Lucent Technologies PortMaster User Manual

®

PortMaster

Configuration Guide

Lucent Technologies

Remote Access Business Unit

4464 Willow Road

Pleasanton, CA 94588

925-737-2100
800-458-9966

May 1998

950-1182D

Copyright and Trademarks

© 1995, 1997, 1998 Lucent Technologies. All rights reserved.

PortMaster, ComOS, and ChoiceNet are registered trademarks of Lucent Technologies. RADIUS ABM, PMVision,
PMconsole, and IRX are trademarks of Lucent Technologies, Inc. ProVision is a service mark of Lucent
Technologies, Inc. All other marks are the property of their respective owners.

Disclaimer

Lucent Technologies, Inc. makes no express or implied representations or warranties with respect to the contents
or use of this manual, and specifically disclaims any implied warranties of merchantability or fitness for a
particular purpose. Lucent Technologies, Inc. further reserves the right to revise this manual and to make changes
to its content at any time, without obligation to notify any person or entity of such revisions or changes.

Contents

About This Guide

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii

PortMaster Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii

Additional References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix

RFCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix

ITU-T Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

Books . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii

Document Advisories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii

Contacting Lucent Remote Access Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii

For the EMEA Region . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv

For North America, Latin America, and the Asia Pacific Region . . . . . . . . . . . . . . xxiv

PortMaster Training Courses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv

Subscribing to PortMaster Mailing Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv

1. Introduction

PortMaster Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Preconfiguration Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

Configuration Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

Basic Configuration Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4

2. How the PortMaster Works

Booting the PortMaster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

PortMaster Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

iii

Contents

On-Demand Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

PortMaster Security Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Port Status and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

3. Configuring Global Settings

Setting the System Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Setting the Administrative Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Setting the Dynamic Host Control Protocol (DHCP) Server . . . . . . . . . . . . . . . . . . . . . . 3-2

How the Cable Modem Telephone Return System Works . . . . . . . . . . . . . . . . . . . . 3-3

Setting the Default Route Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

Configuring Default Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6

Configuring Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6

Using the Host Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7

Setting the Name Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7

Setting the Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8

Setting the Domain Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8

Setting the Telnet Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9

Using the Telnet Port as a Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9

Setting the Number of Management Application Connections . . . . . . . . . . . . . . . . . . . 3-9

Setting System Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9

Setting the Loghost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

Disabling and Redirecting Syslog Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

Setting Administrative Logins to Serial Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12

Configuring an IP Address Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12

Setting the Reported IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

About the livingston.mib Definition File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14

Examining the MIB Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14

iv Configuration Guide for PortMaster Products

Contents

PortMaster Modem Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20

Setting SNMP Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21

Setting SNMP Read and Write Community Strings . . . . . . . . . . . . . . . . . . . . . . . . . 3-21

Adding SNMP Read and Write Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22

Viewing SNMP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23

Monitoring SNMP Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23

Displaying the Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23

Setting Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24

Adding and Deleting a Static Route for IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24

Adding and Deleting a Static Route for IPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25

Modifying the Static Netmask Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26

Enabling NetBIOS Broadcast Packet Propagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29

Setting Authentication for Dial-In Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29

Setting Call-Check Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30

Setting the ISDN Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30

4. Configuring the Ethernet Interface

Setting General Ethernet Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Configuring RIP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Applying Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2

Setting IP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Setting the IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Setting the Subnet Mask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Setting the Broadcast Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Enabling or Disabling IP Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Setting Ethernet IPX Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

Setting the IPX Network Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

Enabling or Disabling IPX Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

Setting the IPX Frame Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6

v

Contents

Configuring Ethernet Subinterfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7

Setting OSPF on the Ethernet Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

5. Configuring an Asynchronous Port

Asynchronous Port Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

General Asynchronous Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3

Overriding Certain Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3

Setting the Port Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3

Parity Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4

Setting Databits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4

Setting Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4

Setting the Dial Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5

Displaying Extended Port Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5

Setting the Login Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5

Setting the Login Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6

Setting an Optional Access Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6

Setting Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6

Allowing Users to Connect Directly to a Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6

Setting a Port as the Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7

Setting the Port Idle Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7

Configuring a PortMaster for Login Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8

Setting the Port Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9

Setting the Login Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10

Setting the Login Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11

Setting the Terminal Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11

Configuring a Port for Access to Shared Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11

Setting the Device Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14

Configuring a Port for Network Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15

Network Dial-In-Only Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16

vi Configuration Guide for PortMaster Products

Network Dial-Out-Only Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17

Network Dial-In-and-Out (Two-Way) Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-18

Configuring a Port for a Dedicated Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-20

Setting the Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22

Setting the MTU Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22

Setting the Destination IP Address and Netmask . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22

Setting the IPX Network Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22

Configuring RIP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-23

Configuring Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-23

Setting the PPP Asynchronous Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24

Setting Input and Output Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-25

Connecting without TCP/IP Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-25

6. Configuring a Synchronous WAN Port

Synchronous Port Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1

Contents

Configuring WAN Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4

General Synchronous Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4

Settings for Hardwired Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7

7. Configuring Dial-In Users

Configuring the User Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1

Displaying User Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2

Adding Users to the User Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2

Deleting Users from the User Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3

User Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3

Network Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3

Login Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3

Configuring Settings for Network and Login Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4

Setting a Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4

vii

Contents

Setting the Idle Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4

Setting the Session Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4

Configuring Network Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4

Setting the Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5

Setting the User IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5

Setting the Subnet Mask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6

Setting the IPX Network Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6

Configuring RIP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6

Setting the Asynchronous Character Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7

Setting the MTU Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7

Setting the Maximum Number of Dial-In Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8

Setting Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8

Setting Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9

Specifying a Callback Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10

Configuring Login Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10

Setting the Login Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10

Applying an Optional Access Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11

Setting the Login Service Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12

Specifying a Callback Telephone Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-13

8. Configuring Dial-Out Connections

Configuring the Location Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1

Creating a Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3

Setting the Connection Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3

Setting the Telephone Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5

Setting the Username and Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5

Setting the Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5

Setting the Destination IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6

Setting the Destination Netmask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6

Setting the IPX Network Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6

viii Configuration Guide for PortMaster Products

Contents

Setting RIP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7

Setting the Dial Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8

Setting the MTU Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8

Configuring Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8

Setting the Idle Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10

Setting Data over Voice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10

Setting CHAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10

Setting the Asynchronous Character Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11

Setting Multiline Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11

Setting the Maximum Number of Dial-Out Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12

Setting Bandwidth-on-Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12

Setting Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13

Input Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13

Output Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13

Testing Your Location Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14

9. Configuring Filters

Overview of PortMaster Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1

Filter Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2

Filter Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3

How Filters Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4

Creating Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5

Creating IP Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6

Filtering TCP and UDP Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7

Creating IPX Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7

Displaying Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8

Deleting Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8

Example Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-9

Simple Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-9

ix

Contents

Input Filter for an Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-10

Input and Output Filters for FTP Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11

Rule to Permit DNS into Your Local Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-12

Rule to Listen to RIP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-12

Rule to Allow Authentication Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-13

Rule to Allow Networks Full Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-13

Restrictive Internet Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-13

Restricting User Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-15

10. Using Modems

Null Modem Cable and Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1

Modem Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2

Using Automatic Modem Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2

Displaying Modem Settings and Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2

Adding a Modem to the Modem Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3

Associating a Modem with a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6

Configuring Ports for Modem Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7

Setting the Port Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7

Setting Modem Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-8

Setting Parity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-8

Setting the Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-8

Hanging Up a Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-9

11. Configuring the PortMaster 3

Configuring General Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1

Displaying Line Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2

Configuring Line Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2

Setting Channel Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2

Setting the Channel Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3

Setting the Inband Signaling Protocol for T1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3

x Configuration Guide for PortMaster Products

Contents

Setting the Inband Signaling Protocol for E1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4

Configuring ISDN PRI Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5

Setting the ISDN PRI Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5

Setting the Framing Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5

Setting the Encoding Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-6

Setting the Pulse Code Modulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-7

Setting the Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-7

Setting the Directory Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-7

Using True Digital Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-8

Setting Digital Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-8

Hot-Swapping Digital Modem Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9

Setting Digital Modems to Analog Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9

Using Channelized T1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-10

Why Use Channelized T1? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-10

How to Order DS-1 Service from the Telephone Company . . . . . . . . . . . . . . . . . . . 11-10

Configuring the PortMaster 3 for Channelized T1 . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-11

Example Channelized T1 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-11

Using the T1 Expansion Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-12

Clocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-12

Configuring the T1 Expansion Card for Fractional T1 . . . . . . . . . . . . . . . . . . . . . . . 11-13

Troubleshooting the T1 Expansion Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-14

Using Multichassis PPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-15

Setting Multichassis PPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-15

Displaying Multichassis PPP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-15

Disconnecting a User from a Virtual Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-15

Troubleshooting the PortMaster 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-16

12. Using ISDN BRI

Overview of ISDN BRI Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1

xi

Contents

Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3

Configuring ISDN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4

ISDN BRI Switch Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4

Setting the Switch Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5

Service Profile Identifier (SPID) for ISDN BRI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5

Terminal Identifier (TID) for ISDN BRI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6

Directory Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6

Information Elements (IEs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6

Multilink PPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-7

Multiple Subscriber Network for an S/T Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8

Port Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8

Data over Voice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8

ISDN Port Configuration Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9

ISDN BRI Unnumbered IP Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9

Configuration Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9

Configuring the PortMaster in Denver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-11

Configuring the PortMaster in San Francisco . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-15

Testing the Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-20

Troubleshooting an ISDN BRI Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-21

Interpreting ISDN BRI Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-22

13. Using Frame Relay

Overview of Frame Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1

PVCs and DLCIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2

Line Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2

Port Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2

CIR and Burst Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2

Discarding Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3

Ordering Frame Relay Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3

xii Configuration Guide for PortMaster Products

LMI Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3

Frame Relay Configuration on the PortMaster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-4

Enabling LMI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-5

Enabling Annex-D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-6

Listing DLCIs for Frame Relay Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-6

Configuration Steps for a Frame Relay Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-7

Configuring the PortMaster in Bangkok . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-8

Configuring the PortMaster in New York . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-9

Troubleshooting a Frame Relay Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-11

Frame Relay Subinterfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-12

Configuring Subinterfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-12

Troubleshooting Subinterfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-14

Example: Configuring a Frame Relay Subinterface . . . . . . . . . . . . . . . . . . . . . . . . . . 13-15

14. Using Synchronous V.25bis Connections

Contents

Overview of Synchronous V.25bis Dial-Up Connections . . . . . . . . . . . . . . . . . . . . . . . . . 14-1

Configuration Steps for a Synchronous V.25bis Connection . . . . . . . . . . . . . . . . . . . . . . 14-3

Configuring the PortMaster in Boston . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3

Configuring the PortMaster in Miami . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-7

Testing the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-12

Troubleshooting a Synchronous V.25bis Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-13

15. Using Office-to-Office Connections

Overview of Example Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1

Configuration Steps for an Office-to-Office Connection . . . . . . . . . . . . . . . . . . . . . . . . . 15-3

Configuring the Office Router in London . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-4

Configuring the PortMaster in Paris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-8

Testing the Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-12

Setting the Console Port for Multiline Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . 15-13

xiii

Contents

Using ISDN for On-Demand Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-15

16. Using Internet Connections

Overview of Continuous Internet Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-3

Configuration Steps for an Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-3

Configuring Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-4

Configuring Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-4

Configuring a Dial-Out Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-7

Testing the Continuous Dial-Out Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-8

Testing the Network Hardwired Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-9

Providing Network Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-10

Using ISDN for Internet Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-11

17. Providing User Dial-In Access

Overview of Dial-In Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-1

Example Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-3

Configuration Steps for Dial-In Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-4

Connecting Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-5

Configuring Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-5

Configuring Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-6

Configuring Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-8

Dial-In Login Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-9

Dial-In Network Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-9

Testing the User Dial-In Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-10

18. Accessing Shared Devices

Overview of Shared Device Access Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1

Host Device Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1

Network Device Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-2

Configuration Steps for Shared Device Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-4

xiv Configuration Guide for PortMaster Products

Configuring Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-4

Configuring Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-5

Configuring a Network Device for Telnet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-8

19. Using Synchronous Leased Lines

Overview of Leased Line Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-1

Configuration Steps for Leased Line Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-3

Configuring the PortMaster Office Router in Rome . . . . . . . . . . . . . . . . . . . . . . . . . 19-4

Configuring the PortMaster Office Router in Florence . . . . . . . . . . . . . . . . . . . . . . . 19-6

Troubleshooting a Leased Line Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-8

A. Networking Concepts

Network Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

IP Address Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2

Reserved IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5

Contents

Private IP Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5

IP Address Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6

IPX Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6

Netmasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7

Using Naming Services and the Host Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8

Managing Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-9

RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-10

ChoiceNet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-10

B. TCP and UDP Ports and Services

Glossary

Command Index

Subject Index

xv

Contents

xvi Configuration Guide for PortMaster Products

About This Guide

PortMaster® Configuration Guide

The
network configuration as well as specific information needed to configure PortMaster
products. Review this guide thoroughly before configuring your PortMaster. This guide
provides the settings required for the most commonly used PortMaster configurations.

To use this guide you must have successfully installed your PortMaster according to the
instructions provided in the relevant installation guide. This guide provides
configuration information only.

You can use either of two interfaces to configure the PortMaster:

provides general information about networking and

• Command line interface—use this guide and the

Reference

• PMVision™ graphical user interface (GUI).

This guide assumes you are using the command line interface and provides examples of
command line usage.

for more detailed command descriptions and instructions.

Audience

This guide is designed for qualified system administrators and network managers, and
for persons with a working knowledge of networking and routing. Appendix A,
“Networking Concepts,” provides an overview of network address conventions but is
intended as a quick refresher and should not be used as a substitute for careful study of
these principles.

Refer to “Additional References” in this Preface for appropriate RFCs and other
suggested reading. See the
protocols and routing with PortMaster products.

PortMaster Documentation

The following manuals are available from Lucent Technologies. The hardware
installation guides are included with most PortMaster products; other manuals can be
ordered through your

PortMaster

PortMaster Routing Guide

distributor or directly from Lucent.

PortMaster Command Line

for advanced information on routing

xvii

PortMaster Documentation

The manuals are also provided as PDF and PostScript files on the
shipped with your PortMaster.

In addition, you can download PortMaster information and documentation from
http://www.livingston.com.

• ChoiceNet® Administrator’s Guide

This guide provides complete installation and configuration instructions for
ChoiceNet server software.

• PortMaster Command Line Reference

This guide provides the complete description and syntax of each command in the
ComOS command set.

• PortMaster Configuration Guide

This guide provides a comprehensive overview of networking and configuration
issues related to PortMaster products.

• PortMaster hardware installation guides

These guides contain complete hardware installation instructions. An installation
guide is available for each PortMaster product line—IRX™, Office Router,
Communications Server, and Integrated Access Server.

• PMconsole™ for Windows Administrator’s Guide

PortMaster Software CD

This guide covers PMconsole Administration Software for Microsoft Windows, a
graphical tool for configuring the PortMaster. The majority of the material in this
guide also applies to the UNIX version of PMconsole. Lucent recommends that you
use the Java GUI PMVision rather than PMconsole to configure and manage a
PortMaster.

• PortMaster Routing Guide

This guide describes routing protocols supported by PortMaster products, and how
to use them for a wide range of routing applications.

xviii PortMaster Configuration Guide

• PortMaster Troubleshooting Guide

This guide can be used to identify and solve software and hardware problems in the
PortMaster family of products.

• RADIUS Administrator’s Guide

This guide provides complete installation and configuration instructions for Lucent
Remote Authentication Dial-In User Service (RADIUS) software.

Additional References

RFCs

Use any World Wide Web browser to find a Request for Comments (RFC) online.

Additional References

RFC 768,
RFC 791,
RFC 792,
RFC 793,
RFC 854,
RFC 950,
RFC 1058,
RFC 1112,
RFC 1144,
RFC 1157,
RFC 1166,
RFC 1213,

MIB-II

RFC 1256,
RFC 1321,
RFC 1331,

over Point-to-Point Links

RFC 1332,
RFC 1334,
RFC 1349,
RFC 1413,
RFC 1490,
RFC 1541,
RFC 1542,
RFC 1552

User Datagram Protocol
Internet Protocol
Internet Control Message Protocol
Transmission Control Protocol
Telnet Protocol Specification
Internet Standard Subnetting Procedure

Routing Information Protocol
Host Extensions for IP Multicasting
Compressing TCP/IP Headers for Low-Speed Serial Links
A Simple Network Management Protocol (SNMP)
Internet Numbers
Management Information Base for Network Management of TCP/IP-based Internets:

ICMP Router Discovery Messages
The MD5 Message-Digest Algorithm

The Point-to-Point Protocol (PPP) for the Transmission of Multiprotocol Datagrams

The PPP Internet Protocol Control Protocol (IPCP)
PPP Authentication Protocols
Type of Service in the Internet Protocol Suite
Identification Protocol
Multiprotocol Interconnect Over Frame Relay
Dynamic Host Configuration Protocol
Clarifications and Extensions for the Bootstrap Protocol

, The PPP Internet Packet Exchange Control Protocol (IPXCP)

About This Guide xix

Additional References

RFC 1587,
RFC 1597,
RFC 1627,
RFC 1634,
RFC 1661,
RFC 1700,
RFC 1771,
RFC 1812,
RFC 1814,
RFC 1818,
RFC 1824,
RFC 1825,
RFC 1826,
RFC 1827,
RFC 1828,
RFC 1829,
RFC 1877,
RFC 1878,
RFC 1918,
RFC 1965,
RFC 1966,
RFC 1974
RFC 1990
RFC 1994,
RFC 1997,
RFC 2003,
RFC 2104,
RFC 2125,

Control Protocol (BACP)

RFC 2138,
RFC 2139,
RFC 2178,

OSPF NSSA Options
Address Allocations for Private Internets
Network 10 Considered Harmful (Some Practices Shouldn’t be Codified)
Novell IPX Over Various WAN Media (IPXWAN)
The Point-to-Point Protocol (PPP)

Assigned Numbers

A Border Gateway Protocol 4 (BGP-4)
Requirements for IP Version 4 Routers
Unique Addresses are Good
Best Current Practices
Requirements for IP Version 4 Routers
Security Architecture for the Internet Protocol
IP Authentication Header
IP Encapsulating Payload
IP Authentication Using Keyed MD5
The ESP DES-CBC Transform
PPP Internet Protocol Control Protocol Extensions for Name Server Addresses
Variable Length Subnet Table for IPv4
Address Allocation for Private Internets
Autonomous System Confederations for BGP

BGP Route Reflection, An Alternative to Full Mesh IBGP
, PPP Stac LZS Compression Protocol
, The PPP Multilink Protocol (MP)

PPP Challenge Handshake Authentication Protocol (CHAP)

BGP Communities Attribute

IP Encapsulation within IP

HMAC: Keyed-Hashing for Message Authentication

The PPP Bandwidth Allocation Protocol (BAP), The PPP Bandwidth Allocation

Remote Authentication Dial In User Service (RADIUS)

RADIUS Accounting

OSPF Version 2

xx PortMaster Configuration Guide

ITU-T Recommendations

The following documents are recommendations of the International Telecommunication
Union Telecommunication Standardization Sector (ITU-T), formerly known as CCITT:

Additional References

Books

• Recommendation V.25bis (1988)—

general switched telephone network (GSTN) using the 100-series interchange circuits

• Recommendation V.120 (09/92)—

V-series type interfaces for statistical multiplexing

The Basics Book of ISDN.

Company, 1991. (ISBN 0-201-56368-1)

Building Internet Firewalls.

O’Reilly & Associates, Inc., 1995. (ISBN 1-56592-124-0)

DNS and BIND,

Associates, Inc., 1992. (ISBN 1-56592-236-0)

Firewalls and Internet Security: Repelling the Wily Hacker.

M. Bellovin. Reading, MA: Addison-Wesley Publishing Company, 1994. (ISBN 0-201­63357-4) Japanese translation is available (ISBN 4-89052-672-2). Errata are available
from ftp://ftp.research.att.com/dist/internet_security/firewall.book.

Internetworking with TCP/IP Volume 1: Principles, Protocols, and Architecture,

E. Comer. Englewood Cliffs, NJ: Prentice-Hall, Inc., 1995. (ISBN 0-13-216987-8)

The ISDN Consultant.

(ISBN 0-13-259052-2)

2nd ed. Paul Albitz and Cricket Liu. Sebastopol, CA: O’Reilly &

Motorola Codex. Reading, MA: Addison-Wesley Publishing

D. Brent Chapman and Elizabeth D. Zwicky. Sebastopol, CA:

Robert E. Lee. Upper Saddle River, NJ: Prentice-Hall, Inc. 1996.

Automatic calling and/or answering equipment on the

Support by an ISDN of data terminal equipment with

William R. Cheswick and Steven

3rd ed. Douglas

ISDN: How to Get a High-Speed Connection to the Internet.

Dunetz. New York, NY: John Wiley and Sons, Inc. 1996. (ISBN 0-47-113326-4)

TCP/IP Network Administration.

1992. (ISBN 0-937175-82-X)

About This Guide xxi

Craig Hunt. Sebastopol, CA: O’Reilly & Associates, Inc.,

Charles Summers and Bryant

Document Conventions

Routing in the Internet.

(ISBN 0-13-132192-7)

TCP/IP Illustrated, Volume 1: The Protocols

Company. 1994. (ISBN 0-201-63346-9)

Internet Routing Architectures

Document Conventions

The following conventions are used in this guide:

Convention Use Examples

Bold font Indicates a user

Italic font Identifies a

Christian Huitema. Prentice Hall PTR, 1995.

. W. Richard Stevens. Addison-Wesley Publishing

. Bassam Halabi. Cisco Press, 1997.

• Enter version to display the version

entry—a
command, menu
option, button, or
key—or the name
of a file, directory,
or utility, except
in code samples.

command-line
placeholder.
Replace with a
real name or
value.

number.

• Press Enter.

•Open the permit_list file.

set Ether0 address Ipaddress

•

•Replace
OSPF area.

Area

with the name of the

set nameserver [2] Ipaddress

Square brackets ([ ]) Enclose optional

keywords and
values in
command syntax.

Curly braces ({ }) Enclose a

required choice
between
keywords and/or
values in
command syntax.

xxii PortMaster Configuration Guide

•

set S0 destination Ipaddress

•

[Ipmask]

set syslog Logtype {[disabled]
[Facility.Priority]}

Convention Use Examples

Document Advisories

Vertical bar (|) Separates two or

more possible
options in
command syntax.

• set S0|W1 ospf on|off

• set S0 host
default|prompt|Ipaddress

Document Advisories

Note – means take note. Notes contain information of importance or special interest.

✍

Caution – means be careful. You might do something—or fail to do something—that

!

Contacting Lucent Remote Access Technical Support

results in equipment failure or loss of data.

War ning – means danger. You might do something—or fail to do something—that
results in personal injury or equipment damage.

The PortMaster comes with a 1-year hardware warranty.

For all technical support requests, record your PortMaster ComOS version number and
report it to the technical support staff or your

authorized sales channel partner

.

New releases and upgrades of PortMaster software are available by anonymous FTP from
ftp://ftp.livingston.com.pub/le/.

In North America you can schedule a 1-hour software installation appointment by
calling the technical support telephone number listed below. Appointments must be
scheduled at least one business day in advance.

About This Guide xxiii

PortMaster Training Courses

For the EMEA Region

If you are an Internet service provider (ISP) or other end user in Europe, the Middle
East, Africa, India, or Pakistan, contact your local Lucent Remote Access sales channel
partner. For a list of authorized sales channel partners, see the World Wide Web at

http://www.livingston.com/International/EMEA/distributors.html

If you are an authorized Lucent Remote Access sales channel partner in this region,
contact the Lucent Remote Access EMEA Support Center Monday through Friday
between the hours of 8 a.m. and 8 p.m. (GMT+1), excluding French public holidays.

• By voice, dial +33-4-92-92-48-88.

• By fax, dial +33-4-92-92-48-40.

• By electronic mail (email) send mail to emea-support@livingston.com

For North America, Latin America, and the Asia Pacific Region

Contact Lucent Remote Access Monday through Friday between the hours of 6 a.m.
and 6 p.m. (GMT –8).

.

• By voice, dial 800-458-9966 within the United States (including Alaska and
Hawaii), Canada, and the Caribbean, or +1-925-737-2100 from elsewhere.

• By fax, dial +1-925-737-2110.

• By email, send mail as follows:

– From North America and Latin America to support@livingston.com.

– From the Asia Pacific Region to asia-support@livingston.com.

• Using t he World Wid e Web, se e http://www.livingston.com/.

PortMaster Training Courses

Lucent Remote Access offers hands-on, technical training courses on PortMaster
products and their applications. For course information, schedules, and pricing, visit the
Lucent Remote Access website at http://www.livingston.com, click Services
then click Training.

xxiv PortMaster Configuration Guide

,

and

Subscribing to PortMaster Mailing Lists

Lucent maintains the following Internet mailing lists for PortMaster users:

• portmaster-users—a discussion of general and specific PortMaster issues, including
configuration and troubleshooting suggestions. To subscribe, send email to
majordomo@livingston.com with subscribe portmaster-users in the body of
the message.

The mailing list is also available in a daily digest format. To receive the digest, send
email to majordomo@livingston.com with subscribe portmaster-users-digest
in the body of the message.

• portmaster-radius—a discussion of general and specific RADIUS issues, including
configuration and troubleshooting suggestions. To subscribe, send email to
majordomo@livingston.com with subscribe portmaster-radius in the body of
the message.

The mailing list is also available in a daily digest format. To receive the digest, send
email to majordomo@livingston.com with subscribe
portmaster-radius-digest in the body of the message.

Subscribing to PortMaster Mailing Lists

• portmaster-announce—announcements of new PortMaster products and software
releases. To subscribe, send email to majordomo@livingston.com with subscribe
portmaster-announce in the body of the message. All announcements to this list
also go to the portmaster-users list. You do not need to subscribe to both lists.

About This Guide xxv

Subscribing to PortMaster Mailing Lists

xxvi PortMaster Configuration Guide

This chapter discusses the following topics:

• “PortMaster Software” on page 1-1

• “Preconfiguration Planning” on page 1-2

• “Configuration Tips” on page 1-3

• “Basic Configuration Steps” on page 1-4

PortMaster Software

All PortMasters are shipped with the following software:

•ComOS®—The communication software operating system already loaded in Flash
RAM on each PortMaster. You can use the ComOS command line interface to
configure your PortMaster through a console.

• PMVision—A GUI companion to the ComOS command line interface for Microsoft
Windows, UNIX, and other platforms that support the Java Virtual Machine (JVM).
Because PMVision also supports command entry, you can use a combination of GUI
panels and ComOS commands to configure, monitor, and debug a PortMaster.
When connected to one or more PortMaster products, PMVision allows you to
monitor activity and edit existing configurations. PMVision replaces the PMConsole
interface to ComOS.

Introduction

1

• pmd or in.pmd—The optional PortMaster daemon software that can be installed
on UNIX hosts to allow the host to connect to printers or modems attached to a
PortMaster. The daemon also allows the PortMaster to multiplex incoming users
onto the host using one TCP stream instead of multiple streams like rlogin. The
daemon is available for SunOS, Solaris, AIX, HP-UX, and other platforms.

For installation and configuration instructions, copy the PortMaster software to the
UNIX host as described in the

PortMaster Software CD

booklet.

1-1

Preconfiguration Planning

• RADIUS—The RADIUS server, radiusd, runs as a daemon on UNIX systems,
providing centralized authentication for dial-in users. The radiusd daemon is
provided to customers in binary and source form for SunOS, Solaris, Solaris/X8.6,
AIX, HP-UX, IRIX, Alpha OSF/1, Linux, and BSD/OS platforms.

For installation and configuration instructions, see the

• ChoiceNet—ChoiceNet is a security technology invented by Lucent to provide a
traffic filtering mechanism for networks using dial-up remote access, synchronous
leased-line, or Ethernet connections. When used with RADIUS, ChoiceNet provides
exceptional flexibility in fine-tuning the level of access provided to users.

For installation and configuration instructions, see the

Guide

.

Preconfiguration Planning

Before the PortMaster can be used to connect wide area networks (WANs), you must
install the hardware using the instructions in the installation guide for your system.

This configuration guide is designed to introduce the most common configuration
options available for PortMaster products. Review this material before you configure
your PortMaster and, if possible, answer the following questions:

• What general configuration do you want to implement?

• Do you want to use a synchronous connection to a high-speed line?

• Will your high-speed lines use Frame Relay, ISDN, switched 56Kbps, or PPP?

• If you want dial-on-demand routing, do you want multiline load-balancing?

RADIUS Administrator’s Guide.

ChoiceNet Administrator’s

• Do you want multilink PPP (RFC 1717)?

• Do you want packet filtering for Internet connections?

• Do you want packet filtering for connections to other offices?

• Do you want dial-in users to use SLIP, PPP, or both?

• If you use PPP, do you want PAP or CHAP authentication?

• Are you using a name service—DNS or NIS?

• Have you obtained the necessary network addresses?

1-2 PortMaster Configuration Guide

Configuration Tips

• Are you running IP, IPX, or both?

• Do you want to enable SNMP for network monitoring?

• Do you want dial-in only, dial-out only, or two-way communication on each port?

• What characteristics do you want to assign to the dial-out locations?

• How do you want to configure dial-in users?

• Do you want to use RADIUS to authenticate dial-in users, or the internal user table
on the PortMaster?

• Do you want to use ChoiceNet to filter network traffic?

• Do you want to use the console port for administration functions, or do you want to
attach an external modem to the port?

• For dial-in uses, do you receive service on analog lines, ISDN BRI, ISDN PRI,
channelized T1, or E1?

Many other decisions must be made during the configuration process. This guide
discusses the various configuration options and their implications.

Configuration Tips

PortMaster configuration can be confusing because settings can be configured for a port,
a user, or a remote location. Use the following tips to determine how to configure your
PortMaster:

If You Are Configuring... Then Configure Settings on...

A network hardwired port or
hardwired multiline load
balancing

One or more ports for dial-out
operation

One or more ports for dial-in
operation

A callback network user The callback location in the location table, and

Introduction 1-3

The port

Dial-out locations using the location table

Dial-in users using the user table or RADIUS

refer to the location name in the user table

Basic Configuration Steps

Basic Configuration Steps

The exact PortMaster configuration steps you follow depend upon the hardware you are
installing and your network configuration. However, the following general configuration
steps are the same for all PortMaster products:

1. Install the PortMaster hardware and assign an IP address and a password
as described in the installation guide shipped with your PortMaster.

Note – This guide assumes that you have completed Step 1 and does not give details on

hardware installation or IP address assignment.

✍

2. Boot the system and log in with the administrative password.

You can configure the PortMaster from a terminal attached to the console port, by
an administrative Telnet session, or by a network connection.

3. If you want to use PMVision software to configure your PortMaster, install
it on a workstation anywhere on your network.

See the PMVision online help for more information.

4. Configure the global settings.

PortMaster global settings are described in Chapter 3, “Configuring Global Settings.”

5. Configure the Ethernet settings, and configure the IP and IPX protocol
settings for your network.

PortMaster Ethernet settings are described in Chapter 4, “Configuring the Ethernet
Interface.”

6. Configure the asynchronous port(s).

PortMaster asynchronous port settings are described in Chapter 6, “Configuring a
Synchronous WAN Port.”

7. Configure the synchronous port(s), if available.

PortMaster synchronous port settings are described in Chapter 6, “Configuring a
Synchronous WAN Port.”

8. Configure ISDN BRI connection(s), if available.

1-4 PortMaster Configuration Guide