Lucent Technologies PortMaster 4 Configuration Manual

®

PortMaster 4

Configuration

Guide

Lucent Technologies

Remote Access Business Unit

4464 Willow Road

Pleasanton, CA 94588

925-737-2100
800-458-9966

March 1999

950-1426A

Copyright and Trademarks

© 1998, 1999 Lucent Technologies. All rights reserved.

PortMaster, ComOS, and ChoiceNet are registered trademarks of Lucent Technologies, Inc. RADIUS ABM,
PMVision, IRX, PortAuthority, and AnyMedia are trademarks of Lucent Technologies, Inc. All other marks are the
property of their respective owners.

Disclaimer

Lucent Technologies, Inc. makes no express or implied representations or warranties with respect to the contents
or use of this manual, and specifically disclaims any implied warranties of merchantability or fitness for a
particular purpose. Lucent Technologies, Inc. further reserves the right to revise this manual and to make changes
to its content at any time, without obligation to notify any person or entity of such revisions or changes.

Contents

About This Guide

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

PortMaster Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

Additional References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

RFCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

Books. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv

Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi

Document Advisories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi

Contacting Lucent Remote Access Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . xvii

For the EMEA Region . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii

For North America, Latin America, and the Asia Pacific Region . . . . . . . . . . . . . . xvii

PortMaster Training Courses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii

Subscribing to PortMaster Mailing Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii

1. Introduction

PortMaster Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Preconfiguration Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

Setting the View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

Configuration Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

Basic Configuration Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4

2. Configuring Global Settings

Setting the View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

Configuring Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

Using the Host Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

Setting the Name Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

Setting the Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Setting the Domain Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Setting the Telnet Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Using the Telnet Port as a Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Setting Management Application Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Setting System Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

iii

Contents

Setting the Loghost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Disabling and Redirecting Syslog Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Setting Administrative Logins to Serial Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6

Setting the Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6

Configuring Local IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6

IPCP Negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

Main IP Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

Setting the Local IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8

Configuring an IP Address Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8

Setting the Reported IP Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9

Configuring Named IP Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9

How PortMaster Address Assignment Works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10

Displaying Named IP Pool Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10

Creating Named IP Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10

Creating a Default IP Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11

Resetting the IP Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11

Deleting Named IP Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11

Setting Address Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12

Setting a Named IP Pool Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13

Setting Named IP Pools in RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13

Setting the Dynamic Host Control Protocol (DHCP) Server . . . . . . . . . . . . . . . . . . . . . 2-13

How the Cable Modem Telephone Return System Works . . . . . . . . . . . . . . . . . . . 2-14

Displaying the Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16

Setting Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17

Adding and Deleting a Static Route for IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17

Adding and Deleting a Static Route for IPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18

Modifying the Static Netmask Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18

Setting Authentication for Dial-In Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-21

Setting Call-Check Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-21

Setting the ISDN Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22

PortMaster Security Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22

3. Configuring SNMP

Understanding SNMP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

PortMaster 4 MIB Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

iv PortMaster Configuration Guide

Contents

Examining the MIB Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Livingston Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

PortMaster Serial Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

PortMaster T1 and E1 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7

PortMaster Internal Modem Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8

PortMaster Billing and Accounting Information Table. . . . . . . . . . . . . . . . . . . . . . 3-9

PortMaster Call Event Status Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

PortMaster Board Call Summary Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11

PortMaster Line Call Summary Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11

Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12

Setting SNMP Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12

Setting SNMP Read and Write Community Strings . . . . . . . . . . . . . . . . . . . . . . . . 3-12

Adding SNMP Read and Write Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

Viewing SNMP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

Monitoring SNMP Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14

4. Configuring an Ethernet Interface

Overview of PortMaster 4 Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Understanding Ether0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Understanding Ether1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2

Understanding the Interfaces on the Standalone Ethernet Boards . . . . . . . . . . . . 4-2

Setting General Ethernet Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Setting the View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Configuring RIP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Applying Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Setting Ethernet IP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Setting the IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Setting the Subnet Mask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Setting the Broadcast Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Enabling or Disabling IP Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

Setting Ethernet IPX Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

Setting the IPX Network Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

Enabling or Disabling IPX Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6

Setting the IPX Frame Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6

Configuring Ethernet Subinterfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7

Contents v

Contents

Configuring Standalone Ethernet Boards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

Interface Numbering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

Setting the View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

IPCP Negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9

Main IP Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9

Setting OSPF on an Ethernet Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10

5. Configuring Dial-In Users

Configuring the User Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

Displaying User Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

Adding Users to the User Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2

Deleting Users from the User Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2

User Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2

Network Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3

Login Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3

Configuring Settings for Network and Login Users . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3

Setting a Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3

Setting the Idle Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3

Setting the Session Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4

Configuring Network Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4

Setting the Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4

Setting the User IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4

Setting the Subnet Mask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5

Setting the IPX Network Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5

Configuring RIP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5

Setting the Asynchronous Character Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6

Setting the MTU Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6

Setting the Maximum Number of Dial-In Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6

Setting Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7

Setting Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7

Specifying a Callback Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8

Configuring Login Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8

Setting the Login Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8

Applying an Optional Access Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9

vi PortMaster Configuration Guide

Setting the Login Service Type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9

Specifying a Callback Telephone Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10

6. Configuring a Synchronous WAN Port

Synchronous Port Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1

Configuring WAN Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2

Setting the View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2

General Synchronous Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2

Settings for Hardwired Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5

7. Configuring Dial-Out Connections

Configuring the Location Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1

Creating a Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2

Setting the Connection Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2

Setting the Telephone Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4

Contents

Setting the Username and Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4

Setting the Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4

Setting the Destination IP Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5

Setting the Destination Netmask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5

Setting the IPX Network Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5

Setting RIP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6

Setting the Dial Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6

Setting the MTU Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6

Configuring Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7

Setting the Idle Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7

Setting Data over Voice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8

Setting CHAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8

Setting the Asynchronous Character Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8

Setting Multiline Load Balancing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9

Setting the Maximum Number of Dial-Out Ports . . . . . . . . . . . . . . . . . . . . . . . . . 7-9

Setting Bandwidth-on-Demand. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10

Setting Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10

Input Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10

Output Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10

Testing Your Location Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11

Contents vii

Contents

8. Configuring Filters

Overview of PortMaster Filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1

Filter Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2

Filter Organization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3

How Filters Work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3

Creating Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4

Creating IP Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4

Filtering TCP and UDP Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5

Creating IPX Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6

Displaying Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7

Deleting Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7

Example Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7

Simple Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7

Input Filter for an Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8

Input and Output Filters for FTP Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9

Rule to Permit DNS into Your Local Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10

Rule to Listen to RIP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10

Rule to Allow Authentication Queries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10

Rule to Allow Networks Full Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10

Restrictive Internet Filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10

Restricting User Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12

9. Using External Modems

Modem Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1

Modem Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2

Using Automatic Modem Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2

Displaying Modem Settings and Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2

Adding a Modem to the Modem Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3

Associating a Modem with a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5

Configuring Ports for Modem Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5

Setting the Port Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6

Setting Modem Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6

Setting Parity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6

Setting the Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7

Hanging Up a Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7

viii PortMaster Configuration Guide

10. Configuring T1, E1, and ISDN PRI

PortMaster 4 Quick Setup Guide for ISDN PRI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2

Configuring the Ethernet Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2

Configuring Global Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3

Configuring the Quad T1 Boards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4

Configuring General Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5

Setting the View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5

Displaying Line Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5

Configuring Line Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5

Configuring Fractional Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6

Setting Channel Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6

Setting the Channel Rate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7

Configuring ISDN PRI Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7

Contents

Setting the ISDN PRI Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7

Setting the Framing Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-8

Setting the Encoding Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-8

Setting the Pulse Code Modulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-9

Setting the Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-9

Setting the Directory Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-9

Configuring True Digital Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10

Setting Digital Modems to Analog Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10

Displaying Modem Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10

Troubleshooting Digital Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-11

Configuring Channelized T1 or E1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-11

Channelized T1 Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-11

Channelized E1 Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-14

Using NFAS for ISDN PRI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-15

Understanding Standard NFAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-16

Understanding NFAS with D Channel Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-16

Multichassis Capacity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-16

Fault Tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-17

NFAS Limitations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-17

Provisioning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-17

Configuring NFAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-17

Contents ix

Contents

Configuring NFAS with D Channel Backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-17

Displaying Information about NFAS Configurations . . . . . . . . . . . . . . . . . . . . . . . 10-19

Troubleshooting NFAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-19

Example NFAS Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-19

Configuring SS7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-20

Setting the Intermachine Trunk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-21

Viewing SS7 Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-22

Troubleshooting SS7 Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-23

SS7 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-25

11. Configuring a T3 Mux Board

Overview of T3 Mux Boards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1

Setting the View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1

Mapping T1 Lines to T3 Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1

Setting the Clock Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2

Setting the Clock Source for Each Synchronous Serial Line . . . . . . . . . . . . . . . . . 11-2

Enabling Clocking on the Backplane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2

Setting T3 Mux Clocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3

Performing Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3

Looping an Individual DS-1 Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3

Looping the T3 Line. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3

12. Using Frame Relay

Overview of Frame Relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1

PVCs and DLCIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1

Line Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2

Port Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2

CIR and Burst Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2

Discarding Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2

Ordering Frame Relay Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2

LMI Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3

Frame Relay Configuration on the PortMaster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3

Enabling LMI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3

Enabling Annex-D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4

Listing DLCIs for Frame Relay Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4

Configuring a T1 or E1 Line for Frame Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4

x PortMaster Configuration Guide

Configuring Global and Ethernet Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5

Configuring the Synchronous WAN Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6

Troubleshooting a Frame Relay Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-7

Frame Relay Subinterfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8

Configuring Subinterfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8

Troubleshooting Subinterfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9

13. Using Synchronous Leased Lines

Overview of Leased Line Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1

Configuring a Leased Line Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2

Configuring Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2

Configuring Ethernet Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2

Configuring the Synchronous WAN Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3

Troubleshooting a Leased Line Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-4

Contents

A. Networking Concepts

Network Addressing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

IP Address Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2

Reserved IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4

Private IP Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4

IP Address Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4

IPX Addressing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5

Netmasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5

Using Naming Services and the Host Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7

Managing Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7

RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8

ChoiceNet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8

PortAuthority RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8

B. TCP and UDP Ports and Services

Command Index

Subject Index

Contents xi

Contents

xii PortMaster Configuration Guide

About This Guide

The PortMaster 4 Configuration Guide provides configuration instructions and examples
and software troubleshooting instructions for the PortMaster
Concentrator from the Remote Access Business Unit of Lucent Technologies, Inc.

This configuration guide is one of three manuals that make up the comprehensive

PortMaster 4 User Manual:

• PortMaster 4 Installation Guide

• PortMaster 4 Configuration Guide

• PortMaster 4 Command Line Reference

Consult the contents and indexes in each of these three manuals for detailed lists of
topics and specific page references.

See the additional manuals listed under “PortMaster Documentation” for configuration,
maintenance, and troubleshooting information common to all PortMaster products.

Audience

This guide is designed to be used by qualified system administrators and network
managers. Knowledge of basic networking concepts is required.

PortMaster Documentation

®

4 Integrated Access

The following manuals are available from Lucent Remote Access. They can be ordered
through your PortMaster distributor or directly from Lucent.

The manuals are also provided as PDF and PostScript files on the PortMaster Software CD
shipped with your PortMaster.

In addition, you can download PortMaster information and documentation from
http://www.livingston.com.

• ChoiceNet® Administrator’s Guide

This guide provides complete installation and configuration instructions for
ChoiceNet server software.

• PortMaster Routing Guide

This guide describes routing protocols supported by PortMaster products, and how to
use them for a wide range of routing applications.

• PortMaster Troubleshooting Guide

This guide can be used to identify and solve software and hardware problems in the
PortMaster family of products.

xiii

Additional References

• RADIUS for UNIX Administrator’s Guide

This guide provides complete installation and configuration instructions for Lucent
Remote Authentication Dial-In User Service (RADIUS) software for UNIX operating
systems.

• RADIUS for Windows NT Administrator’s Guide

This guide provides complete installation and configuration instructions for Lucent
RADIUS software for Microsoft Windows NT.

Additional References

RFCs

To find a Request for Comments (RFC) online, visit the website of the Internet
Engineering Task Force (IETF) at http://www.ietf.org/.

RFC 768, User Datagram Protocol
RFC 791, Internet Protocol
RFC 792, Internet Control Message Protocol
RFC 793, Transmission Control Protocol
RFC 854, Telnet Protocol Specification
RFC 950, Internet Standard Subnetting Procedure
RFC 1058, Routing Information Protocol
RFC 1112, Host Extensions for IP Multicasting
RFC 1144, Compressing TCP/IP Headers for Low-Speed Serial Links
RFC 1157, A Simple Network Management Protocol (SNMP)
RFC 1166, Internet Numbers
RFC 1212, Concise MIB Definitions
RFC 1213, Management Information Base for Network Management of TCP/IP-based Internets:

MIB-II

RFC 1256, ICMP Router Discovery Messages
RFC 1321, The MD5 Message-Digest Algorithm
RFC 1331, The Point-to-Point Protocol (PPP) for the Transmission of Multiprotocol Datagrams

over Point-to-Point Links

RFC 1332, The PPP Internet Protocol Control Protocol (IPCP)
RFC 1334, PPP Authentication Protocols
RFC 1349, Type of Service in the Internet Protocol Suite
RFC 1413, Identification Protocol
RFC 1490, Multiprotocol Interconnect Over Frame Relay
RFC 1541, Dynamic Host Configuration Protocol
RFC 1542, Clarifications and Extensions for the Bootstrap Protocol
RFC 1552, The PPP Internet Packet Exchange Control Protocol (IPXCP)
RFC 1587, OSPF NSSA Options
RFC 1597, Address Allocations for Private Internets
RFC 1627, Network 10 Considered Harmful (Some Practices Shouldn’t be Codified)
RFC 1634, Novell IPX Over Various WAN Media (IPXWAN)
RFC 1661, The Point-to-Point Protocol (PPP)
RFC 1700, Assigned Numbers
RFC 1723, RIP Version 2
RFC 1771, A Border Gateway Protocol 4 (BGP-4)
RFC 1812, Requirements for IP Version 4 Routers

xiv PortMaster 4 Configuration Guide

Additional References

RFC 1814, Unique Addresses are Good
RFC 1818, Best Current Practices
RFC 1824, Requirements for IP Version 4 Routers
RFC 1825, Security Architecture for the Internet Protocol
RFC 1826, IP Authentication Header
RFC 1827, IP Encapsulating Payload
RFC 1828, IP Authentication Using Keyed MD5
RFC 1829, The ESP DES-CBC Transform
RFC 1877, PPP Internet Protocol Control Protocol Extensions for Name Server Addresses
RFC 1878, Variable Length Subnet Table for IPv4
RFC 1918, Address Allocation for Private Internets
RFC 1962, The PPP Compression Control Protocol (CCP)
RFC 1965, Autonomous System Confederations for BGP
RFC 1966, BGP Route Reflection, An Alternative to Full Mesh IBGP
RFC 1974, PPP Stac LZS Compression Protocol
RFC 1990, The PPP Multilink Protocol (MP)
RFC 1994, PPP Challenge Handshake Authentication Protocol (CHAP)
RFC 1997, BGP Communities Attribute
RFC 2003, IP Encapsulation within IP
RFC 2104, HMAC: Keyed-Hashing for Message Authentication
RFC 2125, The PPP Bandwidth Allocation Protocol (BAP), The PPP Bandwidth Allocation

Control Protocol (BACP)

RFC 2138, Remote Authentication Dial In User Service (RADIUS)
RFC 2139, RADIUS Accounting
RFC 2153, PPP Vendor Extensions
RFC 2328, OSPF Version 2
RFC 2400, Internet Official Protocol Standards
RFC 2453, RIP Version 2

Books

Building Internet Firewalls. D. Brent Chapman and Elizabeth D. Zwicky. Sebastopol, CA:

O'Reilly & Associates, Inc., 1995. (ISBN 1-56592-124-0)

DNS and BIND, 2nd ed. Paul Albitz and Cricket Liu. Sebastopol, CA: O'Reilly &
Associates, Inc., 1992. (ISBN 1-56592-236-0)

Firewalls and Internet Security: Repelling the Wily Hacker. William R. Cheswick and Steven
M. Bellovin. Reading, MA: Addison-Wesley Publishing Company, 1994.
(ISBN 0-201-63357-4) (Japanese translation: ISBN 4-89052-672-2). Errata are available
at ftp://ftp.research.att.com/dist/internet_security/firewall.book.

Internet Routing Architectures. Bassam Halabi. San Jose, CA: Cisco Press, 1997.
(ISBN 1-56205-652-2)

Internetworking with TCP/IP, Volume 1: Principles, Protocols, and Architecture. Douglas Comer.
Upper Saddle River, NJ: Prentice Hall, Inc. 1995. (ISBN 0-13-216987-8 (v.1))

Routing in the Internet. Christian Huitema. Upper Saddle River, NJ: Prentice Hall PTR,

1995. (ISBN 0-13-132192-7)

TCP/IP Illustrated, Volume 1: The Protocols. W. Richard Stevens. Reading, MA:
Addison-Wesley Publishing Company. 1994. (ISBN 0-201-63346-9)

About This Guide xv

Document Conventions

TCP/IP Network Administration. Craig Hunt. Sebastopol, CA: O’Reilly & Associates, Inc.

1994. (ISBN 0-937175-82-X)

Document Conventions

The following conventions are used in this guide:

Convention Use Examples

Bold font Indicates a user

entry—a
command, menu
option, button, or
key—or the name
of a file, directory,
or utility, except
in code samples.

Italic font Identifies a

command-line
placeholder.
Replace with a
real name or
value.

Square brackets ([ ]) Enclose optional

keywords and
values in
command syntax.

Curly braces ({ }) Enclose a

required choice
between
keywords and/or
values in
command syntax.

• Enter version to display the version

number.

• Press Enter.

•Open the permit_list file.

• set Ether0 address Ipaddress

•Replace Area with the name of the
OSPF area.

• set nameserver [2] Ipaddress

• set S0 destination Ipaddress

[Ipmask]

set syslog Logtype {[disabled]
[Facility.Priority]}

Vertical bar (|) Separates two or

more possible
options in
command syntax.

• set S0|W1 ospf on|off

• set S0 host

default|prompt|Ipaddress

Document Advisories

Note – means take note. Notes contain information of importance or special interest.

✍

Caution – means be careful. You might do something—or fail to do something—that

!

xvi PortMaster 4 Configuration Guide

results in equipment failure or loss of data.

Contacting Lucent Remote Access Technical Support

Warning – means danger. You might do something—or fail to do something—that
results in personal injury or equipment damage.

Contacting Lucent Remote Access Technical Support

The PortMaster comes with a 1-year hardware warranty.

For all technical support requests, record your PortMaster ComOS version number and
report it to the technical support staff or your

New releases and upgrades of PortMaster software are available by anonymous FTP from
ftp://ftp.livingston.com/pub/le/.

In North America you can schedule a 1-hour software installation appointment by
calling the technical support telephone number listed below. Appointments must be
scheduled at least one business day in advance.

authorized sales channel partner

For the EMEA Region

.

If you are an Internet service provider (ISP) or other end user in Europe, the Middle
East, Africa, India, or Pakistan, contact your local Lucent Remote Access sales channel
partner. For a list of authorized sales channel partners, see the World Wide Web at
http://www.livingston.com/International/EMEA/distributors.html.

If you are an authorized Lucent Remote Access sales channel partner in this region,
contact the Lucent Remote Access EMEA Support Center Monday through Friday
between the hours of 8 a.m. and 8 p.m. (GMT+1), excluding French public holidays.

• By voice, dial +33-4-92-92-48-48.

• By fax, dial +33-4-92-92-48-40.

• By electronic mail (email) send mail to emea-support@livingston.com.

For North America, Latin America, and the Asia Pacific Region

Contact Lucent Remote Access Monday through Friday between the hours of 7 a.m.
and 5 p.m. (GMT –8).

• By voice, dial 800-458-9966 within the United States (including Alaska and
Hawaii), Canada, and the Caribbean, or +1-925-737-2100 from elsewhere.

• By fax, dial +1-925-737-2110.

• By email, send mail as follows:

– From North America and Latin America to support@livingston.com.

– From the Asia Pacific Region to asia-support@livingston.com.

• Using the World Wide Web, see http://www.livingston.com/.

About This Guide xvii

PortMaster Training Courses

PortMaster Training Courses

Lucent Remote Access offers hands-on, technical training courses on PortMaster
products and their applications. For course information, schedules, and pricing, visit the
Lucent Remote Access website at
http://www.livingston.com/tech/training/index.html.

Subscribing to PortMaster Mailing Lists

Lucent Remote Access maintains the following Internet mailing lists for PortMaster
users:

• portmaster-users—a discussion of general and specific PortMaster issues, including
configuration and troubleshooting suggestions. To subscribe, send email to
majordomo@livingston.com with subscribe portmaster-users in the body of
the message.

The mailing list is also available in a daily digest format. To receive the digest, send
email to majordomo@livingston.com with subscribe portmaster-users-digest
in the body of the message.

• portmaster-radius—a discussion of general and specific RADIUS issues, including
configuration and troubleshooting suggestions. To subscribe, send email to
majordomo@livingston.com with subscribe portmaster-radius in the body of
the message.

The mailing list is also available in a daily digest format. To receive the digest, send
email to majordomo@livingston.com with subscribe
portmaster-radius-digest in the body of the message.

• portmaster-announce—announcements of new PortMaster products and software
releases. To subscribe, send email to majordomo@livingston.com with subscribe
portmaster-announce in the body of the message. All announcements to this list
also go to the portmaster-users list. You do not need to subscribe to both lists.

xviii PortMaster 4 Configuration Guide

This chapter discusses the following topics:

• “PortMaster Software” on page 1-1

• “Preconfiguration Planning” on page 1-2

• “Setting the View” on page 1-3

• “Configuration Tips” on page 1-3

• “Basic Configuration Steps” on page 1-4

PortMaster Software

All PortMaster products are shipped with the following software:

• ComOS®—The communication software operating system already loaded in
nonvolatile RAM (also called Flash RAM) on each PortMaster. You can use the
ComOS command line interface to configure your PortMaster through a console.

Introduction 1

• PMVision™—A graphical user interface (GUI) companion to the ComOS command
line interface for Microsoft Windows, UNIX, and other platforms that support the
Java Virtual Machine (JVM). Because PMVision also supports command entry, you
can use a combination of GUI panels and ComOS commands to configure, monitor,
and debug a PortMaster. When connected to one or more PortMaster products,
PMVision allows you to monitor activity and edit existing configurations. PMVision
replaces the PMconsole interface to ComOS.

This application and other Java-based configuration tools for the PortMaster are
available via anonymous FTP at
ftp://ftp.livingston.com/pub/livingston/software/java/.

• pmd or in.pmd—The optional PortMaster daemon software that can be installed
on UNIX hosts to allow the host to connect to printers or modems attached to a
PortMaster. The daemon also allows the PortMaster to multiplex incoming users
onto the host using one TCP stream instead of multiple streams like rlogin. The
daemon is available for SunOS, Solaris, AIX, HP-UX, and other platforms.

For installation and configuration instructions, copy the PortMaster software to the
UNIX host as described on the PortMaster Software CD package.

• RADIUS—The RADIUS server daemon, radiusd, runs on UNIX systems, providing
centralized authentication for dial-in users. The radiusd daemon is provided to
customers in binary and source form for SunOS, Solaris, Solaris/X8.6, AIX, HP-UX,
IRIX, Alpha OSF/1, Linux, and BSD/OS platforms.

For installation and configuration instructions, see the RADIUS for Windows NT

Administrator’s Guide and RADIUS for UNIX Administrator’s Guide.

1-1

Preconfiguration Planning

• ChoiceNet—ChoiceNet is a security technology invented by Lucent to provide a
traffic filtering mechanism for networks using dial-up remote access, synchronous
leased line, or Ethernet connections. When used with RADIUS, ChoiceNet provides
exceptional flexibility in fine-tuning the level of access provided to users.

For installation and configuration instructions, see the ChoiceNet Administrator’s
Guide.

Preconfiguration Planning

Before the PortMaster can be used to connect wide area networks (WANs), you must
install the hardware using the instructions in the PortMaster 4 Installation Guide.

This configuration guide is designed to introduce the most common configuration
options available for the PortMaster 4. Review this material before you configure your
PortMaster and, if possible, answer the following questions:

• What general configuration do you want to implement?

• Do you want to use a synchronous connection to a high-speed line?

• Will your high-speed lines use Frame Relay, ISDN, switched 56Kbps, or PPP?

• If you want dial-on-demand routing, do you want multiline load-balancing?

• Do you want Multilink Point-to-Point Protocol (PPP) (RFC 1717)?

• Do you want packet filtering for Internet connections?

• Do you want packet filtering for connections to other offices?

• Do you want dial-in users to use Serial Line Internet Protocol (SLIP), PPP, or both?

• If you use PPP, do you want Password Authentication Protocol (PAP) or Challenge
Authentication Protocol (CHAP) authentication?

• Are you using a name service—Domain Name System (DNS) or Network
Information Service (NIS)?

• Have you obtained the necessary network addresses?

• Do you want to enable Simple Network Management Protocol (SNMP) for network
monitoring?

• Do you want dial-in only, dial-out only, or two-way communication on each port?

• What characteristics do you want to assign to the dial-out locations?

• How do you want to configure dial-in users?

• Do you want to use RADIUS or the internal user table on the PortMaster to
authenticate dial-in users?

• Do you want to use ChoiceNet to filter network traffic?

• Do you want to use the console port for administration functions, or do you want to
attach an external modem to the port?

1-2 PortMaster 4 Configuration Guide

• For dial-in users, do you receive service on analog lines, ISDN Primary Rate
Interface (PRI), channelized T1, or E1?

Many other decisions must be made during the configuration process. This guide
discusses the various configuration options and their implications.

Setting the View

The PortMaster 4 operates via the modules and boards installed in its slots. The system
manager module installed in slot 4 provides overall (global) management for the entire
chassis.

To monitor and configure a particular module or board, you use the set view command
to set the view to the slot of the installed board or module. The default view is slot 4,
which is the manager view.

Because the Ethernet interfaces on a PortMaster 4 are numbered uniquely, you can
configure them from any view. However, you must reboot Ether0 and reset the
appropriate slot for the other Ethernet interfaces to activate configuration settings.

Except for the manager module, for which the command line prompt displays no
number, the prompt indicates the view you are in. For example:

Setting the View

Command> set view 3
View changed from 4 to 3
Command 3> set view 4
View changed from 3 to 4
Command>

The save all command saves all configuration information for all boards regardless of
what view is set.

Configuration Tips

PortMaster configuration can be confusing because settings can be configured for a port,
a user, or a remote location. Use Table 1-1 to determine how to configure your
PortMaster.

Table 1-1 PortMaster Configuration Tips

If You Are Configuring . . . Then Configure Settings on . . .

A network hardwired port or
hardwired multiline load
balancing

One or more ports for dial-out
operation

The port

Dial-out locations using the location table

One or more ports for dial-in
operation

A callback network user The callback location in the location table (refer

Introduction 1-3

Dial-in users using the user table or RADIUS

to the location name in the user table)

Basic Configuration Steps

Basic Configuration Steps

The exact PortMaster configuration steps you follow depend upon the hardware you are
installing and your network configuration. However, the following general configuration
steps are the same for all PortMaster products:

1. Install the PortMaster hardware and assign an IP address and a password
as described in the PortMaster 4 Installation Guide.

2. Boot the system and log in with the administrative password.

You can configure the PortMaster from a terminal attached to the console port,
through an administrative Telnet session, or through a network connection.

Note – This configuration guide assumes that you have completed Step 1 and Step 2

✍

and does not give details on hardware installation, IP address assignment, or
administrative password assignment.

3. If you want to use PMVision software to configure your PortMaster, install
it on a workstation anywhere on your network.

PMVision is available via anonymous FTP at
ftp://ftp.livingston.com/pub/livingston/software/java/. See the PMVision
online help for information on using PMVision.

4. Configure the global settings.

PortMaster global settings are described in Chapter 2, “Configuring Global Settings.”

5. Configure the Ethernet settings, and configure the IP protocol settings for
your network.

PortMaster Ethernet settings are described in Chapter 4, “Configuring an Ethernet
Interface.”

6. Configure the synchronous ports.

PortMaster synchronous port settings are described in Chapter 6, “Configuring a
Synchronous WAN Port.”

7. Configure T1, E1, and ISDN PRI connections.

ISDN PRI connection configuration is described in Chapter 10, “Configuring T1, E1,
and ISDN PRI” and Chapter 11, “Configuring a T3 Mux Board.”

8. Configure dial-in users in the user table, or configure RADIUS.

The user table is described in Chapter 5, “Configuring Dial-In Users.” If you are
using RADIUS security instead of the user table, see the RADIUS for Windows NT
Administrator’s Guide or RADIUS for UNIX Administrator’s Guide.

9. Configure ChoiceNet, if you are using it.

ChoiceNet is a traffic filtering mechanism for networks using dial-up remote access,
synchronous leased line, or Ethernet. Refer to the ChoiceNet Administrator’s Guide for
more information.

1-4 PortMaster 4 Configuration Guide

Basic Configuration Steps

10. Configure dial-out locations in the location table.

The location table is described in Chapter 7, “Configuring Dial-Out Connections.”

11. Configure filters in the filter table.

Once the filters are created, they can be assigned as input or output filters for the
Ethernet interface, users, locations, or hardwired ports. Filters are described in
Chapter 8, “Configuring Filters.”

12. Configure the Layer 2 Tunneling Protocol (L2TP) if you are setting up an
L2TP tunnel to an L2TP-compatible router.

See the PortMaster 4 Command Line Reference for information on the L2TP commands.

13. Configure OSPF, if you are using this protocol.

OSPF is described in the PortMaster Routing Guide.

14. Configure BGP, if you are using this protocol.

BGP is described in the PortMaster Routing Guide.

15. Troubleshoot your configuration, if necessary, and back it up.

See the troubleshooting information in this guide and the PortMaster Troubleshooting
Guide for instructions.

Once you have correctly configured all the settings necessary for your circumstances,
your PortMaster is ready to provide communication service and routing for your
network.

Introduction 1-5

Basic Configuration Steps

1-6 PortMaster 4 Configuration Guide

Configuring Global Settings 2

This chapter describes how to configure settings that the PortMaster 4 uses across all its
ports and interfaces.

This chapter discusses the following topics:

• “Setting the View” on page 2-2

• “Configuring Name Resolution” on page 2-2

• “Setting the Telnet Port” on page 2-3

• “Setting Management Application Connections” on page 2-4

• “Setting System Logging” on page 2-4

• “Setting Administrative Logins to Serial Ports” on page 2-6

• “Setting the Chassis” on page 2-6

• “Configuring Local IP Addresses” on page 2-6

• “Configuring an IP Address Pool” on page 2-8

• “Setting the Reported IP Address” on page 2-9

• “Configuring Named IP Pools” on page 2-9

• “Setting the Dynamic Host Control Protocol (DHCP) Server” on page 2-13

• “Displaying the Routing Table” on page 2-16

• “Setting Static Routes” on page 2-17

• “Setting Authentication for Dial-In Users” on page 2-21

• “Setting Call-Check Authentication” on page 2-21

• “Setting the ISDN Switch” on page 2-22

• “PortMaster Security Management” on page 2-22

See the PortMaster 4 Command Line Reference for more detailed command descriptions and
instructions.

You can also configure the PortMaster 4 using the PMVision application for Microsoft
Windows, UNIX, and other platforms supporting the Java Virtual Machine (JVM).
PMVision replaces the PMconsole interface to ComOS.

2-1

Setting the View

Setting the View

You configure global settings from the manager view. If you are not already in slot 4
(the default), use the following command to set the view to slot 4:

Command 3> set view 4
View changed form 3 to 4
Command>

Configuring Name Resolution

You can use either a network name service or the host table on the PortMaster 4 to map
hostnames to IP addresses.

Using the Host Table

Each host attached to an IP network is assigned a unique IP address. Every PortMaster
supports a local host table to map hostnames to IP addresses. If your network lacks a
computer that can perform hostname resolution, the PortMaster allows entries in a local
host table. Hostnames are used by the PortMaster only for your convenience when
using the command line interface, or if you require users to enter hostnames at the host
prompt.

To avoid confusion and reduce administrative overhead, Lucent recommends using the
Domain Name System (DNS) or Network Information Service (NIS) for hostname
resolution rather than the local host table. The PortMaster always checks the local host
table before using DNS or NIS. For information on setting the NIS or DNS name service,
refer to “Setting the Name Service.”

Setting the Name Service

The PortMaster can work with network name services such as the Network Information
Service (NIS) or the Domain Name System (DNS). Appendix A, “Networking Concepts,”
describes these name services. You must explicitly identify any name service used on
your network.

The PortMaster stores all information by address rather than name. As a result,
configuring the name server is useful only if you are using the command line interface
for administration or if you prompt a login user for a host. If you are not using either of
these features, you do not need to set the name service.

To set the name service, use the following command:

Command> set namesvc dns|nis

Once the name service is set, you must set the address of your NIS or DNS name server
and enter the domain name of your network. See “Setting the Name Server” for
instructions.

2-2 PortMaster 4 Configuration Guide

Setting the Name Server

The PortMaster supports RFC 1877, which allows remote hosts also supporting
RFC 1877 to learn a name server through PPP negotiation. You must provide the IP
address of the name server if you use a name service.

You must set a name service before you set a name server. See “Setting the Name
Service.” If you are not using a name service, you do not need a name server.

To set the name server, use the following command:

Command> set nameserver Ipaddress

You can set an alternate name server with the following command:

Command> set nameserver 2 Ipaddress

You must set a domain name for your network after you set a name server. See “Setting
the Domain Name.”

You can disable the use of a name service by setting the name server’s IP address to

0.0.0.0.

Setting the Telnet Port

Setting the Domain Name

The domain name is used for hostname resolution. If you are using DNS or NIS, you
must set a domain name for your network.

To set the domain name of your network, use the following command:

Command> set domain String

Setting the Telnet Port

The Telnet access port can be set to any number between 0 and 65535. The Telnet port
enables you to access and maintain the PortMaster using a Telnet connection to this TCP
port. If 0 (zero) is used, Telnet administration is disabled. The default value is 23. Ports
numbered 10000 through 10100 are reserved and should not be used for this function.
Up to four administrative Telnet sessions at a time can be active.

To set the Telnet access port to port number Tport, use the following command:

Command> set telnet Tport

Using the Telnet Port as a Console Port

If the console port is set from a Telnet session, the current connection becomes the
console. This feature is useful for administrators who log in to a port using Telnet and
need to access the console for debugging purposes.

Note – Only one Telnet session can receive console messages at a time.

✍

Configuring Global Settings 2-3

Setting Management Application Connections

To set the current Telnet access port as a console port, enter the following command:

Command> set console

Setting Management Application Connections

PMVision, ChoiceNet, and the ComOS utilities pmdial, pmcommand, pminstall,
pmreadconf, pmreadpass, and pmreset all use port 1643. For more than one of

these applications to connect at the same time, you must set the maximum number of
connections to two or more. The maximum is 10 connections.

If you use ChoiceNet to download filters dynamically, be sure to set the maximum
number of connections to 10.

To set the maximum number of concurrent connections for management applications
into the PortMaster, use the following command:

Command> set maximum pmconsole Number

Setting System Logging

PortMaster products enable you to log authentication information to a system log file for
network accounting purposes.

Setting the Loghost

To set the IP address of the loghost—the host to which the PortMaster sends syslog
messages—use the following command:

Command> set loghost Ipaddress

Note – Do not set a loghost at a location configured for on-demand connections,

✍

because doing so keeps the connection up or brings up the connection each time a
syslog message is queued for the syslog host.

Setting the loghost’s IP address to 0.0.0.0 disables syslog on the PortMaster. This change
requires a reboot to become effective.

RADIUS accounting provides a more complete method for logging usage information.
Refer to the RADIUS for Windows NT Administrator’s Guide and RADIUS for UNIX

Administrator’s Guide for more information on accounting.

Disabling and Redirecting Syslog Messages

By default, the PortMaster logs five types of events at the informational (info) priority
level using the authorization (auth) facility on the loghost. You can disable logging of
one or more types of events and change the facility and/or priority of log messages.

To disable logging of a type of event, use the following command:

Command> set syslog Logtype disabled

2-4 PortMaster 4 Configuration Guide

Setting System Logging

Use the Logtype keyword described in Table 2-1 to identify the type of event you want to
disable—or enable again.

Table 2-1 Logtype Keywords

Logtype
Keyword Description

admin-logins !root and administrative logins.

user-logins Nonadministrative logins; you might want to disable this

logtype if you are using RADIUS accounting.

packet-filters Packets that match rules with the log keyword.

commands Every command entered at the command line interface.

termination More detailed information on how user sessions terminate.

You can change the facility, the priority, or both, of log messages.

To change the facility or priority of log messages, use the following command. Be sure to
separate the Facility and Priority keywords with a period (.).

Command> set syslog Logtype Facility.Priority

The facility and priority can be set for each of the five types of logged events listed in
Table 2-1.

Table 2-2 and Table 2-3 show the keywords used to identify facilities and priorities.
Lucent recommends that you use the auth facility or the local0 through local7
facilities to receive syslog messages from PortMaster products, but all the facilities are
provided. See your operating system documentation for information on configuring
syslog on your host.

Table 2-2 Syslog Facility Keywords

Facility Facility Number Facility Facility Number

kern 0 cron 15

user 1 local0 16

mail 2 local1 17

daemon 3 local2 18

auth 4 local3 19

syslog 5 local4 20

lpr 6 local5 21

news 7 local6 22

uucp 8 local7 23

Configuring Global Settings 2-5

Setting Administrative Logins to Serial Ports

Table 2-3 Syslog Priority Keywords

Priority Number Typically Used For

emerg 0 Messages indicating the system is

alert 1 Messages announcing action that must

crit 2Critical messages

err 3Error messages

warning 4 Warning messages

notice 5 Normal but significant messages

info 6 Informational messages

debug 7 Debug-level messages

To determine current syslog settings, enter the following command:

Command> show syslog

unusable

be taken immediately

Setting Administrative Logins to Serial Ports

When you log in using !root, administrative logins to the serial ports are enabled by
default. You can enable or disable administrative logins them by using the following
command

If administrative login is disabled, you can still use port C0 by setting the console
(bottom) DIP switch to the left (on) position.

:

Command> set serial-admin on|off

Setting the Chassis

When you use the PortMaster 4 as an AnyMedia™ MultiService Module (MSM), you
must specify the chassis type for PMVision to be able to display it. Use the following
command to set the PortMaster 4 as an MSM:

Command> set chassis msm-rac

Use the save all command to save changes to nonvolatile RAM. The chassis is identified
as a PortMaster 4 by default.

Configuring Local IP Addresses

The PortMaster 4 supports up to four internal routable IP addresses, which the
PortMaster advertises as host routes through RIP-2 and the Open Shortest Path First
(OSPF) routing protocol. When you configure a local IP address, it becomes the
PortMaster global address for network handles such as RADIUS, the Domain Name
System (DNS), SNMP, the intermachine trunk (IMT), and bootp. By referencing an IP
address instead of an interface, you do not lose the service if the interface goes down.

2-6 PortMaster 4 Configuration Guide

With the local IP address feature, you can specify the Ethernet interface the PortMaster
uses as the default service address. For example, if RADIUS and the Signaling
System 7 (SS7) gateway are on a private network range attached to Ether0, you can use
the Ether0 address as the first local IP address.

IPCP Negotiation

During PPP negotiations for the IP Control Protocol (IPCP), the PortMaster 4 uses the
following order of precedence when choosing an IP address to identify itself:

1. The Local IP address configured in the user profile, if set

2. The global reported IP address, if set

3. The first global local IP address, if set

4. The second global local IP address, if set

5. The third global local IP address, if set

6. The fourth global local IP address, if set

Configuring Local IP Addresses

7. The IP address of Ether1

8. The IP address of Ether0

Main IP Address

When the PortMaster creates an IP packet, it must identify itself by placing a source
address in the IP header. To do so, the PortMaster chooses either the main IP address or
the nearest IP address, depending on the service used. The main IP address is chosen in
the following order, but the nearest IP address is the IP address of the interface on which
the packet exits the PortMaster 4:

1. The first global local IP address, if set

2. The second global local IP address, if set

3. The third global local IP address, if set

4. The fourth global local IP address, if set

5. The IP address of Ether1

6. The IP address of Ether0

The following services use the main IP address:

•syslog

• traceroute

•telnet

• DNS

Configuring Global Settings 2-7

Configuring an IP Address Pool

• RADIUS authentication and accounting

•ChoiceNet

The following services use the nearest IP address:

•ping

•OSPF

•RIP

•rlogin

The global local IP address settings can be displayed with the show global and show
routes commands.

Setting the Local IP Address

To assign the PortMaster 4 IP addresses that are not limited by network interfaces, use
the following command:

Command> set local-ip-address [1|2|3|4] Ipaddress

For example, to set the local IP address to 10.112.34.17, enter the following command:

Command> set local-ip-address 10.112.34.17
Local IP Address (1) changed from 0.0.0.0 to 10.112.34.17

To set 192.168.54.6 as the second local IP address on the same PortMaster, enter the
following:

Command> set local-ip-address 2 192.168.54.6
Local IP Address (2) changed from 0.0.0.0 to 192.168.54.6

Use the show global command to view local IP addresses.

Configuring an IP Address Pool

You can dynamically assign IP addresses to PPP or SLIP dial-in users. By assigning
addresses as needed from a pool, the PortMaster requires fewer addresses than if each
user is assigned a specific address. When a dial-in connection is closed, the address goes
back into the pool and can be reused.

When creating an address pool, you explicitly identify the first address in the sequence
of addresses available for temporary assignment. The PortMaster allocates one address in
the pool of addresses for each port configured for network dial-in.

To set the value of the first IP address to assign for dial-in ports, use the following
command:

Command> set assigned_address Ipaddress

The default number of addresses available for the address pool is equal to the number of
ports configured for network dial-in. The address pool size is determined during the boot
process. You can also set the number of IP addresses assigned to the pool with the set
pool command.

2-8 PortMaster 4 Configuration Guide

To limit the size of the IP address pool, use the following command:

Command> set pool Number

Note – If you decrease the number of addresses in the pool, you must reboot the

✍

PortMaster for the change to take effect.

Setting the Reported IP Address

Some sites require a number of different PortMaster devices to appear as a single IP
address to other networks. You can set a reported address different from the Ether0 or
Ether1 address. For PPP connections, this address is reported to the outside and placed
in the PPP startup message during PPP negotiation. For SLIP connections, this address is
reported and placed in the SLIP startup message during SLIP startup.

To set a reported IP address, use the following command:

Command> set reported_ip Ipaddress

Configuring Named IP Pools

Setting the Reported IP Address

✍

With the IP pool feature, you can set up multiple dynamically assigned address pools on
the PortMaster. Each IP pool contains four elements.

• Name—a character string that uniquely identifies an IP pool. By identifying an IP
pool by name instead of by base IP address, you can use a single name for an entire
network system but assign different base IP addresses for each network access server
in the system.

• IP address—the base IP address of a pool. When dynamically assigning addresses to
users, the PortMaster begins with the base address and increments up to the size of
the pool.

• Netmask—the size of the address pool.

• Gateway—the IP address of the pool gateway.

Note – Configuration information for IP pool is stored in the file /manager/ippools. If
you use the erase command to delete this file, you remove the entire IP pool.

The named IP pools feature introduces a new RADIUS attribute (193) that takes a string
corresponding to a name in the IP pool table. You must configure a user profile for
named IP pools through RADIUS. The PortMaster does not support IP pools in the local
user table.

This section describes how to set up named IP pools and includes the following topics:

• “How PortMaster Address Assignment Works” on page 2-10

• “Displaying Named IP Pool Information” on page 2-10

• “Creating Named IP Pools” on page 2-10

• “Creating a Default IP Pool” on page 2-11

• “Resetting the IP Pool” on page 2-11

Configuring Global Settings 2-9

Configuring Named IP Pools

• “Deleting Named IP Pools” on page 2-11

• “Setting Address Ranges” on page 2-12

• “Setting a Named IP Pool Gateway” on page 2-13

• “Setting Named IP Pools in RADIUS” on page 2-13

How PortMaster Address Assignment Works

The order of priority for address assignment is as follows for a user dialing in and
expecting to receive an address from an assigned pool:

1. If a named IP pool is configured in the pool table and the RADIUS user profile has
the IP-Pool-Name attribute configured for the user, the PortMaster assigns an
address from the named IP pool.

2. If the IP-Pool-Name attribute is not configured in the RADIUS user profile and an
address range is configured for the Quad T1 or Tri E1 board that the user comes in
on, the PortMaster assigns the user an address from the address range configured for
the Quad T1 or Tri E1 board.

3. If the IP-Pool-Name attribute is not configured in the RADUS user profile and the
Quad T1 or Tri E1 board’s assigned range is set to 0.0.0.0, and a default IP pool is
configured in the pool table, the PortMaster assigns the user an address from the
address range specified for the default IP pool.

Displaying Named IP Pool Information

Use the show table ippool command to display IP pool configuration information. For
example, to display the configuration for an entire IP pool and to view all entries, enter
the following command:

Command> show table ippool
Name: livermore Default Gateway: 10.23.45.56
Address/netmask Gateway

------------------ -----------------

192.168.1.0/29 0.0.0.0

192.168.2.253/30 0.0.0.0

192.168.3.50/25 0.0.0.0

10.4.5.0/24 192.168.222.3

Refer to your RADIUS documentation for information about modifying a RADIUS
dictionary.

Creating Named IP Pools

To add a named IP pool to the pool table, use the following command:

Command> add ippool Name

An IP pool name can contain up to 31 characters. There is no limit to the number of IP
pool entries you can configure. When you add a named IP pool to the pool table on the
PortMaster, you must also add the IP-Pool-Name attribute to the RADIUS user profile.

2-10 PortMaster 4 Configuration Guide

(See “Setting Named IP Pools in RADIUS” on page 2-13.) If you do not want to
configure a RADIUS user profile, you can create a default IP pool. (See “Creating a
Default IP Pool.”)

Creating a Default IP Pool

When you configure a named IP pool, you must also add the IP-Pool-Name attribute to
the RADIUS user profile. If you do not want to configure a RADIUS user profile with a
named IP pool, you can create a default IP pool. When you create a default IP pool, a
user dialing in receives an address from the address range specified in the default IP
pool, unless you also have an IP address range configured on the Quad T1 or Tri E1
board the user comes in on.

To add a default IP pool to the pool table, enter the following command:

Command> add ippool default

Resetting the IP Pool

Whenever you make changes to the IP pool table, you must reset the pool for the
changes to take effect.

Configuring Named IP Pools

Command> reset ippool

Resetting the IP pool causes the PortMaster to convert address ranges into summarized
routes for propagation through the routing protocols.

Note – After you issue the reset ippool command, the routing protocols can take a

✍

short while to replace the old routes.

Deleting Named IP Pools

To remove an address range from a named IP pool, or to remove the IP pool entirely,
use the following command:

Command> delete ippool Name address-range Ipaddress|all

For example, to delete an IP pool named livermore with the address range 192.168.1.0,
enter the following command:

Command> delete ippool livermore address-range 192.168.1.0
Range 192.168.1.0 in livermore successfully deleted

To remove the entire IP pool entry, for example, livermore, enter the following
command:

Command> delete ippool livermore all
Pool livermore successfully deleted

Remember to enter the reset ippool command to make the changes take effect.

Configuring Global Settings 2-11

Configuring Named IP Pools

Setting Address Ranges

The PortMaster assigns addresses to users from address ranges that you set for named IP
pools with the following command:

Command> set ippool Name Ipaddress/NM|Ipaddress Netmask [Gateway]

You can specify up to eight address ranges for each IP pool. When you specify multiple
ranges, the earlier ranges are preferred over later ranges.

As the syntax of the set ippool command indicates, an address range must have a
netmask associated with it. The address-netmask pair can be expressed as a dotted
decimal base IP address followed by a mask number between 1 and 30 (for example,

192.168.1.0/24), or by the older dot-separated netmask notation (for example,

192.168.1.0 255.255.255.0). Because the first and last addresses in a range are used for

the network and for broadcast and are not assigned, netmasks of /31 and /32
(255.255.255.254 and 255.255.255.255) are not valid.

For example, to assign a range of 254 address to an IP pool named livermore, enter the
following command:

Command> set ippool livermore address-range 192.168.1.0/24
Range 192.168.1.0/24 256 with gateway 0.0.0.0 add to livermore

Although the output to this command indicates a range size of 256 address as specified
by the /24 netmask, only 254 of these addresses are available to be assigned to users.
The first and last addresses are not assigned. The base (second) address in the range is
incremented as addresses are assigned. Remember to enter the reset ippool command
whenever you make changes to the IP pool.

This same address range can be expressed using the dot-separated netmask notation as
follows:

Command> set ippool livermore address-range 192.168.1.0 255.255.255.0
Range 192.168.1.0/24 256 with gateway 0.0.0.0 add to livermore

Setting an Address Range Gateway

As the syntax of the set ippool command indicates, you can optionally assign a default
gateway address to an address range. For example, to set 10.34.56.78 as the default
gateway for IP pool livermore with address range 192.168.1.0/24, enter the following
command:

Command> set ippool livermore address-range 192.168.1.0/24 10.34.56.78
Range 192.168.1.0/24 256 with gateway 10.34.56.78 add to livermore

Always reset the pool when you make changes to the named IP pool.

Command> reset ippool

The default gateway functions as a crossbar IP address. See the PortMaster 4 Command
Line Reference for details about how to configure crossbar IP address for an interface,

user, or location.

2-12 PortMaster 4 Configuration Guide

Setting the Dynamic Host Control Protocol (DHCP) Server

When a packet comes in from a user whose address includes an assigned gateway, the
PortMaster does not consult the forwarding table but forwards the packet to the
gateway address. If a gateway address is not assigned to a range, the range uses the
default gateway address of the IP pool. If the IP pool is not assigned a default gateway
address, no crossbar IP address is used and the PortMaster consults the forwarding table.

Setting a Named IP Pool Gateway

Use the following command to set a default gateway for the entire named IP pool:

Command> set ippool Name default-gateway Gateway

Always reset the pool when you make changes to the named IP pool.

Command> reset ippool

When a packet comes in from a user whose address includes an assigned gateway, the
PortMaster does not consult the forwarding table but forwards the packet to the
gateway address. If a gateway address is not assigned to a range, the range uses the
default gateway address of the IP pool. If the IP pool is not assigned a default gateway
address, no crossbar IP address is used and the PortMaster consults the forwarding table.

The default gateway functions as a crossbar IP address. See the PortMaster 4 Command
Line Reference for details about how to configure crossbar IP for an interface, user, or
location.

Setting Named IP Pools in RADIUS

You must modify the RADIUS dictionary to enable named IP pools. You cannot
configure the local user table on the PortMaster for named IP pools. To enable named IP
pools, add the following line to the RADIUS dictionary:

ATTRIBUTE Ip-Pool-Name 193 string

The following example shows a RADIUS user profile using an IP pool named livermore:

homers Password = "kwyjibo"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Ip-Pool-Name = livermore

Setting the Dynamic Host Control Protocol (DHCP) Server

The set dhcp server command supports the Cable Modem Telephone Return Interface
Specification (CMTRIS) developed by the Multimedia Cable Network System (MCNS)
Partners Limited. The CMTRIS solves the problem of limited upstream bandwidth in a
cable modem system by providing for the use of a standard telephone interface for
upstream traffic. Downstream traffic travels on the coaxial cable.

Configuring Global Settings 2-13

Setting the Dynamic Host Control Protocol (DHCP) Server

The specification requires that a cable modem be able to use the telephone interface to
request and receive the cable interface address and configuration information via a
dynamic host control protocol (DHCP) request.

Use the following command to configure the PortMaster 4 to forward a DHCP request
from a cable modem to the DHCP server:

Command> set dhcp server address

Note – ComOS does not support DHCP requests over Ethernet—nor requests from a

✍

PortMaster 2Ei or a PortMaster ISDN Office Router (OR-U) used for dial-up.

How the Cable Modem Telephone Return System Works

After you set the IP address of the DHCP server on the PortMaster 4, the cable modem
dynamically configures itself so that all subsequent data travels upstream via the
telephone interface, and downstream on the coaxial cable.

Figure 2-1, using sample IP addresses, illustrates the series of events that begin upon
startup and culminate in the dynamic configuration of the cable modem.

2-14 PortMaster 4 Configuration Guide

Setting the Dynamic Host Control Protocol (DHCP) Server

Figure 2-1 Cable Modem Telephone Return Interface Startup

4

IP Packet
DST 192.168.33.10
SRC

10.66.98.96

DHCP Response
Coaxial cable interface
address = 172.16.98.67
Configuration info.

DST 10.66.98.96
SRC
DHCP Request

2

IP Packet
DST 255.255.255.255
SRC

192.168.33.10

DHCP Request

3

IP Packet

192.168.33.10

Cable modem
router

Internet

asynchronous

1

Telephone interface

PPP connection

192.168.33.10

172.16.98.67

Coaxial cable
interface

5

Dynamic configuration

AN

W

PM4

10.66.98.96

DHCP server

WAN

Cable
headend

11820024

1. Using the telephone interface, the cable modem dials the PortMaster 4 and
establishes a PPP connection. The PortMaster 4 assigns IP address 192.168.33.10 to
the telephone interface of the cable modem.

2. Using the telephone interface, the cable modem broadcasts a DHCP request. The
destination of the request is 255.255.255.255 and the source is 192.168.33.10.

3. The PortMaster 4 forwards the request to the DHCP server by substituting the IP
address of the DHCP server (10.66.98.96) for the broadcast destination address.

Configuring Global Settings 2-15

Displaying the Routing Table

4. The DHCP server responds with configuration information for the cable modem and
an IP address (172.16.98.67) for the coaxial cable interface on the cable modem.

5. Using the configuration information received from the DHCP server, the cable
modem dynamically assigns 172.16.98.67 to the cable interface, and configures the
cable modem so that upstream IP packets leave the cable modem via the telephone
interface with the IP address of the cable interface (172.16.98.67) as the source
address. Because packets now carry the source address of the cable interface,
response to these packets travels via the coaxial cable.

ComOS does not add routes to its table when forwarding or returning DHCP requests. It
transparently forwards and returns DHCP requests from dial-in clients to the specified
server.

To view DHCP relaying information, use the set console command followed by the set
debug 0x81 command. See the PortMaster Troubleshooting Guide for debugging
information.

To disable DHCP reply information, enter the following command:

Command> set dhcp server 0.0.0.0.

The PortMaster 4 does not forward packets to the address 255.255.255.255.

Displaying the Routing Table

Use the following command to display the IP routing table entries:

Command> show routes [String|Prefix/NM]

You can replace String with ospf or bgp to display only OSPF or BGP routes. Replacing
Prefix/NM with an IP address prefix and netmask displays only routes to that destination.

Enter the IP address prefix in dotted decimal format and the netmask as a number from
1 to 32, preceded by a slash—for example, /24. The netmask indicates the number of
high-order bits in the IP prefix.

To display the IPX routing table entries, enter the following command:

Command> show ipxroutes

Note – The PortMaster 4 supports the IPX protocol when running ComOS 4.1 or later.

✍

IPX is not supported in ComOS 4.0.

The routes appear in the following order:

1. Default route

2. Host routes

3. Network routes

4. Expired routes that are no longer being advertised

2-16 PortMaster 4 Configuration Guide

Setting Static Routes

Static routes provide routing information unavailable from the Routing Information
Protocol (RIP), Open Shortest Path First (OSPF) protocol, or Border Gateway Protocol
(BGP). RIP, OSPF, or BGP might not be running for one of the following two reasons.

• Network administrators choose not to run RIP, OSPF, or BGP.

• Hosts connected to the PortMaster do not support RIP, OSPF, or BGP.

Separate static routes tables are maintained for IP and for IPX, which you display with
the show routes and show ipxroutes commands.

You construct a static route table manually on a PortMaster by adding and deleting static
routes as described in the following sections. Refer to the PortMaster Routing Guide for
information about routing and static routes.

Adding and Deleting a Static Route for IP

A static route for IP contains the following items:

Setting Static Routes

✍

• Destination—The IP address prefix of the host or the number of the IPX network
to which the PortMaster will be routing.

• Netmask —The static netmask in use at the destination. See “Modifying the Static
Netmask Table” on page 2-18 for more information about netmasks.

• Gateway—The address of a locally attached router where packets are sent for
forwarding to the destination.

• Metric—The number of routers (or hops) a packet must cross to reach its
destination. The metric represents the cost of sending the packet through the
gateway to the specified destination.

Note – Never set the gateway for the PortMaster to an address on the same PortMaster;
the gateway must be on another router.

Use the following commands to add a static route for IP:

Command> add route Ipaddress[/NM] Ipaddress(gw) Metric
Command> save all

Use the following commands to delete a static route for IP:

Command> delete route Ipaddress[/NM] Ipaddress(gw)
Command> save all

You can delete only static routes.

Configuring Global Settings 2-17

Setting Static Routes

Adding and Deleting a Static Route for IPX

A static route for IPX contains the following items:

• Destination—The number of the IPX network to which the PortMaster will be

routing.

• Gateway—The address of a locally attached router where packets are sent for

forwarding to the destination.

For IPX networks, the gateway address consists of 8 hexadecimal digits for the
network address, a colon (:) and the node address of the gateway router expressed
as 12 hexadecimal digits—for example, 00000002:A0B1C2D3E4F5.

The IPX node address is usually the media access control (MAC) address on a
PortMaster.

• Metric—The number of routers (or hops) a packet must cross to reach its

destination. The metric represents the cost of sending the packet through the
gateway to the specified destination.

✍

✍

• Ticks—The time required to send the packet to its destination. Ticks are measured

in 50ms increments.The ticks metric is used in addition to the hops metric only on
IPX networks.

Note – Never set the gateway for the PortMaster to an address on the same PortMaster;
the gateway must be on another router.

Use the following commands to add a static route for IPX:

Command> add route Ipxnetwork Ipxaddress Metric Ticks
Command> save all

Use the following commands to delete a static route for IPX:

Command> delete route Ipxnetwork Ipxaddress
Command> save all

Use the following command to set a static default route for all IPX packets not routed by
a more specific route:

Command> set ipxgateway Network|Node Metric

Note – You can delete only static routes.

Modifying the Static Netmask Table

Note – ComOS 4.1 and later releases support both RIP-1 and RIP-2 on the PortMaster

✍

2-18 PortMaster 4 Configuration Guide

4. Earlier releases of ComOS support only RIP-1.

Setting Static Routes

The netmask table is provided to allow routes advertised by RIP-1 to remain uncollapsed
on network boundaries in cases where you want to break a network into noncontiguous
subnets. The PortMaster normally collapses routes on network boundaries as described
in RFC 1058. However, in certain circumstances where you do not want to collapse
routes, the netmask table is available.

Caution – Do not use the static netmask table unless you thoroughly understand and

!

need its function. In most circumstances its use is not necessary. Very large routing
updates can result from too much use of the netmask table, adversely affecting
performance. In most cases it is easier to use RIP-2 or OSPF instead of using the
netmask table and RIP-1. Lucent strongly recommends you use OSPF if you require
noncontiguous subnets or variable-length subnet masks (VLSMs).

For example, suppose the address of Ether0 is 172.16.1.1 with a 255.255.255.0 subnet
mask (a class B address subnetted on 24 bits) and the destination of PTP1 is

192.168.9.65 with a 255.255.255.240 subnet mask (a class C address subnetted on 28

bits). If routing broadcast is on, the PortMaster routing broadcast on Ether0 claims a
route to the entire 192.168.9.0 network. Additionally, the broadcast on PTP1 claims a
route to 172.16.0.0.

Sometimes, however, you want the PortMaster to collapse routes to some bit boundary,
other than the network boundary. In this case, you can use the static netmask table.
However, RIP supports only host and network routes, because it has no provision to
include a netmask. Therefore, if you set a static netmask in the netmask table, the
PortMaster collapses the route to that boundary instead, and broadcasts a host route
with that value. Other PortMaster routers with the same static netmask table entry
convert the host route back into a subnet route when they receive the RIP packet.

This approach works only if all the routers involved are PortMaster products, with the
following two exceptions:

• You use a netmask table entry of 255.255.255.255. In this case, the routes broadcast
as host routes really are host routes, so other vendors’ routers can use them. Keep
in mind that not all routers accept host routes.

• The other vendor’s router can convert host routes into subnet routes through some
mechanism of its own.

Uses for Static Netmasks

The most common use for the static netmask table is to split a single class C network
into eight 30-host subnets for use in assigned pools. Subnetting allows each PortMaster
to broadcast a route to the subnet instead of claiming a route to the entire class C
network. An example of that use is provided below.

The next most common use for the static netmask table is to allow dial-in users to use
specified IP addresses across multiple PortMaster products in situations where assigned
IP addresses are not sufficient. This use can result in very large routing tables and is not
recommended except where no other alternative is possible.

The netmask table can be accessed only through the command line interface. To add a
static netmask, use the add netmask command. To delete a static netmask, use the
delete netmask command. The show table netmask command shows both dynamic
netmasks and static netmasks, marking them accordingly.

Configuring Global Settings 2-19

Setting Static Routes

Note – Static routes use the netmask table entries that are in effect when the routes are
added. If the netmask table is changed, the static route must be deleted from the route

✍

table and added again.

Example of Applying Static Netmasks

Note – Lucent recommends that you use RIP-2 or OSPF in this circumstance instead of

✍

static routes.

This static netmask example assumes the following:

• You have anywhere between 8 and 250 PortMaster routers.

• You assign all the user addresses from the dynamic address assignment pools on the

• You are using 27-bit subnets of these three class C networks: 192.168.207.0,

• You are using the 192.168.206.0 network for your Ethernet.

• All PortMaster routers involved are running ComOS 3.1.2 or later.

PortMaster routers.

192.168.208.0, and 192.168.209.0.

• You do not use proxy ARP. Instead, you use your 192.168.206.0 network for the
Ethernet, and divide your other networks up among the PortMaster routers.

• Each network provides 30 addresses for the assigned pool of each PortMaster.

To create the subnets defined in this example, enter the following commands on all the
PortMaster routers:

Command> set Ether0 address 192.168.206.X (for some value of X)
Command> set gateway 192.168.206.Y (where Y points at your gateway)
Command> add netmask 192.168.207.0 255.255.255.224
Command> add netmask 192.168.208.0 255.255.255.224
Command> add netmask 192.168.209.0 255.255.255.224
Command> set Ether0 rip on
Command> save all

The netmask table collapses routes on the boundaries specified. As a result, if one
PortMaster has an assigned pool starting at 192.168.207.33, it broadcasts a host route to

192.168.207.32 instead of broadcasting a route to the 192.168.207.0 network. The other

PortMaster routers consult their own netmask tables and convert that route back into a
subnet route to 192.168.207.33 through 192.168.207.32.

If your gateway on the Ethernet is not a PortMaster product, the netmask table is not
supported. However, you can set a static route on the gateway for each of the three
destination networks for your assigned pools (192.168.207.0, 192.168.208.0, and

192.168.209.0), pointing at one of the PortMaster routers. The identified PortMaster

then forwards packets to the proper PortMaster.

If you are using an IRX running ComOS 3.2R or later as your gateway, you can
configure the netmask table on the router also. This allows your PortMaster to listen to
RIP messages from the other PortMaster routers and route directly to each of them.

2-20 PortMaster 4 Configuration Guide

Setting Authentication for Dial-In Users

You can configure the PortMaster for three authentication methods, PAP, CHAP, and
username/password login.

By default, PAP and CHAP are set to on. Dial-in users are asked to authenticate with
PAP when PPP is detected. If users refuse, they are asked to authenticate with CHAP.

If you set PAP to off, and CHAP to on, dial-in users are asked to authenticate with
CHAP. PAP authentication is neither requested nor accepted. If you set both PAP and
CHAP to off, dial-in users must authenticate with a username/password login.

To set PAP authentication, use the following command:

Command> set pap on|off

To set CHAP authentication, use the following command:

Command> set chap on|off

Setting Call-Check Authentication

Setting Authentication for Dial-In Users

✍

You can enable services without authenticating the user at the point of entry on
PortMaster products that support PRI or in-band signaling. Use the show global
command to find out if call-check is enabled on your PortMaster.

To enable the call-check feature in ComOS, you must first configure call-check user
entries on the RADIUS 2.1 server. Otherwise, the PortMaster issues a busy signal to
every call. See the RADIUS for UNIX Administrator’s Guide for more information about
RADIUS.

To enable call checking on the PortMaster, use the following command:

Command> set call-check on|off

Note – The call-check feature is off by default.

If the call-check feature is on, the PortMaster sends a ringing message to the switch
while the service information is being looked up in RADIUS.

RADIUS does one of the following:

• Rejects the message with a busy signal

• Acknowledges the call and allows the call to be completed with no special service
type determined during the call

• Allows the creation of a netdata clear channel TCP or L2TP connection to the
destination specified in the RADIUS user profile

Call-check enables the PortMaster—via RADIUS—to check the telephone number of a
caller before answering the call. The PortMaster can then hang up and call the user back
with no charge incurred for connecting the user in the first place. Alternatively, the
PortMaster can reject the call to limit the number of users who can call a given number,
such as an 800 number, or to prevent certain users from calling the number.

Configuring Global Settings 2-21

Setting the ISDN Switch

You can also use call-check to support virtual points of presence (POPs) by redirecting a
call. If a caller dials one number, the PortMaster can authenticate normally. If a caller
dials a different number, the PortMaster can accept the call and forward the caller
information through a netdata (TCP clear) or L2TP connection to an IP address and port
of your choosing, where another process handles the user.

Additionally, you can provide guest access or establish tunnels based on dial number
information services. Call checking can be done against the calling number ID (CNID) or
calling line ID (CLID) or both. The RADIUS attributes are Called-Station-Id and
Calling-Station-Id, respectively.

Setting the ISDN Switch

You can configure the switch provisioning for ISDN PRI connections to PortMaster ISDN
ports. See Chapter 10, “Configuring T1, E1, and ISDN PRI,” for details on PRI
connections.

PortMaster Security Management

The PortMaster provides security through the user table, or if configured, RADIUS
security. When a dial-in user attempts to authenticate at the login prompt, or via PAP or
CHAP authentication, the PortMaster refers to the entry in the user table that
corresponds to the user. If the password entered by the user does not match, the
PortMaster denies access with an “Invalid Login” message. If no user table entry exists
for the user and port security is off, the PortMaster passes the user on to the host
defined for that port using the selected login service. In this situation, the specified host
is expected to authenticate the user.

If port security is on and the user was not found in the user table, the PortMaster
queries the RADIUS server, if one has been configured. If the username is not found in
the user table, port security is on, and no RADIUS server is configured in the global
configuration of the PortMaster, access is denied with an “Invalid Login” message. If the
RADIUS server is queried and does not respond within 30 seconds (and neither does the
alternate RADIUS server), access is denied with an “Invalid Login” message.

If security is off, any username that is not found in the user table is sent to the port’s
host for authentication and login. If security is on, the user table is checked first. If the
username is not found and a RADIUS server is configured, RADIUS is consulted. When
you are using RADIUS security, you must use the set C0 security command to set
security to on.

Access can also be denied if the specified login service is unavailable—for example, if the
PortMaster Login Service has been selected for the user but the selected host does not
have the in.pmd PortMaster daemon installed. Access is denied with the “Host Is
Currently Unavailable” message if the host is down or otherwise not responding to the
login request.

2-22 PortMaster 4 Configuration Guide

PortMaster Security Management

If an access filter is configured on the port and the login host for the user is not
permitted by the access filter, the PortMaster refuses service with an “Access Denied”
message. If the access override parameter is set on the port, the PortMaster instructs the
user to authenticate himself, even though the default access filter is set to deny access.

Refer to the RADIUS for Windows NT Administrator’s Guide and RADIUS for UNIX

Administrator’s Guide for more information about RADIUS.

Configuring Global Settings 2-23

PortMaster Security Management

2-24 PortMaster 4 Configuration Guide

This chapter describes how to configure SNMP on the PortMaster 4 and includes the
following topics:

• “Understanding SNMP” on page 3-1

• “Livingston Extensions” on page 3-5

• “Configuring SNMP” on page 3-12

If you want to configure SNMP and are already familiar with SNMP concepts and the
Livingston extensions, go to the “Configuring SNMP” section.

Understanding SNMP

The Simple Network Management Protocol (SNMP) is an application-layer protocol that
allows devices to communicate management information. You can configure the
PortMaster to provide network and device information via SNMP to a network
management system (NMS). You must have NMS software to use SNMP.

Configuring SNMP 3

SNMP consists of the following parts:

• SNMP agent (provided in ComOS)

• SNMP manager (not provided)

• Management Information Base (MIB) (PortMaster variables provided by ComOS)

SNMP specifies the message format for exchanging information between the SNMP
manager and an SNMP agent.

The SNMP agent returns values for Management Information Base (MIB) variables that
can be changed or queried by the SNMP manager. The agent gathers information from
the MIB, which resides on the target device. MIB information can include device
parameters and network status. The agent is capable of responding to requests to get or
set data from the manager.

PortMaster products support MIB II variables as specified in RFC 1213, along with a
MIB specific to PortMaster products. SNMP management can be enabled for any
PortMaster. Lucent Remote Access ships configuration files compatible with various
network management packages along with the PMVision software.

PortMaster 4 MIB Information

The Lucent Technologies PortMaster products and PMVision support multiprotocol
carrier capacity WAN access. The PortMaster 4 enables public carriers, ISPs, and major
network providers to offer a variety of services such as dial-up; V.90, K56flex, or V.34
modems; ISDN, and T1, E1, or T3 leased line connections; and Frame Relay connections.

3-1

Understanding SNMP

MIB Specification Overview

The PortMaster 4 MIB conforms to the first version of the Structure of Management
Information (SMIv1) (RFCs 1212 and 1213). The private MIB for the product describes
the data for configuration, fault, performance, security, and accounting management.

•Chassis MIB

• Configuration management (equipment, physical interfaces, and logical interfaces)

• Fault management (fault detection and fault isolation traps)

• Performance management (interfaces)

• Security management (MIB access control)

• Administration management (read-write community and trap community)

PortMaster products also support MIB II objects, and the enterprise-specific traps
provide information about several alarm conditions that can be enabled or disabled. The
traps are generated as SNMPv1 traps.

The PortMaster 4 SNMP agent consists of a multilingual master agent (supporting
SNMPv1, v2, and v3 protocols) and subagents with AgentX interfaces with the master
agent to handle different subtrees in the MIB. The master agent listens on UDP port 161
for SNMP protocol data units (PDUs). The master agent processes the PDUs and
forwards them to appropriate subagents. The subgents are responsible for processing the
data. The master agent and the subagents can operate asynchronously. The subagents in
the SNMP software can dynamically register and unregister to provide and deny access
to portions of the MIB.

The MIB module LE41 specifies the first revision of the private MIB for the
PortMaster 4. It includes only the physical equipment—chassis, T1, E1, and T3 lines;
modems; serial ports; and Ethernet interfaces.

The livingston.mib file is in the SNMP directory of the ComOS software, and on the
World Wide Web at
http://www.livingston.com/marketing/products/pmtempl.html.

Examining the MIB Structure

The entire Management Information Base (MIB) hierarchy can be represented by a tree
structure. In this representation, the unnamed “root” of the tree divides into the
following main branches:

• Consultative Committee for International Telegraph and Telephone (CCITT)

• International Organization for Standardization (ISO)

•ISO/CCITT

Each branch and subbranch in the tree structure is known as an object, and each object
is represented by an object name and an object identifier (OID). Figure 3-1 traces
the “path” from the ISO branch of the MIB to the Livingston MIB.

3-2 PortMaster 4 Configuration Guide

Understanding SNMP

OIDs provide compact representations of object names. An OID shows the position of an
object in the MIB hierarchy. As shown in Figure 3-1, the OID for the Livingston MIB is

1.3.6.1.4.1.307.

Figure 3-1 Management Information Base (MIB) Hierarchy

unnamed

0

CCITT

directory

1

iso

3

org

6

dod

1

internet

1

2

mgmt

2

joint

ISO/CCITT

3
experi­mental

4

private

1

mib

307

Livingston

11820021

Figure 3-2 shows the tree structure of the private Livingston portion of the MIB.

Configuring SNMP 3-3

Understanding SNMP

Figure 3-2 Part of MIB Structure showing PortMaster Port C0

305 306 307 308

1. (not used) 2. products 3. livingstonMib

Livingston Enterprise

1. livingstonSystem

1. livingstonSerial

2. livingstonInterfaces

2. livingstonT1E1

1. livingstonSerialTable

1. livingstonSerialEntry

1. Index 2. PortName 3. PhysType 4. User ...

11820020

Reading from the top down, the object identifier (OID) in Figure 3-2 (307.3.2.1.1.1.2)
breaks out as follows:

• 307 refers to the Livingston namespace.

• 3 refers to the MIB.

• 2 refers to interfaces.

• 1 refers to serial interfaces.

• 1 refers to the serial interfaces table.

• 1 refers to an entry in the serial interfaces table.

• 2 refers to the PortName variable.

The SNMP manager queries the agents by means of OIDs. Each OID uniquely identifies
a single MIB variable. For example, the OID 307.3.2.1.1.1.2.0 returns the port name for
port C0, and the OID 307.3.2.1.1.1.2.1 returns the port name for port C1 (see
Table 3-1).

Table 3-1 Partial View of the Livingston Serial Interfaces Table

OID Interface (C0 and C1)

...307.3.2.1.1.1.1 Index

...307.3.2.1.1.1.2 PortName

...307.3.2.1.1.1.3 PhysType

...307.3.2.1.1.1.4 User

3-4 PortMaster 4 Configuration Guide

Table 3-1 Partial View of the Livingston Serial Interfaces Table (Continued)

OID Interface (C0 and C1)

...307.3.2.1.1.1.5 SessionId

...307.3.2.1.1.1.6 Type

...307.3.2.1.1.1.7 Direction

Livingston Extensions

This section lists the following tables from the Livingston Extensions section of the MIB:

• “PortMaster Serial Interfaces” on page 3-5

• “PortMaster T1 and E1 Interfaces” on page 3-7

• “PortMaster Internal Modem Table” on page 3-8

• “PortMaster Billing and Accounting Information Table” on page 3-9

• “PortMaster Call Event Status Table” on page 3-10

Livingston Extensions

• “PortMaster Board Call Summary Table” on page 3-11

• “PortMaster Line Call Summary Table” on page 3-11

PortMaster Serial Interfaces

The PortMaster Serial Interfaces table (Table 3-2) in the Livingston Extensions section of
the MIB lists all serial interface entries.

Table 3-2 PortMaster Serial Interfaces MIB Table

Object Definition

livingstonSerialIndex Unique value for each serial interface.

livingstonSerialPortName Text string containing the name of the serial

livingstonSerialPhysType Type of physical serial interface, distinguished

livingstonSerialUser Name of the active user. Blank if not active.

livingstonSerialSessionId Unique session identifier that matches the

interface (for example, C0, W1, and so on).

according to the physical or link protocol(s)
currently being used on the interface.

RADIUS session ID.

livingstonSerialType Active type of service being provided by the

serial interface.

livingstonSerialDirection Direction in which the active session was

initiated.

livingstonSerialPortStatus Status of the serial interface.

livingstonSerialStarted Amount of time this session has been active.

Configuring SNMP 3-5

Livingston Extensions

Table 3-2 PortMaster Serial Interfaces MIB Table (Continued)

Object Definition

livingstonSerialIdle Amount of time this session has been idle.

livingstonSerialInSpeed Estimate of the current inbound bandwidth in

bits per second of the serial interface.

livingstonSerialOutSpeed Estimate of the current outbound bandwidth

in bits per second of the serial interface.

livingstonSerialModemName Text string containing the name of the digital

modem in use by the serial interface.

livingstonSerialIpAddress IP address associated with the serial interface.

When characterizing a network port, this
value is the IP address of the remote user.
When characterizing a device or login port,
this value is the IP address of the host to
which the user is connected.

livingstonSerialifDescr Text string containing information about the

network interface bound to the serial
interface.

livingstonSerialInOctets Total number of octets received on the serial

interface.

livingstonSerialOutOctets Total number of octets transmitted on the

serial interface.

livingstonSerialQOctets Total number of octets queued on the serial

interface.

livingstonSerialModemStatus Status of the modem used by the serial

interface.

livingstonSerialModemCompression Compression type being used in the modem or

by the serial interface.

livingstonSerialModemProtocol Error-correcting protocol being used in the

modem or by the serial interface.

livingstonSerialModemRetrains Number of retrains attempted by the modem

attached to the serial interface.

livingstonSerialModemRenegotiates Number of renegotiations attempted by the

modem attached to the serial interface.

3-6 PortMaster 4 Configuration Guide

PortMaster T1 and E1 Interfaces

The PortMaster T1 and E1 Interface table (Table 3-3) in the Livingston Extensions
section of the MIB provides configuration and statistics for the T1 and E1 interfaces that
connect directly to the telephone company.

Table 3-3 PortMaster T1 and E1 Interfaces MIB Table

Object Definition

livingstonT1E1Index Unique value for each T1E1 interface.

livingstonT1E1PhysType Type of interface (T1 or E1).

livingstonT1E1Function Configured function of the interface.

livingstonT1E1Status Current operational state of the interface.

Operational states include the following:

•Up (1)

•Down (2)

• Loopback (3)

Livingston Extensions

livingstonT1E1Framing Configured line framing. Line framing types include

the following:

• Extended superframe (ESF) (1)

•D4 (2)

• Cyclic redundancy check (CRC4) (3)

• Frame Alignment Signal (FAS) (4)

livingstonT1E1Encoding Configured line signal encoding.

livingstonT1E1PCM Configured voice modulation (pulse code

modulation).

livingstonT1E1ChangeTime Amount of time this interface has been up or down.

livingstonT1E1RecvLevel Estimate of the current receive signal level, in

decibels, of the interface.

livingstonT1E1BlueAlarms Total number of blue alarms on the interface.

livingstonT1E1YellowAlarms Total number of yellow alarms on the interface.

livingstonT1E1CarrierLoss Total number of times the interface has lost the

carrier signal.

livingstonT1E1SyncLoss Total number of times the interface has lost frame

synchronizations.

livingstonT1E1BipolarErrors Total number of line code violations detected on the

interface.

Configuring SNMP 3-7

Livingston Extensions

Table 3-3 PortMaster T1 and E1 Interfaces MIB Table (Continued)

PortMaster Internal Modem Table

The PortMaster Internal Modem table (Table 3-4) in the Livingston Extensions section of
the MIB lists the objects in the internal modem table.

Table 3-4 PortMaster Internal Modem MIB Table

Object Definition

livingstonT1E1CRCErrors Total number of frame-level CRC errors detected on

the interface.

livingstonT1E1SyncErrors Total number of frame synchronization errors

detected on the interface.

Object Type Definition

livingstonModemIndex Unique value for each modem interface.

livingstonModemPortName Textual string containing the name of the serial

interface (for example, S0, S1, and so on).

livingstonModemStatus Current state of the modem.

livingstonModemProtocol Error-correcting protocol being used in the

modem.

livingstonModemCompression Compression being used in the modem

interface.

livingstonModemInSpeed Estimate of the modem interface’s current

inbound bandwidth in bits per second.

livingstonModemOutSpeed Estimate of the modem interface’s current

outbound bandwidth in bits per second.

livingstonModemInByteCount Total number of bytes received by the modem.

livingstonModemOutByteCount Total number of bytes transmitted by the

modem.

livingstonModemRetrains Number of retrains attempted by the modem.

livingstonModemRenegotiates Number of renegotiations attempted by the

modem.

livingstonModemCalls Number of times a call was received by the

modem.

livingstonModemDetects Number of analog calls received by the modem.

livingstonModemConnects Number of successful calls received by the

modem.

3-8 PortMaster 4 Configuration Guide

PortMaster Billing and Accounting Information Table

The PortMaster Billing and Accounting Information table (Table 3-5) in the Livingston
Extensions section of the MIB lists call events that can be used for billing.

Table 3-5 PortMaster Billing and Accounting Information MIB Table

Object Definition

livingstonAMCEIndex Index into the call event table. The table stores

call events that can be used for billing.

livingstonAMCESessId Session ID for the current session. This ID must

be unique across all the sessions and across
reboots.

livingstonAMCETimeStamp Time stamp for this event in seconds since the

last reboot.

livingstonAMCEType Type of event associated with this entry in the

call event table.

livingstonAMCESvcType The type of service provided to the user. This

field is meaningful if the event type is
servicechanged(4), or namechanged(5) events.
In all other cases, this object must return
none(1).

Livingston Extensions

livingstonAMCEUName Username of the dial-in user. This object returns

the valid username when the event type is
servicechanged(4) or namechanged(5). In all
other cases, it returns a NULL.

livingstonAMCEModemBoard Board ID for the modem that handled this call.

This value can be used to diagnose
modem-related problems (dropping the call,
retraining too frequently, and so on).

livingstonAMCEModemID ID of the internal modem that handled this call.

This object can be used to diagnose
modem-related problems.

livingstonAMCEModemPort Serial interface (S0, S1) on which the call was

received.

livingstonAMCEModemName Name of the modem interface (for example,

M0...M95).

livingstonAMCEDataRate Speed of this connection. Speed is specified as

baud rate for modem calls and a receive data
rate for ISDN calls. This object returns a 0 for
call answered and call cleared events.

livingstonAMCECallingPartyID Calling party ID. This object is valid only for call

answered, call originated, and call cleared
events. For all invalid event types, this object is
set to NULL.

Configuring SNMP 3-9

Livingston Extensions

Table 3-5 PortMaster Billing and Accounting Information MIB Table (Continued)

PortMaster Call Event Status Table

The PortMaster Call Event Status table (Table 3-6) in the Livingston Extensions section
of the MIB lists call events that can be queried for call status on a particular modem
port, and the action that can be taken to terminate the call.

Object Definition

livingstonAMCEInOctets Total octets received during this call. This object

is cleared at the end of each call.

livingstonAMCEOutOctets Total octets sent out during this call. This object

is cleared at the end of each call.

livingstonAMCECallCharge Call charge for this call. This object is valid only

when the event is call cleared. For all other
events this object is set to zero (0).

livingstonAMCEDisconnReason Reason for the disconnection.

Table 3-6 PortMaster Call Event Status MIB Table

Object Definition

livingstonAMPortVTSSsnId Session ID used by the VTS table to index

and query the status of the call on a given
modem port. This table can also be used to
take appropriate action to terminate the
session.

livingstonAMPortVTSModemBoard Specifies the modem board number for the

given session ID handling the call.

livingstonAMPortVTSModemId Specifies the modem ID (0, 1, ...95) for the

given session ID handling the call.

livingstonAMPortVTSModemName Specifies the modem name (M0...M95) for

the given session ID handling the call.

livingstonAMPortVTSSerialPort Specifies the serial port number (S0...S95)for

the given session ID handling the call.

livingstonAMPortVTSSvcType Specifies the service type for the given

session.

livingstonAMPortVTSUName Username of the dial-in user for the given

session. If the session is terminated, it returns
a NULL.

livingstonAMPortVTSCallStatus Port status. If the port is currently handling a

call, it is set to active(2); if the call on this
port is terminated, it is set to terminated(3).
If the session ID does not match the session
ID for the current call, this object is set to
unknown(1).

3-10 PortMaster 4 Configuration Guide

Table 3-6 PortMaster Call Event Status MIB Table (Continued)

Object Definition

livingstonAMPortVTSTerminateCall When set to any value, this object terminates

the call on the corresponding modem port.

PortMaster Board Call Summary Table

The PortMaster Board Call Summary table (Table 3-7) from the Livingston Extensions
section of the MIB contains a summary of calls on a per board basis. The rows in the
table correspond to the slots in the PortMaster 4, and the columns specify the type of
calls as V.90, V.34, ISDN, and so on. This object is not accessible.

Table 3-7 PortMaster Board Call Summary MIB Table

Object Definition

livingstonPMBrdCallSumBrdId Board ID used as an index into the call

summary table. The valid board IDs are the
numbers of the physical slots that hold T1 or
E1 boards—0 through 9 except for 4, which
is reserved for the manager module.

Livingston Extensions

livingstonPMBrdCallSumCapacity Capacity of this T1 or E1 board.

livingstonPMBrdCallSumIsdnCalls Current total of all ISDN calls handled by this

T1 or E1 board.

livingstonPMBrdCallSumV90Calls Current total of all V.90, K56flex and 56Kbps

calls handled by this T or E1 board.

livingstonPMBrdCallSumV34Calls Current total of all V.34, 33.6Kbps, and

28.8Kbps calls handled by this T1 or E1
board.

livingstonPMBrdCallSumOther Current total of all other types of calls not

handled by the other objects in this table.

PortMaster Line Call Summary Table

The PortMaster Line Call Summary table (Table 3-8) from the Livingston Extensions
section of the MIB contains a summary of calls on a per line basis. The rows in the table
correspond to the lines, and the columns specify the type of calls as V.90, V.34, ISDN,
and so on. This object is not accessible.

Table 3-8 PortMaster Line Call Summary MIB Table

Object Definition

livingstonPMT1E1CallSumIfId Index into the call summary table. The valid

line IDs are the T1 or E1 lines, which can
range from 1 through 36 for T1 or 1 through
27 for E1.

Configuring SNMP 3-11

Configuring SNMP

Table 3-8 PortMaster Line Call Summary MIB Table (Continued)

Object Definition

livingstonPMT1E1CallSumCapacity Sum of all types of calls handled by this T1 or

livingstonPMT1E1CallSumV90Calls Sum of all V.90, K56flex and 56Kbps calls

livingstonPMT1E1CallSumV34Calls Sum of all V.34, 33.6Kbps, and 28.8Kbps calls

livingstonPMT1E1CallSumOther Sum of all other types of calls not handled by

Configuring SNMP

The rest of this chapter describes how to configure SNMP using the command line
interface, and includes the following topics:

• “Setting SNMP Monitoring” on page 3-12

E1 line.

handled by this T1 or E1 line.

handled by this T1 or E1 line.

the other objects in this table.

• “Setting SNMP Read and Write Community Strings” on page 3-12

• “Adding SNMP Read and Write Hosts” on page 3-13

• “Viewing SNMP Settings” on page 3-13

• “Monitoring SNMP Alarms” on page 3-14

Setting SNMP Monitoring

Simple Network Management protocol (SNMP) monitoring is used to set and collect
information on SNMP-capable devices. This feature is most often used to monitor
network statistics such as usage and error rate.

If SNMP monitoring is on, the PortMaster accepts SNMP queries. If SNMP monitoring is
off, all SNMP queries are ignored.

To turn SNMP monitoring on or off, use the following commands:

Command> set snmp on|off
Command> save all
Command> reboot

Setting SNMP Read and Write Community Strings

Community strings allow you to control access to the MIB information on selected
SNMP devices. The read and write community strings act like passwords to permit access
to the SNMP agent’s information. Every device allowed to access or read the MIB
information must know the read community string. The default read community string
is public. Before information can be set on the SNMP agent, the write community

3-12 PortMaster 4 Configuration Guide

string must be known by the device. The default write community string is private.
Community strings must be set on SNMP agents so that configuration information is not
changed by unauthorized users.

To use this feature, you must set both a read community string and a write community
string for your network.

To set SNMP read and write community strings, use the following command:

Command> set snmp readcommunity|writecommunity String

Note – Use of the default write community string—private—is strongly discouraged.

✍

Because it is the default, it is known to all users and therefore provides no security. Use
another value for the write community string.

Adding SNMP Read and Write Hosts

PortMaster products allow you to control SNMP security by specifying the IP addresses
of the hosts that are allowed to access SNMP information. The specification of read and
write hosts allows another level of security beyond the community strings. If SNMP
hosts are specified, each host attempting to access SNMP information must not only
possess the correct community string, it must also be on the read or write host list. This
additional level of security allows only authorized SNMP managers to access or change
sensitive MIB information.

Configuring SNMP

You can also specify a list of hosts allowed to read or write SNMP information. You can
permit all hosts or you can deny all hosts.

Note – Permitting all hosts to read and write SNMP information can compromise

✍

security and is not recommended.

To add SNMP read and write hosts, use the following command:

Command> add snmphost reader|writer any|none|Ipaddress

To delete read and write hosts, use the following command:

Command> delete snmphost reader|writer Ipaddress

Viewing SNMP Settings

Settings for SNMP monitoring, read and write community strings, and read and write
hosts are stored in the SNMP table.

To display the SNMP table, enter the following command:

Command> show table snmp

Configuring SNMP 3-13

Configuring SNMP

Monitoring SNMP Alarms

When an interface or modem fails, the SNMP agent traps the error message generated
by the failure and sends it to the SNMP manager.

To view the status of failed modems or interfaces from the command line interface,
enter the following command:

Command> show alarms

The output of this command lists alarm messages and associated alarm identification
numbers. For details about a specific alarm, enter the following command:

Command> show alarm [alarm-id]

To clear alarms from the SNMP alarm table, enter the following command:

Command> clear alarm alarm-id|all

Refer to the PortMaster 4 Command Line Reference for more information.

3-14 PortMaster 4 Configuration Guide

Configuring an Ethernet Interface 4

This chapter describes how to configure Ethernet interfaces on the PortMaster 4 and
includes the following topics:

• “Overview of PortMaster 4 Ethernet Interfaces” on page 4-1

• “Setting General Ethernet Parameters” on page 4-3

• “Setting Ethernet IP Parameters” on page 4-4

• “Setting Ethernet IPX Parameters” on page 4-5

• “Configuring Ethernet Subinterfaces” on page 4-7

• “Configuring Standalone Ethernet Boards” on page 4-8

• “Setting OSPF on an Ethernet Interface” on page 4-10

Before configuring an Ethernet interface, you must make the appropriate Ethernet
connections for your needs. Refer to the PortMaster 4 Installation Guide for information
about installing the system manager module and standalone Ethernet boards, and
connecting Ethernet interfaces.

See the PortMaster 4 Command Line Reference for more detailed command descriptions and
instructions.

You can also configure the PortMaster 4 using the PMVision application for Microsoft
Windows, UNIX, and other platforms supporting the Java Virtual Machine (JVM).
PMVision replaces the PMconsole interface to ComOS.

Overview of PortMaster 4 Ethernet Interfaces

The PortMaster 4 supports two Ethernet interfaces on the manager module: Ether0 and
Ether1. Each interface has its own media access control (MAC) address and is fully

routeable. The 10/100BaseT Ether1 interface has alternative RJ-45 and
media-independent interface (MII) connections. Lucent recommends that you configure
Ether1 if you configure only one Ethernet interface. If you configure both, you must
connect them to separate Ethernet segments.

Understanding Ether0

Ether0 operates at 10Mbps and is physically on the manager board. Use Ether0 for
netboots and SNMP. Ether0 supports subinterfaces (see “Configuring Ethernet
Subinterfaces” on page 4-7).

Whenever you make changes to the Ether0 interface, you must reboot the PortMaster 4
for the changes to take effect.

4-1

Overview of PortMaster 4 Ethernet Interfaces

Understanding Ether1

The Ethernet board (Ether1) in the manager module is accessed in logical slot 10 and
gets its power directly from the manager board. Ether1 can operate at 10Mbps or
100Mbps full duplex. Ether1 is physically on the Ethernet board and communicates
with the manager board over the passive ATM backplane.

Ether1 is supported by two CPUs. One CPU processes inbound data, the other processes
outbound data. Ether1 does not shut down in a low power situation or due to
overheating. Ether1 maintains its own forwarding table, which it learns from the
manager board. You cannot configure Ethernet subinterfaces on Ether1.

Whenever you make changes to the Ether1 interface, you must reset it for the changes
to take effect. Because Ether1 resides in logical slot 10, you reset the Ether1 interface
with the following command:

Command> reset slot10

Resetting slot 10 reboots the Ethernet board connected to the manager board in slot 4.

During PPP negotiations for the IP Control Protocol (IPCP), the PortMaster 4 uses the
following order of precedence when choosing an IP address to identify itself:

1. The Local IP address configured in the user profile, if set

2. The global reported IP address, if set

3. The first global local IP address, if set

4. The second global local IP address, if set

5. The third global local IP address, if set

6. The fourth global local IP address, if set

7. The IP address of Ether1

8. The IP address of Ether0

Note – RADIUS packets leaving the PortMaster 4 have the source IP address of Ether1,

✍

even if the packet exits through Ether0.

Understanding the Interfaces on the Standalone Ethernet Boards

The 10Mbps or 100Mbps full-duplex Ethernet interfaces on standalone Ethernet boards
are identified by a numbering scheme that refers to the slot in which the board is
installed. The single-interface board can be installed in any slot except slot 4. A
single-interface board installed in slot 3, for example, is designated Ether30. If the
board is installed in slot 5, it is designated Ether50.

The dual-interface Ethernet board can be installed in slot 3 only, and the two interfaces
on the board are always Ether30 and Ether31. See “Configuring Standalone Ethernet
Boards” on page 4-8 for more information.

4-2 PortMaster 4 Configuration Guide

Setting General Ethernet Parameters

The commands described in this section allow you to configure an Ethernet interface. In
addition to specifying the protocol type (IP, IPX, or both) and address, you must specify
any routing and filtering you want on the Ethernet interface.

This section describes the general Ethernet settings that apply to your network
regardless of the protocol you use.

Setting the View

Because the Ethernet interfaces on a PortMaster 4 are numbered uniquely, you can
configure them from any view.

Configuring RIP Routing

As described in the PortMaster Routing Guide, PortMaster products automatically send and
accept route information as RIP messages.

Setting General Ethernet Parameters

Note – ComOS 4.1 and later releases support both RIP-1 and RIP-2 on the

✍

PortMaster 4. Earlier releases of ComOS support only RIP-1.

To configure RIP routing, use the following command:

Command> set Ether0 rip on|off|broadcast|listen|v2
{broadcast|multicast|on|v1-compatibility}

Refer to the PortMaster 4 Command Line Reference for a description of the keywords in
this command. Refer to the PortMaster Routing Guide for a discussion of routing with RIP,
and for OSPF and BGP routing configuration instructions.

Applying Filters

Filters enable you to control network traffic. After you have created filters in the filter
table, you can apply them to the Ethernet interface as either input or output filters. For
more information about filters, see Chapter 8, “Configuring Filters.”

Filters applied to the Ethernet interface take effect immediately. If you change the filter,
the change will not take effect until you set the filter on the interface again or you
reboot the PortMaster.

Input Filters

When an input filter is used, all traffic coming into the PortMaster on the Ethernet
interface is compared to the input filter rules. Only packets permitted by the filter rules
are accepted by the PortMaster.

To apply an input filter to the Ethernet interface, use the following command:

Command> set Ether0 ifilter Filtername

To remove the input filter, omit the filter name when entering the command.

Configuring an Ethernet Interface 4-3

Setting Ethernet IP Parameters

Output Filters

When an output filter is used, all traffic going out of the PortMaster on the Ethernet
interface is compared to the output filter rules. Only packets permitted by the filter rules
are sent by the PortMaster.

Note – ICMP and UDP packets generated by the PortMaster are never blocked by the

✍

output filter.

To apply an output filter to the Ethernet interface, use the following command:

Command> set Ether0 ofilter Filtername

To remove the output filter, omit the filter name when entering the command.

Setting Ethernet IP Parameters

This section describes the IP commands, keywords, and values that must be entered for
IP protocol support.

Setting the IP Address

During the PortMaster installation process, you set the IP address for the Ether0 and
Ether1 interfaces. If you have one or more standalone Ethernet boards installed, you
must configure an IP address and netmask and set broadcast on the Ethernet interfaces
on those boards as well. See “Configuring Standalone Ethernet Boards” on page 4-8.

To set or change the IP address of an Ethernet interface, use the following command:

Command> set Ether0 address Ipaddress

Note – If you change the IP address of an Ethernet interface, you must reboot the

✍

PortMaster for the change to take effect.

Setting the Subnet Mask

The default subnet mask is 255.255.255.0. If you have divided your network into
subnets, enter the subnet mask that identifies how your network addresses are divided
between the network portion and the host portion.

To set the subnet mask, use the following command:

Command> set Ether0 netmask Ipmask

See Appendix A, “Networking Concepts,” for more information about using subnet
masks.

Setting the Broadcast Address

You can define the IP address used as the local broadcast address. The RIP routing
protocol uses this address to send information to other hosts on the local Ethernet
network. The actual broadcast address is constructed from the IP address of the Ethernet

4-4 PortMaster 4 Configuration Guide

interface and the netmask. The two valid values are high, where the host part of the
address is all 1s (ones), such as 192.168.1.255, and low, where the host part of the
address is all 0s (zeros), such as 192.168.1.0. The PortMaster default is low. The
standard for hosts is to broadcast high, but some hosts still use the low broadcast
address, including hosts running SunOS 4.x (Solaris 1.x) and earlier.

The broadcast address you set for an Ethernet interface on the PortMaster must match
the broadcast address set for other hosts on your local Ethernet segment.

To set the broadcast address, use the following command:

Command> set Ether0 broadcast high|low

Enabling or Disabling IP Traffic

IP traffic is sent and received through a PortMaster Ethernet interface. IP is enabled by
default on PortMaster Ethernet ports. If the setting has been changed, you must enable
IP on the Ethernet interface of all PortMaster products attached directly to a local
Ethernet. Disable IP traffic on Ethernet ports only if the PortMaster is not attached to a
local Ethernet network.

Setting Ethernet IPX Parameters

To enable or disable IP traffic, use the following command:

Command> set ether0 ip enable|disable

Note – This command is currently available only on the Ether0 port.

✍

Setting Ethernet IPX Parameters

Note – The PortMaster 4 supports the IPX protocol if it is running ComOS 4.1 or later.

✍

Setting the IPX Network Address

IPX is not supported in ComOS 4.0.

You must set the following values to send IPX traffic on an Ethernet interface. IPX
routing is enabled when routing is enabled.

• Network address

•Protocol

•Frame type

You must identify the IPX network of your local Ethernet segment. An IPX network
address is a number entered in hexadecimal format, described in Appendix A,
“Networking Concepts.”

To set the IPX network address, use the following command:

Command> set Ether0 ipxnet Ipxnetwork

Configuring an Ethernet Interface 4-5

Setting Ethernet IPX Parameters

Note – If you change the IPX network address of an Ethernet interface, you must
reboot the PortMaster for the change to take effect.

✍

Enabling or Disabling IPX Traffic

Ethernet IPX traffic is sent and received through the PortMaster Ethernet interface. You
can enable IPX on the Ethernet interface of any PortMaster products attached directly to
a local Ethernet. Disable IPX traffic on Ether0 only if the PortMaster is not attached to a
local Ethernet network.

To enable or disable IPX traffic, use the following command:

Command> set ether0 ipx enable|disable

Note – This command is available only on the Ether0 port.

✍

Setting the IPX Frame Type

The IPX frame type must be identified and set to the value used on the local IPX
network. The frame type identifies the encapsulation method used on your IPX ports.
The IPX protocol can be implemented with one of the four commonly used IPX
encapsulation and frame types shown in Table 4-1.

Table 4-1 Novell IPX Encapsulation and Frame Types

IPX Frame Type Encapsulation

Ethernet_802.2 Consists of a standard 802.3 media access control (MAC)

header followed by an 802.2 Logical Link Control (LLC)
header. This is the default encapsulation used by Novell
NetWare 4.0.

Ethernet_802.2_II Not commonly used.

Ethernet_802.3 Consists of a standard 802.3 MAC header followed

directly by the IPX header with a checksum of FFFF. This
is the default encapsulation used by Novell NetWare

3.11.

Ethernet_II Uses Novell’s Ethernet_II and is sometimes used for

networks that handle both TCP/IP and IPX traffic.

The encapsulation method and frame type were selected when your IPX network
servers were installed. The IPX frame type you set on the PortMaster must match the
frame type set for your network. Contact your IPX network administrator for
information about the frame type used on your network.

To set the IPX frame type, use the following command—entered on one line:

Command> set Ether0 ipxframe
ethernet_802.2|ethernet_802.2_ii|ethernet_802.3|ethernet_ii

4-6 PortMaster 4 Configuration Guide

Configuring Ethernet Subinterfaces

With the subinterface feature of ComOS, you can create up to 512 subinterfaces (the
total number of interfaces available on a PortMaster) on the Ether0 interface on the
PortMaster 4. Because you have the bandwidth of only a single Ethernet interface,
however, efficiency begins to degrade significantly when you add more than eight
subinterfaces.

Note – The PortMaster 4 supports Ethernet subinterfaces only on Ether0.

Configuring Ethernet Subinterfaces

✍

Subinterfacing is essentially the segmenting of a single wire, or port, into multiple IP
networks. Instead of subnetting and routing, you can create a subinterface and then set
it up as you would a standard Ethernet interface. To avoid routing loops, however, you
must be sure not to create two subinterfaces in the same TCP/IP network on the same
port. Each Ethernet subinterface must have a unique network.

A drawback to subinterfacing is that it supports static routing only; IPX, RIP, OSPF,
packet filtering, and route propagation are not supported on subinterfaces.

You must configure the primary Ethernet interface before adding subinterfaces. (See
“Setting General Ethernet Parameters” on page 4-3 for details.) After you configure the
primary Ethernet interface, follow this procedure to add a subinterface.

1. Create a subinterface.

Command> add subinterface Name

This command adds an entry to the subinterface table, which you can then view
with the show table subinterface command. Remove a subinterface from the
subinterface table with the delete subinterface command.

2. Associate the subinterface with a physical port.

Command> set subinterface Name port Portlabel

3. Assign an IP address or an IP address and netmask to the subinterface.

Command> set subinterface Name Ipaddress [/NM]|[Ipaddress/NM]

You can specify the netmask in the /NM or dotted decimal format. You can also
configure the IP address and netmask separately (see the PortMaster 4 Command Line
Reference for details).

4. Set the broadcast for the interface.

Command> set subinterface Name broadcast high|low

5. Save the setting to nonvolatile RAM, and reset the interface.

Command> save all
Command> reset slot10

Because Ethernet subinterfaces are rebuilt every time a new subinterface is added, you
can view but not modify an Ethernet subinterface using the ifconfig command (see the

PortMaster 4 Command Line Reference).

Configuring an Ethernet Interface 4-7

Configuring Standalone Ethernet Boards

Configuring Standalone Ethernet Boards

This section assumes you have installed a standalone single-interface Ethernet board or
a dual-interface Ethernet module as described in the PortMaster 4 Installation Guide.

Interface Numbering

The 10/100BaseT interfaces on a standalone Ethenet board or module have two-digit
numbers that correspond to the slot in which they are installed and the Ethernet port
(Ether0 or Ether1) for that board or module.

• On a dual-interface Ethernet module, the interfaces are always numbered Ether30
and Ether31 because the module must be installed in slot 3.

Although physically installed in slot 3, the Ether31 interface is monitored and reset
through virtual slot 11.

• On a single-interface Ethernet board, the interface can have any of the following
numbers because this board can be installed in any slot except slot 4: ether00,

Ether10, Ether20, Ether30, Ether50, Ether60, Ether70, Ether80, or Ether90.

Note – The Ethernet interfaces on the manager module are always labeled Ether0 and

✍

Ether1.

Before You Begin

Before a standalone Ethernet board can function, you must configure an Ethernet
interface on the manager module. Configure Ether1 (or Ether0—see “Overview of
PortMaster 4 Ethernet Interfaces” on page 4-1) with an IP address and reset the slot of
the Ethernet board to make configuration changes take effect. Because Ether1 is in
logical slot 10, use the following command to reset the Ether1:

Command> reset slot10

Setting the View

To configure a standalone Ethernet board, you must first set the view to the slot the
board is installed in. If you are not sure what slot the boards resides in, use the show
boards command to locate it and to verify that it is properly installed. The ID number
(the number in the far left column) is the same as the slot number.

When you have determined the correct slot, set the view to that slot with the following
command:

Command> set view Slotnumber

The dual-interface Ethernet module is always installed in slot 3.

You can now configure the standalone Ethernet board as you would configure a regular
Ethernet interface, being careful to replace Ether0 in each command with the
appropriate Ethernet interface number (see “Interface Numbering” on page 4-8). See
“Setting General Ethernet Parameters” on page 4-3 for configuration guidelines.

4-8 PortMaster 4 Configuration Guide

Note – Ether0 or Ether1 must be configured for the PortMaster 4 to function normally.

✍

IPCP Negotiation

During PPP negotiations for the IP Control Protocol (IPCP), the PortMaster 4 uses the
following order of precedence when choosing an IP address to identify itself:

1. The local IP address configured in the user profile, if set

2. The global reported IP address, if set

3. The first global local IP address, if set

4. The second global local IP address, if set

5. The third global local IP address, if set

6. The fourth global local IP address, if set

7. The IP address of Ether1

Configuring Standalone Ethernet Boards

8. The IP address of Ether0

Main IP Address

When the PortMaster creates an IP packet, it must identify itself by placing a source
address in the IP header. To do so, the PortMaster chooses either the main IP address or
the nearest IP address, depending on the service used. The main IP address is chosen in
the following order, but the nearest IP address is the IP address of the interface on which
the packet exits the PortMaster 4:

1. The first global local IP address, if set

2. The second global local IP address, if set

3. The third global local IP address, if set

4. The fourth global local IP address, if set

5. The IP address of Ether1

6. The IP address of Ether0

The following services use the main IP address:

•syslog

• traceroute

•telnet

• DNS

• RADIUS authentication and accounting

•ChoiceNet

Configuring an Ethernet Interface 4-9

Setting OSPF on an Ethernet Interface

The following services use the nearest IP address:

•ping

•OSPF

•RIP

•rlogin

The global local IP address settings can be displayed with the show global and show
routes commands.

You specify the IP address that BGP uses with the set bgp peer command. See the

PortMaster 4 Command Line Reference for details. The source address you set with this
command is the interface address BGP uses when forming its packets.

Setting OSPF on an Ethernet Interface

You can enable or disable Open Shortest Path First (OSPF) routing protocol on an
Ethernet interface.

✍

To set OSPF on the interface, use the following command—entered all on one line:

Command> set Ether0 ospf on|off [cost Number] [hello-interval Seconds]
[dead-time Seconds]

The on keyword enables OSPF on the specified Ethernet interface; off disables OSPF on
that interface.

You can specify the cost of sending a packet on the interface with a link state metric by
using the cost Number keyword and value. The Number metric is a 16-bit number
between 1 and 65535; the default is 1. Refer to the PortMaster Routing Guide for more
information about OSPF routing.

Routers in OSPF networks continually exchange hello packets with their neighbor
routers. You can set the interval that elapses between the transmission of hello packets
on the interface by using the hello-interval Seconds keyword and value. Seconds can
range from 10 to 120 seconds; the default is 10 seconds.

If the PortMaster stops receiving hello packets from a neighbor, it treats that router as
inactive, or down. You can specify how long the PortMaster waits for hello packets from
neighbors by using the dead-time Seconds keyword and value. Seconds can range from
40 to 1200 seconds; the default is 40 seconds.

Note – You must set the same cost value, the same hello-interval value, and the same
dead-time value on all routers attached to a common network.

To enable acceptance of RIP packets on the OSPF network, use the following command:

Command> set Ether0 ospf accept-rip on|off

See the PortMaster Routing Guide for more information about OSPF.

4-10 PortMaster 4 Configuration Guide

Configuring Dial-In Users 5

This chapter describes how to configure the PortMaster 4 user table to support dial-in
connections. The user table settings define how each dial-in user is authenticated and
how dial-in connections are made.

To configure network dial-in connections from other routers, you must define each
remote router as a user on the PortMaster.

If you are using RADIUS, you must configure user attributes in individual user files in
the RADIUS user database rather than in the PortMaster user table. Refer to the RADIUS
for Windows NT Administrator’s Guide and RADIUS for UNIX Administrator’s Guide for more
information.

This chapter discusses the following topics:

• “Configuring the User Table” on page 5-1

• “User Types” on page 5-2

• “Configuring Settings for Network and Login Users” on page 5-3

• “Configuring Network Users” on page 5-4

• “Configuring Login Users” on page 5-8

Note – Only 100 to 200 users can be configured in the user table and stored in the

✍

nonvolatile memory of the PortMaster. Therefore, use RADIUS for user authentication
when you must configure multiple PortMaster products to handle more than a few
dozen users.

See the PortMaster 4 Command Line Reference, the RADIUS for Windows NT Administrator’s
Guide, and RADIUS for UNIX Administrator’s Guide for more detailed command
descriptions and instructions.

You can also configure the PortMaster 4 using the PMVision application for Microsoft
Windows, UNIX, and other platforms supporting the Java Virtual Machine (JVM).
PMVision replaces the PMconsole interface to ComOS.

Configuring the User Table

This section describes how to display user information and how to add users to or delete
them from the user table.

Displaying User Information

You can display the current users in the user table or the complete configuration
information for a specified user.

5-1

User Types

To display the current users in the user table, for example, enter the following
command:

Command> show table user

Name Type Address/Host Netmask/Service RIP

--------------------------------------------------------------------------­jozef Netuser negotiated 0000000000
adele Login User default Telnet
elena Netuser assigned 255.255.255.255 No
taffy Login User defaults PortMaster
john Netuser 192.168.7.8 0000000000 No

To display configuration information for a particular user, for example, use the following
command:

Command> show user elena

Username: elena Type: Dial-in Network User
Address: Assigned Netmask: 255.255.255.255
Protocol: PPP Options: Quiet, compressed
MTU: 1500 Async Map: 00000000

Adding Users to the User Table

You must add users to the user table before configuring any settings for them. The
username is a string of from 1 to 8 printable, nonspace ASCII characters. The optional
user password is a string of from 0 to 16 printable ASCII characters. You cannot add
users with blank usernames.

To add a login user to the user table, use the following command:

Command> add user Username [password Password]

To add a network user to the user table, use the following command:

Command> add netuser Username [password Password]

Note – To add a network user, you must use the netuser keyword. Thereafter, you can

✍

use either the netuser or the user keyword to configure settings for the network user.
You must always use the user keyword when configuring login users.

Deleting Users from the User Table

To delete a user from the user table, use the following command:

Command> delete user Username

User Types

User settings define the nature and behavior of dial-in users. The user table contains
entries for each defined dial-in user along with the characteristics for the user.

5-2 PortMaster 4 Configuration Guide

The user table provides login security for users to establish login sessions or network
dial-in connections. If you want to allow a network dial-in connection from another
router, the router must have an entry in the user table or in RADIUS.

PortMaster products allow you to configure two types of users, network users and login
users.

Network Users

Network users dial in to an asynchronous serial, synchronous serial, or ISDN port on the
PortMaster. A connection is established as soon as the user logs in. A PPP or SLIP (on
asynchronous ports) session is started. This type of connection can be used for dial-in
users or for other routers that need to access and transfer data from the network. Define
this type of user when network packets must be sent through the connection.

Login Users

Login users are allowed to establish PortMaster (in.pmd), rlogin, Telnet, or netdata
(TCP clear) connections through an asynchronous serial or ISDN port. A connection is
established to the specified host as soon as the user logs in. This type of connection is
useful for users who need to access an account on a host running TCP/IP.

Configuring Settings for Network and Login Users

Configuring Settings for Network and Login Users

The following settings can be configured for either network or login users.

Setting a Password

To set a password for either a login or network user, use the following command:

Command> set user Username password Password

The password can contain between 0 and 16 printable ASCII characters.

Setting the Idle Timer

The idle timer defines the number of minutes or seconds the line can be idle—in both
directions—before the PortMaster disconnects the user. You can set the idle time in
seconds or minutes, with any value between 2 and 240. The default setting is 0 minutes.
The idle timer is not reset by RIP, keepalive, or SAP packets.

To set the idle timer, use the following command:

Command> set user Username idle Number [minutes|seconds]

To disable the idle timer, set the time to 0 minutes.

Configuring Dial-In Users 5-3

Configuring Network Users

Setting the Session Limit

You can define the maximum length of a session permitted before the PortMaster
disconnects the user. The session length can be set to between 0 and 240 minutes.

To set the session limit, use the following command:

Command> set user Username session-limit Minutes

To disable the session limit, set the time to 0.

Configuring Network Users

Network users establish PPP or SLIP connections with the network as soon as they have
been authenticated.

Setting the Protocol

You can set the network protocol for the network user to PPP, SLIP, or X.75. Select a
protocol that is compatible with the rest of your network configuration and the user’s
capabilities.

To set the network protocol for a network user, use the following command:

Command> set user Username protocol slip|ppp|x75-sync

If you set a nonzero IP address for the user, IP is automatically routed. If you set a
nonzero IPX network number for the user, IPX is automatically routed.

Do not set a value of all 0s (zeros) or all Fs for the IPX network number.

✍

Setting the User IP Address

You must define the IP address or hostname of the remote host or router. Table 5-1
describes three different ways that the user IP address can be determined.

Table 5-1 User IP Address Options

IP Address
Type Description

assigned This option allows the PortMaster to assign a temporary IP address

that is used for the current session only. The address used comes
from a pool of addresses set up during global configuration.

This method for assigning IP addresses to users is most commonly
used when a large number of users are authorized to dial in.

negotiated This option is used only for PPP sessions. Here, the PortMaster learns

the IP address of the remote host using IPCP negotiation.

5-4 PortMaster 4 Configuration Guide

Table 5-1 User IP Address Options (Continued)

IP Address
Type Description

Ipaddress This option allows you to define a specific IP address for the remote

host or router. This method for assigning an IP address to a user is
most commonly used for routers that establish a connection with
the PortMaster.

To set the user IP address for a normal network user, use the following command:

Command> set user Username address|destination assigned|negotiated|Ipaddress

The address and destination keywords are synonymous.

Setting the Subnet Mask

Do not set a subnet mask for a network user unless the user is routed to another
network from your network. In that case, set the subnet mask to 255.255.255.255.

To set the subnet mask, use the following command:

Configuring Network Users

Command> set user Username netmask Ipmask

Setting the IPX Network Number

Note – The PortMaster 4 supports the IPX protocol if it is running ComOS 4.1 or later.
IPX is not supported in ComOS 4.0.

✍

If you are using the IPX protocol for this user, you must assign a unique IPX number to
the network connection between the remote user device and the PortMaster. Each
user’s connection requires a different IPX network number. If you use fffffffe as the IPX
network number, the PortMaster assigns the user an IPX network number based on an
IP address from the IP address pool.

Note – Do not set a value of all 0s (zeros) or all Fs for the IPX network number.

✍

Configuring RIP Routing

To set the IPX network number, use the following command:

Command> set user Username ipxnet Ipxnetwork

As described in the PortMaster Routing Guide, PortMaster products automatically send and
accept route information as RIP messages.

Note – ComOS 4.1 and later releases support both RIP-1 and RIP-2. Earlier releases of
ComOS support only RIP-1.

✍

Configuring Dial-In Users 5-5

Configuring Network Users

To configure RIP routing for a network user, use the following command:

Command> set user Username rip on|off|broadcast|listen|v2
{broadcast|on|v1-compatibility|multicast}

Refer to the PortMaster 4 Command Line Reference for a description of the keywords in
this command. Refer to the PortMaster Routing Guide for a discussion of routing with RIP,
and for OSPF and BGP routing configuration instructions.

Setting the Asynchronous Character Map

The PPP protocol supports the replacement of nonprinting ASCII data in the PPP stream.
These characters are not sent through the line, but instead are replaced by a special set
of characters that the remote site interprets as the original characters. The PPP
asynchronous map is a bit map of characters that must be replaced. The lowest-order bit
corresponds to the first ASCII character NUL, and so on. In most environments, the
asynchronous map must be set to zero to achieve the maximum data transfer rate.

To set the PPP asynchronous character map, use the following command:

Command> set user Username map Hex

Setting the MTU Size

The maximum transmission unit (MTU) defines the largest frame or packet that can be
sent without fragmentation. A packet that exceeds this value is fragmented, if IP, or
discarded if IPX. PPP connections can have a maximum MTU of 1520 bytes. SLIP
connections can have a maximum MTU of 1006 bytes. PPP can negotiate smaller MTUs
when requested by the calling party.

The MTU size is typically set to the maximum allowed for the protocol being used,
either 1500 bytes (for PPP) or 1006 bytes (for SLIP). However, smaller MTU values can
improve performance for interactive sessions. If you are using IPX, the MTU must be set
to at least 600.

To set the MTU for a network user, use the following command:

Command> set user Username mtu MTU

Setting the Maximum Number of Dial-In Ports

You can define the number of dial-in ports that a user can use on the PortMaster for
Multilink V.120, Multilink PPP (only on ISDN), and multiline load balancing.

If the maximum number of ports is unconfigured, port limits are not imposed and
PortMaster multiline load balancing, Multilink V.120, and Multilink PPP sessions are
allowed. You can also set the dial-in port limit using the RADIUS Port-Limit attribute.

To set the maximum number of dial-in ports, use the following command:

Command> set user Username maxports Number

The Number variable can be set to between 0 and the number of available ports—up to

95.

5-6 PortMaster 4 Configuration Guide

Setting Compression

Compression of TCP/IP headers can increase the performance of interactive TCP sessions
over network hardwired asynchronous lines. Lucent implements Van Jacobson TCP/IP
header compression and Stac LZS data compression. Compression is on by default.

Compression cannot be used with multiline load balancing, but can be used with
Multilink PPP.

Compression must be enabled on both ends of the connection if you are using SLIP.
With SLIP, TCP packets are not passed if only one side of the connection has
compression enabled. For PPP connections, the PortMaster supports both bidirectional
and unidirectional compression. Refer to RFC 1144 for more information about header
compression.

The PortMaster supports Stac LZS data compression only for PPP connections with
bidirectional compression. Stac LZS data compression cannot be used for SLIP
connections.

To set header compression for a network user, use the following command:

Command> set user Username compression on|off

Configuring Network Users

Table 5-2 describes the results of using each keyword.

Table 5-2 Keywords for Configuring Compression

Keyword Description

on Enables compression. The PortMaster tries to negotiate both

off Disables compression.

To find out what type of compression was negotiated for the user, enter the following
command:

Command> show S0

Setting Filters

Input and output packet filters can be applied to each network user. If an input filter is
applied to a user, when the user dials in and establishes a connection, all packets
received from the user are evaluated against the rule set for the applied filter. Only
packets allowed by the filter can pass through the PortMaster. If an output filter is
applied to a user, packets going to the user are evaluated against the rule set for the
applied filter. Only packets allowed by the filter are sent out of the PortMaster to the
user.

Van Jacobson and Stac LZS compression. This is the default.

If either filter is changed while a user is logged on, the change does not take effect until
the user disconnects and logs in again.

Note – You must define a filter in the filter table before you can apply it. For more

✍

Configuring Dial-In Users 5-7

information about filters, see Chapter 8, “Configuring Filters.”

Configuring Login Users

To apply an input filter for a network user, use the following command:

To apply an output filter for a network user, use the following command:

Omitting the Filtername removes any filter previously set for this user.

Note – Filters are applied to the user the next time the user dials in.

✍

Specifying a Callback Location

You can configure the user for callback connections to enhance network security or to
simplify telephone charges. When a network user logs in, the PortMaster disconnects
the user and then calls back to the location specified for that user. The location is stored
in the location table. The PortMaster always calls back using the same port on which the
user called in. Network users have PPP or SLIP sessions started for them, as defined in
the user table.

Command> set user Username ifilter [Filtername]

Command> set user Username ofilter [Filtername]

To specify the callback location for a network user, use the following command:

Command> set user Username dialback Locname|none

To disable callback connections for the user, use the none keyword.

Configuring Login Users

To configure a login user, you must set the login host, apply an optional access filter, set
the login service type, and specify a callback telephone number.

Setting the Login Host

You must define the host to which the user is connected. The login host can be defined
in one of three ways. Table 5-3 shows the login host options.

To set the login host for a login user, use the following command:

Command> set user Username host default|prompt|Ipaddress

Table 5-3 Login Host Options

Host Option Description

default This option allows the user to log in to the default or alternate

host specified for this PortMaster. You can specify the default host
with the set host command. For more information see the
PortMaster 4 Command Line Reference.

prompt This option allows the user to log in to a host by IP address or

name at the time the login session is established.

5-8 PortMaster 4 Configuration Guide

Table 5-3 Login Host Options (Continued)

Host Option Description

Ipaddress This option allows the user to connect only to the host specifically

named. A valid 39-character hostname or IP address must be
entered.

This configuration is used when you want to allow a user to
access a specific host. For example, this configuration can be used
to allow the user carmela to always be connected with the host

sales.

Applying an Optional Access Filter

An access filter is an input filter that restricts hosts users can log in to. Access filters
work as follows:

• The user logs in and specifies a host.

• The host address is compared against the access filter.

Configuring Login Users

• If the address is permitted by the filter, the connection is established.

• If the address is not permitted, the connection is denied.

To apply an access filter to a login user, use the following command:

Command> set user Username ifilter [Filtername]

Note – You must define a filter in the filter table before you can apply it. For more

✍

information about filters, see Chapter 8, “Configuring Filters.”

Setting the Login Service Type

All login users must have an associated login service that determines the nature of their
connection with the host.

The login service specifies how login sessions are established. Four types of login
service are available as described in Table 5-4.

Table 5-4 Types of Login Service

Login Services Function

portmaster PortMaster is the default login service and can be used to access

any host that has the PortMaster in.pmd daemon installed. This
type of login service is preferred because it makes the PortMaster
port operate like a serial port attached to the host. This service is
the most cost-effective in terms of host resources.

Configuring Dial-In Users 5-9

Configuring Login Users

Login Services Function

rlogin The remote login service rlogin uses the rlogin protocol to

telnet Telnet is supported on most TCP/IP hosts. This login service

netdata The netdata login service creates a virtual connection between

establish a login session to the specified host. Generally, rlogin is
used on mixed UNIX networks where the PortMaster login
service is impractical to use.

should be selected when the PortMaster and rlogin protocols are
not available.

The default port number is 23, but you can enter another
number.

the PortMaster port and another serial port on another
PortMaster, or between the PortMaster port and a host. This
login service creates a clear-channel TCP connection. To connect
to another PortMaster port using netdata, you must configure
that port as /dev/network with the netdata device service and
the same TCP port number.

The default netdata port is 6000; however, you can specify any
TCP port number between 1 and 65535. This range allows
TCP/IP to be used with a hardwired connection using an RS232
cable. However, some serial communications protocols, such as
FAX, might have potential latency problems.

To set the login service type for a login user, use the following command:

Command> set user Username service portmaster|rlogin|telnet|netdata [Tport]

Specifying a Callback Telephone Number

You can configure the login user for callback connections to enhance network security
or to simplify telephone charges. When a user logs in, the PortMaster disconnects the
user and then dials out to the telephone number specified for that user. The user is
reconnected to the host specified in the user table, via the same port on which the user
dialed in.

To enter the callback telephone number for a login user, use the following command:

Command> set user Username dialback String|none

To disable callback connections for the user, use the none keyword.

5-10 PortMaster 4 Configuration Guide

Configuring a Synchronous WAN Port 6

This chapter describes the steps required to configure a PortMaster 4 synchronous wide
area network (WAN) port.

This chapter discusses the following topics:

• “Synchronous Port Uses” on page 6-1

• “Configuring WAN Port Settings” on page 6-2

See the PortMaster 4 Command Line Reference for more detailed command descriptions and
instructions.

You can also configure the PortMaster 4 using the PMVision application for Microsoft
Windows, UNIX, and other platforms supporting the Java Virtual Machine (JVM).
PMVision replaces the PMconsole interface to ComOS.

Synchronous Port Uses

Synchronous WAN ports are used for high-speed dedicated connections between two
remote local area networks (LANs). Once a connection is established between two
remote sites, a wide area network (WAN) is created. Synchronous WAN connections can
be achieved through the use of dedicated leased lines, Frame Relay connections,
switched 56Kbps lines, or ISDN lines. Connection rates can range from 9600bps to

2.048Mbps (E1). The PortMaster 4 supports any of these connection types using one or

more synchronous ports.

For most applications, a dedicated line connects two PortMaster routers, each located on
a separate remote network

The following examples describe various uses for synchronous ports.

Routing over Leased Lines. A synchronous port can be used to connect to
synchronous leased lines from 9600bps to T1 (1.544Mbps) or E1 (2.048Mbps) for
continuous operation. The Quad T1 boards on a PortMaster 4 have a built-in channel
service unit/digital service unit (CSU/DSU). For more information, see Chapter 13
“Using Synchronous Leased Lines.”

Routing over Frame Relay. Frame Relay provides connectivity using a
packet-switched network. Its two advantages over a leased line network are lower cost
and the ability to have multiple permanent virtual circuits (PVCs) come into a single
physical port. It is especially popular for hub-and-spoke network arrangements. For
example, a dozen field offices with 56Kbps or fractional T1 Frame Relay connections can
connect to a central office using a fractional T1 or T1 Frame Relay connection. The
central office requires only one CSU/DSU and synchronous port on the PortMaster,
instead of 12. For more information, see Chapter 12 “Using Frame Relay.”

6-1

Configuring WAN Port Settings

Routing over ISDN. Integrated Services Digital Network (ISDN) provides fast dial-up
connectivity for applications where the expense of a dedicated Frame Relay or leased
line connection is not called for by the amount and nature of the traffic. For more
information, see Chapter 10 “Configuring T1, E1, and ISDN PRI.”

Once you have determined the type of synchronous connection to use between your
remote locations, the synchronous port on each end of the connection must be
configured.

Configuring WAN Port Settings

The WAN port settings described in this section enable you to configure your
synchronous port for your needs. “General Synchronous Settings” on page 6-2 includes
settings that are available for all connection types. The settings in “Settings for
Hardwired Connections” on page 6-5 are available only for network hardwired
connections.

Setting the View

To configure a synchronous serial line as a WAN port, you must first set the view to the
slot containing the board for the line that you want to configure. To set the view, enter
the show boards command to determine the identification number of the line board
you want to configure.

The board identification number is the same as the number of the slot in which the T1
or E1 line board is installed.

Command> show boards

Use the following command to set the view to a slot with an installed T1 or E1 line
board:

Command> set view Slotnumber

Setting the view for a specific board gives you administrative access to that board.

General Synchronous Settings

The following settings can be used on synchronous ports configured for all connection
types.

Displaying Extended Port Information

The PortMaster can display synchronous port information in brief or extended modes.
The default setting is off.

To enable or disable extended information for a port, use the following command:

Command> set W1 extended on|off

Note – This command affects only the display of port information. It does not affect port

✍

6-2 PortMaster 4 Configuration Guide

behavior.

Configuring WAN Port Settings

Setting the Port Type and Connection Type

Use the following command to set the port and connection type:

Command> set W1 network dialin|dialout|twoway|hardwired

The port type for synchronous ports is always network, but you must explicitly set it.
You also must specify the kind of connection to use on the synchronous port. Although
you can configure a network port to allow dial-in and dial-out connections, a network
port is typically used for a dedicated connection between two points known as
hardwired. A hardwired connection does not use modem control.

To configure a port for a dedicated network connection, use the following command:

Command> set W1 network hardwired

Table 6-1 describes the four connection types available on synchronous ports.

Table 6-1 Port and Network Types

Type Description

hardwired Allows you to establish a dedicated network connection

between two sites without modem dialing or authentication.
In this mode, the port immediately begins running the
specified protocol. If the port is set for a hardwired
connection, it cannot be used for any other purpose. A
hardwired connection must be used for a leased line or
Frame Relay connection.

dialin Allows the port to accept dial-in network connections, for

use with switched 56Kbps or ISDN connections. The dial-in
user is required to enter a username and password before
the connection is established. Authorized users are managed
through the user table described in Chapter 5 “Configuring
Dial-In Users,” or through RADIUS.

PPP users wishing to authenticate with PAP or CHAP can
start sending PPP packets. When the packets are received,
the PortMaster automatically detects PPP and requests PAP
or CHAP authentication.

dialout Allows dial-out users to establish connections with remote

locations. Dial-out network destinations are managed
through the location table. This network type can be used
for ISDN and switched 56Kbps connections.

twoway Allows the port to accept dial-in users and use dial-out

locations. This network type can be used for ISDN and
switched 56Kbps connections.

Configuring a Synchronous WAN Port 6-3

Configuring WAN Port Settings

Setting the Port Speed Reference

The true port or line speed is set either by the external clock signal on the device to
which the PortMaster is connected, or by the telephone company. You can record this
value as a reference associated with a synchronous port, but it has no effect on
PortMaster behavior.

To record the port speed, use the following command:

Command> set W1 speed Speed

You can substitute any of the following for Speed:

9600 19200 56000 64000 115200 1536k t1 e1

14400 38400 57600 76800 1344k 2048k t1e

Setting Modem Control

When modem control is on, the PortMaster uses the condition of the carrier detect
(DCD) signal from an attached modem to determine whether the line is in use.

Modem control is off for synchronous connections by default. With modem control set
off, the PortMaster assumes the carrier detect line is always asserted. Table 6-2 describes
the effects of DCD condition on port behavior.

Table 6-2 Effects of Carrier Detect Condition on Port Behavior

Connection Type Carrier Detect Asserted Carrier Detect De-asserted

hardwired Port attempts to establish a

network connection.

dialin PortMaster initiates

authentication and displays a
login prompt.

dialout No effect. Transition from asserted to

twoway Port attempts to establish a

network connection.

Set modem control on only if you want to use the DCD signal from the attached device.
In general, set modem control on for network dial-in or dial-out configurations. Modem
control is usually off for leased line or Frame Relay connections, but you can use it if the
channel service unit/digital service unit (CSU/DSU) is configured accordingly.

Port is unavailable.

Port is unavailable.

de-asserted resets the port.

Port is available.

To set modem control, use the following command:

Command> set W1 cd on|off

6-4 PortMaster 4 Configuration Guide

Configuring WAN Port Settings

Assigning a Port to a Dial Group

You can create modem pools for dial-out connections by associating ports and dial-out
locations with dial groups. Dial groups can be used to reserve ports for dial-out to
specific locations, or to differentiate among different types of modems that are
compatible with the remote location. Dial groups are numbered 0 to 99. The default dial
group is 0.

To assign a port to a dial group, use the following command:

Command> set W1 group Group

Setting Hangup Control

You can control whether the data terminal ready (DTR) signal on the synchronous port
is dropped after a user session terminates. Hangup is set to on by default. In this state,
DTR is dropped for 500 milliseconds, causing a hangup on the line.

To set the hangup control, use the following command:

Command> set W1 hangup on|off

The reset command always drops the DTR signal.

Setting the Port Idle Timer

The idle timer indicates how long the PortMaster waits after activity stops on a
synchronous port before disconnecting a dial-in or dial-out connection.

You can set the idle time in seconds or minutes, to any value from 0 to 240. The default
setting is 0 minutes. If the value is set to 2 seconds or a longer interval, the port is reset
after having no traffic for the designated time. The idle timer is not reset by RIP,
keepalive, or SAP packets. To disable the idle timer, set the value to 0.

To set the idle timer, use the following command:

Command> set W1 idle Number[minutes|seconds

Settings for Hardwired Connections

The following settings can be used only when the synchronous port is configured for
network hardwired connections.

Setting the Transport Protocol

]

The transport protocol for synchronous connections must be set for a network
hardwired synchronous port. Choose PPP for leased line, switched 56Kbps, and ISDN
connections, or Frame Relay for a Frame Relay connection. Additional Frame Relay
settings must be configured for Frame Relay connections, described in Chapter 12
“Using Frame Relay.”

Configuring a Synchronous WAN Port 6-5

Configuring WAN Port Settings

To set the transport protocol, use the following command:

Command> set W1 protocol slip|ppp|frame|x75-sync

Setting the Port IP Address

You can set the local IP address of the network hardwired synchronous port to create a
numbered interface.

You can use any IP address. If you set the local address of the WAN port to 0.0.0.0 for
PPP, the PortMaster uses the Ether0 address for the end of the serial link. If you set the
WAN port address to 0.0.0.0 for a Frame Relay connection, the port is disabled.

To set the IP address, use the following command:

Command> set W1 address Ipaddress

Setting the Destination IP Address

The destination IP address or hostname of the machine on the other end of the
connection is used for leased line connections only. The destination IP address can also
be set to 255.255.255.255 for PPP users. This setting allows the PortMaster to learn the
IP address of the system on the other end of the connection using PPP IPCP address
negotiation.

Do not set a destination IP address for Frame Relay connections. Instead, use the data
link connection identifier (DLCI) list to link IP addresses to DLCIs, or use LMI or
Annex-D and Inverse ARP to discover Frame Relay addresses dynamically. See Chapter
12 “Using Frame Relay,” for more information.

For network dial-in or dial-out connections, do not set a destination IP address for the
port. Instead, you set the destination address in the user table or RADIUS for dial-in, or
in the location table for dial-out. See Chapter 5 “Configuring Dial-In Users” for more
information.

To set the destination IP address for a leased-line connection only, use the following
command:

Command> set W1 destination Ipaddress [Ipmask]

Setting the Subnet Mask

The default subnet mask is 255.255.255.0. If you have divided your network into
subnets, enter the subnet mask that identifies how your network addresses are divided
between the network portion and the host portion. The value of Ipmask is dependent
upon the size of the IP subnet of which the IP address is a member. This setting is used
on network hardwired ports only.

To set the subnet mask, use the following command:

Command> set W1 netmask Ipmask

See Appendix A, “Networking Concepts,” for more information about using subnet
masks.

6-6 PortMaster 4 Configuration Guide

✍

✍

Configuring WAN Port Settings

Setting the IPX Network Address

Note – The PortMaster 4 supports the IPX protocol if it is running ComOS 4.1 or later.
IPX is not supported in ComOS 4.0.

When using IPX, you must identify an IPX network number of the serial link that is
unique from every other IPX number on the network. An IPX network address is
entered in hexadecimal format, as described in Appendix A, “Networking Concepts.”

Note – The serial link itself must have an IPX network number that is different from4
those at either end of the connection.

To set the IPX network address, use the following command:

Command> set W1 ipxnet Ipxnetwork

Configuring RIP Routing

As described in the PortMaster Routing Guide, PortMaster products automatically send and
accept route information as RIP messages.

✍

✍

Note – ComOS 4.1 and later releases support RIP-1 and RIP-2. Earlier releases of
ComOS support only RIP-1.

Turn on RIP routing for the port for network hardwired connections only, such as leased
lines or Frame Relay. Routing is set in the user table for dial-in connections and in the
location table for dial-out connections.

To configure RIP routing, use the following command:

Command> set W1 rip on|off|broadcast|listen|v2
{broadcast|multicast|on|v1-compatibility}

Setting Input and Output Filters

Input and output packet filters can be attached to a synchronous port for network
hardwired ports. Filters allow you to monitor and restrict network traffic. If an input
filter is attached, all packets received from the interface are evaluated against the rule
set for the attached filter. Only packets permitted by the filter are passed through the
PortMaster. If an output filter is attached, packets going to the interface are evaluated
against the rule set in the filter and only packets permitted by the filter are sent out of
the interface.

Note – You must define a filter in the filter table before you can apply it. For more
information about filters, see Chapter 8 “Configuring Filters.”

To apply an input filter to a synchronous port, use the following command:

Command> set W1 ifilter [Filtername]

To apply an output filter to a synchronous port, use the following command:

Command> set W1 ofilter [Filtername]

Configuring a Synchronous WAN Port 6-7

Configuring WAN Port Settings

You can remove filters from the port by entering the command without a filter name. If
a filter is changed, you must reset the port for the change to take effect.

For example, to remove the output filter from a synchronous port, use the following
commands:

Command> set W1 ofilter
Command> reset W1
Command> save all

Note – You must reset the port and re-establish the connection for the new settings to

✍

take effect.

Setting Compression

You can set Van Jacobson TCP/IP header compression and/or Stac LZS data compression
on the port. To set compression, use the following command:

Command> set compression on|off|stac|vj

Van Jacobson TCP/IP header compression and Stac LZS data compression improve
performance on asynchronous lines but can degrade performance on high-speed
synchronous lines.

6-8 PortMaster 4 Configuration Guide

Configuring Dial-Out Connections 7

This chapter discusses how to create locations—settings for dial-out destinations—for
dial-out connections.

This chapter discusses the following topics:

• “Configuring the Location Table” on page 7-1

• “Setting Multiline Load Balancing” on page 7-9

• “Setting Filters” on page 7-10

• “Testing Your Location Configuration” on page 7-11

See the PortMaster 4 Command Line Reference for more detailed command descriptions and
instructions.

You can also configure the PortMaster 4 using the PMVision application for Microsoft
Windows, UNIX, and other platforms supporting the Java Virtual Machine (JVM).
PMVision replaces the PMconsole interface to ComOS.

Configuring the Location Table

A location defines a dial-out destination and the characteristics of the dial-out
connection. Locations control dial-out network connections in much the same way the
user table controls dial-in network connections.

Locations are stored in the location table. All dial-out locations have the following
minimum settings:

• Location name

• Name and password that the local PortMaster uses to authenticate itself to the
remote host

• Telephone number of the remote host

• IP address and netmask of the remote host

• Protocol used for the connection

• Dial group that associates the location with a particular dial-out port

• Maximum number of ports

Locations can also optionally have the following settings:

• Connection type (dial-on-demand, continuous, or manual)

• Routing protocol

• IPX network number

•MTU size

7-1

Configuring the Location Table

• Compression

•Idle timer

• Data-over-voice for ISDN connections

• CHAP authentication

• Asynchronous character map

• Multiline load balancing

Note – The location table is not used for dialing out with the tip command or

✍

UNIX-to-UNIX Copy Protocol (UUCP).

To display the location table, enter the following command:

Command> show table location

A location table display looks like the following. The location table entries shown here
are examples only. PortMaster products have empty location tables by default.

Location Destination Netmask Group Maxcon Type

--------- ------------- ------------- ------- -------- -----------­hq 172.16.1.1 255.255.255.0 1 4 On Demand
sf 192.168.1.21 255.255.255.0 99 1 Manual
sub1 192.168.3.1 255.255.255.0 2 0 Manual
bsp 172.16.1.21 255.255.255.0 99 1 Manual

Creating a Location

You must create a unique dial-out location for each remote host or router you want to
access. Location table entries are identified by this unique location name, which can
contain up to 12 characters.

To create a location, use the following command:

Command> add location Locname

Setting the Connection Type

Because the default method of initiating a connection is manual, you need to use the
dial command to cause the PortMaster to manually dial out to a location. You can

change the connection type as shown in Table 7-1. If you are changing an existing
location’s connection type, verify that the connection is not active.

7-2 PortMaster 4 Configuration Guide

Configuring the Location Table

Table 7-1 Dial-Out Connection Types

Connection Type Description

on_demand This type of connection is automatically started when

packets for the remote location are queued by the
PortMaster.

automatic This type of connection is always active. If the telephone

connection is dropped, the PortMaster initiates a new
connection with the location after a 30-second waiting
period.

manual This type of connection is started when you request a

connection. You can use this configuration to test a
connection or for network callback users. This is the default.

To configure the connection type, use the following command:

Command> set location Locname on_demand|automatic|manual

✍

On-Demand

Dial-on-demand connections to selected locations can save money because the
telephone line is used only when traffic needs to be transmitted. The dial-on-demand
configuration can also be used as a backup for other types of connections such as those
using high-speed synchronous lines. A dial-on-demand connection usually has the idle
timer set so that the connection is closed when no longer needed.

Note – When configuring a dial-on-demand location, be careful not to have the
on-demand location be the route to the loghost, RADIUS server, RADIUS accounting
server, or any host for a port using the PortMaster login or device service, unless you
understand the effect of these services upon dial-on-demand.

If routing for a dial-on-demand location is set to on, listen, or broadcast, the
PortMaster dials out to that location when it boots, to update routing information. The
PortMaster hangs up when the idle timer expires because RIP traffic does not reset the
idle timer.

To configure a location to support a dial-on-demand connection, use the following
command:

Command> set location Locname on_demand

Automatic

To establish an automatic dial-out connection, you must set the location type to
automatic. In this configuration, the PortMaster dials out after it boots and establishes
a network connection to the specified location. If the connection is dropped for any
reason, the PortMaster dials out again and establishes the connection again after a
30-second wait.

Configuring Dial-Out Connections 7-3

Configuring the Location Table

To configure a location to support a automatic connection, use the following command:

Command> set location Locname automatic

Manual Dial-Out

Use manual dial-out to test the connection or if you want the connection to be
established only when you or a network callback user requests. You should test any
connection before configuring it as a continuous or on-demand location.

To configure a location to support a manual connection, use the following command:

Command> set location Locname manual

Note – Disconnect dial-out connections by resetting the port before switching a

✍

connection type from manual to on demand.

Setting the Telephone Number

The telephone number setting is used to dial out to the remote location.

To set the telephone number of the remote location, use the following command:

Command> set location Locname telephone String

Setting the Username and Password

The username and password are what the PortMaster uses to authenticate itself to the
remote host. Note that the username and password you enter here must also be resident
on the remote host in the user table, RADIUS, or other authentication mechanism.

To set the username and password, use the following commands:

Command> set location Locname username Username
Command> set location Locname password Password

Setting the Protocol

The network protocol for a dial-out location is typically set for PPP packet encapsulation,
SLIP encapsulation, or X.75-sync (used in Europe). PPP can be used with IP packet
routing, IPX packet routing, or both. Select a protocol that is compatible with the
remote location.

Note – New location table entries default to PPP.

✍

7-4 PortMaster 4 Configuration Guide

To set the protocol for a location, use the following command:

Command> set location Locname protocol slip|ppp|x75-sync

For more information about setting the location protocol to a Frame Relay subinterface,
see “Frame Relay Subinterfaces” on page 12-8.

Setting the Destination IP Address

The destination IP address is the IP address expected on the system at the remote end of
the dial-out connection.

For PPP connections, you can either specify an IP address or have it negotiated. If you
enter 255.255.255.255 (negotiated) for the destination IP address, the PortMaster learns
the IP address of the remote system during PPP IPCP negotiation.

For SLIP connections and locations set for on-demand dialing, enter the IP address or a
valid hostname of up to 39 characters for the system at the remote end of the
connection.

Note – Assigned addresses are not supported for dial-out locations.

Configuring the Location Table

✍

To set the destination IP address for a location, use the following command:

Command> set location Locname destination Ipaddress

Setting the Destination Netmask

If the host or network on the remote end of the connection requires a netmask, you
must define it in the location table.

To set the destination netmask for a location, use the following command:

Command> set location Locname netmask Ipmask

Setting the IPX Network Number

Note – The PortMaster 4 supports the IPX protocol if it is running ComOS 4.1 or later.

✍

IPX is not supported in ComOS 4.0.

If you use the IPX protocol, you must assign a unique IPX network number to the
network connection between the remote host and the PortMaster. Enter the IPX
network number in the hexadecimal format described in Appendix A, “Networking
Concepts.” The number can consist of up to eight characters. The number is used only
for the serial link, and must be different from the IPX network numbers used for
Ethernets at either end.

To set the IPX network number for a location, use the following command:

Command> set location Locname ipxnet Ipxnetwork

Note – Do not set a value of all 0s (zeros) or all Fs for the IPX network numbers.

✍

Configuring Dial-Out Connections 7-5

Configuring the Location Table

Setting RIP Routing

You can associate RIP routing with locations—for example, a dial on-demand
connection where the remote router is defined as a location on the local PortMaster.

As described in the PortMaster Routing Guide, PortMaster products automatically send and
accept route information as RIP messages, unless configured otherwise.

Note – ComOS 4.1 and later releases support both RIP-1 and RIP-2 on the
PortMaster 4. Earlier releases of ComOS support only RIP-1.

✍

Refer to the PortMaster Routing Guide for OSPF and BGP configuration instructions.

To set RIP routing for a location, use the following command:

Command> set location Locname rip on|off|broadcast|listen|v2
{broadcast|multicast|on|v1-compatibility}

Refer to the PortMaster 4 Command Line Reference for a description of the keywords in this
command. Refer to the PortMaster Routing Guide for a discussion of routing with RIP, and
for OSPF and BGP routing configuration instructions.

Setting the Dial Group

Dial groups associate locations with specific dial-out ports. By default, all ports and
locations belong to dial group 0 (zero). You can configure locations and ports into dial
groups numbered from 0 to 99. Dial group numbers can be used to reserve ports for
dial-out to specific locations, or to differentiate among different types of modems that
are compatible with the remote location.

The dial group associated with a location works with the dial group specified for each
port. For example, you create a dial-out location called home and specify that the dial
group for home is 2. When you configure each port, you can assign the port to a dial
group. Only ports assigned to group 2 are used to dial the location home, while other
ports are not.

To associate a location with a dial group number, use the following command:

Command> set location Locname group Group

Setting the MTU Size

The maximum transmission unit (MTU) defines the largest frame or packet that can be
sent through this port, without fragmentation. If an IP packet exceeds the specified
MTU, it is automatically fragmented. An IPX packet that exceeds the specified MTU is
automatically dropped. PPP connections can have a maximum MTU of 1500 bytes. SLIP
connections can have a maximum MTU of 1006 bytes. With PPP, the PortMaster can
negotiate smaller MTUs when requested during PPP negotiation.

The MTU is typically set to the maximum allowed for the protocol being used. However,
smaller MTU values can improve performance for interactive sessions. During PPP
negotiation, the smaller number is used. If you are using IPX, the MTU must be set to at
least 600.

7-6 PortMaster 4 Configuration Guide

To set the MTU for a location, use the following command:

Command> set location Locname mtu MTU

Configuring Compression

Compression of TCP/IP headers can increase the performance of interactive TCP sessions
over network hardwired asynchronous lines. Lucent implements Van Jacobson TCP/IP
header compression and Stac LZS data compression. Compression is on by default.

Compression cannot be used with multiline load balancing, but can be used with
Multilink PPP.

Compression must be enabled on both ends of the connection if you are using SLIP.
With SLIP, TCP packets are not passed if only one side of the connection has
compression enabled. For PPP connections, the PortMaster supports both bidirectional
and unidirectional compression. Refer to RFC 1144 for more information about header
compression.

The PortMaster supports Stac LZS data compression only for PPP connections with
bidirectional compression. Stac LZS data compression cannot be used for SLIP
connections.

Configuring the Location Table

To configure compression for a location, use the following command:

Command> set location Locname compression on|off|stac|vj

Table 7-2 describes the results of using each keyword.

Table 7-2 Keywords for Configuring Compression

Keyword Description

on Enables compression. The PortMaster tries to negotiate both Van

off Disables compression.

stac Enables Stac LZS data compression only.

vj Enables Van Jacobson TCP/IP header compression only.

To display compression information about a location, enter the following command:

Command> show S0

Setting the Idle Timer

Jacobson and Stac LZS compression. This is the default.

You can set the idle timer for a location with manual or on-demand connections. This
timer defines the length of time the line can be idle, with no network traffic in either
direction, before the PortMaster disconnects the connection. You can set the idle time in
seconds or minutes, to any value from 0 to 240. The default setting is 0 minutes. If the

Configuring Dial-Out Connections 7-7

Configuring the Location Table

value is set to 2 seconds or a longer interval, the port is reset after having no traffic for
the designated time. The idle timer is not reset by RIP or keepalive packets. To disable
the idle timer, set the value to 0.

Note – Idle timers for dial-in connections are set on each port or for specific users. Idle

✍

timers for dial-out connections are set in the location table.

To set the idle time for a location with a manual or on-demand connection, use the
following command:

Command> set location Locname idletime Number[minutes|seconds

Setting Data over Voice

The PortMaster supports data-over-voice for inbound and outbound ISDN connections.
The PortMaster automatically accepts inbound voice calls and treats them as data calls.
You can force a data-over-voice call on an outbound ISDN connection by setting the
capability to on.

To turn on the data-over-voice capability for ISDN connections to a location, use the
following command:

Command> set location Locname voice on|off

For more information on ISDN connections, see Chapter 10, “Configuring T1, E1, and
ISDN PRI.”

Setting CHAP

When you enter a username and password into the location table, they are used as the
system identifier and message-digest algorithm 5 (MD5) secret for CHAP authentication.
You can turn on outbound CHAP authentication and eliminate the need to use the
sysname identifier and user table configurations for CHAP, unless the device being
dialed also dials in to the PortMaster. The default setting is off.

]

To set CHAP authentication for a location, use the following command:

Command> set location Locname chap on|off

Setting the Asynchronous Character Map

The PPP protocol supports the replacement of nonprinting ASCII data in the PPP stream.
These characters are not sent through the line, but instead are replaced by a special set
of characters that the remote site interprets as the original characters. The PPP
asynchronous map is a bit map of characters that must be replaced. The lowest-order bit
corresponds to the first ASCII character NUL, and so on. Most environments must set
the asynchronous map to 0 (zero) to achieve maximum throughput.

To set the PPP asynchronous map for a location, use the following command:

Command> set location Locname map Hex

7-8 PortMaster 4 Configuration Guide

Setting Multiline Load Balancing

You can set several ports to connect to a single location to distribute heavy traffic loads.
This capability is called multiline load balancing. You can define a threshold—known as
a high-water mark—for a location. The high-water mark triggers the PortMaster to bring
up an additional connection to the location when the amount of data specified by the
high-water mark is queued. The PortMaster examines the queue several times a minute
to determine if the high-water mark has been reached.

Load balancing is useful for on-demand routing because additional ports for the location
are added as the load exceeds what can be handled by one port. When the ports are idle
for the time specified by the set location idletime command (see “Setting the Idle
Timer” on page 7-7), all ports used for that connection are timed out simultaneously.

Load balancing can save you money because you do not need to configure your
network to handle the maximum load between locations. Periods of heavy traffic can be
handled by additional ports on an as-needed basis. At other times, the additional ports
can be used for other purposes.

When multiple ports are in use, each packet is queued on the port with the least
amount of traffic in the queue. Ports with very different speeds must not be combined
for load balancing purposes. The overall throughput for a given number of ports is
approximately equal to the number of ports multiplied by the throughput of the slowest
port.

Setting Multiline Load Balancing

The following settings are used to configure load balancing and define when additional
lines to this location are dialed.

Setting the Maximum Number of Dial-Out Ports

To configure load balancing, you must define the number of dial-out ports that can be
used to dial and establish a connection with this location. This setting creates a pool of
ports that can be used at the same time to establish a connection with this location.

If the maximum number of ports is set to 0, no connection with this location is
established. If the maximum number of ports is set to any number greater than one, the
high-water mark is used to determine when additional connections are established with
this location.

When more than one line is open to a given location, the PortMaster balances the load
across each line. When the ports are idle for the time specified by the set location
idletime command (see “Setting the Idle Timer” on page 7-7), all ports used for that
connection are timed out simultaneously.

To set the maximum number of dial-out ports for a location, use the following
command:

Command> set location Locname maxports Number

The Number variable is a value between 0 and 95—the total number of available ports.

Configuring Dial-Out Connections 7-9

Setting Filters

Setting Bandwidth-on-Demand

The bandwidth-on-demand feature provides a way to specify a point at which the
PortMaster establishes an additional line to a location. You use the high_water
keyword to specify the number of bytes of network traffic that must be queued before
the PortMaster opens an additional connection. The PortMaster examines the queue
several times a minute to determine if the high-water mark has been reached.

If you set a very low threshold number, the PortMaster quickly opens the maximum
number of ports you specify for this location. When selecting a threshold, bear in mind
that interactive traffic from login users queues a relatively small number of bytes—only
several hundred—while network users doing file transfers can queue several thousand
bytes of traffic.

This high-water value is used only when the maximum number of ports is greater than
one. The default high-water mark is 0 (zero).

To set the high-water mark in bytes for a location, use the following command:

Command> set location Locname high_water Number

Setting Filters

You can attach input and output filters to each location. Filters must be defined in the
filter table before they can be added to the location table. For more information about
filters, see Chapter 8, “Configuring Filters.” When a filter is changed, all ports in use by
the location must be reset to have the changes take effect.

Note – If a matching filter name is not found in the filter table, this command is not

✍

effective and all traffic is permitted.

Input Filters

Input filters cause all packets received from the interface to be evaluated against the
filter rule set. Only packets allowed by the filter are accepted.

To set an input filter for a location, use the following command:

Command> set location Locname ifilter Filtername

Output Filters

Output filters cause all packets going out to the interface to be evaluated against the
filter rule set. Only packets allowed by the filter are passed out to the interface.

To set an output filter for a location, use the following command:

Command> set location Locname ofilter Filtername

7-10 PortMaster 4 Configuration Guide