Enterasys Networks CSX6000, CSX7000, CSX5500 User Manual

CENTRAL SITE

REMOTE ACCESS SWITCH

USER’S GUIDE

Release 7.4

Cabletron Systems

(603) 332-9400 phone (603) 337-3075 fax support@ctron.com

USER’S GUIDE

CAUTION

NOTICE

You may post this document on a network server for public use as long as no modificati ons are ma d e to the d o cu m e n t .

Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made.

The hardware, firmware, or software described in this manual is subject to change without notice.

IN NO EVENT SHALL CABLETRON SYSTEMS BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF OR RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT, EVEN IF CABLETRON SYSTEMS HAS BEEN ADVISED OF, KNOWN, OR SHOULD HAVE KNOWN, THE POSSIBILITY OF SUCH DAMAGES.

Only qualified personnel should perform installation procedures.

Cabletron Systems, Inc. P.O. Box 5005 Rochester, NH 03866-500 5

Order Number: 9032186-04

VIRU S D ISCLAIMER

Cabletron Systems has tested its software with current virus checking technologies. H owev er, because no anti-vir us sy stem is 100% reliabl e, we strongly cauti on you to wr ite pro tect and th en verif y that th e Licen sed Sof tware, pr ior to installing it, is virus-free with an anti-viru s system in which yo u have confi denc e.

Cabletron Systems makes no representations or warranties to the effect that the Licensed Software is virus-free.

2 CyberSWITCH

TRADEMARKS

Cabletron Systems, CyberSWITCH, MMAC-Plus, SmartSWITCH, SPECTRUM, and SecureFast Virtual Remote Access Manager are trademarks of Cabletron Systems, Inc.

All other product names m entioned in this manual are tradema rks or registered trademarks of their re sp e ctive companies.

COPYRIGHTS

All of the code for this product is copyright ed by Cable tron System s , Inc.

Portio ns of the code for this p roduct are co pyrighted by the follow ing corpor ations:

Stac El e c troni cs Stac Electronics 1993, including one or more U.S. Patents No. 4701745, 5016009, 5126739 and 5146221 and other pending patents.

FCC NOTICE

This device complies with Part 15 of the FC C rules. Operation is subject to the following two conditions: (1) this d e vice m a y no t caus e ha r mful int erfe rence , an d (2) this device must accept any int erference received, includ ing interference that may caus e undesired o p e ra ti on .

NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment uses, generates, and can radiate radio frequency energy and if not installed in accordance with the operator’s manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause interference in which case the user will be required to correct the interference at his own expense.

Central Site Re mote Access Switch 3

USER’S GUIDE

WARNING : Changes or modific ations made to this d evice wh ich ar e not expr essly

approved by the party responsible for compliance could void the user’s authority to operate the equipment.

DOC NOTICE

This digital apparatus do es not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Commu nicati ons.

Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la class A prescrites dans le Règlement sur le brouillage radioélectrique édicté par le ministère des Communicatio ns du Cana d a.

VCCI NOTICE

This is a Class 1 product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If th is equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective ac tions.

CABLETRON SYSTEMS, INC. PROGRAM LICENSE AGREEMENT

IMPORTANT: Before utilizing this product, carefully read this License Agreement.

This document is an agreement between you, the end user, and Cabletron Systems, Inc. ("Cabletron") that sets forth your rights and obligations with respect to the Cabletron software program (the "Program") contained in this package. The Progra m may be contai ned in fi rmware, ch ips or ot her media. BY UTILIZ ING THE ENCLOSED PRODUCT, YOU ARE AGREEING TO BECOME BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE AND THE LIMITATION OF WA RRANTY A ND DISCLAIMER O F LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, PROMPTLY RETURN THE UNUSED PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND.

4 CyberSWITCH

SING THIS GUIDE 25

Documentation Set 26 Guide Conventions 27

SYSTEM OVERVIEW 29

The CyberSWITCH 30

Unique System Featur es 31 Interoperability Overv iew 34

Interoperability Protocols 34 Interoperability Devices 35

Encryption Overview 36

Network Layer 36

Link Layer 36 Security Overview 37 Network Interface Overview 37 System Compon e nts 38 Remote ISDN Devices 39 Switches Supported 40

Hardware Overvi ew 41

System Platforms 41

The CSX5500 42

Platform Description 4 2 Cleaning the CSX5500 Air Filter 43 Platform Characteristics 44 Caution for DC-Powered CSX5500s 45

The CSX6000 46

Platform Description 4 6 Cleaning the CSX6000 Air Filter 47 Platform Characteristics 47 Caution for DC-Powered CSX6000s 48

The CSX7000 49

Platform Description 4 9 Platform Characteristics 49 Caution for DC-Powered CSX7000s 50

The NE 2000-II (A Network Express Platform) 51

Platform Description 5 1 Platform Characteristics 52

The NE 4000 (A Network Express Platform) 53

Platform Description 5 3 Platform Characteristics 53

The NE 5000 Platform (A Network Express Platform) 55

Platform Description 5 5 Cleaning the NE 5000 Air Filter 56 Platform Characteristics 57

Central Site Re mote Access Switch 5

USER’S GUIDE

System Adapters 58

Ethern et Ad a pt e rs 58

Ethernet-2 Adapter 58 Ethernet-1 Adapter 58 Hardware Characteristics 59 LAN Connec ti on 59

Basic Rate Adapters 59

BRI-4 Basic Rate Adapter 59 BRI-1 Basic Rate Adapter 60 BRI Connection 60

Primary Rate Adapters 61

The PRI-8 61 The PRI-23 61 The PRI-23/30 62 PRI-8, PRI-23, and PRI-23/30 Connection 63

Expander Adapter 63

Hardware Characteristics 63

V.35 Adapter 64

Hardware Characteristics 64 V.35 Connection 64

RS232 Adapter 65

Hardware Characteristics 66 RS232 Connection 6 6

Digital Modems 67

The D M-8 68 The DM-24 68 The DM-24+and DM-30+ 68

Encryption Adapter 69

Software Overview 70

System software 70 Administration software 70 System Files 71

Configuration Files 71

Operational Files 72

User Level Security Files 73

SYSTEM INSTALLATION 74

Orderi n g IS DN Service (US Only) 75

Overview 75 Orde ring NI-1 Lines Using EZ-ISDN Code s 75 Orde ring NI-1 Lines Using NI-1 ISDN Ordering Codes 75 Ordering BRI ISDN Lines using Provisioning Settings 75

Provisioning Settings for AT&T 5ESS Switches 76

AT&T 5ESS NI-1 Service 77 AT&T 5ESS Custom Point-to-Poin t Service 78

Provision Sett ings for Northern Telecom DMS-100 Switches 78

Northern Telecom DMS100 NI-1 Service 79 Northern Telecom DMS100 Custom Service 80

Basic Inf o rm a tio n f or Ord e ring PRI ISD N Li n es 80

6 CyberSWITCH

Hardware Installat ion 83

Overview 83 Pre-Installation Requirements 83 Selecting S lots for the Adapter s 84 Adapter Settings 85

Adapter Interrupt and I/O Addres s Settings 86

WAN Adap ter s 86 DM-8 Adapter I/O Address Settings 86 DM-24 Adapter Interrupt and I/O Address Settings 87

DM-24+ and the DM-30+ Adapter Address Setti ngs 88 Encryption Adapter Settings 89 MVIP Settings 89 Additional Adapter Settings 90

PRI-8 90

PRI-23 91

PRI-23/30 92

Inserting the Adapters into the Cyber SWIT CH 93 Connecting Adapter Inter-Board Cables 94

Connecting Multiple Adapters 94 Connecting a WA N Ad apte r to the LC D 96 Summary of Guidelines 97

Cabling Guidelines 97

Termination G uide lin e s 97

Accessing the CyberSWITCH 98

Overview 98 Making Connections 98

Direct Co nne ction 98 Null-Modem Connection to a PC 99 Remote Connec tion using Telne t 100 Remote Connec tions (Modem to Modem) 10 1

Analog Modem on the CyberSWITCH 101

Digital Modem on the CyberSWITCH 102

Establishing an Administration Session 103 Accessing th e Re lease Notes 104

Upgrading System Software 105

Overview 105 Installing Software 105 Upgrading System Soft war e 107

Local Upgrade 107

Procedure 107

Handling Upgrade Warnings and Errors 108 Remote Upgrade 10 8

Accessing th e Re lease Notes 109

Central Site Re mote Access Switch 7

USER’S GUIDE

BASIC CONFIGURATION 110

Configuration Tools 111

Overview 111 CFGEDIT 111

Executing CFGEDIT 112 Saving CFGEDIT Changes 112

Dynamic Management 112

Executing Dynamic Management 112 Utility Dynamic Management Commands 113 Saving Dynamic Managem e n t Changes 113

Using the Network Worksheets 114 Using the Configuration Chap ters 114

Configuring Resources and Lines 115

Overview 115 Resources 115

Configuring Resour ces 115 Resource Configuration Elements 116 Resource B ackground Information 117

Lines 119

Configuring Line s 119

Configuring a Line for a BRI Resource 119

Configuring a Line for a PRI Resource 119

Configuring a Line for V.35 and RS232 Resources 120

Configuring Changes fo r a COMMPORT Res ource 121 Line Configuration Elements 122 Line Background Information 126

R2 Signaling 127

Subaddresses 127

Configuring a Subaddress 127 Subaddress Configuration Elements 127 Subaddresses Background Information 127

Configuring Basic Bridging 128

Overview 128 MAC Layer Bridging Option 128

Enabling/Disabling Bridging 128 MAC Layer Bridging Configuration Elements 128 MAC Layer Bridging Background Info rma tion 129

Configuring Basic IP Rou ting 130

Overview 130 Interne t P rotocol (IP) Option 130

Enabling IP 130 IP Option Configurati on Elements 131 IP Background Information 131

IP Operating Mode 131

Configuring the IP Operating Mode 131 IP Operating Mode Configuration Elements 132 IP Operating Mode Background Information 132

8 CyberSWITCH

IP Network Interf aces 133

Configuring Interfaces 133 Network Interface Configuration Elements 135 IP Network Inte rface Background Inform ation 140

IP RIP and the IP Network Interf aces 145

IP RIP over Dedicated Connection s 148

IP Host Operating Mode and the IP Network Interfaces 150

Using Multiple IP Addres ses 150

Static Routes 152

Configuring Static Routes 152 Static Route Configurati on Elements 154 Static Route Background Information 156

Default Routes 157

Configuring Default Routes 157 Default Route Configuration Elements 157

Routing Information Protoc ol (RIP) Option 158

Enabling/Disabling IP RIP 158 IP RIP Configuration Elements 159 IP RIP Background Information 159

SECURITY AND ENCRYPTION OPTIONS 160

Security Overview 161

Overview 161 Security Level 161 Syste m Opti ons and In f ormat ion 162 Device Level Databases 162 User Level Databases 163 Off-node Server Information 163 Network Login Information 163

Configuring Security Level 164

Overview 164 No Security 166

Configuring No Secur ity 166

Device Level Security 167

Configuring Device Level Security 167 Device Level Security Backgr ound Info rma ti on 167

Overvie w of Device Auth e ntication Pr ocess 168

User Level Security 168

Configuring User Lev e l Securit y 168 User Level Security Backgr ou nd Info rma tion 168

Authentication Using a Security Token Card 169

System Requirements 170

Authenti cation Process with User Level Securi ty 171

Device and User Level Security 172

Configuring Device an d Us er Level S ecur ity 17 2 Device and User Level Backgroun d In formation 173

Central Site Re mote Access Switch 9

USER’S GUIDE

Configuring System Options and Information 174

Overview 174 System Options 174

Configuring System Options 174 Syste m Opti ons Conf ig u ratio n E le ment s 1 7 5 System Options Background Information 177

System Information 178

Configuring Syst em Information 178 System Information Configuration Elements 178 System Information Background Information 179

Administ rative Session 179

Configuring Administrative Sessions 179 Administrativ e Sessio n Conf igur ation Ele m ent s 180 Administrative Session Backgroun d In formation 181

Alterna tive Database Location Background Information 181

Session Inactiv i ty Background Information 181

Number of Administrat ive Telnet Sessions Background Information 181

Telnet Server TCP Port Number Background Information 181

Emergency Telnet Server Port Number Background Information 182

Configuring Device Level Databas e s 18 3

Overview 183 On-node Devi ce Database 183

Configuring an On-node Device Database 183

On-node Device Entries 184

Configuring On-node Device Entries 184 On-node Dev ice Database Con f iguration Elements 19 1

General Configuration Ele m ent s 191

ISDN Configuration Elements 191

Frame Relay Access Configur ation Ele m ent s 193

X.25 Access Configur ation Elements 193

Digital Modem Configuration Elements 194

Authentication Configuration Elements 194

IP Information Configuration Elements 196

IPX Information Configur ation Elements 196

AppleTalk Information Configuration Elements 197

Bridge Information Co nfiguration Element s 198

Compression Configuration Elements 199 On-node Device Database Background Information 199

On-node Dev ice Database Se cu rity Requirements 199

Off-node Device Database Location 203

Configuring Off-node Device Database Location 203 Off-node Device Database Location Configuration Elements 204 Off-node Device Database Location Background Information 204

Configuring User Level Databases 205

Overview 205 User Le vel Au th e ntica tion Data b ase Locatio n 205

Configuring Authentication Database Location 205 User Level Authen tica tion Datab as e Loc ation Co nfigur a tion Ele me nt s 206 User Level Authentication Database Location Background Information 206

10 CyberSWITCH

Configuring Off-node Server Information 207

Overview 207

Multiple Administration Login Names 207

CSM Authentication Se rver 208

Configuring CSM Authentication Server 208 CSM Authentication Se rver Configuration Elemen ts 209 CSM Authentication Server Backgrou nd Information 209

RADIUS Server 209

Configuring a RADIUS Authentication Server 209 RADIUS Authentication S e rver Configur ation Elements 211 RADIUS Authentication Server Background Information 211 Configuring a RADIUS Accounting Server 212 RADIUS Accounting Serv er Conf igur ation Ele me nts 214 RADIUS Accounting Server Background Information 214

Performance 214

Verification and Diagnosis 215

RADIUS RFC2138 215

Enabling RADIUS Type 215 RADIUS Type Configuration Elements 216 Background Informati on 216

Dynamic Device Option 216

Configuring the D ynamic Device Option 216 Dynamic Device Configura tion Elem ent s 217 Background Informati on 217

TACACS Authenti cation Server 218

Configuring a TACACS Authenti cation Server 218 TACACS Authentication Server Configuration Elements 219 TACACS Authentication Server Background Information 219

ACE Authentication Server 220

Configuring an ACE Authenti cation Server 220

Alternate Method of Configuration 221 ACE Authentication Server Configuration Elements 221 ACE Authentication Server Background Information 222

Configuring Network Login Infor mation 223

Overview 223 Network Login General Configuration 223

Configuring General Network Login Information 223

Authenti cation Timeout 224

Terminal Server Security 224 Network Login General Configuration Background Information 225

Network Login Banners 225

Configuring Netw ork Lo gin Banner s 225 Network Login Banners Background Information 226

Configuring RADIU S Serve r Login Info rma tion 226 Login Configuration Specific to RADIUS Server Background Information 227

Configuring TACACS Server Login Information 228 Login Configuration Specif i c to TACAC S Serve r Backg round Information 229

Central Site Remote Access Switch 11

USER’S GUIDE

Configuring Encryption 231

Configuration 231

Configuring an Encryption adapter 231 Configuring Security Associations and Authentication (IP Security Only) 232 Configuring Link Layer Encryption (PPP Encryption Only) 233 Encryption Configuration Elements 234

Encryption Background Information 236

IP Network Lay e r En cryption 236

ESP Implementation 236

IP Encryption Example 237

Authentication Headers 237 Link Layer Encryption 23 8

Link Layer Encryption: Manually-Configured Keys 238

Automated Key Exchange 239 Interaction with Other Features 239

IP Filters 239

Multiple MAC/IP Addr ess es 240

PPP Compression 240

ADVANCED CONFIGURATION 241

Configuring Alternate Accesses 242

Overview 242 Dedi ca te d Acce ss e s 2 4 2

Configuring a Dedicat ed Acc es s 242 Dedicated Access Configurat ion Element s 243 Dedicated Access Background Information 243

X.25 Accesses 244

Configuring an X.25 Ac cess 244

Basic Configuration Inf orm a tion 244

LAPB Configura tion Info rma tion 2 45

X.25 Configuration Information 245

Permanent Virtual Circuit Information 247 X.25 Configuratio n Elements 247

X.25 Line Configuration Elements 247

LAPB Configuration Elements 248

X.25 Access Configur ation Elements 249

PVC Configuration Elements 252 X.25 Access Background Inf orm ation 253

Current X.25 Restrictions 255

Frame Relay Accesses 255

Configurin g a Frame Relay Access 255

Configuring General Ac ces s Informa tion 255

Configuring a PVC 256 Frame Relay General Configuration Elements 257 Frame Relay PVC Configuration Elements 258 Frame Relay Access Background Information 260

The Local Management Interface Overview 261

Data Rate Control Overview 261

Congestion Control Overview 262

Curren t Re strictions 262

12 CyberSWITCH

Configuring Advanced Bridgin g 26 4

Overview 264 Bridge Dial Out 264

Configuring the Device List for Bridge Dial Out 265

Spanning Tr ee Protocol 266

Configuring Spanning Tree Protocol 266 Spanning Tree Protocol Co nfigura tion Elem e nts 267 Spanning Tree Protocol Background Information 267

Bridge Mode of Operation 268

Configuring the Bridge Mode of Operation 268 Bridge Mode of Opera tion Co nfigu ra tion Elem ent s 268 Bridge Mode of Operation Background Infor matio n 268

Unrestricted Bridge Mode 268

Restricted Bridge Mode 269

Bridge Filters 269

Configuring Bridge Filters 269 Bridge Filter Configur atio n Elem ent s 272

Protocol Definition Configuration Elements 272

Bridge Filter Configur atio n Elem ent s 272 Bridge Filters Backgrou nd Info rma tion 273

Protocol Definitions 273

Bridge Filter Definitions 274

Dial Out Using Bridge Filters 283

Example: Bridge Dial Out Using a Destina tion MAC Add ress Filter 283

Known Connect List 285

Configuring the Known Co nnec t List 285

Using CFGEDIT 28 5 Known Connect List Configur ation Ele m ent s 286 Known Connect List Back ground Infor matio n 286

Configur in g A dva n c ed IP Ro uting 287

Overview 287 Static ARP Table Entries 288

Configuring Static AR P Table Entries 288 Static ARP Table Entries Conf igur ation Elements 288 Static ARP Table Entries Backgroun d Infor m ation 288

The Isolate d M ode 289

Configuring the Isolate d Mode 289 Isolated Mode Configuration Elements 289 Isolated Mode Backgroun d In formation 289

Static Route Lookup via RADIUS 289

Configuring Stati c Route Lookup via RADIUS 289 Static Route via RADIUS Configuration Elements 290 Static Route Lookup via RADIUS Background Information 290

IP Address Pool 290

Configuring an IP Address Pool 290 IP Address Pool Configuration Elements 290 IP Address Pool Background Information 291

Central Site Remote Access Switch 13

USER’S GUIDE

IP Filters 291

Initiating the IP Filter Configuration 292 Configuring Packet Types 292

Configuring the Comm on IP Portio n 293

Configuring TCP 294

Configuring UDP 294

Configuring ICMP 295 Configuring Forward ing Filt ers 296 Configuring Connection Filters 297 Configuring Exception Filter 298

Modifying the Final Condition for a Filter 299 Applying Filters 299

Applying Filters to Network Interfaces 299

Applying the Global Forwarding Filter 299

Applying per-device Forwarding Filters 299 IP Filters Configuration Elements 300 IP Filters Background Information 301

Filter Compositio n 302

Types of Filters 302

Role of Filters in the IP Processing Flow 303

Packet Types 304 Limitations 305 Example of an IP Filter Configuration 306

DHCP Relay Agent 308

Configuring a DHCP Relay Agent 308 DHCP Configuration Elements 309 DHCP Background Information 309

DHCP/BOOTP Relay Agen t Env ironm ent s 309

Example DHCP Configurations 311

DHCP Proxy Client 315

Configuring the DHCP Proxy Client 315 DHCP Configuration Elements 316 DHCP Background Information 316

Sample Configuration: IP Router with DHCP Proxy Client 317

Security Associations 318

Configuring Secur ity Associa tion s 318

DNS and NetBIOS Addresses 319

Configuring DNS and NetBIOS Addresses 319 DNS/NBNS Co nfigu r ation Ele m ent s 32 0 DNS/NBNS Background Informati on 320

Configuring IPX 321

Overview 321 Configuring IPX Information 322 IPX Routing Op tion 323

Enabling/Disabling IPX 323 IPX Option Configuration Element 323 IPX Option Background Information 324

IPX Internal Network Number 324

Configuring the IPX Internal Network Number 324 IPX Internal Network Number Configuration Element 324 IPX Network Number Background Information 325

14 CyberSWITCH

IPX Network Interf aces 325

Configurin g IPX Net work Interfaces 325 IPX Network Interface Configuration Elements 327

General IPX Network Interface Configuration Elements 327

RIP IPX Network Interface Configuration Elements 327

SAP IPX Network Interface Configuration Elements 328 IPX Network Interface Background Informatio n 329

IPX Routing P rotocols 330

Configuring IPX Routing Pr otocols 330 IPX Routing P rotocol Configuration Ele ments 330 IPX Routing P rotocol Background Information 331

Routing/Service Tables 331

Special Conside r ations - Remo te LA N Inter f ace 332

IPX Static Routes 333

Configurin g IPX Static Routes 333 IPX Static Routes Confi g uration Elements 334 IPX Static Routes Background Information 334

IPX NetWare Static Servi ces 335

Configuring IPX NetWare Static Services 335 IPX NetWare Static Servi ces Configuration Elements 336 IPX NetWare Static Servi ces Background Information 337

IPX Spoofing 337

Configuring IPX Spoofing 337 IPX Spoofing Configuration Elements 338 IPX Spoofing Background Information 338

Watchdog Protocol 339

SPX Protocol 339

IPX Type 20 Packet Handling 340

Configuring IPX Type 20 Packet Handling 340 IPX Type 20 Packet Handling Configuration Elements 340

IPX Type 20 Packet Handling Device Configuration Elements 341 IPX Type 20 Packet Handling Background Informati on 341

IPX Isolated Mode 341

Configurin g IPX Isolated Mode 341 IPX Isolated Mode Configuration Elements 341 IPX Isolated Mode Background Information 341

IPX Triggered RIP/SAP 342

Displaying WAN Peer List 342 Configuring Triggered RIP/SAP Global Timers 342 Configuration Elements 343 Triggered RIP/SAP Back groun d In formation 343

IPX-Specific Infor mation for Devices 344

Configuring IPX Device s 344

WAN Devices 344

Remote LAN Devices 346 IPX Configuration Elements for Devices 347 IPX Background Information for Devices 349

IPX Triggered RIP/SAP Device Background 349

Central Site Remote Access Switch 15

USER’S GUIDE

Configuring SNMP 350

Overview 350 Configuring SNMP 350 SNMP Configuration Elements 352 SNMP Background Information 353

Using Cabletron NMS Systems 356

Configuring AppleTalk Routing 3 5 7

Overview 357 AppleTalk Rou ting Option 357

Enabling AppleTalk Routing 357 AppleTalk Rou ting Option Configuration El e ment 358 AppleTalk Routi ng Background Inf ormation 358

AppleTalk Ports 358

Configuring AppleTalk Ports 358 AppleTalk Ports Configuration Elements 359 AppleTalk Ports B ackground Information 360

The AppleTalk Network Type 360

Dynami c Node Address Assignment 360

The Zone Concept 361

AppleTalk Remote LAN 361

AppleTalk Static Rout e s 362

Configuring AppleTalk Static Routes 362 AppleTalk Routi ng Static Routes Configurati on El e men ts 363 AppleTalk Routi ng Static Routes Background Information 363

AppleTalk Capacities 363

Configuring AppleTalk Capacities 363 AppleTalk Capacities Configuration Elements 363 AppleTalk Capacities Background Information 364

AppleTalk Isolated Mode 364

Configuring the AppleTalk Isolated Mode 364 AppleTalk Isolated Mode Configuration Elements 364

Configuring Call Control 36 5

Overview 365

Call Control Menu 365

Throughput Monitor 366

Configuring the Throughp ut Monitor 366 Throughput Monitor Configuration Elements 367 Throughput Monitor Background Information 367

Overload Condition Monitori ng 368

Underload Condition Monitoring 369

Idle Condition Monit oring 369

Throughput Monitor Configuration Example 369

Call Int erval Param e te r s 3 7 1

Configuring the Call Inter val P arameters 371 Call Interval Config urat ion Element s 371 Call Interval Background Information 371

Monthly Call Charge 371

Configuring Monthly Call Charge 371 Monthly Call Charge Configuration Elements 372 Monthly Call Charge Background Info rmation 372

16 CyberSWITCH

Call Restrictions 372

Configuring Call Re strict ion s 372 Call Restriction Configuration Elements 373 Call Rest ri c tions Background Informa tion 376

Bandwidth Reservation 376

Configuring Bandw idt h Res erv ation 376 Bandwidth Rese rvatio n Configur a tion Elem ent s 378 Bandwidth Reservation Background Information 379

Semipermanent Connections 379

Configuring Semipermanent Connections 379 Semipermanent Connections Configuration Elements 381 Semipermanent Connection s Background Information 381

Interactions with Other Features 381

CSM as a Call Control Manager 383

Configuring CSM for Ca ll Cont ro l 383 Configuration Elements 383 Background Informati on 384

Call Control Manage m ent 384

Limitations/Considerations 385

D Channel Callback 385

Configuring D Chann el Callba ck 385 D Channel Callback Configuration Elements 386 D Channel Callback Background Information 386

Digital Modem Inactivity Timeout 387

Configuring the Digital Modem Inactivity Timeout 387 Modem Inactivity Timeout Configuration Elements 387 Modem Inacti vity Timeout Background Information 388

Configu ring Other Advance d O p tions 389

Overview 389 The Digital Modem 389

Configuring for a Digital Mode m 389 Digital Modem Backgroun d Informatio n 390

Supported Modes of Connection 391

Relationships between Digital Modem and other Features 392

Default Async Protocol 392

PPP Mode 392 Terminal Mode 393 Call Disconnect 393 Default Async Protocol Configuration Elements 393 Background Informati on 394

Autosense Feature 395

Limitations 395

Interactions with Other Features 395

PPP Configuration 396

Configuring PPP 396 PPP Configuration Elements 396 PPP Background Information 398

PPP Link Failure Detection 398

PPP Reference Documents 399

Central Site Remote Access Switch 17

USER’S GUIDE

Default Line Protocol 399

Configuring Default Line P rotocol 399 Default Li ne Protocol Configuration Ele ments 400 Default Line Protocol Background Informatio n 400

Log Options 400

Configuring Log Options 400 Log Options Configuration Elements 401 Log Options B ackground Info rmation 402

Local Log File Overvie w 402

Syslog Server Overview 402

System Messages 404

Authentication Messages 404

Call Detail Recording 404

Compression Options 410

Configur ing Compressi on Options 41 0 Compression Options Configuration Elements 411 Compression Options Bac kground Infor mati on 412

Compr essio n and CCP 412

TFTP 414

Configuring TF TP 414 TFTP Configura tion Elem en ts 414 TFTP Background Information 414

File Attributes 415

Configuring File Attributes 415 File Attributes Configuration Elem ent s 415 File Attributes Background Inf orm ation 4 16

VERIFICATION AND DIAGNOSIS 417

Verify in g th e Base System 418

Overview 418 Hardware Re sou rces Operational? 418

WAN Adapter Initialized? 418 LAN Adapter Init ia lize d? 419

WAN Lines Available for Use? 420

Verifying WAN Line Availability 420 Dedicated Serial Con nections 421

LAN Connecti on O pe rati on al? 422 Bridge Initialized? 423 IP Router Initialized? 423 Remote Device Connectivity 424 Multi-Level Security 4 26 IP Host Mode 427

IP Host Initialized? 427

Verification 427 IP Host Mode Operational? 427

Verification over a LAN conne ct i on 428

Verification over a WAN connection 429

18 CyberSWITCH

Alternate Accesses 429

Dedicated Co nnections 429 Frame Relay Connections 430

PPP Link Failure Detection 430 X.25 Connections 431

X.25 and a Terminal Server Menu 432

Verify in g Ro u ting Protocols 433

Overview 433 IP Routing Operational? 433

IP Routing Over a LAN Interface 433 IP Routing Over a WAN Interface 434 IP Routing Over a WAN (Direct Host) Interface 436 IP Routing Over a WAN Remote LAN Interf ace 438 IP Routing Over a WAN UnNumbered Interface 439 IP Filters 440 IP RIP Initialized? 441 IP RIP Output P rocessing on a LAN Interface 442 IP RIP Input Processing on a LAN Interface 443 IP RIP Output P rocessing on a WAN Interface 444 IP RIP Input Processing Operational on a WAN Interface 445

IPX 446

IPX Router Initialized? 446 IPX Routing Operational? 447 IPX Routing over a LAN Connection 447 IPX Remote LAN Co nne ction 448 IPX Routing ove r a WAN Connection 450 Triggered RIP/SAP 450

AppleTalk Routing 452

AppleTalk Routing Initialized? 452 AppleTalk Routing Operational? 452 AppleTalk Routing over the LAN connection 453 AppleTalk Routing over a WAN connection 455

Verifying System Options 457

Overview 457 SNMP 457 Dial Out 459 Call Detail Recording 461 Compression 462 Reserved Bandwidt h 463 DHCP Relay Agent 464

Verifying DHCP Relay Agent Initialization 464 Verifying the Relay Agent is Enabled 464 Verifying the Relay Agent is Operational 465

DHCP: Proxy Client 467

Verifying DHCP Proxy Client Initialization 467 Verifying the Proxy Client is Enabled 467 Verifying the Proxy Client is Operational 468

Verification of UDP Ports 468

Verifi c a ti o n of IP A ddress P o ol 469

D Channel Callback 469

Central Site Remote Access Switch 19

USER’S GUIDE

Modem Callback 470 Verifying a Semipermanen t Conne cti on 471 Proxy ARP 472

TROUBLESHOOTING 474

LCD Messages 475

Overview 475 LCD Message Groups 475

Initialization LCD Message 475 Normal Operation LCD Messages 475 Error LCD Messages 476

System Messages 480

Overview 480 Informational Messages 481

Initialization Messages 481 Normal Operation Messages 481 Spanning Tree Messages 481

Warning Messages 481 Error Messages 481 System Message Summary 482

Trace Messages 544

Overview 544 Call Trace Messages 545

Call Trace Message Summary 546

IP Filters Trace Messages 551 PPP Packet Trace Messages 552

WAN FR_IETF Trace Messages 554

X.25 Trace Messages 554

X.25 Trace Message Summary 554

X.25 (LAPB) Trace Messages 557

X.25 (LAPB) Trace Message Summary 557

SYSTEM MAINTENANCE 559

Remote Management 560

Overview 560 SNMP 561

Installation and Configuration 562 Usage Instru ctions 562

Telnet 563

Installation and Configuration 564 Usage Instru ctions 564

WIN95 Dial-Up Networking 566

Setting up a New Number 566 Setting Up Server Type 566 Dialing Out 567

20 CyberSWITCH

TFTP 568

Installation and Configuration 568 Usage Instru ctions 569

Carbon Copy 570

Installation and Configuration 570 Changing CARBON COPY Configuration Parameters 570

CARBON COPY Configuration Parameters for Modem Usage 571 Usage Instru ctions 572

Establishing a Remote Administration Session 572

Terminating a Remot e Admi nistration Session 573 Running without Carbon Copy 574

Remov in g Ca rb o n Co p y 57 5

Null Modem Connection 575

Adding Carbon Copy 575

System Commands 576

Overview 576 Accessing Admin istration Services 576 Setti n g th e I P Ad d r e s s 5 77 Accessing Dynamic Managem ent 577 Viewing Operational Inf orm ation 578 Viewing Throughput Information 582

Throughput Monitor Contents 583

Saving Operational Information 584 Clearing Opera tional Inf orm atio n 584

Configuration-R ela te d Comm an d s 585

Terminating and Restarting the CyberSWITCH 585 Setti n g the D ate and Ti me 586 Terminating Admin istration Sessions 586 AppleTalk Routing Commands 587 Bridge Commands 591 Call Control Co m ma nd s 592 Call Detail Recording Commands 596 Call Restriction Commands 596 Compression Information Commands 597 CSM Commands 597 DHCP Com m an ds 59 7 Digita l Modem Commands 598 Frame Relay Commands 599 IP Routing Commands 601 IPX Rou ting Commands 605 ISDN Usage Commands 607 LAN Commands 608 Log Commands 608 Packet Capture Commands 609 RADIUS Command s 612 Serial Interface Commands 614 SNMP Co mma nds 614 Spanning Tree Comma nds 614

Spanning Tree Port Information 614 Spanning Tree Bridge Information 615

TCP Commands 617

Central Site Remote Access Switch 21

USER’S GUIDE

Telnet Commands 618 Termina l Commands 620 TFTP Commands 621 Trace Commands 622 UDP Command s 6 2 3 User Level Security Commands 623 WAN Comm an ds 624 X.25 Commands 625

System Statistics 627

Overview 627 Connectivity Statistics 627 Call Restriction Statistics 628 Call Statistics 628 Throughput Monitoring Statistics 628 AppleTalk Statisti cs 629

AppleTalk Protocol Statistics 629

AppleTalk Data Delivery Protocol (DDP) Statistics 629

AppleTalk Echo Protocol (AEP) Sta ti stics 630

AppleTalk Rou ting Table Maintenance Protocol (RTMP) Statistics 631

AppleTalk Zone Informati on Protocol (ZIP) Statist ics 631

AppleTalk Name Binding Protocol (NBP) Statistics 632

AppleTalk Transaction Protocol (ATP) Statistics 632 AppleTalk Port Statistics 633

Bridge Statistics 634 Call Detail Recording Stat istic s 634 Compression St atistics 635

Compression Related Statistics 635 Decompressi on Related Statistics 635

DHCP Statistics 636

Common DHCP Statisti cs 636 DHCP Relay Agent Statistic s 637 DHCP Proxy Client Statistics 638

Digital Modem Statistics 639 Frame Relay Statisti cs 639

Access Related Statis tics 639 PVC Related Statist i cs 641

LAN Stati st ics 642 IP Statistics 643

IP Group Statistics 643 ICMP Group Statistics 645

IPX Statistics 646

IPX General Statistics 646

IPX Basic System Table Statistics 647

IPX Advanced System Table Stati stics 648 IPX RIP Statis tics 648 IPX Triggered RIP Statisti cs 649 IPX Route Statistics 649 IPX SAP Statistics 650 IPX Triggered SAP Statistics 650 IPX Service Statistics 651

22 CyberSWITCH

RIP Statist ics 651

RIP Global Stati stics 651 RIP Interface Statistics 651

Serial Interfa ce Statistics 652 SNMP Statistics 652 TCP Statistics 655 TFTP Statistics 656

Statistics for Serve r or Rem o te initia ted TF TP Ac tiv ity 656 Statistics for Loca l or Clien t Initia ted TFTP Ac tiv ity 656 Statistics for all TFTP Activity 657

UDP Statistics 658 WAN FR_IETF Statistics 658 WAN L1P Statistics 659

PRI S/T (T1/E1) Interface Statistics 659 Layer 1 PRI Error Stat istics 659 Layer 1 General Stati stics 660

WAN Statistics 660 X.25 Statistics 661

X.25 Access Related Statistics 661 X.25 Virtual Circuit (VC) Rel ated Statistics 663

Routine Maintena nce 66 5

Overview 665 Installing/Upgrading System Software 665 Executing Configu ration Changes 665

Configuration Files 665 Making Changes Using CFGEDIT 665 Making Changes Using Manage Mode 666

Configuration Backup and Rest ore 666 Obtaining System Custom Information 666

APPENDICES 667

System Adapters 668

Ethern et Ad a pt e r 6 69 Basic Rate Adapter 670 Primary Rate Adapter s 671

The PRI-8 671

The PRI-23 672

The PRI-23/30 673 Expander Adapter 674 V.35 Adapter 675

RS232 Adapter 676

Digital Modems 677

The D M-8 677

The DM-24 678

The DM-24+/DM-30+ 680 Encryption Adapter 682

DES Adapter (US Version) 682

Central Site Remote Access Switch 23

USER’S GUIDE

System Worksheets 683

Network Topology 684 System Details 685

Resources 685 Lines 685 Accesses 686

Device Information 687 Bridging and Routing Info rm ation 688

Bridging 688 IP Routing 68 8 IPX Routing 689 AppleTalk Routing 690

CFGEDIT Map 691

Overview 691 Main Menu 691 Physical Resources Menu 692 Options Menu 693 Security Menu 696

Getting Assistance 699

Reporting Problems 699 Contacting Cablet ron Sy stems 699

Administrative Console Commands Table 701 Manage Mode Commands Table 708 Cause Code s Ta ble 712

INDEX 719

24 CyberSWITCH

SING THIS GUIDE

The User’s Guide is divided into the following parts:

YSTEM OVERVIEW

We begin with an overview of bridging, routing, and specific CyberSWITCH features. Next, we provide an overview for both the system software and hardware.

YSTEM INSTALLATION

In this segmen t of the User’s Guide we provide guidelines for ordering ISDN service in the US, and a step-by-step description of installing hardware and upgrading software.

ASIC CONFIGURATION

We define basic configuration as the configura tion n eeded by most devices . These are the areas of configuration that will get your system up and running. Note that not all configuration steps in this part are required. For example, if you are only using bridging, you will have no need to complete the configuration steps included in the chapter titled Configuring Basic IP Routing.

ECURITY CONFIGURATION

The CyberSWITCH prov ides a great variety of security options. For example, you may use device level se cu rity, use r l eve l secur ity , or i f pr efe rred , no secu ri ty. You m ay al so perfo rm auth enti ca tion of a device/ user in different ways. The security information may be stored on several differ e nt types of databases, either local ly or on a variety of remote databases.

System secu rity also allow s the configuration of administrative session (Teln e t se ssion) enhancements. This provides secure access to the system along with flexible control.

DVANCED CONFIGURATION

We defi n e advan ce d co n fi guration as a w a y to fine tun e your sy st e m, or to confi g ure options tha t are not necessarily needed by the majority of devices. For example, use this sectio n to configure an alternate access, or to set up SNMP to manage your syste m.

ERIFICATION AND DIAGNOSIS

Once you’ve installed and configured your system, we recommend you verify its operational featu res. Th is segme nt describe s how to verify (a nd then ad ju s t , if ne cessa r y) th e b a se sy s tem, protocols and options.

ROUBLESHOOTING

Trou bl e shootin g in cl u d es a descrip t i o n of sys tem LCD in d icators , f ol l ow e d by syst e m m essages and trace messages. Each message listing in these chapters provides the message itself, a message definition, and where appropriate , possible corrective actions.

YSTEM MAINTENANCE

In this section, we provide information to help you maintain your CyberSWITCH once it is operating. System maintenance information includes information regarding remote management, a chapter on both the system comm ands and the system statistics, and routine maintenance procedures.

USER’S GUIDE

APPENDICES

The User’s Guide provides the following appendices:

ETWORK WORKSHEETS

These worksheets are provided to help you gather pertinent infor mat i on for co n fi guring your

system. We recommend that you print copies of these blank forms and fill in the appropriate

information before you begin configuring your system.

CFGEDI T M

This map provides a guide thro ugh the Conf igur ation Ed itor str ucture, and may be a helpful

reference when configuring the CyberSWITCH using the CFGEDIT utility.

ETTING ASSISTANCE

This appendix provides information for getting assistance if you run into problems when

installing your system. A FAX form is included. You can print this form, fill out the information

requested, and FAX it to Cabletron Systems, using the provided FAX number.

DMINISTRATION CONSOLE COMMANDS

Provide s a tab ular list ing of the system administration console commands and th e ir uses.

ANAGE MODE COMMANDS

Provide s a tab ular list ing of the Manage Mode commands and their uses.

AUSE CODES

Provides a tabular listing of Q.931 Cause Codes and their meanings. These cause codes may

appear in call trace messages.

YSTEM ADAPTERS

Provides illustrations of available adapters for the CyberSWITCH.

DOCUMENTATION SET

This guide, the User’ s Gu ide, provides information to install and configure your system. It also provides information you may need to refer to keep your system running efficiently after it is up and running. For example, it provides a list i ng of system messages. Each message listing provides a definition of w hat the message means, and where appropriate, corrective action you can take. Many other subjects are covered, including routine maintenance, hardware information, system verifi cation, and problem diagnosis.

This gu ide is one i nte g r al part of the e n t ire d o cu m e ntation se t . P le a se re f e r to the d o cuments described below for additional information.

The Example Networks Guide includes several example networks, beginning with a simple network, and progressing to m ore complex networks. These example network chapters provide configuration instructions that you may find helpful in configuring your own similar network.

The CSX7000 Guide is a supplement to the User’s Guide. Because the CSX7000 is a multi-system platform with ma ny unique fea t u re s , its h ar dw a re an d mo n it o ri ng capabil ities va ry widely fro m other Cabletron platforms. This guide details these differences.

26 CyberSWITCH

Guide Conventions

The Qui c k St art provide s abbr evia t ed installa ti on and configuration instruc tions for expe r ienced users. Specific instructions for setti ng u p various types of remote dev ices are also i nc luded.

The R ADIUS Authentication User’s Guide describ e s the setup of the RADIUS server software on a UNIX-based system. RADIUS (Remote Authentication Dial In User Service) provides multiple systems ce ntral data b a se access for security authe ntication purposes. If you have Inte rnet access, you may obtain this guide by fol lowing the steps outlined below:

• Use your Web browser to get to the following addres s:

http:// ser vice.nei.com

• From the re su lting screen, click on Anonymous.

•Click on the Radius director y.

•Click on the Docs directory. The guide will be under this directory.

The Release Notes provide release highlights and important information related to this release. Access these notes via your Web browser:

http://www.cabletron.com/support/relnotes

When you initially install or upgrade your system, an abbreviated version of these notes are availabl e for displ ay. Or , aft er t he syste m i s oper atin g, you ma y displ ay th em by issui ng the

rel_note.txt

console command.

list

GUIDE CONVENTIONS

The following conven tions are used throughout the documentation:

Syste m Commands All system comma nds (A dm inist rati on and Mana ge Mo de com mand s) are italic iz ed, and in a different font than the general text. For example, if you are instruct ed to enter the command to test for proper LAN connections, the command would appear as follows:

lan stats

CFGEDI T S CREENS Screens that appear on the monitor as you are configuring your system using the CFGEDIT utility will be displayed using the style shown b elow:

Main Menu:

1) Physical Resources

2) Options

3) Security

4) Save Changes

Select function from above or <RET> to exit:

ONITOR DISPLAYS

M Any messages or text that is displayed on your monitor w ill be shown in the style be low:

LAN Port <port #> is now in the LISTENING state

WAN Port <port #> is now in the FORWARDING state

LAN Port <port #> is now in the LEARNING state

LAN Port <port #> is now in the FORWARDING state

Central Site Remote Access Switch 27

USER’S GUIDE

DOCUMENTATION TITLES All references to CyberSWITCH documentation titles will use the same font as normal text, but will

be italicized. For example, all references to the User’s Guide will appear as:

User’s Guide

28 CyberSWITCH

YSTEM OVERVIEW

We inc l u de th e f ollowing cha p te rs in the Sy stem Ov ervi ew segment of the User’s Guide.

• The CyberSWITCH

Provides the “big picture” view of a CyberSWITCH network. We include an overview of

unique system features, interoperability, security, interfaces, system components, remote

devices, and switches supported.

• Hardware Overview

A description of system platforms an d adapters.

• Software Overview

A description of the CyberSWITCH’s system and administrative sof t ware. We also include a

description of system files.

(

)

HE CYBER

The CyberSWITCH family o f products represents t h e l atest in high-speed remote access hardware and softw are to ol s. T hes e pr oduc ts al low c usto mers t o impl em ent the c onnec tiv ity s oluti on i dea ll y suited t o the needs of their b usiness - with suppor t over a wide range of tech nologi es cover ing both permanent and on-demand con nections using IS DN, analog modem, Frame Relay, dedicated l ines, and X.25.

The CyberSWITCH family of products ca n be used with a mi x of bridges , routers, hosts, PCs, and workstation s. These com bina t ions pro vi de inter netwo rk ing cap ab ilitie s that will allo w dev ices to carry out LAN-to-LAN ap plicat ions such as teleco mmut ing, electron ic mail, mult i-m edia

transmission, imaging, and CAD. Devices “dial up” into a single system using a multi-line hunt group to extend the capabilit ies o ffere d by an enter prise LAN .

The CyberSWITCH’s Central Site platforms utilize a built in CPU to manage analog and digital communications. The platforms consist of a numbe r of modular slot s that allow har dware customi zation. This hardware, along with the sys tem’s UAA softw a re , work together to provide the centralized, concentrat or function needed to support a variety of remote devices in a larger, Central Site environm e nt.

SWITCH

Remote ISDN Bridge

Workstation

Sun SPARCstation

Host

BRI

File Server

BRI

SW 56

Silicon Graphics INDY

ISDN

Router

BRIs or

PRIs

BRI

INDY

with BRI ISDN TA

Remote ISDN Bridge

BRI

Workstation

+ 699 hidden pages

Enterasys Networks CSX6000, CSX7000, CSX5500 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

NOTICE

CONTENTS

DOCUMENTATION SET

Guide Conventions

We inc l u de th e f ollowing cha p te rs in the Sy stem Ov ervi ew segment of the User’s Guide.