How it Works
Lucent Technologies
Loading...
PortMaster 4
Configuration Manual
191 pgs2.28 Mb0
Table of contents
Loading...

Lucent Technologies PortMaster 4 Configuration Manual

®
PortMaster 4
Configuration
Guide
Lucent Technologies
Remote Access Business Unit
4464 Willow Road
Pleasanton, CA 94588
March 1999
950-1426A
Copyright and Trademarks
© 1998, 1999 Lucent Technologies. All rights reserved.
PortMaster, ComOS, and ChoiceNet are registered trademarks of Lucent Technologies, Inc. RADIUS ABM, PMVision, IRX, PortAuthority, and AnyMedia are trademarks of Lucent Technologies, Inc. All other marks are the property of their respective owners.
Disclaimer
Lucent Technologies, Inc. makes no express or implied representations or warranties with respect to the contents or use of this manual, and specifically disclaims any implied warranties of merchantability or fitness for a particular purpose. Lucent Technologies, Inc. further reserves the right to revise this manual and to make changes to its content at any time, without obligation to notify any person or entity of such revisions or changes.
Contents
About This Guide
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
PortMaster Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Additional References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
RFCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Books. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
Document Advisories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
Contacting Lucent Remote Access Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . xvii
For the EMEA Region . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
For North America, Latin America, and the Asia Pacific Region . . . . . . . . . . . . . . xvii
PortMaster Training Courses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
Subscribing to PortMaster Mailing Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
1. Introduction
PortMaster Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Preconfiguration Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Setting the View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Configuration Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Basic Configuration Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
2. Configuring Global Settings
Setting the View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Configuring Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Using the Host Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Setting the Name Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Setting the Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Setting the Domain Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Setting the Telnet Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Using the Telnet Port as a Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Setting Management Application Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Setting System Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
iii
Contents
Setting the Loghost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Disabling and Redirecting Syslog Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Setting Administrative Logins to Serial Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Setting the Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Configuring Local IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
IPCP Negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
Main IP Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
Setting the Local IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8
Configuring an IP Address Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8
Setting the Reported IP Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Configuring Named IP Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
How PortMaster Address Assignment Works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10
Displaying Named IP Pool Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10
Creating Named IP Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10
Creating a Default IP Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Resetting the IP Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Deleting Named IP Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Setting Address Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12
Setting a Named IP Pool Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13
Setting Named IP Pools in RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13
Setting the Dynamic Host Control Protocol (DHCP) Server . . . . . . . . . . . . . . . . . . . . . 2-13
How the Cable Modem Telephone Return System Works . . . . . . . . . . . . . . . . . . . 2-14
Displaying the Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16
Setting Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17
Adding and Deleting a Static Route for IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17
Adding and Deleting a Static Route for IPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18
Modifying the Static Netmask Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18
Setting Authentication for Dial-In Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-21
Setting Call-Check Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-21
Setting the ISDN Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22
PortMaster Security Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22
3. Configuring SNMP
Understanding SNMP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
PortMaster 4 MIB Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
iv PortMaster Configuration Guide
Contents
Examining the MIB Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
Livingston Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
PortMaster Serial Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
PortMaster T1 and E1 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7
PortMaster Internal Modem Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8
PortMaster Billing and Accounting Information Table. . . . . . . . . . . . . . . . . . . . . . 3-9
PortMaster Call Event Status Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10
PortMaster Board Call Summary Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11
PortMaster Line Call Summary Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11
Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12
Setting SNMP Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12
Setting SNMP Read and Write Community Strings . . . . . . . . . . . . . . . . . . . . . . . . 3-12
Adding SNMP Read and Write Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13
Viewing SNMP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13
Monitoring SNMP Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14
4. Configuring an Ethernet Interface
Overview of PortMaster 4 Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Understanding Ether0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Understanding Ether1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Understanding the Interfaces on the Standalone Ethernet Boards . . . . . . . . . . . . 4-2
Setting General Ethernet Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Setting the View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Configuring RIP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Applying Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Setting Ethernet IP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Setting the IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Setting the Subnet Mask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Setting the Broadcast Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Enabling or Disabling IP Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Setting Ethernet IPX Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Setting the IPX Network Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Enabling or Disabling IPX Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
Setting the IPX Frame Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
Configuring Ethernet Subinterfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
Contents v
Contents
Configuring Standalone Ethernet Boards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Interface Numbering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Setting the View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
IPCP Negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9
Main IP Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9
Setting OSPF on an Ethernet Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
5. Configuring Dial-In Users
Configuring the User Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Displaying User Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Adding Users to the User Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Deleting Users from the User Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
User Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Network Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Login Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Configuring Settings for Network and Login Users . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Setting a Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Setting the Idle Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Setting the Session Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Configuring Network Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Setting the Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Setting the User IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Setting the Subnet Mask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Setting the IPX Network Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Configuring RIP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Setting the Asynchronous Character Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Setting the MTU Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Setting the Maximum Number of Dial-In Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Setting Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Setting Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Specifying a Callback Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
Configuring Login Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
Setting the Login Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
Applying an Optional Access Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
vi PortMaster Configuration Guide
Setting the Login Service Type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Specifying a Callback Telephone Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10
6. Configuring a Synchronous WAN Port
Synchronous Port Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Configuring WAN Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Setting the View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
General Synchronous Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Settings for Hardwired Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5
7. Configuring Dial-Out Connections
Configuring the Location Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Creating a Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
Setting the Connection Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
Setting the Telephone Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
Contents
Setting the Username and Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
Setting the Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
Setting the Destination IP Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5
Setting the Destination Netmask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5
Setting the IPX Network Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5
Setting RIP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6
Setting the Dial Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6
Setting the MTU Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6
Configuring Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7
Setting the Idle Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7
Setting Data over Voice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8
Setting CHAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8
Setting the Asynchronous Character Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8
Setting Multiline Load Balancing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9
Setting the Maximum Number of Dial-Out Ports . . . . . . . . . . . . . . . . . . . . . . . . . 7-9
Setting Bandwidth-on-Demand. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10
Setting Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10
Input Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10
Output Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10
Testing Your Location Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11
Contents vii
Contents
8. Configuring Filters
Overview of PortMaster Filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Filter Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Filter Organization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
How Filters Work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
Creating Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4
Creating IP Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4
Filtering TCP and UDP Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
Creating IPX Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6
Displaying Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7
Deleting Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7
Example Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7
Simple Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7
Input Filter for an Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8
Input and Output Filters for FTP Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9
Rule to Permit DNS into Your Local Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10
Rule to Listen to RIP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10
Rule to Allow Authentication Queries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10
Rule to Allow Networks Full Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10
Restrictive Internet Filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10
Restricting User Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12
9. Using External Modems
Modem Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Modem Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Using Automatic Modem Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Displaying Modem Settings and Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Adding a Modem to the Modem Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3
Associating a Modem with a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5
Configuring Ports for Modem Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5
Setting the Port Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6
Setting Modem Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6
Setting Parity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6
Setting the Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7
Hanging Up a Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7
viii PortMaster Configuration Guide
10. Configuring T1, E1, and ISDN PRI
PortMaster 4 Quick Setup Guide for ISDN PRI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2
Configuring the Ethernet Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2
Configuring Global Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3
Configuring the Quad T1 Boards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4
Configuring General Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5
Setting the View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5
Displaying Line Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5
Configuring Line Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5
Configuring Fractional Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6
Setting Channel Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6
Setting the Channel Rate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7
Configuring ISDN PRI Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7
Contents
Setting the ISDN PRI Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7
Setting the Framing Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-8
Setting the Encoding Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-8
Setting the Pulse Code Modulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-9
Setting the Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-9
Setting the Directory Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-9
Configuring True Digital Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10
Setting Digital Modems to Analog Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10
Displaying Modem Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10
Troubleshooting Digital Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-11
Configuring Channelized T1 or E1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-11
Channelized T1 Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-11
Channelized E1 Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-14
Using NFAS for ISDN PRI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-15
Understanding Standard NFAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-16
Understanding NFAS with D Channel Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-16
Multichassis Capacity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-16
Fault Tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-17
NFAS Limitations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-17
Provisioning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-17
Configuring NFAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-17
Contents ix
Contents
Configuring NFAS with D Channel Backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-17
Displaying Information about NFAS Configurations . . . . . . . . . . . . . . . . . . . . . . . 10-19
Troubleshooting NFAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-19
Example NFAS Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-19
Configuring SS7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-20
Setting the Intermachine Trunk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-21
Viewing SS7 Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-22
Troubleshooting SS7 Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-23
SS7 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-25
11. Configuring a T3 Mux Board
Overview of T3 Mux Boards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1
Setting the View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1
Mapping T1 Lines to T3 Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1
Setting the Clock Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2
Setting the Clock Source for Each Synchronous Serial Line . . . . . . . . . . . . . . . . . 11-2
Enabling Clocking on the Backplane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2
Setting T3 Mux Clocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3
Performing Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3
Looping an Individual DS-1 Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3
Looping the T3 Line. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3
12. Using Frame Relay
Overview of Frame Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1
PVCs and DLCIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1
Line Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
Port Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
CIR and Burst Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
Discarding Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
Ordering Frame Relay Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
LMI Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3
Frame Relay Configuration on the PortMaster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3
Enabling LMI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3
Enabling Annex-D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4
Listing DLCIs for Frame Relay Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4
Configuring a T1 or E1 Line for Frame Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4
x PortMaster Configuration Guide
Configuring Global and Ethernet Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5
Configuring the Synchronous WAN Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6
Troubleshooting a Frame Relay Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-7
Frame Relay Subinterfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8
Configuring Subinterfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8
Troubleshooting Subinterfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9
13. Using Synchronous Leased Lines
Overview of Leased Line Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1
Configuring a Leased Line Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2
Configuring Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2
Configuring Ethernet Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2
Configuring the Synchronous WAN Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3
Troubleshooting a Leased Line Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-4
Contents
A. Networking Concepts
Network Addressing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
IP Address Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2
Reserved IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4
Private IP Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4
IP Address Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4
IPX Addressing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5
Netmasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5
Using Naming Services and the Host Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7
Managing Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7
RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8
ChoiceNet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8
PortAuthority RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8
B. TCP and UDP Ports and Services
Command Index
Subject Index
Contents xi
Contents
xii PortMaster Configuration Guide

About This Guide

The PortMaster 4 Configuration Guide provides configuration instructions and examples and software troubleshooting instructions for the PortMaster Concentrator from the Remote Access Business Unit of Lucent Technologies, Inc.
This configuration guide is one of three manuals that make up the comprehensive
PortMaster 4 User Manual:
PortMaster 4 Installation Guide
PortMaster 4 Configuration Guide
PortMaster 4 Command Line Reference
Consult the contents and indexes in each of these three manuals for detailed lists of topics and specific page references.
See the additional manuals listed under “PortMaster Documentation” for configuration, maintenance, and troubleshooting information common to all PortMaster products.

Audience

This guide is designed to be used by qualified system administrators and network managers. Knowledge of basic networking concepts is required.

PortMaster Documentation

®
4 Integrated Access
The following manuals are available from Lucent Remote Access. They can be ordered through your PortMaster distributor or directly from Lucent.
The manuals are also provided as PDF and PostScript files on the PortMaster Software CD shipped with your PortMaster.
In addition, you can download PortMaster information and documentation from http://www.livingston.com.
ChoiceNet® Administrator’s Guide
This guide provides complete installation and configuration instructions for ChoiceNet server software.
PortMaster Routing Guide
This guide describes routing protocols supported by PortMaster products, and how to use them for a wide range of routing applications.
PortMaster Troubleshooting Guide
This guide can be used to identify and solve software and hardware problems in the PortMaster family of products.
xiii

Additional References

RADIUS for UNIX Administrator’s Guide
This guide provides complete installation and configuration instructions for Lucent Remote Authentication Dial-In User Service (RADIUS) software for UNIX operating systems.
RADIUS for Windows NT Administrator’s Guide
This guide provides complete installation and configuration instructions for Lucent RADIUS software for Microsoft Windows NT.
Additional References

RFCs

To find a Request for Comments (RFC) online, visit the website of the Internet Engineering Task Force (IETF) at http://www.ietf.org/.
RFC 768, User Datagram Protocol RFC 791, Internet Protocol RFC 792, Internet Control Message Protocol RFC 793, Transmission Control Protocol RFC 854, Telnet Protocol Specification RFC 950, Internet Standard Subnetting Procedure RFC 1058, Routing Information Protocol RFC 1112, Host Extensions for IP Multicasting RFC 1144, Compressing TCP/IP Headers for Low-Speed Serial Links RFC 1157, A Simple Network Management Protocol (SNMP) RFC 1166, Internet Numbers RFC 1212, Concise MIB Definitions RFC 1213, Management Information Base for Network Management of TCP/IP-based Internets:
MIB-II
RFC 1256, ICMP Router Discovery Messages RFC 1321, The MD5 Message-Digest Algorithm RFC 1331, The Point-to-Point Protocol (PPP) for the Transmission of Multiprotocol Datagrams
over Point-to-Point Links
RFC 1332, The PPP Internet Protocol Control Protocol (IPCP) RFC 1334, PPP Authentication Protocols RFC 1349, Type of Service in the Internet Protocol Suite RFC 1413, Identification Protocol RFC 1490, Multiprotocol Interconnect Over Frame Relay RFC 1541, Dynamic Host Configuration Protocol RFC 1542, Clarifications and Extensions for the Bootstrap Protocol RFC 1552, The PPP Internet Packet Exchange Control Protocol (IPXCP) RFC 1587, OSPF NSSA Options RFC 1597, Address Allocations for Private Internets RFC 1627, Network 10 Considered Harmful (Some Practices Shouldn’t be Codified) RFC 1634, Novell IPX Over Various WAN Media (IPXWAN) RFC 1661, The Point-to-Point Protocol (PPP) RFC 1700, Assigned Numbers RFC 1723, RIP Version 2 RFC 1771, A Border Gateway Protocol 4 (BGP-4) RFC 1812, Requirements for IP Version 4 Routers
xiv PortMaster 4 Configuration Guide
Additional References
RFC 1814, Unique Addresses are Good RFC 1818, Best Current Practices RFC 1824, Requirements for IP Version 4 Routers RFC 1825, Security Architecture for the Internet Protocol RFC 1826, IP Authentication Header RFC 1827, IP Encapsulating Payload RFC 1828, IP Authentication Using Keyed MD5 RFC 1829, The ESP DES-CBC Transform RFC 1877, PPP Internet Protocol Control Protocol Extensions for Name Server Addresses RFC 1878, Variable Length Subnet Table for IPv4 RFC 1918, Address Allocation for Private Internets RFC 1962, The PPP Compression Control Protocol (CCP) RFC 1965, Autonomous System Confederations for BGP RFC 1966, BGP Route Reflection, An Alternative to Full Mesh IBGP RFC 1974, PPP Stac LZS Compression Protocol RFC 1990, The PPP Multilink Protocol (MP) RFC 1994, PPP Challenge Handshake Authentication Protocol (CHAP) RFC 1997, BGP Communities Attribute RFC 2003, IP Encapsulation within IP RFC 2104, HMAC: Keyed-Hashing for Message Authentication RFC 2125, The PPP Bandwidth Allocation Protocol (BAP), The PPP Bandwidth Allocation
Control Protocol (BACP)
RFC 2138, Remote Authentication Dial In User Service (RADIUS) RFC 2139, RADIUS Accounting RFC 2153, PPP Vendor Extensions RFC 2328, OSPF Version 2 RFC 2400, Internet Official Protocol Standards RFC 2453, RIP Version 2

Books

Building Internet Firewalls. D. Brent Chapman and Elizabeth D. Zwicky. Sebastopol, CA:
O'Reilly & Associates, Inc., 1995. (ISBN 1-56592-124-0)
DNS and BIND, 2nd ed. Paul Albitz and Cricket Liu. Sebastopol, CA: O'Reilly & Associates, Inc., 1992. (ISBN 1-56592-236-0)
Firewalls and Internet Security: Repelling the Wily Hacker. William R. Cheswick and Steven M. Bellovin. Reading, MA: Addison-Wesley Publishing Company, 1994. (ISBN 0-201-63357-4) (Japanese translation: ISBN 4-89052-672-2). Errata are available at ftp://ftp.research.att.com/dist/internet_security/firewall.book.
Internet Routing Architectures. Bassam Halabi. San Jose, CA: Cisco Press, 1997. (ISBN 1-56205-652-2)
Internetworking with TCP/IP, Volume 1: Principles, Protocols, and Architecture. Douglas Comer. Upper Saddle River, NJ: Prentice Hall, Inc. 1995. (ISBN 0-13-216987-8 (v.1))
Routing in the Internet. Christian Huitema. Upper Saddle River, NJ: Prentice Hall PTR,
1995. (ISBN 0-13-132192-7)
TCP/IP Illustrated, Volume 1: The Protocols. W. Richard Stevens. Reading, MA: Addison-Wesley Publishing Company. 1994. (ISBN 0-201-63346-9)
About This Guide xv

Document Conventions

TCP/IP Network Administration. Craig Hunt. Sebastopol, CA: O’Reilly & Associates, Inc.
1994. (ISBN 0-937175-82-X)
Document Conventions
The following conventions are used in this guide:
Convention Use Examples
Bold font Indicates a user
entry—a command, menu option, button, or key—or the name of a file, directory, or utility, except in code samples.
Italic font Identifies a
command-line placeholder. Replace with a real name or value.
Square brackets ([ ]) Enclose optional
keywords and values in command syntax.
Curly braces ({ }) Enclose a
required choice between keywords and/or values in command syntax.
• Enter version to display the version
number.
• Press Enter.
•Open the permit_list file.
set Ether0 address Ipaddress
•Replace Area with the name of the OSPF area.
set nameserver [2] Ipaddress
set S0 destination Ipaddress
[Ipmask]
set syslog Logtype {[disabled] [Facility.Priority]}
Vertical bar (|) Separates two or
more possible options in command syntax.
set S0|W1 ospf on|off
set S0 host
default|prompt|Ipaddress

Document Advisories

Note – means take note. Notes contain information of importance or special interest.
Caution – means be careful. You might do something—or fail to do something—that
!
xvi PortMaster 4 Configuration Guide
results in equipment failure or loss of data.

Contacting Lucent Remote Access Technical Support

Warning – means danger. You might do something—or fail to do something—that results in personal injury or equipment damage.
Contacting Lucent Remote Access Technical Support
The PortMaster comes with a 1-year hardware warranty.
For all technical support requests, record your PortMaster ComOS version number and report it to the technical support staff or your
New releases and upgrades of PortMaster software are available by anonymous FTP from ftp://ftp.livingston.com/pub/le/.
In North America you can schedule a 1-hour software installation appointment by calling the technical support telephone number listed below. Appointments must be scheduled at least one business day in advance.
authorized sales channel partner

For the EMEA Region

.
If you are an Internet service provider (ISP) or other end user in Europe, the Middle East, Africa, India, or Pakistan, contact your local Lucent Remote Access sales channel partner. For a list of authorized sales channel partners, see the World Wide Web at http://www.livingston.com/International/EMEA/distributors.html.
If you are an authorized Lucent Remote Access sales channel partner in this region, contact the Lucent Remote Access EMEA Support Center Monday through Friday between the hours of 8 a.m. and 8 p.m. (GMT+1), excluding French public holidays.
By voice, dial +33-4-92-92-48-48.
By fax, dial +33-4-92-92-48-40.
By electronic mail (email) send mail to emea-support@livingston.com.

For North America, Latin America, and the Asia Pacific Region

Contact Lucent Remote Access Monday through Friday between the hours of 7 a.m. and 5 p.m. (GMT –8).
By voice, dial 800-458-9966 within the United States (including Alaska and Hawaii), Canada, and the Caribbean, or +1-925-737-2100 from elsewhere.
By fax, dial +1-925-737-2110.
By email, send mail as follows:
From North America and Latin America to support@livingston.com.
From the Asia Pacific Region to asia-support@livingston.com.
Using the World Wide Web, see http://www.livingston.com/.
About This Guide xvii

PortMaster Training Courses

PortMaster Training Courses
Lucent Remote Access offers hands-on, technical training courses on PortMaster products and their applications. For course information, schedules, and pricing, visit the Lucent Remote Access website at http://www.livingston.com/tech/training/index.html.

Subscribing to PortMaster Mailing Lists

Lucent Remote Access maintains the following Internet mailing lists for PortMaster users:
portmaster-users—a discussion of general and specific PortMaster issues, including configuration and troubleshooting suggestions. To subscribe, send email to majordomo@livingston.com with subscribe portmaster-users in the body of the message.
The mailing list is also available in a daily digest format. To receive the digest, send email to majordomo@livingston.com with subscribe portmaster-users-digest in the body of the message.
portmaster-radius—a discussion of general and specific RADIUS issues, including configuration and troubleshooting suggestions. To subscribe, send email to majordomo@livingston.com with subscribe portmaster-radius in the body of the message.
The mailing list is also available in a daily digest format. To receive the digest, send email to majordomo@livingston.com with subscribe portmaster-radius-digest in the body of the message.
portmaster-announce—announcements of new PortMaster products and software releases. To subscribe, send email to majordomo@livingston.com with subscribe portmaster-announce in the body of the message. All announcements to this list also go to the portmaster-users list. You do not need to subscribe to both lists.
xviii PortMaster 4 Configuration Guide
This chapter discusses the following topics:
“PortMaster Software” on page 1-1
“Preconfiguration Planning” on page 1-2
“Setting the View” on page 1-3
“Configuration Tips” on page 1-3
“Basic Configuration Steps” on page 1-4

PortMaster Software

All PortMaster products are shipped with the following software:
ComOS®—The communication software operating system already loaded in nonvolatile RAM (also called Flash RAM) on each PortMaster. You can use the ComOS command line interface to configure your PortMaster through a console.

Introduction 1

PMVision™—A graphical user interface (GUI) companion to the ComOS command line interface for Microsoft Windows, UNIX, and other platforms that support the Java Virtual Machine (JVM). Because PMVision also supports command entry, you can use a combination of GUI panels and ComOS commands to configure, monitor, and debug a PortMaster. When connected to one or more PortMaster products, PMVision allows you to monitor activity and edit existing configurations. PMVision replaces the PMconsole interface to ComOS.
This application and other Java-based configuration tools for the PortMaster are available via anonymous FTP at ftp://ftp.livingston.com/pub/livingston/software/java/.
pmd or in.pmd—The optional PortMaster daemon software that can be installed on UNIX hosts to allow the host to connect to printers or modems attached to a PortMaster. The daemon also allows the PortMaster to multiplex incoming users onto the host using one TCP stream instead of multiple streams like rlogin. The daemon is available for SunOS, Solaris, AIX, HP-UX, and other platforms.
For installation and configuration instructions, copy the PortMaster software to the UNIX host as described on the PortMaster Software CD package.
RADIUS—The RADIUS server daemon, radiusd, runs on UNIX systems, providing centralized authentication for dial-in users. The radiusd daemon is provided to customers in binary and source form for SunOS, Solaris, Solaris/X8.6, AIX, HP-UX, IRIX, Alpha OSF/1, Linux, and BSD/OS platforms.
For installation and configuration instructions, see the RADIUS for Windows NT
Administrator’s Guide and RADIUS for UNIX Administrator’s Guide.
1-1

Preconfiguration Planning

ChoiceNet—ChoiceNet is a security technology invented by Lucent to provide a traffic filtering mechanism for networks using dial-up remote access, synchronous leased line, or Ethernet connections. When used with RADIUS, ChoiceNet provides exceptional flexibility in fine-tuning the level of access provided to users.
For installation and configuration instructions, see the ChoiceNet Administrator’s Guide.
Preconfiguration Planning
Before the PortMaster can be used to connect wide area networks (WANs), you must install the hardware using the instructions in the PortMaster 4 Installation Guide.
This configuration guide is designed to introduce the most common configuration options available for the PortMaster 4. Review this material before you configure your PortMaster and, if possible, answer the following questions:
What general configuration do you want to implement?
Do you want to use a synchronous connection to a high-speed line?
Will your high-speed lines use Frame Relay, ISDN, switched 56Kbps, or PPP?
If you want dial-on-demand routing, do you want multiline load-balancing?
Do you want Multilink Point-to-Point Protocol (PPP) (RFC 1717)?
Do you want packet filtering for Internet connections?
Do you want packet filtering for connections to other offices?
Do you want dial-in users to use Serial Line Internet Protocol (SLIP), PPP, or both?
If you use PPP, do you want Password Authentication Protocol (PAP) or Challenge Authentication Protocol (CHAP) authentication?
Are you using a name service—Domain Name System (DNS) or Network Information Service (NIS)?
Have you obtained the necessary network addresses?
Do you want to enable Simple Network Management Protocol (SNMP) for network monitoring?
Do you want dial-in only, dial-out only, or two-way communication on each port?
What characteristics do you want to assign to the dial-out locations?
How do you want to configure dial-in users?
Do you want to use RADIUS or the internal user table on the PortMaster to authenticate dial-in users?
Do you want to use ChoiceNet to filter network traffic?
Do you want to use the console port for administration functions, or do you want to attach an external modem to the port?
1-2 PortMaster 4 Configuration Guide
For dial-in users, do you receive service on analog lines, ISDN Primary Rate Interface (PRI), channelized T1, or E1?
Many other decisions must be made during the configuration process. This guide discusses the various configuration options and their implications.

Setting the View

The PortMaster 4 operates via the modules and boards installed in its slots. The system manager module installed in slot 4 provides overall (global) management for the entire chassis.
To monitor and configure a particular module or board, you use the set view command to set the view to the slot of the installed board or module. The default view is slot 4, which is the manager view.
Because the Ethernet interfaces on a PortMaster 4 are numbered uniquely, you can configure them from any view. However, you must reboot Ether0 and reset the appropriate slot for the other Ethernet interfaces to activate configuration settings.
Except for the manager module, for which the command line prompt displays no number, the prompt indicates the view you are in. For example:
Setting the View
Command> set view 3 View changed from 4 to 3 Command 3> set view 4 View changed from 3 to 4 Command>
The save all command saves all configuration information for all boards regardless of what view is set.

Configuration Tips

PortMaster configuration can be confusing because settings can be configured for a port, a user, or a remote location. Use Table 1-1 to determine how to configure your PortMaster.
Table 1-1 PortMaster Configuration Tips
If You Are Configuring . . . Then Configure Settings on . . .
A network hardwired port or hardwired multiline load balancing
One or more ports for dial-out operation
The port
Dial-out locations using the location table
One or more ports for dial-in operation
A callback network user The callback location in the location table (refer
Introduction 1-3
Dial-in users using the user table or RADIUS
to the location name in the user table)

Basic Configuration Steps

Basic Configuration Steps
The exact PortMaster configuration steps you follow depend upon the hardware you are installing and your network configuration. However, the following general configuration steps are the same for all PortMaster products:
1. Install the PortMaster hardware and assign an IP address and a password as described in the PortMaster 4 Installation Guide.
2. Boot the system and log in with the administrative password.
You can configure the PortMaster from a terminal attached to the console port, through an administrative Telnet session, or through a network connection.
Note – This configuration guide assumes that you have completed Step 1 and Step 2
and does not give details on hardware installation, IP address assignment, or administrative password assignment.
3. If you want to use PMVision software to configure your PortMaster, install it on a workstation anywhere on your network.
PMVision is available via anonymous FTP at ftp://ftp.livingston.com/pub/livingston/software/java/. See the PMVision online help for information on using PMVision.
4. Configure the global settings.
PortMaster global settings are described in Chapter 2, “Configuring Global Settings.”
5. Configure the Ethernet settings, and configure the IP protocol settings for your network.
PortMaster Ethernet settings are described in Chapter 4, “Configuring an Ethernet Interface.”
6. Configure the synchronous ports.
PortMaster synchronous port settings are described in Chapter 6, “Configuring a Synchronous WAN Port.”
7. Configure T1, E1, and ISDN PRI connections.
ISDN PRI connection configuration is described in Chapter 10, “Configuring T1, E1, and ISDN PRI” and Chapter 11, “Configuring a T3 Mux Board.”
8. Configure dial-in users in the user table, or configure RADIUS.
The user table is described in Chapter 5, “Configuring Dial-In Users.” If you are using RADIUS security instead of the user table, see the RADIUS for Windows NT Administrator’s Guide or RADIUS for UNIX Administrator’s Guide.
9. Configure ChoiceNet, if you are using it.
ChoiceNet is a traffic filtering mechanism for networks using dial-up remote access, synchronous leased line, or Ethernet. Refer to the ChoiceNet Administrator’s Guide for more information.
1-4 PortMaster 4 Configuration Guide
Basic Configuration Steps
10. Configure dial-out locations in the location table.
The location table is described in Chapter 7, “Configuring Dial-Out Connections.”
11. Configure filters in the filter table.
Once the filters are created, they can be assigned as input or output filters for the Ethernet interface, users, locations, or hardwired ports. Filters are described in Chapter 8, “Configuring Filters.”
12. Configure the Layer 2 Tunneling Protocol (L2TP) if you are setting up an L2TP tunnel to an L2TP-compatible router.
See the PortMaster 4 Command Line Reference for information on the L2TP commands.
13. Configure OSPF, if you are using this protocol.
OSPF is described in the PortMaster Routing Guide.
14. Configure BGP, if you are using this protocol.
BGP is described in the PortMaster Routing Guide.
15. Troubleshoot your configuration, if necessary, and back it up.
See the troubleshooting information in this guide and the PortMaster Troubleshooting Guide for instructions.
Once you have correctly configured all the settings necessary for your circumstances, your PortMaster is ready to provide communication service and routing for your network.
Introduction 1-5
Basic Configuration Steps
1-6 PortMaster 4 Configuration Guide

Configuring Global Settings 2

This chapter describes how to configure settings that the PortMaster 4 uses across all its ports and interfaces.
This chapter discusses the following topics:
“Setting the View” on page 2-2
“Configuring Name Resolution” on page 2-2
“Setting the Telnet Port” on page 2-3
“Setting Management Application Connections” on page 2-4
“Setting System Logging” on page 2-4
“Setting Administrative Logins to Serial Ports” on page 2-6
“Setting the Chassis” on page 2-6
“Configuring Local IP Addresses” on page 2-6
“Configuring an IP Address Pool” on page 2-8
“Setting the Reported IP Address” on page 2-9
“Configuring Named IP Pools” on page 2-9
“Setting the Dynamic Host Control Protocol (DHCP) Server” on page 2-13
“Displaying the Routing Table” on page 2-16
“Setting Static Routes” on page 2-17
“Setting Authentication for Dial-In Users” on page 2-21
“Setting Call-Check Authentication” on page 2-21
“Setting the ISDN Switch” on page 2-22
“PortMaster Security Management” on page 2-22
See the PortMaster 4 Command Line Reference for more detailed command descriptions and instructions.
You can also configure the PortMaster 4 using the PMVision application for Microsoft Windows, UNIX, and other platforms supporting the Java Virtual Machine (JVM). PMVision replaces the PMconsole interface to ComOS.
2-1

Setting the View

Setting the View
You configure global settings from the manager view. If you are not already in slot 4 (the default), use the following command to set the view to slot 4:
Command 3> set view 4 View changed form 3 to 4 Command>

Configuring Name Resolution

You can use either a network name service or the host table on the PortMaster 4 to map hostnames to IP addresses.

Using the Host Table

Each host attached to an IP network is assigned a unique IP address. Every PortMaster supports a local host table to map hostnames to IP addresses. If your network lacks a computer that can perform hostname resolution, the PortMaster allows entries in a local host table. Hostnames are used by the PortMaster only for your convenience when using the command line interface, or if you require users to enter hostnames at the host prompt.
To avoid confusion and reduce administrative overhead, Lucent recommends using the Domain Name System (DNS) or Network Information Service (NIS) for hostname resolution rather than the local host table. The PortMaster always checks the local host table before using DNS or NIS. For information on setting the NIS or DNS name service, refer to “Setting the Name Service.”

Setting the Name Service

The PortMaster can work with network name services such as the Network Information Service (NIS) or the Domain Name System (DNS). Appendix A, “Networking Concepts,” describes these name services. You must explicitly identify any name service used on your network.
The PortMaster stores all information by address rather than name. As a result, configuring the name server is useful only if you are using the command line interface for administration or if you prompt a login user for a host. If you are not using either of these features, you do not need to set the name service.
To set the name service, use the following command:
Command> set namesvc dns|nis
Once the name service is set, you must set the address of your NIS or DNS name server and enter the domain name of your network. See “Setting the Name Server” for instructions.
2-2 PortMaster 4 Configuration Guide

Setting the Name Server

The PortMaster supports RFC 1877, which allows remote hosts also supporting RFC 1877 to learn a name server through PPP negotiation. You must provide the IP address of the name server if you use a name service.
You must set a name service before you set a name server. See “Setting the Name Service.” If you are not using a name service, you do not need a name server.
To set the name server, use the following command:
Command> set nameserver Ipaddress
You can set an alternate name server with the following command:
Command> set nameserver 2 Ipaddress
You must set a domain name for your network after you set a name server. See “Setting the Domain Name.”
You can disable the use of a name service by setting the name server’s IP address to
0.0.0.0.

Setting the Telnet Port

Setting the Domain Name

The domain name is used for hostname resolution. If you are using DNS or NIS, you must set a domain name for your network.
To set the domain name of your network, use the following command:
Command> set domain String
Setting the Telnet Port
The Telnet access port can be set to any number between 0 and 65535. The Telnet port enables you to access and maintain the PortMaster using a Telnet connection to this TCP port. If 0 (zero) is used, Telnet administration is disabled. The default value is 23. Ports numbered 10000 through 10100 are reserved and should not be used for this function. Up to four administrative Telnet sessions at a time can be active.
To set the Telnet access port to port number Tport, use the following command:
Command> set telnet Tport

Using the Telnet Port as a Console Port

If the console port is set from a Telnet session, the current connection becomes the console. This feature is useful for administrators who log in to a port using Telnet and need to access the console for debugging purposes.
Note – Only one Telnet session can receive console messages at a time.
Configuring Global Settings 2-3

Setting Management Application Connections

To set the current Telnet access port as a console port, enter the following command:
Command> set console
Setting Management Application Connections
PMVision, ChoiceNet, and the ComOS utilities pmdial, pmcommand, pminstall, pmreadconf, pmreadpass, and pmreset all use port 1643. For more than one of
these applications to connect at the same time, you must set the maximum number of connections to two or more. The maximum is 10 connections.
If you use ChoiceNet to download filters dynamically, be sure to set the maximum number of connections to 10.
To set the maximum number of concurrent connections for management applications into the PortMaster, use the following command:
Command> set maximum pmconsole Number

Setting System Logging

PortMaster products enable you to log authentication information to a system log file for network accounting purposes.

Setting the Loghost

To set the IP address of the loghost—the host to which the PortMaster sends syslog messages—use the following command:
Command> set loghost Ipaddress
Note – Do not set a loghost at a location configured for on-demand connections,
because doing so keeps the connection up or brings up the connection each time a syslog message is queued for the syslog host.
Setting the loghost’s IP address to 0.0.0.0 disables syslog on the PortMaster. This change requires a reboot to become effective.
RADIUS accounting provides a more complete method for logging usage information. Refer to the RADIUS for Windows NT Administrator’s Guide and RADIUS for UNIX
Administrator’s Guide for more information on accounting.

Disabling and Redirecting Syslog Messages

By default, the PortMaster logs five types of events at the informational (info) priority level using the authorization (auth) facility on the loghost. You can disable logging of one or more types of events and change the facility and/or priority of log messages.
To disable logging of a type of event, use the following command:
Command> set syslog Logtype disabled
2-4 PortMaster 4 Configuration Guide
Setting System Logging
Use the Logtype keyword described in Table 2-1 to identify the type of event you want to disable—or enable again.
Table 2-1 Logtype Keywords
Logtype Keyword Description
admin-logins !root and administrative logins.
user-logins Nonadministrative logins; you might want to disable this
logtype if you are using RADIUS accounting.
packet-filters Packets that match rules with the log keyword.
commands Every command entered at the command line interface.
termination More detailed information on how user sessions terminate.
You can change the facility, the priority, or both, of log messages.
To change the facility or priority of log messages, use the following command. Be sure to separate the Facility and Priority keywords with a period (.).
Command> set syslog Logtype Facility.Priority
The facility and priority can be set for each of the five types of logged events listed in Table 2-1.
Table 2-2 and Table 2-3 show the keywords used to identify facilities and priorities. Lucent recommends that you use the auth facility or the local0 through local7 facilities to receive syslog messages from PortMaster products, but all the facilities are provided. See your operating system documentation for information on configuring syslog on your host.
Table 2-2 Syslog Facility Keywords
Facility Facility Number Facility Facility Number
kern 0 cron 15
user 1 local0 16
mail 2 local1 17
daemon 3 local2 18
auth 4 local3 19
syslog 5 local4 20
lpr 6 local5 21
news 7 local6 22
uucp 8 local7 23
Configuring Global Settings 2-5

Setting Administrative Logins to Serial Ports

Table 2-3 Syslog Priority Keywords
Priority Number Typically Used For
emerg 0 Messages indicating the system is
alert 1 Messages announcing action that must
crit 2Critical messages
err 3Error messages
warning 4 Warning messages
notice 5 Normal but significant messages
info 6 Informational messages
debug 7 Debug-level messages
To determine current syslog settings, enter the following command:
Command> show syslog
unusable
be taken immediately
Setting Administrative Logins to Serial Ports
When you log in using !root, administrative logins to the serial ports are enabled by default. You can enable or disable administrative logins them by using the following command
If administrative login is disabled, you can still use port C0 by setting the console (bottom) DIP switch to the left (on) position.
:
Command> set serial-admin on|off

Setting the Chassis

When you use the PortMaster 4 as an AnyMedia™ MultiService Module (MSM), you must specify the chassis type for PMVision to be able to display it. Use the following command to set the PortMaster 4 as an MSM:
Command> set chassis msm-rac
Use the save all command to save changes to nonvolatile RAM. The chassis is identified as a PortMaster 4 by default.

Configuring Local IP Addresses

The PortMaster 4 supports up to four internal routable IP addresses, which the PortMaster advertises as host routes through RIP-2 and the Open Shortest Path First (OSPF) routing protocol. When you configure a local IP address, it becomes the PortMaster global address for network handles such as RADIUS, the Domain Name System (DNS), SNMP, the intermachine trunk (IMT), and bootp. By referencing an IP address instead of an interface, you do not lose the service if the interface goes down.
2-6 PortMaster 4 Configuration Guide
Loading...
+ 161 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use