will also have two “Service Profile Identifiers (SPIDs)” and two directory number s. If the NI-1 has two data links per line, two SPIDs and two directory numbers are required, otherwise one SPID and one directory number is required. A SPID is paire d wi th a directory number to define a data link.

Note that if you r line does not requi re a SPID, enter a SPID value of 0 .

IRECTORY NUMBERS

If your line requires a SPID (if you entered a SPID with a value other than “0”), you will be required to enter the site's directory number. That directory number is paired with the above entered SPID for this da ta link. The direc tory number is us ed to match an incomin g call wit h the co rrect data link .

96 CyberSWITCH

ONFIGURING RESOURCES AND LINES

Lines

DIGITS VERIFIED The number of digits to veri f y (starting at the rightmo st di git), so that when the system re ceives a phone call it can determine on which bearer to accept the phone call. The maximum number of digits sh ould be 7, which is the default value in most cases .

RAMING TYPES

For primary rate lines only. The normal line transmission method employed on a PRI line is a timedivision multiplexed (TDM) scheme of repeating fixed-length frames. For T1 lines, of each frame, a single bit is used to convey such things as a frame alignment pattern, data checksums, and in more advanced networks, maintenance comman ds, between the network and the Customer Premise Equipment (CPE). For E1 lines, all of channel 0 is used for this. The two most common framing types for PRI/T1 lines are SF and ESF, which are 12- and 24-frame formats, respectively. E1 lines can use one of three framing types: doubleframe, multiframe with no CRC, or multiframe with CRC, with the most common being multiframe CRC.

INE ENCODING

For Primary Rate lines only. Line encoding specifies the na tu re of the signals that are used to represent binary one and zero at the physical layer. Two encoding methods are Alternate Mark Inversion (AMI) and Bipolar 8 Zero Subst ituti on (B8ZS). AMI as the encoding scheme implies th at the applicatio ns usi ng the transmissi on line must guarantee a certain number of 1s in the signal to help prevent a loss of synchronization in the network. This is possible if the voltage level of the signal remains zero for too long a period of time (i.e., too many logical 0s in the transmitted data). B8ZS enforc es n o suc h limit s on the app lica ti on usi ng th e tr ansmi ssi on medi um sinc e i t in troduc es bipolar violations in the signal. These violations are in turn interpreted at the receiving end not as errors, but simply as the substitution of a 1 for a 0 after certain number of consecutive 0s were detected in the transmitted signal.

IGNALING METHOD

For primary rate lines only. The signaling met ho d dictat es how and where the call si gnaling is to be carri e d. The two methods avai lable are Common Chan nel and Robbed Bit Signaling.

OMMON CHANNEL

In the Common Channe l si gnal ing c ase, one of the 24 c han nels of the P RI fra me i s devot ed to call control messaging.

OBBED BIT SIGNALING

Robbed Bit Signaling is not supported for the CyberSWITCH.

INE BUILD OUT

For primary rate lines only. No matter what the quality of th e cabling employed in a net work, each and every li ne expe ri ences so me si gnal loss or degr adati on. L ine Bu ild Ou t desc rib es t he degree of attenuation to be applied to the transmission signal in order to have the correct signal levels and shape arrive at t he receiver. Generally, the longer the line connecting the CPE and the network equipment, the less the transmitted signal is attenuated.

CFGEDIT will use shor t or long haul inform a tion to deter m ine the corr ect Line Build Ou t (i.e., degree of attenuation) for your lines. The value you input (in CFGEDIT) to determine attenuation depends on whether or not you are using an external Channel Service Unit (CSU).

If you are using an external CSU, you will specify a value under Short Haul Build Out. Specify the length of the line, in meters, from CPE to the CSU by selecting a range from zero to 210 meters.

Workgroup Remote Access Switch 97

USER’S GUIDE

If you are not using an external CSU, specify a value under Long Haul Build Out. On long hauls, your telephone company will provide you with a decibel attenuation value when they install the lines. The installers may specify option labels A, B, or C during installation. If so, these labels correspond, respec tively, to Long Ha ul Build Ou t values of -0.0dB, -7.5dB , and -15.0dB. The value is dependen t on distance, type and condition of physical line, and other environmental factors. For example, if the distance to the Telco switch is great (6000 foot maximum), or the line is old, you may need a decibel value of 0.0 (meaning no attenuation). If the distance is much closer (for example, 1000 ft. ), the decibel value may be -15.0 (i.e., the signal is str on g enough that it needs a certain amount of attenuation).

INE TYPE

For V.35 and RS232 lin e s only. This par ame ter differentiates th e network connections from connections to local computing devices. The network line type should be specified for lines that will be used by a Dedicated, Frame Relay, or X.25 Access.

COMMPORT I

NFORMATION

For systems using the asynchronous management port (COMMPORT) for out-of-band management. These elements control how the port will function. Elements include:

•modem name

•baud rate

•data bits

• stop bits

• parity value

• flow co n t ro l ty pe

• mode of operation

Mode of operation determines whether this port operates in autosense mode or terminal mode.

Autosense mode offers the flexibility to use this port for console access, or to send PPP-async data.

For console acc ess, the rem o te user must p re s s <E nter> or <Re t u rn> four tim e s upon call connection. If no carriage returns are detected, the CyberSWITCH assumes it will receive PPP data.

Terminal mode requires no interaction. It automatically sends the attached device a login prompt for console access.

LINE BACKGROUND INFORMATION

Lines are communication facilities from the carriers. These lines directly attach to the system. From the system perspective, lines provide the physical connection to switched networks. Lines are not required for LAN connections.

98 CyberSWITCH

SUBADDRESSES

CONFIGURING A SUBADDRESS

USING CFGEDIT

1. To conf igure a subaddress, select ISDN Suba ddr ess fr om the Physical Resources menu.

2. Ente r the subaddress. The subaddress is suppl ied by your Carrier Servi ce .

SUBADDRESS CONFIGURATION ELEMENTS

SUBADDRESS The subaddress for the system.

SUBADDRESSES BACKGROUND INFORMATION

A subaddress may be configured for a point-multipoint line. This element is a call screening method. A sub address i s only needed if you have a line in terface type of poi nt-multi point , and you choose the su b a ddress call screening me thod.

ONFIGURING RESOURCES AND LINES

Subaddresses

Workgroup Remote Access Switch 99

ONFIGURING BASIC BRIDGING

OVERVIEW

This chapter provides information for configuring basic bridging features. Basic bridging configuration includes :

• enabling/dis abling b ridging

A separate chapter, Config ur i ng A d van c e d B r i dging, provides information for configuring advanced bridging features. Advanced bridging features include:

• bri dge dial out

• Spanning Tree Protocol

• mode of operation

• bridging filters

• known connect lists

MAC LAYER BRIDGING OPTION

ENABLING/DISABLING BRIDGING

USING CFGEDIT

1. Select Bridging from the Options Menu. The following menu will then be displayed:

Bridging Menu:

1) Enable/Disable Bridging

2) Spanning Tree

3) Mode of Operation

4) Bridge Filters

5) Known Connect List

Select function from above or <RET> for previous menu:

2. Select Enable/Di sable Bridg ing .

3. Foll ow the onscreen instructions to co mp lete the confi g uration.

MAC LAYER BRIDGING CONFIGURATION ELEMENTS

STATUS The MAC Layer Bridging status is e ither enabled or di sab led. As a default it is enabled.

Cabletron Systems CSX1000, CSX1200 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

CONTENTS

DOCUMENTATION SET

Guide Conventions

We inc l u de th e f ollowin g ch a p te rs in the Syst em Overv i ew segment of the User’s Guide.

THE CYBER SWI TCH NETWORK

UNIQUE SYSTEM FEATURES

INTEROPERABILITY OVERVIEW

INTEROPERABILITY PROTOCOLS

INTEROPERABILITY DEVICES

SECURITY OVERVIEW

NETWORK INTERFACE OVERVIEW

System Components

REMOTE ISDN DEVICES

Switches Supported

SAFETY CONSIDERATIONS

THE CSX1000 AND NE LINK 1000 (A NETWORK EXPRESS PRODUCT)

System Platforms

THE CSX1200

CABLING INFORMATION

WAN ACCESS

ADMINISTRATION CONSOLE ACCESS

SYSTEM MODULES

THE CSX1200-E11-MOD

THE CSX1200-U4-MOD

OVERVIEW

SYSTEM SOFTWARE

SYSTEM FILES

CONFIGURATION FILES

OPERATIONAL FILES

USER LEVEL SECURITY FILES

OVERVIEW

ORDERING NI-1 LINES USING EZ-ISDN CODES

ORDERING NI-1 LINES USING NI-1 ISDN ORDERING CODES

ORDERING BRI ISDN LINES USING PROVISIONING SETTINGS

PROVISIONING SETTINGS FOR AT&T 5ESS SWITCHES

AT&T 5ESS NI-1 SERVICE

AT&T 5ESS CUSTOM POINT-TO-POINT SERVICE

PROVISION SETTINGS FOR NORTHERN TELECOM DMS-100 SWITCHES

Northern Telecom DMS100 NI-1 Service

Northern Tel ecom DMS100 Custom Service

BASIC INFORMATION FOR ORDERING PRI ISDN LINES

PRE-INSTALLATION REQUIREMENTS

INSTALLING THE CSX1200-E11-MOD

Installing the CSX1200-U4-MOD

CABLING

OVERVIEW

MAKING CONNECTIONS

DIRECT CONNECTION

NULL-MODEM CONNECTION TO A PC

REMOTE CONNECTION USING TELNET

REMOTE CONNECTION USING A MODEM

ESTABLISHING AN ADMINISTR ATION SESSION

POWERING ON

ACCESSING THE RELEASE NOTES

OVERVIEW

• upg r ading sy st e m s of t wa re

UPGRADING SOFTWARE

CD FILE STRUCTURE

LOCAL SOFTWARE UPGRADE

LOCAL UPGRADE OF THE OPERATIONAL SOFTWARE (OSW )

REMOTE SOFTWARE UPGRADE

CHANGE DEFAULTS TO SECURE SYSTEM

ACCESSING THE RELEASE NOTES

Return Configuration to Factory Defaults

We inc l u de th e f ollowin g ch a p te rs in the Basic Configura tion segment of the User’ s Gu ide:

OVERVIEW

CFGEDIT

EXECUTING CFGEDIT

SAVING CFGEDIT CHANGES

DYNAMIC MANAGE MENT

EXECUTING DYNAMIC MANAGEMENT

UTILITY DYNAMIC MANAGEMENT COMMANDS

SAVING DYNAMIC MANAGEMENT CHANGES

DEFAULT CONFIGURAT ION

USING THE NETWORK WORKSHEETS

Using the Configuration Chapters