USRobotics NETServer-8, NETServer-16 User Manual

1.4 Mb
Loading...

TM

E N T E R P R I S E N E T W O R K H U B S Y S T E M

NETServer/8

NETServer/16

Version

3.1

Command Reference

Copyright 1996 by U.S. Robotics Access Corp.

8100 North McCormick Blvd.

Skokie, Illinois 60076

All Rights Reserved

U.S. Robotics and the U.S. Robotics logo are registered trademarks of U.S. Robotics Access Corp., Total Control is a trademark of U.S. Robotics Access Corp. Any trademarks, tradenames, service marks or service names owned or registered by any other company and used in this manual are the property of their respective companies.

ii

Table of Contents

Warranty and Service

 

Chapter 1

Overview

 

What’s New in 3.1?

1-1

NETServer Overview

1-5

Chapter 2

Basic Installation

 

SystemAdministrator Requirements

2-1

Accessing the Command Line

2-3

Getting Started

2-4

Getting the LAN Port Up and Running

2-5

Recommended Global Configuration

2-11

Chapter 3

Configuration Overview

 

How to Set Up Applications

3-1

The Command Line

3-3

Quick Command Overview

3-5

Overview of Configurable Tables

3-6

Chapter 4 IP Terminal Server Setup

 

Terminal/Workstation Setup

4-1

NETServer Setup (Overview)

4-2

Using Default Hosts

4-3

IP Terminal Server (Detailed Setup)

4-4

Configuring a port

4-4

Adding a Login User to the User Table

4-9

IP Terminal Server Case Studies

4-12

iii

Chapter 5 Network Dial-in Access

Dial-In User Setup

5-1

NETServer Dial-In Setup (Overview)

5-2

NETServer Dial-In (Detailed Setup)

5-4

Configuring a Port

5-4

Adding a Network User to the User Table

5-6

IP Remote Access Case Study

5-11

IPX Remote Access Case Study

5-15

Chapter 6 LAN-to-LAN Routing

Setup for NETServer Routing (Overview)

6-1

An Introduction to NETServer Routing

6-4

PAP and CHAP Authentication

6-9

LAN-to-LAN Routing (Detailed Setup)

6-12

Configuring a Port

6-12

Adding a Remote Device to the Location Table

6-14

Adding a Remote Device to the User Table

6-22

LAN-to-LAN Routing Case Study

6-25

Testing the Connection

6-29

Chapter 7 Talking to the Modems

TCP/IP Modem Sharing

7-1

Implementing Security with Host Device Dial Out

7-3

Configuring Modems as UNIX pseudo TTYs

7-4

Modem Initialization Scripts

7-6

Sending AT Commands

7-9

Chapter 8 Packet Filters

Packet Filter Overview

8-1

Adding Packet Fitlers

8-4

Filter Rule Format

8-6

TCP/IP Rules

8-8

TCP and UDP parameters

8-10

Filtering ICMP packets

8-15

IPX Packet Filtering

8-16

SAP Rules

8-18

Editing Packet Filters

8-19

iv

Chapter 9 Administrative Tools

 

Configuring the !root Account

9-1

Manually Connecting to a Remote Site

9-3

Troubleshooting Commands

9-4

The SHOW commmand

9-11

Chapter 10 Command Reference

Global Configuration

10-1

Hosts Table Configuration

10-13

Location Table

10-14

LAN Port (Net0) Configuration

10-24

Netmasks Table Configuration

10-30

Ports Table (S-port configuration)

10-31

Routes Table Configuration

10-49

SNMP Table

10-54

User Table

10-57

Reference Section

Appendix A Technical Specifications

Appendix B Addressing Schemes

Appendix C Software Download

Appendix D The Boot Process

Appendix E Syslog Accounting

Appendix F RADIUS Security and Accounting

Index

v

Warranty and Service

Limited Warranty

U.S. Robotics Access Corp. warrants to the original consumer or other end user purchaser that all U.S. Robotics Total Control products and parts are free from defects in materials or workmanship for a period of two years from the date of purchase. During the warranty period, and upon proof of purchase, the product will be repaired or replaced (with the same or similar model) at our option, without charge for either parts or labor. This warranty shall not apply if the product is modified, tampered with, misused, or subjected to abnormal working conditions.

REPAIR OR REPLACEMENT AS PROVIDED UNDER THIS WARRANTY IS THE EXCLUSIVE REMEDY OF THE PURCHASER. THIS WARRANTY IS IN LIEU OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE OR PURPOSE, AND U.S. ROBOTICS SHALL IN NO EVENT BE LIABLE TO PURCHASER FOR INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND OR CHARACTER.

Some states do not allow the exclusion or limitation of incidental or consequential damages or allow limitations on how long an implied warranty lasts, so the above limitations or exclusions may not apply to you. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state.

vi

Service and Support

To obtain service, contact the U.S. Robotics Systems Product Support Department as described below. Whichever method you use to contact us, please have the product serial number(s) available.

Technical Support

For technical assistance, contact USR in one of the following ways:

Mail

8100 North McCormick Blvd.

 

Skokie, Illinois 60076-2999

E-Mail

support@usr.com

Toll-Free Line

800-550-7800

Fax

847-982-0823

BBS

847-982-5092

Fax on Demand

800-762-6163

America Online

Keyword USROBOTICS

CompuServe

GO USROBOTICS

Anonymous FTP

ftp.usr.com* Username=Anonymous

 

Password=your internet address.

World Wide Web

http://www.usr.com

 

*The FTP is for downloading files only.

If the support representative determines that you should send your equipment to USR for service, you will be given a Service Repair Order (SRO) number to help track your service request. Once you have received an SRO number, take or mail the product, postage prepaid, to U.S. Robotics at the above address. Include proof of the date of purchase.

IMPORTANT: If you ship your unit, pack it securely, be sure your SRO number is visible on the outside of the package, and ship it charges prepaid and insured.

vii

We welcome your suggestions for better documentation

Every effort has been made to provide useful, accurate information. If you have any comments or suggestions, please let us know.

By voicemail:

(708) 933-5200

Via the Internet:

sysdocs@usr.com

viii

Chapter 1

Overview

This chapter provides an overview of the Total Control NETServer/8 and NETServer/16. It also contains information on what’s new in version 3.1 of the NETServer firmware.

What’s New with Release 3.1?

Release 3.1 supports the following new features:

Classless InterDomain Routing and Host-based routing via the Netmask Table.

IP address spoofing.

Support for RADIUS accounting servers, ANI/DNIS, and ICMP message logging.

Support for a secondary and a tertiary name server.

Randomized use of Default/Alternate Hosts for load balancing.

New Modem Port Features

Additional Software Enhancements

NetBIOS over IPX support

PAP enable/disable

Pre-allocated system netbufs increased from 1000 to 1400

Rezero network statistics and session statistics saved until next call

Unidirectional Van Jacobson compression

Users set to Prompt may specify a TCP port with the host name or IP address when using Telnet

Overview 1-1

Netmask Table

CIDR (Classless Interdomain Routing) or host-based routing requires special netmasks. Special netmasks may also be useful for debugging.

The Netmask Table allows you to configure netmasks for CIDR or host-based routing as needed. RIP messaging/dynamic route information must be active for host-based routing.

IP Address Spoofing

The NETServer may now be configured to spoof a single IP address. When the NETServer identifies itself to remote routers or other remote devices, it uses this IP address rather than the IP address of its LAN interface.

IP address spoofing is useful when more than one NETServer must appear to be a single router or other device to remote networks and other routers.

Accounting Servers

The NETServer supports the following new features:

Log accounting information to a RADIUS accounting server such as the security feature of U.S. Robotics Total Control Manager.

ANI and DNIS call information

Log ICMP error messages to a UNIX Syslog server

Accounting Server Support

The NETServer now supports event logging. You can configure the NETServer to send event information to a Total Control Accounting Server or a UNIX accounting server. You can also configure the NETServer to send the event information to an alternate accounting server if the primary server is unavailable.

Event logging is performed by transmitting a record containing event information from the NETServer client to an accounting server. TCM uses the RADIUS client/server model for this feature.

1-2 Overview

RADIUS Accounting and ANI/DNIS

Release 3.1 of the NETServer supports the current RADIUS Accounting Internet Draft. The NETServer can generate appropriate Code 4 Accounting-Request and Code 5 Accounting-Response messages for properly configured RADIUS servers.

The NETServer’s RADIUS implementation also supports ANI and DNIS services.

ICMP Message Logging

If your system uses syslog network accounting, you can configure the NETServer to send ICMP error messages to the syslog server.

Multiple Name Servers

Release 3.1 of the NETServer supports up to two name servers. The first is a primary name server, and the second is a backup server that is used when the primary name server is unavailable.

Note: The NETServer does not support more than one name service at a time (DNS and NIS cannot both be running).

Randomized Hosts

You can now relieve the burden on frequently-used global default, port default and RADIUS user table hosts, by randomizing the selection of the host chosen for user sessions. When this feature is enabled, a preferred host will be randomly chosen from among the default and alternate hosts defined rather than always preferring the default host.

Overview 1-3

New Modem Port Features

Release 3.1 of the NETServer Command Line and NETServer Manager software now support the following modem port features:

Download new firmware to the modems using NETServer Manager (windows software) version 3.2 or later.

You can now send AT commands directly to the modems from the NETServer’s command line.

Detect and flush of stopped ports

Dialback delay

Port status display shows current and configured status

Ports reset if Carrier Detect is lost before a user connects to a host

Support for of up to eight Alternate Hosts

1-4 Overview

NETServer Overview

The NETServer allows you to implement four basic applications: IP Terminal Service, IP modem sharing, IP/IPX Network Dial In, and IP/IPX LAN-to-LAN routing. Everything else it does is based on one of these four.

IP Terminal Service

Remote terminals can log into an IP host on the NETServer’s local network as of they were physically connected to it. To do this, the NETServer receives TTY terminal output (keystrokes) over a dial up line. It then forwards the terminal output to the host using a virtual terminal protocol (login service) like Telnet or Rlogin. Since the connection is bi-directional, the terminal also receives the host’s responses.

Overview 1-5

IP Modem Sharing

Hosts on a local IP network can use a chassis modem to dial out. Moreover, the NETServer can create pools of modems that can be used by local hosts on a first come, first serve basis.

To do this, the NETServer allows the host to establish a virtual terminal session with the modem. The host can then interact with the modem’s command line and from there, dial out.

On a UNIX host, you can install a pseudo TTY driver that allows the host to interact with this virtual terminal connection as if it was actually a serial port. This makes the modem appear to be directly connected to the host.

Network Dial In Access

Remote IP and IPX users can dial in and attach to the local network as if they were local nodes. IP and/or IPX packets are transmitted over a dial in connection encapsulated in a serial line networking protocol (PPP or SLIP). When received by the NETServer, the IP and IPX packets are forwarded from the remote user to the LAN and vice versa.

1-6 Overview

Dial-Up Routing

The same routing engine that allows network dial in access allows the NETServer to establish dial up routing sessions with remote networks. Such connections can be maintained continuously or established on an on-demand basis and torn down when not needed.

How do I get there from here?

Configuring any of these applications on a NETServer is a threestep process:

1.Perform basic configuration for the NETServer. This includes configuring it to talk to your LAN and setting global user and global routing parameters. You can begin this process by going to Chapter 2.

2.Configure modem “S-ports” to support the application

3.Configure user table entries for dial in connections and IP modem sharing, location table entries for dial out routing.

Steps 2 and 3 are covered by application in chapters 4 through 7.

Overview 1-7

Security

The NETServer supports IP and IPX packet filtering in both the inbound and the outbound directions of ports, users, and dial out locations. Packet filter configuration is discussed in Chapter 8.

The NETServer also supports the use of a centralized RADIUS security server, allowing you to create a single account for each user rather than multiple user accounts on multiple NETServers. RADIUS security is discussed in Appendix F.

Administrative Utilities

The NETServer’s command line includes an assortment of utilities for troubleshooting connections including:

The ability to manually dial a location to test connectivity

The ability to use Telnet, Rlogin or PortMux to establish a session with another host from the NETServer’s command line.

UNIX-like troubleshooting commands including ifconfig, ptrace, ping and traceroute for debugging IP connections.

These commands are contained in Chapter 9, along with instructions for customizing the supervisor account.

1-8 Overview

Chapter 2

Basic Installation

This chapter contains information on the following:

SystemAdministrator Requirements

Logging into the supervisor account for the first time

Getting the LAN port up and running

Recommended Additional Configuration

System Administrator Requirements

In compiling this manual, we have had to make certain assumptions about the knowledge of users who will install the product. The documentation assumes that the system administrator is familiar with Novell networks and/or IP networks, as well as networks in general. Novell offers a variety of programs to certify administrators in network technology. TCP/IP information is available from a variety of sources, some of which are covered below.

After reviewing this manual, users should decide if their ability is sufficient to handle the technical details of installation. If the assistance of a qualified professional is needed, we recommend that you consult with your nearest authorized U.S. Robotics Platinum reseller for advice. For a service fee, U.S. Robotics also offers qualified engineering assistance on site. Contact Systems Product Support at (800) 231-8770 for more information.

Basic Installation 2-1

TCP/IP Reference Material

It is the responsibility of the Network Manager to devise an addressing strategy appropriate for the size and growth potential of the network. We recommend the following reference material for TCP/IP:

Comer, D.E., Internetworking with TCP/IP Volume I: Principles, Protocols and Architecture, Prentice-Hall, Englewood Cliffs, New Jersey, 1995.

IP machines and networks that will be attached to the Internet must obtain registered addresses from the Internet’s Network Information Center. They can be contacted at the following address and phone number.

Network Solutions

InterNIC Registration Services

505 Huntmar Park Drive

Herndon, VA 22070

1-703-742-4777

However, for networks with only a few IP machines, it is probably better to contact your local Internet access provider and let them handle the details.

2-2 Basic Installation

Accessing the Command Line

To configure the NETServer from the command line, you must log in as the supervisor.

1.In order to login, you need a login prompt. There are three ways to get one:

Attach the provided serial cable to the CONSOLE port and attach the other end of the cable to a terminal (or a PC running terminal emulation software such as Windows Terminal). See the Quick Start Guide for more information.

Using communications software, dial into any modem port that is configured to support user login or network dial in (by default, they all are). The data format is 8 data bits, 1 stop bit and no parity (8-N-1).

If you have configured the LAN port (Ethernet interface) to communicate with a local TCP/IP network, you can Telnet to the NETServer using the address assigned to this port. For information on configuring the LAN port, see Getting the LAN Port Up and Running, later in this chapter.

Note that if you are just turning the NETServer on, it may take a few seconds after the NETServer begins to boot before the login prompt appears. If the login prompt does not appear, try hitting the Enter key.

2. Login as the supervisor/superuser by typing the following:

!root Enter

(Must be all lower case!)

3.The password prompt appears. The default is no password at all. If you have changed the password for the !root account, type the new password in and press the Enter key.

Otherwise, just press

Enter

4.The “Command>” prompt appears. The NETServer is now ready to be configured.

Basic Installation 2-3

Getting Started

Name your NETServer. Among other things, this name will be used for the NETServer’s DNS system name and its SNMP system name. It is also the name that the NETServer will advertise in SAP broadcasts. No other device on your network should be using this name. Use the following command:

set sysname <name (up to 32 characters)>

Enter

The next thing you need to do is get your NETServer talking to the network attached to its LAN port. This section below titled

Getting the LAN port up and running contains the minimum configuration needed to allow the NETServer to talk to your Ethernet or Token Ring LAN. Keep in mind that these may not be the only parameters you’ll want or need to set—just the ones you must set. A complete listing of LAN port parameters can be found in Chapter 10.

Once you have configured the NIC interfaces, we recommend that you proceed to global configuration. The parts of this that most administrators will want to do right away can be found later in this chapter under Recommended Global Configuration. A more complete listing of global parameters can be found in Chapter 10.

2-4 Basic Installation

Getting the LAN port up and running

First step for IPX or IP/IPX networks

If your network uses the IPX protocol, you must enter the IPX network number of the segment the NETServer connected to the NETServer’s LAN port. You can find this network number using Novell’s CONFIG utility.

For File Servers Running Novell Version 3.xx

1.Go to the console of a file server that is on the same network segment that the NETServer is on.

2.From Novell’s Console program press CTRL-ESC, then ESC, until the : (colon) prompt appears. Select System Console and press the Enter key.

3.Type the following:

CONFIG Enter

A display similar to the one shown below appears:

File server name: USR_SERVER_ONE

IPX internal network number: 0000000A

Western Digital Star EtherCard PLUS Driver v2.05 (910424) Hardware setting: I/O Port 300h to 31Fh, Memory CC000h to Cffffh, Interrupt Ah

Node address: 0000C0488D28 Frame type: ETHERNET_802.3 Board name: TENBASE_802.3

LAN protocol: IPX network 00000255

Western Digital Star EtherCard PLUS Driver v2.05 (910424) Hardware setting: I/O Port 300h to 31Fh, Memory CC000h to Cffffh, Interrupt Ah

Node address: 0000C0488D28 Frame type: ETHERNET_802.2 Board name: TENBASE_802.2 LAN protocol: RPL

LAN protocol: IPX network 00000684

Basic Installation 2-5

This is an example of the information returned for one version 3.xx card that has two different frame types. The card has one port address, but two LAN protocol network addresses, one for each frame type. The network number for 802.3 is 00000255, and for 802.2 it is 00000684.

4.Write down the LAN protocol IPX network number for the frame type you want to use.

For File Servers Running Novell Version 2.xx

1.Go to the console of a file server that is on the same network segment that the NETServer is on.

2.Press CTRL-ESC until the : (colon) prompt appears.

3.Type the following:

CONFIG Enter

A display similar to the one shown below appears:

LAN A Configuration Information:

Network Address: [0788] [002608C0D53F4z]

Hardware Type: [3Com 3C505 EtherLink Plus (Assy 2012 only) V2.30EC (880813)]

Hardware Setting: IRQ=5, IO=300h, DMA 5

The above example only has one frame type, so the network address is 0788.

4.Write down the network address for the frame type you want to use.

2-6 Basic Installation

IP Configuration

1.IP Network Address: You must assign an IP address to the NETServer’s LAN interface (Ethernet or Token Ring port).

Type the following:

set net0 address <IP address>

Enter

If your network does not use IP, you may choose whatever address you like. See Appendix B for some basics on TCP/ IP addressing. However, if you want to connect the NETServer to the Internet (even indirectly), the address must be unique in the world. To obtain such an address, contact your local Internet service provider. If you need a large number of IP addresses, you may want to contact the InterNIC (see the beginning of this chapter for their address).

Example:

set net0 address 192.77.203.200

Enter

2.You must set the LAN port’s subnet mask. The default is 255.255.255.0, which would be appropriate for a Class C network with no subnetting or for Class C size subnets of larger networks. You must change this value if the network attached to the NETServer’s LAN port uses a different subnet mask. To change the Netmask, type the following:

set net0 netmask <netmask>

Enter

Example:

set net0 netmask 255.255.255.0

Enter

Basic Installation 2-7

3.You must also set the Broadcast Address. Type the following:

set net0 broadcast <high or low>

Enter

High The bits of the host portion of a broadcast address are all ones. This is the rule for the vast majority of IP networks.

Low The bits of the host portion of a broadcast address are all zeroes. This is rare, but is still used by some systems including Sun OS 4.x (Solaris 1.x).

For example, the node 192.77.203.7 uses the default subnet mask of 255.255.255.0, which would give it a high broadcast address of 192.77.203.255 and a low broadcast address of 192.77.203.0. To use the address ending in 255:

set net0 broadcast high

Enter

4.If your network does not use the IPX protocol, you may now go to Final Steps. Otherwise complete the steps in the next section, IPX Configuration.

2-8 Basic Installation

IPX Configuration

IMPORTANT: Even if your network uses only the IPX protocol, you must set up an IP address for the NETServer if you want to use the Windows-based management software. If you have not already done so, perform step 1 under IP Configuration.

1.IPX Network Frame Type: This is the IPX frame type of the network segment connected to the NETServer’s LAN port.

set net0 ipxframe <frame type>

Enter

Valid frame types are:

ethernet_802.3 ethernet_802.2 ethernet_802.2_II ethernet_II

Example:

set net0 ipxframe ethernet_II

Enter

2.IPX Network Number: This is the network number of the network segment connected to the NETServer’s LAN port. Note that the same physical network segment will have a different network number for each frame type used. Be sure to select the network number associated with the frame type selected above. Type the following:

set net0 ipxnet <network number>

Enter

<Network Number> is the number you obtained by following the instructions titled First Step for IPX Networks. If you have not already obtained this number, do so now.

Example:

set net0 ipxnet 00000684

Enter

Note that the preceding 0’s in this example could have been omitted. The NETServer would have accepted “684” as the correct IPX Network Number and filled in the preceding 0’s.

Basic Installation 2-9

Final Steps

Save your configuration and reboot the NETServer. Note that the LAN port settings are the only configuration changes that will require rebooting the NETServer.

To save your changes, type the following:

save all

Enter

Wait until the RN/FL LED is green. Rebooting the NETServer while a save is in progress could cause the flash memory to be corrupted. When the LED is green, type the following:

reboot Enter

Note that the NETServer may respond with a command prompt to indicate that it has received the reboot command, but you will not be able to access the NETServer until it finishes rebooting.

When the NETServer finishes rebooting, the login prompt will reappear.

From this point on, configuration can also be done from the Windows-based NETServer Manager software. If you would rather configure the NETServer from Windows, proceed to the

Installation and Recommended Configuration sections of the NETServer Windows Software Guide.

2-10 Basic Installation

Recommended Global Configuration

Following is a list of global fields that we recommend you configure.

Password

This is the password for the superuser (supervisor) account. If a password has been set, it must be entered when logging into the NETServer from either the command line or from the Windowsbased software. The default is none. The password can be any combination of up to 15 ASCII characters. Type the following:

set password <password>

Enter

Do not forget your password. If you do you will have to erase all configuration information saved in flash memory - set DIP switch #4 in the bottom row of DIP switches ON (down) and reboot the NETServer. If you do not have your NETServer’s configuration saved to disk (using the NETServer Windows software), you will have to start all over again.

IP and IPX Default Gateways

If the NETServer does not know where to send a packet, it forwards the packet to the default gateway or router defined in this step. Default gateways must be on the same subnet as the NETServer.

You must also enter a metric (hop count) for each type of default gateway. Possible values range from 1 (default) to 15. Note that since the actual metric of a default gateway is only 1 hop, the value entered here is used to control the perceived cost of the gateway to other routers on your network. For example, a high metric will limit the number of hops that the route is broadcast and may cause other routers to see it as a less preferable route.

If the NETServer is configured to listen for IP default route broadcasts (see Global Configuration, Default Route in Chapter 10), the IP Default Gateway can be overridden by a default route broadcast with a lower hop count.

Basic Installation 2-11

To set the IP gateway, type the following:

set gateway <IP address> <metric>

Enter

The following example configures an IP default gateway whose cost is prohibitive to all but the closest subnets:

set gateway 192.77.203.200 12

Enter

To set the IPX gateway, type the following:

set ipxgateway <IPX node address> <metric>

Enter

The IPX node address is the full hex IPX node address, in other words:

8 digit network number:12 digit node MAC address

The following example sets up a default gateway on network number A34. Note that the preceding zeros could be omitted:

set ipxgateway 00000A34:000000123456 1

2-12 Basic Installation

Name Service

This is the server that translates your host names into their corresponding IP addresses.. The NETServer supports two types of name services¾DNS and NIS. NIS is also sometimes referred to as Yellow Pages (YP).

If you are using DNS, type

set namesvc DNS Enter

If you are using NIS, type

set namesvc NIS

Enter

You must also identify the name server and domain name used by the name service. The name server (the computer responding to name service queries) is indicated by its IP address. The domain name is the domain that the NETServer belongs to.

Type the following lines. Follow each with the Enter key.

set nameserver <IP address> set domain <domain name>

Note: The name server will only be consulted to resolve host names not found in the hosts table. If you are using a name service, the hosts table may be left empty.

Save your work

Once you are done setting the desired parameters, you can save your changes to flash memory by typing the following:

save all

Enter

Basic Installation 2-13

2-14 Basic Installation

Chapter 3

Configuration Overview

The internal firmware lets you manage and configure the NETServer by typing commands. This chapter covers the following:

How to set up applications

Issuing commands

Quick Command Overview

Overview of configurable tables

How to Setup Applications

There are three applications the NETServer is designed to handle: user dial in access, modem sharing, and LAN-to-LAN routing. All other applications are variations on one of these.

Applications - Each modem can be configured for one or more of these

User Dial In Access

 

IP Modem Sharing

 

 

 

LAN-to-LAN Routing

Configuration for each of these applications is a two step process:

1.Configure one or more modems to support the application. Note that modem ports may be configured to support multiple applications at the same time.

2.Add user table or location table entries or both, depending on the application.

Configuration Overview 3-1

Where do I go from here?

Each of the three applications has a section of this manual devoted to its setup. If you want to begin configuration immediately, you may go to one of the chapters listed below:

Application

Section

 

 

User Dial In Access

Chapters 4 and 5

LAN-to-LAN Routing

Chapter 6

IP Modem Sharing

Chapter 7

 

 

Note that there are actually two Chapters for user dial in access. They cover two very different types of user: login users and network dial in users.

Login Users

These are users requesting terminal access to an IP host. They dial into the NETServer and are connected to the requested host with a login service such as Telnet or Rlogin. Note that these users don’t need an IP address, since they aren’t actually attaching to the network.

Dial In

Users

(See Chapter 4 for setup)

Login Users

Terminal-style login

using a service such

as Telnet or Rlogin

Network Dial In Users

Use PPP or SLIP to

become a virtual node

of the network

(See Chapter 5 for setup)

Network Dial In Users

These users actually pretend to be nodes, complete with addresses, on the network. They do this by using PPP or SLIP to send network packets over the phone lines. Since all IPX users attach to the network and have addresses, All IPX users are of this type.

3-2 Configuration Overview

The Command Line

The Command Line Interface is similar to DOS, UNIX or Netware in that you can type commands to view information, change settings and so on.

Commands are not case sensitive

You can type any command in upper or lowercase.

Table entries are case sensitive, however. For example, “SASHA,” “Sasha” and “sasha” are three different users (or locations).

You can abbreviate commands

You can abbreviate most commands and command options with the first two or three letters that distinguish that command from any other command. For example, you need only type set net0 addr to set the NETServer’s IP address (the full command is set net0 address).

IMPORTANT: Make sure that your abbreviation is long enough to distinguish the command from any similarly spelled commands. For example, if you typed IPX to set the IPX network number, you’ll get an error message. This is because you could be referring to any one of the following commands: ipxnetwork, ipxgateway, or ipxframe.

Separate a parameter and its value by a space

Do not use an equal sign ( = ) or any other punctuation mark between a parameter and the value to be set. For example, you should type the following:

set user fredb service netdata

Enter

You should not type the following:

set user fredb service=netdata

Enter

Configuration Overview 3-3

Save your changes

You can save all of your changes, or you can save changes to a specific table only.

Note: We recommend using save all. If you save tables individually, the space used by the previous version of the table is not freed up. Issuing the save all command frees up any unused space before saving.

save all

save all configuration data

save s<port #>

save a port’s configuration

save filter

save all of the packet filters

save global

save the global table

save host

save the hosts table

save ipxroute

save the IPX routes table

save location

save the location table

save netmask

save the netmask table

save routes

save the IP routes table

save snmp

save SNMP configuration

save user

save the User Table

Reset any ports you have changed

If you make changes to any port, you must reset the port before the changes take effect. This will close any active connections on the port!!!

reset all

S-ports (s0 through s16)

reset s<port #>

a specific S-port

reset n<connection handle>

an active connection

 

(find handle with show netconns)

Reboot when necessary

The only changes that require rebooting the NETServer are changing its LAN port (Net0) configuration. If you change the Net0 configuration, save your work and then type the following command:

reboot

How to log out of the command line

When you are done configuring the NETServer, you may exit the command line interface by typing done, exit, or quit.

3-4 Configuration Overview

Quick Command Overview

The NETServer’s configuration data is stored in several tables, including the user table and the location table among others. To change most parameters in these tables, use the set command:

set <user | location | port | etc.> <parameter name> <value>

For example:

set net0 address 192.77.203.5

set user John password Bumblebees

Some things, like individual locations and users, must be created before they can be configured. The following command is used:

add <user | location | filter | etc> <name>

Names are case sensitive!!! Note that anything that can be added can also be deleted.

delete <user | location | filter | etc.> <name>

You can view current configuration information using the show command. For example:

show net0 show user John show ipxroutes

A complete listing of commands and options may be found in the back of the Quick Start Guide. Help for any of these commands is available using the help command. For example:

help set help set user help add help delete help show

Configuration Overview 3-5

Overview of configurable tables

This section contains a brief description of each of the NETServer’s internal databases.

Global Configuration

The Global Configuration table lets you configure parameters that apply to all ports, such as the Name Service (if any) your network uses, default gateways through which to forward packets, and so on. You can also set the Global Default Host that login users may establish a session with, as well as the NETServer’s password.

RADIUS Configuration

The Global Configuration table also allows you to designate a RADIUS security server. A RADIUS security server will allow you to maintain users in a single, centralized users file rather than updating the users tables for several different NETServers independently.

You may also specify a RADIUS network accounting server.

Hosts Table

The Hosts Table is a list of local hosts. The table is used to translate names to IP addresses and vice versa. This allows users and administrators to type host names rather than addresses.

This is especially useful if the network does not have a name service such as NIS or DNS. If your network has a name server, the NETServer tries to match the host name with an IP address using the Hosts Table before using the name server.

Note that IPX networks do not use this table since SAP automatically provides the functionality of a name service.

3-6 Configuration Overview

Initialization Script Configuration

A Port Initialization Script is a string of text that is sent to a modem (or S0, the external serial port) each time the port is reset (a modem resets itself every time it disconnects).

Initialization scripts for the modems will probably contain the AT commands needed to configure them for use on your network.

Location Table

The location table stores information about remote sites that the NETServer needs to dial out to. The table is used during LAN- to-LAN routing, to tell the NETServer how to dial out to and communicate with a remote location. It is also used for dialing back network dial in users. Each location is configured with parameters such as what addresses and which protocol to use for the connection. A dial script for each location contains instructions on how to dial out to and sometimes even how to log into a remote host.

Net0 (LAN Port) Configuration

The Net0 Port Configuration table configures the LAN Interface. These settings reflect how the LAN attached to the NETServer is configured and include, for example, what protocol the LAN is using (IP, IPX, or both).

Netmasks Table

The netmasks table is used when you want to employ Classless InterDomain routing (also called Supernetting). Supernetting is a specialized IP addressing technique used by some Internet service providers. The technique requires that special netmasks be defined using the netmasks table.

See Appendix B For more information on supernetting.

Configuration Overview 3-7

Packet Filter Table

Packet filters may be created to control which packets are permitted to pass through given interfaces. Packet filters created in the Packet Filter Table screen are used in the following Tables:

Net0 (LAN port) Configuration—to control what packets may pass through the LAN interface to the local network (output filter) or from it (input filter)

Location Table—to control what packets are received from the remote location (input filter) and what packets are sent to it (output filter)

Ports Table—to control what hosts a user can access, or if the port is set to Hardwired, to control what packets are received from the remote location (input filter) and what packets are sent to it (output filter)

User Table—for a Login User, to control what hosts the user can access, or for a Network User, to control what packets are received from the remote location (input filter) and what packets are sent to it (output filter)

3-8 Configuration Overview

Port Configuration

Port Configuration controls the modem ports and the external serial port. The configuration of these ports reflect what applications a given modem can be used for.

Port Type

Three fields determine which type of services a modem will support: User Login, Host Device, and Network. The default configuration is:

Host Device

Disabled

User Login

Enabled

Network

Dial In

User Login

A user login port services login users. As explained at the beginning of this chapter, login users are provided terminal access to hosts on the network, but do not actually become nodes on the network.

Host Device

Host device ports are used for IP modem sharing. A TCP port number is assigned to the modem, allowing users and applications to talk directly to its command line.

Network

Network ports are used for routing network (IP and IPX) packets via a serial communications protocol (PPP or SLIP). Both LAN-to-LAN routing and network dial-in users require this kind of connection. There are three types of network port: dial in, dial out and hardwired. A fourth setting, network twoway, allows both dial in and dial out service.

Dial In

Network dial in ports service network dial in

 

users and remote routing devices that dial in to

 

form a routing connection.

Dial Out

Network dial out ports are used to initiate dial up

 

routing connections and to dial back network dial

 

in users.

Configuration Overview 3-9

Hardwired A hardwired port is a serial port that is connected directly to another device via a serial cable (this is only possible on S0). Note that both Host Device and User Login must be disabled on Hardwired ports.

Routes Table

The routes table contains both static and dynamic routing information. Dynamic routes are updated by RIP broadcasts received from other routing devices on the network. Static routes are routes added to the table by hand. A static route to a given location will override a dynamic route that RIP generates.

Static routes to a given location are required when the location is not running RIP or when the NETServer is not listening for RIP broadcasts on the given interface. Without RIP protocol messaging, the NETServer cannot gather information on the location of other routers, gateways, and remote hosts and must know exactly where to send a packet.

See An Introduction to NETServer Routing in Chapter 6 for an overview of the routing process.

SNMP Configuration

The NETServer provides support for the Simple Network Management Protocol (SNMP) and industry standard MIB-II variables. These variables are fully described in your MIB-II documentation.

The SNMP Configuration commands let you configure what SNMP servers (if any) are permitted to make SET and GET requests, as well as what Read and Write Communities.

3-10 Configuration Overview

User Table

The User Table contains authentication and configuration information for two types of users: Login Users and Network Users. Note that you cannot have a Login User with the exact same name as a Network User.

Login Login users are remote users dialing in to request terminal service from an IP host. Once such a user is authenticated, he or she is connected to a host with a login service such as Telnet or Rlogin.

Network Network users are remote users dialing in to become a virtual node of the local network. Such a user may be an individual attaching to the network or an entire LAN dialing in to route packets onto the local network.

Keep in mind that entries in the user table will usually override the settings for the port the user is connected to.

Configuration Overview 3-11

3-12 Configuration Overview

Chapter 4

IP Terminal Server Setup

If you have workstations or terminals at a remote site that require access to a host on the local network, you can configure the NETServer to function as a terminal server.

Terminal or Workstation Setup

A.The remote user should get the following information from the NETServer’s system administrator:

The user name and password that he or she will use.

The telephone number of the NETServer the user must dial into.

If the terminal or workstation user will be able to choose which host he or she will log into for a given session, the IP address or name of each possible host must also be known.

B.The dial in workstation or terminal should be configured for the following communications parameters:

8 bits, No parity, and 1 stop bit

Hardware (RTS/CTS) flow control

Normal Carrier Detect

Hang up and reset when DTR drops

Note that although these settings are the defaults, you can change the NETServer’s communications parameters if you want to. See Port Configuration, Serial Communications Parameters in Chapter 10 and your modem reference material for more information.

IP Terminal Server Setup 4-1

NETServer Terminal Server Setup (Overview)

A.Find out what kind of terminals are being used (or what kind of terminal will be emulated). If you don’t know the terminal emulation to use, you can also choose to go with standard Network Virtual Terminal emulation (ASCII only dumb terminal).

B.Make sure that the hosts support the login service(s) that you will use to log into them. Virtually all IP machines support Telnet. Rlogin is standard to most UNIX machines and has spread to some other IP machines. PortMux requires that a host have the PortMux daemon (in.pmd) running. You can find the PortMux daemon on the U.S. Robotics web site.

A fourth service, Netdata, does not require that the host be running a “Netdata” service. Instead of talking to such a service, Netdata (also called Clear TCP ) exchanges data directly with a given port number on the host. Netdata does, however, require that the specified TCP port number actually be an accessible process or device on the host.

C.Configure a port for a connection. See Configuring a Port, later in this chapter. This includes setting a default login service and default hosts for the port, as well as configuring a login message (banner) and login prompt. The default login message is none, or no login message. The default login prompt is login:.

D.Create a user entry in the User Table for the remote user. See Adding the Login User to the User Table, later in this chapter. A login user table entry defines a host and login service for an individual user.

4-2 IP Terminal Server Setup

A Note About Hosts

When a login user dials in, he or she is forwarded to a host. Which host the user is forwarded to depends on several things. The NETServer first attempts to find host information in the individual’s user table entry. If the user table shows a host of Default, the NETServer checks the host setting for the port the user is connected to.

User Table

set user <name> host <default | prompt | IPaddress>

default

Port Default

set s<port #> host <default | prompt | IPaddress>

default

Global Default

set host <IP address>

If the port shows a host of Default, the NETServer uses the Default Host defined in Global Configuration. Note that it is possible that no host will be defined in any of these places. If this is the case, the NETServer will return to the login prompt. The user will not be allowed to log in unless he or she enters a user name/password for a user with a host defined.

IP Terminal Server Setup 4-3

Terminal Server (Detailed Setup)

The following section give details on configuring the NETServer as a terminal server from the command line. For instructions on how to attach to the command line software, see Connecting to the Command Line in Chapter 2.

Configuring a Port

Ports used for terminal service must be configured as User Login ports.

Step 1 - Set the port type to User Login

The following command configures a port for terminal service:

set s<port #> login

Step 2 - Set the port’s security (Pass-Thru Login)

This setting determines what the NETServer will do with users who are not in its User Table. You can turn security on or off.

On If a user does not enter a user name/password pair that can be found in the NETServer’s user table, check with the RADIUS security server (if present). The connection is terminated for all users who are not in either the NETServer’s user table or the RADIUS database. Use the following command:

set s<port #> security on

Off (Default) Do not consult RADIUS. Anyone dialing in to this port who does not enter a valid user name and password will be connected directly to the Port Default Host without being authenticated.

set s<port #> security off

4-4 IP Terminal Server Setup

Step 3 - Create default user settings for the port

If you turned security off in Step 2, port defaults must be set to tell the NETServer what to do with users not in the user table. If security is on, these settings are optional.

Users who are in the NETServer’s user table may also use some of these settings.

Port Default - Host

The port default host is for users not in the user table and for users whose user table entries specify a host of Default. You may choose a host of Default, Prompt, or a specific IP address. Use the following command:

set s<port #> host <host type>

Default Users are passed on to the Default Host defined in the Global Configuration table. (Default)

If the Global Default Host is not available, users are passed on to one of the Global Alternate Hosts (if specified).

set s<port #> host default

Prompt As soon as a user connects with the NETServer, he or she is given a Host: prompt. Users type the name or IP address of the host they want.

Note that since the host prompt appears before the login prompt (before the NETServer knows who the user is), even users who have a host specified in the user table will be prompted for a host. However, a host specified in the user table will always override the value entered here.

set s<port #> host prompt

IP Address Users are connected to a specific host other than the default host. Type in the IP address of the specific host.

set s<port #> host <IP address>

IP Terminal Server Setup 4-5

Port Default - Login Service

The NETServer uses the service specified here to connect users not in the user table with the port default host. Users with user table entries will not use this setting This setting is never used when Security is set to On. Note that the remote terminal or workstation does not need to know how to use this service since it talks directly to the NETServer, not the host. Use the following command:

set s<port #> service_login <login service> <TCP port#>

<TCP port#> is the port number on the host you want to connect to. It is optional unless you choose Netdata as the login service.

<login service> is one of the following:

Telnet

Supported by most TCP/IP computers, Telnet lets

 

the user log in to hosts that support it. If you set a

 

terminal type (see Term Type below), Telnet will pass

 

that information along. Otherwise, it negotiates a

 

standard, Network Virtual Terminal interface.

Rlogin

Although Rlogin was originally a (BSD) UNIX only

 

protocol, it is now supported by some non-UNIX

 

machines as well. Unlike Telnet, Rlogin allows a

 

user logged into a host, to access their accounts on

 

other (trusted) hosts without reentering a password.

 

Rlogin requires that you specify a terminal type.

 

See Term Type below.

PortMux

(Default) PortMux is similar to Telnet except that it

 

multiplexes many Telnet sessions into a single data

 

stream that’s more efficient to transmit and requires

 

fewer connections. PortMux requires that the host

 

be running a special PortMux daemon (in.pmd).

 

Note that this daemon also allows the host to use

 

NETServer ports set to Host Device as pseudo TTYs

 

(See Chapter 7). The PortMux daemon is available

 

on the U.S. Robotics web site.

Netdata

Unlike Telnet, Rlogin and PortMux, Netdata is not

 

actually a login service. Netdata is a direct (clear

 

TCP) connection to a given TCP port number. 8-bit

 

data is exchanged without interpretation. Such

 

connections may be used by dial in applications that

 

require a socket interface.

4-6 IP Terminal Server Setup

Port Default - Terminal Type:

This value is used by all login users connected to this port. The purpose is to inform the host what kind of terminal is being used (or emulated). by users connecting to this port. The field is a string of characters that must be recognized by the host as a valid terminal type. Valid terminal type strings for a UNIX host are stored in a database called termcap or terminfo.

Specifying a terminal type is only required if Login Service is set to Rlogin However, Telnet and PortMux will also use this value if one is entered. If no terminal type is entered, Telnet and PortMux will assume dumb terminal mode (standard Network Virtual Terminal). Use the following command:

set s<port #> termtype <emulation>

Step 5 - Optional Friendly Stuff

The following two parameters allow you to customize the port’s printed response to dial in users.

Login Message

You can create a message (banner) that users will see prior to login. Use the following command:

set s<port #> message <login message>

The login message can be up to 240 characters in length and does not need to be surrounded by quotation marks (if you use quotes, they will be included in the message). Use the carat ( ^ ) to designate the start of a new line. Example:

set s24 message U.S. Robotics^NETServer

Login Prompt

The following command allows you to customize the login prompt for the port:

set s<port #> prompt <login prompt>

If you put the word $hostname in the prompt, the NETServer will substitute the name of the port’s default host. The default prompt for user login ports is $hostname login:. If you use quotation marks, they will be included in the prompt.

IP Terminal Server Setup 4-7

Many automated login scripting systems expect a login prompt to end in login:. Putting any character after the colon (including quotation marks!) will cause some login scripts to crash.

If you select Telnet as the Port Default Login Service, the NETServer changes the login prompt to “Press <Return> to begin logging in”. If you would prefer to use a different login prompt, type the new prompt using this command.

Step 6 - Save your work

Save your changes to flash memory. Use the following command:

save s<port #>

Reset the port so that the changes take effect. Use the following command:

reset s<port #>

4-8 IP Terminal Server Setup

+ 234 hidden pages