FlowPoint CyberSWITCH CSX100, 100, 128, 200 User Manual

User’s Guide :

Command Line Interface

Third Edition (August, 1997)

FlowPoint provides this publication “as is” without warranty of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose.

Changes are periodically made to the information in this book. They will be incorporated in subsequent editions. FlowPoint may make improvements and/or changes in the product described in this publication at any time.

Trademarks

FlowPoint is a trademark of FlowPoint Corporation.

All other trademarks and registered trademarks mentioned in this manual are the sole property of their respective companies.

180 Knowles Drive, Suite 100 Los Gatos, California 95030 Telephone: (408) 364-8300 Fax: (408) 364-8301 Email: info@flowpoint.com

Software License Agreement and Warranties

License Agreement

This product contains certain Software (computer programs, firmware and media) the use of which are subject to this license agreement. If you do not agree with all the terms, you must return this product, all manuals and documentation, and proof of payments, to the place you obtained them for a full refund within 30 days of first acquiring this product. Your written approval is not prerequisite to the validity or enforceability of this agreement and no solicitation of any such written approval by or on behalf of FlowPoint shall be construed as an inference to the contrary.

License and Term

FlowPoint and any applicable sublicensors grant to you a non-exclusive, non-transferable license to use the FlowPoint software programs and related documentation in this package (collectively referred to as the “Software”) on one licensed router. If the FlowPoint product that you acquired is an upgrade, then the terms and conditions of this agreement apply equally to the upgraded product. Any attempted sublicense, assignment, rental, sale or other transfer of the Software or the rights or obligations of this Agreement without the prior written consent of FlowPoint shall be null and void. You agree not to export or re-export this product without prior authorization from the U.S. and other applicable government authorities. This License will automatically terminate without notice to you if you fail to comply with its terms. This Agreement will be covered by the laws of the State of California.

The Software and documentation are copyrighted. You may make copies of the Software only for backup and archival purposes. Unauthorized copying, reverse engineering, decompiling, disassembling, and creating derivative works based on the Software are prohibited. Title to the Software is not transferred to you by this license. Ownership and title to the Software and to the actual contents of this package, including the copy of the Software and the media on which it is stored and the associated documentation are retained by FlowPoint and/or its licensors.

U.S. Government End Users. The [Licensed Product] is a “commercial item,” as that term is defined at 48 C.F.R.

2.101 (OCT 1995), consisting of “commercial computer software” and “commercial computer software documentation,” as such terms are used in 48 C.F.R. 12.212 (SEPT 1995) and is provided to the U.S. Government only as a commercial end item. Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through

227.7202-4 (JUNE 1995), all U.S. Government End Users acquire the [Licensed Product] with only those rights set forth herein.

iii

Limited Warranty on Media and Damages Disclaimer

FlowPoint or its distributors or resellers will repair or replace free of charge any defective recording medium on which the Software is recorded if the medium is returned to FlowPoint or its distributor or reseller within ninety (90) days after the purchase of License for the Software. This warranty does NOT cover defects due to accident, or abuse occurring after your receipt of the Software. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH MAY VARY FROM STATE TO STATE.

Software Limitations

FlowPoint does not warrant that the Software will be free from error or will meet your specific requirements. You assume complete responsibility for decisions made or actions taken based on information obtained using the Software. Any statements made concerning the utility of the Software are not to be construed as unexpressed or implied warranties.

FLOWPOINT SHALL NOT BE RESPONSIBLE OR LIABLE WITH RESPECT TO ANY SUBJECT MATTER OF THIS SOFTWARE LICENSE AGREEMENT, THE HARDWARE, OR THE AGREEMENTS OF WHICH THEY ARE A PART OR ANY MEDIA ATTACHMENT, PRODUCT ORDER, SCHEDULE OR TERMS OR CONDITIONS RELATED THERETO UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER THEORY: A) FOR LOSS OR INACCURACY OF DATA OR (EXCEPT FOR RETURN OF AMOUNTS PAID TO FLOWPOINT THEREFORE), COST OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES, OR TECHNOLOGY, B) FOR ANY INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO LOSS OF REVENUES AND LOSS OF PROFITS; HOWEVER CAUSED, WHETHER FOR BREACH OF WARRANTY, BREACH OF CONTRACT, REPUDIATION OF CONTRACT, NEGLIGENCE OR OTHERWISE.

NEITHER FLOWPOINT NOR ANY OF ITS REPRESENTATIVES, DISTRIBUTORS OR OTHER RESELLERS MAKES OR PASSES ON ANY WARRANTY OR REPRESENTATION ON BEHALF OF FLOWPOINT’S THIRD PARTY SUPPLIERS.

Post Warranty Services

Contact FlowPoint for information regarding post-warranty hardware and software services.

Preface

About This Book

The FlowPoint Router User’s Guide: Command Line Interface contains information on the syntax and use of the Command Line Interface. It provides the steps and basic information needed to configure the FlowPoint Router software, Release 2.0.4, and troubleshoot problems using the Command Line Interface. Configuration of network connections, bridging, routing, and security features are described. The book also provides more detailed information about the system’s bridging, routing, addressing, and security operation.

This book is intended for small and home office users, remote office users, and other networking professionals who are installing and maintaining bridged and routed networks.

How This Book is Organized

This user’s guide is intended to help you configure and manage the FlowPoint Router using the Command Line Interface. The guide assumes that you have read the information about the FlowPoint Router, installed the hardware using the Getting Started Guide, and reviewed the planning section in that manual. The guide is divided into seven parts:

· Introduction

Describes the features of the Command Line Interface

· Advanced Topics

Contains additional information on topics such as interoperability, routing and bridging operation, PAP/CHAP security negotiation, bandwidth management, protocol conformance, and the file system.

· Planning for Router Configuration

Provides information unique to configuration using the Command Line Interface including tables for collecting required information

· Configuring FlowPoint Router Software

Describes how to configure the FlowPoint Router using the Command Line Interface

· Command Line Interface Reference

Describes the syntax of each command and the results when the command is entered.

· Managing the Router

Describes SNMP management capabilities, TELNET support and how to upgrade the system software, backup and restore configuration files, and recover FLASH memory

· Troubleshooting

Describes problem symptoms and provides suggestions for locating the source of errors. A list of time-stamped system messages is provided.

References

FlowPoint 100/128 User Guide, P/N 222-00165-01

Contains an overview of the FlowPoint 100 Router’s software and hardware features and details on hardware installation and software configuration using the Windows-based Configuration Manager.

FlowPoint 200 Getting Started Guide, P/N 222-14000

Contains an overview of the FlowPoint 200 Router’s software and hardware features and details on hardware installation and software configuration using the Windows-based Configuration Manager.

Typographic Conventions

The following figure summarizes the conventions used in this guide:

Item Type Face Example

Words defined in glossary, book titles, figure captions, command reference

Italics Refer to Installing the Hardware

system name name

parameters. Keywords in command

Bold

Example: save isdn

reference instructions Examples showing you

what to type and what is

Mono-spaced font Enter the following command:

remote setMaxLine 2 rm1

displayed on the terminal. File names Upper case Copy file CFGMGR.EXE

Table of Contents

Introduction 1 Chapter 1. Advanced Topics 2

Interoperability 2

Routing 2 Bridging 3

Bridging and Routing Operation 4

Bridging and Routing Configuration Settings 4 Point-To-Point Protocol (PPP) 6 PAP/CHAP Security Authentication 7

Security Configuration Settings 7

Authentication Process 8 Bandwidth-On-Demand 10

Bandwidth-on-Demand Configuration Settings 10 Protocol Conformance 11

Point-to-Point Protocol Standards 11

IP Routing 11

IPX Routing 11 System Files 12

Chapter 2. Planning for Router Configuration 15

Advanced Command Line Interface Features 15

Bridging Filtering 15

ISDN Subaddressing 15

Unique System Passwords 16

Analog Services 16

CallerID Security 17

Call Management 18 Network Information Tables 19 Sample Configuration 22

Chapter 3. Configuring FlowPoint Router Software 27

Configuration Overview 27 Basic Configuration 29

Step 1. Log into the Target Router 29

Step 2. Set Target System Settings 29

Step 3. Set Target System ISDN Settings 30

Step 4. Set Target System Ethernet LAN Addressing 32

Step 5. Add Remote Routers into Remote Router Database 34

Step 6. Configure DialUp Link Information 35

Step 7. Configure Bandwidth Management 36

Step 8. Set Up Security 37

Step 9. Set Up TCP/IP Routing 38

Step 10. Set Up NetWare IPX Routing 41

Step 11. Set Up Bridging 45

Step 12. Configure Analog Settings 46

Step 13. Save the Configuration 48

Step 14. Reboot the Router 48

Step 15. Verify the Router Configuration 49

Step 16. Logout 51 Special Features 52

Configure IP Firewall, Bridging Filtering 52

Configure CallerID Security 53

Configure Call Management 53

vii

Configuring DHCP (Dynamic Host Configuration Protocol) 54

Chapter 4. Command Line Interface Reference 64

Command Line Interface Conventions 64 System Level Commands 66 Router Configuration Commands 73

Target Router System Configuration Commands (SYSTEM) 73 Target Router ISDN Configuration Settings (ISDN) 78 Target Router Ethernet LAN Bridging and Routing (ETH) 83 Target Router Analog Services (POTS) 89 Remote Router Access Configuration (REMOTE) 92 Dynamic Host Configuration Protocol (DHCP) 110 Bridging Filtering Commands (FILTER BR) 119 Save Configuration Commands (SAVE) 121 Erase Configuration Commands (ERASE) 123

File System Commands 125

Chapter 5. Managing the Router 129

Simple Network Management Protocol (SNMP) 129 TELNET Remote Access 129 Client TFTP Facility 130 Software Boot Options 130

Manual Boot Mode 130 Booting from the Network 131 Other Manual Boot Options 132

Software Kernel Upgrades 133

Booting and Upgrading from the LAN 133

Upgrading from the ISDN Line 134 Backup and Restore Configuration Files 135 FLASH Memory Recovery Procedures 136

Chapter 6. Troubleshooting Software Problems 137

Problems and Recommendations 137

1. Login password is invalid 137

2. IP routing problems 137

3. ISDN problems 138

4. Bridging problems 140

5. IPX routing problems 141

6. No dial tone 141

7. Remote router won’t dial 142

8. Cannot receive analog calls 142

9. Funny dial tone 142

10. Cannot access router via Telnet 142

11. Cannot download software 142 How to Obtain Technical Support 143 System Messages 144

Time-Stamped Messages 145 ISDN Q.931 Cause Values 150

History Log 152

Appendix A. Network Information Worksheets 153

viii

Introduction

Basic and advanced configuration of the FlowPoint Router 100 software, Release 2.0.4, can be performed using two methods:

• The Command Line Interface (described in this document)

• The Microsoft® Windows™-based Configuration Manager (featuring an easy-to-use, point-and-

click GUI interface).

However, this document concerns itself solely with the Command Line Interface method and covers the following basic configuration topics:

• Setting of names, passwords, telephone numbers, and link parameters

• Management of bandwidth

• Configuration of specific details within a protocol, such as IP or IPX addresses and IP protocol

controls

• Activation of basic bridging and routing protocols

• Enabling of the Internet firewall filter with IP routing

The Command Line Interface also provides the following advanced features:

• Manage the router’s file system

• Set bridging filters

• Configure ISDN subaddressing

• Configure analog services

• Issue online status commands

• Monitor error messages

• Set RIP options

How to access the Command Line Interface

You can access the Command Line Interface from:

• A terminal session running under Windows

• The terminal window from the Configuration Manager

• An ASCII terminal

• A TELNET session (for remote access)

NOTE 1: To use the Command Line Interface, the PC or ASCII terminal is connected to the Console port. This connection and the required communications settings are described in Step 1 under Installing the FlowPoint Router in the Getting Started Guide.

NOTE 2: To access the terminal window from within the Configuration Manager, click on Tools and Terminal Window. The menu selection Commands provides shortcuts to most of the commands described in this manual. These shortcuts will substantially reduce the amount of typing.

1 Throughout this manual, the FlowPoint Router is also called the router.

Introduction

Chapter 1. Advanced Topics

This chapter provides information on advanced topics useful to network administrators. Refer to the appropriate FlowPoint Getting Started Guide for a general overview of the FlowPoint Router basic features.

Interoperability

The FlowPoint Router uses industry-wide standards to ensure compatibility with routers and equipment from other vendors. To interoperate, the router supports standard protocols on the physical level, data link level, frame type or encapsulation method and network level. For two systems to communicate directly, they must use the same protocol at each level and negotiate options within the protocol.

The physical protocol level includes hardware and electrical signaling characteristics. This support is provided by the FlowPoint Router Ethernet, ISDN BRI, and RS232 asynchronous modem hardware interfaces (depending on the router model).

The data link protocol level defines the transmission of data packets between two systems over the LAN or WAN physical link. The FlowPoint Router supports 802.3 Media Access Control layer for CSMA/CD Ethernet and ISDN Q.921 LAPD for ISDN.

The frame type or encapsulation method defines a way to run multiple network-level protocols over a single LAN or WAN link. The router supports synchronous Point-to-Point Protocol (PPP) for WANs and 802.2 for LANs.

Routing

The network protocol provides a way to route user data from source to destination over different LAN and WAN links. Routing relies on routing address tables to determine the best path for each packet to take.

The routing tables can be seeded; i.e., addresses for remote destinations are placed in the table along with path details and the associated costs (path latency).

The routing tables are also built dynamically; i.e., the location of remote stations, hosts and networks are updated from broadcast packet information.

Routing helps to increase network capacity by localizing traffic on LAN segments. It also provides security by isolating traffic on segmented LANs. Routing extends the reach of networks beyond the limits of each LAN segment.

Numerous network protocols have evolved and within each protocol are associated protocols for routing, error handling, network management, etc. The following chart displays the networking and associated protocols supported by the router.

2 FlowPoint’s User’s Guide: Command Line Interface

Network Protocol Associated Protocol Description Internet Protocol (IP)

Internet Packet Exchange (IPX)

* Used only during a network boot ** IPX-RIP is a different protocol from IP-RIP and includes time delays

Routing Information Protocol (RIP)

Address Resolution Protocol (ARP)

Reverse Address Resolution Protocol (RARP)*

Internetwork Control Message Protocol (ICMP)

Simple Network Management Protocol (SNMP)

Routing Information Protocol (RIP)**

Service Advertising Protocol (SAP)

Protocol used to maintain a map of the network

Maps IP addresses to datalink addresses

Maps data link addresses to IP addresses

Diagnostic and error reporting/recovery

Network Management

Protocol used to maintain a map of the network

Distributes information about service names and addresses

Most of the router’s operation on each protocol level is transparent to you as a user. Some functions are influenced by configuration parameters and these are described in greater detail in the following sections.

Bridging

Bridging connects two or more LANs together so that all devices share the same logical LAN segment and network number. The MAC layer header contains source and destination addresses used to transfer frames. An address table is dynamically built and updated with the location of devices when the frames are received. Transparent bridging allows locally connected devices to send frames to all devices as if they are local.

Bridging allows frames to be sent to all destinations regardless of the network protocols used. It allows protocols that cannot be routed (such as NETBIOS) to be forwarded and allows optimizing internetwork capacity by localizing traffic on LAN segments. A bridge extends the physical reach of networks beyond the limits of each LAN segment. Bridging can increase network security with filtering.

The FlowPoint Router bridging support includes the IEEE 802.1D standard for LAN to LAN bridging and the Spanning Tree Protocol for interoperability with other vendor’s bridge/routers. Bridging is provided over PPP as well as adjacent LAN ports.

Most of the router’s bridging operation is transparent to you. Some functions are influenced by configuration parameters and these are described in greater detail in the following sections.

Advanced Topics

Bridging and Routing Operation

The FlowPoint Router can operate as a bridge, as a router, or as both (sometimes called a brouter).

• The router will operate as a router for network protocols that are supported.

• The router will operate as a bridge for protocols that are not supported for routing.

• Routing takes precedence over bridging; i.e., when routing is active, the router uses the packet’s

protocol address information to route the packet.

• If the protocol is not supported, the router will use the MAC address information to forward the

packet.

Operation of the FlowPoint Router is influenced by routing and bridging controls and filters set during router configuration as well as automatic spoofing and filtering performed by the router. For example, general IP or IPX routing, and routing or bridging from specific remote routers are controls set during the configuration process. Spoofing and filtering, which minimize the number of packets that flow across the WAN, are performed automatically by the router. For example, RIP routing packets and certain NetBEUI packets are spoofed even if only bridging is enabled.

Bridging and Routing Configuration Settings

The FlowPoint Router can be configured to perform general routing and bridging while allowing you to set specific controls.

One remote router is designated the outbound default bridging destination. All outbound bridging traffic, with an unknown destination, is sent to the default bridging destination. Bridging from specific remote routers can be controlled by enabling/disabling bridging from individual remote routers.

Routing is performed to all remote routers entered into the remote router database. All routing can be enabled/disabled with a system-wide control.

The following charts describe the operational characteristics of the router, based on configuration settings.

IP/IPX Routing ON Bridging To/From Remote Router OFF

Data Packets Carried IP (TCP, UDP), IPX Operational Characteristics Basic IP, IPX connectivity Dial-Up Link Impact IP, IPX data will initiate dial-up and maintain link. IP-RIP, IPX-RIP, SAP,

Watchdog and Serialization packets will not cause dial-up or a link to be maintained.

Typical Usage When only IP/IPX traffic is to be routed and all other traffic is to be ignored.

The most easily controlled configuration. For IP, used for Internet access.

4 FlowPoint’s User’s Guide: Command Line Interface

IP/IPX Routing ON Bridging To/From Remote Router ON

Data Packets Carried IP/IPX routed; all other packets bridged Operational Characteristics IP/IPX routing and allows other protocols, such as NetBEUI (that can’t be

routed), to be bridged.

Dial-Up Link Impact* All packets will initiate dial-up and link will be maintained except for IP-RIP

routing packets, ARP packets, IP-RIP, SAP, Watchdog and Serialization packets, spanning tree and NetBEUI ‘keep alive’ broadcast packets.

Typical Usage When only IP/IPX traffic is to be routed but some non-routed protocol is

required. Used for client/server configurations.

* Dial-out only occurs to default bridge destination

IP/IPX Routing OFF Bridging To/From Remote Router ON

Data Packets Carried All packets bridged Operational Characteristics Allows protocols, such as NetBEUI (that can’t be routed) to be bridged.

Dial-Up Link Impact * All packets will initiate dial-up and link will be maintained, except for IP-RIP

routing packets, ARP packets to the local subnetwork (including the target system), IPX-RIP, SAP, Watchdog and Serialization packets, spanning tree and NetBEUI ‘keep alive’ broadcast packets.

Typical Usage Peer-to-peer bridging and when the remote end supports only bridging.

* Dial-out only occurs to default bridge destination.

Advanced Topics

Point-To-Point Protocol (PPP)

PPP is an industry standard WAN protocol for transporting multi-protocol datagrams over point-topoint connections. PPP defines a set of protocols, such as security and network protocols, that can be negotiated over the connection. PPP includes the following protocols:

• Link Control Protocol (LCP) to negotiate PPP; i.e., establish, configure and test the data-link

connection.

• Network Control Protocols (NCPs), such as: TCP/IP routing Internet Protocol Control Protocol (IPCP) IPX routing Control Protocol (IPXCP) Bridge Control Protocol (BNCP)

• Security Protocols including PAP and CHAP.

A more detailed description of the router’s implementation of some of these protocols follows. A list of PPP protocol conformance is included in the section Protocol Conformance.

6 FlowPoint’s User’s Guide: Command Line Interface

PAP/CHAP Security Authentication

Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol under PPP are supported by the FlowPoint Router.

PAP provides verification of passwords between routers using a 2-way handshake. One router (peer) sends the system name and password to the other router. Then the other router (known as the authenticator) checks the peer’s password against the configured remote router’s password and returns acknowledgment.

CHAP is more secure than PAP as unencrypted passwords are not sent across the network. CHAP uses a 3-way handshake. One router (known as the authenticator) challenges the other router (known as the peer) by generating a random number and sending it along with the system name. The peer then applies a one-way hash algorithm to the random number and returns this encrypted information along with the system name. The authenticator then runs the same algorithm and compares the result with the expected value. This authentication method depends upon a password or secret known only to both ends.

Security Configuration Settings

The FlowPoint Router has one default system password used to access any remote router. This ‘system authentication password’ is utilized by remote sites to authenticate the local site. The router also allows you to assign a unique ‘system override password’ used only when dialing out to a specific remote router for authentication by that remote site. Each remote router entered in the remote router

Advanced Topics

database has a password used when the remote site attempts to gain access to the local router. This ‘remote authentication password’ is utilized by the router to authenticate the remote site.

Each remote router entered in the remote router database also has a minimum security level, known as the ‘remote authentication protocol’, that must be negotiated before the remote router gains access to the local router. In addition, a system-wide control, ‘system authentication protocol’, is available for overriding the minimum security level in the entire remote router database.

Authentication Process

The authentication process occurs regardless of whether a remote router has dialed in or the local router is dialing out, and even if the remote end does not request authentication. It is a bi-directional process, where each end can authenticate the other using the protocol of its choice (provided the other end supports it).

During link negotiation (LCP), each side of the link negotiates what protocol is to be used for authentication during the connection. If both the system and the remote router have PAP authentication, then PAP authentication is negotiated. Otherwise, the FlowPoint Router always requests CHAP authentication first; if refused, PAP will be negotiated. If the remote end does not accept either PAP or CHAP, the link is dropped; i.e., the FlowPoint Router does not communicate without a minimum security level. On the other hand, the router will accept any authentication scheme required by the remote node, including no authentication at all.

The following diagram illustrates the bi-directional negotiation that occurs between router New York and router Chicago.

During the authentication phase, each side of the link can request authentication using the method they negotiated during LCP.

For CHAP, the router issues a CHAP challenge request to the remote side. The challenge includes the system name and random number. The remote end, using a hash algorithm associated with CHAP, transforms the name and number into a response value. When the remote end returns the challenge response, the router can validate the response challenge value using the entry in the remote router database. If the response is invalid, the call is disconnected. If the other end negotiated CHAP, the remote end can, similarly, request authentication from the router. The router uses its system name and secret to respond to CHAP challenge.

8 FlowPoint’s User’s Guide: Command Line Interface

For PAP, when a PAP login request is received from the remote end, the router checks the remote router PAP security using the remote router database. If the remote router is not in the remote router database or the remote router password is invalid, the call is disconnected. If the router and password are valid, the router acknowledges the PAP login request.

If PAP was negotiated by the remote end for the remote-side authentication, the router will issue PAP login requests only if it knows the identity of the remote end. The identity is known if the call was initiated from the router or the remote end returned a successful CHAP challenge response. For security reasons, the router will never identify itself using PAP without first knowing the identity of the remote router.

If PAP was negotiated by the remote end for the local side of the authentication process and the minimum security level is CHAP, as configured in the remote router database, the link is dropped for a security violation.

Advanced Topics

Bandwidth-On-Demand

Bandwidth-on-Demand enables bandwidth management of up to two ISDN B-channels as the traffic load increases or decreases. This feature optimizes the use of dial-up WAN resources ensuring that a channel is used only when needed and released as soon as it is no longer required. The Multi-Link Protocol for PPP (MLP) is used to implement this feature. MLP allows two Bchannels to be bundled together to provide 128KB of data transmission capacity.

Bandwidth-on-Demand Configuration Settings

This feature is controlled by five configuration settings: Maximum and Minimum Links, Bandwidth Threshold, Fallback Interval2 and Bandwidth Management Direction. These settings are defined for each remote site.

When traffic is sent or received, one or two channels can be used for the data transmission. The configuration setting, maximum links, determines whether a maximum of one or two B-channels are available for remote transmission. Minimum links determines whether one B-channel is permanently allocated for the remote site connection or a channel is only allocated when needed.

Initially a call is activated on one B-channel. When bandwidth utilization reaches the bandwidth threshold, the second B-channel is activated (if maximum links has been set to 2). Both channels are utilized until the bandwidth utilization drops below the threshold after a fallback interval. The fallback interval, in seconds, ensures that channels are not disconnected if traffic drops off for a small interval while overall traffic continues to be heavy.

When two channels are utilized and traffic decreases to the point that one channel can be released, the first channel acquired is released. Releasing this channel rather than the more recently acquired channel may result in some cost savings since the first interval of ISDN access time tends to be the most costly.

The technique used to calculate bandwidth utilization is a sliding window or moving average. Traffic volume is sampled once per second and a moving average is computed by assigning a weight of 20% to the last sample and a weight of 80% to the last average. After five seconds, no dependency is left on previous traffic. Using a moving average technique, the bandwidth utilization average does not drop off or spike upwards steeply if traffic decreases or increases during a few second interval (bursty traffic, for example). This ensures an efficient management of link resources.

Bandwidth management can be applied to incoming, outgoing or both directions of traffic between the router and the remote site.

2 This configuration setting is fixed at five seconds.

10 FlowPoint’s User’s Guide: Command Line Interface

Protocol Conformance

Point-to-Point Protocol Standards

The implementation of PPP in the FlowPoint Router conforms to RFCs designed to address performance, authentication, and multi-protocol encapsulation. The following RFCs are supported:

RFC 1661 PPP

Compression Control Protocol (CCP) Not yet an RFC, March 1994

draft being implemented

RFC 1990 Multi-Link Protocol (MLP)

RFC 1974 Stac LZS compression protocol

RFC 1962 PPP Compression Control Protocol (CCP)

RFC 1332 IP Control Protocol (IPCP)

RFC 1552 Novell IPX Control Protocol (IPXCP)

RFC 1220 Bridging Control Protocol (BNCP)

RFC 1334 Password & Challenge Authentication Protocols (PAP,

CHAP)

RFC 1144 Compressing TCP/IP headers (Van Jacobson)

RFC 1058 Routing Information Protocol

RFC 1723 RIP Version 2

For compression the STAC® Electronics Stacker LZS™ Compression Protocol is used in a manner consistent with the February 1996 usage document.

IP Routing

IP routing support, conformant with RFC 791, provides the ability to process TCP/IP frames at the network layer for routing. IP routing support includes the Routing Interface Protocol (RIP), conformant with RFC 1058 (RIPv.1).

IPX Routing

IPX routing conforms to the Novell® NetWare™ IPX Router Development Guide, Version 1.10.

Advanced Topics

System Files

The router’s file system is a DOS-compatible file system. The following list describes the contents of the file system:

• SYSTEM.CNF Configuration files containing:

DOD Remote Router Database SYS System Settings: name, message, authentication

method and passwords

ETH Ethernet LAN Configuration settings POTS POTS Configuration data

• ISDN.DAT ISDN Settings files containing: SPIDs DNs switch type

• DHCP.DAT DHCP files

• FILTER.DATBridge filters

• KERNEL.FP1 Router system software. (FP1 for the FlowPoint 100, FP5

for the FlowPoint 200)

• ETH.DEF These two files are used by manufacturing to set default Ethernet address or

ISDN.DEF switch types.

• UK.FAC For POTS routers: used to confiured different ring codes

Any file contained within the system may be retrieved or replaced using the TFTP protocol. Specifically, configuration files and the operating system upgrades can be updated. Only one copy for the router software is allowed in the router’s FLASH memory. Refer to Chapter 5. Managing the Router or the Getting Started Guide for details on software upgrades, booting router software, copying configuration files and restoring router software to FLASH.

12 FlowPoint’s User’s Guide: Command Line Interface

Advanced Topics

Chapter 2. Planning for Router Configuration

Chapter 3 of the FlowPoint Getting Started Guide describes the configuration process and terminology, and the information that you need to collect before configuring the router. This chapter assumes that you have read the planning chapter in the Getting Started Guide, collected the network information and drawn diagrams of your network. If you are configuring the router using the Command Line Interface, planning is similar to the process described for the Configuration Manager with very few exceptions.

The Command Line Interface has some additional features you may wish to use. Also, planning tables (and worksheets) are included here but they refer to the commands used to configure the features rather than the Configuration Manager menu selections.

Advanced Command Line Interface Features

Bridging Filtering

You can control the flow of packets across the router using bridging filtering. Bridging filtering lets you ‘deny’ or ‘allow’ packets to cross the network based on position and hexadecimal content within the packet. This enables you to restrict or forward messages with a specified address, protocol or data content. Common uses are to prevent access to remote networks, control unauthorized access to the local network and limit unnecessary traffic.

For example, it might be necessary to restrict remote access for specific users on the local network. In this case, bridging filters are defined using the local MAC address for each user to be restricted. Each bridging filter is specified as a ‘deny’ filter based on the MAC address and position of the address within the packet. Deny filtering mode is then enabled to initiate bridge filtering. Every packet with one of the MAC addresses would not be bridged across the router until the deny filtering mode was disabled.

Similarly, protocol filtering can be used to prevent a specific protocol from being bridged. In this case, the protocol id field in a packet is used to deny or allow a packet. You can also restrict, for example, the bridging of specific broadcast packets.

ISDN Subaddressing

ISDN subaddressing enables ISDN devices connected on an S/T interface to be addressed uniquely by an address or identifier. Subaddressing information is passed between ISDN peers during call set-up of ISDN connections and is used to target communications to a specific ISDN device (similar to a

Planning for Router Configuration

multi-point leased line capability). Subaddressing allows you to have one telephone number for the ISDN equipment and provides an alternative to having a unique telephone number for each ISDN device. Subaddressing can be used whether one or more devices are connected to an S/T interface.

ISDN Subaddressing Configuration Settings

ISDN subaddressing configuration involves setting a subaddress for the local router and/or subaddresses for the remote routers. The subaddresses can be user-defined or network service access points (NSAPs), a format defined by the international standard Q.931.

Each device on an S/T interface ‘sees’ the subaddress with the incoming transmission, but only the addressed device processes the packet. If a subaddress has been defined for the FlowPoint Router, only transmissions that have a correct subaddress will be accepted, and a subaddress must be sent. If subaddressing is not defined and a transmission is received with a subaddress, the call is ignored.

Note that the FlowPoint Router will never clear a call if subaddressing is incorrect; the call will be ignored.

Unique System Passwords

As described in the section Security Configuration Settings in Chapter 1. Advanced Topics, you can specify a unique system override password for a remote router. This ‘system override password’ is used instead of the general system password only when dialing out to a specific remote router. This allows you to set a unique CHAP or PAP authentication password for authentication of the local site by the remote site only when the router dials out to that remote site. A common use would be to set a password assigned to you by Internet Service Providers. Similarly, the system name of the local router can be overridden when dialing out to a specific remote (system setoursysname).

Analog Services

The router’s analog services allow for attaching analog telephones, fax machines and/or modem equipment to the POTS interfaces. This support lets you specify how phone numbers are associated with the POTS interfaces, whether the POTS interfaces can be used for dialing as well as for answering and whether voice calls have priority over data calls.

POTS Interfaces and Telephone Numbers

Your ISDN service provider has given you one or more telephone numbers that other locations or persons can dial to access the router. When you have attached analog devices, you need to associate these telephone numbers with the POTS interfaces so that an incoming voice call can be assigned to the correct analog port.

16 FlowPoint’s User’s Guide: Command Line Interface

If you have a North American central office switch and have configured two SPIDS/DNs, the default configuration is DN1 is associated with POTS interface 1 and DN2 is associated with POTS interface Otherwise, the default configuration is an incoming call will ring on all available devices attached to the POTS interfaces. An outgoing call will use any available B-channel.

You may wish to assign telephone numbers to distinct analog devices. You can configure these numbers into the target router’s system settings and then associate a unique telephone number with each POTS interface. You also have the option of assigning a telephone number to both POTS interfaces.

Directory Phone Number 555-1111

Directory Phone Number 555-1112

Analog Service Mode

You can designate a POTS interface to answer incoming calls and /or for dialing out. The default configuration sets both answer and dial mode for the two POTS interfaces.

Call Preemption

Call preemption allows you to give voice calls priority over data calls. Call preemption means a voice call (depending on the configuration options) will cause a disconnect of a data call on an ISDN B-channel. The default configuration is for both incoming and outgoing voice calls to preempt data.

You can specify that incoming and/or outgoing voice calls preempt data calls or that no preemption occurs unless two data channels are in use to the same destination. A ‘no preemption’ configuration ensures that a data connection is maintained on at least one channel.

In all cases, a voice call will preempt one data channel if two channels are in use to the same destination. If preemption is designated for outbound calls and an outbound voice call is initiated while two data channels are in use to different destinations, the router will randomly select a Bchannel to disconnect the data call. If preemption is designated for inbound calls and an inbound voice call comes in while two data channels are in use to different destinations, the router will also randomly select the line to preempt.

Call preemption does not occur on incoming calls unless a person picks up the phone or the analog equipment answers the call.

An incoming voice call may not always be forwarded from the central office if two B-channels are already in use for data calls. You must subscribe to a service called ‘Additional Call Offering’ for the voice call to be forwarded to the router.

CallerID Security

CallerID is an additional security feature on data calls supported by the router. CallerID allows you to verify phone numbers of the remote routers when calls come in to the local router. This feature is

Planning for Router Configuration

system-wide and you must configure the phone numbers from which a remote router can call. Any calls from other numbers will be rejected. The allowable phone numbers must be obtained from the remote locations or your network administrator.

Call Management

The router supports call management features that allow you to control ISDN line usage charges on data calls.

Dial-Back

Dial-Back lets you force the router to reject an incoming call from another router and dial that router back. You can use this feature to cause ISDN phone charge billing to the local router. Dial-Back can be enabled, disabled or enabled such that Dial-Backs occur only if called by the remote router first. When Dial-Back is configured, the local router’s call delay timer setting must allow for disconnect and dial back; the defaults (30 seconds for the U.S. and 90 seconds for Europe, Japan) or longer should be acceptable and Caller ID must be enabled.

PPP CallBack

PPP CallBack is a negotiated feature between routers. The local router requests that the remote router disconnect and call the local router back. If accepted, this feature results in ISDN phone charge billing to the remote router. You must obtain from your network administrator or the remote location, details on what the remote end needs for this feature. The router can send a phone number, a phone number in E164 format, or a name. When CallBack is configured, the remote router’s call delay timer setting must allow for disconnect and call back. With PPP CallBack, two phone calls are actually placed; Dial-Back may be cheaper to use.

Data as Voice

The “Data as Voice” feature causes data calls to be sent as voice calls over the ISDN service in the U.S. and may result in reduced line charges. You can configure a system-wide feature that allows you to receive data calls as voice calls and you will not be able to use the POTS interface for incoming voice calls. You can also cause data calls to be sent as voice calls to a specific remote router.

Warning: This feature must be used with care. Both ends of the connection must agree to configure calls in this manner and the feature may not work depending on the central office service.

18 FlowPoint’s User’s Guide: Command Line Interface

Network Information Tables

The following tables list the items you need to define or obtain to configure the router. This information was described and illustrated on network information diagrams in the Getting Started Guide. The unique Command Line Interface features are highlighted in bold text. Worksheets are provided in Appendix A so that you can enter details about your target router and remote routers. The worksheets show the commands associated with setting the features.

IMPORTANT NOTE: To configure the target router, you need to fill out one Target Router chart for the target router and one Remote Router chart for each remote router to be entered into the remote router database. If you are setting up both ends of the network, you will need a mirror image of the information listed below for configuring the router on the other end of the ISDN link.

TARGET ROUTER (SOHO) Target

Router Settings

System Settings

Item Description

Router Name

Name used to identify this router; sent to other routers during PAP/CHAP security authentication

ISDN Settings

Analog Interface Settings

Message

Authentication Protocol

Dial Authentication Password/Secret

CallerID

Data as Voice ISDN Line Numbers (supplied by the service provider, if applicable)

Type of telco switch

Subaddress (if used) POTS Phone Numbers

Answer/Dial Mode

Message saved in the router to be read by a system administrator (optional)

Force PAP or CHAP authentication protocol

This router’s password used for authentication when the router dials out to other routers or is challenged

Caller ID on or off

Receive Data as Voice Calls

SPIDs and Directory Numbers for one or two ISDN B-Channels on this router

NTT Nippon Telegraph/Telephone KDD Kokusai Denshin Denwa Co. AT&T 5ESS w/Custom Software Northern Telecom DMS-100 NI1 National ISDN 1 NET3 European ISDN NET3SW Swiss-variant ISDN HDS64 64Kb permanent connection HDS128 128Kb permanent connection

ISDN Subaddress for the router Assign ISDN Phone Numbers for POTS interfaces

Answer, Dial or Both

Call Preemption

Control

Planning for Router Configuration

IN/OUT/BOTH/NONE for POTS interfaces

On or Off

Ethernet IP Settings

Ethernet IP Address and Subnet Mask

LAN gateway address

Address and Subnet Mask for Ethernet Port Connection

Ethernet LAN IP

TCP/IP routing to all destinations On or Off

Routing On/Off

Ethernet LAN IP

Internet Firewall On or Off

Internet Firewall

Ethernet IPX Settings

Ethernet LAN IP Options Ethernet IPX Address and frame type

Ethernet LAN IPX

Transmit/Receive RIP packets/routes and advertise as default route Network Number for Ethernet LAN connection

IPX routing to all destinations On or Off

Routing ON/OFF

Bridging

Bridging Filters Bridging Filters to deny or allow

Filters

REMOTE ROUTER (HQ) - IN REMOTE ROUTER DATABASE Remote Router

Item Description Settings Dial Up Settings

Bandwidth

ISDN Phone Numbers,

SubAddress

Disconnect Timer

Maximum Links

ISDN Phone Numbers for one or two B-Channel(s), ISDN Subaddress

Disconnect Line on Inactivity Maximum links (up to 2 ISDN lines)

Management

Minimum Links

Minimum links (up to max links)

Security

Call Management

Threshold

Bandwidth Direction

Minimum

Authentication Protocol

Password/Secret

Unique system override

password

CallerID phone numbers

Dial-Back

PPP CallBack

Data as Voice

% threshold to access second channel

Management on IN|OUT|BOTH PAP|CHAP|NONE minimum protocol required for remote router

Remote router’s password used for authentication of target router

Password used by remote router for authentication of target router

Phone numbers to validate on incoming calls Disconnect and dial the remote router back ON|OFF|ONLY

Request call back when calling remote router

Send data as a voice call

20 FlowPoint’s User’s Guide: Command Line Interface

+ 136 hidden pages

FlowPoint CyberSWITCH CSX100, 100, 128, 200 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual