HP Digital NetRider User's Manual
Contents
1. 2 9 Use of CCR from an ULTRIX DECnet Node 0 00 0 anaana eener 2 10 Telnet Remote Console 2 11 Characteristics of the Telnet Remote Console Port lille 2 12 Access Server Manager cu eee dee er Re tecta MAN a tee dox ed Rats 2 13 Description esc RAI eR EE bbe On tee oe TUR REND p e ER Ee OS 2 13 FUtictIons oio e te LC tT E dec Baile tea Te D oa acc c Fl coL efe DT EA Lt 2 13 Related Information ve eR ce iw BORE A IURE ANTENAS RC UR NO EA Pres 2 13 User Interface OVeEVIe Wa iS ait ctas e eR LE Ue e PER redet p ue Re AE RR nds 3 1 Introduction sucesor RENE SAE bad op E PUE CERE d 3 1 In This Chapters ioaea san a his Geen eg t cet te em t c 3 1 Command Groups and Menus 3 2 D sctiption i teo e ms 3 2 Using Command Groups 0 E E E e 3 3 Creating a Command GOD 3 3 Executing a Command Group oo 3 4 Displaying a Command Group 3 4 Purging a Command GO 3 4 Using Menus ice A REO Ue Ga Ced e Le e ttm 3 5 Displaying a List of Enabled Menus lesse 3 5 Entering Menu Mode oo xi per ob Ati 3 5 Assigning a Default Menu to a Port llle 3 6 Menu Wind WS ici cu dee aeneae ar ra ar Ate 3 6 Defining Men s sies e DURER ee RES 3 8 Introduction 4e pU LE E ere addet eh ect 3 8 Main Men beg Gl nse NIE EROR ERR i 3 8 Main Menu Display o it hats Cae CHR ULP d ex Eua een 3 9 Defining Menu Choices eee e Rem ee ns 3 9 Displaying a Selected Menu ooooooc2. 0 0 0 0 IRA 8 14 Configuring Basic Device Characteristics OVerVIeW o cette eed qr A ee eG UR DR RU are 9 1 Introduction se eU A RE tinae eie ed t dae 9 1 In This Chapter ss ees 9 1 Configuring Basic Device Characteristics 0 0 0 cece ee ree 9 2 Introduction ss soe bse A aes Ue Me oU PEU Ie Pb IE RR EE Rete geese edes 9 2 Command eec AAA eo aan ae a sen 9 2 Basic Device Characteristic Summary 9 2 Displaying Basic Device Characteristics 0 0 2 eee eee e 9 4 Command oe Spee ae ea et s RR C RR Ee De RACE ee 9 4 Displaying Port Characteristics Example 20 0 0 eee eee eee 9 4 Configuring the ACCESS Characteristic o ooooooooocoororor cee eee nee 9 5 Description 9 5 COMME A A 9 5 Defining the ACCESS Characteristic Example oooooooooocooconooco co 9 5 Matching the Port and Device Characteristics 1 0 0 cee cee re 9 6 Introduction 45b MuR i repe teret eset E eh deci 9 6 AUTOBAUD teres DR RARI a ERREUR ee E TR e 9 6 CHARACTER SIZE enge ete de RR RR EUR UN RU E Re eh 9 7 PARITY uelle 0h wh Wee e ER MA ee ede phe eR enu 9 7 SPEED ek E oe ee fu edebat 9 8 STOP BITS 26 LO 9 8 TYPE sees sheeted ee eR DUE A Cien ta ex penes 9 9 Configuring the FLOW CONTROL Characteristic 0 0 eee 9 10 Introduction 2a Rep a Sap ese De E ee Sa Shah A teeta uere ri deg d 9 10 Flow Control Types ccs eR DR LE ERROR A ee De ERE s 9 10 XONDGOBE sette tete EE Suena aad date RA 9 10 DSR ie keIB se to
3. Data Set Ready DSR Data Terminal Ready DTR Configuring Modem Signals 10 3 Determining the Supported Modem Signals Network Access Server Type DSR DTR support Example DECserver 90TL access server 10 4 Configuring Modem Signals Modem Signals Supported Set 2 Data Signal Rate Selector DSRS RING Indicator RI Data Carrier Detect DCD Data Terminal Ready DTR Data Set Ready DSR Data Terminal Ready DTR Modem Signals Description Types of Modem Signal Modem Signals Description The following table describes the various modem signals Modem Signal Description Request To Send RTS Clear To Send CTS Data Set Ready DSR Data Terminal Ready DTR Data Carrier Detect DCD Speed Mode Indicator SMI Ring Indicator RI Asserted by the access server to indicate to the port device that the access server is ready to exchange further control signals with the port device to initiate the exchange of data The RTS signal is the same state as the DTR signal unless CTS input flow control is enabled Monitored by the access server and asserted by the port device to indicate that the port device is ready to receive data Monitored by the access server and asserted by the port device to indicate that the port device is ready to exchange further control signals with the access server Asserted by the access server to indicate that the access server is re
4. Local SHOW PORT 5 PPP IPCP CHARACTI IPCP Characteristics IPCP Passive Open Restart Timer Max Configure Max Terminate Max Failure IPCP Options Negotiate Address Remote IP Address Compress Header Compress States ERISTICS Disabled Disabled Local Disabled 0 0 0 0 Disabled 16 IPCP Characteristics Display Fields The following table explains the fields in the IPCP characteristics display Field IPCP Passive Open Restart Timer Max Configure Description Indicates if IPCP is enabled When enabled IPCP negotiation does not begin until initiated by the attached device Indicates the amount of time between IPCP configure or terminate request retransmissions when there is no response The number of times that IPCP sends a configure request packet to the peer without receiving an acknowledgment 19 8 Configuring and Managing Point to Point Protocol PPP Ports 3 seconds 10 transmissions 2 transmissions 10 transmissions Values Default Enabled Disabled Disabled Disabled Disabled 1to5 3 seconds 1to15 10 attempts Field Max Terminate Max Failure Negotiate Address Remote IP Address Compress Header Compress States This field has a fixed value in this software release Displaying PPP Characteristics Description The number of times that LCP sends a terminate request packet to the peer without receiving an acknowledgment The num
5. Removing an Address from a Community Name You can remove an NMS address from a community name by using the ANY keyword in the CHANGE SNMP COMMUNITY community name ADDRESS command This keyword allows any NMS that knows the community name to access the access server The access server however rejects an ADDRESS ANY command if TRAP access is enabled Example Removing the Community Name Internet Address The following example shows how to remove the Internet address from community name SERVER Local CHANGE SNMP COMMUNITY SERVER ADDRESS ANY Configuring for SNMP Access 16 9 Configuring the NMS Configuring the NMS Procedure To configure an NMS to manage an access server using SNMP do the following Step Action 1 Enter the access server management information bases MIBs in the NMS database see Supported MIB Variables in this chapter The software installation kit includes ASCII text files of these MIBs 2 Enter the access server IP address each appropriate community name and desired access rights in the NMS database If the community name is associated with an IP address the address must be the Internet address of this NMS The network manager must also associate the IP address of the access server with each such name The exact procedure depends on the host type of the NMS 3 Configure the gateways to restrict unauthorized SNMP access by users from outside your network 16 10 Configuring for SNMP A
6. Field Load Address Dump Address Console User Boot Protocol Selftest Status 17 20 Managing the Access Server Description Ethernet address of the node or the gateway from which the access server was last loaded Some access servers display all zeroes if a downline load occurs using BOOTP and TFTP Ethernet address of the node or gateway that received the last up line dump Some access servers display all zeroes if a dump is to an Internet host Address of the node at which the Remote Console Facility RCF is being used to access the access server The access server indicates none available if the RCF is not in use This is the protocol used to downline load the software Shows internal information if the result of self test at the most recent access server initialization is other than Normal Server 00 00 00 Service 00000 Port 0000000000000000 If a nonfatal error occurs during self test the access server displays information about the error The following describes the information that appears in the display Selftest Status 00 00 00 The leftmost two numbers are always 00 The third number is a hexadecimal representation of a bit map in which a bit set indicates status as follows Bit 1 2 4 8 20 40 80 Displaying Information About the Access Server Field Description Selftest Status Each number represents a bit map in which a bit set continued indicates a problem with the port
7. Internet address The 32 bit address assigned to computers that participate on an Internet using the TCP IP protocols Internet Bootstrap Protocol See BOOTP Internet Control Message Protocol See ICMP Internet gateway A computer that connects two or more networks and passes packets between them In Internet computers called gateways provide all interconnections among physical networks Gateways route packets based on the destination network not on the destination host Internet host A resource on the TCP IP network Internet name server An Internet server program that performs name to address translation or mapping from domain names to Internet addresses It enables users to assign common names that are easy to remember to computers and then address the computers by name rather than Internet addresses When the server program operates on a dedicated computer the computer itself is usually called a name server See also local name server and root name server Glossary 7 Glossary 8 Internet Protocol See TCP IP IP Internet Protocol See TCP IP IP datagram Internet A basic unit of information transferred over the Internet IVP Installation Verification Procedure This procedure verifies that the access server software was successfully installed on a OpenVMS load host KDC Key Distribution Center A Kerberos host that serves to validate a user s identity with a Kerberos user name and password k
8. See access server Network Control Program See NCP Network Management Station See NMS network resource A device such as a computer or printer or software application on a network that performs certain functions and can be accessed by devices such as access servers and computers NMS Network Management Station Host computer system with software which allows manager to monitor and control networked devices including access servers from one location Typically refers to system which uses SNMP to communicate but may use other protocols node A network system consisting of a computer system and associated network software nonprivileged status The default status for all interactive access server ports Users at nonprivileged ports can use a subset of the privileged command set to change some local port characteristics display information about the access server its ports and service nodes and execute commands required to connect to services However nonprivileged users cannot access commands that change the state of the access server or other ports Glossary 11 Glossary 12 Nonvolatile Random Access Memory See NVRAM NVRAM Nonvolatile Random Access Memory This is a RAM that retains its memory upon power loss ODL Font Protocol On Demand Loading Font Protocol A protocol that enables Asian terminals connected to the access server to use the LAT protocol to access Japanese and Chinese OpenVMS system
9. To delete a switch character use the NONE keyword instead of a character Note If you are using a session management terminal and your port has MULTISESSIONS ENABLED switch sessions by using a terminal command rather than access server switch characters Configuring and Managing Interactive Devices 11 35 Managing Users Defining the Break Key The BREAK characteristic defines how the Break key is used The Break key can be defined in three ways e LOCAL Pressing the Break key switches the user from service mode to local mode This is the factory set default The following shows how to set the Break key to LOCAL on port 5 Local CHANGE PORT 5 BREAK LOCAL e REMOTE The Break key is ignored by the access server and passed to the LAT service for the port s current session BREAK is not sent to any host on a TCP IP network To send BREAK to a host on the TCP IP network refer to Mapping Keyboard Characters to Telnet Functions in this chapter The following shows how to set the Break key to REMOTE on port 5 Local CHANGE PORT 5 BREAK REMOTE e DISABLED The Break key is ignored by the access server and not passed to the host on the network The following shows how to set the Break key to DISABLED on port 5 Local CHANGE PORT 5 BREAK DISABLED The Break key is ignored on a port with a dedicated service however you should disable BREAK along with all other switch characters If you need to pass the break conditio
10. Bit 1 2 4 Service 00000 This value is a hexadecimal representation of a bit map in which a bit set indicates which service or services contained a checksum error Bit 1 2 4 8 10 20 40 80 100 200 400 800 1000 2000 4000 8000 Managing the Access Server 17 21 Displaying Information About the Access Server Field Description 10000 20000 40000 80000 Port 0000000000000000 This value is a hexadecimal number that corresponds to ports 1 to 16 from left to right Note If more than one bit is set in a bit map the value shown is the sum of the values for each bit For example if the Service Status value is 18C hexadecimal this is the sum of 100 80 8 and 4 Software Status Display shows internal information if the status displayed is other than Normal that is if a fatal software error occurs For example PC 01234567 SP 01234567 SR 2300 M 01234567 C 217 A status other than Normal indicates that a fatal bugcheck error has occurred More information is found in the Network Access Server Problem Solving manual Displaying Access Server Summary Information The LIST SHOW MONITOR SERVER SUMMARY command displays the access server groups you defined The first line displays the access server software version number and base level LAT software version number ROM version number and the time that the access server has been running since the last downline load expressed as days hours minutes second
11. Example Enabling DSR FLOW CONTROL The following example shows how to enable DSR FLOW CONTROL on a port Local CHANGE PORT 5 FLOW CONTROL DSR CTS is a form of FLOW CONTROL used with null modem DTE devices The access server only transmits data to an attached device when the device asserts DTS CTS FLOW CONTROL operates as follows e Ifthe access server receives data too quickly from the port device the access server deasserts RTS until it can accept more data e If an attached device receives data too quickly from the access server it deasserts CTS until it can accept more data You can enable CTS RTS FLOW CONTROL for access servers with attached modems with a speed of 9600 bits s or greater This enables a faster response time from the access server hardware Example Enabling CTS FLOW CONTROL The following command shows how to enable CTS FLOW CONTROL on port 7 of an access server Local CHANGE PORT 7 FLOW CONTROL CTS Configuring Basic Device Characteristics 9 11 Configuring the FLOW CONTROL Characteristic Example Disabling FLOW CONTROL The following command shows how to disable FLOW CONTROL on port 5 of an access server Local CHANGE PORT 5 FLOW CONTROL DISABLED FLOW CONTROL Direction The access server software allows you to specify flow input and output FLOW CONTROL e Input FLOW CONTROL refers to the data flow from the attached device to the access server e Output FLOW CONTROL refers to the dat
12. From a remote OpenVMS system type MCT LATCP SET NODE GROUP ENABLE 255 SET HOST LAT AUTOCONNECT LOG ACCT LOG ACCTREMOTE This causes the accounting events to be displayed on the remote screen and logged to the file ACCT LOG Accounting 23 15 Using the Accounting Console Logging Feature 23 16 Accounting Example Telnet Remote View of the Accounting Log The following example shows the commands necessary to remotely view the accounting log via Telnet with a loopback connector on port 16 Local CHANGE PORT 16 ACCESS REMOTE Local CHANGE TELNET LISTENER 2001 PORT 16 Local CHANGE TELNET LISTENER 2001 CONNECTION ENABLE Local CHANGE SERVER CONSOLE 16 Local CHANGE PORT 16 AUTOBAUD DISABLED SPEED 57600 From a remote UNIX system the command is replace x x x x with your server s IP address TELNET x x x x 2001 This will cause the accounting events to be displayed on the remote screen To log the events to a file type the following command replace x x x x with your server s IP address TELNET x x x x 2001 gt ACCT LOG Appendix A Cable and Adapter Recommendations Cable and Adapter Hardware Cable and Adapter Table The following table lists the cable and adapter hardware you need to connect devices to specific DECserver models To Connect This To This DECserver Model Device 90M or 90TL 8 Port 700 8 Port 900TM 32 Port 700 16 Port Use This Cable and Adapter Hardwa
13. PARITY Settings The following table lists the available parity checks Setting Check Performed Per Character Even Even number of one bits Odd Odd number of one bits Mark A set parity bit Configuring Basic Device Characteristics 9 7 Matching the Port and Device Characteristics SPEED STOP BITS Setting Check Performed Per Character Space A cleared parity bit None default No parity checking performed Example Changing the PARITY Settings The following example shows how to change the parity Local CHANGE PORT 5 PARITY ODD The SPEED characteristic enables you to configure the port for devices that operate at the following speeds 75 110 134 150 300 600 1200 1800 2000 2400 4800 9600 19200 38400 57600 and 115200 bits per second bits s If you enable autobaud the access server automatically adjusts the port speed Example Changing the Port SPEED The following example shows how to change the port speed Local CHANGE PORT 5 SPEED 2400 Example Configuring Different Input and Output Speeds for a Port The following example shows how to specify different input and output speeds for a port Local CHANGE PORT 5 INPUT SPEED 2400 Local CHANGE PORT 5 OUTPUT SPEED 1200 The STOP BITS characteristic indicates the number of bits that mark the end of a character transmission By default the access server dynamically sets up the STOP BITS characteristic The access server automatically uses 2 stop bit
14. and period e Each port name must be unique to the access server Example Changing the Port Name The following example shows how to change the port name to PERSONNEL PRINT for a printer on port 5 Local CHANGE PORT 5 NAME PERSONNEL PRINT 12 4 Configuring and Managing LAT Services Configuring Access to a LAT Service Specifying the Service Password An optional service password restricts access to a service When a service contains a password the access server prompts you for the password before allowing you to use the service There are two characteristics that you need to specify SERVICE PASSWORD and PASSWORD LIMIT The service password can be up to 16 ASCII characters Example Assigning a Service Password The following example shows two ways to assign a password to the service LN03 PRINT Local DEFINE SERVICE LN03 PRINT PASSWORD Password BLIGH not echoed Verification gt BLIGH not echoed Local gt or Local DEFINE SERVICE LN03 PRINT PASSWORD BLIGH Caution Do not specify passwords for services such as printers that you set up for host initiated requests Example Clearing the Service Password To clear a previously set service password use empty quotation marks as shown in the following example Local CHANGE SERVICE LN03 PRINT PORT PASSWORD The password limit characteristic determines the number of times that the access server prompts you for the correct password before it en
15. 401 401 LAT_08002B24F24F LAT_08002B24F24F DECserver 700 08 LKG Littleton MA 2 0 lt no error gt Fields in the AppleTalk Status Display The following table describes the fields that appear in the AppleTalk Status display Field Description State Learning Registering Acquiring Reacquiring The status of the access server AppleTalk implementation AppleTalk is not operating The access server is acquiring an AppleTalk address The access server is learning its AppleTalk zone The access server is getting itself a new AppleTalk address The access server is registering its name 8 10 Managing AppleTalk Field Value Up Address Network Name Object Type Zone Cache Attached Hosts Last Error Displaying AppleTalk Status Description AppleTalk is fully operational The AppleTalk address of the access server learned from the EtherTalk network at initialization Its value is 0 0 until the Learning state The AppleTalk network range the access server learned at initialization If no AppleTalk router is on the access server s network the value is 1 65534 The value is 0 0 until the Learning state The full AppleTalk name of the access server consists of object type Ozone The unique name of the access server for example LAT 08002B24F24F You can configure this parameter with the SET DEFINE CHANGE SERVER NAME command The type of device for example DECse
16. A slash indicates related alternate commands or options For example SET DEFINE CHANGE PORT refers to the SET PORT DEFINE PORT and CHANGE PORT commands The slash is not part of the command syntax Associated Documents Refer to the following documentation for additional information LAT Network Concepts Provides an overview of the LAT protocol Terminal Server Manager Installation and Use Provides the procedures to install and use TSM DECserver 700 Site Preparation and Maintenance Provides the procedures to prepare the site before installing the DECserver 700 hardware DECserver 90TL DECserver 90M Owner s Manual Provides the procedures to install and operate the DECserver 90TL DECserver 90M hardware DECserver 900TM Installation Provides the procedures to install and operate the DECserver 900TM hardware VMS VAXcluster Manual Provides the procedures to configure a VAXcluster system including the procedure to configure the system for remote printing ULTRIX Guide to System Environment Setup Provides the procedure to configure the ULTRIX system environment including the procedure to configure print systems DECserver Network Access Software Installation Describes how to install the network access software on Microsoft Windows 95 or Windows NT OpenVMS DIGITAL UNIX ULTRIX or UNIX operating systems Release Notes Provide the latest information about the access server The release no
17. All Rights Reserved Please type HELP if you need assistance Enter username Dave Local CTRL D Managing Load Hosts 4 7 DSV CONFIGURE Context Sensitive Help for DSV CONFIGURE DSV CONFIGURE provides context sensitive help At any prompt other than the Local prompt after a CONNECT USE command type a question mark for an explanation 4 8 Managing Load Hosts DSVCONFIG DSVCONFIG Introduction DSVCONFIG is a menu driven command procedure that runs on DECnet Phase IV and DECnet OSI ULTRIX load hosts This procedure enables you to e Store configuration data about the access server in the DECnet node databases e Downline load the software image from the load host to the access server e Upline dump memory contents from the access server to the load host DIGITAL provides DSVCONFIG as part of the access server software For information about installing DSVCONFIG and adding a new access server refer to the installation guide provided with the access server software DECserver Configuration Procedure When the DSVCONFIG menu displays Step Action 1 Type the selection that you want and press the Return key 2 Enter the information at the prompts that appear on the screen DSVCONFIG Menu The following figure shows the DSV CONFIG menu Menu of Options List known DECservers Add a DECserver 1 2 3 Swap an existing DECserver 4 5 Delete an existing DECserver Restore
18. AppleTalk characteristics This command is nonprivileged Usethe SHOW MONITOR APPLETALK STATUS command to see the values being used operationally Displaying AppleTalk Characteristics Example The following example shows how to display the latest values configured by the DEFINE APPLETALK commands Local LIST APPLETALK CHARACTERISTICS AppleTalk Characteristics Server LAT 08002B24F24F State Enabled Cache Size 2 Fields in the AppleTalk Characteristics Display The following table describes the fields in the AppleTalk Characteristics display Field Description State Indicates whether AppleTalk is enabled the next time you initialize the access server Cache Shows the number of AppleTalk addresses that the access server will acquire in cache memory the next time you initialize the access server Managing AppleTalk 8 5 Displaying AppleTalk Counters Displaying AppleTalk Counters Command Use the SHOW MONITOR APPLETALK COUNTERS command to display the AppleTalk counters on an access server The command is nonprivileged Displaying AppleTalk Counters Example The following example shows a typical display when you enter the SHOW APPLETALK COUNTERS command Local SHOW APPLETALK COUNTERS AppleTalk Counters Seconds Since Zeroed 18207 AARP Unsent Probes 0 Unsent Responses 0 DDP In Receives 5510 Out Requests 19 In Local Datagrams 1 Forwarded Requests Too Short Errors 0 Out Shorts Too Lo
19. Indicates whether server information is passed The current AppleTalk router that the access server and client are using The zone in which the access server and client reside Configuring and Managing Point to Point Protocol PPP Ports 19 17 Displaying PPP Counters Displaying PPP Counters Introduction The section describes PPP counters Displaying LCP Counters Use the SHOW PORT n LCP COUNTERS command to display LCP counters for a port The display shows all the counters relevant to LCP protocol operation Most of this information is useful as a diagnostic aid The CONNECT or DISCONNECT command zeroes each of the counters Example Commands to Display LCP Counters The following example shows the command to display LCP counters for port 5 Local SHOW PORT 5 LCP COUNTERS Port 5 LAT 08002B26D0E7 Server LCP Counters Negotiation Successes Negotiation Failures Configures in Configures out Acks in Acks out Naks in Naks out Rejects in Terminates in Term Acks in Code Rejects in Echo Reqs in Echo Resps in Prot Rejects in Discards in G Oo oO0oo00o000500 co Rejects out Terminates out Term Acks out Code Rejects out Echo Reqs out Echo Resps out Prot Rejects out Discards out 19 18 Configuring and Managing Point to Point Protocol PPP Ports O Oo o0o0o000500 OD Displaying PPP Counters Fields in the LCP Counters Display The following ta
20. Local DEFINE PORT 4 SPEED 115200 4 Local LOGOUT PORT Configuring Modem Signals 10 17 MODEM CONTROL Sequences MODEM CONTROL Sequences Introduction Modem controlled communication requires that the access server recognize what type of device is on a port and detect when this device is ready to communicate and when the device has ceased to communicate The following section describes the general sequences of modem signals involved in establishing in monitoring and in ending communications Establishing a Connection When a connection is initiated at a port the access server follows the signaling sequence described in this section 1 First the access server examines the DTRW AIT characteristic to determine whether to assert data terminal ready signal DTR and the request to send signal RTS while the port is idle If DTRWAIT is DISABLED the access server asserts DTR and RTS while the port is logged out If DTRW AIT is enabled the access server delays assertion of DTR and RTS until either it detects any modem signal or a connection occurs Then the access server asserts DTR and RTS When asserting DTR and RTS if conditions require the data signal rate selector signal DSRS the access server asserts DSRS at the same time After asserting DTR and RTS the access server waits 2 seconds and monitors the data set ready signal DSR which helps the access server identify the type of device on the port The presence
21. Messages Received Messages Transmitted Slots Received Slots Transmitted Bytes Received Bytes Transmitted 17 6 Managing the Access Server Description Name of the node Number of seconds since the counters were last set to zero maximum time exceeds 134 years Number of LAT virtual circuit messages that the access server received from this node Number of LAT virtual circuit messages that the access server transmitted to this node Number of slots that the access server received from this node slot represents a message segment for a particular session Number of slots that the access server transmitted to this node Number of data bytes that the access server received from this node Number of data bytes that the access server transmitted to this node Managing Your Access Server As Part of the LAT Network Field Multiple Node Addresses Duplicates Received Messages Retransmitted Illegal Messages Received Illegal Slots Received Solicitations Accepted Description Number of times that a node advertised itself with a physical address different from that in a previous advertisement Number of messages the access server received from this node that were not in the correct sequence This value should be less then 1 1000 of the value for Messages Received This count usually indicates that the service node is retransmitting a message If this value is higher than the guideline the access
22. There is also a facility for sending accounting events to the access server console port as they occur Accounting Log File 23 2 Accounting The accounting component stores information about significant user events for example logins in an accounting log file The size of the log file is defined by the administrator see the Defining the Accounting Log Size section in this chapter and if set to zero no logging will occur The log file can be viewed as a circular buffer with entries added in chronological order When the end of the buffer is reached a newly created entry will overwrite the oldest existing entry Since the access server offers limited mass storage preserving the accounting information requires the use of the console logging feature see the Using the Accounting Console Logging Feature section in this chapter or a harvester application running on a management station To facilitate this harvest application the accounting component can be configured to send notifications when checkpoints thresholds have been crossed in the log file These notifications are in the form of SNMP traps What Events Are Logged What Events Are Logged Contents of Log Entry Types The following table shows the fields that are logged in each accounting log entry type Log Event Time Port ID Port Acc Peer Rea Tx Rx User Entry ess son Type Port X X X X X Login Port X X X X X X Logout Session X X X X X X X X Con
23. To support a broad base of network stations the access server supports four different frame formats for encapsulating IPX packets on the LAN The four frame types supported by the access server can be enabled simultaneously e Ethernet e RAW802 e SAP802 e SNAP802 A LAN frame is enabled when a unique NetWare network number is associated with the frame The network number can be automatically learned or explicitly configured By default all four frame types attempt to learn their network number by monitoring frames on the network Standard Ethernet RAWS802 SAP802 SNAP802 This packet format is the standard Ethernet V2 packet format protocol type 8137 This mode uses IEEE 802 3 format frames without an IEEE 802 2 LLC header This mode is often called raw 802 3 This mode encapsulates IPX frames using IEEE 802 2 LLC standard header formats The SSAP and DSAP for IPX is EO This mode uses the IEEE 802 2 LLC format with the SNAP SAP format The SNAP protocol ID for IPX is 00 00 00 81 37 Managing IPX 20 21 Displaying IPX Characteristics Displaying IPX Characteristics Using the SHOW command Use the SHOW IPX CHARACTERISTICS command to display IPX characteristics including IPX network and node numbers The command is nonprivileged IPX Characteristics Display The following example shows the command to display IPX characteristics on an access Server Local SHOW IPX CHARACTERISTICS IPX Char
24. Viewing LAT Node Status Information lisse 17 3 Viewing LAT Node Counters Information 0 0 0 cece eee ees 17 5 Viewing LAT Node Summary Information 17 8 Displaying Information About the Access Server 0 0 0 0 00 eee eee eee nee 17 10 Introduction xul e pe aye Se Se eee pe HE be Dede eee 17 10 Specifying the Prompt iere ER e p a ae p RE oS etuer eked 17 10 Displaying Access Server Counters llle eee 17 10 Displaying Access Server Status 0 0 0 eee eee ee 17 16 Displaying Access Server Summary Information 00000000 eee ee 17 22 Checking Port Status and Counters llle 17 24 Introduction ci ee etr E NUT FR Rr Ue T PUE ERES 17 24 Displaying Port Characteristics 17 24 Displaying Port Counters llle 17 25 Displaying Port Status i eget sce uem eee ierunt 17 27 Displaying Port Summary o 17 29 SHOW LIST MONITOR PORT SUMMARY Display FieldS 17 30 18 Configuring and Managing 3270 Terminal Emulation TN3270 xviii OVVIE W ecole A UD ORS Pine Ries Wad Rea ae e RS 18 1 Introduction ue Bh eh ah Nets A IUIS a i IS 18 1 Supported ASCII Terminals 0 0 02 cc eee eee nea 18 2 Definition 252 te Sioa Dre eat eoe nu bs ie ed a ea ae ety 18 2 Definition and Description of a Keyboard Map 20 0 cece eee 18 3 8278 Keyboards testes E eect tere wknd E s 18 3 Server Specific Keyboard Maps 0 0 eee eh 18 3 Configuring
25. You can also use the Access Server Manager to set these values See the Access Server Manager s online help for details When the access server initializes it writes the default values from NVRAM to RAM If a DHCP server responds to the access server s request for information the DHCP learned values overwrite the default values in RAM If a DHCP server does not respond the access server uses the default values Overriding DHCP Learned Values To override DHCP learned values use SET commands after initialization completes Follow the procedures in this chapter for setting the IP address DNS values WINS values and gateways or use the Access Server Manager see the Access Server Manager online help for details 7 30 TCP IP Network Characteristics Assigning WINS Server Addresses Assigning WINS Server Addresses What Does WINS Do Windows Internet Naming Service WINS performs NetBIOS name and IP address resolution similar to the Domain Name Service DNS WINS allows systems that use NetBIOS to communicate with each other over TCP IP What Is WINS Autoconfigure Operation The WINS autoconfigure feature on the access server allows dial up clients to receive WINS configuration information automatically from the access server when establishing a remote PPP connection The access server provides the remote client with the addresses of WINS primary and secondary servers that it finds in its RAM The access server receives W
26. co nx eve es cae cepere ER E tr ue 13 19 When To Use Raw TCP os 6 ps6 pec pected REUS epee RUE tates 13 19 Configunng Raw TOP i4 clu EORR pe i eo ak 13 19 Displaying Raw TCP Characteristics 13 20 14 Configuring LPD Printers OVERVIEW osse n o EE dad Lets ed a e ete uen e Er robe 14 1 Introduction A IR eR ROW ATE OR GRE Ce e Ne e RR SERES 14 1 In This Chaptet oicci h etoile eink et eel foe CU eue Eten t e bte b n 14 1 LPD Opefation Ad IR DESEE 14 2 Supported File Types ita aet e rer ada 14 2 XV Control and Data Files ele REA reU RE ee E RE EE be ele 14 2 Operation cessi virt eese DAR SCAG tote ES aa eagles ESPERE D ASPERA 14 4 Configunng LPD gom X bue ene ede 14 5 Configuring Remote Hosts l l teens 14 5 Associating a Printer With a Port 14 5 Setting Port Characteristics cece eh 14 6 Printer Configuration Example 0 0 cece ccc e 14 7 Displaying Printer Characteristics usensu unuanur rreren rererere 14 7 15 Configuring and Managing SLIP Ports ONAE DA TAEAE E EEE E EE rer E EE EE E sale 15 1 Introduction e eE E Ert ue tee ARR e DINE ES 15 1 In This Chapter recruter te tet pee ea eins e 15 1 Packet Forwarding to and from SLIP Hosts 15 3 D scription iex ERA ERR E Ebr ade o E 15 3 Network Configuration Containing SLIP Hosts 00 0 0 0 00 e eee eee eee 15 3 Displaying SLIP Characteristics llle 15 4 Introduction a 15 4 Command eis ERR REPRE e ee uae pe ie
27. eect eee e nee n eee eee 22 4 SECTAS O A Bue og wae avai told ote dha aati coda Bie Rootes 22 4 Security Server s 06244 eA RE UR Ma yah ee Ue IRI EET RES 22 5 UDP Ports E RR Ce ed etre aee esce en Mae d dern 22 5 Managing Kerberos oos od ones eb ea RE S RR REIR URINE n 22 6 Introd ction uoo ek Code COE RIRs 22 6 Configuration Prerequisites leise eee 22 6 Configuration of User Authentication llle eh 22 7 xxii User Authentication Procedure 22 10 Changing a User Name and Password 0 0 0 0 c cece eee eee 22 11 User Authentication Counters llle 22 11 Managing RADIUS e icol DRE RUE eum ORE we eee oe P E 22 13 Introduction e A e da veto cese aetate gd aus 22 13 Minimal Setup for RADIUS 0 e ee 22 13 Optional Setup for RADIUS sssssseseeeeeee e 22 14 RADIUS User Authorizations oooococcoococor e e 22 15 User Access to the Access Server 22 16 Setting User Permissions o ooooooooooorr e 22 16 Additional RADIUS Attributes 2 0 0 e 22 17 Optional RADIUS User Attributes 0 0 2 eee ee 22 22 Managing Sec Dic ure LC UH CU Ceu bee ILL Le s 22 23 Introduction 22s eoret ereed ee ERR ea oh HORE URNA ROS een 22 23 Minimal Setup for SecurID 1 0 e 22 24 Optional Setup for SecurID slsssseleeeeeee eee 22 24 SecurID User Authorizations lseeeeeeeee ee 22 25 Setting User Permissions 0 0 0 cece e e 22 26 Managing Local Access Server Security
28. in this chapter Specifying MODEM CONTROL and SIGNAL CONTROL in Chapter 10 Specifying MODEM CONTROL and SIGNAL CONTROL in Chapter 10 Specifying the Service Password in this chapter 12 2 Configuring and Managing LAT Services Configuring Access to a LAT Service Configuring Access to a LAT Service Assigning a Service Name A service name is a name you assign to the LAT service using the CHANGE SERVICE NAME command When you assign a service name the access server periodically multicasts the service s availability over the network When you select a service name for a device follow these guidelines e Service names must be to 16 characters long and cannot be abbreviated e Allowable characters are A to Z 0 to 9 hyphen _ underscore and period e Ensure that the name is unique on the LAN e ftwo or more service nodes offer the same service name access servers assume that all the services with that name are identical and are interchangeable Enabling Announcements By default announcements for a LAT service are enabled To change the announcements characteristic use the CHANGE ANNOUNCEMENTS ENABLED DISABLED command as described in Chapter 4 You should also be aware of the multicast timer characteristic when announcements are enabled Configuring and Managing LAT Services 12 3 Configuring Access to a LAT Service Assigning an Identification String Assigning a A service identificatio
29. shorten the node and service displays The SHOW PORT CHARACTERISTICS command displays the user specified groups listing them in the field labeled Current Groups Current groups apply only to those ports with ACCESS set to LOCAL current groups are ignored for those ports with ACCESS set to REMOTE Configuring and Managing Interactive Devices 11 41 Managing Users Current groups user specified groups are stored only in the operational database Therefore users must use the SET PORT command to configure these groups users cannot use the DEFINE PORT or CHANGE PORT command Current groups are always equal to or a subset of the AUTHORIZED GROUPS If a user enters SET PORT GROUPS ALL the current groups consist of all the enabled authorized groups The access server uses the current groups for these functions e Checking authorization when the user enters a CONNECT command on the access server e Displaying information with the SHOW NODES and SHOW SERVICES commands Example Assigning User Groups The following example shows the command for nonprivileged users to assign groups from among their authorized groups Local SET PORT GROUPS 5 If the authorized groups for the port were groups 4 to 7 the user can only access group 5 after executing the command In addition the SHOW SERVICES command shows only the information for services and nodes in group 5 and the SHOW PORT CHARACTERISTICS command shows the groups assigned to the po
30. the access server no longer functions as an AppleTalk node All of the SHOW AppleTalk commands then give you the following message Local 527 AppleTalk is not enabled no operational commands allowed DIGITAL recommends that you disable AppleTalk when the access server is not used as an AppleTalk node When you disable AppleTalk e The access server no longer responds to or monitors AppleTalk traffic on the network freeing up CPU time e System resources are freed up since they are no longer allocated for AppleTalk operation e The access server rejects all SNMP queries for AppleTalk information It transmits a No Such Name error message Setting AppleTalk Address Cache Size An access server with AppleTalk enabled tries to acquire unused AppleTalk addresses for any potential hosts attached to the access server with asynchronous lines It saves these addresses in a cache and defends them if any other host on the network tries to use them When a host attaches to the access server via an asynchronous port the access server assigns one of the addresses from the cache to the attached host A privileged user on the access server specifies how many AppleTalk addresses the access server should acquire on initialization using the following DEFINE command Local DEFINE APPLETALK address CACHE size n As with the command to enable or disable AppleTalk this command affects only the NVRAM database on the access server The access serve
31. the port will be one higher than the maximum physical port number For a connection to a LAT service or Telnet listener other than listener 23 the port will be the destination physical port the connection is made to If no port is available the port field will be zero Note If a connection is created from a physical or remote console port to a Telnet listener or LAT service on the same server two session connect events will be logged one for the local access from the source port and one for the remote access to the destination port Two disconnect events will also be logged when the session is torn down In each log entry the port number will follow the rules stated above For nonsession events the port that the event occurred on ID The internal ID associated with an active session not those that are displayed in the SHOW SESSION displays The session IDs are always unique across the server at any given time though they may be reused after a session is disconnected Accounting 23 5 What Events Are Logged Field Description Port Session connect disconnect The protocol associated with the session attempt or disconnect These values can be LAT TELNET MOP TN3270 SLIP PPP AUTOLINK PING Note For a TN3270 session the protocol type may appear as TELNET for the connect event and TN3270 for the disconnect event Foran AUTOLINK session the protocol may appear as AUTOLINK for the conne
32. you should use the BINARY profile instead of the BINARY characteristic Configuring and Managing Interactive Devices 11 21 Configuring Individual Telnet Client Session Characteristics The following example shows how to disable the BINARY characteristic Example Disabling BINARY Characteristics Local CHANGE PORT 5 TELNET CLIENT BINARY DISABLE Specifying CHARACTER SIZE The CHARACTER SIZE characteristic allows the user to select the character size 7 or 8 bit that is used during a session with an Internet host In addition the character size can be specified in the transmit direction receive direction or both directions Example Setting CHARACTER SIZE The following example shows how to set CHARACTER SIZE to 7 bit in both directions for port 5 Local CHANGE PORT 5 TELNET CLIENT CHARACTER SIZE 7 Example Setting CHARACTER SIZE for a Specific Direction The following example shows how to set CHARACTER SIZE to 7 in the transmit direction To set the character size in the receive direction use RECEIVE instead of TRANSMIT Local CHANGE PORT 5 TELNET CLIENT TRANSMIT CHARACTER SIZE 7 Mapping Keyboard Characters to Telnet Functions You can assign keyboard characters to various Telnet functions The SIGNAL REQUEST characteristic can enable or disable all these functions The factory set default is ENABLED Example Disabling SIGNAL REQUEST The following example shows how to disable SIGNAL REQUEST on port 5 Local CHANGE P
33. 0 0 0 0 cee eee 22 27 Introd ction 2c eret Sete e eR SLA eR eRe 22 21 Defining the Realms cta s AA ac Ue oves 22 27 Determining Security Configuration lesse 22 28 Displaying RADIUS SECURID and KERBEROS Characteristics 22 28 Displaying Security Summary ooo 22 30 Showing the Authentication Counters 0 cee e 22 31 Showing the User Port Authorization Profile sees 22 31 Showing Security Counters 2 0 0 0 ce e 22 31 Managing Dial Up Access Security with AUTOLINK and AUTOLINK Authentication 22 32 Introduction ee oe UC Sec te eu c ed ER es ea darte Sd oen s 22 32 Activating AUTOLINK i ssec RR See bebe Sohne ae LIRE Y Rp ne toes 22 32 Enabling AUTOLINK Authentication 0 00 0 e 22 33 Specifying an Authentication Method 0 cece eese 22 33 Setting AUTOLINK Timers 0 00 ee e e 22 34 Timeouts ui Aper eed A LPS An 22 35 Using a Login Script edere da ek 22 35 Specifying Other Security Features 22 36 Introd ction oC mee e t e eet ee e aetate s 22 36 Specifying Dedicated Service for LAT or Telnet Resources 0 22 36 Specifying Passwords eee net Rege teur ds 22 37 Specifying PASSWORD LIMIT 0 00 RII Il 22 38 xxiii 23 Accounting xxiv OVERVIEW etki E EX et eL e a aate apo e te OR gs 23 1 Introduction es Rr ERR PREDURERES e VIUERE UE SEN REESE EUREN EUR EIUS 23 1 In This Chapter coke eee b
34. 1 to 16 2 16 9 configuring 16 10 No operation NOP 13 13 No Protocol Handlers 8 7 Node limit 2 6 characteristic 6 2 6 11 None Access characteristic 9 5 Nonprivileged 2 2 Non volatile random access memory NVRAM 2 3 NOP 13 13 Novell NetWare 20 6 NUMBER characteristic 6 12 NVRAM 1 5 2 3 3 8 5 1 8 3 16 8 18 9 18 17 to 18 18 21 4 O Object AppleTalk status display 8 11 Off AppleTalk status display 8 10 OK Answers 7 9 OPEN command 11 11 OpenVMS 4 2 DECnet 2 8 DECnet OSI 2 7 Phase IV 2 7 Out GetNetInfo Requests 8 8 Out Longs 8 8 Out No Routes 8 8 Out Requests 8 7 Out Shorts 8 8 OUTPUT FLOW CONTROL device characteristic 9 3 Output Packets 7 9 P Packet forwarding 15 3 Packets received 15 14 Packets sent 15 14 PAP 20 8 PARITY Device characteristic 9 3 Parity errors 17 25 PASSALL 11 36 PASSCHECK characteristic 6 13 Password authentication type defining 22 25 Password fail 23 9 Password limit 2 6 characteristic 22 38 SHOW SERVER display 2 6 Password modified events 23 10 Passwords 2 12 20 6 22 2 22 37 changing 22 11 Kerberos 22 8 maintenance 2 8 2 12 resetting 2 4 service 12 5 SERVICE PASSWORD use in command line 2 8 PASTHRU 11 36 Peer field 23 7 Personal computer PC configuring 13 5 Personal identification number PIN 22 23 PIN code 22 24 PING 11 44 23 6 to 23 7 Point to point protocol PPP 1 3 Port characteristics character size 11 10 device characteristic matching 9 6
35. 10 13 ANNOUNCEMENTS characteristic 2 6 6 2 6 5 ANY protocol 11 6 AppleTalk Index 1 address 8 2 cache size 8 3 characteristics 8 5 configuring 8 2 DDP packets 8 2 diaplaying routes 8 12 disabling 8 3 displaying counters 8 6 displaying status 8 10 echo packets 8 2 enabling 8 2 managing 8 1 network number 8 2 node number 8 2 Are You There AYT 11 23 13 12 ARP entries 7 1 7 18 ATalk Address AppleTalk ARP display 8 14 ATCP 8 2 19 5 19 10 Attached Hosts AppleTalk status display 8 11 Authentication 16 7 Authentication Host 22 4 22 13 AUTOBAUD 9 2 Autoconfigure feature Domain Name System DNS 7 15 AUTOCONNECT 11 33 characteristic 11 15 AUTOCONNECT command 5 6 11 5 AUTOCONNECT commands 22 36 AUTOFLUSH characteristic 11 24 AUTOLINK 11 6 23 6 to 23 7 AUTOPROMPT characteristic 11 6 AUTOSYNCH characteristic 11 24 AYT 11 23 B BACKWARD SWITCH character 11 35 Bad AppleTalk routes display 8 13 Bad Responses 7 10 Bandwidth 17 2 BINARY characteristics 11 21 BOOTP protocol 4 12 Index 2 BOOTP server 7 25 BOOTP TFTP protocols 4 2 Break BRK 11 23 13 12 BREAK characteristic 11 36 BROADCAST characteristic 2 6 11 37 to 11 38 command 5 7 ALL 11 38 Broadcast errors 8 8 Bytes received 7 22 15 14 sent 15 14 transmitted 7 22 C Cache AppleTalk status display 8 11 CCR 2 7 2 10 4 6 to 4 7 5 4 CHANGE commands 1 6 2 3 INTERNET NAME RESOLUTION DO MAIN 7 10 SERVER BROADCAST DISABL
36. 2B24F2DD 020000000001 2B24F2DD 08002B24F2DD ASYNCA 134 0 911 000000000000 21000001 00608C114E4A ETHERO 2 1 21000001 FFFFFFFFFFFF 21000001 08002B24F2DD ETHERO 1 0 EE8022 FFFFFFFFFFFF EEE8022 08002B24F2DD SAPO 1 0 EEE8023 FFFFFFFFFFFF EEE8023 08002B24F2DD RAWO a 0 1BEAD017 000000000000 1BEAD017 08002B24F2DD ASYNC3 134 0 Local gt IPX Routes Display Fields The following table describes the fields in the IPX routes display Field Description Destination NetWare address of final destination Next Hop NetWare address of next hop in the transmission Interface Interface type for next hop Ticks This field indicates how much time in ticks that the packet takes to reach the network number associated with this field entry A tick is approximately 1 18 of a second Hops This field indicates the number of routers that must be passed through to reach the network number associated with this field entry 20 28 Managing IPX Resetting Counters Resetting Counters Using the ZERO Command Use the ZERO command to reset IPX counters ZERO Command Options The following table contains the options that you can use on the command line to reset specific counters or sets of counters Option Description ALL Zeroes server IPX counters IPX Zeroes server IPX counters PORT port list PPP Zeroes PPP port counters for the specified port including LCP and IPXCP counters Managing IPX 20 29 Overview Introductio
37. Accounting Log 1 2 0 cee nee eee 23 14 Using the Accounting Console Logging Feature 0 0 0 0 00 cee eee eee eee 23 15 Des riptionc tere cete ns dee a reed cat eor pts 23 15 LAT Remote View of the Accounting Log 0 0 eee 23 15 A Cable and Adapter Recommendations Cable and Adapter Hardware ce Ree CREE ER ULM E LEA M ets Cable and Adapter Table 0 0 cee re Retetence ee Re s re sc cp t cde et gears ee e hp e Seat Glossary Index Preface Overview Purpose Network Access Server Management is written for the person who sets up maintains and manages any one of the Digital Equipment Corporation family of network access servers To use this manual you must be familiar with using a terminal on a Digital Equipment Corporation access server TSM Users If you have the optional network management product Terminal Server Manager TSM software review the documentation for the product before you read this manual and other access server documents This product affects the way you install and manage access servers Note that TSM software is available only for OpenVMS load hosts Using This Manual This manual details the tasks you perform to manage your access server and should be used with the Network Access Server Command Reference xxvii Conventions This manual uses the following conventions xxviii The Return key which you must press to execute all commands is not shown
38. Basic 3270 Terminal Emulation l l 18 4 Setting Up an ASCII Terminal 0 0 0 0 ee eh 18 4 Terminal Setup Parameters arenero ee eee ob oe I gere eh pn bee bes 18 5 Indicating the 3270 Model Number 0 0 0 0c cece eee eee 18 5 Specifying the Type of ASCII Terminal Used for Emulation 0 18 5 IBM Host Communications 0 00 ee cnet teens 18 6 Introduction A UE PEN ed IU dote ha eu ass Ri 18 6 Connecting to an IBM Hoster seseris sanp ora I eae 18 6 Entering and Editing Data 2 0 eee eee eee 18 6 Status Line Indicator sx ri ifte xri ug UEM RUE ee ee 18 6 Status Line Indicator Display 0 0 0 eee eh 18 8 Displaying and Customizing Keyboard Maps 0 0 0 cee cece ee eee 18 9 Introductio s v ere USES IE RUBUS eR bs DE SP EE SIE 18 9 Server Wide Keyboard Maps Customization 0 00 0 cece eee eee eee 18 9 Default Server Wide Terminal Types and Keyboard Maps 0005 18 9 Defining New Server Wide Terminal Types and Keyboard Maps 18 10 Customizing Server Wide Keyboard Maps 0 00 e eee eee eee 18 11 Selecting and Customizing Keyboard Maps for a Port 0 00 5 18 13 Keyboard Map and Terminal Type sss 18 13 Customizing a Default Keyboard Map for a Port 0 00 0 eee eee eee 18 14 ASCII to EBCDIC and EBCDIC to ASCII Translation Tables o ooooo ooooo oo 18 16 Commands cde oe Sa
39. CONFIGURE Example DELETE Command for DSV CONFIGURE The following example shows the DELETE command This example omits the optional SERVER keyword In this example NCL displays the message NODE 0 MOP Client DGD700 on a DECnet OSI system NCP displays a similar message on a DECnet Phase IV system DSV DELETE DGD700 Server DGD700 Circuit SVA 0 Address 08 00 2B 26 AE 32 Maint Password FEDCBA Type DS700 Dump File MOPSDUMP DS7DGD700 DMP Image File MOPSLOAD WWENG2 SYS Are you SURE you want to delete this server No YES Node 0 MOP Client DGD700 at 1992 10 26 13 31 29 378 05 0010 176 LIST and SHOW Commands The LIST and SHOW commands display information about an access server The syntax of the LIST command is identical to that for the ADD command with one exception server name can be a wildcard character Example LIST Command for DSV CONFIGURE The following example shows the data that the LIST and SHOW commands display In this example the DECnet address would also display if this were a DECnet Phase IV node DSV LIST SERVER _Server Name DGD700 Server DGD700 Circuit SVA 0 Address 08 00 2B 26 AE 32 Maint Password FEDCBA Type DS700 Dump File MOPSDUMP DS7DGD700 DMP Image File MOPSLOAD WWENG2 SYS CONNECT and USE Commands The CONNECT and USE commands enable you to communicate with the remote console port on the access server DSV CONFIGURE uses CCR to make the connection Once DSV CONFIGURE
40. Challenge packets Opaque data sent from the server to the client in an Access Challenge packet to be sent back to the server by the client in a new Access Request packet Needed to support challenge response forms of authentication Opaque data sent from the server to the client in a Access Accept packet to be sent to the accounting server by the client in a Accounting Request packet Needed to support RADIUS accounting Vendor specific data prefixed by the assigned vendor OID Used in all but Access Reject packets Please refer to the following table for a list of the vendor specific attributes DIGITAL Vendor Specific Attributes The following table defines the DIGITAL vendor specific attributes DIGITAL Vendor Specific Attributes Service Permissions 1 22 20 Managing Access Server Security V Type 1 for service permissions V Length gt 3 Integer The value field is 4 octets The value is formatted as a bit map Managing RADIUS DIGITAL Vendor Specific Attributes Dialout Number 2 Dialback Number 3 Dialout Service 4 RADIUS Accounting Attributes V Type 2 for dialout number V Length gt 3 String Any printable ASCII characters V Type 3 for dialback number V Length gt 3 String Any printable ASCII characters V Type 4 for dialout service name V Length gt 3 String Uppercase ASCII printable characters starting with a letter The following table d
41. DEFINE PORT 6 ACCESS LOCAL ALTERNATE SPEED NONE AUTOBAUD ENABLED Local DEFINE PORT 6 INACTIVITY LOGOUT ENABLED MODEM CONTROL EN ABLED Local Configuring a Dial In Modem on a MODEM CONTROL Server The following example provides a sample configuration for a dial in modem operating at 9600 baud and configured for the RI DCD DSRS DTR signals Note that when the port password characteristic is enabled you must have previously defined a server login password refer to Specifying Passwords in Chapter 22 Local DEFINE PORT 6 ACCESS LOCAL AUTOBAUD ENABLED SPEED 9600 Local DEFINE PORT 6 INACTIVITY LOGOUT ENABLED SIGNAL CONTROL EN ABLED Local DEFINE PORT 6 PASSWORD ENABLED SIGNAL SELECT RI DCD DSRS DTR Local DEFINE PORT 6 SPEED 9600 Configuring Modem Signals 10 15 Sample Modem Configurations Configuring a Dial Out Modem on a Full MODEM CONTROL Server The following example provides a sample configuration for a dial out modem operating at 1200 baud with an ALTERNATE SPEED of 300 baud Local DEFINE PORT 3 ACCESS REMOTE AUTOBAUD DISABLED Local DEFINE PORT 3 AUTOPROMPT DISABLED BREAK DISABLED Local DEFINE PORT 3 DSRLOGOUT DISABLED DTRWAIT ENABLED Local DEFINE PORT 3 MODEM CONTROL ENABLED SIGNAL CHECK DISABLED Local DEFINE PORT 3 SPEED 1200 ALTERNATE SPEED 300 Local LOGOUT PORT 3 Confiauring a Dial In and Dial Out Modem on a Full MODEM CONTROL Server The following example provides a sample configuration f
42. Dedicated to a host 11 32 Configuring and Managing Interactive Devices Managing Users Managing Users This section describes various tasks for managing users Providing a Contact Name and Access Server Location The SET DEFINE CHANGE SYSTEM command allows you to provide all access server users with a person s name to contact in case of problems This command also allows you to specify the location of the access server Example Providing a Contact Name and Access Server Location The following example shows how to identify Bob G as the access server contact and Building 2 Lab 3 as the location of the access server Local CHANGE SYSTEM CONTACT Bob G Local CHANGE SYSTEM LOCATION Building 2 Lab 3 You can use the SHOW LIST SYSTEM command to display this information Specifying Preferred Service for LAT or Telnet Resources The following lists the results of enabling a preferred service on a port e Without AUTOCONNECT enabled refer to Specifying AUTOCONNECT in this chapter the port user connects to a particular resource by entering only the CONNECT command With AUTOCONNECT enabled the access server automatically connects the port to the preferred service at login e The user can switch to local mode at any time and make connections to other available services When you specify any LAT or Telnet resource to be a preferred service the host or service name node name and port name are limited to 16 characters each F
43. Dial Out Modem The following example shows a sample configuration of a dial out modem used for access through a Telnet listener on port 3 Local DEFINE PORT 3 ACCESS REMOTE AUTOBAUD DISABLED Local DEFINE PORT 3 AUTOPROMPT DISABLED BREAK DISABLED Local DEFINE PORT 3 DSRLOGOUT DISABLED DTRWAIT ENABLED Local DEFINE PORT 3 LONGBREAK LOGOUT DISABLED MODEM CONTROL ENABLED Local DEFINE PORT 3 SIGNAL CHECK ENABLED SPEED 1200 ALTERNATE SPEED 300 Local LOGOUT PORT 3 Local CHANGE TELNET LISTENER 2004 PORTS 3 ENABLED Local CHANGE TELNET LISTENER 2004 IDENTIFICATION Modem 123 4567 Local CHANGE TELNET LISTENER 2004 CONNECTIONS ENABLED Configuring and Managing Telnet Servers 13 3 Sample Device Configurations Example Configuring a Dial In and Dial Out Modem The following example shows a sample configuration of a dial out modem used for access through a Telnet listener on port 4 Local Local Local Local Local Local Local Local DEFINE DEFINE DEFINE DEFINE DEFINE LOGOUT CHANGE CHANGE 890 1234 Local CHANGE PORT PORT PORT PORT PORT PORT TELNET TELNET 4 4 4 4 4 4 TELNET ACCESS DYNAMIC AUTOBAUD DISABLED DSRLOGOUT DISABLED FLOW CONTROL XON INACTIVITY ENABLED MODEM CONTROL ENABLED PASSWORD ENABLED SIGNAL CHECK ENABLED SPEED 2400 ALTERNATE SPEED 1200 LISTENER 2008 PORTS 3 ENABLED LISTENER 2008 IDENTIFICATION Modem LISTENER 2008 CONNECTIONS ENABLED 13 4 Con
44. IPX 20 15 Modem Considerations Recommended Serial Port Baud Rate The following table lists guidelines for setting the serial port baud rate UART Type 8250 16450 16450 A 16550 20 16 Managing IPX Maximum Modem Speed 9600 9600 to 14400 9600 to 14400 Up to 28800 Maximum Recommended Serial Port Baud Rate Up to 9600 9600 to 19200 9600 to 19200 Up to 115200 Novell Client Server Operation Novell Client Server Operation Establishing Remote Node Access Connection to Novell Network Vendors of PC remote node access software for Novell may have different procedures for dialing in and establishing a remote access connection to a Novell LAN through the access server However the following are generally the expected steps Step Action 1 Dialin to the network access server Activate your remote node access software on your PC so that a phone call is made to the access server 2 Log in to the DECserver If the dial in access server port requires login password authentication type carriage returns until you see the prompt then type your password followed by another carriage return 3 Activate the PPP connection If the access server port is configured for dedicated PPP connection your PC remote node access software will offer an indication that PPP has been negotiated with the access server dial in port If the access server port is configured for login to the access server local user interface type severa
45. Learning 0 ee eee ee eee 7 26 Learning IP Information From a DHCP Server 00 cece eee eee 7 27 Description a CA Sees toe eee Whe Hal been eae 7 27 BOOTP and DHCP Differences ssie u eaa diraa cc eee 7 27 DHCP Client Operation i e ome ce eR eo E ade ech tise ee Eee a 7 28 DHCP Proxy Operation evi uti odo eet uet eek Rt xe RR RR be ee 7 29 Enabling and Disabling DHCP ooocccccoccccoc ee eee 7 30 Displaying the DHCP Setting III 7 30 Configuring Default Values oooooooocoooococor eens 7 30 Overriding DHCP Learned Values o ooooooooococoooror e 7 30 Assigning WINS Server Addresses llle een 7 31 What Does WINS DO cuicos dad a pt Re epe der sees 7 31 What Is WINS Autoconfigure 0 2 2 e 7 31 Operation otc tdt eec Mean oa Re egt ea i e a ee ic sets 7 31 Assigning WINS Addresses llle 7 32 Displaying WINS Characteristics llle 7 32 Managing AppleTalk OVA I EE RERO DONE M EIER LEE RS NEIR EE ERES 8 1 Introduction c i er etx EpL RE b ei e E E tht be aly 8 1 In This Chapter ceni ee Se ied Ue e o ERA GE ed dues eee US 8 1 Configuring AppleTalk on an Access Server 0 0 0c cece ee ees 8 2 Introduction iese eoe Seng etched be eae eed e pee es 8 2 AppleTalk Address Format e 8 2 Enabling AppleTalk ekle a SU ee ea a RE ee a is 8 2 Disabling AppleTalk ius ai Soe teer tex CIR Ie os odas 8 3 Setting AppleTalk Address Cache Size 0 0 0 eee esee 8 3 Displaying
46. MESSAGE VERIFICATION command Example Configuring MESSAGE VERIFICATION The following example shows how to disable VERIFICATION on port 5 Local CHANGE PORT 5 TELNET CLIENT MESSAGE VERIFICATION DISABLED Specifying the SWITCH CHARACTER The SWITCH CHARACTER characteristic determines how the access server handles SWITCH CHARACTERs By default if any SWITCH CHARACTER is defined on the port it is recognized and intercepted by the access server during each session However any user can change or disable the access server from recognizing these SWITCH CHARACTERS for a specific Telnet session The sections Specifying Keys to Switch Between Sessions Defining the Break Key and Specifying a Key to Switch to Local Mode provide the procedures to define the SWITCH CHARACTERs 11 26 Configuring and Managing Interactive Devices Configuring Individual Telnet Client Session Characteristics Example Configuring SWITCH CHARACTER The following example shows how to disable the SWITCH CHARACTERS on port 5 Local CHANGE PORT 5 TELNET CLIENT SWITCH CHARACTER DISABLED Local CHANGE PORT 5 LIMITED VIEW ENABLED The limited view characteristic does not apply when you set privileges on the port Specifying a Preferred Terminal Type The TERMINAL characteristic allows the user to specify a terminal type to be sent to the Telnet host during session startup The available types are ANSI UNKNOWN and VT10 through VT999 This value is used as a starting po
47. Preparing LAT Services for Initialization Preparing LAT Services for Initialization Do This If the access server offers LAT services follow these steps before you initialize Step Action 1 Enter the following command to disable queuing on the access server Local SET SERVER QUEUE LIMIT 0 2 Disable additional connections to local services For example the following command disables the service LASER Local SET SERVICE LASER CONNECTIONS DISABLED 3 Check that the queue is empty before starting the initialization procedure by entering one of the following commands Local SHOW QUEUE ALL or Local gt SHOW SERVER STATUS The time that it takes for the queue to empty depends upon the number of requests that it contains 5 2 Initializing the Access Server Preparing Telnet Listeners for Initialization Preparing Telnet Listeners for Initialization Do This If the access server has Telnet listeners follow these steps before you initialize Step Action 1 Disable further Telnet connections The network access server fails to execute the SET TELNET LISTENER CONNECTIONS DISABLED command if a session exists on the specified listener Example The following command disables Telnet connections on TCP port 2005 Local SET TELNET LISTENER 2005 CONNECTIONS DISABLED 2 Log out the port Example The following command logs out port 5 Local LOGOUT PORT 5 Initializing the Access Server 5 3 Initializi
48. Queue 2 eee ee 13 8 Introductions 4 24 ee ee Ep oe breton 13 8 Configuring a TCP IP Remote Print Queue on an ULTRIX System 13 8 Printer Port Telnet Server Characteristics llle 13 8 Procedure led bese je A a pages ERE ROCA PE deer t E eges 13 9 Configuring a TCP IP Remote Print Queue on a UNIX System 13 10 Configuring a Telnet Listener s cessc ee beini iee e e e 13 11 Introduction ev te ANE A Se ae RE ec n 13 11 Configuring Telnet Server Session Characteristics 0 00 eee eee eee eee 13 12 Introduction dad bits tV e Ac use neath e 13 12 Mapping Event Indications to Keyboard Characters oooococococoorooo mo 13 12 Specifying Newline Characteristics cele 13 13 Specifying Character Size 13 13 Managing Your Access Server As a Telnet Listener Node 0 0 00008 13 15 Introduction eee DEDE Ea e tied SPAR Pee ue Se aa ace 13 15 Displaying Telnet Listeners 0 0 2 II 13 15 Displaying Telnet Server Characteristics 0 0 0 eee ce ee eee 13 15 Removing a Telnet Listener isien os eaa a e 13 16 Removing One of Many Devices Assigned to a Telnet Listener 13 16 Re assigning Port ox eate eet Ce e ew a efle 13 17 Supplying User Location Data to Telnet Servers llle eee 13 18 Introductions i uox rt rg ee e ege aree AR ge Sa 13 18 Configuring a Raw TCP Listener oo oo oooococoroo e 13 19 Introduction
49. Requirement For Kerberos the server name must be unique When you specify any LAT or Telnet resource to be a dedicated service the host or service name node name and port name are limited to 16 characters each LAT Protocol Requirement To set a LAT service as a dedicated service the default protocol must be set to LAT The following shows how to enable the LAT service FILES as the dedicated service on port 5 Local CHANGE PORT 5 DEDICATED FILES You can specify that the connection be made to a particular node and or port name of the LAT service The following shows how to specify that port 5 connects to port JAMES on node MARKETING for service FILES Local CHANGE PORT 5 DEDICATED FILES NODE MARKETING DESTINATION JAMES 22 36 Managing Access Server Security Specifying Other Security Features Telnet Requirement To set an Internet host as a dedicated service the default protocol must be set to TELNET You can use the host s Internet address domain name or relative domain name if the host is defined in a name server however you cannot use the entire domain name if the name is more than 16 characters including the dots The following shows how to enable a host on the TCP IP network SALE MKT DEC COM as a dedicated service on port 5 Local CHANGE PORT 5 DEDICATED SALE MKT DEC COM Normally the user must press the Return key to connect to the LAT or Internet host However if SIGNAL CONTROL or MODEM CONTROL is enab
50. SLIP PPP DIALACK DIALOUT NONPRIVILEGED Showing Security Counters The SHOW LIST MONITOR SECURITY COUNTERS command displays all port related security counters This display is very similar to results from the SHOW PORT AUTHENTICATION COUNT command shown in the previous example Example Showing Security Counters Local gt SHOW PORT 8 SECURITY COUNTERS Managing Access Server Security 22 31 Managing Dial Up Access Security with AUTOLINK and AUTOLINK Authentication Managing Dial Up Access Security with AUTOLINK and AUTOLINK Authentication Introduction AUTOLINK lets PC clients log in using SLIP PPP and character cell terminal mode AUTOLINK AUTHENTICATION provides a flexible and secure method for clients to authenticate when using AUTOLINK A single port can support authenticated logins from different types of PPP clients which may have different LCP authentication capabilities For SLIP or PPP clients that do not support PAP or CHAP authentication and interactive or script based login will be used When you enable AUTOLINK AUTHENTICATION only one form of authentication is required during any port login When you use AUTOLINK authentication a successful user login requires a user name password authentication The user name password authentication requirement is independent of how you configure port characteristics PORT AUTHENTICATION and LCP AUTHENTICATION To use AUTOLINK authentication you need to set the
51. SecurID 22 23 Secure access level 2 2 SecurID 22 1 22 3 22 24 attributes 22 25 vendor specific 22 26 configuring ports 22 24 hosts 22 23 realms 22 3 22 25 secrets 22 23 tokencodes 22 23 user authorizations 22 25 user permissions 22 26 Security accounting host 22 5 authentication services 22 1 configuring Kerberos 22 6 default realms 22 4 displaying characteristics 22 28 configuration 22 28 counters 22 31 Kerberos 22 2 22 6 Kerberos authentication 22 10 RADIUS 22 2 attributes 22 16 servers 22 13 realms secret 22 4 Security server 22 5 Segments Discarded 7 22 Send Packets Lost 15 14 Send Packets Queued 15 14 Serial line internet protocol SLIP 15 1 SERVER keyword 4 4 Server name 4 4 Server queue limit characteristic 11 8 Server name keyword 4 4 Service Announcement 6 16 Service connections characteristic 11 8 Service groups 2 6 Service name 12 3 SERVICE PASSWORD 2 8 Session characteristics Displaying 11 48 Session connect attempt events 23 9 Session disconnect events 23 8 to 23 9 Session limit setting 11 45 SHOW SERVER display 2 6 Sessions displaying 11 46 Internet host 11 43 managing 11 43 terminating 11 51 Sessions terminal 15 11 SET command 2 3 SET commands 1 6 4 5 Device characteristics 9 2 HOST MOP 2 7 2 9 5 4 PASSWORD LIMIT 22 10 PRIVILEGED 2 4 6 2 11 14 21 1 example 2 4 SERVER PRIVILEGED PASSWORD Example 2 4 SESSION 11 21 SET PRIVILEGED command 21 2 SET DEFINE CHANGE commands 2 3 INTERNE
52. See the Customizing a Default Keyboard Map for a Port section in this chapter 18 12 Configuring and Managing 3270 Terminal Emulation TN3270 Displaying and Customizing Keyboard Maps Selecting and Customizing Keyboard Maps for a Port Server wide keymapping is the recommended method for customizing users TN3270 keymapping assignments It uses access server memory efficiently and provides a common customized environment across all TN3270 ports Port by port keymapping is also possible but uses additional access server resources A user can set up unique keymapping assignments for use only on his or her port Individual port users have the following choices for selecting the keyboard maps that are most appropriate for their TN3270 applications e Select and use one of the predefined default terminal types and its associated keyboard map The predefined terminal types are VT100 VT220 VT320 VT420 and ANSI e Select one of the predefined default terminal types and then customize its keyboard map Customizing a Default Keyboard Map for a Port discusses this customization e Select and use one of the server wide customized terminal types and its keyboard map These terminal types have been defined and customized for all ports by the server manager The users cannot customize the keymaps associated with these terminal types on a port by port basis The following sections discuss these options Selecting a Default Terminal Type and
53. TN3270 KEYMAP Customizing a Default Keyboard Map for a Port As port user you can customize any of the key definitions on the default keyboard map to suit your keyboard For example the following command defines the ASCII code for the IBM 3270 NEWLINE function Local CHANGE PORT TN3270 KEYMAP NEWLINE Ctrl J In this example the ASCII sequence Ctrl J maps to the NEWLINE function See the Rules for Customizing Keyboard Maps section in this chapter for rules about customizing keyboard maps To display a customized keyboard map for a port use the SHOW PORT TN3270 KEYMAP command For each IBM 3270 function a given keyboard map definition indicates e The defined mnemonics for the ASCII codes that the access server associates with each IBM 3270 function e An optional text description of the keystrokes used to produce the ASCII codes 18 14 Configuring and Managing 3270 Terminal Emulation TN3270 Displaying and Customizing Keyboard Maps Example SHOW PORT TN3270 KEYMAP Command The following example shows a partial display of a keymap Local SHOW PORT 2 TN3270 KEYMAP Port 1 john 3270 function ASCII Keystroke mnemonic description CLEAR F12 Alt F2 Configuring and Managing 3270 Terminal Emulation TN3270 18 15 ASCII to EBCDIC and EBCDIC to ASCII Translation Tables ASCII to EBCDIC and EBCDIC to ASCII Translation Tables Commands The following table lists and describes the commands that enable you to
54. TYPE Default Disabled Enabled None 9600 Dynamically set ANSI Allowed Values Enabled Disabled Enabled Disabled Even Odd Mark None 75 110 134 150 300 600 1200 1800 2000 2400 4800 9600 19200 38400 57600 115200 1 2 Hardcopy Softcopy ANSI Configuring Basic Device Characteristics Refer to Section Specifying LONGBREAK LOGOUT FLOW CONTROL Direction PARITY SPEED STOP BITS TYPE Configuring Basic Device Characteristics 9 3 Displaying Basic Device Characteristics Displaying Basic Device Characteristics Command To display basic device characteristics use the SHOW PORT command Displaying Port Characteristics Example The following example shows how to display the port characteristics for port 5 Local SHOW PORT 5 Port 5 Server LAT 123456789ABC Character Size 8 Input Speed 9600 Flow Control XON Output Speed 9600 Parity None Signal Control Disabled Stop Bits Dynamic Signal Select CTS DSR RTS DTR Access Local Local Switch None Backwards Switch None Name PORT 5 Break Local Session Limit 4 Forwards Switch one Type ANSI Default Protocol LAT Default Menu None Autolink Timer One 12 Two 10 Preferred Service None Authorized Groups 25 Current Groups 25 Enabled Characteristics Autobaud Autoprompt Broadcast Failover Input Flow Control Lock Loss Notification Message Codes Output Flow Control Verification Loca
55. Terminal e The dedicated service characteristic must be disabled See the User Account Command Parameters section in this chapter Local Mode Command Restrictions During Session Management The following table list the restrictions on some of the access server commands Command CONNECT DISCONNECT DISCONNECT ALL LOGOUT LOGOUT PORT SET PRIVILEGED SET DEFINE CHANGE PORT 11 14 Configuring and Managing Interactive Devices Descriptions Establishes a service session for any terminal session You cannot use it to establish an additional service session To do this you must open another terminal session Either command disconnects the current service session but does not disconnect the terminal session When a service session is disconnected the terminal session remains in local mode LOGOUT closes your current terminal session only and disconnects the service session associated with it if there is one You are not logged out of the access server You can open or switch to another terminal session LOGOUT PORT does a full log out logging you out of the access server closing all terminal sessions and service sessions It also ends session management Applies to the port and to all terminal sessions on the port Changes the current characteristics for an access server port Changes apply to all terminal sessions for that port The preferred service characteristic behaves differently for terminal sessions The
56. The Internet address or host name for the WINS server used when the primary WINS server is not available If a DHCP server provides the WINS servers and Domain Name information the display includes from DHCP at the end of each line of information and the name of the DHCP server at the end of the display TCP IP Network Characteristics 7 33 Overview Introduction Chapter 8 Managing AppleTalk This chapter explains how to configure and manage the AppleTalk protocol suite on an access server In This Chapter This chapter contains the following topics Configuring AppleTalk on an Access Server Displaying AppleTalk Characteristics Displaying AppleTalk Counters Displaying AppleTalk Status Displaying AppleTalk Routes Displaying AppleTalk ARP Entries Managing AppleTalk 8 1 Configuring AppleTalk on an Access Server Configuring AppleTalk on an Access Server Introduction You can configure an access server to act as an AppleTalk node on the network and many different components can then be monitored The configuration of the AppleTalk characteristics can be done only in the NVRAM database This means that the manager has to reinitialize the access server after making a change to any of the AppleTalk characteristics before the changes take effect This chapter does not address managing asynchronous connections For information about ATCP see Chapter 19 This chapter assumes you have a basic understanding of the AppleTa
57. This field is a variable length string as follows Login Events When authentication is enabled on the port this field will contain the entire Kerberos user name string for example jones finance acme com All Other Events This field will contain the user name string associated with the port the string in the first field of the SHOW PORT display The SET PORT USERNAME command may change a port s user name from the string stored at login This can cause entries associated with a particular login to have different user name fields The login entry when Kerberos is enabled is the only trusted source for the user name When Events Are Logged When Events Are Logged Introduction This section describes when each specific event type is logged Login Events Login events are logged at the time of the successful login just before the user gets the Local prompt Unsuccessful login attempts are handled by Kerberos Password Fail Login Password Fail or Remote Password Fail events Logout Events Logout events are stored when the port is logged out There is always an associated login event Session Connect Attempt Events Session connect attempt events are stored when a session connect is being attempted either user initiated or dedicated All attempts are logged whether they are successful or not Session Disconnect Events Session disconnect events are logged when a session connect attempt fails or when an exist
58. a Telnet Break command to the Internet host The way that this command is interpreted depends on the host Sends a Telnet End of Record command to the Internet host This command is only sent if the EOR option is enabled through negotiation with the peer Causes the next character to be treated as ordinary data To send a key mapped to a Telnet command as ordinary data you precede the key with the Quote command Defines a character to enable or disable the echoed input when the ECHO option is local You can use this command to suppress a local echo when you type a password Default Ctrl O Ctrl Y Ctrl X Ctrl T None None None Ctrl E Configuring and Managing Interactive Devices 11 23 Configuring Individual Telnet Client Session Characteristics Specifying AUTOFLUSH The AUTOFLUSH characteristic automatically invokes the AO function whenever you enter the IP SYNCH AYT EOR or BRK characters AUTOFLUSH aborts all output on its way to the user s terminal By default AUTOFLUSH is enabled for IP and is disabled for SYNCH and AYT Example Disabling AUTOFLUSH The following example shows how to disable AUTOFLUSH for the IP character on port 5 Local CHANGE PORT 5 TELNET CLIENT AUTOFLUSH IP DISABLED When you enter a SHOW PORT CHARACTERISTICS command the f and f symbols indicate if AUTOFLUSH is disabled or enabled for a given character Specifying AUTOSYNCH The AUTOSYNCH characteristic automatical
59. a phone number used on dial back The DIAIER SERVICE to be used when attempting a dial out Variables ENABLED DISABLED Clear the PASSWORD by setting it to null string Standard modem dial strings Standard modem dial strings Values appear in uppercase Comments Max length 40 characters Case sensitive depending on authentication service protocol Case insensitive only for the local access server user data base Max length 40 characters Max length 120 characters Max length 120 characters Max length 16 characters Configuring and Managing Interactive Devices 11 31 Managing Access Server User Accounts Command Description Variables Clause MAX CONNECT Indicates the maximum number of minutes the user can be logged in before being forcibly logged out USER STATUS Specifies user status ENABLED DISABLED ACCESS Specifies the default LOCAL access mode this user FRAMED is granted NONE Access Command Variables Comments Default 0 Setting DISABLED prevents any login using this user name See the following table for a definition of the ACCESS clause variables The following table defines the ACCESS command parameter variables Variable Definition LOCAL Local access only allowed FRAMED Framed PPP SLIP access only allowed NONE No access specified port characteristics or realm default access determine service LOGIN
60. a rate of less than two counts per day It is normal to experience some errors when nodes are added to the Ethernet Number of LAT circuit messages successfully received by the access server Number of LAT circuit messages successfully transmitted by the access server Number of queued connection requests that the terminal server has accepted This number includes requests that are queued and requests that were immediately satisfied without queuing The sum of the number of solicitations accepted and the number of solicitations rejected equals the number of queued connection requests that the access server received Number of queued connection requests that the access server could not process and therefore rejected The sum of the number of solicitations accepted and the number of solicitations rejected equals the number of queued connection requests that the access server received Number of times a service node became available with different Ethernet addresses Number of LAT messages that the access server received more than once This value should be less than 1 1000 of the value for Messages Received Number of LAT messages that the access server retransmitted because they were not acknowledged by the service nodes This value should be less than 1 1000 of the value for Messages Transmitted Managing the Access Server 17 15 Displaying Information About the Access Server Field Description Illegal Messages Rc
61. access server has an Internet address you can configure it to accept a Telnet remote console connection Once you configure the Internet address and Telnet remote console port the access server accepts and establishes a Telnet remote console connection to the remote console through one or more of the Telnet listeners specified by a TCP port on the access server By default TCP port 23 is the Telnet remote console port If you assign Telnet listener 23 to one or more physical ports using the CLEAR PURGE TELNET LISTENER 23 command only reassigns TCP port 23 as a Telnet remote console port Management Tools 2 11 Remote Console Port Characteristics of the Telnet Remote Console Port The following table describes the characteristics for Telnet remote console connections on the access server Characteristic Number of connections allowed on the remote console port at one time Default TCP port number Number of TCP ports configured to function as a remote console port Maintenance password Access server login password IP address of the Telnet client host Privileged user logout 2 12 Management Tools Description 1 The port is shared with the MOP remote console port so it will not be accessible to Telnet if the remote console port is active 23 By default the remote console is accessed via TCP port number 23 You can make the Telnet remote console port available to any of the TCP ports used by the access se
62. access server software installation documentation for your load host Changing the Subnet Mask To change the subnet mask use the CHANGE INTERNET SUBNET MASK command The following example shows how to change the subnet mask to 255 255 255 0 Local CHANGE INTERNET SUBNET MASK 255 255 255 0 Changing the Subnet Mask to the Default Value To return the subnet mask to its default value after changing it do the following Step Action 1 Enter the following command Local DEFINE INTERNET SUBNET MASK NONE 2 Reboot the access server Supernetted IP Addresses The DNAS software supports the use of supernetted IP addresses Supernetting allows you to configure the access server and its ports with a subnet mask shorter than the intrinsic subnet mask for example 255 255 255 0 for a Class C address With 7 4 TCP IP Network Characteristics Configuring the Internet Address and Subnet Mask supernetting you can give a Class C subnet mask a range of 255 255 0 0 to 255 255 255 254 This allows you to address a block of Class C IP addresses as a domain or a single destination address with more than 254 hosts TCP IP Network Characteristics 7 5 Configuring the Internet Address and Subnet Mask Displaying the Internet Address and Subnet Mask To display the Internet address and subnet mask use the SHOW LIST MONITOR INTERNET command Internet Address and Subnet Mask Display Example The following example shows how to display the cur
63. address not requested 3 Receives acknowledge ment operation complete 7 28 TCP IP Network Characteristics DHCP Server 2 Receives request and sends packet with IP configuration information LKG 10495 97 MF Learning IP Information From a DHCP Server DHCP Proxy Operation The access server can act as a DHCP proxy to provide IP address assignment for most remote clients IP Address Assignment When you enable DHCP the access server sends requests for IP addresses to a DHCP server on behalf of the remote client if e You do not configure an IP address on the ports configured for remote access e You do not specify an IP address using RADIUS authentication e The remote client is not configured with an IP address for its PPP session When the access server receives the IP address from the DHCP server it assigns the address to the remote client The following occurs when the access server uses DHCP to assign IP addresses to remote clients DHCI P Client DECserver DHCP Server Begins PPP negotiations 2 Receives address and requests request and Receives DHCP IP address sends a DHCP Discover packet Discover packet and offers an to DHCP server IP address Receives IP addess offer and sends a request to use the offered address Receives request and acknowledges Resumes PPP use of IP address negotiation with 7 Receives IP remote client address PPP and assigns the negotiations
64. allows you to configure the number of times to retry contacting a server before timing out a login attempt You can specify the maximum number of retries to potentially alternate authentication hosts Hosts are tried round robin fashion until the login attempt times out Each realm can point to its own list of security hosts Secrets A text string or value that ensures that the data exchanged between the access server and the security host is valid You must configure a secret on the access server for RADIUS You can also configure one for Kerberos The secret for SecurID will automatically be assigned by the SecurID authentication host Once configured the secret is never displayed on the access server There are privileged access server commands to erase and to reenter secrets The secret is assigned as a realm parameter and applies to all security hosts in the realm 22 4 Managing Access Server Security Common Terminology Across Security Realms Security Server UDP Ports The remote host with which the access server communicates in order to request authentication clearance during the login process Each security method other than user accounts defines one or more host processors that can support the authentication procedure RADIUS Accounting The RADIUS security method supports logging of accounting information The accounting information is sent to what is called the accounting host by means of the accounting service port
65. and the access server returns the following console prompt gt gt gt At the gt gt gt prompt you can enter H to invoke help Entering H provides help text to describe the interactive boot mode commands available The Boot Command Options section in this chapter lists the boot mode commands and summarizes the help text that appears when you invoke H Choose one of the boot command options listed in the Boot Command Options section in this chapter Initializing the Access Server 5 9 Booting Using Console Commands Boot Command Options The following table lists the command options you can select for the boot command Option Definition B This command without an argument starts a new boot sequence to load the access server with an executable image using the default boot parameters B name This command and the argument name specifies a nonstandard boot image The access server looks for the software name first from Flash RAM then from the network B In this command the media part of media name media name specifies which boot media to use 5 10 Initializing the Access Server Associated Options B MNENG This command instructs the access server to look for the MNENG2 software image first in Flash RAM then from the network b tftp serversw This command instructs the access server to look for image TFTP SERVERSW first in Flash RAM then from the network If you want lowercase letters you h
66. bytes RX 216 bytes Username smith Port 3 Username smith Event SNMP Community Modified Time 0 27 Porfks 3 Username smith Event Logout Time 0 27 Porte 3 Tx 1285 bytes Rx 526 bytes Username smith 23 14 Accounting Event Session Disconnect Time 0 26 Event Login Password Modified Time 0 27 15 134 14 LD Event Login Time 026 10 33 13 44 04 50 51 14 06 Using the Accounting Console Logging Feature Using the Accounting Console Logging Feature Description When console logging is enabled the accounting component displays the accounting events on the server console as they occur This can be useful for viewing events on a console terminal or printer It is also possible to view and log to a file the console events remotely If you place a loopback connector on the access server console port and associate a LAT service or Telnet listener with this port you can connect to the port and view the console messages remotely LAT Remote View of the Accounting Log The following example shows the commands necessary to remotely view the accounting log messages with a LAT service and loopback connector on port 16 of the access server Local Local Local Local Local CHANGE CHANGE CHANGE CHANGE CHANGE PORT 16 ACCESS REMOTE PORT 16 AUTOBAUD DISABLED SPEED 57600 SERVICE ACCTREMOTE PORT 16 CONNECTION ENABLED SERVER CONSOLE 16 SERVER SERVICE GROUP 255
67. can use the SHOW MONITOR INTERNET command to display the status of the learning operation If learning is occurring the IP address displays as Learning TCP IP Network Characteristics 7 25 Learning IP Information From a BOOTP Server Setting Up IP Configuration Learning Do the following to set up your access server to learn IP configuration information from a BOOTP server on the network Step 1 Action Set up the BOOTP server a Add an entry for the access server s Ethernet address b Associate the Ethernet address with an IP address C Optionally associate the Ethernet address with a subnet mask and default gateway Reference The DNAS installation instructions provide details about configuring a BOOTP server Ensure that the access server does not have an IP address stored in NVRAM Use the following command Local LIST INTERNET If the display shows an Internet address clear it using the following command Local DEFINE INTERNET ADDRESS NONE Ensure that the Internet characteristic is enabled Use the following command Local LIST INTERNET If the Internet characteristic is not enabled enable it using the following command Local DEFINE INTERNET ENABLED 7 26 TCP IP Network Characteristics Learning IP Information From a DHCP Server Learning IP Information From a DHCP Server Description You can use the Dynamic Host Configuration Protocol DHCP to automatically configure TCP IP ch
68. characteristics of the applications devices for remote printers and sets up the print queues for these remote printers These devices should have been set up previously by the LTLOAD COM command file NOTE The queue manager must be running before executing this file Set up local characteristics for the applications devices ET TERM LTA1925 PERM DEVICE LNO3 WIDTH 60 NOBROAD T ED 4800 Set the protection on the devices so that only the symbiont can access them SET PROT S RWLP O G W DEVICE LTA1925 Set the devices spooled 12 10 Configuring and Managing LAT Services Configuration of Specific Types of Devices As LAT Services SSET DEVICE LTA1925 SPOOLED LN03 QUE SYSSSYSDEVICE SDEFINE FORM LN_FORM 10 WIDTH 60 STOCK DEFAULT TRUNCATE Initialize and start the print queue SINIT QUE START PROCESSOR LATSYM RETAIN ERROR DE FAULT NOBURST FLAG ONE RECORD BLOCKING LN03 QUE ON LTA1925 SEXIT On a VAXcluster system you can configure the applications ports on the local node only However you should do so on at least two nodes so that a redundant path to the printer is available in the event of a cluster node failure To set up a remote printer applications port on a cluster node include the LAT control program CREATE PORT and SET PORT commands for that port in the node
69. configure acks sent to the peer from the access server Configuring and Managing Point to Point Protocol PPP Ports 19 21 Displaying PPP Counters Field Naks in Naks out Rejects in Reject outs Terminates in Terminates out Term Acks in Term Acks out Displaying ATCP Counters Description The number of IPCP configure naks received from the peer The number of IPCP configure naks sent to the peer from the access server This counter should always be zero in this release The number of IPCP configure rejects received from the peer The number of IPCP configure rejects sent to the peer from the access server The number of IPCP terminate requests received from the peer The number of IPCP terminate requests sent to the peer from the access server The number of IPCP terminate acks received from the peer The number of IPCP terminate acks sent to the peer from the access server Use the SHOW PORT n ATCP Counters command to display ATCP counters for a port This command requires no privileges The counters display shows all the counters relevant to ATCP protocol operation Most of this information is useful as a diagnostic aid The CONNECT or DISCONNECT command zeroes each of these counters 19 22 Configuring and Managing Point to Point Protocol PPP Ports Displaying PPP Counters Example Command to Display the ATCP Counters The following example shows how to display the ATCP counters Loca
70. current value Use current value Enabled Use current value Not used Use current value Use current value U se current value Use current value Use current value Use current value Use current value Enabled Enabled Profiles Binary Use current access server value Duplex 8 Disabled Not used Not used Not used Not used Not used Not used Not used Not used Not used Disabled Disabled Configuring and Managing Interactive Devices 11 19 Specifying the Telnet Client Session Profile Profiles Session Character Binary Characteristics SWITCH Enabled Disabled CHARACTERS TERMINAL TYPE Use current access Use current access server server value value If ECHO is in local mode the ECHO characteristics are suppressed and characters are not echoed 11 20 Configuring and Managing Interactive Devices Configuring Individual Telnet Client Session Characteristics Configuring Individual Telnet Client Session Characteristics Modifying Telnet Session Characteristics You can modify the Telnet client session characteristics in two ways at the port level or for the individual session using the SET SESSION command Modifying the characteristics at the port level enables those values for Telnet client sessions at that port when sessions are created Also you can save the characteristics in the permanent database The values you set with the SET SESSION command are lost once you log out of the s
71. display is the default display for the SHOW SERVICE service name command For each selected service an introductory line identifies the service for which status information is being displayed The next line shows the headings for the status information Under the headings a line is displayed for each node offering the selected service The access server displays information about a service or services from data stored in its memory If none of the ports can access a particular service the access server does not retain any data about that service Hence no information about that service can be displayed 12 18 Configuring and Managing LAT Services Managing Your Access Server As a LAT Node Offering a Service Example SHOW SERVICE STATUS Display The following example shows how to generate a service status display for a service named DEVELOP Local SHOW SERVICE DEVELOP STATUS Service DEV Node Name S ORANGE Development PEACH Development TEST Performance ELOP Available Reachable System Unreachable 255 System Unknown Testing tatus Rating Identification Terminals Engineering High powered SHOW LIST MONITOR SERVICE STATUS Display Headings The following table describes the fields and the headings in the display Heading Service Node Name Status Description Name that identifies the network service Name of the service node as stored in access server memory for each node t
72. displaying 17 24 to 17 25 LOSS NOTIFICATION 11 10 parity 11 10 remote modification 11 10 speed 11 10 TN3270 18 20 to 18 21 Port Failover disabling 11 7 Port field 23 5 Port name assigning 12 4 Port queuing characteristic 11 7 disabling 11 8 enabling 11 7 Ports ACCESS DYNAMIC 13 5 captive 3 11 configuration 1 2 15 8 to 15 9 20 8 22 9 22 16 number allowed 2 12 security authorizations 22 3 displaying authorization 22 31 counters 17 25 to 17 26 status 17 27 summary 17 29 SLIP hosts 15 5 Power loss 1 5 PPP characteristics 19 5 changing 21 16 PPP protocol 1 2 11 6 19 1 19 3 23 6 to 23 7 Counters 19 18 Hosts 19 1 management 1 3 Protocols PPP 22 16 Status Displaying 19 12 Printers Configuring 13 2 configuring 12 13 13 5 configuring as a LAT service 12 9 Privileged command 2 2 enabling 2 4 Index 9 Privileged password changing 2 4 Prompts 4 4 gt gt gt 5 9 changing 17 10 ENTER PASSCODE gt 22 23 Enter username gt 11 34 LOCAL gt 2 6 4 8 Local gt 2 2 SecurID 22 23 Prot field 23 6 Protocols ANY 11 6 BOOTP 4 12 BOOTP TFTP 4 2 MDS 4 2 MOP 2 7 23 7 PPP 1 2 to 1 3 11 6 23 7 SLIP 1 3 11 6 22 16 23 7 Telnet 22 37 TFTP 4 12 Protocols Telnet 11 6 PURGE command 2 3 Q Queue limit characteristic 6 14 SHOW SERVER display 2 6 Quote 11 23 R RADIUS 21 15 security 22 2 servers 22 1 22 13 22 15 Attributes Login 22 16 attributes 22 17 to 22 22 Administrative User 22 16 Callback Frame
73. e The following example shows the command used to set up SecurID security LOCAL CHANGE SECURID REALM realm name e This command defines and initializes a new SecurID realm LOCAL CHANGE SECURID REALM JONAS COM AUTHEN HOST ip addr Optional Setup for SecurlD The commands in the following example can be used to configure additional security parameters for SecurID The commands in these examples will define a SecurID accounting node define the maximum timeout period for SecurID reply and define the interval between retries of an authentication request Local CHANGE SECURID TIMEOUT seconds This command defines the maximum timeout for SecurID reply Local CHANGE SECURID INTERVAL seconds Local CHANGE SECURID REALM realm name INCLUDE This command causes the realm name to be included as part of a user name sent to SecurID Realm name inclusion is used for SecurID proxy authentication service See the Network Access Server Command Reference for more information on this command 22 24 Managing Access Server Security Managing SecurlD Example Including the Realm Name If your realm name has to be included when the access server sends messages to SecurID issue the command shown in the following example LOCAL CHANGE SECURID REALM realm name INCLUDE For most usage you will not want to include the realm name If you do each entry in the SecurID users file will have to appear as user name Q realm name instead of simp
74. eer uds 7 16 Displaying a List of Gateway Addresses unuunu nunnurnar eee 7 16 Configuring a Default Gateway oooooooococcor etna 7 16 Defining Networks Available Through a Specific Gateway llle esses 7 17 Defining Subnets Available Through a Specific Gateway lele esee 7 17 Defining Hosts Available Through a Specific Gateway 00 002 e eee 7 17 Configuring a List of Internet ARP Entries 0 0 0 eee e 7 18 Introduction e islets ERR Ae te uA tea ee ea 7 18 Displaying the List of Internet ARP Entries else 7 18 Defining an ARP Entry zu ee Hee ide 7 18 Setting the TCP Keepalive Timer 0 0 0 cece I 7 19 What the Timer Dois i c enefibn c aw onset ioe tape ee Deg ASE ose Bees 7 19 Setting the Timer secl Me Becht epee eg bag Peay oe UE SEES 7 19 Disabling the Timer oou nie eua ete eri ede dee luc ds 7 19 Setting Timer RetrieS eor lel e RED FEE IL REDE 7 19 Displaying Timer Characteristics eee 7 20 Displaying the Internet Counters llle ee 7 21 Using the SHOW Command o 7 21 Internet Counters Display Example seseeee eh 7 21 Internet Counter Display Fields 7 22 Learning IP Information From a BOOTP Server 0 0 0 0 cee eee eee 7 25 Introduction loe EL UILE GG OE Ee WE AW RNV Re ee 7 25 BOOTP Server Configuration 0 0 0 eee cc tee eens 7 25 Learning Operation selle m e 7 25 Setting Up IP Configuration
75. entry in a queue and to attempt the function for which the entry was queued DNS Domain Name System An Internet naming system that maps or translates domain names to addresses See domain names domain names Internet The domain name consists of a sequence of subnames separated by a period The individual sections of the name might represent sites groups or computers but the domain system simply calls each section a label For example the domain name super dec com contains three labels super dec and com Any suffix of labels in a domain name is called a domain Thus the lowest level domain is super dec com an abbreviation for the computer named super The second level domain is dec com for Digital Equipment Corporation and the top level domain is com for commercial institution As the example shows domain names are written with the most local label first and the topmost domain last Domain Name System See DNS downline loading The process of sending the access server image from a load host to a access server DSR Data Set Ready A control signal that is used to inform whether or not a communications device is ready to transmit and receive data DSVCONFIG The configuration procedure used on a load host to configure the load host s node database DTR Data Terminal Ready A control signal that is used to inform whether or not a data terminal is ready to transmit and receive data dump file A file contai
76. et OE eth Hee ba eid ee hae ad See RS 9 11 CUS b E ntti a SU edet ee bere V ek ens 9 11 FLOW CONTROL Direction st cereti eero onio trenni I 9 12 Specifying the Automatic Logout Characteristics 0 0 0 cece eee eee 9 13 Introduction zr eS is 9 13 Specifying DSRLOGOUT 0 e eh 9 13 Specifying LONGBREAK LOGOUT ssessseeee e 9 13 Specifying INACTIVITY LOGOUT ssseeeeeeee e 9 14 Specifying the INACTIVITY TIMER sseseee ee Ie 9 14 10 Configuring Modem Signals OVELVIEW siu see RO EE ERE REN OSA eee a EE RE cas 10 1 Introduction i eie et bte em Lease e dls ala des 10 1 In This Chapters une E De Ree RR Rey ERR e eo bee ees 10 1 DTE DCE Device Configuration 0 0 00 ai a e eee 10 2 Port Configuration i c osi ne be Ree a ee EXER ROSE RD ere NUR E 10 2 Determining the Supported Modem Signals 0 0 0 eee eee ee ee 10 3 Access Servers and MODEM CONTROL 1 2 2 00 10 3 Access Server Types and Supported Modem Signals 0 00 00 0 0000008 10 3 Modem Signals Description 0 eee eee e 10 5 Types of Modem Signal eio Re eR Met ER EE E ee 10 5 Specifying MODEM CONTROL and SIGNAL CONTROL 0 000 000 0005 10 7 Introduction zc oec ex Ree SPR E ER Lu rte aded 10 7 Logging Out the Port with DSRLOGOUT or LONGBREAK LOGOUT 10 7 Computer Interfaces iore pL a e eene tal ee ga 10 7 Specifying SIGNAL SELECT Rev Dex mr eir REESE Lr as 10 9 Introduct
77. existing DECservers CTRL Z Exit from this procedure Your selection Managing Load Hosts 4 9 Using a BOOTP TFTP Server Using a BOOTP TFTP Server Introduction A BOOTP TFTP server is a UNIX host that downloads the access server software using the BOOTP and TFTP protocols The BOOTP TFTP server stores the information necessary to downline load the access server software in the etc bootptab file Reference For information about installing and configuring a BOOTP TFTP server refer to the DECserver Network Access Software Installation guide IP Address Configuration Via BOOTP The DECserver Network Access Software contains enhanced BOOTP functionality The DECserver stores several important Internet parameters from the BOOTP server This ability to store data for future use may be used whether the DECserver operating software is loading from FLASH RAM or via a load host using the MOP protocol The factory default settings for this feature now send a BOOTP request on the network in order to obtain one if the DECserver unit does not have an IP address defined in NVRAM Customers who do not wish to run IP on their DECserver and therefore may wish to disable this feature may issue the DEFINE INTERNET DISABLE command to explicitly disable it The parameters that the DECserver unit can obtain from the BOOTP server include the Internet IP address subnet mask default gateway address and domain name server address The BOOT
78. following example shows how to disable SLIP on port 2 Local CHANGE PORT 2 SLIP DISABLED Configuring and Managing SLIP Ports 15 15 Chapter 16 Configuring for SNMP Access Overview Introduction This chapter describes how to configure the access server simple network management protocol SNMP agent so that it can be controlled by a remote Network Management Station NMS Reference For complete information about managing SNMP on the access server refer to the file snmp survival txt contained in the software installation kit This file fully describes every SNMP accessible variable and table in the access server For example the file describes e What values variables can take e When and how variables and tables change e How the user interface can access variables and tables In This Chapter This chapter contains the following topics e Supported SNMP Features e Configuring the Access Server for SNMP Access e Configuring the NMS Configuring for SNMP Access 16 1 Supported SNMP Features Supported SNMP Features Supported Specifications The access server supports the SNMP specifications listed in the following table Specification Title RFC 1155 Structure for Management Information for TCP IP Based Protocols RFC 1157 A Simple Network Management Protocol SNMP SNMP Community Names An SNMP community name is a character string that the NMS uses as a password to gain access to the access server
79. for the SHOW PORT command In this example the preferred dialer service is CALL HOME and the dialer script name is Generic 14400 Local SHOW PORT 2 Port 2 Server userl0_DS700 16 Character Size 8 Input Speed 57600 Flow Control XON Output Speed 57600 Parity None Signal Control Enabled Stop Bits Dynamic Signal Select CTS DSR RTS DTR Access Dynamic Local Switch None Backwards Switch None Name PORT 2 Break Local Session Limit 4 Forwards Switch None Type Ansi Default Protocol DIAL Default Menu one Dialer Script Generic_14400 Preferred Service CALL HOME Authorized Groups Current Groups Enabled Characteristics Autoconnect Autoprompt Broadcast DSRlogout Failover Inac tivity Logout Input Flow Control Lock Loss Notification Mes sage Codes Output Flow Control PPP SLIP Verification Local Dialer Script to a Port Use the SET DEFINE CHANGE PORT n DIALER SCRIPT command to assign a dialer script to a port Example Defining the Dialer Script The following example shows how to assign the dialer script dickens to port 2 After you enter this command and initialize the access server the SHOW PORT display for port 2 will reflect this change Local DEFINE PORT 2 DIALER SCRIPT dickens Managing Dial Services 21 7 Assigning the Dialer Script to a Port Verifying Dialer Script Configuration Use the SHOW PORT n command to verify any changes you make to dialer script assignments
80. groups Command Result DEFINE Changes NVRAM nonvolatile random access memory The system must be reinitialized for the changes to take effect SET Changes VRAM CHANGE Changes both NVRAM and VRAM SHOW Displays current status or information about various options from the access server operational database MONITOR Displays continuously updated access server information on various options Type any character to stop a monitor display The MONITOR command displays have the same format as the corresponding SHOW command displays but requires the user to be privileged LIST Displays information about various options from the server s permanent database CLEAR Changes VRAM PURGE Changes NVRAM VRAM is the server s volatile operational database Management Tools 2 3 Access Server Commands Reference For more information about this command group and its qualifiers please refer to the Network Access Server Command Reference Privileged Commands To manage and configure the network you use privileged commands To enable privileged commands use the SET PRIVILEGED command The command line interface prompts you to enter the privileged password which does not appear on the screen If you forget the privileged password you can reset the access server to its defaults by plugging the unit in while holding the reset button More than one port at a time can be privileged Therefore you should not reveal the privileged pas
81. in two blocks e Ethernet data link counters The upper block is for datagrams sent between the access server and all nodes on the Ethernet network Some of the fields displayed are bit masks the values of which tell the reasons for certain events e LAT protocol counters The lower block is for messages transmitted between the access server and all LAT service nodes The access server maintains some of these counters for each service node with which it communicates Refer to the node counters display descriptions in Viewing LAT Node Counters Information in this chapter 17 10 Managing the Access Server Displaying Information About the Access Server Each counter has a maximum value of 4 294 967 295 If a counter reaches that value it latches remains at that value until either the counters are set to zero or the access server is initialized Example SHOW SERVER COUNTERS Display The following example shows how to generate an access server counters display Local SHOW SERVER COUNTERS Network Access SW Vx x for DSxxx xx BLxx xx ROMx x x Uptime 0 17 02 20 Seconds Since Zeroed 1183161 Frames Sent 1Collision 8377 Bytes Received 811416880 Frames Sent 2 Collisions 16344 Bytes Sent 141519043 Send Failures 1 Frames Received 8087172 Send Failure Reasons 00000010 Frames Sent 1572199 Receive Failures 47 ulticast Bytes Rev d 1111005 Receive Failure Reasons 000011 ulticast Bytes Sent 215694 Unrecognized Destina
82. link Provides a brief reason if LCP cannot complete negotiations MRU Maximum Receive Unit Indicates the largest number of characters each peer would like to receive in a packet Character Map Specifies which characters require special encapsulation or byte stuffing Authentication Indicates whether authentication is required PAP is supported for this release Link Quality The link quality is disabled in this release Magic Number Local Indicates if the access server has negotiated to respond to magic numbers from the peer These numbers can be used to detect loopback The local magic number is disabled in this release Remote Indicates if the peer has negotiated to respond to magic numbers from the access server The remote magic number is disabled in this release PF Compress Indicates whether Protocol Field compression has been negotiated ACF Compress Indicates whether Address and Control Field compression has been negotiated FCS Size Always 16 bit CRC Callback Indicates that call back has been negotiated Configuring and Managing Point to Point Protocol PPP Ports 19 13 Displaying PPP Status Displaying IPCP Status Use the SHOW PORT n PPP IPCP STATUS command to display IPCP status This command shows the actual state of the IPCP implementation in the access server Because of the nature of PPP negotiations this display can differ from the configured characteristics shown on the SHOW PORT n PPP IPCP CHARAC
83. not currently support per port idle timeout for interactive sessions Managing Access Server Security 22 17 Managing RADIUS Framed Session Attributes The following table defines the framed session attributes Framed Session Attributes Framed Protocol Framed IP Address Callback Number 22 18 Managing Access Server Security Definition Type of framed protocol used for session Used in Access Accept packets Values e PPP SLIP IP address to be configured for the user in lieu of DHCP or similar Used in Access Accept packets Note Two values of this address require special action The value 255 255 255 255 means that the PPP client should be allowed to negotiate the use of its local IP address via IPCP subject to the DECserver s subnet containment rules The value 255 255 255 254 means that PPP or SLIP client should be assigned the port s PPP address if one exists Nonspecial cases would equate to SET PORT SLIP HOST ADDRESS ip addr SET PORT IPCP HOST ADDRESS ip addr Indicates the phone number to be called after the user has been disconnected This attribute is formatted as a printable ASCII string typically containing the characters that would follow the ATDT modem command Interactive Session Attributes Managing RADIUS The following table defines the interactive session attributes Interactive session attributes Login IP Host Login Service Login Port Login L
84. notification of a service node failure use 10 seconds Keepalive Timer Example The following example shows how to change the keepalive timer to 10 seconds Local CHANGE SERVER KEEPALIVE 10 6 8 Configuring LAT Characteristics MULTICAST TIMER Characteristic MULTICAST TIMER Characteristic Introduction The MULTICAST TIMER characteristic determines the interval at which a service node sends service announcements Multicast Timer Default Values You can specify a value from 10 to 180 seconds The default value is 30 seconds Changing Multicast Timer Values Example The following example shows how to change the multicast timer value Local CHANGE SERVER MULTICAST TIMER 50 Configuring LAT Characteristics 6 9 ACCESS SERVER NAME Characteristic ACCESS SERVER NAME Characteristic Introduction The SERVER NAME characteristic is a string of 1 to 16 characters This name must be unique on the LAT network When the access server offers a service it periodically multicasts the name over the local area network Default Access Server Name The default access server name is LAT ethernet address This value is the 12 digit hexadecimal Ethernet address of the access server This address does not contain hyphens Changing the ACCESS SERVER NAME Use the DEFINE SET CHANGE SERVER NAME command to change this characteristic The following example shows how to change the access server name to Printing Local gt CHANGE S
85. of DSR indicates a null modem device A delay of DSR indicates a modem If DSR is delayed the access server watches for one of the following situations A clear to send signal CTS which indicates a V 25 bis compatible modem The absence of a signal which indicates a DIGITAL modem Note For dial out modems the access server enables data communication before detecting DSR Otherwise the access server waits until detecting DSR to enable data communication 10 18 Configuring Modem Signals MODEM CONTROL Sequences After first detecting DSR the access server monitors the port for CTS and DCD If it detects CTS and DCD within 30 seconds the access server enables data flow on the line If it does not detect CTS and DCD within 30 seconds the access server disconnects the line At this point if an ALTERNATE SPEED is defined the access server examines the state of the SMI signal The modem asserts SMI if it has accepted the higher port speed When it requires a fallback speed the modem does not assert SMI and the access server sets the port to the fallback lower speed For dial in lines the user must log in to the access server successfully within 120 seconds or the access server automatically disconnects the call Response to Momentary Loss of CTS If the port device drops CTS but not DCD the access server suspends data transmission on the line until the port device reasserts CTS Disconnecting The access serv
86. on a port DIGITAL strongly recommends that you also enable some sort of authentication for example PAP or CHAP on the port Without authentication any user who happens to discover the phone number for that port s modem could potentially request a call back and run up unlimited phone charges To enable authentication on a port use the SET DEFINE CHANGE PORT LCP AUTHENTICATION PAP CHAP command If the PPP client specified a phone number to which the return call is to be placed this phone number is also included in the dial request along with the name of the dialer service If the PPP client did not specify a phone number the phone number to be used is determined by the dialer service or the user s authorization information If a service name is specified that does not match an existing dialer service the call back will fail and an accounting event will be generated Whether the phone number to be dialed comes from the PPP client or the dialer service definition the user making the request must be authorized to dial that number Likewise the user must be allowed to create sessions of the mode defined by the dialer service either interactive or framed If the user is not authorized to either dial the selected phone number or create sessions of the mode specified by the dialer service the call back fails and an accounting event is generated Unlike interactive dial requests which require the user to log off the server and hang up the c
87. pets 12 15 Managing Your Access Server As a LAT Node Offering a Service 12 16 Introd ction re 3 1 du ee eee ER epe le Sob ad ite a dgio 12 16 Displaying Information About a Service 1 0 0 0 eee cee eee 12 16 Displaying Services Characteristics 0 0 00 eee eee 12 16 Displaying Services Status llle 12 18 Displaying Services Summary 0 0 cee cece eee 12 20 13 Configuring and Managing Telnet Servers OVELVIEW 53 cnn eh Der eu uds e ca dies ho eee OEY Ghat hea ee EE GU ERA Es 13 1 Introduction i ote eer SWAN hn ecb a bce estre eR s DER e ace RR d 13 1 In This Chapter cirios a cer ARENA ee De Oe DRUMS DS RN UR Es 13 1 Sample Device Configurations sussuru ee cece eee rere 13 2 xiv Introduction meu Sake Sb Se Oe ee WA RR UNE eee 13 2 Configuring a Printer for Access Through a Telnet Listener 00 0 13 2 Configuring a Computer for Access Through a Telnet Listener 13 3 Configuring a Modem for Access Through a Telnet Listener llle esee 13 3 Configuring a Personal Computer As a Terminal and for Access through a Telnet Listener 13 5 Sample Configuration 1 0 0 0 0 ec eh 13 5 Configuring Personal Computer Access to a Printer 0 0 0 0 ee eee ee eee 13 5 Setting User Priority for Devices Using Dynamic Access 0000000005 13 6 Configuring a File Transfer Partner leen 13 7 Configuring a Remote Print
88. port name and port number The port number is stored in the access server NVRAM The port name is also stored in NVRAM It is the string specified by the DEFINE CHANGE PORT NAME command and it appears in the display for the LIST PORT command 13 18 Configuring and Managing Telnet Servers Configuring a Raw TCP Listener Configuring a Raw TCP Listener Introduction When you configure a Telnet listener to use raw TCP the associated port sends data to a device or a remote host without any data manipulation or interpretation of control characters Because raw TCP sends the data it receives to a port without any interpretation sending data this way is faster than using the Telnet protocol The raw TCP listener also allows an application program on a remote host to use single socket I O input output calls and bypass the Telnet protocol layer When To Use Raw TCP Using raw TCP is beneficial when you need to maintain the control character definitions in the data you send to and from a port on the access server or when you need to send data without any Telnet processing For example when sending data to a printer you may need to preserve the control characters sent to the printer or you may need to run socket I O calls In these cases you want to configure the raw TCP protocol on the Telnet listener Configuring Raw TCP To configure raw TCP on an access server configure a Telnet listener that has a type of RAW Use the CHANGE TELNET LIST
89. preferred service is supported while you are in a terminal session when you use a CONNECT command without specifying a service The preferred service also takes effect when you establish a terminal session if you do not specify a service name when the terminal prompts you for one If you do not want to connect to the preferred service from your terminal session enter the name local when your terminal prompts you for a service name Configuring a Session Management TD SMP Terminal Logging In with Multisessions The following is a typical procedure for logging in at a session management terminal with MULTISESSIONS enabled at the access server port Step 1 Action Press the Return key once or twice to obtain the introductory banner and username prompt After the user optionally enters a user name the access server invokes session management and the terminal prompts the user for a network resource name The access server then uses that name to create a session for the terminal session If a preferred service is defined and AUTOCONNECT is enabled the access server starts a session with the preferred service If you do not enter a network resource name for a terminal session the access server places the port in local mode Request additional terminal sessions and associated sessions by entering a terminal command The terminal prompts the user again for a network resource name for each terminal session The access server cre
90. provide a password as part of a host initiated contact HIC request to a password protected local service With PASSCHECK disabled HIC requests are not required to supply a password With PASSCHECK enabled HIC requests are required to supply a password Changing the PASSCHECK Characteristics The factory default for the PASSCHECK characteristic is DISABLED To change this characteristic use the DEFINE SET CHANGE SERVER PASSCHECK command PASSCHECK Characteristic Example The following example shows how to enable the PASSCHECK characteristic Local CHANGE SERVER PASSCHECK ENABLED Configuring LAT Characteristics 6 13 QUEUE LIMIT Characteristic QUEUE LIMIT Characteristic Introduction The LAT QUEUE LIMIT characteristic specifies the maximum number of outstanding connection requests for remote access to access server ports The range is from 0 to 200 and the default is 100 Special QUEUE LIMIT Values Two values have special meaning e The value 0 disables the queue e The keyword NONE places no limit on connection requests Changing the QUEUE LIMIT To change queue limit characteristic use the DEFINE SET CHANGE SERVER QUEUE LIMIT command The following example shows how to change the queue limit to NONE Local CHANGE SERVER QUEUE LIMIT NONE 6 14 Configuring LAT Characteristics RETRANSMIT LIMIT Characteristic RETRANSMIT LIMIT Characteristic Introduction The RETRANSMIT LIMIT characteristic specifies the n
91. realm finance acme com The access server user name is always rcmd while its instance is the same as its server name In previous example if the server name is LAT_08002B010203 then the Kerberos principal name is remd LAT_08002B010203 finance acme com The access server Kerberos password is the value of SECRET thisiswhereallthemoneyis To perform authentication the Kerberos system administrator must register the access server Kerberos user name instance and password in the master KDC for each of the realms If the administrator does not specify a SECRET value in the access server database then the access server can perform user authentication without being registered in the realm 22 8 Managing Access Server Security Managing Kerberos Displaying Kerberos Settings The following example shows a sample display of Kerberos settings Local show kerb characteristics Retransmit Interval Retransmit Timeout 0 00 00 08 Ticket service port 750 Password service port 751 Realm mfg acme com Secret None Authorization Defaults Access None Forced Callback DISABLED Max Connect None Dialout Service None Dialback Number 6111 Dialout Number None Permissions DIALBACK DIALOUT LAT TELNET SLIP PPP NOPRIV Port Configuration You need to configure user authentication on the access server on a port by port basis To enable the authentication on a given port you enter a command such as LOCA
92. realmname3 22 30 Managing Access Server Security Determining Security Configuration Showing the Authentication Counters This access server can display the counters for all realms local RADIUS KERBEROS Any session authenticated by RADIUS attempts to send accounting data to the RADIUS Server Sessions authenticated by other methods may be configured to send accounting packets to a RADIUS accounting server as well if one exists Reference See SHOW AUTHENTICATION COUNTERS in the Network Access Server Command Reference for a sample of this display Showing the User Port Authorization Profile The SHOW AUTHORIZATION command shows the user profile being used for the specified port s Example Showing the User Port Authorization Profile The following example shows the resulting display for this command for a port that was authenticated LOCAL gt SHOW PORT 7 AUTHORIZATION Port 7 userl Server DECSERVERI Username userl finance realm Access LOCAL Forced CallBack DISABLED Max Connect 00 08 00 00 DialOut Service DIAL14400 Remaining Time 00 00 33 24 Framed IP Address 16 22 33 44 Login IP Host 16420 22 33 Login LAT Service LATSERVICE Login Service Type LAT Login Port 15 Authenticated By 16 129 42 15 Authentication Type RADIUS Login LAT Node MONEY DialOut Number Any DialBack Number 1 802 767 8345 Login LAT Groups 1 2 5 66 68 133 135 139 172 206 230 250 Permissions LAT TELNET
93. result in long load times due to the relatively slower speed of the serial line See the Novell Operation section in this chapter for more information 20 6 Managing IPX Setting Up the Network Access Server Setting Up the Network Access Server Enabling IPX By default IPX is not enabled on the access server A privileged user must enable IPX with the following commands Local CHANGE IPX INTERNAL ipx net Local CHANGE IPX ENABLED Note The ipx net value must be a unique Novell network number on the network Configuring the Port for an Attached Device To configure a port for PCs dialing in through a modem or directly connected to the network access server use the following commands Local CHANGE PORT n ACCESS DYNAMIC Local CHANGE PORT n ALTERNATE SPEED NONE Local CHANGE PORT n INACTIVITY LOGOUT ENABLED Local CHANGE PORT n FLOW CONTROL CTS Local DEFINE PORT n SIGNAL CONTROL ENABLED DSRLOGOUT ENABLED Local DEFINE PORT n SIGNAL SELECT CTS Local LOGOUT PORT n Considerations When configuring IPX consider the following e ALTERNATE SPEED is not applicable to the DECserver 90M and DECserver 9OTL hardware Ignore warning messages e FLOW CONTROL should match the flow control configured for the attached device For DECserver 700 8 or 16 port and DECserver 900TM 32 port flow control can be configured either CTS RTS or XON XOFF CTS is recommended For the DECserver 90M and DECserver 90TL only XON XOF
94. server might not be handling the message traffic from the service node causing the service node to retransmit messages Number of messages the access server retransmitted to this node This value should be less than 1 1000 of the value for Messages Transmitted If this value is higher than the guideline the service node might not be handling the access server message load Number of illegally formatted messages the access server received from this node This value should be zero A count of nonzero indicates a possible software problem in either the access server or the service node Number of illegally formatted slots the access server received from this node This value should be zero A count of nonzero indicates a possible software problem in either the access server or the service node Number of queued connection requests that the access server has accepted including queued requests and request that were immediately satisfied The sum of the number of solicitations accepted and the number of solicitations rejected equals the number of queued connection requests that were received by the access server Managing the Access Server 17 7 Managing Your Access Server As Part of the LAT Network Field Description Solicitations Rejected Number of queued connection requests that the access server has rejected The sum of the number of solicitations accepted and the number of solicitations rejected equals the number of queued co
95. session Session data from a service node continues even though the service session is currently inactive You can visualize a session management terminal as two or more standard terminals using the same physical access server port For terminals that do not implement TD SMP the access server suspends service session data until the user resumes the session How to Configure Configure the session management terminal for a LAT session as described in the Configuring an Interactive Device for LAT Sessions section in this chapter Configure a Telnet session as described in the Configuring an Interactive Device for Telnet Sessions section in this chapter In addition you enable MULTISESSIONS on the port as follows Local CHANGE PORT 2 MULTISESSIONS ENABLED Benefits and Restrictions Summary The following is a summary of the benefits and restrictions for session management terminals e Context preservation for terminal sessions and their corresponding service sessions e Multiple local modes one for each terminal session to manage service sessions and port characteristics e Simultaneous data exchange with multiple service sessions e Management of terminal sessions using terminal commands e Restrictions on some access server commands see the table in the Local Mode Command Restrictions During Session Management section in this chapter Configuring and Managing Interactive Devices 11 13 Configuring a Session Management TD SMP
96. status indicates Signal Wait if connections cannot be accepted because DSR is deasserted Solicited remote connection is not accepted unless DSR is asserted CHECK Same as SIGNAL CONTROL and DTRWAIT Same as SIGNAL CONTROL SIGNAL CHECK and DTRWAIT Same as SIGNAL CHECK DSRLOGOUT 10 22 Configuring Modem Signals Chapter 11 Configuring and Managing Interactive Devices Overview Introduction This chapter explains how to configure and manage interactive devices such as terminals terminal like devices and personal computers PCs in terminal emulation mode Before you use the procedures in this chapter you must e Connect and test the devices e Enable privileged status e Configure the port and device characteristics to match For More Information For information about connecting device cables refer to your access server hardware documentation In This Chapter This chapter contains the following topics e Configuring an Interactive Device for LAT Sessions e Configuring an Interactive Device for Telnet Sessions e Configuring a Session Management TD SMP Terminal e Configuring On Demand Loading for Asian Terminals e Configuring for Block Mode Terminals e Specifying the Telnet Client Session Profile e Configuring Individual Telnet Client Session Characteristics e Managing Access Server User Accounts Configuring and Managing Interactive Devices 11 1 e Managing Users e Managing Session
97. the Default Protocol in this chapter is set to TELNET you can ignore the TELNET keyword You can connect to the Internet host name or address The host name can be either a relative or an absolute domain name Configuring and Managing Interactive Devices 11 43 Managing Sessions Example Initiating a Session with an Internet Host The following three commands show how to initiate a session with the same host The first command uses the relative domain name SALES the second command uses the absolute domain name SALES MARKETING DEC COM and the third command uses the Internet address 129 122 30 11 Local CONNECT TELNET SALES Local CONNECT TELNET SALES MARKETING DEC COM Local CONNECT TELNET 129 122 30 11 You can also use the OPEN or TELNET command instead of the CONNECT command to connect to an Internet host The OPEN command does not accept the TELNET keyword Local OPEN SALES Local TELNET SALES Sending Telnet Functions to a Remote Telnet Server To send a Telnet function such as AO AYT BRK EOR or SYNCH you use the SEND TELNET command on a current session with a Telnet server For example the following command sends the Telnet abort output AO command Local SEND TELNET AO You can map Telnet functions to keyboard characters as described in Mapping Keyboard Characters to Telnet Functions For a complete list of Telnet commands refer to Telnet Keymapping Functions in this chapter In addition to the func
98. the access server group codes so that they intersect those of all the nodes offering the service Enabling or disabling the RESPONDER characteristic has no affect on the access server ability to respond to Solicit Information messages for services it offers locally Configuring LAT Characteristics 6 17 Service Groups Service Groups Introduction A service group defines the access that service nodes and port users have to the network Each service group has an identifying number from 0 to 255 Viewing Service Groups To view service groups that have access to services on the access server use the SHOW SERVER command See the LAT Characteristics Display Example section in this chapter Changing Access Server Service Groups Use one of the following commands e To enable service groups on the access server use the following command Local CHANGE SERVER SERVICE GROUPS group list ENABLED e To assign ports to a service group use the following command Local CHANGE PORT port list AUTHORIZED GROUPS group list EN ABLED Changing Service Groups Examples e The following example shows how to enable service groups 1 16 and 18 Local CHANGE SERVER SERVICE GROUPS 1 16 18 ENABLED e The following example shows how to assign ports 2 3 and 5 to service groups 1 16 and 18 Local CHANGE PORT 2 3 5 AUTHORIZED GROUPS 1 16 18 ENABLED 6 18 Configuring LAT Characteristics Chapter 7 TCP IP Network Characteristics Ove
99. the commands used to free NVRAM space Command Frees NVRAM Space Used By DEFINE PORT TN3270 KEYMAP 3270 Function DEFAULT DEFINE PORT TN3270 KEYMAP ALL DEFAULT DEFINE TN3270 ETOA E CODE A CODE DEFAULT DEFINE TN3270 ATOE A CODE E CODE DEFAULT The ASCII mnemonic and key sequence definition for the specified 3270 function All customized keyboard maps The specified EBCDIC to ASCII translation The specified ASCII to EBCDIC translation Configuring and Managing 3270 Terminal Emulation TN3270 18 17 Guidelines for Managing the Use of NVRAM for TN3270 Limiting NVRAM Usage To limit the number of NVRAM keyboard maps that the port user can customize use the command shown in the following example Local DEFINE PORT TN3270 NVRAM LIMIT 5 The default limit is 0 18 18 Configuring and Managing 3270 Terminal Emulation TN3270 Commands to Manage TN3270 Terminal Emulation Commands to Manage TN3270 Terminal Emulation Introduction This section summarizes the commands to manage 3270 emulation Reference For a complete description of these commands and the correct syntax refer to the Network Access Server Command Reference TN3270 Access Server Characteristics The following table summarizes the TN3270 commands that configure access server characteristics Command Description Default SET DEFINE Changes the ASCII For the default ASCII CHANGE TN3270 to EBCDIC to EBCDIC translati
100. this port and disable the Telnet listener on the original port Configuring and Managing Telnet Servers 13 17 Supplying User Location Data to Telnet Servers Supplying User Location Data to Telnet Servers Introduction When the access server creates a Telnet client connection it automatically negotiates with the Telnet server to send port user data If the server responds with a send message the access server transmits the session port name and port number Appropriate software on the server can then use the location data for each session to generate statistics about Telnet use In these negotiations the access server functions only as a Telnet client not as the Telnet server Each time the Telnet server transmits IAC DO the client sends the location data In this way the server can poll anytime for the user s location If the Telnet server does not respond with IAC DO the session proceeds normally but the client does not send the location data Example TCP Messages to Poll Client User Location Data The following example shows a series of TCP messages generated during negotiation between the Telnet client the access server and the Telnet server The client starts the negotiation with IAC WILL SEND LOCATION IAC WILL SEND LOCATION IAC DO SEND LOCATION IAC SB SEND LOCATION ascii location IAC SE IAC DO SEND LOCATION IAC SB SEND LOCATION ascii location IAC SE The ascii location field comprises the Telnet user s
101. this purpose WINS Address Example The following example shows how to set primary and secondary WINS server addresses on the access server Local CHANGE INTERNET WINS PRIMARY 12 30 34 10 Local CHANGE INTERNET WINS SECONDARY 12 150 25 5 Displaying WINS Characteristics Use the SHOW LIST INTERNET NAME RESOLUTION command to view the WINS server addresses stored in the access server s VRAM or NVRAM WINS Display Example The following shows a typical example of the WINS display Local SHOW INTERNET NAME RESOLUTION NetBIOS WINS Name Resolution Primary WINS server 16 20 44 55 Secondary WINS server 16 125 14 235 from DHCP Domain Name Resolution Domain Name finance acme com from DHCP Resolution Host Limit 32 Resolution Time Limit 4 Resolution Mode Ordered Resolution Retry Limit 3 Nameservers Locally configured 9 9 4 99 99 9 9 Local name acme com from DHCP 7 32 TCP IP Network Characteristics Nameservers 99 99 99 99 88 88 88 88 DHCP server Local Assigning WINS Server Addresses Learned Local name acme com Local secondary acme com 16 20 244 250 The following table lists the WINS characteristics displayed in the previous example See the Displaying DNS Characteristics section in this chapter for a description of the DNS characteristics shown in the example Field Primary Secondary Description The Internet address or host name for the primary WINS server
102. total Ethernet usage Controlling the Number of Known Service Nodes Minimize the number of service nodes that are accessed from any one access server by keeping a single access server from accessing many different service nodes for its users Having every access server user connecting to a different service node uses more of the data link bandwidth than many access server users connecting to few service nodes To reduce the number of service nodes accessed from a particular access server assign users to the access server based on their need for common services and then assign the appropriate authorized groups for the access server ports Checking LAT Service Accessibility The node limit characteristic specifies the number of service nodes that can be simultaneously stored in the database for the access server When the node limit is reached messages from additional nodes are discarded The node limit must be in the range of 1 to 2000 If you specify a node limit of NONE there is no limit to the number of nodes stored In this case the node limit is subject to memory constraints The default is 200 nodes If a user on the access server is experiencing response time problems with accessing LAT services you can adjust the node limit characteristic There is a faster connection when a user connects to a host that is defined in the access server database as opposed to a host not in the database A higher node limit uses more of the access ser
103. 0 0 0 IA 5 6 INITIALIZE DIAGNOSE Option Tests llle 5 6 Specifying the DISABLE OPTION with INITIALIZE lessen 5 6 Using NCP to Initialize the Access Server nes 5 7 NCP Initialization Commands o 5 7 NCP References see eiie mee ue eco idet 5 7 Booting from the Network ooooooocococorr e een nee 5 8 Loading the Software Image 0 eee nee eee 5 8 Determining Boot Protocols 5 8 Reference iss bete be ee Ea Rink e dedu eet ee ees 5 8 Booting Using Console Commands oooococoo eh 5 9 Introduction eec AA tb v etel eae tea 5 9 Procedure eios hee ERE IE P ERE e ERNCAER ISSN bed eee an bag ewe ene UR 5 9 Boot Command Options 0 0 0 e eee enna 5 10 Configuring LAT Characteristics OVerVIeW a doeiceweRerk Dee na A eee Ie Ee Mee UR 6 1 In This Chapter x obe t i bas ais sre ee bow ste natty tee dics 6 1 LAT Characteristics rte ILE UIS NAA REE RE MO HU Ue DE Eee d 6 2 Preparing to Change LAT Characteristics 6 2 LAT Characteristic Summary o 6 2 Displaying LAT Characteristics 0 0 III 6 4 Command To Use sec ee epe em URS eb e DR qe de or eds 6 4 LAT Characteristics Display Example lsleeleeeee eA 6 4 ANNOUNCEMENTS Characteristic ooooocoooococcor rererere 6 5 Introduction oiu es ere p HE epe ves dee de Viper ise des 6 5 Configure Announcements Example o ooooooooocococr eee 6 5 CIRCUIT TIMER Characteristics dle art ed eres a a 6 6 Introduction ir
104. 1 11 11 enabling 9 11 DSR logout 9 10 DSR DTR support 10 4 DSRLOGOUT 9 13 10 7 10 10 11 11 Index 4 Device characteristic 9 2 Enabling 9 13 DSRS 10 4 10 6 10 9 10 12 to 10 13 DSV CONFIG 4 2 DSV CONFIGURE 4 2 to 4 3 4 7 compatibility 4 3 executing 4 3 DSV CONFIGURE LIST command 4 5 DSV CONFIGURE COM location 4 3 DTE 10 2 DTR 10 3 to 10 5 10 7 10 9 10 11 to 10 12 10 18 10 20 DTR DSR support 10 3 DTRWAIT 10 11 10 18 enabling 10 11 Dump characteristic 2 6 DUPLEX characteristic 11 21 Duplicate Queries 7 10 Duplicate Responses 7 9 Dynamic ACCESS characteristic 9 5 Dynamic access 13 5 to 13 6 Dynamic Host Configuration Protocol 7 27 display 7 30 setting 7 30 E EBCDIC 18 16 ECHO characteristic 11 21 Emulation 18 1 3270 1 2 18 1 terminal 15 11 TN3270 18 4 End of Record EOR 11 23 13 12 ENTER PASSCODE gt prompt 22 23 Enter username prompt 11 34 Erase Previous Character EC 13 12 Erase Previous Line EL 13 13 Error messages broadcast 8 8 DDP 8 7 Hop count 8 8 In Errors 8 8 Last Error Appletalk status display 8 11 NCP 2 8 No Such Name 8 3 Errors framing 15 7 17 25 overrun 17 25 parity 17 25 Ethernet 2 8 8 14 15 3 17 2 17 10 counters data link 17 10 Ethernet Address AppleTalk ARP display 8 14 Event field 23 4 F Fail Answers 7 10 Failover 11 7 disabling 11 7 File transfers 13 7 Flash RAM initialization 5 5 updating 5 5 FLOW CONTROL 11 11 11 17 20 7 characteristic 11 25
105. 1 11 Terminal device session management protocol TD SMP 11 13 Terminal Server Manager TSM 2 8 Terminal sessions 15 11 TERMINAL type characteristic 11 27 TEST INTERNET 11 44 TFTP protocol 4 12 Time field 23 4 Timeouts 22 4 Timers circuit 2 6 inactivity 2 6 keepalive 2 6 multicast 2 6 TN3270 18 1 18 17 23 6 TN3270 ATOE 18 16 TN3270 ETOA 18 16 Toggle Echo 11 23 Tokencodes 22 23 Too Long Errors 8 7 Too Short Errors 8 7 Tools management 2 1 Access server commands 2 1 console port 2 1 Help 2 1 Total Queries 7 9 Total Response 7 9 TRANSMIT characteristic 11 21 Transmitted 7 22 TRAP 16 2 messages disabling 16 8 Truncated Responses 7 10 Tx field 23 8 TYPE Device characteristic 9 3 Type AppleTalk status display 8 11 U UART chip 20 15 to 20 16 UDP Datagrams 7 24 UDP ports 22 5 Index 13 E JLTRIX 4 2 22 6 DECnet 2 7 JNIX 22 6 JNIX OSF 4 2 JNIX OSF 1 4 2 Jnsent probes 8 6 nsent responses 8 7 P E EE ee AppleTalk routes display 8 13 AppleTalk status display 8 11 SE command 4 6 ser accounts 22 1 22 3 changing usernames 22 11 ser authentication 1 2 ser field 23 8 ser groups 2 3 11 41 assigning 11 42 CLEAR PURGE commands 2 3 command definitions 2 3 command descriptions 2 3 remote console port 2 7 SET DEFINE CHANGE commands 2 3 SHOW LIST MONITOR commands 2 3 User interface 1 2 3 1 configuration 1 3 User privilege level modified events 23 10 V VERIFICATION characteristic 11 39 Disablin
106. 270 Terminal Emulation TN3270 Displaying and Customizing Keyboard Maps Displaying and Customizing Keyboard Maps Introduction Although the default TN3270 keyboard maps are sufficient for most users some may want to customize keyboard maps for specific applications This section describes the default keyboard maps and the options for displaying and customizing them There are two ways to manage customization of keyboard maps on a server wide basis and a port by port basis Server wide customization may be preferred because it addresses multiple users needs and makes more efficient use of the access server NVRAM The server wide customization must be set up by the privileged user while port by port customization can be done by the port user Server Wide Keyboard Maps Customization Server wide customization of keyboard maps depends upon the fact that each keyboard map is associated with a terminal type The privileged user can create a new terminal type and associate a new keyboard map with it Then he or she can customize the new map which changes the key assignments that go with IBM 3270 functions A port user can then associate a port with the new terminal type This automatically sets up the port to use the new keyboard map see the following figure Figure Port Access to Server Wide Keyboard Maps Server Manager Port User New Keyboard New Terminal Map 7 Type y y Port Device LKG 10166 96f Default Server Wide Term
107. 6 Configuring and Managing 3270 Terminal Emulation TN3270 IBM Host Communications The status line is restored when e You use the STATUS function e You send data to the host e The IBM application clears the screen Status Line Messages The following table describes the messages that appear on the status line indicator Message EXTEND HIDDEN INSERT INHIB O ONLINE X 7171 Description You have pressed the EXT function The status line is covering some screen data that you have not yet seen This indicator turns off when you enable the status display after viewing the hidden data The terminal is in insert mode The application has suspended input from the keyboard This condition can occur when You try to enter data in a protected field You try to enter the wrong type of data You are using the numeric lock override function This indicator turns off when you enter the NUM OVR function again You are successfully communicating with the IBM host The IBM system is unavailable for input For example the message X displays after your use the ENTER function to send data to the IBM host You are using 7171 mode to transmit embedded nulls as spaces Configuring and Managing 3270 Terminal Emulation TN3270 18 7 IBM Host Communications Status Line Indicator Display The following figure shows the position of the status line indicator on the screen 18 8 Configuring and Managing 3
108. 70 Configuring Basic 3270 Terminal Emulation Terminal Setup Parameters The following table provides information on terminal setup for the various DIGITAL terminal models Terminal Model Setup Parameters VT100 ANSI mode AUTO XON XOFF ON VT2xx VT3xx V4xx General VT100 through VT400 mode 7 bit or 8 bit controls Communications XOFF at 64 or 128 No local echo Indicating the 3270 Model Number To enable 3270 emulation on a port you must specify the 3270 model number as follows Local CHANGE PORT 2 TN3270 MODEL 2 This command enables port 2 to emulate an IBM 3278 Model 2 display station When the access server establishes a session to an IBM host the host negotiates for an IBM 3278 display station If the IBM host does not negotiate for an IBM 3278 then the access server defaults to a standard Telnet connection To disable 3270 emulation on port 2 enter the following Local CHANGE PORT TN3270 NONE By default 3270 emulation is disabled on all ports Specifying the Type of ASCII Terminal Used for Emulation After you indicate the 3270 model number you need to specify the type of ASCII terminal For example to indicate that a VT220 is attached to port 2 you enter Local CHANGE PORT 2 TN3270 TERMINAL VT220 To display the list of terminal types and their associated keyboard maps enter the SHOW TN3270 TERMINAL command The default terminal device is VT100 Configuring and Managing 3270 Termi
109. 8 Response to Momentary Loss of CTS 0 0 0 eee e 10 19 Disconnec ng esee eo a es Pei bans bed 10 19 Configuring DTR and DSR Signals 0 0 0 eee eee 10 20 Introduction its ARERR A Dor eet aee mai ea ted 10 20 Port Characteristic Effects on the DTR and DSR Signals 00 10 20 11 Configuring and Managing Interactive Devices xii OVerVIe Wi zi ee EID outer C ete cp e NR e 11 1 Introduction osseuse e Rr M ERR Sg RE eo eae De E RAN SR eres 11 1 In This Chapter oet Re RR hrec tell ies i ees ide Paden d 11 1 Configuring an Interactive Device for LAT Sessions leeeeeen 11 3 Configuring an Interactive Device for LAT Sessions 0 000000 e eee 11 3 Sample Network Configuration 0 0 0 00 cece eh 11 4 Configuring LAT Group Codes for Interactive Devices 000000008 11 4 Specifying AUTOCONNECT oc 11 5 Specifying AUTOPROMPT ee eek ab Ae ia a LE 11 6 Specifying the Default Protocol eh 11 6 Specifying FailoVet edere zieht epe IEEE id 11 7 Configuring Port Queuing oo coco 11 7 Displaying Access Server Queue Entries eene 11 8 SHOW QUEUE ALL Display Example 0 0 ee 11 9 Removing Entries from the Access Server Queue eee eee ee eee 11 9 Configuring Port Characteristics 0 eee eee eee ee 11 10 Configuring an Interactive Device for Telnet Sessions 0 000 002 eee ee eee 11 11 TO UC ene REI sce et bw eck Hace YEN SH ee A ERE eee URS 11 11
110. 802 Learn Disable or up to 8 hexadecimal numbers no leading zeroes 1 to FFFFFFFE Learn means that the access server will monitor the LAN to determine the network number of the corresponding frame Managing IPX 20 23 Displaying IPX Status Displaying IPX Status Using the SHOW IPX Command Use the SHOW IPX command to display IPX status The command is nonprivileged IPX Status Display The following example shows the command to display IPX status on an access server Local SHOW IPX STATUS IPX Status Route entries RIP entries SAP entries LAN Frame LAN Frame LAN Frame LAN Frame 6 6 5 ETHERNET LAN Network AAAI RAW802 LAN Network Learning SAP 802 LAN Network BBB1 SNAP802 LAN Network Disabled Fields in the IPX Status Display The following table describes the fields in the IPX Status display Field Description IPX Status RIP entries SAP entries Route entries LAN Frame LAN Network Enabled or Disabled Number of current RIP networks known by the server Number of current SAP services known by the server Number of current routing table entries The frame type Ethernet RAW802 SAP802 or SNAP802 Learning The network number for the corresponding LAN frame has been configured to learn The access server is currently attempting to learn the network number XXXXXXXX Either the network number for the corresponding LAN frame has been configur
111. A community name contains a maximum of 32 characters Due to memory constraints the access server can have only a limited number of community names Community Name Reference For more information about using community names refer to the Configuring the Access Server for SNMP Access section in this chapter Supported SNMP Operations The access server supports the SNMP operations listed in the following table Operation Description Default for All Community Names GET Fetches the value of a variable Enabled GETNEXT Fetches a value without knowing the Enabled variable s exact name SET Enables you to modify access server Disabled parameters and create and delete table entries TRAP Indicates the occurrence of an event Disabled 16 2 Configuring for SNMP Access Supported SNMP Features Supported MIBs The access server supports the Management Information Bases MIBs listed in the following table The release kit contains all supported MIBs The network manager can enroll these MIBs in the appropriate NMS MIB Description RFC 1213 Management Information Base MIB II for Internet protocol suite management This makes RFC 1158 obsolete RFC 1243 Definitions of Managed Objects for the AppleTalk MIB RFC 1284 Definitions of Managed Objects for the Ethernet like interface types RFC 1158 Obsolete MIB II Supported for backwards compatibility RFC 1316 Definitions of Managed Objects for Character Stream Dev
112. ACTERISTICS SHOW MONITOR PORT n IPXCP STATUS COUNTERS CHANGE SET DEFINE PORT nIPXCP ENABLE DISABLE MAXCONFIGURE MAXFAILURE MAXTERMINATE RESTART Description Display the current values for the IPXCP characteristics Description Display the values of the IPXCP counters and characteristics Display the values of the IPXCP counters Description Enable IPXCP Disable IPXCP Number of times IPXCP sends configure request without ACK Number of times IPXCP sends NAK before rejecting option Number of times IPXCP sends terminate request without ACK Restart a suspended session Port PPP Commands for PPP Negotiation Status The following table defines the PORT PPP commands for PPP negotiation status SHOW MONITOR PORT n PPP COUNTERS 20 12 Managing IPX Description Display the values of the IPXCP counters Summary of DECserver IPX Management Commands SHOW MONITOR PORT n PPP STATUS Server IPX Commands Description Display the values of the PPP counters and characteristics The following table defines the server IPX commands SHOW LIST MONITOR IPX CHARACTERISTICS SHOW MONITOR IPX COUNTERS RIP ROUTES STATUS CLEAR IPX RIP SAP ZERO IPX COUNTERS PORT n PPP COUNTERS CHANGE SET DEFINE IPX ENABLE DISABLE CHANGE SET DEFINE IPX FRAME ETHERNET RAW802 Description Display the current values for the characteristics Description Display the values
113. AT Service Login LAT Node Login LAT Groups Definition The IP address of the host system with which the user is to be automatically connected Used in Access Accept packets The type of service to which the user is to be automatically connected Used in Access Accept packets Values Telnet LAT Indicates the TCP or LAT port number to which the user is to be automatically connected Used in Access Accept packets Indicates the LAT service name to which the user is to be automatically connected via LAT Used in Access Accept packets when the Login Service type is LAT Indicates the node within the specified service to which the user is to be automatically connected via LAT Used in Access Accept packets when the Login Service type is LAT and a Login LAT Service is specified Indicates the LAT group codes which the user is authorized to use Used in Access Accept packets when the Login Service type is LAT Managing Access Server Security 22 19 Managing RADIUS RADIUS General Non Session Attributes The following table defines the RADIUS general non session attributes RADIUS Overhead Attributes NAS IP Address NAS Port Reply Message State Class Vendor Specific Definition IP address of the NAS Used in Access Request packets NAS Port Number Used in Access Request packets ASCII text that the NAS may optionally display Used in Access Accept Access Reject or Access
114. Access Max Connect DialBack Number DialOut Number Permissions 22 28 Managing Access Server Security 00 00 01 Retransmit TimeOut 00 00 20 1645 Account Service Port 1646 XXX YYY XXX COM EXCLUDE Password Entered 16 20 55 66 16 20 55 77 None Forced Callback ENABLED 00 08 00 00 DialOut Service DIAL14400 555 1234 Any DIALBACK DIALOUT LAT TELNET SLIP PPP NOPRIVILEGE Determining Security Configuration Example Showing SecurID The following example shows the resulting display for the SHOW SECURID CHARACTERISTICS command LOCAL SHOW SECURID Retransmit Interval 00 00 02 Retransmit TimeOut 00 00 20 Service Port 755 Realm AAA BBB CCC COM Realm Inclusion EXCLUDE Encoding Format DES Prompt Enter Passcode gt Secret Entered Primary Host 16 20 55 66 Authorization Defaults Access INTERACTIVE Forced Callback DISABLED Max Connect 00 08 00 00 DialOut Service DIAL28800 DialBack Number 555 1234 DialOut Number Any Permissions DIALBACK DIALOUT LAT TELNET SLIP PPP NONPRIVILEGED NOPRIVILEGED Example Showing the Server Realm LOCAL SHOW SERVER REALM Realm local NAS Max Fails 3 Authorization Defaults Access INTERACTIVE Forced Callback DISABLE Max Connect 00 08 00 00 DialOut Service DIAL9600 DialBack Number 555 1234 DialOut Number Any Permissions DIALBACK DIALOUT LAT TELNE
115. Access SERVER NUMBER 00 0 0 cece e 6 12 PASSCHECK Characteristic eoe hs see etter A HAAG DERN tiene eaten 6 13 Introduction iore EIE Ser e ke D RUEDA STERNE EE We een eae 6 13 Changing the PASSCHECK Characteristics 0 0 0 0 cee eee ees 6 13 PASSCHECK Characteristic Example leseeeee e 6 13 QUEUE LIMIT Characteristic llle rn 6 14 Introduction ai Ro REY ERDRELER NRI ELEC SB en Es REESE GS Re 6 14 Special QUEUE LIMIT Values apns ipee eee a III 6 14 Changing the QUEUE LIMIT crece creiere seese II e 6 14 RETRANSMIT LIMIT Characteristic llle I ene 6 15 Introduction oie RR oR Fe pe BS ee Sod SE EE SEEN ARE TUA Re Es 6 15 RETRANSMIT LIMIT Values 2 2 0 0 II II 6 15 Changing the RETRANSMIT LIMIT Characteristic 2 2 0 0 0 00 0 eee eee 6 15 RESPONDER Characteristic ire 0 cence hh rms 6 16 Access Server Mapping csse eee bee ce bee cee eee e me es 6 16 Datagram DES i esse ehe eR He erm er aet ede ais our Qaia Rcs 6 16 Changing the RESPONDER Characteristic ees 6 17 Seryice Groups oet NR cS oed eve bed at ot es aces 6 18 Introduction ios ere RR Rr REV UREDRAET OSEE oe AE Caw TUA S REG 6 18 Viewing Service GrOUpS ses cee sot o naaa e eens 6 18 Changing Access Server Service Groups 0 0 nureen errenneren 6 18 Changing Service Groups Examples seseeeeee eh 6 18 vii 7 viii TCP IP Network Characteristics OVET VIEW de A eS ettari Dee oe dpt et t
116. AppleTalk Characteristics III 8 5 Commands 2 iere deem ee bet eae iw adhe ERR AE ROREM Een RR wees 8 5 Displaying AppleTalk Characteristics Example o ooooooooocroococ een 8 5 Fields in the AppleTalk Characteristics Display leleee eee eee eee eee 8 5 Displaying AppleTalk Counters llle III 8 6 Command leni SiGe RA Rae SA Ra ee Rie RAO ee es 8 6 Displaying AppleTalk Counters Example 0 0 0 cece eee eee eee 8 6 Fields in the AppleTalk Counters Display 00 00 00 c eee eee eee eee 8 6 AARP Valles oscars visite Wi Res Rete hee stata A r a Meis 8 9 Displaying AppleTalk StatuS ooooooococorcoco ee 8 10 Command e ec ta cde Oe Ua Cete EL eme e apto ota eee 8 10 Displaying AppleTalk Status Example 0 0 00 0c eee eee 8 10 Fields in the AppleTalk Status Display 0 0 00 0 eee eee 8 10 Displaying AppleTalk Routes seseeeeeeee RI I 8 12 Command sses vr Ed Rs thue SAG tated BE URNMPEU T UR EUM EU nr ES 8 12 Displaying AppleTalk Routes Example 0 0 0 0 cece eee e 8 12 Fields in the AppleTalk Routes Display 0 0 0 0 cee eee eee eee 8 12 Displaying AppleTalk ARP Entries 0 0 0 ee eect eee 8 14 Introduction suc RR eds He Y HEP eek Dey od Ra NI Eee vd 8 14 Command cese ue Ue defe ue sae deci qp pese d 8 14 Displaying AppleTalk ARP Entries Example 0 0 0 00 e eee eee eee 8 14 Fields in the AppleTalk ARP Display
117. CRET Keyword The SECRET in the SecurID REALM is not specified by the user but rather is filled in the first time the realm is used to authenticate a user After that you can clear it by using the NOSECRET qualifier in the CHANGE SECURID REALM command If you clear it or if you delete the realm and then re create it you must reset the client on the authentication server side using the SecurID server administrator program SecurID Prompts The default prompt for SecurID is ENTER PASSCODE gt This default is set when you create a new realm This is the standard SecurID prompt SecurID Ports Normally you do not need to change the SecurID master and slave SERVICE PORT If the default values do not match with those assigned on your hosts then change the values in the access server to match those on the hosts Managing Access Server Security 22 23 Managing SecurlD SecurID Realms SecurID servers do not provide any authorization data therefore any authorization information comes from the SecurID realm or the port characteristics If a SecurID card is in a new PIN mode and the new PIN is coming from the access server the new pin is displayed for 10 seconds and then erased Minimal Setup for SecurlD The minimal configuration requires the following commands to set up the remote ports used for communication with SecurID These features must be assigned in order for any communication with SecurID or SecurID accounting to take place
118. Cconnect system refer to the documentation listed in the preface to this manual Glossary access server A generic name for a family of Digital Equipment Corporation access servers access server configuration database A load host database that contains the DECnet characteristics and the access server type the load file name and the dump file name for each access server access server image A file in the access server directory on the load host that contains executable code Address Resolution Protocol See ARP American National Standards Institute See ANSI ANSI American National Standards Institute This organization compiles and publishes computer industry standards ARP Address Resolution Protocol The Internet protocol that enables a host or a gateway to dynamically map or translate an Internet address into the correct physical hardware address so as to send a packet to a target computer on the same physical network Glossary 1 Glossary 2 American Standard Code for Information Interchange See ASCII AppleTalk An Apple Computer Inc trademark for their network protocol suite ASCII American Standard Code for Information Interchange A set of 8 bit binary numbers representing the alphabet punctuation numerals and other special symbols used in text representation and communications protocols asynchronous Pertaining to a communication method in which each event occurs with no relation to a t
119. Configuration 2 0 0 cece ee 20 19 Disabling TEX necu rete ob A BAS Se ORE REN MERE wee eh 20 20 Using the DEFINE Command 0 cece eee 20 20 Frame Types 2s A Race SN Ue RR Tees E ehe aye ee MR 20 21 Introduction ide e eR S det eb ace beg ra chee Say mich ae ege cde 20 21 Standard Ethernet eese eee SERE Ghee Se eee AUR DR ade e EI es 20 21 RAM802 c e eda exte tet p ee ta E E BE nce dels Watt Ron edt 20 21 SAP802 eos dodo denned oa Ss A Sok Gree dog ie Sw ae Ie eR E Eee 20 21 SINAP802 cdo eee Re secet bue eke A bs Le date ep du ier ns 20 21 Displaying IPX Characteristics 0 ec I 20 22 Using the SHOW command ooo 20 22 IPX Characteristics Display 0 0 0 eee Ie 20 22 IPX Characteristics Display Fields llle eee eee 20 22 Displaying IPX Stat s ccce ete a ER NAE PE A 20 24 Using the SHOW IPX Command 2 0 0 cee ee 20 24 IPX Status Display eli Dex REESE HERRERA TR ERES 20 24 Fields in the IPX Status Display llle 20 24 Displaying IPX Counters cocco DR ee REIR e e RE eG 20 25 Use the SHOW IPX COUNTERS command oococcccccccoco eese 20 25 IPX Counters Display cese oe Re RESERVE 20 25 IPX Counters Display Fields 00 0 cece eee 20 25 Displaying IPX Routes ici ee UR SA wok UR A ee 20 28 Using the SHOW IPX ROUTES Command 0 0 0 0 0 cee eee ee eee 20 28 IPX Routes Display RE he DR RE MES Mae eee 20 28 IPX Routes Display Fields rei pr epo midier eee e ea m III 20 28 Reset
120. Configuring a Device on Port 6 for Internet Hosts Example 0 11 11 Reference cess qu Ste etse n tone RENE Race ae Paro Ne e Ren 11 12 Configuring a Session Management TD SMP Terminal 008 11 13 Introduction eel REA RR URP REY eee dene D Re EUR S 11 13 How to Configures toutes Wee IEEE RA EE eap e EE 11 13 Benefits and Restrictions Summary 0 0 eee eee eee 11 13 Local Mode Command Restrictions During Session Management 11 14 Logging In with Multisessions lle 11 15 Configuring On Demand Loading for Asian Terminals llle esses 11 16 Introduction uz ss pk eee Sele ere nce ea eS ARR RE Ue EE ex 11 16 On Demand Loading Configuration Example ooooooooococccoco 11 16 Disable Switch Character llle 11 16 Configuring for Block Mode Terminals 0 00 0 cece cee eee eh 11 17 DESCrIPHON siot he axe e A RE e TENOR hegre eee S 11 17 B ffet Sien sc eee REL c t be ene Le tmd A Ag ed 11 17 Specifying the Telnet Client Session Profile 0 0 0 0 eese 11 18 Introd ction eoi ee eR e e Se die ere ee i eie pese neo 11 18 Profiles Types ore RUE ERROREM ERIS NESCIRE as ee 11 18 Protile Char cteristis sig ripper X Sor on 11 18 Telnet Client Session Characteristics Predefined for Each Profile 11 19 Configuring Individual Telnet Client Session CharacterisStiCS oooooooomoooooo 11 21 Modifying
121. DEFAULT PROTOCOL and DEDICATED SERVICE for the port to use the AUTOLINK protocol and then enable the AUTOLINK AUTHENTICATION port characteristic Activating AUTOLINK The port begins the AUTOLINK search protocol when the modem has established a connection AUTOLINK examines the characters arriving on the port and determines if a PC is using PPP SLIP or a character cell terminal emulation which may be a login script If AUTOLINK does not detect a PPP or SLIP start frame character within a user set timeout it chooses character cell emulation Note that a user or the login script can expedite the choice of character cell emulation by entering a carriage return character Example Configuring the Port The following example shows how to set the port s default protocol and dedicated service to AUTOLINK Local DEFINE PORT DEFAULT PROTOCOL AUTOLINK Local DEFINE PORT DEDICATED SERVICE AUTOLINK 22 32 Managing Access Server Security Managing Dial Up Access Security with AUTOLINK and AUTOLINK Authentication Enabling AUTOLINK Authentication If you want authenticated logins you must separately configure the port to require AUTOLINK AUTHENTICATION The authentication can be by PPP PAP PPP CHAP or interactively by terminal emulation which could be a script The PC client is required to provide one authentication SLIP users are treated as if they are character cell users Once authentication is successful the pro
122. DEFINE PORT MULTISESSIONS DISABLED e DEFINE PORT PPP ENABLED Example Enabling PPP for Mixed Traffic The following example shows a series of commands used to configure a port to support mixed character cell and PPP traffic Local gt DEFINE PORT 3 ACCESS LOCAL AUTOBAUD ENABLED AUTOCONNECT DISABLED Local gt DEFINE PORT 3 BREAK LOCAL DEFAULT PROTOCOL PPP DSRLOGOUT ENABLED Local gt DEFINE PORT Local gt DEFINE PORT Local gt DEFINE PORT Local gt DEFINE PORT Local gt DEFINE PORT Local gt LOGOUT PORT Local gt INTERRUPTS DISABLED MULTISESSIONS DISABLED PREFERRED NONE SIGNAL CHECK DISABLED SIGNAL CONTROL DISABLED PPP ENABLED PPP IPCP HOST ADDRESS 1 2 3 4 WwWwWwWWwW Ww WwW 19 2 Configuring and Managing Point to Point Protocol PPP Ports Enabling PPP on an Access Server Port Enabling Dedicated PPP Traffic The following example shows a series of commands used to dedicate a port to PPP Local DEFINE PORT 5 ACCESS LOCAL AUTOBAUD DISABLED Local DEFINE PORT 5 AUTOCONNECT ENABLED BREAK DISABLED DEDICATED PPP Local DEFINE PORT 5 DEFAULT PROTOCOL PPP DSRLOGOUT ENABLED Local DEFINE PORT 5 DTRWAIT ENABLED INACTIVITY LOGOUT DISABLED Local DEFINE PORT 5 INTERRUPTS DISABLED MULTISESSIONS DISABLED Local DEFINE PORT 5 PREFERRED NONE SIGNAL CHECK DISABLED Local DEFINE PORT 5 SIGNAL CONTROL DISABLED Local DEFINE PORT 5 PPP ENABLED Local DEFINE PORT 5 PPP IPCP HOST ADDRESS 1 2 3 4 5 Local LOGOUT PORT Enabl
123. DIAGNOSE FULL This command initializes the access server in the default mode and performs an extended test INITIALIZE DIAGNOSE Option Tests The following table shows the tests that are available as part of the INITIALIZE DIAGNOSE option Test Performs Brief Internal self test only Full Extended test including in depth memory test Normal Default Standard self test Specifying the DISABLE OPTION with INITIALIZE Using the DISABLE option with INITIALIZE loads the software image but disables the use of the CONNECT command and the AUTOCONNECT function The following command shows how to use this option Local INITIALIZE DISABLE 5 6 Initializing the Access Server Using NCP to Initialize the Access Server Using NCP to Initialize the Access Server NCP Initialization Commands The following table shows the NCP commands used to initialize the access server if you are on a load host NCP Initialization Description Commands LOAD Ensures that the host at which you issue the command is the node that performs the load TRIGGER Causes the access server to load the software image from any host on the network The NCP LOAD and TRIGGER commands do not have any automatic warning or delay options However you can warn users about an impending initialization by using the access server BROADCAST command NCP Reference For more information about NCP refer to the documentation provided with the host system Initiali
124. DIGITAL NetRider Network Access Server Management Part Number AA PW5VE TE June 1997 Revision Update Information This is a revised document Software and Version DECserver Network Access Software Version 2 2 Digital Equipment Corporation 1997 All rights reserved Digital Equipment Corporation makes no representations that the use of its products in the manner described in this document will not infringe on existing or future patent rights nor do the descriptions contained in this document imply the granting of licenses to make use or sell equipment or software in accordance with the description Possession use or copying of this software and media is authorized only pursuant to a valid written license from DIGITAL or an authorized sublicensor The following are trademarks of Digital Equipment Corporation DDCMP DEC DECmcc DECnet DECserver DECsystem DECwindows DIGITAL DNA LAT NetRider OpenVMS ThinWire ULTRIX VAX VAXstation VMS VMScluster VT100 VT220 VT320 VT330 and the DIGITAL logo The following are third party trademarks AppleTalk and Macintosh are registered trademarks of Apple Computer Inc HP and Hewlett Packard are registered trademarks of Hewlett Packard Company IBM is a registered trademark of International Business Machines Corporation Kerberos is a trademark of the Massachusetts Institute of Technology Microsoft MS DOS and Windows 95 are registered trademarks and Windows NT is a tr
125. DISABLED Local LOGOUT PORT 2 Local CHANGE SERVER SERVICE GROUPS 10 24 46 ENABLED Local CHANGE SERVICE NONDEC PORT 2 IDENTIFICATION XYZ minicomputer Configuring and Managing LAT Services 12 7 Configuration of Specific Types of Devices As LAT Services Configuring a Modem As a LAT Service The following example shows a sample configuration of a dial out modem used as a LAT service Local DEFINE PORT 3 ACCESS REMOTE AUTOBAUD DISABLED Local DEFINE PORT 3 AUTOPROMPT DISABLED BREAK DISABLED Local DEFINE PORT 3 DSRLOGOUT DISABLED DTRWAIT ENABLED Local DEFINE PORT 3 MODEM CONTROL ENABLED SIGNAL CHECK DISABLED Local DEFINE PORT 3 SPEED 1200 Local LOGOUT PORT 3 Local CHANGE SERVER SERVICE GROUPS 10 24 46 ENABLED Local CHANGE SERVICE MODEM1 PORT 3 IDENTIFICATION Modem 123 4567 Example Configuring a Dial In and Dial Out Modem The following example shows a sample configuration of a dial in dial out modem used as a LAT service Local DEFINE PORT 4 ACCESS DYNAMIC AUTOBAUD DISABLED Local DEFINE PORT 4 DSRLOGOUT DISABLED FLOW CONTROL XON Local DEFINE PORT 4 INACTIVITY ENABLED MODEM CONTROL ENABLED Local DEFINE PORT 4 PASSWORD ENABLED SIGNAL CHECK DISABLED Local DEFINE PORT 4 SPEED 2400 Local LOGOUT PORT 4 Local CHANGE SERVER SERVICE GROUPS 10 24 46 ENABLED Local CHANGE SERVICE MODEM2 PORT 4 IDENTIFICATION MODEM 890 1234 12 8 Configuring and Managing LAT Services Configuration of Spec
126. Define or modify the dialer service using the SET DEFINE CHANGE DIAL SCRIPT SERVICE command Showing the Current Dialer Service Characteristics Use the SHOW LIST MONITOR DIALER SERVICE service name CHARACTERISTICS command to display dialer service characteristics These commands are similar to the SHOW SERVICES LOCAL family of commands in usage and syntax The examples in this section show instances of using the SHOW command only The use of the LIST and MONITOR commands is implied since these commands produce similar results in the screen display They differ in the effect that they have on storage of data in VRAM and NVRAM Reference For more information on command line syntax see the Commands to Display and Change Configuration Settings section in Chapter 1 Managing Dial Services 21 9 Defining the Dialer Service Example Show Dialer Port Security Enabled In this example a user on a port with SECURITY enabled would not have access to the STATUS display since it might provide access to unlisted or sensitive phone numbers and other information received from the modem Local SHOW DIALER AT TRADESHOW CHARACTERISTICS Dial Service AT TRADESHOW Identification Dial back from tradeshow Connections Enabled Ports 1 2 9 14 Phone number 555 6766 Delay seconds 135 Mode PPP Username None Password None Local Showing Dialer Service Status Use the SHOW LIST MONITOR DIALER SERVICE service name STATUS c
127. Detect DCD 10 3 to 10 5 Data communication equipment DCE 10 2 Data set ready DSR 10 3 to 10 5 Data signal rate selector DSRS 10 4 10 6 Data terminal equipment DTE 10 2 Data Terminal Ready DTR 10 3 to 10 5 Datagrams 6 16 15 7 DCD 10 3 to 10 5 10 7 10 9 10 12 10 19 DCE 10 2 DDP 8 7 DECnet 2 10 DECnet node 2 10 DECnet Phase IV 2 8 4 2 4 5 to 4 7 DECnet Phase IV OpenVMS 4 3 DECnet OSI 4 2 4 5 4 7 DECnet OSI OpenVMS node 2 9 example 2 10 DEFINE command 1 6 2 3 DELETE command 4 5 Destination AppleTalk routes display 8 12 Destination Unreachable 7 23 Device characteristics 9 1 displaying 9 4 port characteristic matching 9 6 DHCP See Dynamic Host Configuration Proto col 7 27 Dial services 21 1 Index 3 management 1 3 Dialback 21 15 to 21 16 Dialer 21 1 displaying status 21 10 scripts 21 6 defining 21 4 names 21 5 services changing 21 12 characteristics 21 13 defining 21 9 DIALUP characteristic 10 14 DISCONNECT commands 11 14 12 15 19 4 ALL 11 14 PORT 11 51 DNS 22 7 Do Binary 11 49 Do ECHO 11 49 Do End of Record 11 50 Domain Name 7 8 Domain Name System DNS 7 7 autoconfigure utility 7 15 displaying counters 7 9 Domains Internet 7 7 name characteristic 7 8 name resolution 7 10 modes 7 12 retry limit 7 12 time limit 7 12 Do Remote FLOW CONTROL 11 50 Do SGA 11 49 Do Status 11 49 Down AppleTalk routes display 8 13 DSR 10 3 to 10 5 10 7 10 9 to 10 10 10 20 11 11 DSR FLOW CONTROL 9 1
128. Device Characteristics 9 1 Configuring Basic Device Characteristics Configuring Basic Device Characteristics Introduction If you attach a standard DIGITAL video terminal to an access server port the basic device characteristics described in this chapter are the only ones that you need to consider If you are configuring a port to communicate with a modem PC computer interface or nonstandard terminal refer to the signal characteristics described in Chapter 10 in addition to the characteristics described in this chapter Command To configure or modify a basic device characteristic use the SET CHANGE MODIFY command for the appropriate characteristic Basic Device Characteristic Summary The following table summarizes the basic device characteristics and refers you to related information in this chapter Characteristic Default Allowed Refer to Values Section ACCESS Local Local Remote Configuring the Dynamic None ACCESS Characteristic AUTOBAUD Enabled Enabled Disabled AUTOBAUD CHARACTER SIZE 8 7 8 CHARACTER SIZE DSRLOGOUT Disabled Enabled Disabled Specifying DSRLOGOUT FLOW CONTROL XON XON DSR CTS Flow Control DISABLED Types INACTIVITY Disabled Enabled Disabled Specifying LOGOUT INACTIVITY LOGOUT INPUT FLOW Enabled Enabled Disabled FLOW CONTROL CONTROL Direction 9 2 Configuring Basic Device Characteristics Characteristic LONGBREAK LOGOUT OUTPUT FLOW CONTROL PARITY SPEED STOP BITS
129. Dialer Counters 2 2 0 0 0 cece eee 21 12 Modifying the Dialer Service 0 0 0 2 eee cece eee 21 12 Configuring Interactive Dial Requests 0 0 0 0 cee eects 21 15 Configuring for Interactive Dial Back 0 0 eee eee 21 15 Interactive Dial Back Dial Service Example 0 0 0 0 cece eee een eee 21 15 Framed Dial Requests ieu eset oem ees es Eek E eue bee See woe 21 16 Introduction iure to tee tende a ed E dut es 21 16 Changing PPP Characteristics Examples lees 21 16 Cn delines eo Reb etr Eb E ebrei eis 21 16 22 Managing Access Server Security OVEIVIEW no REIR RERBA TUNER RE CRDI a Sa BEE Oe oa RAS 22 1 Inttoductiori scu oe eR ah eee at Bh nece it bU e cent 22 1 In This Chapter visi De RR SERIE EEUU e dies OS 22 1 Security Type Descriptions eue A ee aha Bea ees 22 2 Inttoduction enerne ce epe RET eR LE a EAE ee wae Res 22 2 Kerberos at od om cte t ik te tate hel td D elit lad eal ated loci 22 2 RADIUS i sty a BR E ER RET ee Rae PR Ro Susie ee Nae TS 22 2 Sii a lD MEARE Pu 22 3 User ACCOUNIS gt a A RN ie ade ER qe n e e E s 22 3 Common Terminology Across Security Realms lessen 22 4 Introduction eost eee A A URN CR ERU Re BE C HR PEN IIO dete NUR 22 4 Accounting Host eo els en GR eh Ta a Rea eta aa ha ala Sato es 22 4 Authentication Host coo sa mes des 22 4 Default Reality ies Slee stew tete nde eate estet p t t aei ba es igni 22 4 Login Retries and Timeouts 0 0
130. Disabled Compression Disabled Disabled Connect Time Disabled Disabled Server Info Disabled Disabled Default Router 401 249 0 0 Zone Info LKG Littleton MA 19 16 Configuring and Managing Point to Point Protocol PPP Ports Displaying PPP Status Fields in the ATCP Status Display The following table explains the fields in the ATCP status display Field State Negotiation Time Since Open Failure Reason ATCP Options AppleTalk Address Routing Protocol Suppress B Cast Compression Connect Time Server Info Default Router Zone Info Description The ATCP state as defined in RFC 1331 The possible states are Initial Starting Closed Stopped Closing Stopping Req Sent Ack Revd Ack Sent and Opened The number of seconds required by the PPP negotiation procedure the last time ATCP negotiated The number of seconds since ATCP last attempted to negotiate IP over the link Provides a brief reason if ATCP cannot negotiate IP over the link Local Refers to the access server Remote Refers to the attached PPP hosts The access server Appletalk address and the AppleTalk address that the access server has acquired and assigned to the attached host The type of routing protocol information that may be sent across the link Indicates whether broadcasts are suppressed Indicates whether compression is being used on AppleTalk packets Indicates whether connect time information is passed
131. Disabling SNMP eeeeseeeeeeee e 16 5 Displaying Information About SNMP 0 0 0 cee ee eee ee 16 5 Default Community Name PUBLIC 20 0 0 eee eee 16 5 Configuring a Community Name for Access by Any NMS 0 0 000005 16 6 Configuring a Community Name with an Address 0 0 00 000 0000008 16 6 Configuring Community Names to Send TRAP Messages 000008 16 7 Sample SNMP Configuration 1 0 0 0 0 ee ccc eh 16 8 Disabling TRAP Messages for a Community Name 00 0 00 0000008 16 8 Removing Community Names 00 0 cece eens 16 8 Removing an Address from a Community Name 0 0 0 eese 16 9 Configuring the NMS cess ec eR ERE Seer eth tae Seg eee Soe bce ee Gg roe RETE 16 10 Procedute e e teh Ri 16 10 17 Managing the Access Server QVELVIEW a suc tt hene onee PER eed S EE NEAR ERR ERR ep 17 1 Introduction oie eh s ha e aecenas ied e dee i tco 17 1 In This Chapter cle eR RERUM ER RETE E Ie UE ees 17 1 Managing Your Access Server As Part of the LAT Network 000000 17 2 xvii Introduction ED A BS We x WU PONTI 17 2 Distributing Devices on Access Servers 0 0 cee rreren renner rrn 17 2 Controlling the Number of Known Service Nodes 00 0000 e eee ee eee 17 2 Checking LAT Service Accessibility 0 0 0 0 0 cece e 17 2 Reducing Memory Usage socio ee hehe oe he p CE E Oe AS a as CHE 17 3
132. ECT NODE SHRIMP SERVICE PASSWORD FEDCBA Console connected press CTRL D when finished ACCESS not echoed Network Access SW Vx x for DSxxx xx BLxx xx ROM Vx x x Uptime 0 00 16 38 c Copyright 1993 Digital Equipment Corporation All Rights Reserved Please type HELP if you need assistance Enter username MANAGER Local Use of SET HOST MOP from a DECnet OSI OpenVMS Node MOP enables you to connect to the remote console port from an DECnet OSI OpenVMS node that is on the same Ethernet as the access server To disconnect from the access server enter Ctrl Refer to the appropriate DECnet OSI manual for information about how DECnet OSI interprets passwords on the SET HOST MOP command line Management Tools 2 9 Remote Console Port Example Using MOP to Connect to an Access Server from a DECnet OSI OpenVMS Node The following example shows a connection from a DECnet OSI OpenVMS node to an access server remote console port In this example e The access server has a DECnet node name of DGD700 e The maintenance password is FEDCBA On the SET HOST MOP command line however the DECnet OSI software transposes this password into the string BADCFE e The access server has a password of ACCESS SET HOST MOP DGD700 VERIFICATION XBADCFE CCR I CONNEST connection established to remote system 08 00 2B 26 AE 32 Press CTRL to disconnect CTRL to send break ACCESS not echoed Network Access SW Vx x fo
133. ED 11 38 CHARACTER SIZE Device characteristic 9 2 CHARACTER SIZE characteristic 11 22 13 13 Characteristics announcement 2 6 displaying 2 6 SET DEFINE CHANGE Remote Console port 2 7 Telnet remote console port 2 12 Checksum Errors 8 7 Circuit timer 2 6 characteristic 6 2 6 6 Clear To Send CTS 10 3 10 5 CLEAR PURGE commands 2 3 2 11 INTERNET HOST 7 13 TELNET LISTENER 2 11 Cold start 16 7 Command descriptions 2 3 Command groups 3 2 3 4 creating 3 3 dial services 21 2 executing 3 4 Commands CHANGE 1 6 2 3 CLEAR 2 3 CLEAR PURGE TELNET LISTENER 2 11 CONNECT 4 6 11 11 DEFINE 1 6 2 3 definitions 2 3 DELETE 4 5 DSV CONFIGURE 4 4 4 6 LIST 4 6 SERVER 4 4 SHOW 4 6 USE 4 6 HELP TUTORIAL 2 5 LIST 2 3 load hosts 4 4 logout 2 12 MODIFY 4 5 MONITOR 2 3 OPEN 11 11 privileged 2 4 PURGE 2 3 REMOVE QUEUE 11 9 SET 1 6 2 3 4 5 SHOW 2 3 syntax 2 2 TELNET 11 11 Communications 18 6 network LAT 1 3 Compressed SLIP CSLIP 15 13 Configuration 3270 emulation 1 2 ports 1 2 SLIP 1 3 system administrator tasks 1 2 user interface 1 3 CONNECT command 4 6 5 6 11 5 to 11 6 11 11 11 14 15 11 PPP 19 4 SLIP 15 12 Connect time 15 14 Connections number allowed Telnet remote console port 2 12 Console Carrier Request CCR 2 10 Console port 2 1 2 6 changing 2 6 remote 2 12 4 3 CSLIP automatic 15 13 CTS 10 3 10 5 10 9 to 10 10 10 18 to 10 19 20 8 CTS FLOW CONTROL 9 11 enabling 9 11 D Data Carrier
134. ENER TYPE RAW command to configure the Telnet listener Then use the CHANGE TCP LISTENER or CHANGE TELNET LISTENER commands to define additional characteristics Example Configuring Raw TCP The following example shows how to a configure raw TCP listener on port 3 Local CHANGE TELNET LISTENER 2003 PORT 3 Local CHANGE TELNET LISTENER 2003 TYPE RAW Local CHANGE TELNET LISTENER 2003 CONNECTIONS ENABLED These commands Create a Telnet listener on access server port 3 and assign TCP port 2003 to the port Set the type for the Telnet listener to RAW Enable the raw TCP listener Configuring and Managing Telnet Servers 13 19 Configuring a Raw TCP Listener Displaying Raw TCP Characteristics Use the SHOW LIST TELNET LISTENER command to view the raw TCP settings Example Raw TCP Display The following example shows a typical display for a Telnet listener configured for raw TCP Local SHOW TELNET LISTENER 2003 Listener TCP port 2003 Listener Type RAW TCP Identification Ports 3 Connections ENABLED IP address 12 422 22 22 13 20 Configuring and Managing Telnet Servers Chapter 14 Configuring LPD Printers Overview Introduction The Line Printer Daemon LPD handles remote networking printing It listens for print requests from remote hosts on the Local Area Network LAN and responds to these requests The LPD software that the access server implements is similar in function to the LPR LPD
135. ER command Current running value of the resource If the Max value is lowered during the Uptime this value can exceed the Max value for counters Highest value the resource attained since the access server was last initialized The length of time is shown in the Uptime field If the Max value is lowered during the Uptime this value can exceed the Max value for certain counters Maximum value that the resource can reach given the physical restraints or the value specified for a access server characteristic Managing the Access Server 17 17 Displaying Information About the Access Server Field Active Ports Active Users Queue Entries Available Services LAT protocol only Local Services LAT protocol only Reachable Nodes LAT protocol only Active Circuits Connected Nodes Connected Sessions CPU Used Memory Used Minutes to Shutdown Discarded Nodes 17 18 Managing the Access Server Description Ports that have either interactive sessions or remote access connections Ports that have interactive sessions Queued connection requests that are in the access server queue Network services that the access server recognizes as being available to users on the access server The information about these services is stored in access server memory Number of LAT services offered by the access server Computers or other access servers that offer services on the network and that are reacha
136. ERVER NAME PRINTING 6 10 Configuring LAT Characteristics NODE LIMIT Characteristic NODE LIMIT Characteristic Introduction The NODE LIMIT characteristic specifies the maximum number of LAT service nodes that the access server maintains in its node database The range is from 1 to 2000 and the default is 200 You can also specify a node limit of NONE This keyword indicates that the only limit is the available memory of the access server Changing the Access Server NODE LIMIT Use the DEFINE SET CHANGE SERVER NODE LIMIT command to change this characteristic The following example shows how to change the node limit to 300 Local CHANGE SERVER NODE LIMIT 300 Configuring LAT Characteristics 6 11 Access SERVER NUMBER Characteristic Access SERVER NUMBER Characteristic Introduction Each access server has a number that uniquely identifies it Access SERVER NUMBER Values This number is a value from 0 to 32 767 The default is 0 When the access server offers a service it periodically multicasts the number over the network Changing the Access SERVER NUMBER Use the DEFINE SET CHANGE SERVER NUMBER command to change this characteristic The following command shows how to change the access server number to 35 Local CHANGE SERVER NUMBER 35 6 12 Configuring LAT Characteristics PASSCHECK Characteristic PASSCHECK Characteristic Introduction The PASSCHECK characteristic determines whether a host is required to
137. ES if you want to reset the access server to factory settings Booting Using Console Commands Associated Options Initializing the Access Server 5 11 Chapter 6 Configuring LAT Characteristics Overview In This Chapter This chapter describes how to configure the LAT characteristics for the access server This chapter contains the following topics e LAT Characteristics e Displaying LAT Characteristics e ANNOUNCEMENTS Characteristic e CIRCUIT TIMER Characteristic e IDENTIFICATION Characteristic e KEEPALIVE TIMER Characteristic e MULTICAST TIMER Characteristic e ACCESS SERVER NAME Characteristic e NODE LIMIT Characteristic e Access SERVER NUMBER Characteristic e NODE LIMIT Characteristic e Access SERVER NUMBER Characteristic e PASSCHECK Characteristic e QUEUE LIMIT Characteristic e RETRANSMIT LIMIT Characteristic e RESPONDER Characteristic e Service Groups Configuring LAT Characteristics 6 1 LAT Characteristics LAT Characteristics Preparing to Change LAT Characteristics Before you change LAT characteristics make sure to e Install the latest software image on the access server and all load hosts e Read the release notes e Know what devices and cables are connected at the various ports e Enter the SET PRIVILEGED command for the port e Check if the current values or default values are appropriate LAT Characteristic Summary To modify a LAT characteristic use the SET DEFINE CHANGE command f
138. Each security method has a well known port or two that must be specified to the access server in order for the UDP connection to be established When you create a new realm it is not usable until you define a secret and at least one authentication host for it However the realm will be created with default values the well known ports for the UDP ports Managing Access Server Security 22 5 Managing Kerberos Managing Kerberos Introduction This section describes Kerberos security features and explains how to configure and manage these features on the access server To use the procedures in this section you must e Ensure that the access server can communicate with a host running Kerberos V4 software e Connect and test the devices e Enable privileged status e Configure the port and device characteristics to match Reference Refer to the access server hardware documentation for information about connecting device cables This section assumes that you have a basic understanding of Kerberos Refer to Digital s Guide to Kerberos for more information Configuration Prerequisites This section describes the prerequisites for configuring the Kerberos security features On an access server Kerberos Host Requirements e To use Kerberos authentication the access server must be able to communicate over the network with a host that functions as a Kerberos V4 key distribution center KDC The key distribution center is an ULTR
139. F 14 4 Configuring LPD Printers Configuring LPD Configuring LPD Configuring Remote Hosts Remote network printing using LPR LPD requires that you set up the host system correctly The following table describes the setup requirements for specific types of hosts If Printing From Then This Host UNIX Create an entry inthe etc printcap file that includes the name of the remote printer and the IP address of the access server the LPD server Refer to your system s LPR LPD documentation for details Users must convert files to either ASCII text or PostScript format before printing files Windows NT 1 Install a TCP IP printing service 2 Install a printer use the Control Panel 3 Choose an appropriate print driver for the printer 4 Assign the LPR port that the TCP IP printing service creates to the printer This causes the system to prompt the user to enter the LPD server s IP address and remote printer name VMS UCX 1 Install the UCX software 2 Run UCX LPRSETUP EXE to set up the LPR printer 3 Follow the prompts to set up the printer Associating a Printer With a Port To allow remote network printing with LPD associate a printer with one or more ports This is similar to defining a Telnet or TCP listener however instead of specifying a port number you specify a printer name The printer name must be unique on the network You can associate the printer with a single port or you configure it to be s
140. F is supported If the attached device does not support XON flow control configure flow control DISABLE This means flow control is not used Although operation is possible without flow control poor performance or unexpected behavior with your Novell connection can result e SIGNAL SELECT should match signals used by the attached device for example a modem and is applicable for the DECserver 700 16 port and DECserver 900TM hardware SIGNAL SELECT is not applicable for DECserver 90M DECserver 90TL and DECserver 700 8 port hardware SIGNAL SELECT Managing IPX 20 7 Setting Up the Network Access Server can be configured either CTS CTS DSR RTS DTR or RI RI DCD DSRS DTR Based on configuration correct adapter must be chosen see Appendix A Current high speed modems 29600 baud typically use CTS Configuring the Port for the Login Method You can configure a port to log in to a local user interface prompt or to be exclusively dedicated to PPP To configure a port for login to a local user interface prompt refer to the Configuring the Port for Login to the Local Prompt section in this chapter To configure a port to be exclusively dedicated to PPP refer to the Configuring the Port Dedicated to PPP section in this chapter Configuring the Port for Login to the Local Prompt Following modem connection the PC user will log in to the local interface with or without password authentication Then the user will have the option to
141. FLOW CONTROL between the port and the host Flow Control Types XON XOFF The types of FLOW CONTROL that you can configure are e XON XOFF e DSR e CTS e No Flow Control e Flow Control Direction When the access server use XON XOFF FLOW CONTROL on a port it sends e An XON character to start the data transfer between the port and the attached device e An XOFF character to stop the data transfer between the port and the attached device XON XOFF is the type of FLOW CONTROL that Digital Equipment Corporation s terminals personal computers printers and modems use When to Use You must use XON XOFF FLOW CONTROL when you use e DSR logout See Specifying DSRLOGOUT in this chapter e Signal check See Specifying SIGNAL CHECK in Chapter 10 9 10 Configuring Basic Device Characteristics DSR CTS Configuring the FLOW CONTROL Characteristic Example Enabling XON XOFF FLOW CONTROL The following example shows how to enable XON XOFF FLOW CONTROL Local CHANGE PORT 5 FLOW CONTROL XON DSR FLOW CONTROL operates as follows e Ifthe access server receives data too quickly from the port device it turns off DTR until it can accept more data e If the port device receives data too quickly from the access server it turns off the DSR signal until can accept more data Do not enable DSR FLOW CONTROL if modem control signal control DSR logout or signal check is enabled DSR FLOW CONTROL overrides these characteristics
142. ING 3 giovanni Local Mode 4 Remote Connected PRINTER 5 card Connected SLIP 11 40 Configuring and Managing Interactive Devices Managing Users SHOW LIST MONITOR USERS Display Headings The following table provides an explanation of the information in the display in the previous example Heading Description Port Number of the port Username Any user name or the name of the port established by the PORT NAME characteristic Note Any port having the user name Remote designates a remote access session in progress Status Status of the port which can be one of the following Connected Port is connected to a service Connecting Port is attempting to connect to a service Disconnected Session was terminated while dormant Disconnecting Session is disconnecting from a service Signal Wait The port failed to assert the DSR signal during a signal check controlled connection attempt Idle Port is not is use Local Mode Port is logged into the access server and is in local mode Locked The user has entered the LOCK command to LOCK the port Service Name of the user s current session Specifying User Groups Nonprivileged users can choose the groups they require for their ports by using the SET PORT GROUPS command Users must choose from the groups you authorized for their ports The SET PORT GROUPS command limits user access to those services made available by the groups specified with the command The command serves to
143. INS server addresses in one of the following ways e FromaDHCP server on the network if the DHCP is enabled on the access server e From access server commands that you enter at a local or remote console The following shows how the remote client receives WINS server information from the access server Dial Up Client Access Server 1 Client requests WINS server 2 Server receives addresses request Sends during PPP addresses negotiation stored in VRAM Olient sends new request 4 Access Server using the compares request addresses it to addresses in recieved from the VRAM If they access server match sends an acknowledgement Client receives If no match sends acknowledgement new addresses PPP negotiation continues LKG 10497 97 MF TCP IP Network Characteristics 7 31 Assigning WINS Server Addresses Assigning WINS Addresses If you enable DHCP on the access server it receives the WINS server addresses from a DHCP server on the network and writes the values to VRAM when you reinitialize the access server When a remote client sends a request to the access server for WINS server addresses during PPP negotiation the access server responds with the addresses it finds in VRAM If you disable DHCP or need to change the WINS server addresses at a time when you do not want to reinitialize the access server you can set the addresses manually Use the SET DEFINE CHANGE INTERNET WINS PRIMARYISECONDARY command for
144. IP CHARACTERISTICS command to display SLIP characteristics Displaying SLIP Characteristics Example The following example shows a typical SLIP characteristics display Local SHOW PORT 5 SLIP CHARACTERISTICS POrt 5 Rick Server Servername Host Address 17 20 19 7 MTU 1006 Header Compression Disabled Compression States 16 15 4 Configuring and Managing SLIP Ports Managing Internet Addresses for SLIP Hosts Managing Internet Addresses for SLIP Hosts Introduction The Internet address for the SLIP host must be unique on the subnet and must have the same subnet identifier as the access server A subnet identifier is the result of a logical AND operation on the Internet address and the subnet mask For example assume that you set 1 The access server Internet address as follows Local CHANGE INTERNET ADDRESS 83 62 18 101 2 Thesubnet mask as follows Local CHANGE INTERNET SUBNET MASK 255 255 255 0 In this situation the subnet identifier is 83 62 18 0 In this example the Internet address of the SLIP host must be 83 62 18 xx The value xx is any number between 1 and 254 except 101 The value 101 is the access server Internet address How an Access Server Port Obtains the SLIP Host Internet Address This section describes how an access server port obtains the SLIP host Internet address The SLIP host port address must be contained in the access server subnet identifier You can assign an address or you can all
145. IX Access Server Loader TCP IP BOOTP Windows NT Access Server Manager and Access Server TFTP Windows 95 online help and the Manager DECserver Network Access Software Installation guide 4 2 Managing Load Hosts DSV CONFIGURE DSV CONFIGURE Introduction DSV CONFIGURE is a command procedure that runs on a DECnet Phase IV OpenVMS load host or on a DECnet OSI OpenVMS load host This procedure enables you to e Maintain configuration information about access servers e Modify the local MOP Maintenance Operation Protocol client configuration e Access the remote console port of the access server DIGITAL provides DSV CONFIGURE as part of the access server software For information about installing DS V CONFIGURE refer to the installation guide provided with the access server software Backward Compatibility of DSV CONFIGURE DSV CONFIGURE supports both DECnet Phase IV and DECnet OSI Phase V Upon installation DS V CONFIGURE automatically converts databases created by DSVCONFIG to the data format required by DSV CONFIGURE Executing DSV CONFIGURE The procedure DSV CONFIGURE COM is located in the following directory SYSSCOMMON DECSERVER Execute this procedure as follows QSYS COMMON DECSERVER DSVSCONFIGURE Defining Symbols You may find it useful to define a symbol for this procedure in your LOGIN COM file For example DSV SYSSCOMMON DECSERVER DSVSCONF IGURE Managing
146. IX or UNIX host that runs Kerberos software and contains a database of valid user names and passwords The access server does not authenticate using the Kerberos V5 protocol e To operate with the highest level of security the access server must be registered with all KDCs within the Kerberos realms in which user authentication will take place A realm refers to a group of hosts that share a common administrative domain for purposes of user authentication e Each realm has one master KDC that contains a write enabled database The master KDC propagates its database to any slave KDCs in the same realm A basic mode of operation is also available in which the access server does not need to be registered in any of the realms This mode of operation is less secure but easier to configure 22 6 Managing Access Server Security Managing Kerberos Network Access Server Requirements Before configuring security specific parameters make sure that e You have entered the correct Internet address and subnet mask See the Configuring the Internet Address and Subnet Mask section in Chapter 7 e There is an Internet gateway to the KDC if the KDC is not on the access server subnet See the Defining Networks Available Through a Specific Gateway section in Chapter 7 e The DNS parameters are set correctly if Internet hosts are not explicitly configured on the access server See the Displaying the DNS Counters section in Chapter 7 Configuratio
147. Information About the Access Server Displaying Information About the Access Server Introduction The LIST MONITOR SHOW SERVER command displays information about the access server or about data maintained by the access server You can obtain characteristics counter status and summary displays for the access server Specifying the Prompt The factory set default access server prompt is Local You can change this prompt to any ASCII character with a restriction of 1 to 16 characters The following shows how to change this prompt to Engineering You should include a space at the end of the prompt to leave space between the prompt and user commands Local CHANGE SERVER PROMPT Engineering gt To go back to the default Local prompt enter the following command Local CHANGE SERVER PROMPT This command specifies the access server prompt displayed to all port users when in local mode with the exception of the RCF management port Displaying Access Server Counters The LIST MONITOR SHOW SERVER COUNTERS command displays the values for the global counters maintained by the access server The counters display is useful for detecting network problems The first line displays the access server software version number and base level LAT software version number ROM version number and the time that the access server has been running since the last downline load expressed as days hours minutes seconds The COUNTERS data appear
148. Keyboard Map for a Port A port user can forego access to any server wide keymappings that may be available Instead the user can choose the default terminal types and keyboard maps Reference For a printed copy of these keyboard maps refer to the Network Access Server Command Reference Keyboard Map and Terminal Type The following table lists the two default keyboard maps and their associated terminal devices Predefined Terminal Device Associated Keyboard Map VT100 ANSI VT100 All ASCII terminals other than the VT100 VT220 Configuring and Managing 3270 Terminal Emulation TN3270 18 13 Displaying and Customizing Keyboard Maps You can list the defaults with this command Local SHOW TN3270 KEYMAP KEYMAPNAME The defaults are shown in the Default Server Wide Terminal Type and Keyboard Maps and the Keyboard Map and Terminal Type You can display the keyboard mappings associated with a default keyboard map VT220 in this example for a VT420 port device with this command Local SHOW TN3270 KEYMAP VT220 If this keymapping is the best choice for the port user you can set up the port to use the VT420 terminal type which is associated with the VT220 keyboard map Execute the following command to choose the VT220 keyboard map for port 2 Local CHANGE PORT 2 TN3270 TERMINAL VT420 The user can now confirm the terminal type and keyboard mapping assignments Local SHOW PORT 2 TN3270 CHARACTERISTICS Local SHOW PORT 2
149. L DEFINE PORT 2 AUTHENTICATION ENABLED Example Sample SHOW PORT Command After enabling authentication on a port you can then display the port settings to verify that user authentication is enabled as shown in the following example Local SHOW PORT 1 Port 14 smith Server TSM700 Enabled Characteristics Authentication Autoconnect Autoprompt Broadcast Failover Input Flow Control Lock Loss Notification Message Codes Output Flow Control Lock Notification Verification Managing Access Server Security 22 9 Managing Kerberos User Authentication Procedure When the system administrator configures Kerberos security features for a given access server port you need to enter a valid user name and password when you log on to the access server A complete Kerberos principal name has the following format user name instance 9 realm name To abort the authentication process press the Break key or the Local Switch key By default Kerberos allows you three attempts to enter a valid user name and password After three unsuccessful attempts to enter a user name and password the access server disables the authentication procedure on the port for a period of 1 minute To change the default number of invalid authentication attempts use the SET PASSWORD LIMIT command Example Authentication with a Complete User Name The following example shows a typical user authentication that uses the complete form of the Kerberos pr
150. LAT or Telnet the session is using Name of the LAT service or Internet host associated with the session or SLIP for SLIP sessions If the name of the LAT service differs from the name of the LAT service node supplying the service the display includes the name of the LAT service node within parentheses For a remote access connection to the port the LAT service name is the LAT service sought by the requesting node and the name within parentheses is the requesting LAT service node Configuring and Managing Interactive Devices 11 47 Managing Sessions Displaying Session Characteristics You can display the characteristics of any current LAT or Telnet session Example SHOW PORT SESSIONS CHARACTERISTICS Display for a LAT Session The following example displays the characteristics of LAT session 1 on port 4 Local SHOW PORT 4 SESSIONS 1 CHARACTERISTICS Port 4 Session 1 Protocol LAT Transparency Mode Interactive There are only two lines in this display The first line displays the port number session number and protocol used by the session The second line displays the transparency mode which can be Interactive Pasthru or Passall For an explanation of the characteristics for Telnet and 3270 sessions refer to Specifying the Telnet Client Session Profile in this chapter and Chapter 18 respectively Displaying Session Status You can display the status of any current Telnet session If you have a LAT session the SHOW LIST M
151. Line Printer Remote Daemon on UNIX systems In This Chapter This chapter contains the following topics e LPD Operation e Configuring LPD Configuring LPD Printers 14 1 LPD Operation LPD Operation Supported File Types The access server s LPD implementation supports printing of ASCII text and PostScript files The access server does not convert files from one format to the other Users must be aware of the type of file they want to print and select the appropriate printer when submitting a print job Control and Data Files During the printing operation the access server receives control and data files from the remote host The following table describes these files This File Contains Control File format information and user information for example host and user name Data file Total number of bytes in the file the name of the data file and the data Remote hosts can send control and data files in any order The access server does the following e Ifthe control file arrives first the access server stores the file waits for the data file to arrive and then prints the data The access server sends the user data in the control file as the last page of the print job If the Control File Does the Header Does the User Arrives First and the Trailer Print Information Print Header is enabled Yes Yes Header is disabled No No Header is optional Yes Yes Trailer is enabled Yes Yes Trailer is dis
152. Load Hosts 4 3 DSV CONFIGURE Example Starting DSV CONFIGURE and Displaying Help The following example shows how to use the symbol DSV to start DSV CONFIGURE This example also shows how to use HELP to display a list of DSV CONFIGURE commands The remainder of this section explains each command shown DSV DSV I IDENT executing DSVSCONFIGURE version x x x nnn DSV I oe HELP type any time for help DSV HELP ADD Add a server to the system MODIFY Modify an existing server s information SET Synonym for MODIFY DELETE Remove a comm server from the system LIST Display information about one or all servers SHOW Synonym for LIST CONNECT Connect to a server via remote console USE Synonym for connect HELP Displays summary of valid commands EXIT Exit this procedure ADD Command To add an access server to the system use the following command format ADD SERVER server name The following table describes the command syntax Command Description Component SERVER An optional keyword as in all DS V CONFIGURE commands server name An optional way to specify the name If you do not specify the name on the command line DS V CONFIGURE prompts you for it After you enter the ADD command DSV CONFIGURE displays a series of prompts Some prompts display with defaults specified in square brackets The values of the defaults are based on the running system 4 4 Managi
153. M M DEFINE DIALER SCRIPT dickens COMMAND AT SET DIALER SCRIPT dickens INIT NONE SET DIALER SCRIPT dickens RESET NONE CHANGE DIALER SCRIPT dickens PREFIX DT DEF DIALER SCRIPT dickens RESET NONE SET DIALER SCRIPT dickens TIMEOUT NONE Managing Dial Services 21 5 Assigning the Dialer Script to a Port Assigning the Dialer Script to a Port Steps After configuring the dialer strings in a dialer script assign the script to a specific port Do the following Step Action 1 Are you defining the dialer script to the port for the first time If yes go to step 2 f no use the SHOW PORT n command to determine the current dialer script by showing the port optional If you assign a dialer script to a port that already has an assigned dialer script the access server overwrites the first dialer script When you change or set a dialer script it is a good idea to check to see if one is in use 2 Assign the new dialer script to the desired port using the DEFINE PORT n DIALER SCRIPT command Determining the Current Dialer Script Use the SHOW PORT n command to display information about specific ports and their current configuration The SHOW PORT command helps you to determine how a port is configured before you begin making changes to that port 21 6 Managing Dial Services Assigning a Assigning the Dialer Script to a Port Example The Show Port Command Display The following example shows the resulting display
154. N id 12 1 Configuring a Port to Offer a LAT Service llle 12 2 Configuration Parameters 2 0 occa tt UE e DAS a RI Eee 12 2 Configuring Access toa LAT Service 0 0 ee 12 3 Assigning a Service Name ooo 12 3 Enabling Announcements o 12 3 Assigning an Identification String 12 4 Assigning a Port Name ctu RES T A URS TER eee E OAS UR ERA 12 4 Specifying the Service Password 0 0 0 0 eee ce eA 12 5 Configuration of Specific Types of Devices As LAT Services 0 000000 12 6 Introduction c cete AS CANE eked oe OE DEPO er EUR eam edes 12 6 Configuring a Personal Computer As a Terminal and LAT Service 12 6 Configuring a Computer As a LAT Service 00 0 eee eee eee 12 7 Configuring a Modem As a LAT Service 0 0 0 0 eee 12 8 Configuring a Printer As a LAT Service 0 0 2 cece eee 12 9 Setting Up a LAT Remote Print Queue on an OpenVMS Host 00 12 9 Setting Up a LAT Remote Print Queue on an ULTRIX System 12 11 Configuring a Printer with Unannounced Availability o o ooooococoocooooomo o 12 13 Introduction cs Recent ap wl er Sac e ec er tad ABs Saeed 12 13 Configuring a Printer with Unannounced Availability 00 000 12 13 Verifying the LAT Service ieu le Ree Rer o e eR RR RR aee A eheu 12 15 Do Thisz ud eee vetere C Pe SS Pp Oe SEE a UAR NE 12 15 Problem Solving c uet RE E En eU ead Rare
155. NECT command zeroes each of these counters 19 20 Configuring and Managing Point to Point Protocol PPP Ports Displaying PPP Counters Example Command to Display the IPCP Counters The following example shows how to display the IPCP counters for port 5 Local SHOW PORT 5 IPCP COUNTERS Port 51 Server IPCP Counters Negotiation Successes Negotiation Failures Configures in Acks in Naks in Rejects in Terminates in Term Acks in Or CO 03 O o c LAT 08002B26D0E7 Configures out Acks out Naks out Rejects out Terminates out oO OOO o0 Term Acks out Fields in the IPCP Counters Display The following table describes the fields in the IPCP counters display Field Negotiation Successes Negotiation Failures Configures in Configures out Acks in Acks out Description The number of times that IPCP has successfully entered a round of negotiations to bring up IP since the link was brought up Ordinarily the value of this counter is 1 However you can reconfigure IPCP and then cause IPCP to renegotiate This changes the performance characteristics for the link The number of times that IPCP tried to negotiate the link but failed This is the number of IPCP configure requests received from the peer The number of IPCP configure requests sent to the peer from the access server The number of IPCP configure acks received from the peer The number of IPCP
156. NMS DOS NMS Accesses Accesses Accesses SNUGS SNUGS SNUGS SERVER BUGS 195 1 1 2 195 1 1 1 SS 195 1 1 3 GET GETNEXT af 195 1 1 8 Communities SNUGS GET GETNEXT and SET Enabled BUGS 195 1 1 1 only GET GETNEXT and SET Enabled SERVER 195 1 1 2 only GET GETNEXT SET and TRAPS Enabled LJ O5096 Al Disabling TRAP Messages for a Community Name To disable TRAP messages use the CLEAR SNMP COMMUNITY community name TRAP DISABLED command The following is an example of disabling TRAP messages for the SERVER community Local gt CLEAR SNMP COMMUNITY SERVER TRAP DISABLED Removing Community Names The access server allocates 80 bytes of NVRAM to store information about community names If you attempt to define or modify a community name and there is insufficient memory you see a message in this format Local 654 Insufficient space total unused community characters left is n In this situation use the CLEAR or PURGE SNMP COMMUNITY command to remove one or more unused community names You can also remove the default community name PUBLIC 16 8 Configuring for SNMP Access Configuring the Access Server for SNMP Access After you remove a community name any NMS that used the community name is no longer able to communicate with the access server The following example shows how to remove community name BUGS Local CLEAR SNMP COMMUNITY BUGS
157. NTERS command to display the counters for a dialer service Example Show Dialer Counters The following example shows the dialer service counters display for the dialer service AT TRADESHOW Local SHOW DIALER AT TRADESHOW COUNTERS Dial Service AT TRADESHOW Seconds Since Zeroed 1989692 Failures 17 Connections Attempted IT Busy 10 Connections Completed 96 No Answer 0 No Dial Tone 0 No Response 0 No Carrier 0 Authentication 7 Unknown 0 Local Modifying the Dialer Service Use the SET DEFINE CHANGE DIALER SERVICE dialer service name command to define the dialer service The dialer service name characteristic is a string of 1 to 16 characters The dialer service name must be unique to the server Before you create a new dialer service use the SHOW DIALER SERVICE command to verify that the new name does not conflict with that of an existing dialer service For a detailed explanation of command keywords used to mange dialer services see the Command Definitions section in Chapter 2 Example Change Dialer Name The following example uses many of the keyword options in the command line Local CHANGE DIALER on the road PORT 4 9 IDENT Dial back Local CHANGE DIALER on the road NUMBER MODE 21 12 Managing Dial Services Dialer Service Characteristics Defining the Dialer Service The following table describes the dialer service characteristics Characteristic IDENTIFICATION CONNECTIONS PORTS
158. NUMBER Description Allows an identifying string to be associated with a given service Specifies whether a user may connect to the current dial service One or more physical ports that are to offer this dial service Indicates the allowable phone number s for use with this service User Account Characteristics Comments Maximum length 40 characters Variables ENABLED DISABLED Maximum length 48 characters Variables ONLY Default e Means users may use any number within their security constraints and are prompted to enter a phone number when initiating a dialer session ONLY Designates the sole phone number that may be dialed using this service The following table explains the user account characteristics Characteristic DELAY Description Indicates the delay in seconds before the dialer engine should attempt to initiate the dial back Comments Default 30 seconds Minimum 15 seconds Maximum 3600 seconds 1 hour Managing Dial Services 21 13 Defining the Dialer Service Characteristic USERNAME PASSWORD MODE Description Defines the user name to be supplied to a peer that requires the access server to be authenticated Indicates the password to be supplied to a peer that requires authentication from the access server Indicates the type of session the dial service will create after successfully completing the modem
159. OL enabled the access server automatically logs out the port whenever a loss of the DSR signal if used is detected or if the DCD signal if used is deasserted for more than 2 seconds Furthermore a user must log in to the access server successfully within 120 seconds or the access server automatically disconnects the call You should disable MODEM CONTROL or SIGNAL CONTROL when a port is connected to a device that does not use modem signals or if the device cable does not support modem signals Logging Out the Port with DSRLOGOUT or LONGBREAK LOGOUT With MODEM CONTROL or SIGNAL CONTROL disabled you can enable the access server to log out a port when the attached device is turned off by enabling port characteristic DSRLOGOUT see Specifying DSRLOGOUT in Chapter 9 or LONGBREAK LOGOUT see Specifying LONGBREAK LOGOUT in Chapter 9 Computer Interface For computer interface connections you need to enable MODEM CONTROL or SIGNAL CONTROL and configure the host to use the modem signals This ensures that session status is passed between the access server and the host system which is important to maintain security When a user connected to the access server logs out from a system the computer terminates the session and deasserts the DTR signal The access server interprets this condition as a loss of DSR and terminates the session However when the access server terminates a session the access server deasserts the DTR signal The system
160. ONITOR PORT SESSION command displays the port number session number Protocol LAT and the following message no status information available for LAT sessions Example SHOW PORT SESSIONS STATUS Display for a Telnet Session The following example shows how to display the status of a Telnet session on port 14 Local SHOW PORT 14 SESSION 1 STATUS Port 14 Session 1 Protocol TELNET Do BINARY Disabled Will BINARY Disabled Do ECHO Enabled Will ECHO Disabled Do SGA Enabled Will SGA Enabled Do Status Disabled Will Status Disabled Do End of Record Disabled Will End of Record Disabled Do Remote FLOW CONTROL Disabled Will Remote FLOW CONTROL Disabled Will Terminal Type Enabled DEC VT300 11 48 Configuring and Managing Interactive Devices Managing Sessions SHOW MONITOR PORT SESSIONS STATUS Display Fields The following table provides a description of the SHOW MONITOR PORT SESSIONS STATUS display information Field Do Binary Will Binary Do ECHO Will Echo Do SGA Will SGA Do Status Will Status Description Enabled Interpreting all data received as in a BINARY access server format Disabled Not interpreting all data received as in a BINARY format Enabled Sending data in a BINARY format Disabled Not sending data in a BINARY format Enabled The remote peer will echo the output from the access server Disabled The remote peer will not echo the output fr
161. OR INTERNET GATEWAY command Internet Gateway Addresses Display Example The following example shows how to display a list of Internet gateway addresses available to the access server for routing network traffic SHOW INTERNET GATEWAY 16 2040 Host 16 30 22 35 16 20 48 56 Network 16 30 0 0 Mask 255 255 0 0 16 20 98 245 Network Any 16 20 48 48 Network T3050 0 Mask 255 0 20 0 Configuring a Default Gateway The access server uses a default gateway to route a packet when its destination address e Is ona different subnet than the access server e Does not match any of the known gateway network addresses Default Gateway Definition Example The following example shows how to define a default gateway Local gt CHANGE INTERNET GATEWAY 195 1 1 72 7 16 TCP IP Network Characteristics Configuring a List of Internet Gateway Addresses Defining Networks Available Through a Specific Gateway To indicate that the access server can reach a given network through a specific gateway use the DEFINE SET CHANGE INTERNET GATEWAY command with the NETWORK parameter to do this Default Gateway Definition Example The following example shows how to define the mapping of the default gateway to the network Local CHANGE INTERNET GATEWAY 195 1 1 72 NETWORK 197 0 0 0 You can define multiple networks that can be reached through the same gateway with the same address You must enter a separate command to each network with a gateway Definin
162. ORT 5 TELNET CLIENT SIGNAL REQUEST DISABLED Example Mapping Keyboard Characters The following example shows how to map the AO function to the Delete key Local CHANGE PORT 5 TELNET CLIENT AO DEL You can use the SET SESSION command to map a Telnet function to a key for a particular session This mapping only lasts for the duration of the specified session You cannot map a keyboard character to more than one function 11 22 Configuring and Managing Interactive Devices Configuring Individual Telnet Client Session Characteristics Telnet Keymapping Functions The following table shows key function definitions mapped to specific keys You can disable any of the Telnet commands in this table by using the keyword NONE For example to disable AO for port 5 you enter the following Local CHANGE PORT 5 TELNET CLIENT AO NONE Function Abort Output AO Interrupt Process IP Synch Are You There AYT Break BRK End of Record EOR Quote Toggle Echo Description Aborts any output that is on its way to the user s terminal If an Internet host hangs after an AO is sent use the SEND RESUME OUTPUT command Aborts the process at the remote Internet host Drops input on its way to the remote Internet host This includes output queued by the access server and the host Verifies if the connection to the Telnet server is still active You must resume the session to see the Telnet server s response Sends
163. P NEW KEYS2 Customizing Server Wide Keyboard Maps After executing the CHANGE commands as shown in the Defining New Server Wide Terminal Types and Keyboard Maps section in this chapter you can customize the individual keymapping assignments in the new keyboard map NEW KEYS The goal is to have key assignments that fit the needs of the port users who can select the terminal type that goes with a new keyboard map The following command changes the keymapping assignment for the TN3270 function CLEAR Instead of the default VT100 keymapping EXT ENTER the manager assigns the CLEAR function to Ctrl W Local CHANGE TN3270 KEYMAP NEW KEYS CLEAR CTRL W In a display the customized keymapping assignment is marked with an asterisk The privileged user can show the new keymapping with this command Local SHOW TN3270 KEYMAP NEW KEYS Rules for Customizing Keyboard Maps The following rules apply to customizing keyboard maps e You can assign each 3270 function to only one ASCII key sequence e If you attempt to assign a 3720 function to an ASCII key sequence that is already in use the access server Issues a warning message Assigns the requested key definition Assigns the 3270 function previously assigned to this sequence to NONE e You cannot assign an ASCII key sequence that is a subset of a key sequence already assigned to a 3270 function For example the assignment of KPDOT to a 3270 function is disallowed i
164. P server stores the information for the default domain only it will always store the IP address The other parameters are BOOTP vendor extensions and may or may not be learned depending on the capabilities of the BOOTP server used and the configuration of data in the BOOTP server database 4 10 Managing Load Hosts Using a BOOTP TFTP Server Remote Connection Password DNAS has a password feature for remote logins similar to the main login password DNAS uses a single value for the remote password server wide that is separate from the main login password The factory default value is the same however for both the remote login password and the main login password Each port enabled for remote or dynamic access may have its remote password feature individually enabled or disabled This feature is useful for both reverse LAT services or Telnet listeners DNAS uses the remote password in addition to the LAT service password when the LAT service is password protected When a host initiates a login to a remote password protected port on the server the server displays the prompt The customer can use this feature in a variety of ways For example the customer can use this feature for creating password protecting modem pools that can be accessed via a Telnet listener Managing Load Hosts 4 11 Upline Dumping Upline Dumping Introduction The access server upline dumps its memory when e Anunexpected failure occurs e You force a
165. Port Access Status Services Offered 1 Local Connected 2 Remote Connected LA50 PRINTER 3 Dynamic Idle HARDCOPY 4 Local Local Mode 5 Remote Connected LA50 PRINTER 6 Local Connecting Remote Disconnected TIMESHARING 8 Local Idle 9 Local Idle 10 Local Idle HT Local Idle 12 Local Idle LS Local Idle 14 Local Idle LS Local Idle 16 Local Idle Managing the Access Server 17 29 Checking Port Status and Counters SHOW LIST MONITOR PORT SUMMARY Display Fields The following table describes the information under the headings in the SHOW LIST MONITOR PORT SUMMARY display Heading Description Port Number n of the port Access Current setting of the ACCESS port characteristic Access determines how a port can access a service node or how a port can be accessed by other interactive users and by service nodes Access is shown by one of the following Dynamic Access server allows access to the port to alternate between local and remote Local Access server allows only interactive use of the port None Access server prevents any use of the port Remote Access server allows only remote connections on the port Port access is specified by using the SET DEFINE CHANGE PORT command Status Current status of the port which can be one of the following Connected Port is connected to a service Connecting Port is attempting a connection to a service Disconnected Session was terminat
166. RINTER ALL command Local SHOW PRINTER ALL Printer LPS32 PS Header Page Enabled Connections Enabled Trailer Page Optional Flag Page Type Postscript Auto C R Disabled Identification The PostScript Printer Flag Page Note Ports 4 5 Printer LPS32 ASCII Header Page Enabled Connections Enabled Trailer Page Optional Flag Page Type ASCII Auto C R Disabled Identification The ASCII Text Printer Flag Page Note Ports 6 Local SHOW PORT Port 393 Server LAT 08002BB7671 El Co Character Size 8 Input Speed 9600 Configuring LPD Printers 14 7 Configuring LPD Flow Control XON Output Speed 9600 Parity None Signal Control Disabled Stop Bits Dynamic Access Remote Local Switch None Backwards Switch None Name PORT 3 Break Local Session Limit 4 Forwards Switch None Type Ansi Default Protocol LAT Default Menu None Dialer Script None Preferred Service Non Authorized Groups 0 Current Groups 0 Enabled Characteristics Broadcast Failover Input Flow Control Lock Loss otification essage Codes Output Flow Control Verification Local SHOW PRINTER SPEEDY STATUS Printer SPEEDY Identification Fast Laser Printer Print Jobs 34 Total Bytes Sent 459285 Printer Service Status Port User Status Bytes Waiting for data file 3045 Waiting for LPD command 0 14 8 Configuring LPD Printers Chapter 15 Configuring and Managing SLIP Ports Overvi
167. SELECT characteristic to RI DCD DSRS DTR e If the modem speed is 9600 baud or above configure the port SIGNAL SELECT characteristic to CTS DSR RTS DTR NOTE A maximum supported baud rate of 9600 on a modem is a guideline for signal set selection The signals used are a factor of modem technology not the actual baud rate for data tranfer Enabling CTS RTS flow control for access servers with attached modems with 9600 baud or greater enables a faster response time from the access server hardware In order to enable SIGNAL CONTROL you must configure SIGNAL SELECT Example Enabling SIGNAL SELECT The following example shows to configure SIGNAL SELECT to CTS DSR RTS DTR on port 10 Local DEFINE PORT 10 SIGNAL SELECT CTS DSR RTS DTR Local LOGOUT PORT 10 Configuring Modem Signals 10 9 Specifying SIGNAL CHECK Specifying SIGNAL CHECK Introduction The SIGNAL CHECK characteristic allows the access server to check for any modem signal when a host requests a connection If any one modem signal is present the access server makes a connection otherwise a connection is denied If all modem signals are dropped at the port once a connection is made the access server disconnects the session and logs out the port With SIGNAL CHECK disabled the access server does not look for modem signals and data might be lost The factory set default for SIGNAL CHECK is disabled Example Enabling SIGNAL CHECK The following example s
168. Solicited remote connection is established regardless of the state of DSR Reception of asynchronous data is accepted once the connection is established Port is logged out if DSR is deasserted after initial assertion DSRLOGOUT SIGNAL CONTROL and DTR is always asserted Solicited remote connection is accepted SIGNAL CHECK disabled regardless of the state of DSR Port is logged out if DSR is deasserted after initial assertion Reception of asynchronous data is not be accepted unless DSR is asserted SIGNAL CHECK DTR is always asserted SIGNAL CONTROL Solicited remote connection will not be disabled accepted unless DSR is asserted 10 20 Configuring Modem Signals Port is logged out if DSR is deasserted after initial assertion Enabled Characteristic DTRWAIT SIGNAL CONTROL and DTRWAIT SIGNAL CHECK disabled SIGNAL CONTROL and SIGNAL CHECK DTRWAIT disabled SIGNAL CONTROL SIGNAL CHECK and DTRWAIT Configuring DTR and DSR Signals DTR and DSR Actions Port status indicates Signal Wait if connections cannot be accepted because DSR is deasserted Has no affect unless SIGNAL CONTROL is enabled DTR is asserted only if there is a solicited remote connection Solicited remote connection is established regardless of the state of DSR Reception of asynchronous data is accepted once the connection is established Port is logged out if DSR is deasserted after initial assertion DTR i
169. T SLIP PPP NONPRIVILEGED NOPRIVILEGED Managing Access Server Security 22 29 Determining Security Configuration Example Displaying Kerberos Characteristics The following example shows the resulting display for the SHOW KERBEROS CHARACTERISTICS command LOCAL SHOW KERBEROS Retransmit Interval Ticket service port Default Realm Secret Primary Host Master Host Host 00 00 01 750 Password service port 33H LKG DEC COM None Retransmit TimeOut 00 00 20 751 prowlr lkg dec com ds900 1kg dec com foo bar dec com Authorization Defaults Access Max Connect DialBack Number DialOut Number Permissions Displaying Security Summary INTERACTIVE Forced Callback 00 08 00 00 DialOut Service 555 1234 Any LAT TELNET DISABLED DIAL14400 SLIP PPP DIALBACK DIALOUT To show the security summary use the SHOW SECURITY SUMMARY command This command displays all of the currently configured security realms It provides a subset of the data produced by the SHOW SECURITY command Example Showing the Security Summary LOCAL SHOW SECURITY SUMMARY Logout Warning mr gt Interval 0 Times 0 Kerberos icm EE A Default Realm 33H LKG DEC COM Realm kerberos realm somewhere RADIUS Et Realm realmnamel SOCUrTTD gt 2 3225232 2252227292209 TS SO ROA RS SSS eae eS cie ccu fer Realm realmnam2 Server SSeS Sort Mee Realm
170. T 4 ACCESS REMOTE AUTOBAUD DISABLED BREAK DISABLED Local gt DEFINE PORT 4 DEDICATED NONE DSRLOGOUT DISABLED FLOW CONTROL XON Local gt DEFINE PORT 4 INACTIVITY LOGOUT ENABLED LONGBREAK LOGOUT DISABLED Local gt DEFINE PORT 4 SIGNAL CHECK ENABLED SIGNAL CONTROL DISABLED Local gt LOGOUT PORT 4 13 2 Configuring and Managing Telnet Servers Sample Device Configurations Local CHANGE TELNET LISTENER 2010 PORTS 4 ENABLED Local CHANGE TELNET LISTENER 2010 IDENTIFICATION PRINTER Local CHANGE TELNET LISTENER 2010 CONNECTIONS ENABLED Configuring a Computer for Access Through a Telnet Listener The following example shows a sample configuration of a computer used for access through a Telnet listener on port 2 Local DEFINE PORT 2 ACCESS REMOTE AUTOBAUD DISABLED AUTOCONNECT DISABLED Local DEFINE PORT 2 BREAK DISABLED DEDICATED NONE DSRLOGOUT DISABLED Local DEFINE PORT 2 DTRWAIT ENABLED INACTIVITY LOGOUT DISABLED Local DEFINE PORT 2 INTERRUPTS DISABLED LONGBREAK LOGOUT DISABLED Local DEFINE PORT 2 MODEM CONTROL ENABLED SIGNAL CHECK DISABLED Local LOGOUT PORT 2 Local CHANGE TELNET LISTENER 2010 PORTS 2 ENABLED Local CHANGE TELNET LISTENER 2010 IDENTIFICATION XYZ minicomputer Local CHANGE TELNET LISTENER 2010 CONNECTIONS ENABLED Configuring a Modem for Access Through a Telnet Listener This section contains examples that show how to configure a dial out modem and a dial in dial out modem Example Configuring a
171. T TCP KEEPALIVE RETRY 7 19 Index 11 INTERNET TCP KEEPALIVE TIMER 7 19 PORT 11 14 PORT characteristics 2 7 Short DDP Errors 8 7 SHOW command INTERNET COUNTERS 7 21 SHOW commands 2 3 8 6 8 10 APPLETALK ROUTES 8 12 DSV CONFIGURE 4 6 INTERNET NAME RESOLUTION 7 7 INTERNET NAME RESOLUTION COUNTERS 7 9 NODE 4 5 PORT 9 4 PORT CHARACTERISTICS 11 24 port characteristics 18 21 PORT SESSION STATUS 11 27 QUEUE ALL 11 9 SERVER 2 6 6 4 example 2 6 SERVER STATUS 2 12 SHOW LIST MONITOR commands 2 3 INTERNET HOST 7 13 SHOW MONITOR commands APPLETALK STATUS 8 5 QUEUE 11 8 Signal Check characteristic enabling 10 10 Signal check 9 10 characteristic 10 10 SIGNAL CONTROL 10 10 10 12 Signal control 12 13 13 5 characteristic 10 7 enabling 10 8 SIGNAL REQUEST characteristic 11 22 SIGNAL SELECT characteristic 10 9 enabling 10 9 Simple network management protocol SNMP 16 1 Slave host 22 23 SLIP protocol 11 6 15 1 22 16 23 6 to 23 7 communications 15 1 compressed 15 13 Index 12 connecting 15 12 CSLIP 15 13 dedicated ports configuring 15 9 displaying characteristics 15 4 hosts 15 1 15 3 15 8 Internet address 15 5 modems 15 10 packet forwarding 15 3 ports 1 2 configuration 1 3 SLIP hosts Internet address 15 5 SMI 10 3 10 5 10 13 SNMP 1 3 SNMP Community Fail 23 6 SNMP community fail events 23 7 23 9 SNMP community modified events 23 10 SNMP protocol 16 1 community name 16 9 community names 16 2 PUBLIC 16 5 rem
172. TCP Characteristics Display Field Values The following table explains the fields in the ATCP characteristics display Field Description Values Default ATCP Indicates if ATCP is enabled Enabled Enabled Disabled Passive Open When enabled ATCP Enabled Enabled negotiation does not begin until Disabled initiated by the attached device Restart Timer Indicates the amount of time 1to5 3 between ATCP configure or seconds terminate request retransmissions when there is no response Max Configure The number of times that ATCP 1 to 15 10 sends a configure request attempts packet to the peer without receiving an acknowledgment 19 10 Configuring and Managing Point to Point Protocol PPP Ports Displaying PPP Characteristics Field Description Values Default Max Terminate The number of times that ATCP 1 to 15 2 sends a terminate request attempts packet to the peer without receiving an acknowledgment Max Failure The number of times that ATCP 1 to 15 10 sends a negative attempts acknowledgment for the peer s proposed options before deciding to reject the options E This field has a fixed value in this software release Configuring and Managing Point to Point Protocol PPP Ports 19 11 Displaying PPP Status Displaying PPP Status Introduction This section describes how to display the PPP LCP and IPCP status Displaying LCP Status Use the SHOW PORT n LCP STATUS command to display LCP characteristics This command is non
173. TERISTICS display The display fields in fall into two categories e General IP status over the link IPCP Status section e Status of each IPCP option IPCP Options section Example IPCP Status Display The following example shows the IPCP status display for port 5 Local gt SHOW PORT 5 PPP IPCP STATUS Port 5 Server LAT 08002B26D0E7 IPCP Status State Initial Negotiation Time 0 00 00 00 Since Open 0 00 00 00 Failure Reason None IPCP Options Local Remote Negotiate Address Disabled Disabled IP Address 0 0 0 0 0 0 0 0 Compress Header Disabled Disabled Compress States 0 0 19 14 Configuring and Managing Point to Point Protocol PPP Ports Displaying PPP Status Fields in the IPCP Status Display The following table explains the fields in the IPCP status display Field Description State The IPCP state as defined in RFC 1331 The possible states are Initial Starting Closed Stopped Closing Stopping Req Sent Ack Rcvd Ack Sent Opened and DHCP Req DHCP Req which is not part of RFC 1331 indicates the negotiations are waiting for DHCP to assign an IP address Negotiation Time The number of seconds required by the PPP negotiation procedure the last time IPCP negotiated Since Open The number of seconds since IPCP last attempted to negotiate IP over the link Failure Reason Provides a brief reason if IPCP cannot negotiate IP over the link Negotiate Indicates if address negotiation should take plac
174. Telnet Session Characteristics ooooooocoococoorcrocor 11 21 Specifying ECHO Characteristics lesse 11 21 Specifying the BINARY Characteristic 0 0 eee e 11 21 Specifying CHARACTER SIZE 0 0 eee eee 11 22 Mapping Keyboard Characters to Telnet Functions 0000002 eee ee 11 22 Telnet Keymapping Functions 0 0 0 0 0 eee e 11 23 Specifying AUTOELUNSEL teet t Re Re tet eeu n Decr at al 11 24 Specifying AUTOSYNCH vs ceset red ee ler Rye y re y hee 11 24 Specifying Telnet Client Newline 0 0 0 0 eee ee eee 11 24 Specifying FLOW CONTROL 0 e eee 11 25 Specifying MESSAGE VERIFICATION 0 0 0 0 eee eee eee 11 26 Specifying the SWITCH CHARACTER 0 0 0c eee eee 11 26 Specifying a Preferred Terminal Type 0 0 eee cece eee ee 11 27 Managing Access Server User Accounts 20 0 0 cece eee eee eee 11 28 Minimal Setup for Local User Accounts 0 00 0 c cece cece eee 11 28 Optional Setup for Local User Accounts 0 00 0 cece eee eee 11 28 SHOW LIST MONITOR USERACCOUNT Display lesse eene 11 29 Service Permissions Access 11 30 User Account Command Parameters 0 0 eee eee ee eee 11 31 Access Command Variables llle ee 11 32 Managing Users ve E EUH e rete tee at RR ER dt 11 33 Providing a Contact Name and Access Server Location 00 0000005 11 33 Specifying Preferred Service for LAT or Tel
175. The number of NBP Lookup Requests the access server has received The number of NBP Lookup Replies the access server has sent The number of invalid NBP datagrams received The number of times the access server lost contact with every AppleTalk router on its Ethernet The number of invalid RTMP datagrams received The number of GetNetInfo responses the access server has received The number of GetNetInfo requests the access server has sent The number of invalid ZIP datagrams received Displaying AppleTalk Counters AARP Values Two important counter values are those for AARP Unsent AARP probes or responses can indicate network problems This happens when the access server is too overloaded to respond to AARP requests When there are unsent probes other AppleTalk nodes can acquire AppleTalk addresses used by the access server or its clients There can be connectivity problems when there are unsent responses Managing AppleTalk 8 9 Displaying AppleTalk Status Displaying AppleTalk Status Command Use the SHOW MONITOR APPLETALK STATUS command to display the AppleTalk status on the access server The command is nonprivileged Displaying AppleTalk Status Example The following example shows how to display the AppleTalk status on an access server Local SHOW APPLETALK STATUS AppleTalk Status State Address Network Name Object Type Zone Cache Attached Hosts Last Error Server Up 401 78
176. UD DISABLED AUTOCONNECT DISABLED Local gt DEFINE PORT 2 AUTOPROMPT ENABLED AUTHORIZED GROUPS 10 24 46 Local gt DEFINE PORT 2 BREAK DISABLED DEDICATED NONE DEFAULT PROTOCOL LAT Local gt DEFINE PORT 2 DSRLOGOUT ENABLED FAILOVER ENABLED Local gt DEFINE PORT 2 INACTIVITY LOGOUT ENABLED INTERRUPTS DISABLED 12 6 Configuring and Managing LAT Services Configuring Configuration of Specific Types of Devices As LAT Services Local DEFINE PORT 2 LOCAL SWITCH L PASSWORD DISABLED PREFERRED NONE Local DEFINE PORT 2 SIGNAL CHECK ENABLED SIGNAL CONTROL DISABLED Local LOGOUT PORT 2 Local CHANGE SERVER SERVICE GROUPS 10 24 46 ENABLED CHANGE SERVICE MICRO PORT 2 IDENTIFICATION computer 2 Local Personal a Computer As a LAT Service By using multiple terminal interfaces and access server ports you can use more than one access server port with a single computer system Ensure that each access server port is assigned to a service Example Configuring a Computer As a LAT Service on Port 2 The following example shows a sample configuration of a computer used as a LAT service Local DEFINE DISABLED PORT 2 ACCESS REMOTE AUTOBAUD DISABLED AUTOPROMPT Local DEFINE DISABLED PORT 2 DEDICATED NONE DIALUP ENABLED DSRLOGOUT Local DEFINE PORT 2 DTRWAIT ENABLED INACTIVITY LOGOUT DISABLED Local DEFINE DISABLED PORT 2 INTERRUPTS DISABLED LONGBREAK LOGOUT Local DEFINE PORT 2 MODEM CONTROL ENABLED SIGNAL CHECK
177. Value Local Acquired Displaying AppleTalk ARP Entries Description The entry designates either 1 A host that is presently running AppleTalk over its asynchronous link to the access server or 2 The access server AppleTalk address The entry has been pre acquired for later use by an attached AppleTalk host It is also possible that the address has already been used by one or more attached hosts but has been returned to the address cache The interface with which the address is associated The access server s own AppleTalk address as well as any remote or acquired addresses are always associated with the Ethernet This field identifies the asynchronous line with which a local address might be associated Managing AppleTalk 8 15 Chapter 9 Configuring Basic Device Characteristics Overview Introduction This chapter explains how to configure the basic characteristics for all types of devices that attach to the access server ports These devices include In This Chapter Standard DIGITAL video terminals such as the VT100 and VT220 Printers Modems PCs Computers Nonstandard terminals This chapter contains the following topics Configuring Basic Device Characteristics Displaying Basic Device Characteristics Configuring the ACCESS Characteristic Matching the Port and Device Characteristics Configuring the FLOW CONTROL Characteristic Specifying the Automatic Logout Characteristics Configuring Basic
178. WD command you can also use the DEFINE KERBEROS PASSWORD COMMAND as described in the Network Access Server Command Reference User Authentication Counters This section describes the user authentication counters These counters display information that is useful for detecting problems Network Access Server User Authentication Counters The following example shows how to display the user authentication counters for the access server Local SHOW SERVER AUTHENTICATION COUNTERS Total Total attempts failures User authentication all realms 16 0 Total Valid Error Packets Packets Packets Sent Received Received Realm mfg acme com 8 8 0 Realm sales acme com 7 6 1 Realm finance acme com 1 1 0 Time since counters last zeroed 1 01 55 14 Managing Access Server Security 22 11 Managing Kerberos Port User Authentication Counters The following example shows how to display the authentication counters for a given port Local SHOW PORT 1 AUTHENTICATION COUNTERS Port l1 j_smith Server Finance_server Cur login Cur login Total Total attempts failures attempts failures User authentication 1 0 4 0 Time since last user authentication success 000252032 Time since last user authentication failure never Time since counters last zeroed 1 01 50 28 Setting the User Authentication Counters to Zero The user authentication counters add up until you explicitly reset them To reset user authentication counters for t
179. WLINE TO TERMINAL When entered the character sequence is sent to the user s terminal whenever a NEWLINE FROM HOST sequence is received The factory set default is lt CRLF gt e NEWLINE FROM HOST When received from the Internet host the character sequence is interpreted as a new line The factory set default is lt CRLF gt Note that the Telnet protocol specifies that the CRLF sequence should be sent e NEWLINE TO HOST When entered the character sequence is sent to the Internet host whenever a NEWLINE FROM TERMINAL sequence is received The factory set default is lt CRLF gt Note that the Telnet protocol specifies that the CRLF sequence should be sent You can define NONE if you do not want a character to be defined Example Specifying Telnet Client NEWLINE The following example shows how to define no character for NEWLINE TO TERMINAL and AB as a character string for Newline To Terminal on port 5 Local gt CHANGE PORT 5 TELNET CLIENT NEWLINE TO TERMINAL NONE Local gt CHANGE PORT 5 TELNET CLIENT NEWLINE TO TERMINAL AB Specifying FLOW CONTROL The FLOW CONTROL characteristic enables or disables the XON XOFF FLOW CONTROL characters for any Telnet client session created at the port The access server supports the remote FLOW CONTROL feature where the remote Telnet server can toggle on and off the XON and XOFF output FLOW CONTROL characters from the access server client This happens when an application on the Tel
180. Y e PPP The access server defaults to the PPP protocol if the user does not specify a protocol with the CONNECT command e AUTOLINK The access server passively examines characters received from the attached device If the access server detects a PPP or SLIP connection it attempts to change the current session into the appropriate data link session type PPP or SLIP If the access server cannot identify the data as PPP or SLIP it starts and interactive session An adjunct to the AUTOLINK protocol is AUTOLINK authentication See Managing Dial Up Access Security with AUTOLINK and AUTOLINK 11 6 Configuring and Managing Interactive Devices Configuring an Interactive Device for LAT Sessions Authentication in Chapter 21 for details Specifying Failover Configuring If a LAT service node suddenly becomes unavailable during a session the access server searches for another LAT service node that offers the same service If the access server finds one or more suitable nodes it attempts to connect to the service on the node with the highest service rating This process is called failover When used with a VAXcluster computer network failover provides a flexible terminal connection to the VA Xcluster service This feature can be disabled on each port Example Disabling Port Failover The following example shows how to disable failover on port 2 Local CHANGE PORT 2 FAILOVER DISABLED Port Queuing When a user on the ac
181. a des 6 6 Changing the CIRCUIT TIMER o oocccococooo II 6 6 IDENTIFICATION Characteristic 0 0 III 6 7 Introduction ve cR A AA OE Ue Mente Sead PUn OR AA Een 6 7 Changing the Server Identification String eee 6 7 Removing an Identification String llle 6 7 Identification String in a Login Procedure Display 0 000 000 0000 08 6 7 KEEPALIVE TIMER Characteristic ce hh 6 8 Introduction oe bab eden me da 6 8 Keepalive Timer Default Values llsseeeeeeeeeee e 6 8 Keepaliv Timer Example oe vedredeee Lt IR CEU b eee a 6 8 MULTICAST TIMER Characteristic lle mh 6 9 Introd ction iul m RE eet tee c e pee m car e pae eR tA en e bae 6 9 Multicast Timer Default Values llle mh 6 9 Changing Multicast Timer Values Example 0 000 000 eee ee eee eee 6 9 ACCESS SERVER NAME Characteristic 6 10 Inttod ctions o3 ot esos E e steer betae BRUN Mae cL RR 6 10 Default Access Server Name 0 0 cece ccc hmm 6 10 Changing the ACCESS SERVER NAME ssseeeeee eee eee ee 6 10 NODE LIMIT Characteristic 2 cee he 6 11 Introduction 94 te eu ederet s e te tele ue eU tede a UE AUR MR c S AER 6 11 Changing the Access Server NODE LIMIT 0 0 0 0 e 6 11 Access SERVER NUMBER Characteristic eee 6 12 Introduction 65 esee A REDE E CR p eR ES SIDE NR Eve Re 6 12 Access SERVER NUMBER Values 00 0 e eee ee e een eens 6 12 Changing the
182. a flow from the access server to the attached device By default the access server enables FLOW CONTROL in both directions Example Enabling Input FLOW CONTROL The following command shows how to enable input FLOW CONTROL on port 5 of an access server Local CHANGE PORT 5 INPUT FLOW CONTROL ENABLED Example Enabling output FLOW CONTROL The following command shows how to disable output FLOW CONTROL on port 5 of an access server Local CHANGE PORT 5 OUTPUT FLOW CONTROL DISABLED 9 12 Configuring Basic Device Characteristics Specifying the Automatic Logout Characteristics Specifying the Automatic Logout Characteristics Introduction This section describes the characteristics that you can use to log out a port automatically when the device attached to the port is turned off or when there is no activity for a specified period of time Specifying DSRLOGOUT The DSRLOGOUT characteristic causes the access server to logout a port device when the device deasserts DSR You cannot enable DSR logout if you enable DSR FLOW CONTROL To use DSRLOGOUT the device and cable must support DSR For the wiring and cables that support DSR refer to the hardware documentation for your terminal server For more information about DTR and DSR signals refer to Configuring DTR and DSR Signals in Chapter 10 By default for DSRLOGOUT is disabled Example Enabling DSRLOGOUT The following command shows how to enable DSRLOGOUT on port 5 Lo
183. a modem control port Upon detecting the RI signal from the modem the access server asserts DTR and RTS which allows the modem to answer the call Then upon detection of DSR DCD and CTS from the modem the access server enables data transfer e DTRWAIT should be enabled for ports connected to computers and PCs In order to enable DTRWAIT you must enable MODEM CONTROL or SIGNAL CONTROL Enabling DTRWAIT Example The following command shows how to enable DTRW AIT on port 3 Local CHANGE PORT 3 DTRWAIT ENABLED Configuring Modem Signals 10 1 1 Specifying RING Specifying RING Description The RING characteristic is supported only on those access servers that support the DSRS signal Certain terminal switches and computers need to detect a RING indicator signal RI before they activate The access server can emulate the RI signal when the port is used with a BC22R or equivalent cable that crosses the DSRS signal of the access server over to the RI pin on the device For information on this cable refer to the access server hardware documentation When the port RING characteristic is set to enabled and MODEM CONTROL or SIGNAL CONTROL is enabled the access server asserts and deasserts DSRS once every 2 seconds This continues until either the access server detects DSR or 30 seconds have elapsed Upon receiving DCD the access server establishes the connection DTR and RTS are asserted unless DTRWAIT is enabled 10 12 Configurin
184. abled No No Trailer is optional No No e Ifthe data file arrives first the access server sends the file to the printer according to the printer setup on the port When the control file arrives the access server 14 2 Configuring LPD Printers LPD Operation sends the user data to the printer as the last page of the print job In this situation the access server cannot display or use user information from the control file while the file is printing If the Data File Arrives Does the Header Does the User First and the Trailer Print Information Print Header is enabled Yes No Header is disabled No No Header is optional No No Trailer is enabled Yes Yes Trailer is disabled No No Trailer is optional Yes Yes Configuring LPD Printers 14 3 LPD Operation Operation The access server receives print requests from remote hosts on TCP port 515 It uses LPD to send the file to a local printer through the access server s LAN interface and a serial port The following occurs when a host on the LAN uses LPD to send a print job to the access server Remote Host DECserver LPD Client LPD Server 1 User issues an LPR print command y 2 LPR connects to remote LPD server 3 DECserver confirms that specified printer is ready to print 4 LPR sends data and control files to remote LPD server Receives data Printer LAN Interface LPD sends the data to the local printer LK G 10496 97 M
185. acknowledged complete IP address LKG 10498 97MF TCP IP Network Characteristics 7 29 Learning IP Information From a DHCP Server IP Address Renewals When the DHCP server assigns an IP address to a remote client it leases the address to the remote client for a finite or infinite amount of time If the lease is about to expire and the remote client still has a dial up connection the access server renews the lease on behalf of the remote client The access server attempts to renew the lease as long as the remote client maintains a dial up connection Enabling and Disabling DHCP The default DHCP setting on the access server is DHCP ENABLED The following table lists the commands that you use to enable and disable DHCP To Do This Use This Command Enable DHCP DEFINE SET CHANGE INTERNET DHCP ENABLED Disable DHCP DEFINE INTERNET DHCP DISABLED Displaying the DHCP Setting Use the SHOW LIST MONITOR INTERNET command to display the current DHCP setting The example in the Displaying the Internet Address and Subnet Mask section in this chapter shows a typical display Configuring Default Values If you enable DHCP but also want the access server to function in the event that a DCHP server is not available you can define default values for some of the DHCP learned IP information in NVRAM using DEFINE commands Follow the procedures in this chapter for setting the IP address subnet mask DNS values WINS values and gateways
186. acteristics IPX Enabled LAN Node Address LAN Frame LAN Frame LAN Frame LAN Frame 08002B24F2DD ETHERNET RAW802 SAP802 SNAP802 IPX Characteristics Display Fields The following table describes the fields in the IPX characteristics display Internal Network LAN Network LAN Network LAN Network LAN Network 2B24F2DD Learn Disabled Disabled Disabled Field Description IPX Enabled or Disabled The default is Disabled LAN Node Address Maximum of 12 hexadecimal numbers no leading 20 22 Managing IPX Zeroes representing the Ethernet interface s hardware address Field Internal Network LAN Frame LAN Network Displaying IPX Characteristics Description None or up to 8 hexadecimal numbers no leading zeroes 1 to FFFFFFFE This entry configures the IPX internal network number for the access server It is used by the serial ports for configuring a common network number for all PC client dial ins when PPP IPXCP is negotiated This occurs when the PC client requests the access server to configure the network through PPP A higher network number offered by the PC client takes precedence over the internal network number This number must also be unique It is recommended that the internal network number be used to limit the number of unique networks in the IPX Routing Information Protocol RIP database of fileserver and routers LAN frame types ETHERNET RAW802 SAP802 or SNAP
187. activate PPP using user interface commands Activating PPP To configure the port with login password authentication required use the following commands Local CHANGE SERVER LOGIN PASSWORD xxxxxx Local CHANGE PORT n PASSWORD ENABLE Local CHANGE PORT n AUTOBAUD ENABLE SPEED 9600 Local CHANGE PORT n DEDICATED NONE Configuring the Port With No Login Password Authentication Required To configure the port with no login password authentication required use the following commands Local CHANGE PORT n PASSWORD DISABLE Local CHANGE PORT n AUTOBAUD ENABLE SPEED 9600 Local CHANGE PORT n DEDICATED NONE Note Both login password authentication and PPP PAP password authentication use the same password One or both can be enabled at the same time 20 8 Managing IPX Setting Up the Network Access Server Configuring the Port Dedicated to PPP Following modem connection the PC user will log in with or without password authentication Then PPP will automatically be activated to pass IPX network packets Configuring the Port With Login Password Authentication Required To configure a port with login password authentication required use the following commands Local CHANGE SERVER LOGIN PASSWORD xxxxxx Local CHANGE PORT n PASSWORD ENABLE Local CHANGE PORT n AUTOBAUD ENABLE SPEED 9600 Local CHANGE PORT n DEDICATED PPP Local CHANGE PORT n DEFAULT PROTOCOL PPP Configuring the Port With No Login Password Authenti
188. ademark of Microsoft Corporation NetBIOS is a trademark of Micro Computer Systems Inc Novell and NetWare are registered trademarks of Novell Inc OS 2 is a registered trademark of International Business Machines Corporation OSF 1 is a registered trademark of Open Software Foundation Inc PostScript is a registered trademark of Adobe Systems Inc SecurID is a registered trademark of Security Dynamics Technologies Inc SCO is a trademark of Santa Cruz Operations Inc Sun is a registered trademark of Sun Microsystems Inc UNIX is a registered trademark in the United States and other countries licensed exclusively through X Open Company Ltd Vitalink is a registered trademark of Vitalink Communications Corporation The following copyright applies to the CMU BOOTP implementation Carnegie Mellon 1988 Permission to use copy modify and distribute this program for any purpose and without fee is hereby granted provided that this copyright and permission notice appear on all copies and supporting documentation the name of Carnegie Mellon not be used in advertising or publicity pertaining to the distribution of the program without specific prior permission and notice be given in supporting documentation that copying and distribution is by permission of Carnegie Mellon and Stanford University Carnegie Mellon makes no representation about the suitability of this software for any purpose It is provided as is without express or
189. ady to exchange further control signals with the port device to initiate the exchange of data DTR is accompanied by RTS and DSRS Monitored by the access server and asserted by the port device to indicate that the received line signal is within acceptable limits Monitored by the access server to detect whether the modem at the access server port has selected the higher or lower speed in its range for exchanging data with a remote modem SMI allows the use of a primary and alternate or fallback speed Monitored by the access server This indicates that a calling signal is being received by the port device Configuring Modem Signals 10 5 Modem Signals Description Modem Signal Data Signal Rate Selector DSRS 10 6 Configuring Modem Signals Description Asserted by the access server to indicate the speed at which the modem should initiate communications On a port configured for a multispeed modem where both SPEED and ALTERNATE SPEED are specified DSRS indicates the higher of the two speeds Specifying MODEM CONTROL and SIGNAL CONTROL Specifying MODEM CONTROL and SIGNAL CONTROL Introduction The MODEM CONTROL and SIGNAL CONTROL characteristics are identical except that MODEM CONTROL is only used with full MODEM CONTROL access servers and SIGNAL CONTROL is used on all other access servers These characteristics enable or disable the use of MODEM CONTROL signals on a port With MODEM CONTROL or SIGNAL CONTR
190. al SHOW SERVER Network Access SW Vx x for DSxxx xx BLxx xx ROM Vx x x Uptime 0 00 44 34 Address 08 00 2B 26 AA 99 Name WWDOCMC Number 0 Identification Circuit Timer 80 Password Limit 3 Console Port 1 Prompt Local gt Inactivity Timer 30 Queue Limit 100 Keepalive Timer 20 Retransmit Limit 8 Multicast Timer 30 Session Limit 64 Node Limit 200 Software WWENG1 Service Groups 42 46 66 Enabled Characteristics Announcements Broadcast Dump Lock Server Responder Local gt 6 4 Configuring LAT Characteristics ANNOUNCEMENTS Characteristic ANNOUNCEMENTS Characteristic Introduction The ANNOUNCEMENTS characteristic determines if the access server sends LAT multicast messages about local services over the Ethernet The access server does not send any announcements if no local services are defined Configure Announcements Example The following example shows how to enable and disable the announcements characteristic Local CHANGE ANNOUNCEMENTS ENABLED Local CHANGE ANNOUNCEMENTS DISABLED Configuring LAT Characteristics 6 5 CIRCUIT TIMER Characteristic CIRCUIT TIMER Characteristic Introduction The CIRCUIT TIMER characteristic defines the interval at which the access server sends virtual circuit messages to the LAT service node This value is important for balancing fast response time and network utilization against optimal service node performance The circuit timer value ranges from 30 to 200 millise
191. ally addressed datagram sent in response to a received Solicit Information message LAT V5 2 nodes operating as LAT masters can address Solicit Information datagrams to V5 2 slave nodes and be almost assured of a direct response However nodes operating as V5 1 masters can only address Solicit Information datagrams to other V5 1 masters since V5 1 slaves do not enable multicast addresses for the reception of directory service datagrams Therefore V5 1 and V5 2 nodes are allowed to respond to Solicit Information datagrams for slave nodes that cannot respond for themselves The RESPONDER characteristic determines whether the access server may act as an agent for other nodes By configuring one or more access servers to act as responders the other access servers can operate with a node limit of 1 and still be assured access to LAT services This frees up the dynamic memory and reduces the overhead that would otherwise have been required to maintain the LAT node database 6 16 Configuring LAT Characteristics RESPONDER Characteristic Changing the RESPONDER Characteristic The factory default setting for the RESPONDER characteristic is disabled To enable it use the following command Local CHANGE SERVER RESPONDER ENABLED Use the SHOW SERVER command to determine the current setting When the feature is enabled RESPONDER is displayed as one of the enabled characteristics Along with enabling the RESPONDER characteristic you must set
192. ame that identifies the network service Status Current availability of the service as one of the following Available One or more service nodes that offer the service are accessible n Connected Service is available and n sessions are currently active with this service Unavailable All service nodes that offer the service are not accessible Unknown None of the service nodes that offer the service are accessible and one or more is unknown Identification Service identification string which may describe the service or how to use the service Configuring and Managing LAT Services 12 21 Chapter 13 Configuring and Managing Telnet Servers Overview Introduction This chapter explains how to configure various types of devices as a Telnet or raw TCP server A Telnet or raw TCP server is a resource on a TCP IP network To use the procedures in this chapter you must e Connect and test the devices e Enable privileged status e Configure the port and device characteristics to match Refer to your access server hardware documentation for information about connecting device cables In This Chapter This chapter contains the following topics e Sample Device Configurations e Configuring a Personal Computer As a Terminal and for Access through a Telnet Listener e Configuring a Remote Print Queue e Configuring a Telnet Listener e Configuring Telnet Server Session Characteristics e Managing Your Access Server As a Telnet Listener N
193. ames to Send TRAP Messages You can optionally configure the access server to send TRAP messages to a specific NMS for each community name The access server generates TRAP messages in response to the events listed in the following table This Event Cold start Line up Line down Authentication Occurs When The access server was reinitialized A network data link session was established on port n A network data link session was disconnected on port n Unauthorized SNMP access was attempted Example Configuring SNMP TRAP Messages The following example shows how to create the community name server In this example only NMS 195 1 1 2 can access community name SERVER The access server sends TRAP messages to this NMS Local Local Local Local Local CHANGE CHANGE CHANGE CHANGE CHANGE Note SNMP SNMP SNMP SNMP SNMP COMMUNITY SERVER ADDRESS 195 1 1 2 COMMUNITY SERVER SET ENABLED COMMUNITY SERVER TRAP ENABLED AUTHENTICATION ENABLED ENABLED TRAPS cannot be enabled for communities with the IP address ANY Configuring for SNMP Access 16 7 Configuring the Access Server for SNMP Access Sample SNMP Configuration The following figure is a diagram of a network configuration that results from the commands in the Configuring a Community Name for Access by Any NMS Configuring a Community Name with an Address and Configuring Community Names to Send TRAP Messages sections ULTRIX NMS VMS
194. aracteristic is unspecified or does not exist Only a portion of the RADIUS authorization attributes have a corresponding realm default or corresponding port attribute Managing Access Server Security 22 15 Managing RADIUS User Access to the Access Server The primary way to define a user s type of access is to use the RADIUS server attribute called User Service Type The following table shows User Service Type values that the access server supports Value Description Login LAT TELNET depending on the Login Service attribute or DEFAULT PROTOCOL value in PORT Framed PPP SLIP depending on the Framed Protocol attribute or DEFAULT PROTOCOL value in PORT Callback Login User is first called back then gets login Callback Framed PPP SLIP user is first called back Administrative User NAS prompt with automatic privilege NAS Prompt Access server s command or menu prompt Callback NAS Prompt Callback first then NAS prompt Setting User Permissions Permissions are explicitly given by the authorizations that were in the user name entry in the RADIUS server s authentication entry When any attributes that may be appropriate are missing an attempt is made to find a specified value in the realm defaults When these are still missing the port configuration can supply its specified values for attributes having a corresponding representation in the port Permissions are from a DIGITAL vendor specific RADIUS attribute The followi
195. aracteristics on the access server and remote clients DHCP provides dynamic assignment of IP addresses and discovery of IP configuration parameters for example subnet mask or default gateways A DHCP client requests and receives this information from a DHCP server on the network Enabling DHCP on the access server allows it to learn some of its IP configuration information from a DHCP server The access server does not receive its IP address from the DHCP server you must manually configure it or use a BOOTP server Enabling DHCP on the access server also allows remote dial up clients to receive dynamically assigned IP addresses and IP configuration parameters from the DHCP server Depending on the situation the access server acts as a DHCP client or proxy By default the DHCP setting on the access server is ENABLED If you do not have a DHCP server on your network disable DHCP See the Enabling and Disabling DHCP section in this chapter BOOTP and DHCP Differences DHCP is an extension of BOOTP however using a DHCP server to obtain IP information differs from using a BOOTP server in the following ways Using a BOOTP Server Using a DHCP Server The access server can learn its IP The access server does not learn its IP address address from a BOOTP server from a DHCP server The access server can or you can configure it directly learn the following from a DHCP server on the access server e esa wae Default gateway Do
196. ata packets were received for the cache This field shows how many cached data packets were discarded This field shows how many packets were transmitted from forward cache after the route was learned This field shows how many packets were discarded that were ready for transmission from the cache This field shows how many packets were discarded because the route was not learned Number of RIP SAP request packets transmitted Field RIP SAP Requests Received RIP SAP Requests Discarded RIP SAP Request Resource Errors RIP SAP Responses Transmitted RIP SAP Responses Received RIP SAP Responses Discarded RIP SAP Response Resource Errors Displaying IPX Counters Description Number of RIP SAP request packets received Number of RIP SAP request packets discarded Number of RIP SAP request packet resource errors Number of RIP SAP response packets transmitted Number of RIP SAP response packets received Number of RIP SAP response packets discarded Number of RIP SAP response packet resource errors Managing IPX 20 27 Displaying IPX Routes Displaying IPX Routes Using the SHOW IPX ROUTES Command Use the SHOW IPX ROUTES command to display IPX Routes This command is nonprivileged IPX Routes Display The following example shows the command to display IPX routes Local SHOW IPX ROUTES IPX Routes Destination Next Hop Interface Ticks Hops
197. ates a session for each terminal session Switch among your terminal sessions by using a switch session key on the terminal keyboard In local mode you can enter access server commands at the access server prompt The Local Mode Command Restrictions During Session Management table lists command restrictions that apply to session management terminals If you enter LOCAL as a service name for a terminal session the access server places the port in local mode Configuring and Managing Interactive Devices 11 15 Configuring On Demand Loading for Asian Terminals Configuring On Demand Loading for Asian Terminals Introduction Asian terminals implementing the On Demand Loading ODL font protocol can communicate with an OpenVMS load host through an access server The access server software has an on demand loading characteristic that enables the ODL protocol When the on demand loading characteristic is enabled on the access server the ODL protocol overrides FLOW CONTROL during font loading to allow for Asian characters This function is available only on a LAT network On Demand Loading Configuration Example The following shows how to enable on demand loading on port 5 Local CHANGE PORT 5 ON DEMAND LOADING ENABLED Disable Switch Character You should disable the access server switch characters to prevent interference with font requests from an Asian terminal Reference See the following sections in this chapter Specifying Ke
198. ations for IBM 3270 Information Display Systems and terminal emulation This chapter also assumes that the system manager at the host site configures the appropriate TCP IP software Configuring and Managing 3270 Terminal Emulation TN3270 18 1 Supported ASCII Terminals Supported ASCII Terminals Definition TN3270 supports the following models of DIGITAL ASCII terminals VT100 with Advanced Video Option VT102 VT220 VT240 and VT241 VT320 VT330 VT340 and VT341 VT420 In the remainder of this chapter the term ASCII terminal refers to all the models listed above and any compatible terminal emulation package 18 2 Configuring and Managing 3270 Terminal Emulation TN3270 Definition and Description of a Keyboard Map Definition and Description of a Keyboard Map 3278 Keyboards Because the IBM 3278 keyboard differs greatly from those on ASCII terminals TN3270 provides keyboard maps A keyboard map assigns the functions on the IBM 3270 keyboards to keys or key sequences on the ASCII terminals For example Ctrl Z on an ASCII keyboard by default maps to the IBM 3270 EXIT function when you use the VT100 keyboard map Server Specific Keyboard Maps You can have server wide keyboard maps that all server ports can access or you can set them up on a port by port basis For information on displaying and customizing keyboard maps refer to Displaying and Customizing Keyboard Maps in this chapter Configuring and Managing 3270 Ter
199. ave more than one type of service permission The user can also have more than one type of permission assigned at a time There is no limit to the total number of permissions a user can have Service Type Telnet LAT Dial Out Dial Back SLIP PPP Privileged User User Access The user may make Telnet connections on the current session The user may make LAT connections on the current session The user may invoke a dial out connection on the current session The user may invoke a dial back on the current session The user may invoke a SLIP connection on the current session The user may invoke a PPP connection on the current session The user has a privilege level of PRIVILEGED 11 30 Configuring and Managing Interactive Devices Managing Access Server User Accounts User Account Command Parameters The commands in the following table allow the security manager to manage a small local database to be used for authentication and authorization The table shows the command keywords associated with user account variables Command Clause CLEAR PURGE SET DEFINE CHANGE PASSWORD USERACCOUNT DIALOUT NUMBER DIALBACK NUMBER DIALOUT SERVICE Description Allows local data base entries to be deleted Permits entry addition and modification Allows modification of the password field for the specified entry User name of account Contains a phone number used on dial out Contains
200. ave to use quotation marks For example b tftp serversw B This command and the quotation marks explicit null name instruct the access server to search for any image in Flash RAM If the access server is unable to find an image in Flash RAM then it loads from the network The network load host defines this software and is typically based on the Ethernet MAC address of the access server FLA Use Flash RAM For example B FLA MNENG2 ETH Use the network to find a load host For example B ETH MNENG2 FLA ETH Use Flash RAM first and if that does not work then use the network to find a load host For example B FLA ETH MNENG2 Option B M B S Definition This command boots the maintenance mode software for the access server The network load host defines this software and is typically based on the Ethernet MAC address of the access server This command boots the standard system software for the access server The network load host defines this software and is typically based on the Ethernet MAC address of the access server This command displays the help text that describes the interactive boot mode commands This command initializes the access server using the default boot parameters The access server performs all normal self tests This command resets the factory settings and initializes the access server This command requires verification Enter Y
201. ay uses part of the host portion of the Internet address to identify the subnet and route packets to it And finally the lowest level the specific host computer uses the remainder of the host portion of the address to identify and accept packets addressed to it Glossary 15 Glossary 16 subnet identifier This is the part of the network address that is unique to the subnet It can be determined by logically ANDing the Internet address with the subnet mask subnet mask A 32 bit quantity that enables gateways and host computers to know which bits in the Internet address correspond to their subnet address and which correspond to their host addresses switch characters Characters interpreted by the access server that cause the access server to switch between sessions or between local and service modes synchronous Pertaining to a communication method in which each event occurs in relation to a timing signal TCP IP Transport Control Protocol Internet Protocol A suite of Internetworking communication protocols of which TCP and IP are the two most fundamental TCP port This is a protocol port number used by TCP IP For access servers this number is mapped to a physical access server port number TD SMP Terminal Device Session Management Protocol An asynchronous coded syntax used by the access server and a terminal to manage independent multiple terminal sessions simultaneously over a single physical circuit See session mana
202. aying PPP Characteristics Introduction Displaying PPP Characteristics This section describes the commands used to display characteristics for LCP IPCP and ATCP Displaying LCP Characteristics Use the SHOW PORT n PPP LCP CHARACTERISTICS command to display LCP characteristics for a port This command is nonprivileged The fields shown in the LCP display show the latest values configured by the SET PORT n PPP LCP characteristic commands Use the SHOW MONITOR PORT n PPP LCP STATUS command to see the values actually used on the link Example Displaying LCP Characteristics The following example shows the command to display the LCP configuration for port 3 Local gt SHOW PORT 5 PPP LCP CHARACTERISTICS Port 5 LCP Characteristics LCP Restart Timer ax Failure LCP Options RU Link Quality agic Number PF Compress ACF Compress FCS Size Callback Character Map Server LAT 08002B26D0E7 Enabled Passive Open Disabled ax Configure ax Terminate Local 1500 FFFFFFFF Disabled Disabled Disabled Disabled 16 Bit Disabled 3 10 2 10 seconds transmissions transmissions transmissions Configuring and Managing Point to Point Protocol PPP Ports 19 5 Displaying PPP Characteristics Fields in the LCP Characteristics Display The following table explains the fields in the LCP characteristics display Field LCP Passive Open Restart Timer Max Configure Max Te
203. ber of times that IPCP sends a negative acknowledgment for the peer s proposed options before deciding to reject the options Indicates if IP address negotiation is enabled for this link Indicates the address that the access server should negotiate to use for the peer and the source of the port s remote IP address Indicates that TCP IP header compression is to be used Indicates the maximum number of TCP IP sessions that can be compressed at any given time Values 1to 15 attempts 1to 15 attempts Enabled Disabled Enabled Disabled 4 to 16 Default 2 10 Disabled 0 0 0 0 Disabled 16 Configuring and Managing Point to Point Protocol PPP Ports 19 9 Displaying PPP Characteristics ATCP Characteristics The SHOW LIST MONITOR PPP ATCP CHARACTERISTICS command displays the ATCP configuration for a given port The fields in the display show the latest values configured by the SET PORT n PPP ATCP characteristic commands Use the SHOW MONITOR PORT n PPP ATCP STATUS command to see the values actually used on the link Example ATCP Characteristics Display The following example shows a sample ATCP characteristics display Local SHOW PORT 5 PPP ATCP CHARACTERISTICS Port 5 Server LAT 08002B26AA94 ATCP Characteristics ATCP Enabled Passive Open Enabled Restart Timer 3 seconds Max Configure 10 transmissions Max Terminate 2 transmissions Max Failure 10 transmissions A
204. ble Input Signal table Output Signal table LKG 6681 S6f 16 4 Configuring for SNMP Access Configuring the Access Server for SNMP Access Configuring the Access Server for SNMP Access Enabling and Disabling SNMP The access server must have an Internet address to enable SNMP To enable SNMP enter Local CHANGE SNMP ENABLED To disable SNMP enter Local CHANGE SNMP DISABLED Displaying Information About SNMP Use the SHOW SNMP command to display the access server s SNMP characteristics Example Displaying SNMP Information The following example shows how to display SNMP information on the access server Local SHOW SNMP SNMP State ENABLED AUTHENTICATION FAILURES ENABLED Community Name Address GET GETNEXT SET TRAP PUBLIC ANY ENA ENA DIS DIS SNUGS ANY ENA ENA ENA DIS BUGS 1 952 1 31 5 ENA ENA ENA DIS SERVER 195 1 1 2 ENA ENA ENA ENA Default Community Name PUBLIC The CHANGE SNMP ENABLED command automatically configures the access server with the default community name PUBLIC This community name follows the default behavior for the SNMP operations listed in the Supported SNMP Operations section in this chapter Configuring for SNMP Access 16 5 Configuring the Access Server for SNMP Access Configuring a Community Name for Access by Any NMS Use the CHANGE SNMP COMMUNITY community name SET ENABLED command to cr
205. ble describes the fields in the LCP counters display Field Negotiation Successes Negotiation Failures Configures in Configures out Acks in Acks out Naks in Naks out Rejects in Reject outs Terminates in Terminates out Term Acks in Term Acks out Code Rejects in Configuring and Managing Point to Point Protocol PPP Ports 19 19 Description The number of times that LCP successfully entered a round of negotiations since the link was brought up Ordinarily this counter is 1 However you can reconfigure LCP and then cause LCP to renegotiate This changes the performance characteristics for the link The number of times that LCP tried to negotiate the link but failed The number of LCP configure requests received from the peer The number of LCP configure requests sent to the peer from the access server The number of LCP configure acks received from the peer The number of LCP configure acks sent to the peer from the access server The number of LCP configure naks received from the peer The number of LCP configure naks sent to the peer from the access server This counter should always be zero in this release The number of LCP configure rejects received from the peer The number of LCP configure rejects sent to the peer from the access server The number of LCP terminate requests received from the peer The number of LCP terminate requests sent to the peer from the access ser
206. ble for service connections LAT virtual circuits on which the access server has active connections with service nodes Service nodes with which the access server has established LAT virtual circuits Total number of LAT Telnet and SLIP sessions on the access server Total number of LAT Telnet and SLIP sessions on the access server Percentage of processing time the access server used This value is calculated every second Percentage of the general memory pool being used Number of minutes remaining on the initialize timer If no INITIALIZE command is in effect N A is displayed to indicate not applicable Number of nodes that could not be entered into the access server database because of the value set for the node limit characteristic or because of a lack of memory If this count is nonzero the access server might be experiencing resource problems Field Resource Errors Port Framing Errors Port Parity Errors Port Overrun Errors Primary Host Displaying Information About the Access Server Description The memory used for storing service and node information is shared with that used for handling multiple sessions and queued connection requests If the access server receives information on a greater number of nodes than specified in the node limit access server characteristic it discards that information and increments the Discarded Nodes counter However if the node limit is not reached but the acce
207. bytes received with parity errors at the port If this value accumulates to greater than about 20 errors per day on any one port you might have port line problems Refer to the troubleshooting procedures in the Network Access Server Problem Solving manual 17 26 Managing the Access Server Field Overrun Errors Local Accesses Remote Accesses Displaying Port Status Checking Port Status and Counters Description Number of characters lost because the access server input buffers were full If this value accumulates more than 10 errors daily on any one port you might have flow control problems If the port device supports flow control ensure that the access server flow control and the flow control in the hardware for that device are set the same way To check the FLOW CONTROL setting use the SHOW PORT CHARACTERISTICS command Number of times an access server login occurred on the port Number of times a remote access connection was established on the port The SHOW MONITOR PORT STATUS command displays information about the operational condition of the selected port Example SHOW PORT STATUS Display The following example shows how to generate a port status display Local SHOW PORT 1 STATUS Port is Joe Smith Server SERVERNAME Access Remote Current Service TEST status Connected Current Node PEACH Sessions 1 Current Port LTA15 Input XOFFed No Output Signals DTR RTS Input Signals DSR RXD Out
208. cal gt CHANGE PORT 5 DSRLOGOUT ENABLED Specifying LONGBREAK LOGOUT The LONGBREAK LOGOUT characteristic causes access server to logout a port device when the device deasserts RxD for 2 5 to 3 5 seconds You use this characteristic for devices that do not support the DSR signal Use the SHOW LIST MONITOR PORT STATUS command to determine if the RxD signal is valid If the signal is valid it appears in the Input Signals field By default LONGBREAK LOGOUT is disabled Example Enabling LONGBREAK LOGOUT The following command shows how to enable LONGBREAK LOGOUT on port 5 Local gt CHANGE PORT 5 LONGBREAK LOGOUT ENABLED Configuring Basic Device Characteristics 9 13 Specifying the Automatic Logout Characteristics Specifying INACTIVITY LOGOUT The INACTIVITY LOGOUT characteristic allows you to enable or to disable automatic log out for the port If INACTIVITY LOGOUT is enabled the access server automatically disconnects the session and logs out the port if there is no input or output activity for the time specified by the INACTIVITY TIMER characteristic Example Enabling INACTIVITY LOGOUT The following example shows how to enable INACTIVITY LOGOUT on port 5 Local gt CHANGE PORT 5 INACTIVITY LOGOUT ENABLED Specifying the INACTIVITY TIMER The INACTIVITY TIMER characteristic specifies the timeout period for all ports You use the INACTIVITY TIMER characteristic when you enable the INACTIVITY LOGOUT characteristic The range fo
209. cation Required To configure a port with no login password authentication required use the following commands Local CHANGE PORT Local CHANGE PORT Local CHANGE PORT Local CHANGE PORT PASSWORD DISABLE AUTOBAUD DISABLE SPEED speed DEDICATED PPP DEFAULT PROTOCOL PPP 5595 8 Note With AUTOBAUD DISABLEG serial port speed must be explicitly configured for both the modem and the DECserver port Configuring the Port for PPP IPXCP Data Link To configure a port for PPP IXPCP data link use the following commands Local CHANGE PORT n LCP MAP A0000 Local CHANGE PORT n LCP PASSIVE DISABLE Local CHANGE PORT n LCP ENABLE Local CHANGE PORT n IPXCP ENABLE Local CHANGE PORT n PPP ENABLE Enabling PPP PAP Password Authentication To enable the optional PPP PAP password authentication use the following commands Local CHANGE SERVER LOGIN PASSWORD xxxxxx Local CHANGE PORT n LCP AUTHENTICATION PAP Managing IPX 20 9 Setting Up the Network Access Server Disabling PPP PAP Password Authentication To disable the optional PPP PAP password authentication use the following command Local CHANGE PORT n LCP AUTHENTICATION DISABLE Passwords Both login password authentication and PPP PAP password authentication use the same password One or both can be enabled at the same time For PAP verification of the password is case sensitive If PAP is enabled the password must also be supported and configured using
210. ccess Chapter 17 Managing the Access Server Overview Introduction The following lists the actions you perform to manage the access server These actions should be done on an as needed basis e Manage the access server as part of the LAT network e Manage the access server as part of the TCP IP network e Manage access server characteristics e Check port status and counters e Reassign a port device in case of port failure In This Chapter This chapter contains the following topics e Managing Your Access Server As Part of the LAT Network e Displaying Information About the Access Server e Checking Port Status and Counters Managing the Access Server 17 1 Managing Your Access Server As Part of the LAT Network Managing Your Access Server As Part of the LAT Network Introduction The network manager should coordinate the activities of service nodes and access servers This section describes a set of configuration guidelines that helps maximize performance from your LAT network All the guidelines presented are optional however failure to follow these guidelines might result in unnecessary performance degradation Distributing Devices on Access Servers With the LAT protocol the network bandwidth use is optimized when a high number of terminals or other devices are placed on every access server If only one or two terminals are in use on each access server the LAT protocol accounts for a higher proportion of the
211. ccess server negotiates to allow its peer to omit the HDLC address and control fields from packets sent over the link The size of the FCS that the access sever is configured to negotiate Indicates that the access server negotiates to request a call back Displaying PPP Characteristics Values Disabled Enabled Disabled Enabled Disabled 16 bit Enabled Disabled Note This field has a fixed value in this software release Default Disabled Disabled Disabled 16 bit Enabled Note f you enable PPP call back negotiation on a port it is strongly recommended you also enable some sort of authentication PAP CHAP etc on the port Without authentication any user who happens to discover the phone number for that port s modem could potentially request a call back and run up unlimited phone charges To enable authentication on a port refer to Chapter 22 Displaying IPCP Characteristics The SHOW LIST MONITOR PPP IPCP CHARACTERISTICS command displays the IPCP configuration for a given port The fields in the display show the latest values configured by the SET PORT n PPP IPCP characteristic commands Use the SHOW MONITOR PORT n PPP IPCP STATUS command to see the values actually used on the link Configuring and Managing Point to Point Protocol PPP Ports 19 7 Displaying PPP Characteristics Example IPCP Characteristics Display The following example shows a sample IPCP characteristics display
212. ce Connections Characteristic The service connections characteristic allows you to disable additions to the connection queue when a given service is busy Changing this characteristic does not affect requests that are already in the queue Example Disabling Port Queuing The following example shows how to disable additional queued connections for the service LNO3 PRINT Local CHANGE SERVICE LN03 PRINT CONNECTIONS DISABLED Server Queue Limit Characteristics The server queue limit characteristic the maximum number of entries permitted at one time in the queue The access server can queue up to 200 connection requests Example Changing Queue Limit Characteristics The following example shows how to change the queue limit to 150 Local CHANGE SERVER QUEUE LIMIT 150 Displaying Access Server Queue Entries The SHOW MONITOR QUEUE command displays the status of requests in the connection queue Options for the SHOW MONITOR QUEUE Command The following table lists the SHOW MONITOR QUEUE commands Option Displays Entries For PORT port number A specific port NODE node name A specific node SERVICE service name A specific service ALL All types of requests For example to display information about the entries for the service LASER enter the following command Local SHOW QUEUE SERVICE LASER The entry identification numbers in a SHOW MONITOR QUEUE display can range from 1 to 9999 They are not related to the queue depth or t
213. cess server tries to connect to a busy service on an access server the Port Queuing characteristic allows the connect request to be queued The service must be on an access server either the same one as the user s or a different one The queuing of the connect request also depends on whether the access server offering the service has reached its queue limit or has queuing disabled In this case the connection is not queued and the user receives a message that indicates that service is not available If the access server offering the service has queuing enabled and has not reached its queue limit the request is queued If more than one access server offers the service your access server will attempt to connect to the target access server that has the highest service rating For access servers that offer queuing service ratings are higher for access servers that have the greatest number of open positions in their connection queues If the port queuing characteristic is disabled your access server cannot request a queue connection when a service is busy Therefore if the service is busy your user receives a message that indicates that service is not available The factory set default is disabled Example Enabling Queuing on a Port This example shows how to enable queuing on port 5 Local CHANGE PORT 5 QUEUING ENABLED Configuring and Managing Interactive Devices 11 7 Configuring an Interactive Device for LAT Sessions The Servi
214. characteristic whenever you establish a new LAT service session By default AUTOPROMPT is enabled If the service node supports AUTOPROMPT the service node performs a system specific login sequence such as displaying a service announcement or login prompt If you disable AUTOPROMPT and the service node recognizes this the service node does not perform any login sequence Since devices without keyboards cannot respond to a login sequence you should disable AUTOCONNECT for these devices Example Disabling AUTOPROMPT The following example shows how to disable AUTOPROMPT Local CHANGE PORT 5 AUTOPROMPT DISABLED Specifying the Default Protocol The following options are available with the SET DEFINE CHANGE PORT DEFAULT PROTOCOL command e LAT The access server defaults to the LAT protocol when the user does not specify a protocol in the CONNECT command e SLIP The access server defaults to the SLIP protocol when the user does not specify a protocol in the CONNECT command e TELNET The access server defaults to the Telnet protocol when the user does not specify a protocol in the CONNECT command e ANY The access server first searches the network resources on the LAT network when the user does not specify a protocol in the CONNECT command If unsuccessful the access server then searches the network resources on the TCP IP network The AUTOCONNECT characteristic must be disabled when the default protocol is set to AN
215. conds The default is 80 milliseconds which is recommended for normal interactive functions Changing the CIRCUIT TIMER To change the circuit timer use the command shown in the following example Local CHANGE SERVER CIRCUIT TIME milliseconds Increasing the CIRCUIT TIMER As you increase the circuit timer value the LAT protocol overhead decreases on the access server service node and network A slower terminal response time however is the trade off for any increased circuit timer value Decreasing the CIRCUIT TIMER If you reduce the circuit timer value the access server port buffers are less likely to fill between virtual circuit messages If you have a file transfer with no flow control between a port and a device a lower circuit timer value can mean fewer data overrun errors at the port Therefore a reduced circuit timer value may enable file transfers to run at increased speeds 6 6 Configuring LAT Characteristics IDENTIFICATION Characteristic IDENTIFICATION Characteristic Introduction The IDENTIFICATION characteristic is a string that can be up to 40 characters long This string displays e Under the welcome banner during a login procedure e Inthe SHOW SERVER displays The access server also uses the identification string when it multicasts messages about the availability of services Changing the Server Identification String To change the server identification string use the following command Local g
216. connection MODE Command Variables The following table explains the MODE command variables Variable LOCAL LOGIN PPP SLIP 21 14 Managing Dial Services Definition Interactive nondedicated session Comments Maximum length 1 to 16 characters Maximum length 1 to 16 characters May be entered either on the command line within quotes or at a prompt If PASSWORD is the last word on the command line the user is prompted for a password DNAS masks the password string upon entry Variables LOCAL LOGIN PPP SLIP Interactive dedicated session to a host Dedicated PPP session Dedicated SLIP session Any mode allowed Configuring Interactive Dial Requests Configuring Interactive Dial Requests Configuring for Interactive Dial Back The following example sets the access server to a predefined phone number Local CHANGE DIALER AT HOME PORT 1 16 IDENT DIALS YOU AT HOME The dialer service AT HOME is set up to allow any phone number to be dialed but the user s security profile allows for a connection to be made using only one number The ports are all set up to be ACCESS DYNAMIC so they can be used for dial in and also dial back The user dials in enters his user name and password and is successfully authenticated As a result the security component creates and maintains an authorization profile for this user This authorization profile which is also known as the active user databas
217. crash The access server always dumps to a load host with the protocol that was used for its download After an upline dump the access server automatically reinitializes Reference To send a dump file to Digital Equipment Corporation for evaluation follow the procedure described in the Network Access Server Problem Solving manual Upline Dumps with MOP Hosts If the access server uses the MOP protocol check the Dump Address field in the display for the SHOW SERVER STATUS command This 12 digit hexadecimal number is the Ethernet address for the load host that received the most recent upline dump If the dump host is running DECnet software you can convert the Ethernet address of the dump host to the DECnet node address of the dump host A formula for this conversion appears in the DECnet documentation for the operating system of the dump host When you use the Add option of DSV CONFIGURE or DS VCONFIG the command procedure assigns a name for the access server dump file When a dump occurs MOP takes the data and creates the dump file If the access server dumps more than once MOP creates new versions of the file Upline Dumps with BOOTP TFTP Hosts Load hosts that use BOOTP and TFTP protocols store upline dumps in the file that you created when you configured the load host Refer to the DECserver Network Access Software Installation DIGITAL UNIX guide 4 12 Managing Load Hosts Terminal Server Manager TSM Terminal Serv
218. cs see Configuring Individual Telnet Client Session Characteristics in this chapter are not included in this example Also this example assumes that the port and device characteristics match See the Matching the Port and Device Characteristics section in Chapter 9 The following are variables that you should substitute with the appropriate value e Access server port number e FLOW CONTROL you cannot enable DSR FLOW CONTROL when the DSRLOGOUT characteristic is enabled as described in FLOW CONTROL Types Reference For a description of each command refer to the Network Access Server Command Reference Note Not all commands can be combined on one line Configuring a Device on Port 6 for Internet Hosts Example The following example shows a sample configuration of a device connected to Internet hosts which is illustrated in the Sample Network Configuration section in this chapter Local CHANGE PORT 6 ACCESS LOCAL AUTOBAUD ENABLED Local CHANGE PORT 6 BREAK LOCAL DEDICATED NONE Local CHANGE PORT 6 DEFAULT PROTOCOL TELNET Local CHANGE PORT 6 DSRLOGOUT ENABLED FLOW CONTROL XON Local CHANGE PORT 6 INACTIVITY LOGOUT ENABLED INTERRUPTS DISABLED Local CHANGE PORT 6 LIMITED VIEW DISABLED PASSWORD DISABLED Local CHANGE PORT 6 TELNET CLIENT PROFILE CHARACTER To connect to any host available on the TCP IP network the user enters the CONNECT OPEN or TELNET command Enable DSRLOGOUT or LONGBREAK LOGOUT see Specif
219. ct event and either AUTOLINK SLIP or PPP in the disconnect event depending on what protocol was used last SNMP Community Fail SNMP IP representing SNMP over IP Access The access type either Local or Remote 23 6 Accounting Field Peer Reason What Events Are Logged Description The value of this field varies depending on the protocol field as follows LAT Local Access For nondedicated preferred case whatever you type following the CONNECT LAT command For example C CLUSTER peer is CLUSTER1 C CLUSTERI NODE NODE peer is CLUSTERI NODE 1 If dedicated preferred service is defined the peer field will contain the service name Remote Access The local service name followed by the remote node name Telnet Local Access For nondedicated preferred case whatever you type following the CONNECT Telnet command For example TELNET NODE peer is NODE1 TELNET NODEI finance acme com peer is NODEI finance acme com If dedicated preferred service is defined the peer field will be the service name Remote Access The remote node s IP address followed by the remote TCP port number PING Whatever you type following the PING command For example PING NODEI peer is NODE1 PING NODEI finance acme com peer is NODE1 finance acme com MOP maintenance password fail event The Ethernet address of the remotely connected device SLIP The peer field is SLIP PPP The pe
220. d AUTOLINK authentication Once the terminal emulation program is running and the user is authenticated the PC can access hosts on the TCP IP and LAT networks through the access server by using the CONNECT command Configuring and Managing SLIP Ports 15 11 Establishing a SLIP Session Establishing a SLIP Session Enabling a SLIP Session from the PC The following example shows how a nonprivileged user could configure and start a SLIP session The example assumes that the port characteristics are configured as shown this example The CHANGE PORT SLIP MTU command is optional Local CHANGE PORT SLIP HOST 195 1 1 1 SLIP MTU 800 Local CHANGE PORT SLIP MTU 800 Local CONNECT SLIP Local 561 Starting SLIP or PPP datalink session If you previously configured the port with an Internet address and an MTU then you only need to use the CONNECT SLIP command After Making a Connection Once you enter the CONNECT SLIP command the access server expects IP packets from the PC formatted as SLIP frames Use the appropriate command to exit from terminal emulation mode on your PC and start the desired IP application program To transfer files use any file transfer program that supports SLIP You do not need to configure data transparency on the access server 15 12 Configuring and Managing SLIP Ports Compressed SLIP Compressed SLIP Introduction The access server has the ability to enable compressed SLIP CSLIP Enabling CSLIP com
221. d 22 16 Callback Login 22 16 Callback NAS Prompt 22 16 framed 22 16 Index 10 NAS Prompt 22 16 authorization 22 2 configuring 22 13 realms 22 13 user authorizations 22 14 user permissions 22 16 User Service Type attribute 22 16 Reacquiring AppleTalk status display 8 10 Realms defining SecurID 22 25 Kerberos 22 6 local setting 22 27 SecurID 22 24 to 22 25 Reason field 23 7 Receive Packets Lost 15 14 Received 7 22 Registering AppleTalk status display 8 10 Remote ACCESS characteristic 9 5 AppleTalk ARP display 8 14 Remote access 23 5 23 7 REMOTE characteristic 10 2 Remote console port 2 1 2 7 4 3 features 2 7 local switch character 2 7 sessions limit 2 7 Telnet 2 12 Remote console sessions communications 2 7 REMOTE PRINT COM file 12 10 REMOVE QUEUE commands 11 9 ALL 11 9 SERVICE 11 9 Request Status 11 44 Request To Send RTS 10 3 10 5 Resolution Host Limit characteristic 7 8 Resolution Mode characteristic 7 8 Resolution Retry Limit characteristic 7 8 Resolution Time Limit characteristic 7 8 RESPONDER characteristic 6 16 Response Information 6 16 Resume Output 11 44 Retransmit limit characteristic 6 15 SHOW SERVER display 2 6 RI 10 3 to 10 5 10 9 RING characteristic 10 12 RING Indicator RI 10 3 to 10 4 Ring Indicator RI 10 5 Router Lost 8 8 RTMP 8 8 RTS 10 3 10 5 10 9 10 12 to 10 13 10 18 Rx Field 23 8 S Seconds Since Last Validated AppleTalk routes display 8 13 Secrets 22 4
222. d Definition Example The following example shows how to define TOTAL as the login password Local CHANGE SERVER LOGIN PASSWORD TOTAL or Local gt CHANGE SERVER LOGIN PASSWORD Password gt TOTAL not echoed VERIFICATION gt TOTAL not echoed Local gt You must enable the PASSWORD characteristic at the port level The following shows how to enable PASSWORD at ports 5 6 and 7 Local gt CHANGE PORT 5 6 7 PASSWORD ENABLED Once the PASSWORD characteristic is enabled at a port the login prompt appears at the port device accompanied by a beep signal when the user logs in to the port The user must enter the login password to gain access to the port You can change the login password but you cannot clear the password If you specify NONE or type a null string on the command line you receive an error message To reset the default ACCESS specify ACCESS on the command line or ACCESS at the Password prompt Specifying PASSWORD LIMIT The PASSWORD LIMIT characteristic specifies the following e The number of times that a port user with the PASSWORD and or AUTHENTICATION port characteristic enabled can incorrectly enter the login password before the port is automatically logged out If the port user fails to type the correct password within the number of allowed attempts that user is not allowed to complete the login sequence for 1 minute After 1 minute the user can attempt to log in again e The number of times
223. d is entered The factory set defaults LOCK ENABLED You can disable the LOCK command for all users as follows Local CHANGE SERVER LOCK DISABLED Configuring and Managing Interactive Devices 11 39 Managing Users Example Configuring LOCK The following example shows how to enable LOCK on the access server while disabling LOCK on ports 5 through 7 Local CHANGE SERVER LOCK ENABLED Local CHANGE PORT 5 7 LOCK DISABLED Since anyone can LOCK any terminal the LOCK facility can cause inconvenience in a situation where there are irresponsible users If a user forgets the LOCK password you have to log out the port with the LOGOUT command before the port can be used again However the LOGOUT command disconnects all sessions on that port In that case it may be best to disable LOCK on that port and rely on users to protect their sessions by disconnecting them when they must leave the terminal unattended Displaying Information About the Users You can use the SHOW MONITOR USERS command to do the following e Determine which ports are in use at any time e Identify the port users e Display information about active port users Example SHOW USERS Display The following example shows how to generate a users display The display contains one line of information for each port that is logged in to the access server Local SHOW USERS Port Username Status Service 1 Rich Smith Connected DOCUMENT2 2 Jane Brown Locked TIMESHAR
224. d number of sessions for all ports must be equal to or less than the access server session limit A high limit allows users to have more sessions but results in increased memory requirements A low limit decreases the memory requirements but decreases the number of sessions If the access server session limit is reached by some of the port users the remaining port users cannot establish subsequent additional sessions In this case you need to increase the access server session limit value or decrease the port session limit value for some or all of the ports You can set the SESSION LIMIT for the access server to a value of 0 to 128 or to NONE If you enter NONE the access server maintains up to 128 sessions potentially eight per port user The factory set default is 64 sessions Example Changing the Server Session Limit The following example shows how to change the access server session limit to 48 Local gt CHANGE SERVER SESSION LIMIT 48 The maximum number of sessions allowed on one port is eight The factory set default is four sessions You can set the port session limit to a number from 0 to 8 or to NONE where NONE allows eight sessions at the port If you set a session limit to 0 the affected users cannot connect to any resources Example Changing the Server Session Limit on a Specific Port The following example shows the session limit being set to 6 on port 5 Local gt CHANGE PORT 5 SESSION LIMIT 6 Configuring and Manag
225. d operation Using a Login Script If you use a login script on the remote client your script must include the following Stage Description 1 The script must send a carriage return character Alternatively the script can send no characters for AUTOLINK TIMER PASS ONE seconds note that this is not the preferred method The script searches for Username and responds with the user s user name and a carriage return The script searches for Password and responds with the user s password and a carriage return The script searches for Local 451 Authentication successful The script exits and allows the framed protocol to run Note that the key phrase to search for is Authentication successful Managing Access Server Security 22 35 Specifying Other Security Features Specifying Other Security Features Introduction This section describes various security features on interactive ports Specifying Dedicated Service for LAT or Telnet Resources The results of specifying a dedicated service on a port are as follows e The device on the port appears hard wired to a specific resource e The access server establishes only one session for the port e Local mode cannot be entered on that port although login and service passwords can still be defined for the user on that port e The access server automatically enables AUTOCONNECT for that port AUTOCONNECT is not cleared when the dedicated service is cleared Kerberos
226. device characteristic 9 2 direction 9 12 disabling 9 12 enabling 9 12 11 25 FORMERR Answers 7 10 FORWARD SWITCH character 11 35 Forwarded Requests 8 7 Full MODEM CONTROL 10 3 10 13 10 15 to 10 16 G Gateways 7 1 22 7 configuring 7 16 defining available hosts 7 17 defining available subnets 7 17 Internet configuring 7 16 GET 16 2 GETNEXT 16 2 Group codes 11 4 H Help 2 1 2 5 4 8 command 2 5 HELP TUTORIAL command 1 4 2 5 On line accessing 1 4 example 2 5 Hop Count Errors 8 8 Hosts 2 7 gateway access 7 17 IBM Terminal emulation 18 4 Internet configuring 7 13 load commands 4 4 configuring 4 4 DECnet Phase IV OpenVMS 4 3 DECnet OSI OpenVMS 4 3 procedures 4 2 PPP management 1 3 security accounting hosts 22 5 SLIP 15 1 15 3 15 5 Telnet client 2 12 IBM 3270 Information Display Station 18 4 IBM host 18 4 ICMP Messages 7 23 ID field 23 5 IDENTIFICATION characteristic 6 2 6 7 In Errors 8 8 In GetNetInfo Responses 8 8 In Local Datagrams 8 7 In Receives 8 7 INACTIVITY LOGOUT characteristic Enabling 9 14 Inactivity timer Index 5 characteristic Changing the timeout period 9 14 SHOW SERVER display 2 6 Initialization access server 5 1 from Flash RAM image 5 5 specifying the software image name 5 5 using NCP 5 7 INITIALIZE command 5 4 DIAGNOSE option 5 6 Tests 5 6 DISABLE option 5 6 specifying the delay value 5 5 INPUT FLOW CONTROL device characteristic 9 2 Input Packets 7 9 Interactive devic
227. display and modify the ASCII to EBCDIC and EBCDIC to ASCII translation tables These tables use ASCII codes 0 to 255 When you display or change a given translation you must enter the codes in hexadecimal format Any changes to the translation tables take effect in new sessions on the access server but do not affect current sessions Command Enables You to Display and Modify SHOW SET TN3270 ATOE The ASCII to EBCDIC translation table SHOW SET TN3270 ETOA The EBCDIC to ASCII translation table 18 16 Configuring and Managing 3270 Terminal Emulation TN3270 Guidelines for Managing the Use of NVRAM for TN3270 Guidelines for Managing the Use of NVRAM for TN3270 Introduction There is a pool of approximately 2 5 KB of shared NVRAM for the customization of the following TN3270 characteristics e Keyboard maps for the ports e ASCII to EBCDIC and EBCDIC to ASCII translation tables This section provides guidelines on managing the available memory pool Storage Requirements for TN3270 Definitions in NVRAM The following table lists the TN3270 storage requirements for TN3270 definitions in NVRAM Definition Description Storage Requirements Keyboard map definition for a port Optional description text for a port Each ASCII to EBCDIC and EBCDIC to ASCII customized translation 8 bytes 8 bytes for increments of 7 bytes of text 8 bytes TN3270 Commands That Free NVRAM Space The following table lists
228. ds the connection requests The password limit applies to all password protected access server operations The range for the password limit characteristic is 0 to 10 and the factory set default is 3 The following shows how to change the limit to 5 Local CHANGE SERVER PASSWORD LIMIT 5 Configuring and Managing LAT Services 12 5 Configuration of Specific Types of Devices As LAT Services Configuration of Specific Types of Devices As LAT Services Introduction This section provides examples of configuring the following types of devices as LAT services e A personal computer as both a LAT service and a terminal e A computer e Amodem e A printer When you configure each type of device you need to determine if the devices use SIGNAL CONTROL or MODEM CONTROL For additional information refer to Specifying MODEM CONTROL and SIGNAL CONTROL in Chapter 10 Configuring a Personal Computer As a Terminal and LAT Service The following example shows a sample configuration of a personal computer PC used as a terminal and a LAT service With the port set to ACCESS DYNAMIC the PC can switch between terminal emulation mode and file transfer mode When a PC is configured as a terminal you can use the connect command to use a printer service To do this the PC must have an application program that provides file transfer capabilities Example Configuring a PC As a Terminal and LAT Service Local gt DEFINE PORT 2 ACCESS DYNAMIC AUTOBA
229. e contains among other things the phone number s that the user is authorized to use on a dial back request Security Profile Information For more information about user security profiles see the user accounts information in the Determining Security Configuration section in Chapter 22 Interactive Dial Back Dial Service Example The following example shows how the user specifies a dialer service and how the service operates Local DIAL AT HOME Local 019 Dial request queued will be attempted in 30 seconds Local LOGOUT Local 020 Logged out port 10 on server NAS700 In this example the access server uses a security realm RADIUS or local profile for authorization when the user logs in The user s RADIUS local profile is maintained while the user is logged in The profile is checked to see if the user is authorized for dial back In this particular example the authorization database has but a single phone number that the access server would use when calling back this particular user Managing Dial Services 21 15 Framed Dial Requests Framed Dial Requests Introduction Dial back requests can also be queued from a client that connects to the server using PPP Unlike PPP the SLIP protocol does not include a method of negotiating connection options including whether a call back should be attempted and the phone number to which the call back should be placed Therefore only PPP clients can request a call back Changin
230. e This Address characteristic is disabled in this release IP Address Local The IP address that the access server is using for itself on the link This value is the address used with the access server s own Ethernet Remote The value that the access server is using to identify the peer on the link Compress Indicates whether compression is turned on Header Compress States Indicates the maximum number of TCP IP connections that can be compressed at any time Configuring and Managing Point to Point Protocol PPP Ports 19 15 Displaying PPP Status Displaying ATCP Status Use the SHOW PORT n PPP ATCP STATUS command to display ATCP status The This command shows the actual state of the ATCP implementation in the access server Because of the nature of PPP negotiations this display can differ from the configured characteristics shown on the SHOW PORT n PPP ATCP CHARACTERISTICS display The display fields in fall into two categories e General ATCP status over the link ATCP Status section e Status of each ATCP option ATCP Options section Example ATCP Status Display The following example shows the ATCP status display on port 5 Local SHOW PORT 5 PPP ATCP STATUS Port 5 Server LAT 08002B26AA94 ATCP Status State Opened Negotiation Time 0 00 00 10 Since Open 0 00 08 10 Failure Reason None ATCP Options Local Remote Appletalk Address 401 20 401 12 Routing Protocol RTMP RTMP Suppress B Cast Disabled
231. e Ethernet LAN as the OpenVMS host system TTL Time To Live This is a value that shows the time that an Internet host entry in the access server database has left to be refreshed or removed This value appears in the SHOW INTERNET HOST STATUS display upline dumping The process of sending a copy of the access server memory to a responding load host usually following a fatal error The data is dumped into the unique access server dump file in the access server directory Glossary 17 Glossary 18 UDP User Datagram Protocol A protocol that is the part of the Internet Protocol that provides datagram service It distinguishes between multiple destinations on a host allowing multiple application programs executing on a host to independently exchange send and receive datagrams with multiple application programs on another host User Datagram Protocol See UDP virtual circuit A logical communications path between a access server and a service node A virtual circuit provides a bidirectional sequential timer based error free stream of data WAN Wide Area Network A network composed of computers connected by communications links that cover distances up to many thousands of miles Contrast with LAN Wide Area Network See WAN XON XOFF characters These characters are used with a form of in band flow control and are transmitted as TxD and RxD data Symbols 4 6 letc add DECserver procedure 4 2 letc list DECserver proc
232. e application or device on the access server port The mapped character is defined by the device or application For example if an application defines IP as Ctrl G then you need to map IP to Ctrl G Local CHANGE PORT 5 TELNET SERVER IP G Event Indications You can map the following event indications to keyboard characteristics Event Indication Description Abort Output AO Occurs when the remote user of this connection requests that any output currently en route to the user s terminal be aborted Interrupt Process IP Occurs when the remote user of this connection requests that the process at this access server be aborted Are You There AYT Occurs when the remote user of this connection requests a response from the Telnet server to verify that the connection is active Break BRK Occurs when the remote user of this connection sends a remote break End of Record EOR Occurs when the remote user of this connection issues an EOR request Erase Previous Character EC Occurs when the remote user of this connection issues an EC request 13 12 Configuring and Managing Telnet Servers Configuring Telnet Server Session Characteristics Event Indication Description Erase Previous Line EL Occurs when the remote user of this connection issues an EL request No operation NOP Occurs when the remote user of this connection issues a NOP command Specifying Newline Characteristics The NEWLINE characteristics al
233. e are two types of loopback tests internal and external The external loopback test requires a loopback connector Maintenance Operation Protocol See MOP Management Information Base See MIB Maximum Transmission Unit See MTU MIB Management Information Base A listing of variables that can be accessed by SNMP MOP Maintenance Operation Protocol A maintenance protocol specified in the DIGITAL Network Architecture DNA that is used to implement the Remote Console Facility and to perform downline loads upline dumps and loopback tests MTU Maximum Transmission Unit This specifies the IP datagram size in bytes multicast A process whereby a message sent to one address can be transmitted to a number of nodes affiliated with that address See also broadcast multicast timer A LAT service characteristic that determines the time interval between each multicast message multihomed host An IP host that has more than one IP address name resolution Internet Refers to the process of translating a name into a corresponding Internet address The Internet domain name system provides a mechanism for naming computers in which programs use remote name servers to resolve computer names into Internet addresses for those computers name server See Internet name server NCP Network Control Program The DECnet command interface used to configure control monitor and test DECnet networks network access server
234. e ees 4 10 IP Address Configuration Via BOOTP 0 0 00 cece eee 4 10 Remote Connection Password 4 11 Uphne Dumping eee BS eee hades Ute east aite ac rd eS ee ed 4 12 Introduction 2 ou IIIS E I Ge cette le esed ete an ees 4 12 Upline Dumps with MOP Hosts 4 12 Upline Dumps with BOOTP TFTP Hosts 00 0 0 eee cee ee 4 12 Terminal Server Manager TSM 20 cece cece ee hn 4 13 Introd ction i uii reta e EMEN SE D ek wee eR Aneta be cene 4 13 5 Initializing the Access Server ON CIVIL Ws 000 e aches A b i cU ge A AA AAA AA 5 1 TOC A e I E 5 1 In This Chapter init ti abe soe er dit dr 5 1 Preparing LAT Services for Initialization 0 0 0 eee eee nee 5 2 DOTS silo ou asec Baie seen Leas totale CER Rt le REA A Cuan bd Bd MOB en shebang ha 5 2 vi Preparing Telnet Listeners for Initialization leere 5 3 DO TAS eR RUPES PSP ERI UR EE PARS ER det DENEN 5 3 Initializing the Access Server 1 2 0 ee net teen eee 5 4 Using the INITIALIZE Command 00 eee 5 4 Default Mode for the INITIALIZE Command 00 0 0 c eee eee eee ee 5 4 Specifying Initialization from a Load Host 0 0 0 eee 5 5 Specifying an Image Name When Initializing 0 0 00 eee eee eee 5 5 Updating Flash RAM eee eee ERE UR Ce e IARE R ee PUR 5 5 Specifying a Delay Value with INITIALIZE seseeeeeee II 5 5 Using the DIAGNOSE Option with INITIALIZE 0
235. e listener s access server port numbers the last line displays whether connections to the listener are enabled or disabled Displaying Telnet Server Characteristics The SHOW LIST MONITOR PORT TELNET SERVER CHARACTERISTICS command displays the Telnet server characteristics Example SHOW PORT TELNET SERVER CHARACTERISTICS Display The following example shows how to display the Telnet server characteristics on port 12 Local SHOW PORT 12 SESSIONS 1 CHARACTERISTICS Xmit Char Size 8 Newline From Term lt CRLF gt Rev Char Size 8 Newline From Host lt CRLF gt LP None Newline To Term lt CRLF gt AYT None Newline To Host lt CR gt AO None EC NONE EOR None EL NONE OP None BRK None Local gt Configuring and Managing Telnet Servers 13 15 Managing Your Access Server As a Telnet Listener Node Removing a Telnet Listener You can remove a Telnet listener that was defined in either the permanent or operational databases Use the privileged CLEAR TELNET LISTEN command which acts on the operational database or PURGE TELNET LISTEN command which acts on the permanent database to remove a defined Telnet listener and its associated characteristics Example Removing a Telnet Listener The following example shows how to remove Telnet listener 2010 from the access server permanent database Local PURGE TELNET LISTENER 2010 Removing One of Many Devices Assigned to a Telnet Listener To remove a device that is one o
236. e of the printcap symbol you wish to modify Enter symbol name q Are these the final values for printer 1 y y The Iprsetup program creates the following printcap entry for ds0 ds0 lp1 lp rm rp sd usr spool lpdl Configuring and Managing Telnet Servers 13 9 Configuring a Remote Print Queue Step 2 Action Modify the printcap entry ds0 lp1 lp tsb0c3 prds3 sd usr spool lpdl The tsb0c3 entry identifies the access server internet address and is an entry in etc hosts for the access server The prds3 entry identifies the access server TCP port number and is an entry in etc services For example 16 20 48 43 tsb0c3 1kg dec com tsb0c3 prds3 2010 tcp Print a file using the host s Ipr command The Ipr command queues and submits a job for printing For example lpr P dsO file Configuring a TCP IP Remote Print Queue on a UNIX System System managers must provide an application that queues print jobs on a UNIX system A sample print spooler program DS7 UNIX SPOOL C for UNIX systems is included with the software distribution kit This program is written in the C language This file is loaded in the load host DECSERVER directory during installation 13 10 Configuring and Managing Telnet Servers Configuring a Telnet Listener Configuring a Telnet Listener Introduction Perform the following steps to assign a Telnet listener to one or more devices attached to access server
237. e resolution attempts when you enter a host name without a trailing dot at the end of the domain name If you end a name with a trailing dot the access server does not use a sequence of name resolution attempts Instead it uses the domain name as you enter it For example suppose that you enter Local CONNECT SALES REVENUE Because this domain name ends with a dot the access server does not append the default name resolution domain or any part of that domain TCP IP Network Characteristics 7 11 Configuring Domain Name System DNS Characteristics Changing the Time Limit The domain name resolution time limit specifies the time that the access server waits before it resends a query to a name server The range is from 1 to 10 seconds and the default is 4 seconds To change the time limit enter the command shown in the following example Local CHANGE INTERNET NAME RESOLUTION TIME LIMIT 5 Changing the Retry Limit The domain name resolution retry limit indicates the number of times that the access server resends queries to the same name server when looking for an Internet host The range is from 1 to 5 and the default is 3 To change the retry limit enter the command shown in the following example Local CHANGE INTERNET NAME RESOLUTION RETRY LIMIT 2 Changing the Name Resolution Mode The name resolution mode describes where the access server searches for host name and address information To change the name resolu
238. e that the port device is ready to receive data Cyclic Redundancy Check See CRC datagram See IP datagram Data Set Ready See DSR Data Terminal Ready See Data Terminal Ready data transparency During a session the access server normally intercepts and interprets switch characters and flow control characters Users can enable data transparency causing these characters to become transparent to the access server The access server will not intercept them while they are being exchanged in the user s current session such as during a file transfer or during a block mode transfer where the terminal sends a screen of data to the host application DECnet The DIGITAL networking software that uses the DIGITAL Network Architecture DNA on both local area networks LANs and wide area networks WANs DECnet node address A unique numeric identification required for each DECnet node assigned by the network manager The address is in the form aa nnnn where aa is an optional area number from 2 to 63 and nnnn is the node address from 1 to 1023 DECnet node name A unique 1 to 6 character alphanumeric identification including at least one alphabetic character required for each DECnet node assigned by the network manager dedicated service A network resource to which a port is permanently assigned and to which the port is always connected at login thus emulating a hardwired connection dequeue To remove the first
239. eate a community name When you create a community name without specifying an address the access server assigns the default address ANY The address ANY enables any NMS that knows this community name to GET or SET information about the access server Example Configuring Community Names for Access by Any NMS The following example shows how to create the community name SNUGS without specifying an address Local CHANGE SNMP COMMUNITY SNUGS SET ENABLED Local CHANGE SNMP ENABLED Configuring a Community Name with an Address You can configure a community name so that only an NMS with a given address can access the access server with SNMP commands Use the CHANGE SNMP COMMUNITY community name ADDRESS command to configure the community name in this way Example Configuring Community Names for Access from a Specific NMS The following example shows how to create community name BUGS Only the NMS with the address 195 1 1 1 can GET or SET information about the server Local CHANGE SNMP COMMUNITY BUGS ADDRESS 195 1 1 1 Local CHANGE SNMP COMMUNITY BUGS SET ENABLED Local CHANGE SNMP ENABLED One IP Address for a Community Name Each community name can have only one IP address assigned The access server rejects the addresses 0 0 0 0 and 255 255 255 255 By default GET and GETNEXT are enabled when you create a community name 16 6 Configuring for SNMP Access Configuring the Access Server for SNMP Access Configuring Community N
240. ection By default the access server will simultaneously communicate with all four frame types on the LAN Ethernet II 802 2 SAP 802 2 SNAP and Novell 802 3 When IPX is enabled on the access server the network addresses for all four types will automatically be learned 20 2 Managing IPX IPX Description Login Procedures One or more serial ports of the access server can be configured for Novell dial up access Depending on your requirements different login procedures for IPX can be configured including e The remote PC user can choose to activate a connection to the Novell network after login to the access server local user interface This allows the user to take advantage of other non IPX services from the access server before connecting to the Novell network e The remote PC user can automatically connect to the Novell network after login e Login and or PPP password authentication is configurable For PPP password the PC client software must support PPP PAP authentication Managing IPX 20 3 Getting Started Getting Started Checklist The following is a checklist for using this chapter to perform the basic steps to perform remote node access to a Novell network through a network access server Step Action 1 Determine your hardware software requirements Hardware and Software Requirements 2 Configure your PC Setting Up the Network Access Server 3 Configure your network access server Setting Up the Net
241. ed to learn and the network number has been automatically learned or an explicit network number has been configured The number is up to 8 hexadecimal digits no leading zeroes Disabled The network number for the corresponding LAN frame has been configured as disabled 20 24 Managing IPX Displaying IPX Counters Displaying IPX Counters Use the SHOW IPX COUNTERS command Use the SHOW IPX COUNTERS command to display the IPX counters The command is nonprivileged IPX Counters Display The following example shows the command to display IPX counters on an access server Local SHOW IPX COUNTERS IPX Counters Seconds Since Zeroed 18207 IPX Total Packets Transmitted 0 Unknown Sockets 0 Total Packets Received 0 Receive Discards 0 Local Transmits 0 Transmit Discards 0 Local Receives 0 Hop Count Errors 0 FORWARD CACHE Packets Received 0 Packets Transmitted 0 Receive Discards 0 Transmit Discards 0 Overruns 0 Timeouts 0 RIP Requests Transmitted 0 Responses Transmitted 0 Requests Received 0 Responses Received 0 Requests Discarded 0 Responses Discarded 0 Request Resource Errors 0 Response Resource Errors 0 SAP Requests Transmitted 0 Responses Transmitted 0 Requests Received 0 Responses Received 0 Requests Discarded 0 Responses Discarded 0 Request Resource Errors 0 Response Resource Errors 0 IPX Counters Display Fields The following table describes the
242. ed while dormant Disconnecting Session is disconnecting from a service Idle Port is not in use Local Mode Port is logged in to the access server and is not connected to or connecting to a service Locked LOCK command was executed on the port Permanent Status that appears for the LIST command Signal Wait The port failed to assert the DSR signal during a signal check controlled connection attempt Services The local services that the access server offers on the port Host Offered initiated requests can be made for these services 17 30 Managing the Access Server Chapter 18 Configuring and Managing 3270 Terminal Emulation TN3270 Overview Introduction This chapter explains how to configure and manage the 3270 Terminal Emulator TN3270 software for the access server This software enables ASCII terminals and PCs to access IBM applications The TN3270 software enables an ASCII terminal to emulate an IBM 3278 Display Station Model 2 The display screen of this model has 80 columns and 24 rows The TN3270 software performs the following tasks e Translates the ASCII terminal data stream into the 3270 data stream and transmits it to the IBM host e Receives the 3270 data stream from the IBM host and translates it into the ASCII terminal data stream The access server uses Telnet over TCP IP to access applications on IBM hosts This chapter assumes a basic understanding of applic
243. edure 4 2 etc rem_DECserver procedure 4 2 gt gt gt 5 9 Numbers 3270 emulation 1 2 18 1 18 19 configuring 18 4 terminal 18 1 A AARP 8 6 8 9 Abort Output AO 11 23 13 12 ACCESS Device characteristic 9 2 ACCESS characteristic 9 5 Dynamic 9 5 Local 9 5 None 9 5 Remote 9 5 ACCESS DYNAMIC 21 15 Access field 23 6 Access levels 2 2 limited view 2 2 nonprivileged 2 2 privileged 2 2 secure 2 2 Access server 3270 emulation configuration 1 2 authentication services 22 1 commands 2 1 4 6 syntax 2 2 configuration SLIP ports 1 2 SNMP access 16 5 contact name 11 33 disconnecting from 2 10 displaying 17 10 Index counters 17 10 to 17 11 status 17 16 summary 17 22 initialization 5 1 5 4 Internet address 15 5 LAT network 17 2 location 11 33 managing 17 1 as a LAT node 12 16 mapping 6 16 memory 2 3 17 3 modem signals 10 3 network configuration 1 2 NUMBER characteristic 6 12 port configuration 1 2 PPP protocol 19 2 realms 22 27 removing queue entries 11 9 security 22 1 22 27 SLIP configuration 1 3 user privilege levels 2 2 username 22 8 Access Server Manager 2 1 2 7 4 2 ACCESS SERVER NAME characteristic 6 10 Accounting events types 23 3 Accounting host 22 5 Accounting Service Port 22 5 Acquired AppleTalk ARP display 8 15 Acquiring AppleTalk status display 8 10 ADD command 4 4 Address AppleTalk status display 8 11 Address resolution protocol ARP 7 18 ALTERNATE SPEED 10 6 10 19 20 7 characteristic
244. ee cx ee de 7 1 Introduction esce e em 9 EROR ERRI HR ee S EUR uU RR EE Hee 7 1 In This Chapter io dent Ee ep SLE he eee beso qaid i adstat 7 1 Configuring the Internet Address and Subnet Mask 00 00 arrere 7 3 Tasks esed tr ta e ex A Nas hehe SR Soe aoe ER ER sta re ele SR COR Segue gan 7 3 Alternative Learning IP Information 0 0 0 0 eee eee eee 7 3 Setting the Internet Address rre 0 0 cece eee eee 7 3 Setting an Internet Subnet Mask 0 0 ce cee ee eee 7 4 Displaying the Internet Address and Subnet Mask 0 0 0 0 000s eee eee 7 6 Configuring Domain Name System DNS Characteristics 00 0 0 e eee ee eee 7 7 Task oo occ het eo tt shun A neci eee edat ete eed e see s 7 1 Displaying DNS Characteristics ooo oooococooororror e 7 7 Displaying the DNS Counters 0 e 7 9 Configuring the Default Name Resolution Domain 00 0 00008 7 10 Changing the Time Limit 2 0 00 2 eee 7 12 Changing the Retry Limit 0 ceris cee een eee 7 12 Changing the Name Resolution Mode 0 0 0 e eee eee eee 7 12 Configuring a List of Commonly Used Internet Hosts 0 00008 7 13 Configuring a List of Internet Name Servers llle 7 13 Assigning DNS Server Addresses Automatically llle eee eee eee 7 15 Configuring a List of Internet Gateway Addresses llle eee 7 16 Introduction er E Rer RERUM EU bre Sates ei eR
245. eepalive timer LAT Because access servers are responsible for monitoring its balanced virtual circuits each access server maintains a keepalive timer This timer determines the length of time that a balanced circuit remains inactive Kerberos An authentication service that enhances security in an open network It was developed as part of Project Athena at Massachusetts Institute of Technology Project Athena is a software development project that facilitates communication among file servers and workstations in a distributed network environment Key Distribution Center See KDC keyword A word in a command string that further defines the command LAN local area network A network in which communications are limited to a moderately sized geographic area such as an office building or a campus LAT local area transport DIGITAL name for the Ethernet protocol used by the DECserver for terminal connections LAT architecture A layered networking model that identifies LAT communications functions assigns specific functions to distinct layers and specifies general rules for communication between LAT nodes LAT Control Program A control program that provides a command interface that allows system and network managers to set up and manage an operating system as a LAT service LAT network All the computer systems or nodes on a LAN that support the LAT protocol constitute a LAT network LAT node A computer on a LAN that con
246. efines the RADIUS accounting attributes RADIUS Accounting Attributes Acct Status Type Acct Delay Time Acct Input Octets Acct Output Octets Acct Session Id Definition One of the following types of accounting information e Start Stop Accounting On Accounting Off Checkpoint The amount of relative time from the origination of the accounting information until the transmission or retransmission of the accounting packet The number of bytes received on the port during the delivery of service The number of bytes transmitted on the port during the delivery of service A unique accounting session ID preferably related to the DECserver accounting log Managing Access Server Security 22 21 Managing RADIUS RADIUS Accounting Attributes Acct Authentic Acct Session Time Optional RADIUS User Attributes Definition An indication of the means of authentication for this user RADIUS Local the DECserver User Data Base Remote the DECserver Kerberos or SecurID client The number of seconds for which the service was delivered to the user The RADIUS attributes that the access server supports are as follows Session Timeout Idle Timeout Framed Protocol Framed IP Address Callback Number Login IP Host Login Service Telnet LAT Note Login Port Login LAT Service Login LAT Node Login LAT Groups NAS IP Address NAS Port Vendor Specific Other RADIUS attributes part
247. end a message to all interactive users Example BROADCAST ALL The following example shows a sample of a message broadcasted to all users Local BROADCAST ALL Server shut down at 12 15 back up at 1 00 At a port with a session management terminal broadcast messages are delivered to the current terminal session The factory set default allows port users to send broadcast messages Use the following command if you do not wish users to send broadcast messages Local CHANGE SERVER BROADCAST DISABLED Note Messages warning that the access server is going to initialize are unaffected by the access server wide BROADCAST characteristic Ask users to inform you if they receive excessive or annoying broadcasts from other ports If you receive complaints about such broadcasts you can ask the sender of those broadcasts to stop broadcasting unnecessary messages or you can enable security on the sender s port This disables the BROADCAST command for the port Specifying LOSS NOTIFICATION The LOSS NOTIFICATION characteristic signals a port user when characters entered by the user are lost because of parity errors framing errors data overruns or other reasons The signal is a BEL character an audible beeping sound which the access server transmits to the port for each character that is lost The factory set default is enabled Example Disabling LOSS NOTIFICATION The following example shows how to disable LOSS NOTIFICATION on po
248. er Characteristic Setting Xmit Char Size 8 Rcv Char Size 8 IP AYT AO EOR NOP BRK EC EL None Newline From Terminal lt LF gt Newline To Terminal None Newline From Host None Newline To Host lt CRLF gt 13 8 Configuring and Managing Telnet Servers Configuring a Remote Print Queue Procedure Step The following procedure describes how to configure an ULTRIX Version 4 0 or subsequent maintenance release host s print system The host will use the access server internet address and Telnet listener TCP port number to connect to the access server printer port Itis assumed that you are familiar with configuring an ULTRIX print system For more detailed description of the ULTRIX print system refer to the ULTRIX Guide to System Environment Setup Action Use the Iprsetup program to initially configure a remote access printer entry in the printcap file Example The following example creates printer dsO with spooling directory usr spool Ipd1 Some of the questions are ignored by pressing the Return key lprsetup ULTRIX Printer Setup Program Command add modify delete exit view quit help add Enter printer name to add dsO Enter the FULL name of one of the following printer types or press RETURN for unknown remote Enter printer synonym Set spooler directory sd usr spool lpdl Set remote system name rm 2 Set remote system printer name rp Enter the nam
249. er Manager TSM Introduction TSM is a utility that runs on OpenVMS load hosts TSM enables you to configure and manage the access servers on the same extended LAN TSM is not included in the access server software and must be purchased separately Reference For more information about TSM refer to the Terminal Server Manager Installation and Use manual For TSM Users If you use TSM do not use DSV CONFIGURE or NCP to update the DECnet database By not using DSV CONFIGURE and NCP with TSM you can avoid accidentally overwriting access server information from TSM Managing Load Hosts 4 13 Overview Introduction Chapter 5 Initializing the Access Server This chapter describes how to initialize the access server Initializing the access server reloads the software image Initializing the access server does not affect the configuration settings stored in NVRAM To reset the access server to the factory set defaults you need to reboot the access server and press the appropriate switch on the hardware unit For details about this procedure refer to the hardware documentation provided with the access server In This Chapter This chapter contains the following topics Preparing LAT Services for Initialization Preparing Telnet Listeners for Initialization Initializing the Access Server Using NCP to Initialize the Access Server Booting from the Network Booting Using Console Commands Initializing the Access Server 5 1
250. er because of subnet access restrictions on the access server itself In this case the access server flags the unreachable name server and stops using it for name resolution The access server cannot reach a name server if it is not in the same subnet or there is no gateway to it 7 14 TCP IP Network Characteristics Configuring Domain Name System DNS Characteristics If the access server cannot reach a learned name server because of gateway restrictions outside the server it does not flag the unreachable name server This can often cause name resolution to time out and fail In this configuration use either the STUB or SLAVE name resolution mode Assigning DNS Server Addresses Automatically The DNS autoconfigure feature on the access server allows dial up clients to receive DNS configuration information automatically from the access server when establishing a remote PPP connection The access server assigns a primary and secondary DNS server to the remote PPP client The access server uses an algorithm to obtain the addresses of the DNS servers from its database The access server assigns only local name servers to PPP clients It makes two passes through a list of local nameservers The following table describes how the access server determines which name servers to assign to the PPP client Pass Description 1 a The access server goes through a list of learned name servers and searches for name servers that are on its network by
251. er disconnects the sessions on a port when any of the following events occur on the port DCD is lost for more than 2 seconds DSR is lost ora LOGOUT command is received Disconnecting involves the following series of events 1 The access server disables data exchanges on the port and waits 300 milliseconds for the stop bit of the last transmitted character to be given to the port device The access server logs out the port thereby disconnecting all sessions The access server drops DTR RTS and DSRS for 5 seconds After 5 seconds the access server resumes the port device interaction as described in step 1 of the Establishing a Connection sequence in this section Configuring Modem Signals 10 19 Configuring DTR and DSR Signals Configuring DTR and DSR Signals Introduction This section describes how to configure DTR and DSR signals for those access servers that do not support the other modem signals DSR flow control must be disabled when you are using the various port characteristics to control the DSR and DTR signals DSR flow control can override the port characteristics Port Characteristic Effects on the DTR and DSR Signals The following table shows the enabled port characteristic effect on DTR and DSR signals Enabled Characteristic DTR and DSR Actions SIGNAL CONTROL SIGNAL CHECK and DTRWAIT disabled DTR is deasserted for 5 seconds as a consequence of a logout otherwise it is always asserted
252. er field is PPP AUTOLINK The peer field is AUTOLINK SNMP IP SNMP community fail event The IP address of the SNMP management station The reason for the disconnect either Normal or Error Normal represents the session being brought down by user action you log out of the session or do a DISCONNECT SESSION at the local prompt Error refers to cases where the session is refused by the protocol for some reason insufficient resources not authorized for group code in case of LAT or couldn t resolve name in case of Telnet Accounting 23 7 What Events Are Logged 23 8 Accounting Field Tx User Description Session Disconnect Event The number of bytes of successfully transmitted user data on this session at the time of session termination This field will always be zero for MOP remote console connections Logout Event The number of bytes output to the port during the life of the associated login Session Disconnect Event The number of bytes of successfully received user data on this session at the time of session termination This field will always be zero for MOP remote console connections Logout Event The number of bytes input to the port during the life of the associated login Subtracting the sum of all the session disconnect Tx Rx fields during the life of a login from the Tx Rx values in the logout event will yield the Tx Rx count of bytes sent and received while the user was in local mode
253. eristics 0 ee cent eens 19 5 Introduction usce ces A Soe dee A Re ie ES ed 19 5 Displaying LCP Characteristics III 19 5 Displaying IPCP Characteristics lese 19 7 ATCP Characteristics et cid A ett bbe eR EP ADS 19 10 Displaying PPP Status o 2s 00 3 5 A RARAS 19 12 IntroductiOb oss Loo eate encode teri Soha cep eser SN accessere erc 19 12 xix Displaying LEP Status ccc westbene pct A Ro ER ERR P eSI 19 12 Displaying IPCP Status ocio Aa 19 14 Displaying ATCP Status o s eseese recer re e 19 16 Displaying PPP Counters 0 E e E E E S 19 18 Introduction e AA v etaed eg ted 19 18 Displaying LCP Counters cocer Rem RR e hed aed bn a ees 19 18 Displaying IPCP Counters 2 0 0 ct ene 19 20 Displaying ATCP Counters 2 2 lesen 19 22 20 Managing IPX OVERVIEW ec dee lo td e ed c pa ides 20 1 Introduction esce eR E ex eto e eee EAR o E Sc ee Se ds 20 1 In This Chapter sce erste te eter eam d Anth 20 1 IPX Descriptor IHRER ERR ERE LUNES RES 20 2 Introd ction icto menge tU E eL er abe ae hee eed 20 2 Access Server Configuration selle n 20 2 Getting Started eco cene cete ed eee por etin 20 4 Checklist RiceeRert WES entre EE be athe E S RERUM Dee phates 20 4 Hardware and Software Requirements 0 0 0 0 cece ee 20 5 Introduction ud a RR ARE ee ee ed UE Sa Se oe Ds 20 5 Software Requirements o 20 5 Hardware Requirements ree eE E E EE E 20 5 setting Up Your PO
254. ermines the protocol of the user session The protocol can be SLIP PPP or character cell terminal You can set the timer for the second pass to be between 0 and 60 seconds If the timer expires AUTOLINK assumes a character cell terminal Example Setting AUTOLINK Timers The following example shows how to set AUTOLINK timers Local DEFINE PORT AUTOLINK TIMER PASS ONE 30 Local DEFINE PORT AUTOLINK TIMER PASS TWO 50 22 34 Managing Access Server Security Managing Dial Up Access Security with AUTOLINK and AUTOLINK Authentication Timeouts The following are the properties of AUTOLINK timeouts A user has one minute to complete an interactive login successfully The clock starts from the time the USERNAME prompt is displayed This includes the time for the user name password request to be processed by the authentication server After one minute elapses the port is logged out and the modem is disconnected When a terminal emulation window first appears it is blank Entering a carriage return produces a USERNAME prompt If you do not enter a carriage return the prompt is displayed after a user set timeout AUTOLINK PASS ONE At this point the one minute time limit is initiated If a user authenticates successfully in a terminal window or a script a single carriage return or a lapse of a user set timeout AUTOLINK PASS TWO produces a local prompt The user or the script can enter C PPP or C SLIP to begin frame
255. erver domain name The following example shows how to enter a local Internet name server Local CHANGE INTERNET NAMESERV NAMED ACME COM ADDRESS 99 99 99 99 LOCAL You can use a relative domain name if you are defining a local name server for the default domain only Configuring a Name Server for a Different Domain To enter a locally defined name server for a domain other than the access server default domain follow these steps Step Action 1 Use the SET INTERNET NAME RESOLUTION DOMAIN command to change the access server default domain name temporarily Note Temporarily changing the default name affects the ability of other users in resolving relative domain names 2 Use the SET DEFINE CHANGE INTERNET NAMESERVER domain name ADDRESS n n n n LOCAL command to add the name server 3 Change the access server default domain name back to the original domain name Name Resolution and Gateways The access server uses the learned name servers to perform name resolution when using REMOTE or ORDERED name resolution modes The list of learned name servers for a given domain are in general a superset of those explicitly entered with the CHANGE INTERNET NAMESERVER command The access server primes the cache for the server s default domain by sending queries to the configured name servers The queries request the names of all authoritative name servers for the default domain The access server may not be able to reach a learned name serv
256. es Number of datagram frames successfully transmitted by the access server including multicast frames Number of bytes received by the access server in multicast frames excluding Ethernet header and CRC data Number of bytes transmitted by the access server in multicast frames excluding Ethernet header and CRC data Number of multicast frames received by the access server Number of multicast frames sent by the access server Number of times the access server deferred a frame transmission because the data link was in use This value should be less than 20 of the value for Frames Sent Number of times the access server successfully transmitted a frame on the second attempt after a collision during the first attempt This value should be less than 5 of the value for Frames Sent Number of times the access server successfully sent a frame after collisions during the first two or more attempts This value should be less than 5 of the value for Frames Sent Number of times the Ethernet interface aborted a transmission request If this count is nonzero refer to the Send Failure Reasons field for more information This counter should be 0 or a low value such as 1 or 2 daily Displaying Information About the Access Server Field Description Send Failure Reasons Mask providing information about the type or types of send failure encountered if the Send Failures counter is not zero This is a cumulative mask The followi
257. es 11 1 Interface AppleTalk ARP display 8 15 AppleTalk routes display 8 13 Internet 2 7 11 43 address 2 11 22 7 setting 7 3 SLIP hosts 15 5 AND operation 15 5 configuring gateway addresses 7 16 connections 7 23 databases limited view 2 2 displaying counters 7 21 domain name resolution 7 7 hosts 7 13 name servers configuring 7 13 Interrupt Process IP 11 23 13 12 INTERRUPTS characteristic 13 6 INTERVAL command 22 14 IP address 2 12 15 3 IP characteristics autoconfiguration 7 27 IP Error in Header 7 23 IP fragmentation 15 7 IP Fragments Dropped 7 23 Index 6 IP Fragments Received 7 22 IP Packets Received 7 22 IP Packets Transmitted 7 22 IPCP 19 5 19 7 IPX 1 3 20 1 20 5 counters 20 25 setting 20 29 routes 20 28 IPXCP 20 2 K KDC 22 6 22 8 22 11 Keepalive timer 7 1 7 19 characteristic 6 8 SHOW SERVER display 2 6 Kerberos 22 1 to 22 3 22 6 22 8 22 10 23 8 authentication 22 10 configuring 22 6 counters port authentication 22 12 defining passwords 22 11 displaying characteristics 22 9 counters 22 11 realms 22 6 Key distribution center KDC 22 6 Keyboard maps 18 3 18 11 18 13 to 18 14 Keywords DSV CONFIGURE SERVER 4 4 server 4 4 secret 22 23 KPASSWD command 22 11 L Last Error AppleTalk status display 8 11 LAT 22 16 23 7 characteristics 6 1 to 6 2 displaying services 17 8 displaying charcateristics 6 4 network communications 1 3 17 2 networks 4 1 11 16 12 13 15 11 protocol 17 2 cou
258. ess Server Menus The following figure shows a typical access server menu 1 Use DEC Host 2 Use IBM Host 3 Logout Use Up Arrow Down Arrow or item number to make your choice Press Return to execute your choice LKG 7422 961 User Interface 3 7 Defining Menus Defining Menus Introduction This section describes how to define menus and provides examples Reference For complete information about the commands mentioned in this section refer to the Network Access Server Command Reference Main Menu Whenever the server has its factory set default settings it stores the main menu in NVRAM You can display and modify the default menu using the same commands that you use for any other menu You may find it convenient to use the main menu as a starting point and an example for creating new menus For example to create a new menu entitled SERVICES based on the main menu enter the following command Local CHANGE MENU SERVICES FROM MAIN In effect the command above copies the main menu and gives the copy the name SERVICES To modify the menu SERVICES use the CHANGE MENU command as shown in the Example Sample Definition of a Menu Selection in this chapter 3 8 User Interface Defining Menus Main Menu Display The following figure shows how the Main Menu displays on the screen Digital Equipment Corporation Access Server Main Memu open Lat Session Open Telnet Session Show Session Next sessi
259. ess characteristic is set to REMOTE the access server appears as a DCE device to the port device such as a computer system interface e Ifthe port access characteristic is set to remote the access server operates as a DTE device to a dial out modem connected as a port device 10 2 Configuring Modem Signals Determining the Supported Modem Signals Determining the Supported Modem Signals Access Servers and MODEM CONTROL Not all access servers support all modem signals There are three types of access servers e Full MODEM CONTROL e MODEM CONTROL Access servers that support MODEM CONTROL can use only one of two sets of modem signals e DTR DSR support Access Server Types and Supported Modem Signals The following table lists the types of access servers and the modem signals that each type supports To determine the type of access server that you have refer to the software product description SPD for your access server Network Access Server Type Modem Signals Supported Full MODEM CONTROL Example DECserver 700 08 access server MODEM CONTROL Example DECserver 700 16 access server Request To Send RTS Clear To Send CTS Data Set Ready DSR Data Terminal Ready DTR Data Carrier Detect DCD Speed Mode Indicator SMI RING Indicator RI Data Signal Rate Selector DSRS Supports one of two sets of signals software selectable Set 1 Request To Send RTS Clear To Send CTS
260. ession Specifying ECHO Characteristics The user can specify whether characters entered at the port device are echoed at the access server LOCAL or at the remote Internet host REMOTE The factory set default is REMOTE The Example Specifying ECHO Characteristics shows how to set ECHO CONTROL to LOCAL on port 5 Example Specifying ECHO Characteristics Local CHANGE PORT 5 TELNET CLIENT ECHO LOCAL You can suppress local echoing by either selecting ECHO LOCAL and then selecting the BINARY profile or by selecting ECHO LOCAL and then using the toggle ECHO character See Specifying ECHO Characteristics in this chapter Specifying the BINARY Characteristic The BINARY characteristic allows the user to enable BINARY communication in either one or both directions to or from the Internet host The TRANSMIT characteristic enables BINARY communication in the access server to the Internet host direction The RECEIVE characteristic enables BINARY communication in the Internet host to the access server direction The DUPLEX characteristic enables BINARY communication in both directions The following example shows how to enable BINARY communication in the transmit direction on port 5 Example Enabling BINARY Characteristics Local CHANGE PORT 5 TELNET CLIENT BINARY TRANSMIT Enabling the BINARY characteristic does some but not all of what a user might require to send and receive BINARY files over the Telnet connection For BINARY transfers
261. ew Introduction This chapter explains how to configure and manage access server ports for use with PCs and computers acting as serial line Internet protocol SLIP hosts A SLIP host is an Internet host that uses SLIP as its data link over low speed serial lines To use the procedures in this chapter you must Ensure that the devices support SLIP Connect and test the devices Enable privileged status Configure the port and device characteristics to match This chapter provides information about configuring only the access server for SLIP communications For information about configuring SLIP hosts refer to the documentation provided with the host system In This Chapter This chapter contains the following topics Packet Forwarding to and from SLIP Hosts Displaying SLIP Characteristics Managing Internet Addresses for SLIP Hosts Managing the Maximum Transmission Unit Configuring a Port So That a PC Can Function as a Terminal or SLIP Host Configuring a Dedicated SLIP Port Configuring a Dial In Modem for Use with a SLIP Host Configuring and Managing SLIP Ports 15 1 e Establishing Terminal Sessions with a PC e Establishing a SLIP Session e Establishing a SLIP Session e Compressed SLIP e Displaying SLIP Counters e Disabling SLIP 15 2 Configuring and Managing SLIP Ports Packet Forwarding to and from SLIP Hosts Packet Forwarding to and from SLIP Hosts Description During SLIP sessions the access server for
262. f KPDOT F20 is already assigned to a 3270 function Configuring and Managing 3270 Terminal Emulation TN3270 18 11 Displaying and Customizing Keyboard Maps Selecting a Server Wide Terminal Type and Keyboard Map for a Port A port user who wants to establish a TN3270 session using a server wide keyboard map can do the following Step 1 Note Action Check to see what terminal types and associated keyboard maps are available with the following command Local SHOW TN3270 TERMINAL Server LAT 08002B26D0DE Terminal Keymap VT100 VT100 VT220 VT220 VT320 VT220 VT420 VT220 ANSI VT1000 PC 100 DCA NEW KEYS PC 220 DCA NEW KEYS2 Choose a keyboard map for one of the terminal types for example NEW KEYS and check its associated keymapping Local SHOW TN3270 KEYMAP NEW KEYS If the keymapping is what the users require for TN3270 applications they set up the port to use the access server wide terminal type Local SET PORT TN3270 TERMINAL PC 100 DCA The user can now confirm what terminal type and key assignments TN3270 sessions will use at the port Local SHOW PORT TN3270 CHARACTERISTICS Local SHOW PORT TN3270 KEYMAP The port user has set up the port to use an access server wide customized set of keymapping assignments without any added memory or complexity Port users cannot customize access server wide keyboard maps The port users can customize only the default keyboard maps
263. f many devices assigned to a Telnet listener perform the following steps Step Action 1 Use the SET TELNET LISTEN CONNECTIONS DISABLED command to stop any future connections The SET TELNET LISTEN CONNECTIONS DISABLED command is refused if a session exists Example The following example shows how to disable future connections to internet port 2005 Local SET TELNET LISTEN 2005 CONNECTIONS DISABLED 2 If a session exists use the LOGOUT command to log out the port 3 Disable the port as follows substitute your listener TCP port for 2005 and the listener physical port for 5 Local CHANGE TELNET LISTENER 2005 PORT 5 DISABLED 4 Enable the Telnet listener The following shows how to enable connections to internet port 2005 Local SET TELNET LISTEN 2005 CONNECTIONS ENABLED 13 16 Configuring and Managing Telnet Servers Reassigning a Port Managing Your Access Server As a Telnet Listener Node This process allows you to manage a failed access server port that is configured as a Telnet listener Use the following steps to reassign a port Step 1 Action Use the LIST PORT n CHARACTERISTICS command to learn the values used in the existing configuration Disconnect the device from the port Select a new port and reattach the device at the new port Set the new port s values to those of the existing port If the values are unavailable you need to configure the device as described in Chapter 4 Enable the Telnet listener on
264. fields in the IPX Counters display Field Description Seconds Since Zeroed Time in seconds since the counters were last zeroed IPX Total Packets Transmitted Total number of data packets transmitted Managing IPX 20 25 Displaying IPX Counters Field IPX Total Packets Received IPX Local Transmits IPX Local Receives IPX Unknown Sockets IPX Receive Discards IPX Transmit Discards IPX Hop Count Errors FORWARD CACHE Packets Received FORWARD CACHE Receive Discards FORWARD CACHE Overruns FORWARD CACHE Packets Transmitted FORWARD CACHE Transmit Discards FORWARD CACHE Timeouts RIP SAP Requests Transmitted 20 26 Managing IPX Description Total number of data packets received Number of data packets transmitted originating from the access server Number of data packets received that were destined for the access server Number of data packets with unknown socket addresses Number of data packets that were received and discarded Number of data packets discarded that were ready for transmission The number of input datagrams dropped because the access server was not their final destination and their hop count would exceed 15 if forwarded If there is no existing route to a destination network the packet is cached and a routing information request is sent out for the network This field shows how many such data packets have been received The field shows how many discarded d
265. figuring and Managing Telnet Servers Configuring a Personal Computer As a Terminal and for Access through a Telnet Listener Configuring a Personal Computer As a Terminal and for Access through a Telnet Listener Sample Configuration To configure a PC for access through a Telnet listener only use the following example and e Substitute MODEM CONTROL for SIGNAL CONTROL if your access server supports modem control e Use LONGBREAK LOGOUT instead of DSRLOGOUT if your access server device or device cable does not support the DSR signal Local gt DEFINE PORT 2 ACCESS DYNAMIC AUTOBAUD DISABLED BREAK DISABLED Local gt DEFINE PORT 2 DEDICATED NONE SIGNAL CONTROL DISABLED Local gt DEFINE PORT 2 DEFAULT PROTOCOL TELNET Local gt DEFINE PORT 2 DSRLOGOUT ENABLED INACTIVITY LOGOUT ENABLED Local gt DEFINE PORT 2 INTERRUPTS DISABLED LOCAL SWITCH L PASSWORD DISABLED Local gt DEFINE PORT 2 PREFERRED NONE SIGNAL CHECK ENABLED Local gt LOGOUT PORT 2 Local gt CHANGE TELNET LISTENER 2010 PORTS 2 ENABLED Local gt CHANGE TELNET LISTENER 2010 IDENTIFICATION Personal Computer Local gt CHANGE TELNET LISTENER 2010 CONNECTIONS ENABLED Switching Modes With the port set to ACCESS DYNAMIC the PC can switch back and forth from terminal emulation mode which allows the PC to access Access Server services on the LAT network and file transfer mode which allows the PC to transfer files with another computer as a transfer partner Refer to Set
266. fine Determines how TN3270 treats the transmission of null characters to the host Allows you to enable and disable input and output flow control for the port Controls whether the port detects port local forward or backward switch characters for a session Specifies whether the access server displays messages when you connect disconnect or switch sessions 18 20 Configuring and Managing 3270 Terminal Emulation TN3270 Default NONE Nonprivileged VT100 Nonprivileged 0 Privileged 3179 Nonprivileged Enabled Secure Enabled Secure Enabled Secure Commands to Manage TN3270 Terminal Emulation SHOW Commands The following table provides information on the SHOW Commands for port characteristics SHOW PORT TN3270 KEYMAP PORT TN3270 CHARACTERISTICS TN3270 ATOE TN3270 ETOA TN3270 TERMINAL TN3270 KEYMAP PORT SESSION TN3270 KEYMAP PORT SESSION CHARACTERISTICS PORT SESSION STATUS Displays The TN3270 keyboard map for a specified port The TN3270 port characteristics for a specified port The ASCII to EBCDIC translation table The EBCDIC to ASCII translation table The terminal types available on the access server and their associated keyboard maps The keymap assignments associated with a specified keymap All keyboard maps for all sessions on the specified port The TN3270 characteristics for all sessions on the specified port The status for all sessi
267. fines whether a particular port can receive broadcast messages e Access server broadcast Defines whether all port users can send broadcast messages Disabling the port BROADCAST characteristic stops the port from receiving broadcast messages from other access server ports along with access server messages such as shutdown For this reason you might want to recommend to users that they leave BROADCAST enabled on their ports Note The port user can still send messages with the access server BROADCAST enabled and the port BROADCAST disabled Example Disabling BROADCAST Messages The following example shows how to disable port 5 from receiving broadcast messages Local CHANGE PORT 5 BROADCAST DISABLED If any user tries to broadcast to a broadcast disabled port the access server enters the following message which identifies the port or ports by port number Local 111 Port s with broadcast disabled not notified Broadcast disabled at port n When BROADCAST is enabled for both the access server and a port port users can send and receive broadcast messages by using the BROADCAST PORT command When the access server BROADCAST is disabled port users cannot send broadcast messages Note that an individual port must have the port BROADCAST characteristic enabled to receive messages Configuring and Managing Interactive Devices 11 37 Managing Users A user with privileges set can use the privileged BROADCAST ALL command to s
268. following example shows how to display a list of menus Local SHOW MENU MAIN HOSTS SERVICES Entering Menu Mode To use any menu enabled on the current port use the nonprivileged ENTER MENU command If you are a privileged user the ENTER MENU command enables you to use any menu available on the access server Example Entering Menu Mode The following example shows how to enter the hosts menu Local ENTER MENU HOSTS User Interface 3 5 Using Menus Assigning a Default Menu to a Port To assign a default menu to a port use the DEFINE PORT n DEFAULT MENU command If a port has a default menu it displays whenever you e Login to the port e Press the Local Break key or enter the Local Switch character while in a host session e Log out of a host session Example Assigning a Default Menu The following example show how to assign the default menu HOSTS to port 2 Local gt DEFINE PORT 2 DEFAULT MENU HOSTS Menu Windows Menus are divided into two windows e The menu choices window appears in lines 1 through 20 e The directions and user input window appears in lines 22 through 24 The current selection appears in reverse video To make a selection use the up and down arrow keys to highlight a selection and press the Return key You can also make a selection by entering the item number to the left of the selection and pressing the Return key 3 6 User Interface Using Menus Figure Windows on Acc
269. for a port The change appears in the Dialer Script field of the display Example Show New Port Configuration The following example shows the display after using the CHANGE PORT n DIALER SCRIPT command to change the dialer script from Generic 14400 to dickens Local CHANGE PORT 2 DIALER SCRIPT dickens Local SHOW PORT 2 Port 2 Server userl10 DS700 16 Character Size 8 Input Speed 57600 Flow Control XON Output Speed 57600 Parity None Signal Control Enabled Stop Bits Dynamic Signal Select CTS DSR RTS DTR Access Dynamic Local Switch None Backwards Switch None Name PORT 2 Break Local Session Limit 4 Forwards Switch None Type Ansi Default Protocol DIAL Default Menu one Dialer Script dickens Preferred Service CALL_HOM et Authorized Groups Current Groups Enabled Characteristics Autoconnect Autoprompt Broadcast DSRlogout Failover Inac tivity Logout Input Flow Control Lock Loss Notification Mes sage Codes Output Flow Control PPP SLIP Verification Local 21 8 Managing Dial Services Defining the Dialer Service Defining the Dialer Service Steps After you define the dialer script and assign the dialer script to a port define the dialer service dial service is used to establish a dial back session Do the following Step Action 1 Display information characteristics status and counters about currently configured dialer services and system status 2
270. g 11 39 Volatile Random Access Memory VRAM 2 3 VRAM 1 5 2 3 W Wildcards using in command line 4 6 Will Binary 11 49 Will Echo 11 49 Will End of Record 11 50 Will Remote FLOW CONTROL 11 50 Will SGA 11 49 Will Status 11 49 Will Terminal Type 11 50 Windows Internet Naming Service WINS autoconfigure feature 7 31 ca cad Index 14 X XON XOFF 9 10 20 7 FLOW CONTROL 9 10 characters 11 25 enabling 9 11 Z ZERO INTERNET NAME RESOLUTION COUNTERS command 7 9 ZIP 8 8 Zone AppleTalk status display 8 11
271. g Modem Signals Specifying ALTERNATE SPEED Specifying ALTERNATE SPEED Description The ALTERNATE SPEED characteristic is only used with full MODEM CONTROL access servers Two speeds for a modem port can be defined in the access server database primary and alternate or fallback The primary speed is defined with the speed characteristic the ALTERNATE SPEED is defined with the ALTERNATE SPEED characteristic You normally set up the primary speed as the high speed and the ALTERNATE SPEED as the low speed For ALTERNATE SPEED to work you must specify a single input output speed for the speed characteristic If an ALTERNATE SPEED is specified the access server asserts the DSRS signal along with DTR and RTS when receiving a connection DSRS indicates that the higher primary speed should be used The access server monitors the SMI signal to determine whether to use the higher or lower speed When SMI is asserted the access server selects the higher speed when SMTis deasserted the communications selects the lower speed The modem connected to the access server must support the SMI signal in order for ALTERNATE SPEED to work otherwise erroneous data transmission can occur To determine whether the modem supports the SMI signal refer to your modem s documentation The ALTERNATE SPEED feature can be used with dial out sends calls modems For dial in receives calls modems you should enable autobaud and disable ALTERNATE SPEED This a
272. g PPP Characteristics Examples In the following paragraphs the default protocol for the access server s port is assumed to be set to PPP Configuring Dynamic Access If the modem on that port will be used for both the incoming and the outgoing calls the port must allow dynamic access as shown in the following example Local CHANGE PORT n DEFAULT PROTOCOL PPP Local CHANGE PORT n ACCESS DYNAMIC Configuring Call Back To request a call back using a PPP client the access server s port must first allow the call back negotiation to be started This is done using the command Local CHANGE PORT n LCP CALLBACK ENABLED If the PPP client and the access server successfully negotiate the use of call back the access server will attempt to queue a dial request The port must be set dedicated to the dialer service to be used in placing the return phone call Local CHANGE PORT n DEDICATED SERVICE dialer service name Guidelines 1 If you do not specify a service name the port s preferred service is used If the preferred service contains as the number specified in the dialer service the access server prompts the user to enter a telephone number 2 Fora PPP connection the port is usually set to have a dedicated service name of PPP However as long as the port s default protocol is set to PPP you can specify any dedicated service name 21 16 Managing Dial Services Framed Dial Requests If you enable PPP call back negotiation
273. g Subnets Available Through a Specific Gateway To indicate that the access server can reach a given subnet through a specific gateway use the DEFINE SET CHANGE INTERNET GATEWAY command with the NETWORK and MASK keywords Subnet Definition Through a Specific Gateway Example The following example shows how to define a subnet through a specific gateway Local CHANGE INTERNET GATE 195 1 1 72 NETWORK 197 5 7 0 MASK 255 255 255 0 You can define multiple subnets that can be reached through the same gateway address You must enter a separate command to associate each subnet with a gateway Defining Hosts Available Through a Specific Gateway To indicate that the access server can reach a given host through a specific gateway use the DEFINE SET CHANGE INTERNET GATEWAY COMMAND and the HOST parameter Host Defintion Through a Specific Gateway Example The following example shows the command to define the host through a specific gateway Local CHANGE INTERNET GATEWAY 195 1 1 72 HOST 52 53 21 10 You can define multiple hosts that can be reached through the same gateway with the same address You must enter a separate command to define each host with a gateway TCP IP Network Characteristics 7 17 Configuring a List of Internet ARP Entries Configuring a List of Internet ARP Entries Introduction The list of address resolution protocol ARP entries maps Internet addresses to Ethernet hardware addresses for devices on the same network as
274. g a SLIP Session from the PC eee 15 12 After Making a Connection sesser res Ra DERI he A Ur RE RI Et darn 15 12 Compressed MPa repre eta EROR RE SU E DS ERES 15 13 Introd ction tec e tp EE p e e ee doit pee er Silent 15 13 Enabling GSLIP enira a UEM M dI 15 13 Disabling CSEIP ocu enkRRAEEESROW Sate aia 15 13 Automatic CSEIP cos hee uL RE tube sU EEed ex bere 15 13 Compression States cioe e eg UE ER RR RE Re e SO 15 13 Displaying SLIP Counters 5i e CREE ee ee ATR Seah Chaka ep Ce at esae 15 14 Commands o eed teri EGRE ORAE ORE EN RR d RES ees 15 14 SHOW PORT SLIP COUNTERS Display sss 15 14 SLIP COUNTERS Display Fields 0 0 0 0 0 eee eee 15 14 Disabling SLIP ici eut teer tes Oe ORE entero d Ee RE Meee ene 15 15 Command iile ID RE EOS bea Ie ee e eo as 15 15 Disable SLIP Example cuicos eR de Rp s e eic des 15 15 16 Configuring for SNMP Access OVELVIEW zu bee e REP IER EM pe P CLER HE ad ea EE EHE EVER 16 1 Introduction i ie t e a e tee t estes 16 1 In This Chapter ci eR oe bdo won cs aioe ee RR UR e en e en 16 1 Supported SNMP Fe t res ici dea E EUR REL UR ECL aaa 16 2 Supported Specifications oo ooooooooooror Ih 16 2 SNMP Community Names o o o oocoooo eh 16 2 Supported SNMP Operations 0 0 eee ee eh 16 2 Supported MIBs si eue Ape REPE EUR WE Cab reta 16 3 Supported MIB Variables 0 0 0 0 Ih 16 3 Configuring the Access Server for SNMP Access eee 16 5 Enabling and
275. gement Telnet Internet The Internet standard protocol for remote terminal connection service Telnet client See client server Telnet listener A service that allows resources to be accessible to a TCP IP network The service is provided over Telnet hence the service is commonly referred to as a Telnet listener Typically printers connect to access server ports associated with a listener However personal computers and host computers can also connect to such ports and through them access the TCP IP network Telnet server See client server Terminal Device Session Management Protocol See TD SMP Terminal Server Manager See TSM terminal session A single session on a access server port that is operating under session management control Time To Live See TTL TFTP Trivial File Transfer Protocol For access servers this Internet protocol is used to downline load software from a load host to the access server transceiver Hardware equipment that provides an electrical connection to a network cable for a network node Transport Control Protocol Internet Protocol See TCP IP TRAP message An SNMP message sent by the agent in this case the access server to one or more designated Internet hosts TSM Terminal Server Manager Software that runs on a OpenVMS host system TSM allows a manager to monitor and control multiple access servers from one location The access servers must be connected to the sam
276. gp eee d 15 4 Displaying SLIP Characteristics Example 0 0 cece eee eee 15 4 Managing Internet Addresses for SLIP Hosts 0 0 00 cece eee eee eee 15 5 Introduction 5 sete EE REYIOHRER RE Yu t RE RR oe Degen Te eR S 15 5 How an Access Server Port Obtains the SLIP Host Internet Address 15 5 Managing the Maximum Transmission Unit 0 0 00 cee ee 15 7 Introduction eR mee C a athe cbe eL eet is Rae 15 7 Changing th MTU secos ese nee ETHER bab Dee seg MOERS E NIE ed 15 7 Relationship of the TCP Maximum Segment Size and the MTU 15 7 Fr gmentation ce cere Shwe e ae ee ee eo we Behe REG 15 7 Configuring a Port So That a PC Can Function as a Terminal or SLIP Host 15 8 Introduction o ete a Sa Bese epee UR Ale een geet ES RI 15 8 Configuring a Dedicated SLIP Port 0 0 ee ee 15 9 Introduction cere see eye Slee a edits BAR eae BE be ee hee chee oS 15 9 Configuring a Device As a Dedicated SLIP Host 00 0002 e eee eee 15 9 Configuring a Dial In Modem for Use with a SLIP Host eese 15 10 Introduction ie eap i RE REIR E eb vera edt aesti 15 10 Configuring a Dial In Modem on Port 6 for Use with a SLIP Host 15 10 Establishing Terminal Sessions witha PC 00 ee eee ees 15 11 Prerequisites 2 isle eres he teats Stee od pee a Bone ER DERE YS 15 11 Establishing a SLIP Session 0 0 eee eee eee ena 15 12 Enablin
277. gure naks received from the peer The number of ATCP configure naks sent to the peer from the access server This counter should always be zero in this release The number of ATCP configure rejects received from the peer The number of ATCP configure rejects sent to the peer from the access server The number of ATCP terminate requests received from the peer The number of ATCP terminate requests sent to the peer from the access server The number of ATCP terminate acks received from the peer The number of ATCP terminate acks sent to the peer from the access server 19 24 Configuring and Managing Point to Point Protocol PPP Ports Overview Introduction Chapter 20 Managing IPX This chapter describes how to configure and manage IPX on an access server In This Chapter This chapter contains the following topics IPX Description Getting Started Hardware and Software Requirements Setting Up Your PC Setting Up the Network Access Server Summary of DECserver IPX Management Commands Modem Considerations Novell Client Server Operation Operational Checkout and Diagnosis Disabling IPX Frame Types Displaying IPX Characteristics Displaying IPX Status Displaying IPX Counters Displaying IPX Routes Resetting Counters Managing IPX 20 1 IPX Description IPX Description Introduction The purpose of IPX is to allow Novell NetWare clients to dial in to or directly attach to the network access server v
278. h was less than the length specified in the DDP header or because their length was less than that of a DDP header The number of DDP datagrams dropped because their data length exceeded the length specified in the DDP header or because their length was greater than the maximum DDP length The number of DDP datagrams the access server received that were addressed to an upper layer protocol that the access server does not support The number of input DDP datagrams dropped because of a checksum error The number of input DDP datagrams dropped because access server was not final destination and type was short DDP Managing AppleTalk 8 7 Displaying AppleTalk Counters Field NBP RTMP ZIP 8 8 Managing AppleTalk Broadcast Errors Out Shorts Out Longs Out No Routes Hop Count Errors Lookups Received Lookup Replies In Errors Router Lost In Errors In GetNetInfo Responses Out GetNetInfo Requests In Errors Description The number of input DDP datagrams dropped because the access server was not their final destination and they were addressed to the link level broadcast The number of short DDP datagrams transmitted The number of long DDP datagrams transmitted The number of DDP datagrams dropped because a route could not be found The number of input DDP datagrams dropped because the access server was not their final destination and their hop count would exceed 15 if forwarded
279. hapter 21 Managing network access server security Chapter 22 DNAS Management 1 3 User Tasks User Tasks Introduction The access server enables end users to perform tasks such as connecting to network resources and managing sessions For a description of these tasks refer to the Specifying the Telnet Client Session Profile section in Chapter 11 Accessing Online Help The tutorial for online help also describes user tasks To start the tutorial enter the following command on your access server Local HELP TUTORIAL 1 4 DNAS Management Storage of Configuration Settings and Changes in Memory Storage of Configuration Settings and Changes in Memory Memory Types The access server stores configuration settings in two types of memory e Permanent data is stored in nonvolatile random access memory N VRAM e Operational data is stored in volatile random access memory VRAM Power Loss An initialization or power loss has no effect on NVRAM When an initialization or power loss occurs the access server overwrites the current settings in VRAM with those from NVRAM DNAS Management 1 5 Commands to Display and Change Configuration Settings Commands to Display and Change Configuration Settings Introduction This section lists the type of commands that operate on the configuration settings stored in VRAM and NVRAM The CHANGE and SET commandis listed in the following chapters have an immediate effect when you en
280. hared across multiple ports This allows you to assign a single name to a collection of similar printers Use the DEFINE SET CHANGE PRINTER command to associate a printer with a port and configure print characteristics Configuring LPD Printers 14 5 Configuring LPD The following table lists the print characteristics that you can configure Characteristic AUTOCR CONNECTIONS FLAGPAGE HEADER IDENTIFICATION TRAILER TYPE Setting Port Characteristics Description Automatically inserts a carriage return When you enable this option the access server inserts a carriage return after each line feed character if there is no existing carriage return The AUTOCR option applies only to ASCII text files Specifies whether a user can queue a print job to a printer You use this option to disable access to a printer temporarily for reasons such as routine maintenance or adding paper Specifies a message that prints on the flag page that prints before the file data Specifies whether a header page prints before the file data You can set this option so that no header page prints if the access server does not know the user name at the start of the print job for example if the access server receives the data file before it receives the control file Specifies a text string 40 characters or less that is associated with a printer Enables or disables printing of a trailer page after file data prints You can set this
281. hat offers the service The accessibility of the service node as one of the following n Connected Reachable Unknown Unreachable Service node is reachable and the access server has n active sessions on the node Node is accessible No sessions are active and the service node offering this service has not been heard from recently Active service session has timed out or attempt to connect has timed out The node can also signal that it is unreachable Configuring and Managing LAT Services 12 19 Managing Your Access Server As a LAT Node Offering a Service Heading Rating Identification Displaying Services Summary Description Relative capability for a service node to process new sessions The service rating is assigned by a service node for each service that it offers With the higher rating the capability of the service node to accept a new connection is greater The access server uses service ratings to decide where to establish a service session when two or more service nodes offer the same service The access server attempts to connect to the service on the node that advertises the highest rating for the service Service identification string for this service node This string may be different from the service node identification string The SHOW MONITOR SERVICES SUMMARY command displays one line of information on each selected service or services Use the keyword LOCAL to obtain informatio
282. he service node specified in the display sessions between two access server ports count as two sessions one on the local port and one on the remote port Unavailable All service nodes offering the service are unreachable Unknown Service identification string Managing Your Access Server As Part of the LAT Network Field Description Rating column Value assigned to the service by the service node indicating relative capacity to accept new connections or new queue connections This value is the current load balancing rating associated with the service The rating varies from 0 to 255 With the higher value the capacity of the service node to accept a new connection is greater Viewing LAT Node Counters Information The SHOW MONITOR NODE COUNTERS command displays the counters for messages transmitted between the access server and the selected LAT service nodes The counters apply only to the specified LAT service nodes Some of these counters are also maintained for all the service nodes that the access server recognizes When you enter a specific node name for the SHOW MONITOR NODE node name COUNTERS command the counter values for only that service node appear in the display To see the combined counters for all service nodes use the SHOW SERVER COUNTER command Counters can help you estimate access server traffic on the network for specific time periods For example for information about daily access server usage se
283. he Realm Realm names must be unique within a given type of authentication In the case of the server realm the realm name indicates local or NAS authentication The SET DEFINE CHANGE CLEAR PURGE REALM realm name command family sets up and tears down the various realms used to identify particular administrative domains Example Setting the Server Realm In the following example the command defines a new server realm The keyword realm name is the proper name of the newly defined realm Before using this new realm you must assign additional realm parameters to it Local SET SERVER REALM JONAS COM Managing Access Server Security 22 27 Determining Security Configuration Determining Security Configuration Displaying RADIUS SECURID and KERBEROS Characteristics The SHOW RADIUS SECURID KERBEROS CHARACTERISTICS command displays all configured realm names along with any pertinent configuration parameters This command is privileged It shows the various RADIUS and SecurID servers that are configured for the access server as well as the Kerberos KDCs It also shows the existing local server security database Example Showing RADIUS Characteristics The following example shows the resulting display for the SHOW RADIUS CHARACTERISTICS command LOCAL SHOW RADIUS Retransmit Interval Authentication Service Port Realm Realm Inclusion Prompt Secret Accounting Host Authentication Host Authorization Defaults
284. he queue limit 11 8 Configuring and Managing Interactive Devices Configuring an Interactive Device for LAT Sessions SHOW QUEUE ALL Display Example The following example shows how to generate a queue display For each queued request the displays have one line of information arranged in columns under fixed headings Local SHOW QUEUE ALL Position Entry Source Node Service Port Name 1 128 ORANGE TIMESHARING4 2 PORT NAME 2 130 BANANA SALES 4 PORT NAME 3 131 PEACH ENGINEERING Removing Entries from the Access Server Queue Use the REMOVE QUEUE command to modify the connection queue by selectively removing entries from the queue When you remove an entry from the access server queue the access server notifies either the requesting service node for a host initiated request or the terminal user for a local access request that the request is being rejected No default entry exists for the REMOVE QUEUE command and failure to specify what entry or entries are to be removed from the queue results in an error The following sets of entries can be removed e A specific entry by using the REMOVE QUEUE ENTRY entry number command for each entry e The entries from a specific requesting node by using the REMOVE QUEUE NODE node name command e The entries for a specific requested service by using the REMOVE QUEUE SERVICE service name command e All queue entries by using the REMOVE QUEUE ALL command Effect on
285. he server to 0 use the following command Local ZERO SERVER AUTHENTICATION COUNTERS You can reset the user authentication counters for an individual port a group of ports or all ports For example the following command resets the user authentications counters to 0 for ports 2 3 and 5 Local ZERO PORT 2 3 5 AUTHENTICATION COUNTERS 22 12 Managing Access Server Security Managing RADIUS Managing RADIUS Introduction A RADIUS server must be operational on the network The RADIUS server can include accounting capability but the RADIUS accounting can be in a separate server on a different node In addition there can be multiple RADIUS servers on the network and RADIUS provides a method for using a second server should the attempt with the first server result in no response A node that has the RADIUS server is considered an authentication host A node that has a RADIUS accounting server is considered an accounting host RADIUS security involves the definition on the access server of one or more RADIUS realms A realm is an administrative domain for the purpose of authentication which can supply default values for many attributes associated with RADIUS access and usage Each RADIUS realm points to its own associated RADIUS authenticating host and accounting host Minimal Setup for RADIUS The minimal configuration requires the following commands to set up the remote ports used for communication with the RADIUS server s The
286. he time period in seconds that the system is to wait before repeating an authentication request to an alternate authentication server e This command causes the realm name to be included as part of a user name sent to the RADIUS server Local gt CHANGE RADIUS REALM JONAS COM INCLUDE Realm name inclusion is used for RADIUS proxy authentication service Reference See the Network Access Server Command Reference for more information on these commands Example Including the Realm Name If your realm name has to be included when the access server sends messages to the RADIUS server issue the command shown in the following example LOCAL CHANGE RADIUS REALM JONAS COM INCLUDE For most usage you will not want to include the realm name If you do each entry in the RADIUS server s users file will have to appear as user name realm name instead of simply user name If a user has to be called back this value is derived from User Service Type when specified If it is not specified then realm defaults port defaults can apply 22 14 Managing Access Server Security Managing RADIUS Example Defining Realm Default Authorization Attributes LOCAL CHANGE RADIUS REALM JONAS COM PERMISSIONS DIALBACK LOCAL CHANGE RADIUS REALM JONAS COM CALLBACK ENABLED DIALBACK NUMBER 1 800 555 1111 Example Defining Password Authentication Type LOCAL CHANGE RADIUS REALM JONAS COM ACCESS FRAMED Note The value NONE shou
287. hentication CHAP USERNAME PC clients that connect immediately to PPP will be authenticated using PPP CHAP authentication If you user the CHAP NOUSERNAME options with the PORT LCP AUTHENTICATION command the login fails If you use either the PAP NOUSERNAME or CHAP NOUSERNAME options with the PORT LCP AUTHENTICATION command when you enable AUTOLINK authentication the login fails Note if you configure the default protocol and dedicated service for the port as AUTOLINK and you disable AUTOLINK authentication SLIP and character cell users may be connected without authentication This will occur even if PPP users are authenticated because of the port s LCP AUTHENTICATION characteristics Setting AUTOLINK Timers You can set an AUTOLINK timer to specify how long the port waits to detect the protocol of the user session If the port does not detect a valid PPP frame a valid SLIP frame or a single carriage return character the session defaults to character cell terminal AUTOLINK makes two passes to determine the authentication style and the protocol of the user session 1 If authentication is required the first pass determines the authentication style Either PPP authentication or character cell authentication can be used You can set the timer for the first pass to be between 10 and 60 seconds If no authentication is required AUTOLINK determines the session style 2 If there has been an authentication pass the second pass det
288. host 22 23 Maximum receive unit MRU 15 7 Maximum segment size MSS 15 7 Maximum transmission unit MTU 15 7 MDS protocol 4 2 Memory 1 5 2 3 17 2 to 17 3 Menus 3 2 3 5 3 11 defining 3 8 displaying 3 5 MESSAGE VERIFICATION characteristic 11 26 MIBs 16 3 Index 7 MODE command 21 14 MODEM CONTROL 10 3 10 9 to 10 10 10 12 10 15 10 18 12 13 13 5 characteristic 10 7 enabling 10 8 Modem signals 10 1 10 3 Access server type 10 3 access server type 10 3 description 10 5 Full MODEM CONTROL 10 3 MODEM CONTROL 10 3 Modems 19 3 configuring 10 15 12 6 Configuring as Telnet listener 13 3 dial in 10 15 SLIP protocol 15 10 dial out 10 16 strings 21 4 MODIFY command 4 5 MONITOR command 2 3 MOP protocol 2 7 4 3 4 5 5 4 23 6 to 23 7 MRU value 15 7 MSS 15 7 MTU value 15 7 15 12 changing 15 7 Multicast timer characteristic 6 2 6 9 SHOW SERVER display 2 6 MULTISESSION characteristic 11 13 Multisessions logging in 11 15 N Name AppleTalk status display 8 11 NAME characteristic 6 2 Name servers characteristic learned 7 8 local 7 8 NBP 8 8 NCL 4 6 NCL SHOW command 4 5 NCP 2 7 to 2 8 5 4 NCP SHOW NODE 4 5 Index 8 Network AppleTalk status display 8 11 Network communications LAT 1 3 17 2 TCP IP 1 3 Network configuration 11 4 Network Control Program NCP 2 8 Network Management Station NMS 16 1 NEWLINE characteristics 11 24 13 13 Next Hop AppleTalk routes display 8 12 NMS 16
289. host initiated request LAT A connection request from a computer asking a access server to initiate a session The session connects an applications device such as a printer on a access server port to an application such as a print queue on the computer ICMP Internet Control Message Protocol A protocol that is the part of the Internet Protocol that gateways and hosts use to communicate control and error information If for any reason a gateway cannot forward or deliver a datagram or if the gateway detects unusual conditions that may affect the host the gateway uses this protocol to communicate with the host so that the host can take corrective action ID This is an abbreviation for identification image See access server image initialization The process of running the access server diagnostic self test program and optionally downline loading the access server with the access server image Installation Verification Procedure See IVP Internet Internet written in all lowercase letters is a collection of packet switching networks that use TCP IP protocols and are interconnected by gateways Software enables the networks to function logically as a single large virtual network 3 Internet written with the first letter capitalized refers specifically to a collection of networks and gateways including the ARPANET MILNET and NSFnet that use the TCP IP protocol suite and function as a single cooperative virtual network
290. hows how to enable SIGNAL CHECK on port 7 Local CHANGE PORT 7 SIGNAL CHECK ENABLED You should enable SIGNAL CHECK for ports with printers attached If SIGNAL CHECK is disabled data loss can occur when the device is turned off However you should not enable SIGNAL CHECK if you are using DSR or CTS flow control or if MODEM CONTROL or SIGNAL CONTROL is enabled You should enable SIGNAL CHECK along with either DSRLOGOUT or LONGBREAK LOGOUT and when the computer is turned off This prevents users on the network from making a connection to the computer 10 10 Configuring Modem Signals Specifying DTRWAIT Specifying DTRWAIT Description When functioning with modems and computer interfaces the access server port normally asserts the DTR signal at all times except during a disconnect sequence However there are instances when assertion of DTR is undesirable For example when a computer is offered as a service the automatic reassertion of DTR after a disconnect sequence might cause the computer to act as if a session is in progress If DTRWAIT is disabled which is the factory set default the DTR signal is asserted on an idle port e When DTRWAIT is enabled the access server can delay the assertion of DTR until a connection is detected from a modem when an interactive user logs in or when the access server receives a connection to the port from the network e WithDTRWAIT enabled the access server supports autoanswering equipment on
291. ia asynchronous lines Each remotely connected Novell client looks and acts as if it was directly connected to the LAN The network access software provides PPP IPXCP as the underlying data link on the asynchronous lines This allows multiprotocol support IP IPX AppleTalk over the same asynchronous lines simultaneously Access Server Configuration The access server can be set up to provide access for remote PC users to dial in over standard telephone lines to establish an IPX connection to a Novell network The remote PC can access network resources such as file servers printers and electronic mail Once connected the PC becomes a remote node on the network The access server facilitates IPX client server communications between PC and NetWare file servers over the standard telephone line The remote node service provides the same functions and features to remote PCs as locally connected LAN users The main difference between the remote node connection and a local connection using Ethernet is the data transfer speed However dial in connections that use high speed modems provide excellent performance The PC gains access to the IPX network through the access server by using any third party remote node access software that supports the point to point protocol PPP for IPX The remote access software must also facilitate the use of Novell NetWare workstation software which is used to communicate with the Novell network over the dial up conn
292. ializing For example the following command causes the access server to request the image named WWENG2 from a load host Local INITIALIZE FROM ETHERNET IMAGE WWENG2 Specifying Initialization from Flash RAM If a access server has Flash capabilities you can specify initialization from the image stored in Flash RAM by using the following command Local INITIALIZE FROM FLASHRAM Updating Flash RAM If a access server has Flash capabilities you can update the image stored in Flash RAM with an image from a network load host Use the following command Local INITIALIZE FROM ETHERNET UPDATE FLASHRAM This command causes the access server to request the image name stored in NVRAM from a load host to update Flash RAM Specifying a Delay Value with INITIALIZE When you enter the INITIALIZE command you can specify a delay value as shown in the following example Local INITIALIZE DELAY 10 This command causes the access server to wait 10 minutes before initializing The range for the delay value is from 0 to 1440 minutes The default delay value is 1 Initializing the Access Server 5 5 Initializing the Access Server Using the DIAGNOSE Option with INITIALIZE Using the DIAGNOSE option with INITIALIZE enables you to test the access server hardware You can specify three types of tests as described in the INITIALIZE DIAGNOSE Option Tests The following example shows the DIAGNOSE option with INITIALIZE Local INITIALIZE
293. ical port available Number of connections closed by a user or remote host Number of connections dropped because of a reset from the remote host unsuccessful retransmission keepalive timeout protocol error or aborted by Telnet due to lack of available physical ports The following counters contain statistics on ICMP messages Total number of ICMP messages transmitted by the access server Total number of ICMP messages received by the access server Total number of ICMP messages dropped by the access server because of an error in the ICMP message such as incorrect code checksum error or incorrect length Total number of ICMP Destination Unreachable messages received by the access server Usually received when a connect attempt fails because either the TCP or UDP port is unknown at the remote host or the host or the host s network is unreachable TCP IP Network Characteristics 7 23 Displaying the Internet Counters Field UDP Datagrams Transmitted Received Dropped 7 24 TCP IP Network Characteristics Description The following counters contain statistics on connections Total number of UDP datagrams transmitted by the network access server Total number of UDP datagrams received by the network access server Total number of USDP datagrams dropped by the network access server because of an error in the UDP header checksum fails or length is incorrect Learning IP Information From a BOOTP Serve
294. ices the Character MIB The obsolete draft version dated March 19 1991 is also supported for backwards compatibility RFC 1317 Definitions of Managed Objects for RS232 like Hardware Devices the RS232 like MIB The draft version dated March 19 1991 is also supported for backwards compatibility Supported MIB Variables The standard Internet MIB contains approximately 200 variables The meanings of many of these objects are device specific 4 For more information about MIB variables refer to the file snmp_survival txt contained in the software installation kit This file provides explanations of the various SNMP MIB objects implemented on the access server Configuring for SNMP Access 16 3 Supported SNMP Features Supported Management Information Base Variables The following figure illustrates the access server implementation of MIB II the Character MIB RS 232 like MIB AppleTalk MIB and Ethernet like MIB variables The objects described in this section are implemented as defined in RFCs 1213 1243 1284 1316 and 1317 MIB II Variables System IP TCP Atomics Atomics Atomics Address table Connections table Interfaces Routing table Atomics Translation table UDP Interface table Atomics ICMP Listener table Address translation Atomics Address translation table SNMP Atomics Character Stream RS 232 Interface Type Device MIB Variables MIB Variables Atomics Atomics Port table Port table Session table Async Port ta
295. icularly accounting attributes are utilized internally between the RADIUS server or accounting server and the access server which are independent of authorization attributes 22 22 Managing Access Server Security Managing SecurlD Managing SecurlD Introduction The Security Dynamics ACE Server software performs dynamic two factor SecurID authentication Dynamic two factor authentication combines something the user knows a memorized personal identification number PIN with something the user possesses a randomly generated access code that changes every 60 seconds The second factor is the tokencode generated by the SecurID token This combination of PIN and tokencode represents a one time passcode and is transmitted to the ACE Server software for verification The ACE Server security environment is composed of four components These are 1 ACHE Server software running on a UNIX platform 2 Optional slave ACE Server software running on a UNIX platform 3 Access server running DNAS V2 0 or greater 4 SecurID tokens utilized by users when they attempt to access the ACE Server protected ACE Clients SecurID utilizes two types of hosts master and slave When setting up a SecurID realm specify the master host by using the command SET PRIMARY host name You can specify the slave host using the command SET HOST host name Although the access server does allow you to configure multiple slave hosts you should not do this Using the SE
296. id length of TCP header Total number of bytes of data transmitted in TCP segments including bytes retransmitted The following counters are a breakdown of this total Bytes Data Total number of bytes of data transmitted in TCP segments not including bytes retransmitted Bytes Data Retransmitted Total number of retransmitted bytes of data transmitted in TCP segments Total number of bytes of data received in TCP segments Total number of IP datagrams transmitted Total number of IP datagrams received Total number of IP fragments received Field IP Fragments Dropped IP Error in Header Internet Connections Requested Accepted Established Closed Dropped ICMP Messages Transmitted Received Dropped Destination Unreachable Displaying the Internet Counters Description Total number of IP fragments dropped due to either a lack of memory to store the fragment or received a duplicate fragment Total number of IP datagrams received with errors in the header These are discarded The following counters contain statistics on connections Number of outgoing Telnet connect attempts made by users Number of incoming TCP connections accepted by Telnet This count includes those connections accepted by Telnet then dropped due to no physical port available Number of connections established by TCP This count includes those connections accepted by Telnet then dropped due to no phys
297. iei Ue e ete ta Palit MERC Ad 20 6 PC Remote Access Software sesser eins oE A E o E EE E N nae 20 6 Novell Workstation Software csse 20 6 Novell Utilities for Local Execution llle 20 6 Setting Up the Network Access Server eee 20 7 Enabling IPX ui E Renee t eate es PR ewe A 20 7 Configuring the Port for an Attached Device o ooooooocococococroc 20 7 Configuring the Port for the Login Method 00 0 0 eee eee eee 20 8 Configuring the Port for Login to the Local Prompt 0 0 00008 20 8 Configuring the Port Dedicated to PPP 0 ee ee ee 20 9 Configuring the Port for PPP IPXCP Data Link o ooo cococcoccocoocococo ooo 20 9 Summary of DECserver IPX Management Commands 0000 0 005 20 11 Port PPP IPX Commands for LCP 0 0 00 eee 20 11 Port PPP IPX Commands for IPXCP 0 0 cee eee 20 12 Port PPP Commands for PPP Negotiation Status 0 0 0 cee eee eee ee 20 12 Server IPX Commands i oie RR Deed eb eee 20 13 Modem Considerations cese eich Se a e ene RE Speedo 20 15 DiakIn Modems ce eee a HE eo 20 15 Dial Out PC Modems tees esi A ER edP 20 15 Novell Client Server Operation 00 0 eee e 20 17 Establishing Remote Node Access Connection to Novell Network 20 17 XX Novell Operations 4 eub Im SIVECGIGM OSE a he a ee P exi 20 17 Operational Checkout and Diagnosis see 20 19 Verifying
298. ific Types of Devices As LAT Services Configuring a Printer As a LAT Service After you configure a printer as a LAT service you need to set up the appropriate LAT remote print queue as described in the following sections of this chapter Setting Up a LAT Remote Print Queue on an OpenVMS Host and Setting Up a LAT Remote Print Queue on an ULTRIX System Example Configuring a Printer As a LAT Service on Port 4 The following example shows a sample configuration of a printer as a LAT service Local DEFINE PORT 4 ACCESS REMOTE AUTHORIZED GROUPS 10 24 46 Local DEFINE PORT 4 AUTOBAUD DISABLED AUTOCONNECT DISABLED DEDICATED NONE Local DEFINE PORT 4 DSRLOGOUT DISABLED INACTIVITY LOGOUT ENABLED Local DEFINE PORT 4 LONGBREAK LOGOUT DISABLED SIGNAL CHECK ENABLED Local DEFINE PORT 4 SIGNAL CONTROL DISABLED Local LOGOUT PORT 4 Local CHANGE SERVER SERVICE GROUPS 10 24 46 ENABLED Local CHANGE SERVICE LASER PORT 4 IDENTIFICATION LNO3 laser printer Setting Up a LAT Remote Print Queue on an OpenVMS Host To set up a LAT remote print queue on an OpenVMS host the host must be running LAT software Version 5 1 or a later version You use the LAT control program LATCP to perform the setup procedure Privileges for Running LATCP The privileges that you need to run LATCP depends on the version of the operating system as shown in the following table Operating System Privileges Needed OpenVMS Version 5 1 through OpenVMS Versi
299. iming signal atomics Refers to nontabular objects in a group of objects in a MIB authentication Utilizes Kerberos to verify a user s identity by validating a Kerberos user name and password on a remote Kerberos host KDC authentication trap An SNMP trap message that is sent to each community with TRAPS enabled whenever an unauthorized Internet host tries to access the access server or when an Internet host uses an unauthorized SNMP GET or GETNEXT message autobaud The process by which the access server automatically determines the line speed and other characteristics of a terminal attached to one of its ports autoconnect A feature whereby the access server automatically attempts to reconnect a port to a network resource in the following situations the port becomes disconnected from a resource the user enters a CONNECT command and the specified resource is unavailable or the user logs in to a port that has a preferred service defined automatic failover See failover bootptab file This is the file that BOOTP uses to store information necessary to downline load software The bootptab file is normally shown as etc bootptab BOOTP Internet Bootstrap Protocol This Internet protocol is used to configure the communications software on a load host BOOTP TFTP Server This is a load host that uses the BOOTP and TFTP Internet protocols to configure the load host and downline load the software broadcast A access
300. implied warranty Regents of the University of California 1986 1987 All rights reserved Redistribution and use in source and binary forms are permitted provided that this notice is preserved by Berkley The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission The software is provided as is without express or implied warranty Contents Preface 1 DNAS Management OVERVIEW ctio e SLE it t bae ec Ets ect 1 1 Introduction seese ean bees seve BARRE EA RR RENTA REIR Seed Dee toten 1 1 In This Chapters ct A etc sceleri ee ote d ig ee ORNS eA 1 1 Configuration Tasks for System Administrators 0 0 0 0 een 1 2 Configuration Tasks eis me n e pie E A eot fue tet 1 2 Management Tasks for System Administrators 2 0 0 0 0 0 cece ee ees 1 3 System Management Tasks usce cese E UE CURE e C EE A Rachael 1 3 User Task os scsi dG A See n Shawnee bles iere e Rech 1 4 Introduction 34 eS eo HR hcic reir ee e Ramo edid 1 4 Accessing Online Help see Rea eme DR EE Dee OS 1 4 Storage of Configuration Settings and Changes in Memory 000000000 eee 1 5 Memory Ty Des cu dede erede o Ea eto eate les Beet set ede td ade Tene 1 5 Powet Lo8S urerkelF iO EIER CERUCKA e UR NODE UP E SUR Mave IU HR UR Pe Ue gd A RT 1 5 Commands to Display and Change Configuration Settings 0 0 00 00000005 1 6 Introduction pees xess ter e
301. in command line displays The Local prompt which appears in most examples is the default access server prompt You can change this prompt to something other than Local with the SET DEFINE CHANGE SERVER PROMPT command All numbers are expressed in decimal notation unless otherwise noted All Ethernet addresses are shown in hexadecimal notation Convention Meaning Monospaced Monospaced type in command examples indicates system output or user input User input is in boldfaced text UPPERCASE Uppercase text in command lines indicates keywords that TEXT must be entered You can enter them in either uppercase or lowercase You can abbreviate command keywords to the first three characters or to the minimum unique abbreviation lowercase Lowercase italics in command syntax indicates variables for italics which either the user or the network access server supplies a value Braces in the command syntax indicate that you must choose one of the enclosed options Do not type the braces Brackets in the command syntax indicate that the enclosed values are optional You can enter one or none Do not type the brackets UPPERCASE Uppercase boldface text in summaries of characteristics BOLD indicates default values lowercase bold Terms in bold face type are defined in the glossary Ctrl n This syntax indicates a keying sequence for which you must hold down the Ctrl key while pressing the key specified by the variable n
302. inal Types and Keyboard Maps This section discusses the default server wide keyboard maps and then explains how to define and customize new keyboard maps The Selecting and Customizing Keyboard Maps for a Port section discusses keyboard maps for ports By default the access server offers five different terminal types Each terminal type is associated with one of two default keyboard maps VT100 and VT220 You can display the default terminal types and keyboard maps with the following command Local gt SHOW TN3270 TERMINAL Configuring and Managing 3270 Terminal Emulation TN3270 18 9 Displaying and Customizing Keyboard Maps Default Server Wide Terminal Type and Keyboard Maps The following table shows the default keyboard map and the associated terminal type Predefined Terminal Type Default Keyboard Map ANSI VT100 VT100 VT100 VT220 VT220 VT320 VT220 VT420 VT220 These particular associations between terminal types and keyboard maps are fixed You cannot reassign any of the five default terminal types to different keyboard maps You cannot customize any of the individual key assignments for either of the two default keyboard maps on an access server wide basis These default terminal types and keyboard maps are intended for users who do not need any customization You can display the key assignments for the default keyboard map VT220 in this example with this command Local SHOW TN3270 KEYMAP VT220 Defining New Serve
303. incipal name This session assumes that the Kerberos administrator has entered your user name and password in the Kerberos database Username smith su finance acme com Password not echoed Local 450 Attempting to authenticate user smith su finance acme com Local 451 Authentication successful Local Example Authentication Using the First Portion of the User Name If a default realm is configured you have to enter only the first portion of the user name as shown in the following example Username smith Password not echoed Local 450 Attempting to authenticate user smith finance acme com Local 451 Authentication successful Local 22 10 Managing Access Server Security Managing Kerberos Changing a User Name and Password Once the network manager has set up the access server users can change their own passwords on the master KDC for their realm Example Sample Kerberos User Authentication Session The following example shows a sample session for changing a password The way that message 468 wraps may appear differently on your terminal screen Local kpasswd Username smith Old password oldpassword not echoed New password newpassword not echoed Verification newpassword not echoed Local 468 Attempting to change Kerberos password for user smith finance acme com Local 469 Kerberos password has been changed Local Alternative Password Command Instead of the KPASS
304. ing Interactive Devices 11 45 Managing Sessions For ports with session management terminals the kind of terminal at the port further determines the port s session limit where the access server port can support up to eight terminal sessions However terminal devices typically support a maximum of less than eight terminal sessions The documentation for the terminal device should tell you how many terminal sessions the device can have Set the port session limit to a value in that range Displaying Session Information You can display a line of information about the current status of a port or ports and a list of the sessions on the port or ports To display a summary of session information use the SHOW SESSIONS command If you wish to display a continuous update of the sessions use the MONITOR SESSIONS command Use the ALL keyword instead of a port number to receive equivalent information about the sessions for all access server ports For ports set up as a LAT service or Telnet listener the user name is displayed as Remote Example SHOW SESSIONS Display The following example shows how to generate a sessions display for ports 1 and 2 The first line of the sessions display begins with the port number and port user name On the same line the display shows the port mode either Local Mode or Session Mode and the current session number The next few lines in the display consist of active session information One line of informatio
305. ing Ports with Modems for PPP The following example shows a series of commands used to dedicate a port with an attached modem to PPP Local DEFINE PORT 5 ACCESS LOCAL ALTERNATE SPEED NONE Local DEFINE PORT 5 AUTOBAUD ENABLED AUTOCONNECT DISABLED Local DEFINE PORT 5 BREAK DISABLED DEDICATED PPP DEFAULT PROTOCOL PPP Local DEFINE PORT 5 DSRLOGOUT DISABLED DTRWAIT DISABLED Local DEFINE PORT 5 FLOW CONTROL CTS INACTIVITY LOGOUT DISABLED Local DEFINE PORT 5 INTERRUPTS DISABLED MULTISESSIONS DISABLED Local DEFINE PORT 5 PREFERRED NONE SIGNAL CHECK DISABLED Local DEFINE PORT 5 SIGNAL CONTROL ENABLED SPEED 2400 Local DEFINE PORT 5 PPP IPCP HOST ADDRESS 1 2 3 4 Local DEFINE PORT 5 PPP ENABLED Local LOGOUT PORT 5 Configuring and Managing Point to Point Protocol PPP Ports 19 3 Establishing and Ending a PPP Session Establishing and Ending a PPP Session Using the CONNECT PPP Command If PPP is configured you can start a PPP session on a port by entering the following secure command Local CONNECT PPP You can stop a PPP session by e Logging out of the port e Generating a BREAK to the access server if the login is interactive followed by the DISCONNECT command causing the peer to negotiate an end to the link The exact mechanism for causing a peer to negotiate the end of a link depends on the PPP package used on the access server peer 19 4 Configuring and Managing Point to Point Protocol PPP Ports Displ
306. ing and Managing SLIP Ports Configuring a Dedicated SLIP Port Configuring a Dedicated SLIP Port Introduction The dedicated SLIP port allows a single SLIP session Before you perform this procedure you must configure the device and port characteristics as described in Chapter 9 Configuring a Device As a Dedicated SLIP Host The following example shows a sample configuration of a dedicated SLIP port Local DEFINE PORT 4 ACCESS LOCAL AUTOBAUD DISABLED AUTOCONNECT ENABLED Local DEFINE PORT 4 BREAK DISABLED DEDICATED SLIP Local DEFINE PORT 4 DEFAULT PROTOCOL SLIP Local DEFINE PORT 4 DSRLOGOUT DISABLED DTRWAIT DISABLED Local DEFINE PORT 4 FLOW CONTROL CTS INACTIVITY LOGOUT DISABLED Local DEFINE PORT 4 INTERRUPTS DISABLED PASSWORD DISABLED PREFERRED NONE Local DEFINE PORT 4 SIGNAL CHECK DISABLED SIGNAL CONTROL ENABLED Local DEFINE PORT 4 SLIP ENABLED Local DEFINE PORT 4 SLIP HOST 195 1 2 1 Local DEFINE PORT 4 SLIP MTU 800 Local LOGOUT PORT 4 Configuring and Managing SLIP Ports 15 9 Configuring a Dial In Modem for Use with a SLIP Host Configuring a Dial In Modem for Use with a SLIP Host Introduction Before you perform this procedure you must configure the device and port characteristics as described in Chapter 9 Configuring a Dial In Modem on Port 6 for Use with a SLIP Host The following example shows a sample configuration of a port using a dial in modem for use with a SLIP host on a full m
307. ing from a service dle Port is not in use Local Mode Port is logged in to the access server and is not connected to or connecting to a service Locked LOCK command was executed on the port Signal Wait The port failed to assert the DSR signal during a signal check controlled connection attempt Sessions Number of active sessions at the port Current Service Active service session or the service session interrupted when the user last entered local mode Node to which the current session is connected If the access is remote this is the name of the node from which the connection originated Checking Port Status and Counters Field Description Current Port Identification of the port at the service node or at the requesting node Input or Output Status of the data flow for the specified direction for the XOFFed port Input or Output Modem signals either currently asserted by the access Signals server or currently monitored by the access server Displaying Port Summary The LIST MONITOR SHOW PORT SUMMARY command displays one line of general information for each selected port The port summary display is useful for obtaining information about how the ports are being used This is the default display for the PORTS ALL entity specification Example SHOW PORT SUMMARY Display The following example shows how to generate a port summary display Local SHOW PORTS ALL SUMMARY
308. ing session is terminated There is always an associated session connect attempt event Use the disconnect reason or bytes Tx Rx to determine whether the connection attempt was successful Password Fail Events Password fail Kerberos Privilege Maintenance Login Remote events are logged for every attempt to enter the associated password SNMP Community Fail Events SNMP community fail events are logged whenever an SNMP access attempt is made with a community name and or source IP address that is not enabled on the access server Accounting 23 9 When Events Are Logged Password Modified Events Password modified events Privilege Maintenance Login Remote are logged whenever the associated password is modified with a SET DEFINE CHANGE command A single event is logged for each UI command only one event is logged for a CHANGE command SET commands cannot be distinguished from DEFINE commands If a user sets the password to the existing value an event is still logged User Privilege Level Modified Events User privilege level modified events are logged whenever a user does a SET PRIV command and successfully provides the privilege password at the Password prompt If the user is already privileged the event is still logged SNMP Community Modified Events 23 10 Accounting SNMP community modified events are logged whenever a user adds or deletes an SNMP community string on the access server They are also logged if an exis
309. ing the Access Server Managing Your Access Server As Part of the LAT Network Example NODE SUMMARY Display The following example shows how to generate a node summary display Local SHOW NODE ALL SUMMARY Node Name Status Identification BANANA 2 Connected Documentation System ORANGE Reachable Terminals Development System PEACH Unreachable Software Engineering Develooment PEAR Requesting Printer Service TEST Unknown High powered Performance Testing Local NODE SUMMARY Display Fields The following table describes the information in the NODE SUMMARY display Heading Description Node Name The name of the service node as defined in the access server node database Status Reachability status of the service node shown as one of the following n Connected Node is reachable and n sessions are active with services offered by the service node Reachable No sessions are active but the service node is accessible Requesting Node that does not presently offer services has made remote connection requests to the access server for printer access or for local services offered Unreachable Active service session has timed out The node can also signal that it is unreachable Unknown No sessions are active and the node has not been heard from recently Identification Brief description about the service node as entered by the system manager Managing the Access Server 17 9 Displaying
310. int for terminal type subnegotiation between the access server and the host The actual terminal type as displayed by the SHOW PORT SESSION STATUS command may be different if the Telnet host can not support the specified type The order of negotiation is VTXXX followed by ANSI followed by UNKNOWN For example if the TERMINAL characteristic is set to VT321 the access server will negotiate for the following terminal types in the order listed DEC VT32 VT321 DEC VT300 VT300 DEC VT200 VT200 DEC VT100O VT100 ANSI UNKNOWN Example Specifying Terminal Type The following example shows the command for defining a terminal type for a VT321 Local CHANGE PORT TELENET CLIENT TERMINAL VT321 Configuring and Managing Interactive Devices 11 27 Managing Access Server User Accounts Managing Access Server User Accounts Minimal Setup for Local User Accounts A limited amount of storage is available for defining user account records within the access server volatile and nonvolatile memory Note Theoretically all of NVRAM could be allocated for storage of user account data However it is important to bear in mind that the total storage space available for user account information will be affected by the quotidian operations of the access server and the total amount of stored data in NVRAM As a result the total available storage space for user accounts will fluctuate Example Setting the User Name The following example establishes a
311. interprets this condition as a loss of DSR and logs out the user This occurs when you enter a DISCONNECT command from the access server user interface or turn the power off The MODEM CONTROL or SIGNAL CONTROL characteristic can only be configured in the permanent database therefore you cannot use the SET or CHANGE command to configure MODEM CONTROL or SIGNAL CONTROL Configuring Modem Signals 10 7 Specifying MODEM CONTROL and SIGNAL CONTROL Example Enabling MODEM CONTROL The following example shows how to enable MODEM CONTROL on port 5 Local DEFINE PORT 5 MODEM CONTROL ENABLED Local LOGOUT PORT 5 Example Enabling SIGNAL CONTROL The following example shows how to enable SIGNAL CONTROL on port 11 Local DEFINE PORT 11 SIGNAL CONTROL ENABLED Local LOGOUT PORT 11 Normally you should disable SIGNAL CHECK when MODEM CONTROL or SIGNAL CONTROL is enabled 10 8 Configuring Modem Signals Specifying SIGNAL SELECT Specifying SIGNAL SELECT Introduction The SIGNAL SELECT characteristic is used only with MODEM CONTROL access servers This characteristic determines which of two sets of signals that the access server uses e CTS DSR RTS and DTR or e RI DCD DSRS and DTR The port device must be cabled correctly to work with the set of signals that you choose Determining When to Use a Signal Set The following shows when to use these signals e If the modem speed is below 9600 baud configure the port SIGNAL
312. ion Ros Lote xx nr t estet e re o e cts 10 9 Determining When to Use a Signal Set 0 0 0 00 ees 10 9 Specifying SIGNAL CHECK ssseeeeeee mh 10 10 Introduction ucc eroe eet RR ida E wa eat P e E 10 10 specifying DER WAI oae Cet ep in tt mecs 10 11 Description sisse RR esa 10 11 Enabling DTRWAIT Example ooooccccccococo e 10 11 Specifying RING 4 6 54 a PR tae Ene E each naan edet ena cs 10 12 D scription om aaah reete Saba e c RR RU ec A 10 12 Specifying ALTERNATE SPEED slssssssseeeee eh 10 13 D scriptioni 4e Ries Rete ER erat deseen tg ut aea etiaai ais 10 13 Specifying DIALUP Im em eel ae e e nts 10 14 D scription c seus ttp cec OE b e ete Ce aita Se tus 10 14 Sample Modem Configurations liess 10 15 Introductions eee Ee ARR AR Ee rure checa 10 15 Configuring a Dial In Modem on a Full MODEM CONTROL Server 10 15 Configuring a Dial In Modem on a MODEM CONTROL Server 10 15 Configuring a Dial Out Modem on a Full MODEM CONTROL Server 10 16 Configuring a Dial In and Dial Out Modem on a Full MODEM CONTROL Server 10 16 Configuring a Dial Out Modem on a MODEM CONTROL Server 10 17 Configuring a Dial In and Dial Out Modem on MODEM CONTROL Server 10 17 MODEM CONTROL Sequences unuunu nunne cece e 10 18 Introduction ess ee Rashi ee usce DR al ada sabe re ee dn a Maec e 10 18 xi Establishing a Connection 10 1
313. l 9 4 Configuring Basic Device Characteristics Configuring the ACCESS Characteristic Configuring the ACCESS Characteristic Description The ACCESS characteristic determines which types of devices can use a port The following table lists and defines the possible values for the port ACCESS characteristic Characteristic Device Type Examples Local default Interactive Terminals Remote Noninteractive Computers printers Dynamic Both interactive and Personal computers printers noninteractive with keyboards None Prohibits access to the port Command To set the ACCESS characteristic for a port use the DEFINE SET CHANGE PORT command with the ACCESS keyword Defining the ACCESS Characteristic Example The following example shows how to set the access characteristic for port 5 to remote Local DEFINE PORT 5 ACCESS REMOTE Configuring Basic Device Characteristics 9 5 Matching the Port and Device Characteristics Matching the Port and Device Characteristics Introduction You must ensure that the physical characteristics of the access server port match the physical characteristics of the device as described in this section If these characteristics do not match the device does not operate correctly The characteristics that must match are e AUTOBAUD e CHARACTER SIZE e PARITY e STOP BITS e SPEED e TYPE AUTOBAUD The AUTOBAUD characteristic determines if a port automatically detects a device s speed pari
314. l SHOW PORT 5 ATCP COUNTERS Port 51 Server LAT 08002B26AA94 ATCP Counters Negotiation Successes 0 Negotiation Failures 0 Configures in 8 Configures out 12 Acks in 6 Acks out 6 Naks in 0 Naks out 1 Rejects in 6 Rejects out 1 Terminates in 0 Terminates out 0 Term Acks in 0 Term Acks out 0 Fields in the ATCP Counters Display The following table describes the fields in the ATCP counters display Field Description Negotiation The number of times that ATCP has successfully entered a Successes round of negotiations to bring up AppleTalk since the link was brought up Ordinarily the value of this counter is 1 However you can reconfigure ATCP and then cause ATCP to renegotiate This changes the performance characteristics for the link Negotiation The number of times that ATCP tried to negotiate the link Failures but failed Configures in This is the number of ATCP configure requests received from the peer Configures out The number of ATCP configure requests sent to the peer from the access server Acks in The number of ATCP configure acks received from the peer Acks out The number of ATCP configure acks sent to the peer from the access server Configuring and Managing Point to Point Protocol PPP Ports 19 23 Displaying PPP Counters Field Naks in Naks out Rejects in Reject outs Terminates in Terminates out Term Acks in Term Acks out Description The number of ATCP confi
315. l carriage returns and enter a user name to get the local prompt and type CONNECT PPP at the prompt The PC remote node access software indicates that PPP has been negotiated 4 Activate Novell workstation software Refer to the documentation included with your PC remote node access software for instructions on loading and activating the Novell workstation software to establish a connection to a Novell fileserver Novell Operation Refer to the documentation included with your PC remote node access software for a discussion of considerations associated with Novell operation from a remote dial in node including e Make sure to store and run Novell utilities locally Large executables activated from a network disk can experience long load times due to the relatively slower speed of the serial line If the desired executables are not local copy them from the network disk after a Novell fileserver connection is established They may also be available from your remote node access software kit Managing IPX 20 17 Novell Client Server Operation 20 18 Managing IPX Use DOS batch files with all the commands necessary to load and activate the remote node access software and Novell software for establishing an IPX connection Refer to the remote node access software installation guide for additional information Use local Novell login scripts to facilitate logging in to a Novell fileserver If Novell packet burst is used specify a maximum
316. ld be read as unspecified This allows the port configuration to determine the access whenever the RADIUS server s user entry does not specify one or more authorization attribute RADIUS User Authorizations The ultimate value for an authorization attribute may come from one of three sources the RADIUS server the realm defaults or port characteristics in that order of precedence The choices for such features are 1 For each RADIUS realm name you define you can set various authorization attributes for that realm These values serve as defaults at the realm level This means that when a RADIUS user tries to login to the access server these values will be assigned to authorization attributes if the user entry in the RADIUS server s users file does not assign a value for the corresponding attribute If the user does not provide the attribute default in the realm and the corresponding attribute is not provided in the RADIUS server s users file then the access server s port characteristics are used if they have been previously defined 2 Oneofthe legal settings of the attributes in the realm is NONE This special value connotes unspecified In this case when a user attempts to log in if the value is not specified in the RADIUS server s entry for the user name and has the value NONE in the REALM then the PORT configuration parameter assigns the corresponding value The resulting value may still be unspecified if the corresponding port ch
317. led the port automatically connects to the host The following shows how to enable SIGNAL CONTROL on port 5 Local CHANGE PORT 5 SIGNAL CONTROL ENABLED Specifying Passwords There are two password characteristics that you need to set SERVER LOGIN PASSWORD and PORT PASSWORD SERVER LOGIN PASSWORD defines the password for the access server PORT PASSWORD enables the login password on a particular port A single login password is used for the whole access server although the password is enabled on a port by port basis This password is most likely to be useful when you wish to reserve access to a terminal located in a public place For example in a widely used computer center you want to keep a terminal open for your computer services staff Enabling the login password would prevent your general user population from using that terminal You can enable the login password for a port with a session management terminal The terminal user must enter the password when initially logging in to the access server If you plan to enable the login password at one or more ports you should take care in selecting with whom you share the password In addition you should change the password on a regular basis and inform those selected users of the new password The login password can be 1 to 16 ASCII characters The factory set default login password is ACCESS Managing Access Server Security 22 37 Specifying Other Security Features Login Passwor
318. lient s modem in anticipation of a return call from the server successful PPP call back negotiation results in the initial PPP session being automatically disconnected This also breaks the modem s connection and results in the PPP client hanging up the phone making it available for the return call from the server Managing Dial Services 21 17 Overview Introduction Chapter 22 Managing Access Server Security The DECserver Network Access Software DNAS supports the following authentication services In This Chapter RADIUS SecurID Local User Accounts Kerberos V4 This chapter contains the following topics Security Type Descriptions Common Terminology Across Security Realms Managing Kerberos Managing RADIUS Managing SecurID Managing Local Access Server Security Determining Security Configuration Managing Dial Up Access Security with AUTOLINK and AUTOLINK Authentication Specifying Other Security Features Managing Access Server Security 22 1 Security Type Descriptions Security Type Descriptions Introduction This section describes the types of security that the access server supports Kerberos Kerberos is a user authentication system designed for open network computing environments It provides for the authentication of a user name and password pair by means of a host system accessible over the network Once the user name and password pair is verified the access server assigns any default authorizati
319. lk protocol suite AppleTalk Address Format AppleTalk node addresses consist of two fields a network number and a node number A network number can be in the range 1 to 65534 A node number can be in the range 1 to 254 The network and node numbers are separated by a period Enabling AppleTalk By default AppleTalk is not enabled on an access server In order for the access server to act as an AppleTalk node on the network a privileged user has to enable AppleTalk explicitly with the following DEFINE command Local DEFINE APPLETALK ENABLED Then the access server has to be reinitialized Upon reinitialization the access server functions as an AppleTalk node by doing the following e Acquiring an AppleTalk address and zone e Registering its AppleTalk name e Acquiring and defending AppleTalk addresses for attached hosts e Forwarding AppleTalk DDP packets e Permitting hosts attached via asynchronous lines to participate in the AppleTalk protocol e Responding to SNMP requests for AppleTalk information e Responding to AppleTalk Echo packets 8 2 Managing AppleTalk Configuring AppleTalk on an Access Server Disabling AppleTalk If you decide that your access server should no longer act as an AppleTalk node all AppleTalk capabilities can be turned off using the following privileged DEFINE command Local DEFINE APPLETALK DISABLED Reinitialize the access server to have this command take effect Upon reinitialization
320. llows you to configure the dial in modem to any speed supported by both the modem and the access server Configuring Modem Signals 10 13 Specifying DIALUP Specifying DIALUP Description The DIALUP characteristic is used to notify LAT service nodes that a port user connected to the service through a dial in modem The service node can use this information to implement system security With DIALUP enabled the access server sends DIALUP notification to service nodes With DIALUP disabled the default the access server does not notify the service nodes If you do not enable DIALUP the service node could treat the user s service sessions as local connections at the service node itself Ask the network manager and the service node system manager if they require this notification when there are dial in modems at access server ports The DIALUP characteristic is not used for resources on the TCP IP network 10 14 Configuring Modem Signals Sample Modem Configurations Sample Modem Configurations Introduction This section provides sample modem configurations for access servers that support full MODEM CONTROL Configuring a Dial In Modem on a Full MODEM CONTROL Server The following example provides a sample configuration for a dial in modem operating at 57600 baud Note that when the port password characteristic is enabled you must have previously defined a server login password refer to Specifying Passwords in Chapter 22 Local
321. low Control XON Output Speed 9600 Parity None Signal Control Disabled Stop Bits Dynamic Signal Select CTS DSR RTS DTR Access Local Local Switch None Backwards Switch one Name PORT_1 Break Local Session Limit 4 Forwards Switch None Type Ansi Default Protocol LAT Default Menu None Dialer Script None Preferred Service TEST Node PEACH Destination LTA15 Authorized Groups 0 10 20 50 200 255 Current Groups 0 10 20 50 200 255 Enabled Characteristics Autobaud Autoconnect Autoprompt Broadcast DSRlogout Inac tivity Logout Input Flow Control Interrupts Limited View Loss otification Message Codes Multisessions Output Flow Control On Demand Loading Password Queuing Security Signal Check Verification Local Displaying Port Counters The SHOW MONITOR PORT COUNTERS command displays the counters associated with each of the selected ports Use this command to discover the source of any problems between the port device and the port Typically network problems can be detected with errors recorded in the access server status display The maximum value possible for the port counters is 4 294 967 295 If a counter reaches that value it remains at that value until either the counters are set to zero or the access server is initialized Three counters in the port counters display can indicate possible problems The access server status display gives values for port framing parity and overrun errors fo
322. low the person managing the access server to define a new line as a 1 or 2 character sequence In this case TERMINAL specifies the user at the remote end of the connection Telnet client and HOST specifies the device connected to the access server Telnet server e NEWLINE FROM TERMINAL When entered by the remote user the character sequence is interpreted as a new line The factory set default is CR The following shows how to change the character sequence to Local CHANGE PORT 5 TELNET SERVER NEWLINE FROM TERMINAL Qi e NEWLINE TO TERMINAL The character sequence is sent to the user s terminal whenever a NEWLINE FROM HOST sequence is received from the internet host The factory set default is CRLF e NEWLINE FROM HOST When received from the internet host the character sequence is interpreted as a new line The factory set default is CRLF Note that the Telnet protocol specifies that the CRLF sequence should be sent e NEWLINE TO HOST When entered by the remote user the character sequence is sent to the internet host The factory set default is CRLF Note that the Telnet protocol specifies that the CRLF sequence should be sent Specifying Character Size The CHARACTER SIZE characteristic allows you to select the character size 7 or 8 bit that is used during a session In addition the character size can be specified in the transmit direction server to Telnet client receive direction Telnet client to server o
323. lt value is 8 If the access server does not receive a valid response from the remote host after sending the last probe the access server drops the connection TCP IP Network Characteristics 7 19 Setting the TCP Keepalive Timer Retry Set Example The following example show how to set the maximum number of keepalive probes that the access server sends 10 Local CHANGE INTERNET TCP KEEPALIVE RETRY 10 Displaying Timer Characteristics Use the SHOW LIST INTERNET command to display the TCP keepalive timer characteristics Timer Characteristics Display The following shows an example of the display If you disable the timer the value for the Keepalive Timer field is DISABLED Local SHOW INTERNET State Enabled Internet Address 1951 1 Subnet Mask 255 255 255 0 DHCP Enabled TCP Keepalive Timer 60 TCP Keepalive Retry 10 Local 7 20 TCP IP Network Characteristics Displaying the Internet Counters Displaying the Internet Counters Using the SHOW Command Use the SHOW LIST MONIITOR INTERNET command to display the Internet counters To reset the Internet counters use the ZERO INTERNET COUNTERS command To reset the Internet counters use the ZERO INTERNET COUNTERS command Internet Counters Display Example The following example shows a typical Internet counters display Local SHOW INTERNET COUNTERS TCP Segments 146 Transmitted 58 Bytes Transmitted 182 Data 0 Bytes Data 182 Data Retrans
324. lution Mode Ordered Resolution Retry Limit 3 Nameservers Locally configured 99 9 9 99 99 Local name acme com from DHCP TCP IP Network Characteristics 7 7 Configuring Domain Name System DNS Characteristics Nameservers Learned 99 99 99 99 88 88 88 88 Local name acme com Local Secondary acme com DHCP server 16 20 244 250 Local The following table describes the DNS characteristics that appear in the previous example See the Displaying WINS Characteristics section in this chapter for an explanation of the WINS characteristics in the display Field Domain Name Resolution Host Limit Resolution Mode Resolution Time Limit Resolution Retry Limit Name Servers Locally configured Name Servers Learned Description Name of the access server default domain If a DHCP server provides this information the display includes from DHCP at the end of the line Maximum number of host names that can be entered using the SET DEFINE CHANGE INTERNET HOST command Note that this parameter is currently not functional DNS data retrieval preference LOCAL REMOTE ORDERED STUB or SLAVE See the Name Resolution Modes table in this chapter Minimum time in seconds between name server retries Maximum number of times DNS can retry the same name server when looking for a particular Internet host name The Internet address type local or root and absolute domain name of name servers e
325. ly user name If a user has to be called back this value is derived from User Service Type when specified If it is not specified then realm defaults port defaults can apply Example Defining Realm Default Authorization Attributes LOCAL CHANGE SECURID REALM JONAS COM PERMISSIONS DIALBACK LOCAL CHANGE SECURID REALM JONAS COM CALLBACK ENABLED DIALBACK NUMBER 1 800 555 1111 Example Defining Password Authentication Type LOCAL CHANGE SECURID REALM JONAS COM ACCESS FRAMED Note The value NONE should be read as unspecified This allows the port configuration to determine the access whenever the SecurID realm default does not specify one or more authorization attribute SecurlD User Authorizations Optional authorizations can come from the SecurID user description which is defined specifically for a particular SecurID implementation It is possible to define realm defaults within the access server The ultimate value for an authorization attribute may come from one of three sources the SecurID the realm defaults or port characteristics in that order of precedence The choices for such features are e For each SecurID realm name you define you can set various authorization attributes for that realm These values serve as defaults at the realm level This means that when a SecurID user tries to login to the access server these values will be assigned to authorization attributes If the user does not provide the att
326. ly invokes SYNCH function whenever you enter the IP AO or AYT characters Refer to Mapping Keyboard Characters to Telnet Functions in this chapter AUTOSYNCH causes all output on it way to the remote process to be dropped This function allows IP AO or AYT to have a more immediate effect By default AUTOSYNCH is enabled for IP and disabled for AO and AYT Example Specifying AUTOSYNCH The following example shows how to disable AUTOSYNCH for IP and enable AUTOSYNCH for AO on port 5 Local CHANGE PORT 5 TELNET CLIENT AUTOSYNCH IP DISABLED Local CHANGE PORT 5 TELNET CLIENT AUTOSYNCH AO ENABLED When you enter a SHOW PORT CHARACTERISTICS command the s and s symbols indicate if AUTOSYNCH is disabled or enabled for a given character Specifying Telnet Client Newline The NEWLINE characteristics allow the user to define a 1 or 2 character sequence that will be interpreted as a new line This characteristic is useful for devices that generate or recognize sequences for a new line other than CRLF or CR There are four different directions as follows In this case terminal specifies the user at the access server and host specifies the Telnet server at the remote end of the connection e NEWLINE FROM TERMINAL When entered the character sequence is interpreted as a new line The factory set default is CR 11 24 Configuring and Managing Interactive Devices Configuring Individual Telnet Client Session Characteristics e NE
327. m the menu select this line which has the display string GOTO Command Line on the default menu MAIN If the port is privileged it is also possible to exit from the menu by entering Ctrl C while the menu is displayed This prevents you from being trapped if you accidentally create and enter a menu without a LEAVE MENU or LOGOUT command Using Menus to Set Up a Captive Port A system manager can use the menus feature to set up a captive port such that users can execute commands from within the menus only To do this define a menu that has a LOGOUT command but no LEAVE MENU command make this menu the default menu for the port and define the port nonprivileged Displaying a Menu Definition To display the definition for a given menu use the SHOW MENU command Example Displaying a Menu Definition The following example shows how to display the definition for the HOSTS menu Local SHOW MENU HOSTS enu Hosts Enabled on ports Ln 5 Line 5 Execute CONNECT LAT HOST 1 Line 5 Display Use DEC Host User Interface 3 11 Defining Menus Line 7 Execute CONNECT TELNET 195 20 0 15 Line 7 Display TCP IP Host Line 9 Display Logout Line 9 Logout LOGOUT Purging Menu Lines and Entire Menus Use the PURGE MENU command to delete a string from a menu line an entire menu line an entire menu or all menus from the access server database Example Commands to Purge Entire Men
328. main Name System DNS servers Windows Internet Naming Service WINS servers Youconfigure the IP information You do not configure the DHCP server with to be learned in the BOOTP any access server or client specific server s database and associateit information You need only to configure the with the access server shardware DECserver with network information for address example a domain name and a pool of IP addresses available for assignment TCP IP Network Characteristics 7 27 Learning IP Information From a DHCP Server Using a BOOTP Server The access server writes the information it learns from the BOOTP server to NVRAM DHCP Client Operation Using a DHCP Server The access server does not write the information it learns from the DHCP server to NVRAM This ensures that the access server receives the most recent information from the DHCP server During initialization the access server acts as a DHCP client to obtain IP configuration parameters excluding the IP address use a BOOTP server or the DEFINE INTERNET ADDRESS command to configure the IP address The access server requests the following IP configuration parameters from a DHCP server e Default gateway e Domain name e Domain Name System DNS servers e Windows Internet Naming Service WINS servers The following occurs when the access server acts as a DHCP client DECserver DHCP Client 1 Requests IP configuration parameters IP
329. makes the connection you can use most any access server command supported at any physical port 4 6 Managing Load Hosts DSV CONFIGURE Example CONNECT Command for DSV CONFIGURE on a DECnet OSI System The following example shows how to use CCR and DSV CONFIGURE to connect to a remote console port from a DECnet OSI system DSV USE DGD700 CCR I CONNEST connection established to remote system 08 00 2B 26 AE 32 Press CTRL to disconnect CTRL to send break ACCESS not echoed Network Access SW Vx x for DSxxx xx BLxx xx ROM Vx x x Uptime 0 00 16 47 c Copyright 1993 Digital Equipment Corporation All Rights Reserved Please type HELP if you need assistance Enter username Dave Local SHOW USER Port Username Status Service 3 Connected 10 User 10 Connected 11 TELNET Local Mode Local Ctrl N Example CONNECT Command for DSV CONFIGURE on a DECnet Phase IV System The following example shows how to use CCR and DSV CONFIGURE to connect to a remote console port from a DECnet Phase IV system From a user s perspective the only difference between DECnet OSI and DECnet Phase IV is the disconnect character e DECnet OSI Phase V uses Ctrl backslash e DECnet Phase IV uses Ctrl D DSV USE DGD700 Console connected press CTRL D when finished ACCESS Network Access SW Vx x for DSxxx xx BLxx xx ROM Vx x x Uptime 0 00 16 52 c Copyright 1993 Digital Equipment Corporation
330. mes and addresses in the access server cache The following command shows how to do this Local CHANGE INTERNET HOST SALES ADDRESS 195 1 1 72 Two additional commands enable you to manage the list of commonly used Internet hosts e SHOW LIST MONITOR INTERNET HOST e CLEAR PURGE INTERNET HOST If Using a Name Server If you are using name servers that is if NAME RESOLUTION MODE is set to a value other than LOCAL then you should define local host names and addresses only in exceptional cases The names received from name servers reflect recent updates Also they may include the hosts you are likely to define with CHANGE INTERNET HOST Undesirable conflicts may result Configuring a List of Internet Name Servers This section describes how to configure a list of Internet local and root name servers that the access server commonly uses Configuring a Root Name Server A root name server is a name server at the top level domain To enter a root name server you must provide an absolute domain name The following example shows how to enter a root name server Local CHANGE INTERNET NAMESERVER C NYSER NET ADDRESS 192 33 4 12 ROOT Configuring a Local Name Server TCP IP Network Characteristics 7 13 Configuring Domain Name System DNS Characteristics A local name server is any name server that is authoritative for the default domain of the access server Before adding a local name server you must first define the access s
331. minal Emulation TN3270 18 3 Configuring Basic 3270 Terminal Emulation Configuring Basic 3270 Terminal Emulation Once the IBM system administrator has configured the IBM host with TCP IP you need to do the following 1 Set up the ASCII terminal 2 Indicate the model number of the IBM 3270 Information Display Station that a terminal emulates 3 Specify the type of ASCII terminal attached to the port Once you complete these tasks you can connect to an IBM application as described in the Connecting to an IBM Host section in this chapter These are the minimal tasks required to configure a port for 3270 emulation This section describes these tasks Setting Up an ASCII Terminal To enable an ASCII terminal for 3270 emulation you need to change the setup parameters as described below To change these parameters use the setup procedure described in the documentation provided with the terminal When you connect to an IBM host or resume a 3270 session TN3270 automatically e Configures the terminal to Designate the ASCII character set as GO graphics set invoke GO in GL Position the cursor in column 1 of row 24 Set autowrap enabled except for ANSI Set application keypad except for ANSI and VT100 Set local echo off except for ANSI VT100 VT220 e Detects if the cursor keys operate in normal or application mode e Detects 7 or 8 bit controls 18 4 Configuring and Managing 3270 Terminal Emulation TN32
332. mitted 0 Bytes Data Retransmitted 0 Other 88 Bytes Received 9894 Received 144 Segments Discarded 0 Internet Connections 0 IP Packets Transmitted 146 Requested 2 IP Packets Received 144 Accepted 0 IP Fragments Received 0 Established 2 IP Fragments Dropped 0 Closed t IP Error in Header 0 Dropped 0 ICMP Message UDP Datagrams Transmitted 0 Transmitted Received 0 Received 00 Dropped 0 Dropped 0 Destination Unreachable 0 Local TCP IP Network Characteristics 7 21 Displaying the Internet Counters Internet Counter Display Fields The following table describes the fields in a typical Internet counters display Field TCP Segments Transmitted Received Segments Discarded Bytes Transmitted Bytes Received IP Packets Transmitted IP Packets Received IP Fragments Received 7 22 TCP IP Network Characteristics Description The following counters contain statistics on TCP segments Total number of TCP segments transmitted by the access server The following counters are a breakdown of this total Data Number of transmitted segments that contained data Data Retransmitted Number of transmitted segments that contained retransmitted data Other Number of transmitted segments that contained no data Total number of TCP segments received by the access server Number of received TCP segments that were discarded due to errors These errors can include bad checksum and inval
333. mmands at a prompt on a terminal attached to an access server port The default for the prompt is Local Reference For a complete description of command syntax and use refer to the Network Access Server Command Reference Levels of Access Server Commands The access server has four levels of commands as listed in the following table Command Provides Access to Commands to Enable Level and Disable Privileged All access server SET PRIVILEGED commands Nonprivileged A subset of privileged Default commands Limited view All nonprivileged SET DEFINE CHANGE commands except those PORT n LIMITED VIEW that show or list LAT ENABLED nodes LAT services and various Internet databases Secure A subset of nonprivileged SET DEFINE CHANGE commands that apply to PORT n SECURITY the current port only ENABLED 2 2 Management Tools Access Server Commands User Groups For practical purposes the access server command set syntax is divided into command groups These groups are e Command descriptions e CLEAR PURGE commands e SET DEFINE CHANGE commands e SHOW LIST MONITOR commands In the above list the command descriptions group includes any command that does not functionally fit into the CLEAR PURGE SET DEFINE CHANGE or SHOW LIST MONITOR groups for example DIAL CONNECT SEND and LOOP Command Definitions The following table describes the commands for the CLEAR PURGE SET DEFINE CHANGE and SHOW LIST MONITOR
334. mple USER SERVER command and TSM will retrieve the information and establish a remote connection to the MOP console of the targeted server Since TSM supports command scripts a highly automated interface to the MOP remote console can be created Network Control Program NCP NCP enables you to connect to the remote console port from an OpenVMS DECnet node that is on the same Ethernet as the access server The node must be running DECnet Phase IV software but does not need to be a LAT service node or a load host for your access server Usage Considerations Consider the following when using NCP e Do not confuse the SERVICE PASSWORD that you enter in an NCP command with the access server SERVICE PASSWORD They are unrelated e Ifthe access server requires that you specify the maintenance password and you omit it NCP displays this error message Target does not respond To disconnect from the access server press Ctrl D To exit NCP type EXIT or press Ctrl Z For additional information about NCP refer to the documentation provided with your system 2 8 Management Tools Remote Console Port Example Using NCP to Connect to an Access Server Remote Console Port from a Load Host The following example shows a connection from an OpenVMS DECnet Phase IV load host to an access server that has the DECnet node name SHRIMP The maintenance password is FEDCBA The login password is the default ACCESS MCR NCP NCP gt CONN
335. n Chapter 21 Managing Dial Services Configuring dial services is similar in concept to configuring a LAT service or Telnet listener You define a service with a specified configuration that dictates how the user can operate the dialer Before you begin any dialer management be sure to In This Chapter Install the latest software image on the access server and all load hosts Read the release notes Know what devices and cables are connected at the various ports Enter the SET PRIVILEGED command for your port Check if the current values or default values are appropriate This chapter contains the following topics Dial Services Command Groups Checking the Current Server Settings Defining a Dialer Script Assigning the Dialer Script to a Port Defining the Dialer Service Configuring Interactive Dial Requests Framed Dial Requests Managing Dial Services 21 1 Dial Services Command Groups Dial Services Command Groups Command Groups To configure and manage the dial services use the SET DEFINE CHANGE DIALER and SHOW LIST MONITOR DIALER command groups Reference For more detailed information about commands used in this chapter refer to the Network Access Server Command Reference Entering the SET PRIVILEGED command Before changing any other parameter make sure you have the authority to make such changes The SET PRIVILEGED command allows you to make changes that require special access At the password prompt ty
336. n Port 4 Local DEFINE PORT 4 ACCESS REMOTE AUTHORIZED GROUPS 10 24 46 Local DEFINE PORT 4 AUTOBAUD DISABLED AUTOCONNECT DISABLED Local DEFINE PORT 4 DEDICATED NONE DSRLOGOUT DISABLED Local DEFINE PORT 4 INACTIVITY LOGOUT ENABLED LONGBREAK LOGOUT DISABLED Local DEFINE PORT 4 NAME PORT 4 SIGNAL CHECK ENABLED Local DEFINE PORT 4 SIGNAL CONTROL DISABLED Local LOGOUT PORT 4 For systems that need to access the printer you must supply the system managers with the access server name port name and at least one group code that is enabled as an authorized group code on the port More Examples The following sections in this chapter provide examples of setting up a remote print queue on OpenVMS and ULTRIX systems e Setting Up a LAT Remote Print Queue on an OpenVMS Host e Setting Up a LAT Remote Print Queue on an ULTRIX System 12 14 Configuring and Managing LAT Services Verifying the LAT Service Verifying the LAT Service Do This To verify whether the service is functioning try connecting to the new service Once connected you can assess whether the device responds appropriately The appropriate response depends on what device is attached to the access server port When you have adequate information return to local mode press the Break key or a local switch character and disconnect the service by typing DISCONNECT at the Local prompt For a computer you may want to repeat this procedure to verify that your fi
337. n appears for each active session on the port When a session is terminated the information for the session is removed and replaced by the information below it in the display Local SHOW SESSIONS PORT 1 2 Port 1 Rich Smith Local Mode Current Session Session 2 Session 1 Queued at 3 LAT TIMESHARE Session 2 Connected ELNET DEVELOP Session 3 Connecting TELNET BERGIL Session 4 Disconnected LAT DOCUMENT PEAR Session 5 Disconnecting LAT TEST Port 2 card Session Mode Current session Session 1 Session 1 Connected SLIP 11 46 Configuring and Managing Interactive Devices Managing Sessions SHOW MONITOR SESSIONS Display Fields The following table describes the information in the SHOW MONITOR SESSIONS display Field Session n First column Second column Third column Description Number of the session Status of a session which can be one of the following Connected Port is connected to the service Connecting Port is attempting to connect to a service Disconnected Session was terminated while dormant Disconnecting Access serve is disconnecting the port from the service Signal Wait The port failed to assert the DSR signal during a signal check controlled connection attempt Queued at n Position in the connection queue of the connection request for a service The request at position 1 is the next one to be dequeued and connected Displays which protocol
338. n of User Authentication The configuration of user authentication on the access server involves entering several commands shown in the examples in this section For details about command syntax refer to the Network Access Server Command Reference Case Sensitivity Kerberos user names instances realms and passwords are case sensitive Configuring Kerberos Settings When you set up the access server for user authentication you need to complete the following steps Step Action 1 Specify a realm and a KDC 2 If the default is incompatible with the KDCs in your realm specify the TCP port numbers on the KDC to which the access server sends messages for password changes and ticket requests 3 Change the default timeout if you want to do so Managing Access Server Security 22 7 Managing Kerberos Example Definition of Kerberos Settings The following example shows a sample of the commands used to change these settings Local CHANGE KERBEROS DEFAULT REALM finance acme com SECRET Secret not echoed Verification not echoed Local gt CHANGE KERBEROS REALM finance acme com MASTER HOST security acme com Local gt CHANGE KERBEROS REALM finance acme com HOST atlas acme com Local gt CHANGE KERBEROS PASSWORD SERVICE PORT 89 Local gt CHANGE KERBEROS TICKET PORT SERVICE PORT 88 Local gt CHANGE KERBEROS TIMEOUT 20 This example shows the more secure Kerberos configuration The access server itself is registered in the
339. n on locally defined services Without the keyword LOCAL or a particular service name you get information on all network services For the SHOW MONITOR commands the summary display is the default display for the SERVICES SERVICES ALL and SERVICES LOCAL entity specifications The display contains one line of headings and for each service known to the access server one line of information describing each service The access server displays information about a service or services from data stored in its memory If none of the ports can access a particular service the access server does not retain any data about that service Hence no information about that service can be displayed Note Ports with the LIMITED VIEW command enabled cannot perform the SHOW SERVICES command 12 20 Configuring and Managing LAT Services Managing Your Access Server As a LAT Node Offering a Service Example SHOW SERVICE SUMMARY Display The following example shows how to generate a service summary display for all network services Local SHOW SERVICES ALL SUMMARY Service Name Status Identification DEVELOP Connected Hardware Development System DOCUMENT Available Documentation Timesharing TEST Unavailable High powered Performance Testing TIMESHARING Unknown Accts Payable Timesharing SHOW LIST MONITOR SERVICE SUMMARY Display Headings The following table describes the headings in the display Heading Description Service Name N
340. n string helps users recognize and use the service It can be up to 40 characters in length The factory set default is no identification string Example Assigning the Service Name to a Specific Port and Identification String The following example shows how to assign a service name LN03 PRINT to the printers connected to ports 5 6 7 and 12 This example shows IDENTIFICATION abbreviated to ID and uses the identification string Production Printer Local CHANGE SERVICE LN03 PRINT PORT 5 7 12 ID Production Printer Example Clearing the Identification String To clear a previously set service identification string enter the ID qualifier with empty quotations marks as shown in the following example Local CHANGE SERVICE LN03 PRINT PORT 5 7 12 ID Port Name Assigning a port name to a service limits the service s availability When you assign a port name to a service e The service is not listed in the access server multicast message e The service is available only to those users that know the port name Also the access server transmits the port name to Telnet servers during Telnet sessions at the port Port Naming Guidelines When you select a port name for a device follow these guidelines e The factory set default port name is PORT n where n is the port number e Port names must be a string of 1 to 16 characters long and cannot be abbreviated e Allowable characters are A to Z 0 to 9 hyphen _ underscore
341. n to the dedicated service for any application of the service set BREAK to REMOTE In this case the break signal is not ignored but is passed to the LAT service node Specifying a Key to Switch to Local Mode The LOCAL SWITCH characteristic identifies a character that when entered by the user switches the port to local mode from session mode This character like the FORWARD and BACKWARD SWITCH characters is intercepted by the access server and is never transmitted to the network resource unless you set SET SESSION PASSALL or PASTHRU for a LAT session or you set the Telnet client profile for a Telnet session The Break key is also available for this function unless the BREAK REMOTE or the BREAK DISABLED option has been chosen When you define a local switch character the character you choose can be used in place of the Break key or you can continue to use the Break key 11 36 Configuring and Managing Interactive Devices Managing Users Example Configuring a Key as a Switch ee 99 The following example shows how to identify as the local switch for port 3 Local CHANGE PORT 3 LOCAL SWITCH Example Disabling a Local Switch The following example shows how to disable the local switch which is also the factory set default Local CHANGE PORT 5 LOCAL SWITCH NONE Specifying BROADCAST There are three types of BROADCAST characteristics e BROADCAST A port user uses this command to send messages e Port broadcast De
342. naging LAT Services 12 15 Managing Your Access Server As a LAT Node Offering a Service Managing Your Access Server As a LAT Node Offering a Service Introduction By default once there is a service the access server functions as a service node by issuing multicast service announcements which describe its available services to access servers on the network These announcements contain information about the service node such as its name and identification string and about the available services A single multicast service announcement is entered at the interval indicated by the multicast timer Displaying Information About a Service You can display information about services on the LAT network including services on your access server using the SHOW MONITOR LIST SERVICES command To display information on the services offered by your access server use the SHOW LIST SERVICES LOCAL command To display information about a particular service use the SHOW LIST SERVICE command followed by the service name To display information about all services use the SHOW LIST SERVICE ALL command There are three types of information you can display about the service e Characteristics The characteristics display is useful when you are changing operational and permanent values with the SET DEFINE CHANGE SERVICE command e Status You can obtain data on the operation of services by using the status display e Summary The summary display gives yo
343. nal Emulation TN3270 18 5 IBM Host Communications IBM Host Communications Introduction This section describes IBM host communications with a terminal attached to the access server Connecting to an IBM Host After you complete the basic configuration of a port for 3270 emulation you can use the CONNECT OPEN or TELNET commands to access an IBM host The following example shows a connection to an IBM host that uses the host s Internet address Local CONNECT 195 20 0 15 When the access server connects follow the prompts that appear on the screen to log onto the host system To display the keyboard map defined for a session enter the 3270 HELP function Entering and Editing Data TN3270 supports the following data entry and editing features e Unformatted and formatted screens e Normal and insert modes For information about IBM 3270 data entry and editing refer to the documentation provided with your IBM application Status Line Indicator The status line indicator is a reverse video strip that displays messages on the bottom line of the terminal screen during a 3270 session This indicator emulates the status line that appears on the bottom line of an IBM 3270 Display Station To turn the status line indicator on and off enter the 3270 STATUS function The status line is overwritten when e The IBM application moves the cursor to the last line on the screen e You enter data on the last line of the screen 18
344. nal database S S o Additional HELP available for I S S NTERNET PORT NOPRIVILEG ERVICE SESSION TELNET ET Subtopic PORT Le D PRIVILEGED Management Tools 2 5 Console Port Console Port Displaying Port Parameters The console port receives the access server system messages An access server can have only one console port at a time The default console port number is 1 To change the console port use the SET DEFINE CHANGE CONSOLE PORT command To find out the current port number for the console port use the SHOW SERVER command Reference The console port helps with troubleshooting as described in the Network Access Server Problem Solving manual Example SHOW SERVER Command The following example shows how to display the current port number for the console port The value in for the Console Port characteristic in the display is the current port number Local SHOW SERVER Network Access SW Vx x for DSxxx xx BLxx xx ROM Vx x x Uptime 0 00 16 18 Address 08 00 2B 26 AA 99 Name WWDOCMC Number 0 Identification Circuit Timer 80 Password Limit 3 Console Port 1 Prompt Local gt Inactivity Timer 30 Queue Limit 100 Keepalive Timer 20 Retransmit Limit 8 Multicast Timer 30 Session Limit 64 Node Limit 200 Software WWENG2 Service Groups 42 46 66 Enabled Characteristics Announcements Broadcast Dump Lock 2 6 Management Tools Remote Console Port Description Rem
345. nd DECserver 900TM and as high as 57 600 bits s for the DECserver 90M and DECserver 90TL The access server port will autobaud up to this speed when the port is configured for autobaud When autobaud is enabled in most cases typing a carriage return once per second is sufficient to autobaud into the access server when the modem dial in connection is complete In some cases AppleTalk for example it may be necessary to type a series of three carriage returns at a faster rate for a successful autobaud Modem DSR must be configured to cycle on modem hang up The access server port is configured to log out the port when DSR cycles making sure that the Novell network connection goes away when the PC user is finished Use the fastest modem available Error correcting modems that are currently available provide up to 28 800 bits s carrier speeds and serial port speeds to 115 200 bits s The access server serial ports will autobaud up to 115 200 bits s Dial Out PC Modems Keep the following in mind when using dial out modems attached to the PC The PC should have a high performance UART chip capable of high speeds 16450 or 16550 The serial port baud rate of the modem is dependent on the UART and the type of modem used Normally set the serial port baud rate of the modem to two to four times the speed of your modem The 8250 and 16450 UART chips can be more susceptible to lower performance due to errors when run at higher speeds Managing
346. nect Attempt Session X X X X X X X X X Discon nect Kerberos X X X X Pass word Fail Privilege X X X X Pass word Fail Mainte X X X X nance Pass word Fail Login X X X Pass word Fail Remote X X X Pass word Fail SNMP X X X X Commu nity Fail Accounting 23 3 What Events Are Logged Log Event Time Port ID Port Acc Peer Rea Tx Rx User Entry ess son Type Privilege X X X X Pass word Modified Mainte X X X X nance Pass word Modified Login X X X X Pass word Modified User X X X X Privilege Level Modified SNMP X X X X Commu nity Mod ified Remote X X X X Pass word Modified Event Field Descriptions The following table describes the fields in the accounting log entries Field Description Event Provides the ability to distinguish the event type The valid event types are listed in the previous table Time Current server system uptime when entry was created 23 4 Accounting What Events Are Logged Field Description Port For session connect disconnect events Local Access The port the session connect or disconnect occurred on If the connection is initiated from a physical port this field will have the physical port number If the connection is initiated from an existing remote console connection the port number will be one higher than the maximum physical port number Remote Access For a remote console connection MOP or Telnet
347. nent displays accounting events on the server console port as they occur Be sure to set the server console port to the desired value CHANGE SERVER CONSOLE 7 Example Changing the Accounting Console The following example shows the use of the DEFINE ACCOUNTING CONSOLE command Local DEFINE ACCOUNTING CONSOLE ENABLED Managing Accounting Displaying Accounting Characteristics Use the SHOW ACCOUNTING CHARACTERISTICS command to display the current values of the accounting variables Example Displaying Accounting Characteristics The following example shows the display that appears when you use the SHOW ACCOUNTING CHARACTERISTICS command Local SHOW ACCOUNTING CHARACTERISTICS Accounting Characteristics Threshold None Log Size 128K Console Logging Disabled Accounting 23 13 Managing Accounting Displaying the Accounting Log Use the SHOW ACCOUNTING LOG command to view the log Example Displaying the Accounting Log The following example shows a sample accounting log Local SHOW ACCOUNTING LOG Accounting Log Port 3 Access Local Username smith Porti 3 Username smith Port 3 Username smith Event Privilege Password Fail Time 0 26 Event User Privilege Level Modified Time 0 26 Event Session Connect Attempt Time 0 26 12 12 2 LS Port 3 Sessid 1 Protocol LAT Access Local Username smith Peer CLUSTER Port 3 Sessid 1 Protocol LAT Reason NORMAL TX 345
348. net Resources ooo ooooooooooooo 11 33 Specifying the Port USERNAME ssseeeeeee e 11 34 Specifying Keys to Switch Between Sessions 0 00 0 lees 11 35 Defining the Break Key cosi e es 11 36 Specifying a Key to Switch to Local Mode lisse eese 11 36 Specifying BROADCAST cum lee o RUE e E DR e RUE RE nd 11 37 Specifying LOSS NOTIFICATION seeeeseeeee eee eee 11 38 Specifying Message Codes isses 11 39 Specifying VERIFICATION tere ae ana e Oa e eee 11 39 Specifying LocK vicioso ts e e E EE eed wae EE E E e E o Pr dos 11 39 Displaying Information About the Users 00 0 11 40 Specifying User Groups 1 0 0 e e 11 41 Managing Sessions i scc d eb ege ks eer prece a renis ds 11 43 Initiating a Session toa LAT Service 1 0 2 eee eee 11 43 Initiating a Session to an Internet Host 0 0 00 cece eee eee eee 11 43 Sending Telnet Functions to a Remote Telnet Server 00 0 11 44 Controlling the Number of Sessions 0 0 0 0 cee eee eens 11 45 Displaying Session Information lisse 11 46 Displaying Session Characteristics 11 48 Displaying Session Status lille 11 48 Terminating SESSION e eaae a R E R e EERE EE Dt 11 51 12 Configuring and Managing LAT Services OVERVIEW ia ii a CUR EP Un URGE RR AA deed Cer eate a ht Ses Rita 12 1 Introduction RR RE Ree HE OR DRE ee bE ERRARE TER ERR ES 12 1 In This Chapter ol peu RE a
349. net server uses the XON and XOFF characters for a function other than FLOW CONTROL Example Disabling FLOW CONTROL The following example shows how to disable FLOW CONTROL on the Telnet client on port 5 Local gt CHANGE PORT 5 TELNET CLIENT FLOW CONTROL DISABLED You can enable or disable FLOW CONTROL from the device to the access server input or from the access server to the device output By not specifying the keywords INPUT or OUTPUT FLOW CONTROL is enabled in both directions Examples Enabling FLOW CONTROL The following example shows how to enable FLOW CONTROL from the device to port 5 Local gt CHANGE PORT 5 TELNET CLIENT INPUT FLOW CONTROL ENABLED Configuring and Managing Interactive Devices 11 25 Configuring Individual Telnet Client Session Characteristics The following shows how to enable FLOW CONTROL from port 5 to the device Local CHANGE PORT 5 TELNET CLIENT OUTPUT FLOW CONTROL ENABLED Specifying MESSAGE VERIFICATION The MESSAGE VERIFICATION characteristic controls the display of session information when an existing Telnet client session is started stopped or resumed With VERIFICATION enabled factory set default the access server displays the session number and the Internet address With VERIFICATION disabled no session information is displayed when a session is started stopped or resumed This command does not affect existing sessions To affect existing sessions use the SET SESSION TELNET CLIENT
350. ng Errors 0 Out Longs 19 No Protocol Handlers 0 Out No Routes Checksum Errors 0 Hop Count Errors 0 Short DDP Errors 0 Broadcast Errors 0 NBP Lookups Received 1850 Lookup Replies 13 In Errors 0 RTMP Router Lost 0 In Errors 0 ZIP In GetNetInfo Response 1 Out GetNetInfo Requests 6 In Errors 0 Fields in the AppleTalk Counters Display The following table describes the fields in the AppleTalk Counters display Field Description AARP Unsent Probes The number of AARP probes that could not be sent due to insufficient access server resources 8 6 Managing AppleTalk Field DDP Unsent Responses In Receives Out Requests In Local Datagrams Forwarded Requests Too Short Errors Too Long Errors No Protocol Handlers Checksum Errors Short DDP Errors Displaying AppleTalk Counters Description The number of AARP responses that could not be sent due to insufficient access server resources The number of DDP datagrams the access server has received including those received in error The number of DDP datagrams DDP sent out on behalf of access server AppleTalk components The number of DDP datagrams the access server has received that were destined for the access server The number of DDP datagrams the access server received for which this was not their final destination DDP made an attempt to forward these packets The number of DDP datagrams dropped because their data lengt
351. ng Load Hosts DSV CONFIGURE Example DSV CONFIGURE ADD Command This example shows the ADD command on a DECnet OSI system In this example at the end of each line you must press return to continue DSV ADD SERVER Server Name DGD700 Ethernet Address 08 00 2B 26 AE 32 _Server Type DS700 Service Circuit SVA 0 Maintenance Password none FEDCBA Dump File MOPSDUMP DS7DGD700 DMP Load Image MOPSLOAD WWENG2 SYS After entering the ADD command you can display information about the MOP client with the e DSV CONFIGURE LIST command e NCL SHOW command for DECnet OSI e NCP SHOW NODE command for DECnet Phase IV If you use DECnet Phase IV the required DECnet address prompt has a default of the first unused address in area 13 You no longer need to enter an external SHOW NODE 13 command prior to adding an access server MODIFY and SET Commands The MODIFY and SET commands operate in a manner similar to the ADD command These commands provide defaults for each prompt The defaults are the existing values for the server The syntax prompts and displays for the SET and MODIFY commands are similar to those for the ADD command DELETE Command The DELETE command removes an access server This command clears both the permanent configuration data stored on disk and the operational data stored in memory The syntax of the DELETE command is identical to that for the ADD command Managing Load Hosts 4 5 DSV
352. ng are the bits defined in the mask Bit 8 9 If a reason for send failures is heartbeat errors and the access server characteristic HEARTBEAT is enabled for a transceiver that supports heartbeat you can usually expect up to about 200 such errors daily This number does not indicate a network problem If a reason for send failures is heartbeat errors and the transceiver being used does not support heartbeat check to see whether you have heartbeat enabled The send failures count will reflect the heartbeat errors generated from the transceiver not responding to checks of its heartbeat circuitry Disable the access server characteristic HEARTBEAT to eliminate the spurious generation of heartbeat errors Receive Failures Number of packets that were received with an error condition For more information refer to the Receive Failure Reasons field This counter should be 0 or a low value such as 1 or 2 daily Managing the Access Server 17 13 Displaying Information About the Access Server Field Receive Failure Reasons Unrecognized Destination Data Overrun User Buffer Unavailable 17 14 Managing the Access Server Description Mask providing information about the type or types of receive failure encountered if the Receive Failures counter is not zero This is a cumulative mask The following are the bits defined in the mask Bit 0 1 2 Number of times a frame was passed through the hardware but the access ser
353. ng is a list of RADUIS permissions DIALOUT NODIALOUT LAT NOLAT TELNET NOTELNET SLIP NOSLIP PPP NOPPP PRIVILEGED NOPRIVILEGED level of DECSERVER command For each of the these attributes the default is NOxxx or DISABLED 22 16 Managing Access Server Security Additional RADIUS Attributes Managing RADIUS The tables in this section contain lists of additional RADIUS attributes that the access server supports General Session Attributes The following table defines the general session RADIUS attributes General Session Attributes Service Type Session Timeout Idle Timeout Definition Type of link requested or change in type of link Used in both Access Request and Access Accept packets Login Delivers a dedicated connection to the specified host using the specified protocol Telnet rlogin LAT Framed Delivers a network framed protocol connection PPP SLIP Callback Login Callback Framed Administrative User Delivers a NAS prompt with automatic privilege status NAS Prompt Delivers the NAS user interface Callback NAS Prompt Indicates the maximum number of seconds of service to be provided to the user before mandatory termination of the session Used in Access Accept packets Indicates the maximum number of consecutive seconds of idle connection allowed to the user before mandatory termination of the session Used in Access Accept packets The DECserver does
354. ng the Access Server Initializing the Access Server Using the INITIALIZE Command To use the INITIALIZE command log in to one of the following e A terminal attached to the access server e The remote console port Login Methods You can use any of the following methods to log into the remote console port e NCP e SET HOST MOP e CCR e Telnet remote console Refer to Remote Console Port section in Chapter 2 for additional information about the remote console port Default Mode for the INITIALIZE Command To use the INITIALIZE command in its default mode of operation enter the following Local gt INITIALIZE In this mode of operation the following steps occur Step Action 1 If the access server has Flash capabilities and the image name stored in NVRAM matches the image name stored in Flash the access server loads the image from Flash RAM 2 If there is no image in FLASH or the access server lacks FLASH capabilities the access server loads the software image from a load host on the network 5 4 Initializing the Access Server Initializing the Access Server Specifying Initialization from a Load Host To specify initialization from a network load host use the following command Local INITIALIZE FROM ETHERNET This command causes the access server to request the image name stored in its NVRAM from a load host Specifying an Image Name When Initializing You can specify the name of an image when init
355. ning a copy of the access server memory The load host creates this file when it receives an upline dump from the access server The file is stored on the load host in the access server directory Ethernet A type of local area network based on carrier sense multiple access collision detection CSMA CD Glossary 5 Glossary 6 event logging This is a process of recording significant occurrences on the network failover LAT A failure recovery function provided by LAT software Failover occurs when a user s current LAT session is disrupted by the failure of the service node Failover attempts to connect the user to the same service on an alternative service node Failover is attempted only if the service is offered by two or more service nodes as with a V AXcluster service flow control The set of rules used by a communications protocol to ensure that access server ports and port devices do not lose data during data transfers Flow control prevents the sending network node or transmitting process from sending more data than the receiving node or receiving process can handle gateway See Internet gateway group codes LAT Group codes are integers ranging from 0 to 255 They are assigned to LAT services access servers and access server ports heartbeat A signal generated by certain Ethernet transceivers The signal verifies that the collision detection circuitry is operational host A multiuser computer
356. nit MTU value specifies the maximum size of the datagram that a given access server port accepts The range is 64 to 1500 bytes The default is 1500 bytes Changing the MTU You can change the MTU value using the SET DEFINE CHAGE PORT n MTU command If you use the SET or CHANGE command the new value does not affect an existing SLIP connection MTU Change Example The following example makes the access server compatible with attached hosts that have fixed MTU values other than 1006 bytes Local DEFINE PORT 4 SLIP MTU 500 Relationship of the TCP Maximum Segment Size and the MTU An attached host announces the TCP maximum segment size MSS at connection time The MSS specifies the largest fragment of a datagram that the attached host is willing to receive The MSS is normally based on the MTU of the network connection as recommended by RFC 879 The MSS should always be smaller than the MTU value The TCP and IP headers account for the difference between the two values Fragmentation When the TCP MSS announced by the SLIP host exceeds the MTU on the SLIP line IP fragmentation occurs Therefore an MSS value that greatly exceeds the MTU causes excessive fragmentation and downgrades performance Setting the MTU adjusts the point at which IP fragmentation occurs when sending datagrams Setting the MTU also adjusts the maximum receive unit MRU packet size Since the access server considers packets larger than the MTU as framing err
357. nnection requests that were received by the access server A rejected request might indicate a configuration problem at the access server or service node for example the port names do not match or a port has the incorrect access type Viewing LAT Node Summary Information The SHOW NODE SUMMARY command produces a line of information for each selected service node This display is useful to determine if a service node is reachable The node summary is the default display class for the NODE and NODE ALL entity specifications Every service node name and access server name should be unique so as to allow other service nodes and users to distinguish among access servers A unique access server name is necessary for an access server that is used for queued connection requests or for an access server to act as a service node The access server knows a service node by the node s Ethernet address and node name If you use the SET DEFINE CHANGE SERVER NAME command and you specify an access server name that is already being used by another node other LAT nodes may replace your access server name with a default LAT name to make your access server name unique The default is in the following format LAT nnnnnnnnnnnn The value nnnnnnnnnnnn is the unhyphenated 12 digit Ethernet address of the second service node which is used on the node summary displays Ports with LIMITED VIEW Ports with LIMITED VIEW enabled cannot perform SHOW NODES 17 8 Manag
358. ntered by a user If a DHCP server provides this information the display includes from DHCP at the end of the line The Internet address type local or root and absolute domain name of name servers learned by DNS If a DHCP server provides the Domain Name information the display includes from DHCP at the end of each line of information and the Internet address of the DHCP Server 7 8 TCP IP Network Characteristics Configuring Domain Name System DNS Characteristics Displaying the DNS Counters To display the DNS counters use the SHOW LIST INTERNET NAME RESOLUTION COUNTERS command To reset the DNS counter use the ZERO INTERNET NAME RESOLUTION COUNTERS command DNS Counter Display Example The following example shows how to display the various DNS counters Local SHOW INTERNET NAME RESOLUTION COUNTERS Input Packets Output Packets Total Responses OK Answers Total Queries N Won wo Duplicate Responses Bad Responses Truncated Responses Fail Answers FORMERR Answers oO OOO 0 Duplicate Queries The following table describes the information in the previous example Field Input Packets Output Packets Total Responses OK Answers Total Queries Duplicate Responses Description Number of packets entering the access server from the DNS server Number of packets exiting the access server into the DNS server Total number of responses received by the acce
359. nters 17 10 protocols 11 6 service 21 1 service node 2 8 11 10 12 16 Services limited view 2 2 services 1 2 11 43 11 46 17 2 access configuration 12 3 configuring a computer as 12 7 configuring a modem as 12 8 configuring ports 12 2 counters 17 5 displaying characteristics 12 16 initialization 5 2 node status 17 3 preferred 11 33 enabling 11 33 printers configuring as 12 9 remote print queue 12 9 verifying 12 15 sessions 11 3 LAT control program LCP 12 9 LAT protocol 23 6 LATCP 12 9 LCP 19 12 Learning Appletalk status display 8 10 Learning IP characteristics 7 25 Limited view 2 2 17 8 command 12 20 Line down 16 7 Line up 16 7 LIST command 2 3 APPLETALK CHARACTERISTICS 8 5 DSV CONFIGURE 4 6 example 4 6 Load hosts 21 1 commands 4 4 DECnet OSI OpenVMS 4 3 Initialization 5 5 management 1 3 procedures 4 2 Local ACCESS characteristic 9 5 Local access 23 5 23 7 Local Area Transport LAT 1 3 LOCAL SWITCH characteristic 11 36 LOCAL prompt 4 8 LOCK characteristic 2 6 11 39 Login events 23 8 to 23 9 RADIUS attributes 22 16 retries 22 4 LOGOUT commands 10 19 11 14 11 40 PORT 11 14 11 51 PORT CONSOLE 2 12 Logout events 23 8 to 23 9 LONGBREAK LOGOUT 10 7 10 10 11 11 13 5 Device characteristic 9 3 enabling 9 13 Lookup Replies 8 8 Lookups Received 8 8 LOSS NOTIFICATION characteristic 11 38 LTLOAD COM file 12 10 Management system administrator tasks 1 3 Management Information Bases MIBs 16 3 Master
360. ntry in the AppleTalk ARP cache and transmits an ARP request for the node s data link address At this time the access server does not know the address for the desired node When it receives a reply it fills in the node s corresponding Ethernet address Command Use the SHOW MONITOR APPLETALK ARP ENTRIES command to display entries that the access server creates in the AppleTalk ARP cache Displaying AppleTalk ARP Entries Example The following example shows how to display the entries in the AppleTalk ARP cache Local SHOW APPLETALK ARP ENTRIES AppleTalk ARP Entries Server LAT_08002B26AE00 ATalk Address Ethernet Address Status Interface 12345 132 08 00 2B 26 AE 00 Local Ethernet 12345 28 08 00 2B 26 AE 00 Acquired Ethernet 12346 7 08 00 2B 26 AE 00 Local Asynch3 12347 18 08 00 2B 26 AE 00 Local Asynch12 12347 2 resolving Remote Ethernet 12344 3 AA 00 04 11 21 10 Remote Ethernet Fields in the AppleTalk ARP Display The following table describes the fields in the AppleTalk ARP Entries display Field Value Description ATalk Address The AppleTalk address of a node Ethernet Address The corresponding Ethernet address for the AppleTalk node Status The status of the AppleTalk ARP Entry Remote The entry designates an ARP entry for a remote host on the access server Ethernet Such an entry usually means the server recently forwarded a DDP packet to this host 8 14 Managing AppleTalk Field Interface
361. ocessing is analogous to the Kerberos method However the resulting authorization parameters with SecurID are the combination of the realm parameters and the port configuration parameters User Accounts User accounts provide a method of defining user name and password pairs and associated authorization parameters User account information resides on the access server This is convenient method for supporting multiple administrative roles that are fully self contained on the access server Managing Access Server Security 22 3 Common Terminology Across Security Realms Common Terminology Across Security Realms Introduction This section briefly defines the terms that are common to all of the security methods that the access server supports Accounting Host A security server that accepts and records accounting information from the access server Authentication Host A security server that provides authentication or authorization information to the access server Default Realm One realm in the access server can be specified to be the default realm The only advantage of the default realm is that when logging in the user can omit the realm name portion of the login identification There is no other special meaning to be the default realm To change the default realm name you must first set any current default realm name to be NODEFAULT Then assign another as DEFAULT Login Retries and Timeouts The access server
362. ocooo e 3 10 Exiting from a Menu isle uec EEUU LER tne ee ee a eSI es 3 11 Using Menus to Set Up a Captive Port 0 0 cece eh 3 11 Displaying a Menu Definition 0 0 cee eee 3 11 Purging Menu Lines and Entire Menus 00 0 0 eA 3 12 4 Managing Load Hosts OVERVIEW SE A AAAS hit ee EE leet Atle ie ee th toda tA EL te A A a 4 1 Introduction AR A EA A CUR A RA s 4 1 Tn This Ch apter eoe cain A Cete A RA eei ed 4 1 Load Host Procedures a 4 2 DS A e eed ose vett tend se closes de ctl tee ebd date at ts et teen 4 2 DSV CONFIGURE k 1 RUD A Ce PE Ced eA OC I ERE quiis 4 3 IntrOdUGtlOn ens a Ce ta RS RARE T e eis 4 3 Backward Compatibility of DSV CONFIGURE ssssseeeee eee teens 4 3 Executing DSV CONFIGURE 0ococcccoccc e em ene 4 3 ADD COMO st ceed ech pe Boos OS eee ANS UR A ME SO he AC OIE S 4 4 MODIFY and SET Commands 0 0 0 0 0 cette eens 4 5 DELETE Command esset ieee A Shiba bed oink eh aes dots e Due er d 4 5 LIST and SHOW Commands 0 0 ccc eee 4 6 CONNECT and USE Commands 0 0 00 cect eens 4 6 DSMCONBIG 83 338 a eS eta c eerte ta dutem e ume tU E Dira 4 9 Introduction o a Lao ote emet S PRENNE PLI E ue eU RENE 4 9 DECserver Configuration Procedure 0 0 0 cece eee eee 4 9 DSVCONFIG Mer cS S RD ee A Sea i Bee eei 4 9 Using BOOTP TETP Server eec Lee od ED AGAR EE A eae tenes 4 10 Introduction see Sh doe Mei ber ad avg ble ducted eee oet esc
363. ode e Supplying User Location Data to Telnet Servers e Configuring a Raw TCP Listener Configuring and Managing Telnet Servers 13 1 Sample Device Configurations Sample Device Configurations Introduction This section provides examples of configuring the following types of devices for access through a Telnet listener e A printer e A computer e Amodem You must configure the device and port characteristics as described in Chapter 9 before performing the procedures described in this chapter The examples in this section do not include the various Telnet server characteristics Refer to Configuring Telnet Server Session Characteristics in this chapter to set up the Telnet server characteristics The following lists the variables in this chapter that you should substitute with the appropriate values e Access server port number e Flow control type printer only e Telnet listener identifier Must be 23 or between 2001 to 2032 inclusive e Identification string up to 40 characters Configuring a Printer for Access Through a Telnet Listener For systems that need to access the printer you must supply the system managers with the TCP port number The section Configuring a Remote Print Queue in this chapter provides an example of setting up a remote print queue on an ULTRIX or UNIX system The following example shows a sample configuration of a printer used for access through a Telnet listener on port 4 Local gt DEFINE POR
364. odem control access server Local DEFINE PORT 6 ACCESS LOCAL ALTERNATE SPEED NONE AUTOBAUD ENABLED Local DEFINE PORT 6 DEFAULT PROTOCOL SLIP Local DEFINE PORT 6 DSRLOGOUT DISABLED DTRWAIT DISABLED Local DEFINE PORT 6 FLOW CONTROL CTS INACTIVITY LOGOUT DISABLED Local DEFINE PORT 6 INTERRUPTS DISABLED PASSWORD ENABLED Local DEFINE PORT 6 SIGNAL CHECK DISABLED SIGNAL CONTROL ENABLED Local DEFINE PORT 6 SLIP ENABLED SPEED 57600 SLIP HOST 195 1 3 1 Local DEFINE PORT 6 SLIP HOST 195 1 3 1 Local DEFINE PORT 6 SLIP MTU 800 Local LOGOUT PORT 6 Local DEFINE PORT 6 SPEED 51600 15 10 Configuring and Managing SLIP Ports Establishing Terminal Sessions with a PC Establishing Terminal Sessions with a PC Prerequisites Before you can use a PC to establish a terminal session with the access server you must 1 Configure the device and port characteristics as described in Chapter 9 2 Enter the commands to set up SLIP operating characteristics as shown in the Example Configuring a PC As a Terminal and SLIP Host in this chapter 3 If you want to authenticate a user make sure that a terminal emulation program is installed and running on the PC The terminal emulation program needs to be invoked after a connection is established so that the user can respond to prompts for authentication Refer to Managing Dial Up Access Security with AUTOLINK and AUTOLINK Authentication in Chapter 22 for more information if you have enable
365. of 3 for PB BUFFERS in NET CFG Using PB BUFFERS 3 may cause access server buffers to be depleted for PPP at the port causing poor performance In some cases it may be better to disable packet burst by defining PB BUFFERS 0 in NET CFG You can determine if packets are being dropped by the access server by using the SHOW PORT n PPP COUNTERS command from a access server management port where n is the port with the Novell connection Operational Checkout and Diagnosis Operational Checkout and Diagnosis Verifying Configuration To verify proper configuration at a access server management port type SHOW IPX at the local user interface prompt e Atleast one LAN frame should have a corresponding network number e PX should be enabled and the internal network should be defined with a unique network number Reference If you have problems with your dial in connection refer to the Network Access Server Problem Solving book If your PC has a problem establishing a modem connection or negotiating PPP protocol to the access server you can diagnose the problem from the access server side Managing IPX 20 19 Disabling IPX Disabling IPX Using the DEFINE Command If you decide you no longer need IPX support you can disable IPX by using the following privileged command Local DEFINE IPX DISABLED Reinitialize the access server to have this command take effect 20 20 Managing IPX Frame Types Frame Types Introduction
366. of the IPXCP counters Display the RIP entries known to the server Display the routes known by the server Display the counters RIP entries and routes Description Clear all unique networks from the RIP database Clear all the SAP service entries known to the server Description Zero all IPX counters Zero all PPP counters associated with port n Description Enable IPX Disable IPX Description Standard Ethernet V2 Novell standard 802 3 RAW Managing IPX 20 13 SAP802 SNAP802 CHANGE SET DEFINE IPX FRAME frametype NETWORK ipx net LEARN DISABLED CHANGE SET DEFINE IPX INTERNAL NETWORK ipx net NONE 20 14 Managing IPX Summary of DECserver IPX Management Commands IEEE 802 2 standard IEEE 802 2 with SNAP SAP format Description Specify explicit internal network number Learn internal network number from LAN Internal network disabled Description Specify ipx net as the internal network number There is no IPX address for the internal network Modem Considerations Modem Considerations Dial In Modems Keep the following in mind when using dial in modems attached to the network access server Flow control for the dial in modem and the access server port must match CTS is recommended for DECserver 700 and DECserver 900TM XON XOFF is recommended for DECserver 90M and DECserver 90TL Serial speed for the modem can be configured as high as 115 200 bits s for the DECserver 700 a
367. offered by multiple service nodes service session A session between a network resource and a terminal session on a session management terminal session A two way network communications path between a network resource and either a access server user a multiuser computer user or an application program session management A facility provided by some access servers that uses TD SMP to communicate with a access server device so that the device can process simultaneous independent multiple terminal sessions On the device the data exchange of multiple sessions can be processed simultaneously regardless of which session is current Simple Network Management Protocol See SNMP SLIP Serial Line Internet Protocol This protocol uses a simple framing technique to transmit IP datagrams over serial lines SLIP host An Internet host that uses SLIP as its data link SNMP Simple Network Management Protocol An Internet protocol that is used to manage systems from one or more Internet hosts subnet addressing An addressing technique that allows a site to share a single Internet network address among multiple logical networks as long as all the hosts and gateways on those networks cooperate It is a form of hierarchical routing in which the top level of the routing hierarchy the core gateway system uses the network portion of the Internet address when routing packets to identify the local gateway The next level the local gatew
368. ollowing example shows how to generate an access server status display Local gt SHOW SERVER STATUS Network Access SW Vx x for DSxxx xx BLxx xx ROM x x x Uptime 0 17 05 57 Address 08 00 2B 02 F2 BB Name T_LATO6 Number 65535 Cur High Max Active Ports 8 8 16 Minutes to Shutdown N A Active Users 8 8 16 Discarded Nodes 0 17 16 Managing the Access Server Queue Entries Available Services Local Services Reachable Nodes Active Circuits Connected Nodes Connected Sessions 89 75 4 3 12 15 36 Selftest Status Normal Software Status Normal Local gt Displaying Information About the Access Server 0 100 Resource Errors 0 92 N A Port Framing Errors 0 2 20 Port Parity Errors 0 78 200 Port Overrun Errors 0 Boot Device Ethernet 0 7 32 Primary Host PEACH 32 Load Address AA 00 04 00 46 DC 20 64 Dump Address None Available 36 100 Console User None Available 53 100 Boot Protocol MOP SHOW LIST MONITOR SERVER COUNTERS Display Fields The following table describes the fields and column headings in the access server status display Field Address Name Number Cur column High column Max column Description Ethernet address of the access server Name of the access server This string can be specified by using the SET DEFINE CHANGE SERVER NAME command Number of the access server This number can be specified by using the SET DEFINE CHANGE SERVER NUMB
369. om the access server Enabled The access server will echo the input from the remote peer Disabled The access server will not echo the input from the remote peer Enabled Receiving data in suppressed go ahead SGA mode This allows duplex communication Disabled Not receiving data in SGA mode The remote peer is sending go aheads Enabled Sending data in SGA mode This allows duplex communication Disabled Not sending data in SGA mode Enabled The access server has permission to send requests for the peer s status Disabled The access server does not have permission to send requests for the peer s status Enabled The access server will respond to remote requests for status Disabled The access server will not respond to remote requests for status Configuring and Managing Interactive Devices 11 49 Managing Sessions Field Do End of Record Will End of Record Do Remote FLOW CONTROL Will Remote FLOW CONTROL Will Terminal Type 11 50 Configuring and Managing Interactive Devices Description Enabled The access server is enabled to receive EOR commands Disabled The access server is not enabled to receive EOR commands Enabled The access server has permission to transmit EOR commands to the remote peer Disabled The access server does not have permission to transmit EOR commands to the remote peer Enabled The access server will send rem
370. ommand to display dialer service status These commands are similar to the SHOW SERVICES LOCAL family of commands in usage and syntax Example Show Dialer Status In following example port 10 is currently available the last phone number it dialed was found to be busy Ports 9 and 11 are presently in use Port 13 is actually dialing a phone number while port 14 is waiting for a response from the modem When the dialer port is initialized prior to making a phone call the Last Connection Status field is cleared 21 10 Managing Dial Services Defining the Dialer Service Local SHOW DIALER AT TRADESHOW STATUS Dial Service AT TRAD from tradeshow Port 9 10 11 12 13 14 Local ESHOW Available Identification Dial back User Status Last Connection Status remote Connected CONNECTED 14400 LAPM Available BUSY Raymond Connect CONNECTED 9600 Available NO ANSWER Jim Dialing No answer Bob Waiting SHOW DIALER STATUS Display Fields The following table lists values for the status field in the SHOW DIALER display Status Initializing Dialing Waiting Connected Available Meaning Sending dialer command and authorization strings Sending the phone number string Waiting for the expected response from mode Dialer call completed port is in use Dialer is not in use Managing Dial Services 21 11 Defining the Dialer Service Displaying Dialer Counters Usethe SHOW DIALER service name COU
371. on Close Session Go to Command Line muit Use Up Arrows Down Arrow or item number to make your cholos Press cEeturn bo execute your choice Defining Menu Choices For each menu choice line you can define e One line of display text e A server command which can Specify up to 8 optional input parameters BeaDO command e A prompt string for each specified input parameter e A default string for each specified input parameter User Interface 3 9 Defining Menus Example Sample Definition of a Menu Selection The following example shows one way to define the selection Open Telnet Session that appears on line 5 of the main menu Local CHANGE MENU MAIN LINE 5 DISPLAY OPEN TELNET SESSION Local CHANGE MENU MAIN LINE 5 P1PROMPT ENTER HOST NAME OR IP ADDRESS Local CHANGE MENU MAIN LINE 5 P1DEFAULT 16 195 1 1 Local CHANGE MENU MAIN LINE 5 EXECUTE CONNECT TELNETSP1 The menu selection defined in this example does the following 1 The following text displays on line 5 of the menu choices window OPEN TELNET SESSION 2 When you press the Return key the following prompt displays in the directions and user input window ENTER HOST NAME OR IP ADDRESS 3 Thenextstep depends on whether you simply press the Return key or type a host name or address before pressing the Return key Ifyou press the Return key without typing a host name or address the access
372. on ATOE translation for the table refer to the code specified Network Access Server Command Reference SET DEFINE Changes the For the default CHANGE TN3270 EBCDIC to ASCII EBCDIC to ASCII ETOA translation for the translation table refer to code specified the Network Access Server Commands Reference SET DEFINE Creates an access For the default CHANGE TN3270 server wide KEYMAP refer to the TERMINAL customized TN3270 Network Access Server terminal or renames Command Reference an existing keymap for a terminal CLEAR PURGE Clears dynamic or None TN3270 TERMINAL permanent memory of a customized 3270 terminal SET DEFINE Customizes None CHANGE TN3270 keymappings for an KEYMAP existing access server wide keymap Configuring and Managing 3270 Terminal Emulation TN3270 18 19 TN3270 Port Characteristics Commands to Manage TN3270 Terminal Emulation The following table provides information on port characteristics and their defaults SET DEFINE CHANGE PORT TN3270 MODEL TERMINAL KEYMAP KEYMAP NVRAM LIMIT NULLS FLOW CONTROL SWITCH CHARACTER Verification Description Specifies the model of IBM 3270 Information Display Station the ASCII terminal emulates Indicates the type of ASCII terminal and associated keymap attached to the port Enables you to change a definition in the keyboard map Specifies the number of keyboard maps in NVRAM that the nonprivileged user is allowed to de
373. on CMKRNL 5 4 OpenVMS Version 5 4 1 and subsequent OPER maintenance releases Configuring and Managing LAT Services 12 9 Configuration of Specific Types of Devices As LAT Services s SP Creating a Logical Device to Access a Printer Service The following example shows how to run LATCP to create a logical device This example configures the logical port LTA1925 to access the LAT service PRINT SRUN SYSSSYSTEM LATCP LCP gt CREATE PORT LTA1925 NOLOG LCP gt SET PORT LTA1925 APPLICATION NODE LAT_08002B054DE0 SERVICE PRINT LCP EXIT SCOPY LOG FILE TXT LTA1925 Configuring a Logical Device to Connect a Specific Port You can configure a SET PORT PORT PORTNAME qualifier to connect to specific port as shown in the following example LCP SET PORT LTA1925 APPLICATION NODE LAT 08002B054DEO PORT PORT 5 Using a Remote Printer Command File The following example shows a remote printer command file REMOTE_PRINT COM This command file sets up a remote printer and remote print queue You can use this file as a template to set up subsequent remote printers You should enter the remote printer command file name in the LTLOAD COM file This ensures that remote printers and remote print queues are set up automatically at system startup Note For OpenVMS Version 5 4 1 and later use LAT SYSTARTUP COM instead of LTLOAD COM This command procedure sets up the local
374. on an access server port This allows a user of a personal computer to send and receive files over the LAN For a particular session the access server permits a user to control whether flow control and other special characters are intercepted by the access server Note that session nodes frequently control these characteristics for you To be available for file transfers the PC must be logged out from the access server port When a connection is made to the port the port shifts to remote access mode To transfer files you must set up the access server port and the personal computer local partner to function as the initiator of a session with the remote partner in the transfer The remote partner computer can be a session node or a personal computer that is available on the network Once the initiator establishes a session to a partner you can transfer files in either direction between the initiator and the partner The computer serving as the file transfer partner might require some modifications before a file transfer To learn what modifications are required refer to the documentation for the computer and for the file transfer program Partner Guidelines The following provides guidelines for setting up the partners e Remote partner You need to disable such characteristics as message verification forward switch backward switch and local switch when using binary or ASCII file transfers If needed also disable flow control for bina
375. on that identify the access server services allowed for that user s session Realm Definition Associated with a Kerberos login a user specifies a realm A realm is known by its realm name a printable string of characters The realm name identifies an administrative domain and a set of realm parameters that are needed to administrate the logins for that realm The administrator can also associate many other access server related parameters with a realm name The SHOW KERBEROS REALM realm name command displays all the assignable parameters for all Kerberos realms Realm definition and usage is the same for all other security methods supported by the access server as are the characteristics that realms allow the administrator to define RADIUS RADIUS Remote Authentication Dial In User Service is a security method that provides authorization information during the authentication procedure Authorization information is a means for tailoring most of the configurable features of the access server to a particular user name The authorization characteristics are not stored on the access server but are embedded in the database that exists on the security host serving as the RADIUS authenticator This chapter describes the RADIUS authorization attributes that the access server supports See the Managing RADIUS section in this chapter RADIUS Authorization When a user attempts to log in using a realm the user enters a string in the following f
376. ons on the specified port Configuring and Managing 3270 Terminal Emulation TN3270 18 21 Chapter 19 Configuring and Managing Point to Point Protocol PPP Ports Overview Introduction This chapter explains how to configure and manage access server ports for use with PCs and computers acting as Point to Point Protocol PPP hosts A PPP host uses PPP as its data link over low speed asynchronous serial lines Prerequisites Before you use the procedures in this chapter you must e Ensure that the devices support PPP e Connect and test the devices e Configure the port and device characteristics to match For information about device cables refer to the access server hardware documentation In This Chapter This chapter contains the following topics e Enabling PPP on an Access Server Port e Establishing and Ending a PPP Session e Displaying PPP Characteristics e Displaying PPP Status e Displaying PPP Counters Configuring and Managing Point to Point Protocol PPP Ports 19 1 Enabling PPP on an Access Server Port Enabling PPP on an Access Server Port Introduction To check if PPP is enabled on a given port use the SHOW PORT command When enabled the keyword PPP displays in the list of enabled characteristics at the bottom of the screen The section provides examples of enabling PPP on an access server port Enabling PPP for Mixed Traffic For basic operation of PPP the only required commands are e
377. option so that no trailer page prints if the access server does not know the user name at the start of the print job for example if the access server receives the data file before it receives the control file Specifies ASCII or PostScript Use this option to determine the kind of flag page or pages to send to the printer For LPD to communicate with your printers you must set the following port characteristics e ACCESS REMOTE e AUTOBAUD DISABLED e FLOW CONTROL PARITY SPEED and STOP BITS to match the printer s settings Use the DEFINE SET CHANGE PORT command to configure port characteristics 14 6 Configuring LPD Printers Configuring LPD Printer Configuration Example The following example shows how to configure the access server to use LPD for remote network printing Local DEFINE PRINTER LPS32 PS CONNECTIONS ENABLED HEADER ENABLED PORTS 4 5 TRAILER DISABLED AUTOCR DISABLED In this example e The name of the printer is LPS32 PS e The printer is set to allow users to submit print jobs to it e A header page prints at the start of each job e The ports associated with the printer are 4 and 5 e No trailer page prints at the end of the job Displaying Printer Characteristics Use the LIST SHOW PRINTER command to display the printer characteristics You can specify a printer name or display all of the configured printers Printer Display Example The following shows a typical display when you enter the SHOW P
378. or a dial in and dial out modem operating at 2400 baud Local DEFINE PORT 4 ACCESS DYNAMIC AUTOBAUD DISABLED Local DEFINE PORT 4 DSRLOGOUT DISABLED FLOW CONTROL XON Local DEFINE PORT 4 INACTIVITY ENABLED MODEM CONTROL ENABLED Local DEFINE PORT 4 PASSWORD ENABLED SIGNAL CHECK DISABLED SPEED 2400 Local LOGOUT PORT 4 10 16 Configuring Modem Signals Sample Modem Configurations Configuring a Dial Out Modem on a MODEM CONTROL Server The following example provides a sample configuration for a dial out modem operating at 2400 baud and configured for the RI DCD DSRS DTR signals Local DEFINE PORT 3 ACCESS REMOTE AUTOBAUD DISABLED Local DEFINE PORT 3 AUTOPROMPT DISABLED BREAK DISABLED Local DEFINE PORT 3 DSRLOGOUT DISABLED DTRWAIT ENABLED Local DEFINE PORT 3 SIGNAL CONTROL ENABLED SIGNAL CHECK DISABLED Local DEFINE PORT 3 SIGNAL SELECT RI DCD DSRS DTR Local DEFINE PORT 3 SPEED 2400 Local LOGOUT PORT 3 Configuring a Dial In and Dial Out Modem on a MODEM CONTROL Server The following example provides a sample configuration for a dial in and dial out modem operating at 115200 baud and configured for the CTS DSR RTS DTR signals Local DEFINE PORT 4 ACCESS DYNAMIC AUTOBAUD DISABLED Local DEFINE PORT 4 DSRLOGOUT DISABLED FLOW CONTROL XON Local DEFINE PORT 4 INACTIVITY ENABLED SIGNAL CONTROL ENABLED Local DEFINE PORT 4 PASSWORD ENABLED SIGNAL CHECK DISABLED Local DEFINE PORT 4 SIGNAL SELECT CTS DSR RTS DTR
379. or the appropriate characteristic The following table summarizes the access server LAT characteristics Characteristic Default Range Refer to Section ANNOUNCEMENTS Enabled ANNOUNCEMENTS Characteristic CIRCUIT TIMER 80 30 to 200 CIRCUIT TIMER milliseconds Characteristic IDENTIFICATION None IDENTIFICATION Characteristic KEEPALIVE TIMER 20 seconds KEEPALIVE TIMER Characteristic MULTICAST 30 seconds 10 to 180 MULTICAST TIMER TIMER Characteristic NAME LAT_ethernet ACCESS SERVER address NAME Characteristic NODE LIMIT 200 1 to 1000 NODE LIMIT Characteristic NUMBER 0 0 to Access SERVER 32 767 NUMBER Characteristic 6 2 Configuring LAT Characteristics Characteristic PASSCHECK QUEUE LIMIT RESPONDER RETRANSMIT LIMIT SERVICE GROUPS Default 200 100 Disabled 0 ENABLED 1 to 255 DISABLED Range 0 to 200 0 to 200 4 to 120 0 to 255 LAT Characteristics Refer to Section PASSCHECK Characteristic QUEUE LIMIT Characteristic RESPONDER Characteristic RETRANSMIT LIMIT Characteristic Service Groups Configuring LAT Characteristics 6 3 Displaying LAT Characteristics Displaying LAT Characteristics Command To Use To display the current LAT characteristics use the SHOW LIST MONITOR SERVER command as shown in the following example LAT Characteristics Display Example The following example shows a typical display that appears when you use the SHOW SERVER command Loc
380. or the LAT protocol To set a LAT service as a preferred service the port s default protocol must be set to LAT Example Enabling a Preferred LAT Service The following example shows how to enable the LAT service FILES as the preferred service on port 5 Local CHANGE PORT 5 PREFERRED FILES You can specify that the connection be made to a particular node and or port name of the LAT service Configuring and Managing Interactive Devices 11 33 Managing Users Example Enabling a Preferred LAT Service on a Specific Node and Port The following example shows how to specify that port 5 connects to port JAMES on node MARKETING for service FILES Local CHANGE PORT 5 PREFERRED FILES NODE MARKETING DESTINATION JAMES For the Telnet Protocol To set an Internet host as a preferred service the port s default protocol must be set to TELNET You can use the host s Internet address domain name or relative domain name if the host is defined in a name server however you cannot use the entire domain name if the name is more than 16 characters including the dots Example Enabling a Preferred Telnet Service The following example shows how to enable a resource on the TCP IP network SALE MKT DEC COM as a preferred service on port 5 Local CHANGE PORT 5 PREFERRED SALE MKT DEC COM Specifying the Port USERNAME By factory set default the Enter username prompt appears when a user logs in to the access server port The access
381. ormat user name realm name 22 2 Managing Access Server Security SecurlD Security Type Descriptions The following occurs Stage Description 1 The access server uses the realm name to determine the security method to use when authenticating the login 2 If the realm name is for a RADIUS server the access server sends the login information to a RADIUS authentication host 3 Upon completing authentication successfully the RADIUS authentication host sends a list of authorization parameters to the access server after authentication completes successfully These parameters are the intended settings for the user s session Since the set of attributes that the RADIUS authentication host sends to the access server can be incomplete you can set default realm authorization parameters that provide missing values to complete the authorization set If a parameter is missing from both the RADIUS authorization parameters and from the realm s default parameters and the parameter is defined within the port configuration information the port supplies the value for the parameter This resulting set of parameters is the authorization information used for this session SecurID is a system of authentication from Security Dynamics Technologies Inc There is no authorization information at the SecurID authentication host Like Kerberos the SecurID realm provides values for realm defined parameters Once the password has been accepted its pr
382. ormation from a BOOTP server or a Dynamic Host Configuration Protocol DHCP server on the network instead of configuring all of the IP information on the access server manually See the following sections in this chapter e Learning IP Information From a BOOTP Server e Learning IP Information From a DHCP Server Setting the Internet Address Before the access server can operate on a TCP IP network you must assign a Class A B or C Internet address To assign the address on the access server use a command similar to the one shown in the following example Local CHANGE INTERNET ADDRESS 195 1 1 60 Caution If you do not intend to use the default subnet mask you must set or change the subnet mask before you set or change the Internet address TCP IP Network Characteristics 7 3 Configuring the Internet Address and Subnet Mask Setting an Internet Subnet Mask The Internet subnet mask is used to partition the host section of an Internet address into subnets The default subnet mask depends on the class of the Internet address that you assigned The following table lists these defaults Internet Address Class Default Subnet Mask A 255 0 0 0 B 255 255 0 0 C 255 255 255 0 Do Not Define the Subnet Mask in the etc bootptab File Although some BOOTP implementations allow you to define a subnet mask using the etc bootptab file the network access server does not support this feature For more information refer to the network
383. ors it discards these packets Configuring and Managing SLIP Ports 15 7 Configuring a Port So That a PC Can Function as a Terminal or SLIP Host Configuring a Port So That a PC Can Function as a Terminal or SLIP Host Introduction This section describes how to configure an access server port so that you can use an attached PC as a both a terminal and a SLIP host With this configuration port users can switch between terminal emulation and SLIP mode To configure the port so that the PC acts only like a SLIP host refer to the Configuring a Dedicated SLIP Port section in this chapter Before you configure a port for SLIP communications as shown in the following example you must configure the device and port characteristics as described in Chapter 9 Example Configuring a PC As a Terminal and SLIP Host The following example shows a sample port configuration that enables a PC to act as both a terminal and a SLIP host Local DEFINE PORT Local DEFINE PORT Local DEFINE PORT Local DEFINE PORT Local DEFINE PORT Local DEFINE PORT ABLED Local DEFINE PORT 2 SLIP ENABLED Local DEFINE PORT 2 SLIP HOST 195 1 1 1 Local DEFINE PORT 2 SLIP MTU 800 Local LOGOUT PORT 2 ACCESS LOCAL AUTOBAUD ENABLED BREAK LOCAL DEDICATED NONE DEFAULT PROTOCOL SLIP DSRLOGOUT ENABLED FLOW CONTROL CTS INACTIVITY LOGOUT ENABLED INTERRUPTS DISABLED PASSWORD DISABLED SIGNAL CHECK DISABLED SIGNAL CONTROL DIS NNNNDNDND 15 8 Configur
384. ote FLOW CONTROL commands to enable and disable the peer s output FLOW CONTROL Disabled The access server will not send remote FLOW CONTROL commands to enable and disable the peer s output FLOW CONTROL Enabled The network access server will accept remote FLOW CONTROL commands Disabled The access server will not accept remote FLOW CONTROL commands Enabled The network access server will respond to SEND TERMINAL TYPE commands Disabled The network access server will not respond to SEND TERMINAL TYPE commands The third column displays the terminal type negotiated between the access server and the host Managing Sessions Terminating Sessions There are two commands you can use to terminate a session on another port The privileged LOGOUT PORT command allows you to manually log out any port and all sessions terminate at the specified port If the port device supports session management the LOGOUT PORT command disconnects all the terminal sessions and the associated sessions then logs out the port For example to disconnect port 4 from all its sessions enter the following command Local LOGOUT PORT 4 The port that you specify can have local remote or dynamic access Use caution when you log out a user s port When you log out a port you abruptly stop all sessions and data may be lost The port characteristics are also reset to the permanent values The privileged DISCONNECT PORT command all
385. ote Console Port The remote console port is a logical port that enables you to configure the access server from a remote terminal on the network Features of the Remote Console Port The following table lists the features that distinguish the remote console port from other ports Feature Description Local switch character Tilde Personal computer file transfers Unsupported SET DEFINE CHANGE PORT characteristics Number of sessions supported Available for all ports except for the remote console port latatime Communications Utilities for Remote Console Sessions The following table describes the four utilities you can use to connect to the remote console port on the access server Connection Utility Host Type Protocol Network Control Program NCP SET HOST MOP Telnet remote console Console Carrier Request CCR Access Server Manager OpenVMS Phase IV MOP OpenVMS DECnet MOP OSI Internet Telnet ULTRIX DECnet MOP 32 bit Microsoft Telnet Windows Windows 95 and Windows NT Management Tools 2 7 Remote Console Port OpenVMS Utility Terminal Server Manager For OpenVMS systems DIGITAL offers the Terminal Server manager TSM to facilitate managing the access server using the MOP remote console TSM allows the user to store access information such as the maintenance password Ethernet address and login password for a server in a local database The user can then establish a si
386. oving 16 8 disabling 16 5 displaying 16 5 enabling 16 5 operations 16 2 Protocols SNMP 23 2 SET command 16 2 SNMP requests 8 2 SNMP IP 23 7 Software image 4 1 5 5 21 1 Loading 5 8 SHOW SERVER display 2 6 Software product description SPD 10 3 Solicit Information 6 16 SPD 10 3 SPEED characteristic 9 3 10 6 Speed Mode Indicator SMI 10 3 10 5 State AppleTalk status display 8 10 State characteristic 8 5 Status AppleTalk ARP display 8 14 AppleTalk routes display 8 13 STOP BITS Device characteristic 9 3 Subnet mask 22 7 defaults 7 4 Subnets 15 5 routing 7 17 Suspect AppleTalk routes display 8 13 SWITCH CHARACTER characteristic 11 26 Configuring 11 27 Synch 11 23 T TCP keepalive timer 7 1 7 19 TCP Segments 7 22 TCP IP 4 2 TCP IP network 10 14 11 6 11 11 characteristics 7 1 TCP IP protocol 15 11 network communications 1 3 TD SMP 11 13 Telent protocol 23 6 Telnet 2 7 11 44 22 16 23 7 Telnet client configuring session characteristics 11 21 IP address 2 12 session characteristics 11 18 to 11 19 TELNET command 11 11 Telnet listener 1 2 2 11 11 46 13 2 21 1 Computer configuring as 13 3 Configuring 13 11 initialization 5 3 Modems configuring as 13 3 Printers configuring as 13 2 Telnet protocol 11 6 22 37 Telnet remote console 2 7 2 11 5 4 initialization 5 4 port connections number allowed 2 12 Telnet remote console port characteristics 2 12 Telnet sessions 11 4 interactive devices configuring 1
387. ow the access server to automatically obtain the SLIP host address Assigning a Host Internet Address To assign the Internet address to a port use the SET DEFINE CHANGE PORT SLIP HOST ADDRESS command as shown in the following example Local gt CHANGE PORT SLIP HOST ADDRESS 195 1 1 101 After you assign the address you can enter the SHOW PORT SLIP CHARACTERISTICS command on the SLIP host to verify the change You then need to assign the address to the attached host RADIUS Specified SLIP Host Address Ifa user performs a RADIUS authentication the SLIP host IP address may be specified in the user s authorization data A RADIUS specified address of 255 255 255 254 means the IP address of the port is used An address of 255 255 255 255 means the PC client s IP address is used see below Configuring and Managing SLIP Ports 15 5 Managing Internet Addresses for SLIP Hosts How a Port Automatically Obtains the SLIP Host Address If you configure a port for SLIP communication and do not assign a host address the access server does the following 1 Reads the source address from the attached host s first output IP packet 2 Automatically assigns this address to the port if it is valid The access server clears this address when the SLIP host logs out from the port 15 6 Configuring and Managing SLIP Ports Managing the Maximum Transmission Unit Managing the Maximum Transmission Unit Introduction The maximum transmission u
388. ows you to stop another port s session with a dedicated service You cannot use this command for ports with session management terminals because these ports cannot have a dedicated service You can use the DISCONNECT PORT command to disconnect a nonkeyboard printer being used by a dedicated service that offers printers to the network For example to stop the session with a dedicated service at port 4 enter the following command Local DISCONNECT PORT 4 Configuring and Managing Interactive Devices 11 51 Chapter 12 Configuring and Managing LAT Services Overview Introduction This chapter explains how to configure devices attached to the access server ports as LAT services A LAT node can offer devices as LAT services to users on the port itself and other LAT nodes Prerequisites Before you use the procedures in this chapter you must e Connect and test the devices e Enable privileged status e Configure the port and device characteristics to match Reference For more information about LAT nodes refer to the LAT Network Concepts manual For information about connecting device cables refer to the appropriate access server hardware documentation In This Chapter This chapter contains the following topics e Configuring a Port to Offer a LAT Service e Configuring Access to a LAT Service e Configuration of Specific Types of Devices As LAT Services e Configuring a Printer with Unannounced Availability e Verifying the LAT Ser
389. pe the privileged password DNAS does not echo the password as you type it Local SET PRIVILEGED Password hidden 21 2 Managing Dial Services Checking the Current Server Settings Checking the Current Server Settings Introduction Before you configure dialer services determine the current server configuration Use the SHOW SERVER command to display the server configuration Server Configuration Display The following example shows a typical access server configuration display Local SHOW SERVER Network Access SW Vx x for DSxxx xx BLxx xx ROM Vx x x Uptime 000 44 34 Address 08 00 2B 26 AA 99 Name WWDOCMC Number 0 Identification Circuit Timer 80 Password Limit 3 Console Port 1 Prompt Local gt Inactivity Timer 30 Queue Limit 100 Keepalive Timer 20 Retransmit Limit 8 ulticast Timer 30 Session Limit 64 ode Limit 200 Software WWENG2 Service Groups 42 46 66 Enabled Characteristics Announcements Broadcast Dump Lock Server Responder Local gt Managing Dial Services 21 3 Defining a Dialer Script Defining a Dialer Script Introduction The first step in configuring a dial service is creating a dialer script A dialer script tells the access server what text strings to use to control a modem on a specific port These text strings are also known as modem strings Defining Dialer Script Strings Use the SET DEFINE and CHANGE DIALER SCRIPT commands to define the modem string
390. pee a pbi NAG EE OG eS San cielos 1 6 Types of Commands That Operate on Configuration Settings 00 1 6 2 Management Tools COMER VIEW eonun dd den deor 2 1 Introd ctiofti 7 22 o teg indeed Gage erae UO STET ente ad eee eee eR ebur 2 1 In This Chapter et ne rex ade ante ce A et i icto e ipe 2 1 Access Server Commands ue HOE D ce IE ae Bok OR IN ANE E e Y AREE SS 2 2 IntrOQUGtlOD cot os Serres etas IR ISO E OO D CU n ERR ERROR 2 2 Levels of Access Server Commands 0 0 arunan cece eee 2 2 Uset Groups decide eR bol RR eset EE ee d idet 2 3 Command Definitions orem wee ew PAN RO ERES e C E EE 2 3 Privileged Commands eee ok cebat toe iG dte Ead AROS 2 4 Intro d ctlon resres Les deos nre et p LAE VUA EEUU VID 2 5 HELP TUTORIAL Command erra 2 5 HELP Command ene ea RN RI RENE CR RO EN A TONERS 2 5 Console POS P E Ad RS er tnr erate Me a tiM ae 2 6 Displaying Port Parameters 00 0 0 eee eee 2 6 Example SHOW SERVER Command 0 0 cece eee eee 2 6 Remote Console Porta i L it aS Hehe D AA SABE A RAI eee are UR PM eae ots 2 7 Descriptions ies e ete Aen a Neola e A eade dta Tale GOST Glo Re RERO m Buk e URN 2 7 Features of the Remote Console Port 0 ccc eee eee 2 7 Communications Utilities for Remote Console Sessions 0 000 cece e eee 2 7 Network Control Program NCP 0 0 c cece ete e teen teen nee 2 8 Use of SET HOST MOP from a DECnet OSI OpenVMS Node
391. ports Step Action 1 Assign a TCP port to the access server port The access server uses 23 and 2001 to 2032 as TCP port numbers The TCP port number is the number that users on the TCP IP network use to connect to the device on the access server port Determine which access server port or ports are to be assigned to the Telnet listener Provide an identification string that helps users recognize and use the resource It can be up to 40 characters in length The factory set default is no identification string Enable the listener to receive connections The factory set default for CONNECTIONS is DISABLED Specify the individual access server session characteristics as described in the Configuring Telnet Server Session Characteristics section in this chapter Configuring and Managing Telnet Servers 13 11 Configuring Telnet Server Session Characteristics Configuring Telnet Server Session Characteristics Introduction The following sections describe how to configure the various Telnet server session characteristics Mapping Event Indications to Keyboard Characters You can map the event indications to keyboard characters The factory set default for each indication is that no character is sent to the device or application on the access server port set up as a Telnet server port In most cases you would map an event indication to a character in order for the access server to forward that event indication to th
392. presses the lengthy headers of IP datagrams on low speed asynchronous serial lines Therefore enabling CSLIP can improve performance Enabling CSLIP Use the SET CHANGE PORT n SLIP COMPRESSION command to enable or disable CSLIP By default compression is disabled When you enable CSLIP make sure that it is enabled at both ends of the communications link If only one end of the link is running CSLIP performance degrades Example Enabling CSLIP The following example shows how to enable CSLIP on port 5 Local CHANGE PORT 5 SLIP COMPRESSION ENABLED Disabling CSLIP The following example shows how to disable CSLIP on a port Local CHANGE PORT 5 SLIP COMPRESSION DISABLED Automatic CSLIP You can enable a port to start CSLIP automatically if the port receives compressed data over an already existing SLIP session The following example shows how to enable automatic CSLIP on a given port Local CHANGE PORT 5 SLIP COMPRESSION AUTOCOMPRESS Compression States You can specify the number of connections that can be compressed over the data link at one time The following example shows how to change the number of compression states on a port Local CHANGE PORT COMPRESSION STATES 10 The default number of compression states is 16 Configuring and Managing SLIP Ports 15 13 Displaying SLIP Counters Displaying SLIP Counters Commands The SHOW MONITOR PORT SLIP COUNTERS command displays the various SLIP counters To rese
393. privileged This command shows the actual state of the LCP implementation on the access server Because of the nature of PPP negotiations the display can differ from the configured characteristics shown on the SHOW PORT n PPP LCP CHARACTERISTICS display The display fields fall into two categories e General link status LCP Status section e Status of the LCP options LCP Options section Example LCP Status Display The following example shows the LCP status display for port 5 Local gt SHOW PORT 5 PPP LCP STATUS Port 5 Server LAT 08002B26D0E7 LCP Status State Initial Negotiation Time 0 00 00 00 Since Open 0 00 00 00 Failure Reason None Authentication Initial LCP Options Local Remote MRU 1500 1500 Character Map FFFFFFFF FFFFFFFF Authentication Disabled Disabled Link Quality Disabled Disabled Magic Number Disabled Disabled PF Compress Disabled Disabled ACF Compress Disabled Disabled FCS Size 16 Bit 16 Bit Callback Disabled Enabled 19 12 Configuring and Managing Point to Point Protocol PPP Ports Displaying PPP Status Fields in the LCP Status Display The following table describes the fields in the LCP status display Field State Negotiation Time Since Open Failure Reason Description The LCP state as defined in RFC 1331 The number of seconds required by the PPP negotiation procedure the last time LCP renegotiated The number of seconds since LCP last attempted to negotiate the
394. put XOFFed Yes SHOW MONITOR PORT STATUS Display Fields The following table discusses information displayed by the PORT STATUS command Field Description Port n Number n of the port The text that follows the number of the port is any associated user name or the name of the port established for the port characteristic NAME if no user name was supplied Server Specifies a 1 to 16 character name for the access server Managing the Access Server 17 27 Checking Port Status and Counters Field Access Status Current Node 17 28 Managing the Access Server Description Current setting of the ACCESS port characteristic Access determines how a port can access a service node or how a port can be accessed by other interactive users and service nodes Access is shown as one of the following Dynamic Access server allows access on the port to alternate between local and remote Local Access server allows only interactive use of the port None Access server prevents any use of the port Remote Access server allows only remote connections on the port Port access is specified by using the SET DEFINE CHANGE PORT command Current status of the port which can be one of the following Connected Port is connected to a service Connecting Port is attempting a connection to a service Disconnected Session was terminated while dormant Disconnecting Session is disconnect
395. r Learning IP Information From a BOOTP Server Introduction Instead of manually configuring IP information you can have the access server learn its IP address and other IP configuration information from a BOOTP server on the network If you use the BOOTP server to load the DNAS software on the access server it can also learn its IP configuration from the BOOTP server during the load operation BOOTP Server Configuration Refer to the DNAS installation instructions for information about configuring a BOOTP server Learning Operation The following occurs when the access server learns IP configuration information from a BOOTP server e If you use a BOOTP server to load the software image on your access server the access server learns the IP configuration information during the boot operation e Ifyou use MOP to load the software image on your access server the access server learns the IP configuration information after initialization e Ifyou disable INTERNET the access server does not learn its IP address and no IP functions work You can enable INTERNET at any time to start the address learning process e fyouenable INTERNET you cannot disable it operationally that is using a SET command because the access server cannot easily ensure that an Internet function is not pending or occurring You must use the DEFINE INTERNET DISABLE command and reboot the access server e When the access server is learning an IP address you
396. r DSxxx xx BLxx xx ROM Vx x x Uptime 0 00 16 41 c Copyright 1993 Digital Equipment Corporation All Rights Reserved Please type HELP if you need assistance Enter username SWINSTALLER Local Use of CCR from an ULTRIX DECnet Node Console Carrier Request CCR enables you to connect to the remote console port from an ULTRIX DECnet node that is on the same Ethernet as the access server The node must be running ULTRIX MOP software but does not need to be a LAT service node or load host for the access server To disconnect from the access server press Ctrl D To exit CCR type EXIT or press Ctrl Z For more information about CCR refer to the DECnet documentation provided with your system 2 10 Management Tools Remote Console Port Example Using CCR to Connect to an Access Server from an ULTRIX DECnet Node The following example shows a connection from an ULTRIX DECnet node to an access server remote console port In this example e The access server has the DECnet node name DRUMCORPS e The maintenance password is FEDCBA e The access server password is ACCESS etc ccr n drumcorps p FEDCBA ccr Remote console reserved ACCESS not echoed Network Access SW Vx x for DSxxx xx BLxx xx ROM Vx x x Uptime 0 00 16 43 c Copyright 1993 Digital Equipment Corporation All Rights Reserved Please type HELP if you need assistance Enter username MANAGER Local Telnet Remote Console If the
397. r Network Access Software Installation guide for instructions about installing this application Read the Access Server s online help for information about managing the access server Management Tools 2 13 Chapter 3 User Interface Overview Introduction This chapter describes how to customize and manage the user interface to the access server The access server provides two features to manage the user interface e A command group defines a set of commands that a specified group of users can access and execute e A menu provides a customized selection of commands that a specified group of users can select on the terminal screen Both command groups and menus can help the access server user avoid repetitive typing In This Chapter This chapter contains the following topics e Command Groups and Menus e Using Command Groups e Using Menus e Defining Menus User Interface 3 1 Command Groups and Menus Command Groups and Menus Description In addition to convenience command groups and menus provide the access server with a security feature Since command groups and menus both have an associated port list you can control which users can access them Command groups and menus can also enable nonprivileged users to access a subset of privileged commands Even if command groups and menus contain privileged commands they are available to any nonprivileged user logged in to a port in the associated port list 3 2 User Inte
398. r Wide Terminal Types and Keyboard Maps The privileged user can set up new terminal types and keyboard maps up to six of each New terminal types can be associated with one of the default keyboard maps or with a new keyboard map that has customized individual key assignments The first of the following two commands below creates a new terminal type called PC 100 DCA and associates it with the default VT100 keyboard map You might want to do this for example if you have PCs that emulate VT100 terminals The key assignments for the PC 100 DCA terminal type would look exactly like those for the VT100 keyboard map The second command reassigns PC 100 DCA to an entirely new keyboard map called NEW KEYS NEW KEYS starts out looking like the default VT100 keyboard map until you customize the key assignments if you choose to do so Customizing Server Wide Keyboard Maps in this chapter discusses customization Note You cannot customize the predefined VT100 keyboard map that you set up with the first command Local CHANGE TN3270 TERMINAL PC 100 DCA KEYMAP VT100 18 10 Configuring and Managing 3270 Terminal Emulation TN3270 Displaying and Customizing Keyboard Maps Local CHANGE TN3270 TERMINAL PC 100 DCA KEYMAP NEW KEYS You can carry out a similar process for terminal devices that use the VT220 keyboard map the other default map Local CHANGE TN3270 TERMINAL PC 220 DCA KEYMAP VT220 Local CHANGE TN3270 TERMINAL PC 220 DCA KEYMA
399. r both directions Example Setting CHARACTER SIZE The following example shows how to set CHARACTER SIZE to 7 in both directions for port 5 Local CHANGE PORT 5 TELNET SERVER CHARACTER 7 Configuring and Managing Telnet Servers 13 13 Configuring Telnet Server Session Characteristics Example Setting Character Size in a Specific Direction The following example shows how to set CHARACTER SIZE to 7 in the TRANSMIT direction Local CHANGE PORT 5 TELNET SERVER TRANSMIT CHARACTER SIZE 7 To set the character size in the receive direction use RECEIVE instead of TRANSMIT 13 14 Configuring and Managing Telnet Servers Managing Your Access Server As a Telnet Listener Node Managing Your Access Server As a Telnet Listener Node Introduction This section contains the procedures to display and remove Telnet listeners Displaying Telnet Listeners The SHOW LIST MONITOR TELNET LISTENER command displays the Telnet listener characteristics The ALL characteristic displays all the Telnet listeners You can specify a specific Telnet listener by its TCP port number Example SHOW TELNET LISTENER Display The following example shows how to display the Telnet listener characteristics on TCP port 2010 Local SHOW TELNET LISTENER 2010 Listener TCP port 2010 Identification Printer Ports 6 8 Connections Enabled The first line displays the TCP port number the second line displays the identification string the third line displays th
400. r has to be reinitialized for the cache size to take effect operationally The supported range for n is 1 to the number of asynchronous ports The access server always attempts to keep the number of available entries in the address cache equal to the smaller of either the cache size that you define or the number of ports that do not already have AppleTalk connections Managing AppleTalk 8 3 Configuring AppleTalk on an Access Server The default value for n is the number of access server asynchronous ports divided by 8 For instance the default cache size on a 16 port access server would be 2 The DEFINE APPLETALK ADDRESS CACHE command lets the access server manager trade off address use versus the probability of simultaneous Appletalk session requests e Ifthe value of n is set too high the access server can acquire too many addresses exhausting the supply available for the rest of the network e The access server serializes address acquisition attempts which typically require about 2 seconds each If the access server pre acquires too few addresses the value of n is too low some client AppleTalk session initiation attempts may fail if too many arrive at once When this happens the access server may not have enough addresses to assign to all the new sessions 8 4 Managing AppleTalk Displaying AppleTalk Characteristics Displaying AppleTalk Characteristics Commands Use the LIST APPLETALK CHARACTERISTICS command to display the
401. r the access server Usually Framing Errors Parity Errors and Overrun Errors are zero If the access server status display indicates nonzero values for any of these errors you can use the port counters display to find the port or ports that are causing the errors Managing the Access Server 17 25 Checking Port Status and Counters Example SHOW PORT COUNTERS Display The following example shows how to generate a port counters display Local SHOW PORT 1 COUNTERS Port 1 Joe Smith Server Servername Seconds Since Zeroed 1182768 Local Accesses 17 Framing Errors 0 Remote Accesses 0 Parity Errors 0 Overrun Errors 0 SHOW MONITOR PORT COUNTERS Display Fields The following table describes the information in the port counters display Field Description Port n Number of the port The text that follows the number of the port is any associated user name or the name of the port as established for the port characteristic NAME if no user name was supplied Server Specifies a 1 to 16 character name for the access server Seconds Since Zeroed Number of seconds since the counters were last set to Zero Framing Errors Number of bytes received at the port with illegally formatted frames If this value accumulates to greater than about 20 errors per day on any one port you might have port line problems Refer to the troubleshooting procedures in the Network Access Server Problem Solving manual Parity Errors Number of
402. r the timeout is from 1 to 120 minutes The default is 30 minutes Example Changing the INACTIVITY Timeout Period The following command shows how to change the timeout period Local gt CHANGE SERVER INACTIVITY TIMER 15 9 14 Configuring Basic Device Characteristics Overview Introduction Chapter 10 Configuring Modem Signals This chapter describes the various port characteristics that you can use to control the modem signals You use modem signals to support devices that use these signals such as modems computers and printers In This Chapter This chapter contains the following topics DTE DCE Device Configuration Determining the Supported Modem Signals Modem Signals Description Specifying MODEM CONTROL and SIGNAL CONTROL Specifying SIGNAL SELECT Specifying SIGNAL CHECK Specifying DTRWAIT Specifying RING Specifying ALTERNATE SPEED Specifying DIALUP Sample Modem Configurations Configuring DTR and DSR Signals Configuring Modem Signals 10 1 DTE DCE Device Configuration DTE DCE Device Configuration Port Configuration The role of the access server in the communication is determined by the configuration of the port and the port device e Ifthe port access characteristic is set to local the access server appears as a data terminal equipment DTE device to a dial in modem connected as a port device and as a data communication equipment DCE device to a personal computer or terminal e Ifthe port acc
403. re Terminal printer BN24H xx cable H8575 A adapter with MMJ port and BC16E xx cable Terminal printer H8575 A adapter BC17D xx 10 wire cable with DB25 male and or port BN24H xx cable BC22D xx 6 wire cable Terminal printer H8575 B adapter H8575 A adapter with DB9 male port aud and BN24H xx cable H8571 J adapter and BC16E xx cable Cable and Adapter Recommendations A 1 Reference A 2 Cable and Adapter Recommendations To Connect This Device PC communication interface with DB9 male port Modems using RI DCD DSRS DTR signals typically 9600 baud with DB25 female port Modem using CTS DSR RTS DTR signals typically gt 9600 baud with DB25 female port Non DIGITAL systems with DB25 male ports reverse LAT configuration To This DECserver Model 90M or 90TL 8 Port 900TM 32 Port 700 16 Port 700 8 Port Use This Cable and Adapter Hardware H8585 AA adapter and BN25G xx cable H8585 AB adapter and BN25G xx cable H8585 AC adapter and BN25G xx cable H8575 A adapter and H8571 J adapter and BC16E xx cable BC22E xx 10 wire cable or BC22F xx 25 wire cable BC22E xx 10 wire cable or BC22F xx 25 wire cable BC22R xx cable Note The xx denotes the length of the cable in meters Refer to the Site Preparation Guide or User s Guide shipped with your access server hardware for further information To help plan and install networking systems using the DEC OPEN DE
404. reite idees ic se eed 23 1 Accounting Description 0 0 0 0 ee Rh e e eee 23 2 Introd ction ces tute cr UE eite MRS tea ees 23 2 Accounting Log File essere RR e I weder Se ee haw bode De 23 2 What Events Are Logged i epe ERR RM ee eng ie is 23 3 Contents of Log Entry Types sese 23 3 Event Field Descriptions eee REDE CUAL Ee ED HA 23 4 When Events Are Logged seeeeeeeeeeeee eee ehh e eh 23 9 Introduction ebbe nex IAM e aede ue Stel asthe Ea aE neg ariba 23 9 Login Events zie CRIME Ux ERR Ra E ERI A EOE D Ere Ue LS OS 23 9 Logout EyVents i te ets ee ute Magda an Se gone Sata De ed a Wee de RE RUE 23 9 Session Connect Attempt Events lees 23 9 Session Disconnect Events heh 23 9 Password Fail Events ese see tte REDE eH Doe ee ba ea RE o PED Reg 23 9 SNMP Community Fail Events 0 00 eee eee eee 23 9 Password Modified Events llle 23 10 User Privilege Level Modified Events 0 0 0 0c cece eee 23 10 SNMP Community Modified EventS ooo oocococococcocr 23 10 Managing Accounting 2 2 2 0 0 eee eee een ee tee teeter teen t 23 11 Introduction whe Se ee ERE ee ee bg te bg bee D ER De ES 23 11 Defining the Accounting Log Size 0 0 cee 23 11 Changing the Accounting Threshold ooooocoococococcooo 23 12 Changing the Accounting Console 0 0 cee eee eee eee 23 12 Displaying Accounting Characteristics 0 2 0 eee eee eee 23 13 Displaying the
405. rent Internet address and subnet mask for the access server Local SHOW INTERNET State Enabled Internet Address 195 1 1 1 Subnet Mask 25552552955 0 DHCP Enabled TCP Keepalive Timer Disabled TCP Keepalive Retry 8 Local gt 7 6 TCP IP Network Characteristics Configuring Domain Name System DNS Characteristics Configuring Domain Name System DNS Characteristics Tasks This section describes how to display and set the access server characteristics for the Internet domain name system DNS to resolve host names into Internet addresses You can perform the following tasks e Display DNS characteristics e Display DNS counters e Configure the default name resolution domain e Change the time limit e Change the retry limit e Change the name resolution mode e Configure a list of commonly used Internet hosts e Configure a list of Internet name servers Displaying DNS Characteristics To display the access server characteristics for the DNS use the SHOW LIST INTERNET NAME RESOLUTION command Internet DNS Character Display Example The following example shows how to display the characteristics for the Internet DNS Local gt SHOW INTERNET NAME RESOLUTION NetBIOS WINS Name Resolution Primary WINS Server 16 20 44 55 Secondary WINS Server wins server local from DHCP Domain Name Resolution Domain Name finance acme com from DHCP Resolution Host Limit 32 Resolution Time Limit 4 Reso
406. rface Using Command Groups Using Command Groups Creating a Command Group To create a command group follow these steps Step Action 1 Use the CHANGE COMMAND GROUP command to specify a command group name and port list Example The following defines the command group called SERVICE A that is available on ports 2 3 and 5 Local CHANGE COMMAND GROUP SERVICE A PORT 2 3 5 2 Enter the individual commands that define the command group Example Defining a Command Group The following example shows how to enter individual commands to define a typical command group In this command group the values P1 and P2 represent place holders for values that you specify when you execute the command group Local CHANGE COMMAND GROUP SERVICE A LINE 10 CHANGE PORT P1 LOCK ENABLE Local CHANGE COMMAND GROUP SERVICE A LINE 20 CHANGE PORT P1 DEFAULT PROTOCOL LAT Local CHANGE COMMAND GROUP SERVICE A LINE 30 CONNECT LAT P2 The command group defined in this example does the following for the specified port 1 Enables lock 2 Sets the default protocol to LAT 3 Connects to the LAT service specified User Interface 3 3 Using Command Groups Executing a Command Group To execute a command group use the DO command Example Executing a Command Group The following example executes the command group SERVICE A defined in the previous example When this command executes it substitutes the value 3 for the po
407. ribute default in the realm then the access server s port characteristics are used if they have been previously defined e One of the legal settings of the attributes in the realm is NONE This special value connotes unspecified In this case when a user attempts to log in if the value is not specified in the SecurID entry for the user name and has the value NONE in the REALM then the PORT configuration parameter assigns the corresponding value Managing Access Server Security 22 25 Managing SecurlD Setting User Permissions Permissions are explicitly given by the value in the realm defaults When these are still missing the port configuration can supply its specified values for attributes having a corresponding representation in the port Permissions are DIGITAL vendor specific The following is a list of SecurID permissions DIALOUT LAT TELNET SLIP PPP PRIVILEGED NODIALOUT NOLAT NOTELNET NOSLIP NOPPP NOPRIVILEGED level of DECSERVER command For each of the above attributes the default is NOxxx or DISABLED 22 26 Managing Access Server Security Managing Local Access Server Security Managing Local Access Server Security Introduction The tasks described in this section cover the configuration of the local access server realm and setup of local user accounts Configuration of server security involves e Access server realm configuration e Local user account configuration parameter Defining t
408. ristic disabled on the port The INTERRUPTS characteristic is governed by the following rules e With INTERRUPTS DISABLED a potential user cannot interrupt an ongoing file transfer session between the PC and another system The user can start a session only when all file transfer sessions have completed or are disconnected from the privileged port The factory set default is INTERRUPTS DISABLED e With INTERRUPTS ENABLED a potential user can press the Break key to interrupt an ongoing file transfer session and start a local session The access server logs out the file transfer session and allows the interactive user to log in In this situation any queued connection requests for the port remain queued and are processed when the user logs out of the port e A request from another system can never interrupt an ongoing local session e If there is no ongoing session a session using either type of access user at the PC or system accessing the PC can be started and the above rules apply Example Enabling Interrupts for Devices Using Dynamic Access The following example shows how to enable interrupts and set BREAK to LOCAL on port 5 Local CHANGE PORT 5 INTERRUPTS ENABLED BREAK LOCAL 13 6 Configuring and Managing Telnet Servers Configuring a Personal Computer As a Terminal and for Access through a Telnet Listener Configuring a File Transfer Partner The access server supports the file transfer capability of a personal computer
409. rminate Max Failure MRU Character Map Authentication Link Quality Description Indicates if LCP is enabled When enabled LCP negotiation does not begin until initiated by the attached device Indicates the amount of time between LCP configure or terminate request retransmissions when there is no response The number of times that LCP sends a configure request packet to the peer without receiving an acknowledgment The number of times that LCP sends a terminate request packet to the peer without receiving an acknowledgment The number of times that LCP sends a negative acknowledgment for the peer s proposed options before deciding to reject the options The current MRU value The current character map The current authentication configuration The current link quality 19 6 Configuring and Managing Point to Point Protocol PPP Ports Values Enabled Disabled Enabled Disabled 1 to 5 attempts 1to 15 attempts 1to 15 attempts 1 to 15 seconds 64 to 1500 0 to FFFFFFFF Disabled PAP CHAP Disabled Default Enabled Disabled 10 10 1500 FFFFFFFF Disabled Disabled Field Magic Number PF Compress ACF Compress FCS Size Callback Description The current magic number Indicates if the access server negotiates to allow its peer to omit the extra protocol field byte from packets sent over the link Indicates if the a
410. rom one session to another without having to return to local mode When the user presses the key the access server interprets the character and does not pass it to the service node Pressing the BACKW ARD SWITCH character activates the user s previous session The FORWARD SWITCH character activates the next session These switches can be pressed either at the local prompt or in a session If the user has only two sessions both of these switch characters restart the inactive session You can configure any keyboard character as the FORWARD or BACKWARD SWITCH Previously undefined control characters are recommended Do not select characters that the port user is likely to enter routinely while using a service otherwise the current session is interrupted when that switch is pressed Avoid the tilde character if you use function keys on the VT series terminals or PCs Switch characters can be temporarily disabled for a particular session by using the SET SESSION command for a LAT session or the Telnet client profile for a Telnet session Refer to Specifying the Telnet Client Session Profile in this chapter However they remain in effect outside such a session To define these keys as switches select a different character for each switch Example Defining Keys as Switches The following example shows how to set Ctrl F and Ctrl B for the forward and backward switches on port 5 Local CHANGE PORT 5 FORWARD SWITCH F BACKWARD SWITCH B
411. ropriate route for a DDP packet it sends the packet to the route s next hop Next Hop The AppleTalk router that is the next hop to a particular network For the default destination the next hop corresponds to an AppleTalk router For all other destinations the next hop is the access server s own AppleTalk address 8 12 Managing AppleTalk Field Status Interface Seconds Since Last Validated Value Up Suspect Bad Down Displaying AppleTalk Routes Description The current state of the route as follows The route is known to be valid The route is thought valid but has not been refreshed recently The route has not been refreshed recently enough to warrant further use The route exists in the routing table but is not being used The interface the access server uses to route packets to the destination This will be the time since The first RTMP data packet announcing the route arrived for a network destination with a status of Up A connection was established for a host destination with a status of Up The most recent RTMP data packet announcing it for a network destination with a status of Suspect Bad or Down Managing AppleTalk 8 13 Displaying AppleTalk ARP Entries Displaying AppleTalk ARP Entries Introduction When an attached host sends a message to an unknown AppleTalk node on the access server network the access server creates an e
412. rst session was disconnected by the host You should receive the standard login procedure each time you connect to any computer offering a service Example Verifying the LAT Service The following example shows the command for verifying a previously defined LAT service A DEVICE and its port port 5 named PORT 5 Local CONNECT LAT A DEVICE DESTINATION PORT 5 Problem Solving If you have any problem connecting to the service or using the device use the following series of commands to review the service and port characteristics e Verify whether the service is set up correctly by using the SHOW SERVICE service name CHARACTERISTICS command For example with the service A DEVICE the command appears as follows Local SHOW SERVICE A DEVICE CHARACTERISTICS The service characteristics display shows all the ports assigned to a local service and indicates its other characteristics For a sample of the service characteristics display refer to Displaying Information About a Service in this chapter e Verify whether the port is properly configured by entering a SHOW PORT command and looking at the port characteristics display For example for port 5 the command is as follows Local SHOW PORT 5 e Verify the access server characteristics for instance that announcements are enabled and service groups are valid by using the SHOW SERVER CHARACTERISTICS command as follows Local SHOW SERVER CHARACTERISTICS Configuring and Ma
413. rt place holder P1 and SALES for the service place holder P2 Local DO SERVICE A 3 SALES Displaying a Command Group Use the SHOW COMMAND GROUP command to display a command group Example Displaying a Command Group The example below shows how to display the SERVICE A command group Local SHOW COMMAND GROUP SERVICE A Command Group SERVICE A Enabled on Ports 2 35 Line 10 CHANGE PORT P1 LOCK ENABLE Line 20 CHANGE PORT P1 DEFAULT PROTOCOL LAT Line 30 CONNECT LAT P2 Purging a Command Group Usethe PURGE COMMAND GROUP command to purge a command group Use this command to delete a line from a command group delete an entire command group or delete all command groups Example Purging Command Groups The following example shows how to use the PURGE command to delete the command groups SERVICE A SERVICE B and all existing command groups Local PURGE COMMAND GROUP SERVICE A Local PURGE COMMAND GROUP SERVICE B Local PURGE COMMAND GROUP ALL 3 4 User Interface Using Menus Using Menus Displaying a List of Enabled Menus To display a list of the menus enabled on a port use the SHOW MENU command If you are a privileged user the SHOW MENU command displays the names of all menus available on the access server To enable a menu on a port you must use the CHANGE MENU command See section Defining Menu Choices in this chapter Example SHOW MENU Command The
414. rt 5 Local CHANGE PORT 5 LOSS NOTIFICATION DISABLED 11 38 Configuring and Managing Interactive Devices Managing Users Specifying Message Codes Each access server message has a message code In the following example the number 750 is the message code Local 750 Another port has this name With message codes disabled the same message would look like Local Another port has this name The factory set default shows the message codes The following example shows how to disable reception of message codes on port 5 Local CHANGE PORT 5 MESSAGE CODES DISABLED Specifying VERIFICATION The VERIFICATION characteristic controls the display of session information when an existing session is started stopped or resumed If you enable VERIFICATION factory set default the access server displays the session number and the service name of the service If you disable VERIFICATION no session information is displayed when a session is started stopped or resumed Example Disabling VERIFICATION The following example shows how to disable VERIFICATION on port 5 Local CHANGE PORT 5 VERIFICATION DISABLED Specifying Lock The LOCK characteristic enables or disables the LOCK command for selected or all ports If the LOCK command is enabled on the access server at the port a user can enter the LOCK command at the terminal to prevent unauthorized access to an unattended terminal The command prevents any input until the unLOCK passwor
415. rt in the Current Groups field 11 42 Configuring and Managing Interactive Devices Managing Sessions Managing Sessions This section shows how to initiate and terminate sessions and how to display session information Initiating a Session to a LAT Service To initiate a session to a LAT service use the CONNECT LAT command with the service name If the default protocol refer to Specifying the Default Protocol in this chapter is set to LAT or ANY you can ignore the LAT keyword Example Initiating a Session to a LAT Service The following example shows how to initiate a session with LAT service SALES Local CONNECT LAT SALES You can use the CONNECT command to connect to any available LAT node or service at a specific service node and port For example if it is important for you to connect to a particular system associated with a service named ACCOUNTING you can specify the service node where that system is attached Example Connecting to a LAT Service on a Specific Node or Server The following shows how to connect to LAT service SALES at node SERVER2 Local CONNECT LAT SALES NODE SERVER2 The following shows how to connect to LAT service SALES at node SERVER2 port 1 Local gt CONNECT LAT SALES NODE SERVER2 DESTINATION 1 Initiating a Session to an Internet Host To initiate a session to an Internet host use the CONNECT TELNET command with the Internet host name or address If the default protocol refer to Specifying
416. rver 700 08 This parameter cannot be configured The zone to which the access server belongs This is a learned parameter and cannot be configured The current address cache size The number of AppleTalk hosts attached to the access server via asynchronous lines The last AppleTalk error reported Managing AppleTalk 8 1 1 Displaying AppleTalk Routes Displaying AppleTalk Routes Command Use the SHOW MONITOR APPLETALK ROUTES command to display the available AppleTalk routes to an access server The command is nonprivileged Displaying AppleTalk Routes Example The following example shows how to use the SHOW APPLETALK ROUTES command to display available AppletTalk routes Local SHOW APPLETALK ROUTES AppleTalk Routes Server LAT 08002B24F24F Destination Next Hop Status Interface Seconds since Last Validated 12344 12350 12346 132 Up Ethernet 159 default 12347 1 Up Ethernet 20 12349 223 12346 132 Up Asynch7 29 12348 144 12346 132 Up Asynch3 116 Fields in the AppleTalk Routes Display The following table describes the fields in the AppleTalk routes display Field Value Description Destination The route destination This can be either an AppleTalk network number range or an AppleTalk host address A host address indicates a route to a host attached to the access server by means of an asynchronous link The destination default is distinguished from the others If the server does not find an app
417. rver Telnet listener feature More than 1 allowed Not required In environments where both MOP and Telnet are used to access the remote console setting a maintenance password for MOP does not affect Telnet Required Displayed in the Console User field of the SHOW SERVER STATUS display if a Telnet host is using the port If the port is idle this field displays the text None Available Another privileged user on a local port can log out on the remote console using the LOGOUT PORT CONSOLE command Access Server Manager Access Server Manager Description The Access Server Manager application is a management tool for DECserver access servers It runs on 32 bit Windows based operating systems The Access Server Manager has a graphical user interface that allows you to easily configure some DECserver features The Access Server Loader application is integrated with the Access Server Manager Functions Use the Access Server Manager to Download firmware from a PC load host to the access server Download IP address configuration information to the access server Configure the access server network protocols Configure ports for remote access and terminal server functions Configure modems attached to a DECserver port Configure access server security Configure access server dialer services Make a Telnet console connection to an access server and issue console commands Related Information See the DECserve
418. rver commands qualifier A parameter in a command string that modifies the command queuing LAT The process of putting LAT connection requests for a busy printer or service on a waiting list queue Requests are dequeued and processed in the order in which they were entered into the queue first in first out FIFO RAM Random Access Memory This is a read and write memory integrated circuit IC Random Access Memory See RAM RCF Remote Console Facility A OpenVMS host function that allows connections to the access server remote console port realm An administrative domain within Kerberos in which users are registered and within which they can be authenticated by passwords release notes A text file that can include any of the following special instructions for installation information specific to the current release of the product and any information omitted from the printed documentation Release notes can be read on line or printed Remote Console Facility See RCF remote console port A logical port with fixed port characteristics values used by the access server software when communicating using the MOP or Telnet protocol Users can enter most of the access server commands at the remote console port Glossary 13 Glossary 14 remote print queue A queue on a service node The queue holds connection requests made from the service node requesting use of a printer remote printer on a access server See ho
419. rview Introduction This chapter describes the configuration characteristics for a TCP IP network To enable the access server to operate on a TCP IP network you need to 1 Configure the Internet address and subnet mask 2 Configure the TCP IP characteristics for example e List of commonly used Internet hosts e List of gateway addresses e List of ARP entries e TCP keepalive timer 3 Configure domain name characteristics In addition you can configure the access server to automatically learn IP information from other types of servers on the network In This Chapter This chapter contains the following topics e Configuring the Internet Address and Subnet Mask e Configuring Domain Name System DNS Characteristics e Configuring a List of Internet Gateway Addresses e Configuring a List of Internet ARP Entries e Displaying the Internet Counters e Setting the TCP Keepalive Timer e Learning IP Information From a BOOTP Server TCP IP Network Characteristics 7 1 e Learning IP Information From a DHCP Server e Assigning WINS Server Addresses 7 2 TCP IP Network Characteristics Configuring the Internet Address and Subnet Mask Configuring the Internet Address and Subnet Mask Tasks You can perform the following tasks e Set an Internet address e Set a subnet mask e Display the Internet address and subnet mask Alternative Learning IP Information You can configure the access server to learn IP configuration inf
420. ry file transfers Additionally for binary or ASCII file transfers all Telnet indications should be set to none Use the SET DEFINE CHANGE TELNET SERVER command e Local partner Flow control should always be enabled on the access server port and disabled on a session by session basis The Telnet client binary profile disables flow control refer to Specifying the Telnet Client Session Profile in Chapter 11 If flow control is needed you will need to use the SET SESSION TELNET CLIENT FLOW CONTROL command Note that this command affects only the client partner Configuring and Managing Telnet Servers 13 7 Configuring a Remote Print Queue Configuring a Remote Print Queue Introduction The following sections explain how to configure a print queue on an ULTRIX or UNIX system Configuring a TCP IP Remote Print Queue on an ULTRIX System An ULTRIX print spooler can be configured to access one or more access server ports through the access server Telnet listener Thus a file can be queued for printing using the host s Ipr command If a host print spooler attempts a connection to a Telnet listener port that is busy the queue entry request is dropped at the host and will have to be resubmitted Printer Port Telnet Server Characteristics The following table lists the recommended Telnet server characteristics for the printer port to facilitate printing of files Refer to Configuring Telnet Server Session Characteristics in this chapt
421. s Use this display to determine which group codes the access server recognizes when it processes service announcement messages from other nodes on the network These group codes are the sum of the authorized group codes of the ports on the access server 17 22 Managing the Access Server Displaying Information About the Access Server Example SHOW SERVER SUMMARY Display The following example shows how to generate an access server summary display Local SHOW SERVER SUMMARY Network Access SW Vx x for DSxxx Address 08 00 2B 02 F2 BB Name T LATO6 Number 6 Identification Number 6 LAT Server Server Groups 0 4 10 20 Local SHOW LIST MONITOR SERVER SUMMARY Display Fields The following describes the access server summary display fields Field Description Address Ethernet address of the access server Name Name of the access server as defined with the SET DEFINE CHANGE SERVER NAME command Number Number of the access server as defined with the SET DEFINE CHANGE SERVER NUMBER command Identification An ASCII string describing the access server supplied in multicast service node announcement messages and issued to interactive access server users at access server login Server Groups List of assigned groups across all the access server ports The group list includes the current groups for every port on the access server group is current for any port if it appears in this group list The access server uses this informa
422. s 11 2 Configuring and Managing Interactive Devices Configuring an Interactive Device for LAT Sessions Configuring an Interactive Device for LAT Sessions Configuring an Interactive Device for LAT Sessions The following example shows a sample configuration of a device connected to LAT services Local CHANGE PORT 6 ACCESS LOCAL AUTHORIZED GROUPS 10 24 46 Local CHANGE PORT 6 AUTOBAUD ENABLED AUTOPROMPT ENABLED Local CHANGE PORT 6 BREAK LOCAL DEDICATED NONE DEFAULT PROTOCOL LAT Local CHANGE PORT 6 DSRLOGOUT ENABLED FLOW CONTROL XON Local CHANGE PORT 6 INACTIVITY LOGOUT ENABLED INTERRUPTS DISABLED Local CHANGE PORT 6 LIMITED VIEW DISABLED PASSWORD DISABLED Local CHANGE PORT 6 QUEUING ENABLED REMOTE MODIFICATION DISABLED Local SET PORT 6 GROUPS ALL ENABLED Configuring and Managing Interactive Devices 11 3 Configuring an Interactive Device for LAT Sessions Sample Network Configuration The following figure show the sample network configuration for LAT and Telnet sessions ULTRIX host ULTRIX host TCP IP and VMS host LAT LAT LAN SS SSSR ES Es DECserver 700 E d SS 7 S Terminal TD SMP Asian S terminal terminal Persona UNIX host Computer TCP IP and Telnet LJ O5084 Ald Configuring LAT Group Codes for Interactive Devices Group codes are subdivisions of a LAT network Group codes are used to partition the ne
423. s LTLOAD COM file in the SYS MANAGER directory For complete information about setting up remote printing on VA Xcluster systems refer to the VMS VAXcluster manual in the OpenVMS documentation set Setting Up a LAT Remote Print Queue on an ULTRIX System To set up a LAT remote print queue on an ULTRIX host specify the access server name and the port name by using one of the following e Anlcp command e An entry in the etc printcap file After you specify the access server name and the port name set up a spool directory and test the printer Example Configuring a LAT Remote Print Queue on an ULTRIX System The following example provides a sample procedure for setting up a remote print queue for a laser printer This example identifies the access server and port names to the with the etc printcap file lps l1n03 laser printer on LAT lp sdwv tty42 sd usr spool ipd ts LAT_08002B0540B7 Op PORT_7 br 19200 fc 0177777 8 023N xc 0177777 xs 040 of usr lib lpdfilters 1n030f if usr lib lpdfilters 1n030f Configuring and Managing LAT Services 12 11 Configuration of Specific Types of Devices As LAT Services lf usr lib adm lpd errs cd usr spool mkdir lpd chown daemon lps de dB ou lpr Plps test 12 12 Configuring and Managing LAT Services Configuring a Printer with Unannounced Availability Configuring a Printer with Unannounced Availability Introduction This section describes how
424. s again and sends a new keepalive probe If the access server does not receive a response from the remote host it continues to send keepalive probes until it reaches a set maximum If the remote host does not respond after the access server sends the last keepalive probe the access server drops the connection Setting the Timer Use the SET DEFINE CHANGE INTERNET TCP KEEPALIVE TIMER command to set the amount of time in minutes the access server waits to send the first keepalive probe after establishing a TCP connection with an idle remote host The range is from 1 to 1440 one day and the default is 120 2 hours Timer Set Example The following example shows how to set the TCP keepalive timer to wait one minute before sending the first keepalive timer Local gt CHANGE INTERNET TCP KEEPALIVE TIMER 1 Disabling the Timer By default the TCP keepalive timer is enabled Use the SET DEFINE CHANGE INTERNET TCP KEEPALIVE TIMER DISABLED command to disable it Setting Timer Retries Use the SET DEFINE CHANGE INTERNET TCP KEEPALIVE RETRY command to set the number of keepalive probe retries The TCP keepalive timer retry number indicates the number of times that the access server sends keepalive probes to the remote host when it does not receive a valid response The access server sends a keepalive probe every minute until the host responds or it reaches the retry count value The retry count value range is from to 60 and the defau
425. s deasserted for 5 seconds minimum as a consequence of a logout DTR can only be reasserted when a connection is accepted Reception of asynchronous data is not accepted unless DSR and DTR are asserted DTR is deasserted for 5 seconds minimum as a consequence of a logout otherwise it is always asserted Port is logged out if DSR is deasserted after initial assertion Reception of asynchronous data is not accepted unless DSR and DTR are asserted Port status indicates Signal Wait if connections cannot be accepted because DSR is deasserted Solicited remote connection is not accepted unless DSR is asserted DTR will only be asserted if there is a solicited remote connection Port is logged out if DSR is not asserted within 60 seconds of connection acceptance Configuring Modem Signals 10 21 Configuring DTR and DSR Signals Enabled Characteristic DTR and DSR Actions Port is logged out if DSR is deasserted after SIGNAL CONTROL and Same as SIGNAL CONTROL DSRLOGOUT Same as SIGNAL CONTROL and SIGNAL SIGNAL CONTROL SIGNAL CHECK and DSRLOGOUT SIGNAL CONTROL DTRWAIT and DSRLOGOUT SIGNAL CONTROL SIGNAL CHECK DTRW AIT and DSRLOGOUT SIGNAL CHECK and initial assertion DTR is deasserted for 5 seconds minimum as a consequence of a logout DTR can only be reasserted when a connection is accepted Reception of asynchronous data is not accepted unless DSR and DTR are asserted Port
426. s for port speeds up to and including 134 bits s and 1 stop bit for port speeds above 134 bits s You can also specify 1 or 2 stop bits for each device Example Setting the STOP BITS for a Device The following example shows how to set the stop bits for a device Local CHANGE PORT 5 STOP BITS 1 9 8 Configuring Basic Device Characteristics Matching the Port and Device Characteristics TYPE The TYPE characteristic indicates the device attached to the port Device Types The following table lists device types available for each port of the access server Device Type Applies to Hardcopy Printers Softcopy Non ANSI video terminals ANSI default Most video terminals such as the VT100 This causes the screen to clear before each display and enables command line recall Example Changing the device TYPE The following example shows how to change the device type Local CHANGE PORT 5 TYPE HARDCOPY Configuring Basic Device Characteristics 9 9 Configuring the FLOW CONTROL Characteristic Configuring the FLOW CONTROL Characteristic Introduction The FLOW CONTROL characteristic allows the access server to start and stop data transfer between the port and the attached device Flow control prevents data losses due to lack of buffering space The FLOW CONTROL characteristic does not apply to data transfer between the access server and a network resource For a particular session however the network resource might manage
427. s on the LAN On Demand Loading Font Protocol See ODL Font Protocol OpenVMS An operating system for DIGITAL VAX computers operational database The access server database that contains the values that determine the current operating characteristics of the access server The values are not preserved through initializations power losses and port logouts Contrast with permanent database OSF 1 An Open Software Foundation trade mark operating system for DIGITAL VAX computers packet The basic Ethernet network message unit transmitted by the data link layer which is made up of a preamble and a data stream permanent database The access server database that contains the values that define the permanent operating characteristics of the access server These values are preserved through initializations power losses and port logouts Contrast with operational database port A physical access point on the access server to which a device can connect preferred service A predefined network resource to which the access server attempts to connect a specific port whenever a user at that port enters a CONNECT command without a service name print spooler A program that enables many users to share the printing devices of a system such as a access server privileged status A port status that can only be set by a user that knows the access server privileged password Users at privileged ports can execute all communications se
428. s service If any ports that offer the service are available the rating is proportional to the number of available ports If no ports are available that offer the service and if queuing is enabled for the service the rating is proportional to the number of unused positions in the connection queue Enabled characteristics Characteristics that can be enabled with the CHANGE SERVICE command The access server displays only those characteristics that are enabled for local services Connections Access server allows connections to this service Configuring and Managing LAT Services 12 17 Managing Your Access Server As a LAT Node Offering a Service Field Description Password Access server requires the requester of the service to supply a password before access to the service is allowed Queuing Access server places queued connection requests for this service in a queue if the request cannot be immediately satisfied Displaying Services Status The SHOW LIST MONITOR SERVICE STATUS command displays information about the operational condition of the network and its services including services offered by your access server The display includes a list of the nodes that offer the selected service or services Use the keyword LOCAL to restrict the information displayed to locally defined services Without the keyword LOCAL or a particular service name you get information on all network services including local services The status
429. s that make up various modem commands in a dialer script Each associated string can be up to 40 characters in length Characteristics that you set using the DEFINE command take effect after you initialize the access server Characteristics that you set take effect immediately but are replaced when the access server initializes Characteristics that you set using the CHANGE command take effect immediately and when the access server initializes The size of the dialer script modem strings is restricted by the amount of remaining unallocated NVRAM for the modem pool total of 256 bytes for 8 and 16 port servers and 512 bytes for 32 port servers and by the command line restrictions The script name can be a maximum of 16 characters Dialer String Descriptions The following table lists the dialer script strings you can define their default values and usage String Type Default Value Usage COMMAND AT Appended to all other command strings INIT None Before initiating an outbound connection PREFIX DT Before digits of phone number CONNECTED CONNECT Verifies successful connection RESET HOZ After session is disconnected 21 4 Managing Dial Services Defining a Dialer Script Example Set Dialer Script Name The following example illustrates how to modify dialer script strings in a dialer script called dickens in order to set unique dialer characteristics Local Local Local Local Local Local VM OM ON O
430. se features must be assigned in order for any communication with a RADIUS server or a RADIUS accounting server to take place e The following example shows the commands used to set up RADIUS security LOCAL CHANGE RADIUS REALM JONAS COM e This command defines initializes a new RADIUS realm LOCAL CHANGE RADIUS REALM JONAS COM AUTHEN HOST ip addr e This command defines RADIUS server authentication node LOCAL gt CHANGE RADIUS REALM JONAS COM SECRET secret_string Variables Words in examples in italics indicate user supplied variables In this case the variable JONAS COM is the name of the specific realm on which you want to perform this action Managing Access Server Security 22 13 Managing RADIUS Optional Setup for RADIUS You can use the commands in the following examples to configure additional security parameters for RADIUS servers The commands in these examples define a RADIUS server accounting node the maximum timeout period for RADIUS server reply and the interval between retries of an authentication request e The following command defines a RADIUS server accounting node LOCAL CHANGE RADIUS REALM JONAS COM ACCOUNTING HOST ip addr e This command defines the maximum timeout for RADIUS server reply LOCAL gt CHANGE RADIUS TIMEOUT seconds e This command defines how much time elapses before using an alternate server LOCAL gt CHANGE RADIUS INTERVAL seconds Setting the INTERVAL variable defines t
431. server executes the CONNECT TELNET command with the default string CONNECT TELNET 16 195 1 1 Ifyou type a host name or IP address and then press the Return key the access server executes the CONNECT TELNET command with the specified name or address Displaying a Selected Menu The ENTER MENU command enables you to display any menu that is enabled on the port If the port is privileged you can enter a menu whether or not it is enabled on the port For example if the menu HOSTS is enabled on the current port you enter the following command to display this menu Local ENTER MENU HOSTS The menu display has item numbers for all menu lines that have display and execute strings The item numbers are in order 1 2 3 etc and usually do not match the line numbers used in SET MENU LINE commands or SHOW MENU displays 3 10 User Interface Defining Menus If the port is type ANSI menu items can be selected by either using the up and down arrow keys or by entering the item number To use the arrow keys press the up or down arrow key until the desired item is highlighted and press Return If the port is type SOFTCOPY or HARDCOPY you can still enter a menu but the arrow keys are disabled Enter the item number to select a menu item Exiting from a Menu Unless the system manager wants to set up a captive menu refer to the following section all menus should have an executable line for LEAVE MENU To exit fro
432. server port characteristic that allows one port to send a single message to one or more ports simultaneously CCR Console Carrier Request An ULTRIX host function that allows connections to the access server remote console port Clear To Send See CTS circuit timer LAT The LAT protocol timer that determines the minimum interval at which a access server transmits virtual circuit messages client server Internet The model of interaction in a distributed system in which a program at one site sends a request to a program at another site and awaits a response The requesting program is called a client the program satisfying the request is called the server command line recall and edit A feature that allows the user to recall and edit previously entered commands community name A character string that is used as a password that the Internet host must know in order to access the access server through SNMP connection queue LAT The queue on a access server that stores connection requests for a printer or a service Console Carrier Request See CCR console port Any access server port assigned to receive the access server 900 series of messages and to which an interactive device can be connected Glossary 3 Glossary 4 CRC Cyclic Redundancy Check An error detection scheme in which a receiver checks each block of data for errors CTS Clear To Send signal sent from the port device to the access server to indicat
433. server uses the user name as the string the user enters in response to the Enter username prompt However the access server uses the port s name as the user name when the user enters Ctrl Z instead of a user name You can use the USERNAME characteristic to establish a permanent user name 1 to 16 ASCII characters for a port In this case the Enter username prompt is not displayed when a user logs in to the access server Always make an effort to specify a unique user name since the access server does not prevent duplicate user names Examples Configuring Port USERNAME The following example sets the port 5 user name to Barney Local CHANGE PORT 5 USERNAME Barney If you do not use the quotation marks in the command the user name will appear in uppercase for example BARNEY instead of Barney To clear USERNAME enter empty quotation marks as follows Local CHANGE PORT 5 USERNAME USERNAME is designed to accommodate interactive terminals that have one permanent user Terminals that are usually shared should not have a permanent user name assigned and the Enter Username prompt should be entered upon login If AUTHENTICATION is enabled on the port the port user name may be set to the Kerberos principal name of the port s permanent user 11 34 Configuring and Managing Interactive Devices Managing Users Specifying Keys to Switch Between Sessions Access server users can define keys as switches These keys can switch f
434. sive list of the server hardware platforms necessary to run IPX refer to the DECserver Network Access Software Release Notes Refer to Appendix A for the cable and adapter requirements Managing IPX 20 5 Setting Up Your PC Setting Up Your PC PC Remote Access Software Ensure you know whether the network access server port you are dialing in to requires you to enter a login password or logs directly in to the local user interface If this is the case you will need to use terminal emulation to communicate with the access server following modem connection Ensure you know whether the network access server port requires a PPP PAP password If so you will have to configure the password on your remote node access software Reference Refer to the documentation included with your PC remote node access software for installation and setup procedures Novell Workstation Software Novell NetWare workstation software or equivalent must be installed on your PC This makes it possible to establish and maintain IPX network connections Reference Refer to your Novell Installation Guide for Workstations and the documentation included with your PC remote node access software for more information Novell Utilities for Local Execution After a remote node access connection is made to a Novell fileserver ensure that the Novell utilities you need are stored locally on your PC This is because activating large executables from a network disk can
435. ss server from the DNS server This total includes the bad responses truncated responses and duplicate responses along with good responses Number of valid answers received from the DNS server Number of DNS queries sent by the access server Number of identical responses to queries TCP IP Network Characteristics 7 9 Configuring Domain Name System DNS Characteristics Field Bad Responses Truncated Responses Fail Answers FORMERR Answers Duplicate Queries Description Number of bad responses received A bad response could be due to 1 An unrecognizable response from the DNS server 2 A fail response from the DNS server 3 A response indicating that DNS could not understand the query from the access server Number of incomplete truncated responses from the DNS server This is not necessarily an error condition Number of fail answers received This condition could be caused by a number of events including 1 Unable to find a name server to send particular query 2 Unable to find the Internet address of a particular name server 3 Sent a query and received more than maximum amount of responses 4 Query is trapped in a loop of name servers that refer to each other Number of answers received that were either not able to be decoded or states that DNS did not understand the query Number of duplicate queries sent where the original query is on a pending queue to be sent to its des
436. ss server could not find memory to store the information it discards the information and increments both the Resource Errors and the Discarded Nodes counter You can either reduce the value of the SESSION LIMIT access server characteristic adjust the value of the node limit access server characteristic or use Authorized Groups to logically subdivide the network for use by a discrete set of users Number of times an internal data structure could not be created due to the lack of system memory Sum of bytes received at the access server ports with illegally formatted data characters Values other than 0 might indicate a problem with one of the ports Use the port counters display to isolate the port or ports generating the errors accumulated in this counter Sum of bytes received at the access server ports with parity errors Values other than 0 might indicate a problem with one of the ports Use the port counters display to isolate the port or ports generating the errors accumulated in this counter Sum of characters lost at the access server ports because the access server input buffers were full Values other than 0 might indicate a problem with one of the ports Use the port counters display to isolate the port or ports generating the errors accumulated in this counter Name or IP address of the host from which the access server was last loaded Managing the Access Server 17 19 Displaying Information About the Access Server
437. st initiated request Request To Send See RTS retransmit limit The number of times a LAT virtual circuit message is retransmitted to a service node without an acknowledgment message root name server A name server that is at the top level in a domain RTS Request To Send A signal sent by the access server to the port device to indicate that the access server is ready to exchange control signals or data secure port A port set up so that the port user only has access to a limited subset of the nonprivileged user command set secure status A restrictive status that can be imposed on a port to limit the execution of commands on that port to a subset of the nonprivileged command set server A hardware and or software device which provides many users with access to a system service A network resource offered by a LAT or Internet host service circuit ID A load host characteristic that identifies which load host Ethernet controller is used to access a specific access server for maintenance functions service node A LAT node that provides a service on the LAN The access server can be a service node service rating A value assigned to a network resource by the service node to indicate its relative capability to accept new sessions The rating is scaled from 0 to 255 where 255 is the greatest capacity Access servers use this rating to choose a service node when a user attempts to connect to a service that is
438. sword Example Enabling Privileged Commands This example shows how to use the SET PRIVILEGED command to enable privileged commands on a port after accessing the access server Local SET PRIVILEGED Password not echoed Local gt Example Changing the Privileged Password To change the password use the SET SERVER PRIVILEGED PASSWORD command The following example shows how to use the SET SERVER PRIVILEGED PASSWORD command to change the privileged password Local gt SET SERVER PRIVILEGED PASSWORD Password gt not echoed Verification gt not echoed Local gt 2 4 Management Tools Help Help Introduction The access server provides online help about access server commands This section describes two types of online help that are available on the access server HELP TUTORIAL Command The command HELP TUTORIAL provides a brief introduction to the access server You enter this command as follows Local HELP TUTORIAL The access server then displays a screen that explains how to use the tutorial HELP Command The HELP command provides reference information for the level of commands enabled on the port that you are using Example Accessing Online Help Information The following example shows how to display the online help for the SET command and the PORT characteristic Local HELP A list of topics displays here Topic SET ET ET changes characteristics and options stored in the server s peratio
439. t CHANGE SERVER IDENTIFICATION newID Removing an Identification String To remove an identification string specify a null string by using the following command Local gt CHANGE SERVER IDENTIFICATION The null string is the default identification string Identification String in a Login Procedure Display The following example shows how the identification string Personnel Printers displays during a login procedure Network Access SW Vx x for DSxxx xx BLxx xx ROM Vx x x Uptime 0 00 16 58 Personnel Printers c Copyright 1996 Digital Equipment Corporation All Rights Reserved Please type HELP if you need assistance Enter username Configuring LAT Characteristics 6 7 KEEPALIVE TIMER Characteristic KEEPALIVE TIMER Characteristic Introduction The KEEPALIVE TIMER characteristic maintains a virtual circuit between the access server and service node when no messages are exchanged over a period of time If the keepalive timer expires the access server sends a message to determine if the service node is still reachable If the service node fails to respond the access server can time out the virtual circuit Keepalive Timer Default Values The keepalive timer value is a trade off between fast circuit down detection and unnecessary network traffic The factory set default value of 20 seconds represents a good compromise For a heavily loaded Ethernet use a value from 60 to 180 For applications that require quick
440. t default e BINARY Used primarily with file transfers All port and Telnet special characters such as forward and backward switches and XON XOFF FLOW CONTROL characters are ignored by the access server and sent to the Internet host Profile Characteristics You can customize a profile by first selecting a profile then changing specific characteristics However the profile itself is invalidated For example you could select the BINARY profile then enable FLOW CONTROL in the receive direction To display the profile and client session characteristics refer to Displaying Session Characteristics in this chapter 11 18 Configuring and Managing Interactive Devices Specifying the Telnet Client Session Profile Telnet Client Session Characteristics Predefined for Each Profile The following table lists the Telnet client session characteristics that are predefined for each profile Enabling a profile automatically sets all the characteristics to the value specified by the profile except those listed as use current value Those characteristics keep their existing value Session Characteristics ECHO BINARY CHARACTER SIZE Transmit CHARACTER SIZE Receive SIGNAL REQUEST AO IP AYT SYNCH EOR BRK TOGGLE ECHO QUOTE AUTOFLUSH AUTOSYNC NEWLINE FROM TERMINAL NEWLINE TO TERMINAL NEWLINE FROM HOST NEWLINE TO HOST FLOW CONTROL MESSAGE VERIFICATION Character Remote Disabled Use
441. t system administrators can perform when configuring an access server and the chapter of this manual that describes each task To Configure Refer to User interface Chapter 3 Network access server on the network Chapter 6 Devices on a port Chapter 9 Interactive devices Chapter 11 LAT services Chapter 12 Telnet listeners Chapter 13 SLIP ports Chapter 15 3270 emulation Chapter 18 PPP Chapter 19 User authentication Chapter 22 Default Settings Although a new access server is configured and operational with factory set defaults you may need to customize the configuration for your use For a list of defaults associated with each category of configuration settings refer to the chapters listed in the previous table 1 2 DNAS Management Management Tasks for System Administrators Management Tasks for System Administrators System Management Tasks The following table lists the tasks that system administrators can perform to manage the access server This table also lists the chapter that describes each task To Manage Refer to LAT network communications Chapter 12 TCP IP network communications Chapter 7 SLIP port reconfiguration Chapter 15 SNMP communities Chapter 16 Network access server maintenance Chapter 17 Management of load hosts Chapter 4 Configuring the user interface Chapter 3 Configuring LPD printers Chapter 14 Managing point to point protocol hosts Chapter 19 Managing IPX Chapter 20 Managing dial services C
442. t the command counters use the ZERO COUNTERS PORT SLIP SHOW PORT SLIP COUNTERS Display The following example shows a typical SLIP counters display Local SHOW PORT 5 SLIP COUNTERS Fort 1 Rick Server Servername Connect Time 0 00 00 00 Bytes Received 0 Bytes Sent 0 Packets Received 0 Packets Sent 0 Receive Packets Lost 0 Send Packets Lost 0 Send Packets Queued 0 SLIP COUNTERS Display Fields The following table describes the information in the SLIP Counters display Field Description Connect Time Bytes Received Bytes Sent Packets Received Packets Sent Receive Packets Lost Send Packets Lost Send Packets Queued Length of duration of the SLIP session This is 0 if there is no SLIP session Number of bytes received by the access server from the SLIP host on the port Number of bytes sent by the access server to the SLIP host on the port Number of IP packets received by the access server from the SLIP host on the port Number of IP packets sent by the access server to the SLIP host on the port Number of receive IP packets lost due to framing errors Number of send IP packets lost due to lack of buffers Number of IP packets in a queue to be sent to the SLIP host on the port 15 14 Configuring and Managing SLIP Ports Disabling SLIP Disabling SLIP Command Use the CHANGE PORT n SLIP DISABLED command to disable SLIP on a port Disable SLIP Example The
443. t the counters to zero at the start of each day You can also use counters data to calculate the average use of the Ethernet and the service nodes By combining this data from the access server with the counters data from other access servers you can calculate the network s capacity to handle more traffic Managing the Access Server 17 5 Managing Your Access Server As Part of the LAT Network Example SHOW LIST MONITOR NODE COUNTERS Display The following example shows how to generate a display of the counters for LAT messages between the access server and a service node named PEACH Each counter displayed has a maximum value of 4 294 967 295 If a counter reaches that value it remains at that value until either the counters are set to zero or the access server is initialized Typically the maximum values are not reached for several months Local SHOW NODE PEACH COUNTERS Node PEACH Seconds Since Zeroed Messages Received Messages Transmitted Slots Received Slots Transmitted Bytes Received Bytes Transmitted 961608 Multiple Node Addresses 0 687568 Duplicates Received 21 558793 Messages Re transmitted 35 509763 Illegal Messages Received O0 532932 Illegal Slots Received 0 13876620 Solicitations Accepted 0 475427 Solicitations Rejected 0 TSHOW LIST MONITOR NODE COUNTERS Display Fields The following table describes the information displayed in the previous example Field Node Seconds Since Zeroed
444. tablish any service connection that terminates abnormally If a service is not available when a connection attempt is made the access server repeatedly retries to connect as specified by the CONNECT command This feature is helpful when a user wants the access server to repeat connection attempts to a currently non operational service node When a session is established with the node the access server notifies the user with a beep signal and a message Attempts to reconnect upon LAT session failure are made every 30 seconds The attempts continue until the user enters local mode by using the Break key or the local switch key Unless a dedicated service is in effect a status message appears at the port device indicating that the access server is trying to restart a session The new connection can be made to any service node that supplies the same service unless a node or destination was supplied in the CONNECT command or when the preferred service was set up Example Enabling AUTOCONNECT The following example shows how to enable AUTOCONNECT on port 5 Local CHANGE PORT 5 AUTOCONNECT ENABLED Configuring and Managing Interactive Devices 11 5 Configuring an Interactive Device for LAT Sessions Specifying AUTOPROMPT The AUTOPROMPT characteristic is only used with the LAT protocol This characteristic controls the initiation of a login process on some service nodes when a session begins The access server sends the status of the AUTOPROMPT
445. tablishes a database for a user account for authentication authorization Specifies that a password has been set for the user account Specifies the default access mode this user is granted Indicates the maximum number of minutes the user can be logged in before being forcibly logged out Contains a phone number used on dial back Contains a phone number used on dial out Defines what the user is allowed to do ENABLE DISABLE this account for authentication authorization Specifies whether a user must be called back after login Specifies the DIALER SERVICE to be used when attempting a dial out Authorization Profile Information The access server supports a variety of information in a user or realm default authorization profile The following table gives the service types and access levels of this information Configuring and Managing Interactive Devices 11 29 Managing Access Server User Accounts Service Types and Access Levels The following table defines the service type and access level Service Type Login Framed LOCAL NONE Service Permissions Access Description User will be connected to a dedicated host SLIP or PPP will be started on the session User may utilize the access server commands The configuration value of the port access parameter or realm wide access parameter determines user access to the realm The following table shows the type of service permissions a user can have A user can h
446. tains LAT software There are two types of LAT nodes nodes that access services and nodes that offer services some nodes perform both functions LAT protocol An integral part of the LAT architectural model that consists of rules that specify the actual format and sequence of the messages used for communication between LAT nodes LAT service A resource on the LAT network learned data Data entered into a access server database by DNS Contrast with local data load host A computer on the same LAN as the access server that is used to downline load the access server image to the access server A load host can also receive upline dumps of access server memory load host database A database that contains information about access servers and that allows the load host to perform downline load and upline dump operations This database contains three databases on the load host the DECnet operational database the DECnet permanent database and the access server configuration database that is DSVCONFIG DAT local area network See LAN local data Data entered into a access server database by a user Contrast with learned data Glossary 9 Glossary 10 local name server A name server that is authorized for the domain where the access server is located local service Network resource offered by your access server loopback test A access server asynchronous port test during which data is looped to the module Ther
447. take effect until the next time the server is reinitialized Note An access server configured with 2 megabytes of memory may not have sufficient resources to allow for the creation of an accounting log Example Defining the Accounting Log Size The following shows how to set the size of allocated memory to 512 KB Local DEFINE ACCOUNTING LOGSIZE 512 Accounting 23 11 Managing Accounting Changing the Accounting Threshold Use the ACCOUNTING THRESHOLD command to specify the point in the building of a log when the accounting component sends out a threshold notification Valid values for the ACCOUNTING THRESHOLD variable are e NONE No notification e HALF Notify when each half of the log file is reached e QUARTER Notify when each quarter of the log file is reached e EIGHTH Notify when each eighth of the log file is reached e END Notify when the end of the log file is reached Entries are inserted in the log file progressively with wrapping and when the specified points in the buffer are reached notifications are sent These notifications are in the form of SNMP traps Example Changing the Accounting Threshold The following example shows the use of the DEFINE ACCOUNTING THRESHOLD command Local DEFINE ACCOUNTING THRESHOLD EIGHTH Changing the Accounting Console 23 12 Accounting Use the DEFINE ACCOUNTING CONSOLE command to display accounting events on the server console If ENABLED the accounting compo
448. ter them When you use the DEFINE command however the changes are delayed e Ifyou use the DEFINE command to make changes to a given port these changes take place the next time that a user logs in to the port e If you use the DEFINE command to make changes to access server settings these changes take effect the next time you initialize or plug in the server Reference The Network Access Server Command Reference describes the syntax range of values and defaults for all these types of commands Use the Command Reference as a source of supplementary information as you go through the examples and procedures in this manual Types of Commands That Operate on Configuration Settings The following illustration shows the types of commands stored in VRAM and NVRAM Permanent Database Operational Database NVRAM NVRAM LKG 7418 96 1 6 DNAS Management Overview Introduction Chapter 2 Management Tools This chapter describes the tools for managing the access server These tools are In This Chapter Access server commands Help Console port Remote console port Access Server Manager a PC based management tool This chapter contains the following topics Access Server Commands Help Console Port Remote Console Port Access Server Manager Management Tools 2 1 Access Server Commands Access Server Commands Introduction The access server has a command line interface You enter co
449. tes are available with the software distribution kit and are stored in the load host directory with the other software distribution files Network Access Server Command Reference Provides the commands to operate and manage the access server Network Access Server Problem Solving Describes problem solving tools and procedures for the various access servers xxix How to Order Additional Documentation To order additional documentation use the following information To Order Contact By Telephone Electronically USA only By Mail USA and Puerto Rico By Mail Canada Internationally Internally USA except Alaska New Hampshire and Hawaii 1 800 DIGITAL 1 800 344 4825 Alaska New Hampshire and Hawaii 1 603 884 6660 Canada 1 800 267 6215 Dial 1 800 DEC DEMO For assistance call 1 800 DIGITAL DIGITAL EQUIPMENT CORPORATION P O Box CS2008 Nashua New Hampshire 03061 Place prepaid orders from Puerto Rico with the local DIGITAL subsidiary 809 754 7575 DIGITAL EQUIPMENT of CANADA LTD 940 Belfast Road Ottawa Ontario Canada K1G 4C2 Attn A amp SG Business Manager DIGITAL EQUIPMENT CORPORATION Attn A amp SG Business Manager c o local DIGITAL subsidiary or approved distributor U S Software Supply Business SSB DIGITAL EQUIPMENT CORPORATION 8 Cotton Road Nashua New Hampshire 03063 Correspondence Documentation Comments If you have comments or suggestions abo
450. tested Ee be Aceh el dees E ture e UAR ha ete oy 18 16 Guidelines for Managing the Use of NVRAM for TN3270 0 000 002 eee eee 18 17 Introd ction d a ECL Der ERU LO Lee Eb us 18 17 Storage Requirements for TN3270 Definitions in NVRAM 0 5 18 17 TN3270 Commands That Free NVRAM Space 00 00 e eee eee eee 18 17 Limiting NVRAM Usage 0 0 ee ee 18 18 Commands to Manage TN3270 Terminal Emulation 0 000 000 0008 18 19 Introduction ee REOR IDE RE RR REPERI ae 18 19 TN3270 Access Server Characteristics 0 0 0 ee cece eee 18 19 TN3270 Port Characteristics 0 0 ec eet he 18 20 SHOW Commands cise ti ee E ebbe cux eo Oed eed 18 21 19 Configuring and Managing Point to Point Protocol PPP Ports OVerVIe Wix cines A ed eR TUI ELS Up WIRE 19 1 Introduction zc oes te rnb ES eta E mas eed ise emu UE sah rch as 19 1 Prerequisttes c sos ii A VAR SEES NEUEN 19 1 In This Chapter s 4500 0 Ge asta sube cer PAESE eui eR etesed 19 1 Enabling PPP on an Access Server Port 0 eee eee 19 2 Introduction cep SRI Inga SIE SEP USURIS A ere s 19 2 Enabling PPP for Mixed Traffic 19 2 Enabling Dedicated PPP Traffic 0 2 0 cece eee 19 3 Enabling Ports with Modems for PPP 0 0 cece eee eee eee 19 3 Establishing and Ending a PPP Session 0 0c eee eet eens 19 4 Using the CONNECT PPP Command 0 0 0 cece eh 19 4 Displaying PPP Charact
451. that a port user can incorrectly enter the privileged password before the port is automatically logged out by the access sever e For services that are password protected the number of times that a user is prompted for the correct password before a connection request is denied The value must be in the range of 0 to 10 attempts If you specify 0 no attempts are allowed The factory set default is 3 22 38 Managing Access Server Security Specifying Other Security Features Example Changing the Server Password Attempt Limit The following example shows how to change the password limit to 6 Local CHANGE SERVER PASSWORD LIMIT 6 Managing Access Server Security 22 39 Chapter 23 7 Accounting Overview Introduction This chapter describes the network access server accounting component The basis of an accounting facility is the logging of events related to user access These events can be useful to support audit trails billing capacity planning and connection trouble shooting In This Chapter This chapter contains the following topics e Accounting Description e What Events Are Logged e When Events Are Logged e Managing Accounting e Using the Accounting Console Logging Feature Accounting 23 1 Accounting Description Accounting Description Introduction The configuration of the accounting feature is supported using SNMP and the user interface The accounting log itself is also accessible by both mechanisms
452. the Queue The REMOVE QUEUE ALL command deletes all queue entries but it does not disable the queue the next connection request takes position 1 in the queue Example Remove Queue The following example shows how you can remove entry number 10 by using the following privileged command Local REMOVE QUEUE ENTRY 10 Configuring and Managing Interactive Devices 11 9 Configuring an Interactive Device for LAT Sessions Configuring Port Characteristics The port characteristic remote modification when enabled allows a LAT node to modify particular access server port characteristics These characteristics include speed character size parity and LOSS NOTIFICATION The LAT node must also support this feature The factory set default is disabled You should avoid enabling remote modification and security on the same port Enabling these characteristics allows a secure user to modify the port from the host normally the secure user cannot modify the port Example Configuring Remote Modification for Port Characteristics The following example shows how to enable remote modification on port 5 Local CHANGE PORT 5 REMOTE MODIFICATION ENABLED 11 10 Configuring and Managing Interactive Devices Configuring an Interactive Device for Telnet Sessions Configuring an Interactive Device for Telnet Sessions Introduction User oriented characteristics such as forward switch and VERIFICATION and the various Telnet session characteristi
453. the access server You only need to enter the network hosts that do not support ARP Displaying the List of Internet ARP Entries To display a list of ARP entries use the SHOW LIST MONITOR INTERNET ARP ENTRY command Sample List of Internet ARP Entries The following example shows a typical display list of ARP entries Local SHOW INTERNET ARP ENTRY Internet Address Ethernet Address Status 16 20 0 96 AA 00 04 00 21 10 16 20 0 173 08 00 2B 04 41 9B 16 20 0 96 AA 00 04 00 3B 11 6 20 48 48 AA 00 05 08 3B 20 No Purge Defining an ARP Entry To define an ARP entry in the list of entries use the DEFINE SET CHANGE INTERNET ARP ENTRY command with the ETHERNET parameter ARP Entry Definition Example The following example shows how to enter a definition in the list of ARP entries Local CHANGE INTERNET ARP ENTRY 195 1 1 72 ETHERNET 08 54 56 67 AC 89 This command maps the Internet address of 195 1 1 72 to the Ethernet hardware address 08 54 56 67 AC 89 7 18 TCP IP Network Characteristics Setting the TCP Keepalive Timer Setting the TCP Keepalive Timer What the Timer Does The TCP keepalive timer determines whether a TCP connection with a remote host is active and should remain open After the access server and a remote host establish a TCP connection the access server waits a set amount of time and sends a keepalive probe to the remote host If the access server receives a valid response from the remote host it wait
454. tination Configuring the Default Name Resolution Domain Configuring the default domain name characteristic enables you to abbreviate Internet host names in commands To configure the Default Name Resolution Domain use the DEFINE SET CHANGE INTERNET NAME RESOLUTION DOMAIN command Configuring and Using Default Name Resolution Domain Example 7 10 TCP IP Network Characteristics Configuring Domain Name System DNS Characteristics The following example shows the procedure for and results of configuring the default name resolution to FINANCE ACME COM Step 1 Action Define the default name resolution domain as follows Local CHANGE INTERNET NAME RESOLUTION DOMAIN FINANCE ACME COM Enter the following connect command Local CONNECT SALES In this situation the access server automatically appends the default name resolution domain to SALES The access server behaves as if you had typed Local CONNECT SALES FINANCE ACME COM Enter a command with a higher level domain name Local CONNECT SALES REVENUE Result The access server tries a sequence in the following order using parts of the default domain name SALES REVENUE FINANCE ACME COM SALES REVENUE ACME COM SALES REVENUE The name is likely to be resolved correctly as the access server tries SALES REVENUE ACME COM The sequence terminates at that point Using Trailing Dots The access server uses a sequence of nam
455. ting community s access capabilities are modified SET SNMP COMMUNITY PUBLIC SET ENABLE If the user sets the community to existing values an event is still logged A single event is logged for each UI command only one event will be logged for a CHANGE command SET commands cannot be distinguished from DEFINE commands If a user does a CLEAR PURGE SNMP COMMUNITY ALL a single event will be logged Managing Accounting Managing Accounting Introduction You can manage the accounting feature fully by using SNMP or the user interface You can access the accounting log itself using both mechanisms This section describes the user interface commands you can use to manage the accounting feature Reference Refer to SNMP Survival Guide located with the software for instructions on managing the accounting component with SNMP Defining the Accounting Log Size Use the DEFINE ACCOUNTING LOGSIZE command to control the amount of memory allocated at initialization to create the log file Valid values for the LOGSIZE variable are 0 4 8 16 32 64 128 256 and 512 units are kilobytes If the accounting component cannot allocate the specified amount of memory at the time of initialization the value displayed for LOGSIZE in the SHOW ACCOUNTING CHARACTERISTICS display will be set to zero If this occurs define a smaller value for LOGSIZE This characteristic can only be modified with a DEFINE command Note that a newly defined value will not
456. ting Counters npe seee Dear EEE RU m E E REIR P ce bo EIE 20 29 Using the ZERO Command 4 erede A EU E ME RO antes 20 29 ZERO Command Options lesse t 20 29 21 Managing Dial Services ON CIVIL Wi eet EO evi eet ei eed ett m Seok A 21 1 Introduction eser pee ER DEAS SAEI ee ee ele RARE RR RS 21 1 In This Chapter de eR x eie re dade dere ERE 21 1 Dial Services Command Groups ooo 21 2 Command Groups s p use d REX pee BS d eet ede Sols eate bas 21 2 Entering the SET PRIVILEGED command 0 0 0 0 cece ees 21 2 Checking the Current Server Settings lees 21 3 Introduction cose Sate Eee ez er be Rw eee Seow poe dye nod kee 21 3 Server Configuration Display 0 2 eee cece eee eee 21 3 Defining a Dialer Script cess e Rec Re xo he nem I eR eae te dey Id E RE 21 4 Introduction dei eet Hehe ac cce ald athe gesichtet bd 21 4 Assigning the Dialer Script to a Port 0 0 eee eee 21 6 O on Lee beetle ees Bey et ine atest aed 21 6 Determining the Current Dialer Script lees 21 6 Assigning a Dialer Script to a Port 2 2 cece eee 21 7 Verifying Dialer Script Configuration 0 0 0 0 eee eee ee eee 21 8 Defining the Dialer Service llle 21 9 NEPS seg hee Ier conde ef wee WR ee TERRE ER Eee toe he Sa Re S NU E e 21 9 Showing the Current Dialer Service Characteristics o ooooooooooocommoooo o 21 9 Showing Dialer Service Status 0 0 oe rr 21 10 Displaying
457. ting User Priority for Devices Using Dynamic Access in this chapter for further information on switching between terminal emulation mode and file transfer mode Configuring Personal Computer Access to a Printer Personal computers configured as a terminal can connect to a printer offered as a resource when a user enters a CONNECT command However for the user to access the printer the PC must have an applications program capable of sending files to the printer The person in charge of the PC must supply the appropriate applications program The access server does not queue connection requests to a printer Configuring and Managing Telnet Servers 13 5 Configuring a Personal Computer As a Terminal and for Access through a Telnet Listener Setting User Priority for Devices Using Dynamic Access You can enable interrupts if you want the owner or main user of the device to have full control over it For example the main user of a personal computer may require priority over other users that want to copy files from the computer disk You can provide this control by setting the port to INTERRUPTS ENABLED and the Break key to LOCAL Setting the BREAK to LOCAL allows the user to use the Break key to return from session mode to local mode Use caution when enabling interrupts because they inconvenience people using the device as a service For printers with keyboards which can also be used as interactive terminals you should have the interrupts characte
458. tion 193760 ulticast Frames Rcv d 66700 Data Overrun 0 ulticast Frames Sent 2179 User Buffer Unavailable 0 Frames Sent Deferred 96516 System Buffer Unavailable 0 essages Received 1886375 Duplicates Received 106 essages Transmitted 1569667 Messages Re transmitted 485 Solicitations Accepted 0 Illegal Messages Rcv d 6 Solicitations Rejected 0 Illegal Slots Rcv d 0 ultiple Node Addresses 23591 Illegal Multicasts Rev d 1 Local gt SHOW LIST MONITOR SERVER COUNTERS Display Fields The following table defines the fields in the SHOW LIST MONITOR SERVER COUNTERS display Field Description Ethernet Data Link Counters Seconds Since Zeroed Number of seconds since the counters were last set to zero Bytes Received Number of bytes contained in datagrams successfully received by the access server excluding Ethernet header and CRC data Bytes Sent Number of bytes contained in datagrams successfully transmitted by the access server excluding Ethernet header and CRC data Managing the Access Server 17 11 Displaying Information About the Access Server Field Frames Received Frames Sent Multicast Bytes Rcv d Multicast Bytes Sent Multicast Frames Rcv d Multicast Frames Sent Frames Sent Deferred Frames Sent 1 Collision Frames Sent 2 Collisions Send Failures 17 12 Managing the Access Server Description Number of datagram frames successfully received by the access server including multicast fram
459. tion mode use the command shown in the following example Local CHANGE INTERNET NAME RESOLUTION MODE LOCAL Name Resolution Modes The following table lists and describes the name resolution modes Mode When the access server attempts to resolve a host name or address it searches Local Local data which is host name and address information that users previously entered with the SET DEFINE CHANGE INTERNET HOST command Use local data when no name servers are configured Remote Learned data and remote name servers Learned data is name and address information that the access server receives from name servers and enters in its cache If the access server fails to resolve the address with the learned data in its cache it queries the network name servers for remote data Ordered Local data then learned data and remote data from the network Default name servers Local data takes precedence 7 12 TCP IP Network Characteristics Configuring Domain Name System DNS Characteristics Mode When the access server attempts to resolve a host name or address it searches Stub Remote data only using recursive name service The access server performs no DNS caching Slave Local data and remote data using recursive name service The access server performs no DNS caching When conflicts occur the local data takes precedence Configuring a List of Commonly Used Internet Hosts You can optionally enter commonly used Internet host na
460. tion to filter incoming multicast messages from other nodes Managing the Access Server 17 23 Checking Port Status and Counters Checking Port Status and Counters Introduction The LIST MONITOR SHOW PORT command displays information about one or more ports on the access server You can obtain characteristics counter status and summary displays for ports Displaying Port Characteristics The LIST MONITOR SHOW PORT CHARACTERISTICS command displays the values of the characteristics of the selected ports The bottom of the display lists all the enabled port characteristics Use the characteristics display when you are changing settings The port number n in the display indicates that the port device is connected to connector JN on the hardware unit The server name is configured with the SET DEFINE CHANGE SERVER NAME command The other values can be changed with the SET DEFINE CHANGE PORT command Reference Refer to Network Access Server Command Reference for information on each command Note Some access servers have Modem Control instead of Signal Control Also Signal Select is not available on all access servers 17 24 Managing the Access Server Checking Port Status and Counters Example SHOW PORT CHARACTERISTICS Display The following example shows how to generate a port characteristics display Local SHOW PORT 1 CHARACTERISTICS Port 1 Joe Smith Server Servername Character Size 8 Input Speed 9600 F
461. tions listed in Mapping Event Indications to Keyboard Characters in Chapter 13 you can also send the following e Request Status Requests that the peer Telnet implementation responds with the current status of all Telnet options for this session You must resume the session to see the Telnet server s response The following shows how to send the REQUEST STATUS function Local gt SEND TELNET REQUEST STATUS e Resume Output If the Internet host appears to be hung after the AO function is sent you send RESUME OUTPUT to cancel the AO You only use this command to cancel an AO The following shows how to send the RESUME OUTPUT function Local gt SEND TELNET RESUME OUTPUT Local gt SEND TELNET SYNCH e TEST INTERNET or PING Sends an ECHO request message to the specified remote Internet host You use this command to test for a valid connection This 11 44 Configuring and Managing Interactive Devices Managing Sessions command starts a PING session which continues until the PING succeeds and sends a VERIFICATION message or until the timeout period of 30 seconds is exceeded The following shows how to test the communication to an Internet host with an address of 22 46 72 167 Local TEST INTERNET 22 46 72 167 or Local gt PING 22 46 72 167 Controlling the Number of Sessions You can control the number of sessions at the individual port and the total number of sessions allowed for the access server The combine
462. to configure a printer with unannounced availability The only users that know about the device s availability are those users that you tell about the device By defining a port name and not a service name you can configure a device on the access server for access by users on a LAT network Configuring a Printer with Unannounced Availability The example in this topic shows a sample configuration of a printer with unannounced availability on a LAT network You must configure the device and port characteristics as described in Chapter 9 before performing this procedure The following are variables in the example that you should substitute with the appropriate values e Access server port number e Authorized and service groups e Port name You should change the port name to a descriptive term This term should describe the resource provided for example printer or file transfer The port name must be unique on the access server and follow the naming conventions described in the Network Access Server Command Reference Substitute MODEM CONTROL for SIGNAL CONTROL if your access server supports MODEM CONTROL Reference For a description of each command refer to the Network Access Server Command Reference Note Not all commands can be combined on one line Configuring and Managing LAT Services 12 13 Configuring a Printer with Unannounced Availability Example Configuring a Printer with Unannounced Availability on a LAT Network o
463. tocol identified by AUTOLINK PPP SLIP or local login starts Example Enabling AUTOLINK Authentication The following example shows how to enable AUTOLINK authentication Local DEFINE PORT AUTOLINK AUTHENTICATION ENABLE The SHOW PORT CHARACTERISTICS command shows AUTOLINK authentication enabled in the ENABLED CHARACTERISTICS section Specifying an Authentication Method The following table describes the authentication method used when you enable AUTOLINK AUTHENTICATION and specify an LCP authentication method and an interactive authentication was not already performed prior to LCP negotiation LCP Results Authentication PAP USERNAME PC clients that connect immediately using PPP will be authenticated using PPP PAP authentication This setting is required when you use Kerberos or SecurID authentication For Kerberos authentication you must set the Kerberos realm default ACCESS to NONE For other forms of authentication such as RADIUS CHAP USERNAME may be used If you user the PAP NOUSERNAME options with the PORT LCP AUTHENTICATION command the login fails Disabled PC clients that connect immediately using PPP will be authenticated using either CHAP or PAP authentication If the LCP negotiation for CHAP is not acknowledged the DECserver requires PPP PAP authentication Managing Access Server Security 22 33 Managing Dial Up Access Security with AUTOLINK and AUTOLINK Authentication LCP Results Aut
464. ts Payable Development System Local gt Managing the Access Server 17 3 Managing Your Access Server As Part of the LAT Network SHOW LIST MONITOR NODE STATUS Display Fields The following table describes the information in the fields and headings of the node status display Field Node LAT Protocol Vx x Address Data Link Frame Size Identification Node Groups Service Name column Status column Identification column 17 4 Managing the Access Server Description Name of the service node LAT protocol version number and update level of the service node software LAT Version 5 2 protocol permits queued connection requests for printers connected to network access servers LAT Version 5 2 protocol does not permit queued connection requests Ethernet address of the service node Maximum Ethernet data link frame size used by the service node to receive messages Node identification string Group codes enabled for this service node For a port to access the service node at least one of these groups must Name of each service offered on this node The same service might be offered on other service nodes Use the SHOW SERVICE STATUS command to find the names of all the nodes offering a particular service Available Service is available to access server users n Connected Service is available and n currently active sessions were requested with this service name If the local access server is t
465. twork into combinations of service nodes service node services and access server ports To configure group codes on an access server perform the following steps Step Action 1 Determine the group codes of the LAT services that a port user needs by entering the SHOW NODE STATUS command 11 4 Configuring and Managing Interactive Devices Configuring an Interactive Device for LAT Sessions Step Action 2 Enable the applicable groups on the port as illustrated by the following commands Local CHANGE PORT 5 AUTHORIZED GROUPS 10 24 46 Local SET PORT 5 GROUPS ALL ENABLED 3 If necessary disable any unwanted group that was previously enabled The following commands show how to disable group 0 on port 5 Local CHANGE PORT 5 AUTHORIZED GROUPS 0 DISABLED Local SET PORT 5 GROUPS ALL ENABLED Specifying AUTOCONNECT When you disable the AUTOCONNECT characteristic on a given port the access server displays the local mode prompt after you log in You can then enter the CONNECT command to use a network resource When you enable the AUTOCONNECT characteristic on a given port and a dedicated or preferred service is enabled the port automatically connects a port to that service at log in The port also attempts to reestablish the current session if the connection fails You must enable AUTOCONNECT for a dedicated service port With preferred and dedicated service disabled enabling AUTOCONNECT allows the access server to attempt to rees
466. ty and character size when you log in AUTOBAUD Settings The following table lists the AUTOBAUD settings and the types of devices associated with them Setting For These Devices Enabled Interactive default Disabled Printers modems computers 9 6 Configuring Basic Device Characteristics Matching the Port and Device Characteristics CHARACTER SIZE and PARITY Settings The AUTOBAUD characteristic functions only if the input and output speeds of the port device are the same and the character size and parity settings have the combinations listed in the following table Character Size Parity 8 None 7 Even Example Disabling AUTOBAUD The following example shows how to disable the autobaud characteristic Local CHANGE PORT 5 AUTOBAUD DISABLED CHARACTER SIZE PARITY The CHARACTER SIZE characteristic indicates the number of bits in a data character The access server supports character sizes of 7 or 8 bits and the default is 8 bits Refer to the operator s guide for the port device to determine appropriate character size If you enable autobaud the access server automatically adjusts the character size Example Setting the CHARACTER SIZE The following example shows how to set the character size Local CHANGE PORT 5 CHARACTER SIZE 7 The PARITY characteristic determines the type of parity checks that the access server performs If you enable autobaud the access server automatically adjusts the parity
467. u capsule data on the services offered on the network or the local access server Displaying Services Characteristics The LIST SHOW MONITOR SERVICES CHARACTERISTICS command generates a display of information on values that you can modify with the SET DEFINE CHANGE SERVICE command With the LIST command the characteristics display is the default display for the SERVICES and the SERVICES LOCAL entity specifications 12 16 Configuring and Managing LAT Services Managing Your Access Server As a LAT Node Offering a Service Example SHOW SERVICE CHARACTERISTICS Display The following example below shows how to generate a service characteristics display for the service named PRINTER Local SHOW SERVICE PRINTER CHARACTERISTICS Service PRINTER Identification Printer Ports to PEACH Ports 54 Y Rating 255 Enabled Characteristics Connections Password Queuing Local gt SHOW LIST MONITOR SERVICE CHARACTERISTICS Display Fields The following table describes the fields displayed in the service characteristics display Field Description Service Name that identifies the network service Identification Service identification string This string is usually a short description of the service or of how to use it The following fields are displayed only for services offered by the access server local services Ports Numbers of the ports at which the local service is offered Rating Rating at which the access server offers thi
468. umber of times that the access server resends a message without an acknowledgment After the specified time limit the access server times out the circuit If other service nodes offer the same service that timed out the access server attempts automatic failover RETRANSMIT LIMIT Values The retransmit limit range is from 4 to 120 If traffic load is heavy or the network experiences noise problems set the value higher than the default value of 8 On the other hand if rapid error detection is important you may want to specify a lower value Changing the RETRANSMIT LIMIT Characteristic To change the RETRANSMIT LIMIT characteristic use the DEFINE SET CHANGE SERVER RETRANSMIT LIMIT command The following example shows how to change the retransmit limit to 100 Local CHANGE SERVER RETRANSMIT LIMIT 100 Configuring LAT Characteristics 6 15 RESPONDER Characteristic RESPONDER Characteristic Access Server Mapping In order to connect to other nodes on the LAN the access server must be able to map node names port names and services to specific nodes Datagram Types LAT provides the following specific types of datagrams that facilitate this mapping Datagram Name Description Service Announcement A mulicasted datagram used by slave nodes to advertise services Solicit Information A multicasted or physically addressed datagram used by any node to solicit service information from another node Response Information A physic
469. us and Menu Lines The following example shows the commands to purge specific menu lines and entire menus Local PURGE MENU MAIN LINE 5 Local PURGE MENU HOSTS 3 12 User Interface Chapter 4 Managing Load Hosts Overview Introduction This chapter describes the command procedures that you use to manage hosts that load the access server software image on a LAT network In This Chapter This chapter contains the following topics e DSV CONFIGURE e DSVCONFIG e Using a BOOTP TFTP Server e Upline Dumping e Terminal Server Manager TSM Managing Load Hosts 4 1 Load Host Procedures Load Host Procedures Description The specific command procedure that you use to manage the load host depends on the network version protocol and operating system of the load host The following table lists the available combinations with a reference to the related section in this chapter Load Host Network X Protocol Operating Refer to Command System Procedure DSV CONFIGURE DECnet MDS OpenVMS DSV CONFIGURE Phase IV DECnet OSI DSV CONFIG DECnet MOP ULTRIX DSVCONFIG Phase IV DECnet OSI etc add_DECserver TCP IP BOOTP UNIX Using a BOOTP TFTP TFTP DIGITAL Server UNIX etc list_DECserver TCP IP BOOTP UNIX Using a BOOTP TFTP TFTP DIGITAL Server UNIX etc rem_DECserver TCP IP BOOTP UNIX Using a BOOTP TFTP TFTP DIGITAL Server UNIX etc upd_DECserver TCP IP BOOTP UNIX Using a BOOTP TFTP TFTP DIGITAL Server UN
470. user account named J SMITH Local SET USERACCOU J SMITH Example Changing the User Password The following example changes the password for the user account J SMITH to the character string SECRETSTUFF Quotes denote the password string in the command line Local CHANGE USERACCOU J SMITH PASSWORD SECRETSTUFF Optional Setup for Local User Accounts Example Changing User Account Parameters The following example shows how to change the user account parameters for the user J SMITH to FRAMED access and set his permissions to PRIVILEGED Local CHANGE USERACCOU J SMITH ACCESS FRAMED Local CHANGE USERACCOU J SMITH PERMISSIONS PRIV When the SHOW USERACCOUNT command is used the above settings result in the following display Local SHOW USER ACCOUNT J SMITH Username J SMITH Password Entered User Status ENABLED Access FRAMED Forced Callback DISABLED Max Connect Time 0 02 00 00 Dialout Service NONE Dialback Number NONE Dialout Number NONE Permissions DIALBACK DIALOUT LAT TELNET SLIP PPP PRIV 11 28 Configuring and Managing Interactive Devices Managing Access Server User Accounts SHOW LIST MONITOR USERACCOUNT Display The following table defines the values in the SHOW USSERACCOUNT display Field Username Password Access Max Connect Time Dialback Number Dialout Number Permissions User Status Forced Callback Dialout Service Description Es
471. using the access server s subnet mask and have a positive time to live ttl b The access server goes through a list of locally configured name servers and searches for name servers that are on its network by using the access server s subnet mask and have a positive time to live ttl C The access server assigns the first valid name server as the Primary Nameserver and the second valid name server as the Secondary Nameserver 2 If the access server does not find two valid name servers a The access server goes through the list of learned name servers and searches for name servers with a positive time to live ttl b The access server goes through the list of locally configured name servers and searches for name servers with a positive time to live ttl C The access server assigns the first valid name server as the Primary Nameserver and the second valid name server as the Secondary Nameserver TCP IP Network Characteristics 7 15 Configuring a List of Internet Gateway Addresses Configuring a List of Internet Gateway Addresses Introduction If the access server users need to access hosts in different networks or subnets you can define a database of Internet gateways The access server uses gateways to route traffic to different networks and subnets Displaying a List of Gateway Addresses Local Gateway Gateway Gateway Gateway To display a list of Internet gateway addresses use the SHOW LIST MONIT
472. ut this document send them to the DIGITAL documentation organization Attn Documentation Project Manager FAX 508 486 5655 E mail doc quality 9 Ikg mts dec com Online Services To locate product specific information refer to the following online services BBS To read the Bulletin Board System set your modem to 8 bits no parity 1 stop bit and dial 508 486 5777 U S Outside of the U S dial access code 1 508 486 5777 WWW The Digital Equipment Corporation Network Products Business Home Page on the World Wide Web is at the following addresses North America http www networks digital com Europe http www networks europe digital com Australia http www digital com au networks xxxi Overview Introduction Chapter 1 DNAS Management This chapter describes the tasks that the following types of users perform when managing the access server In This Chapter System administrators who configure and manage the access server End users of network services and applications This chapter includes the following topics Configuration Tasks for System Administrators Management Tasks for System Administrators User Tasks Storage of Configuration Settings and Changes in Memory Commands to Display and Change Configuration Settings DNAS Management 1 1 Configuration Tasks for System Administrators Configuration Tasks for System Administrators Configuration Tasks The following table lists the tasks tha
473. v d Number of LAT messages with an illegal format received by the access server This value should be 0 A service node transmitting such messages might have a software problem Illegal Slots Rcv d Number of LAT messages with an illegal slot format received by the access server This value should be 0 A service node transmitting such messages might have a software problem Illegal Multicasts Rcv d Number of illegally formatted multicast messages received from service nodes This value should be 0 A service node transmitting such messages might have a software problem Displaying Access Server Status The SHOW LIST MONITOR SERVER STATUS command displays the status of the access server The information tells you how well the access server is working under the current load and also warns you of network trouble or of problems with ports on the access server The display also lists current highest and maximum values for software and hardware resources If the status is not normal then the following appears Selftest Status Server 00 00 00 Service 00000 Port 0000000000000000 Software Status PC 01234567 SP 01234567 SR 2300 M 01234567 C 217 The first line displays the access server software version number and base level LAT software version number ROM version number and the time that the access server has been running since the last downline load expressed as days hours minutes seconds Example SHOW SERVER STATUS Display The f
474. ver The number of LCP terminate acks received from the peer The number of LCP terminate acks sent to the peer from the access server The number of LCP code rejects received from the peer Displaying PPP Counters Field Code Rejects out Echo Reqs in Echo Reqs out Echo Resps in Echo Resps out Prot Rejects in Prot Rejects out Discards in Discards out Displaying IPCP Counters Use the SHOW PORT n IPCP command to display the IPCP counters for a port This command requires no privileges The display shows all the counters relevant to IPCP Description The number of LCP code rejects sent to the peer from the access server The number of LCP echo requests received from the peer The number of LCP echo requests sent to the peer from the access server This number should always be zero in this version The number of LCP echo replies received from the peer The number of LCP echo replies sent to the peer from the access server The number of LCP protocol rejects received from the peer The number of LCP protocol rejects sent to the peer from the access server The number of LCP discard packets received from the peer A discard packet is the PPP equivalent of a no op instruction The number of LCP discard packets sent to the peer from the access server This number should always be zero in this version protocol operation Most of this information is useful as a diagnostic aid The CONNECT or DISCON
475. ver did not recognize the multicast address and discarded the message This value reflects multicast traffic or other traffic addressed to the access server from protocols not supported by the access server The count will be high if the access server does not have an IP address and is connected to a network with ARP traffic If this count is extremely high greater than 10 for each second of uptime the access server performance could be adversely effected Number of times the access server hardware lost an incoming frame because it was unable to keep up with the data rate This value should be 0 Number of times the access server did not have a user buffer available to store an incoming frame that passed through the system buffer This counter should accumulate at a rate of less than two counts per day Note that the value of this counter could be high if there are a large number of LAT service multicast announcements on the network Also it is normal to experience some errors when nodes are added to the Ethernet Field System Buffer Unavailable LAT protocol Counters Messages Received Messages Transmitted Solicitations Accepted Solicitations Rejected Multiple Node Addresses Duplicates Received Messages Retransmitted Displaying Information About the Access Server Description Number of times a system buffer was not available in the access server for an incoming frame This counter should accumulate at
476. ver memory A lower node limit uses less memory However a lower node limit can potentially increase the time to make a connection to nodes that are not in the service database You need to decide the optimal number for your needs 17 2 Managing the Access Server Managing Your Access Server As Part of the LAT Network The following example shows how to decrease the node limit to 100 Local CHANGE SERVER NODE LIMIT 100 Reducing Memory Usage Set the node limit characteristic to a lower value The access server automatically reduces the number of nodes in the database This reduces the amount of memory used by the node database Viewing LAT Node Status Information The SHOW MONITOR NODE STATUS command displays information about the status of the selected nodes This includes a list of the services offered by the nodes and information on each service This display can help you track the availability and use of services Example SHOW NODE STATUS Display The following example shows how to generate a status display for the service node called PEACH Local SHOW NODE PEACH STATUS Node PEACH Address 08 00 2B 00 2B 02 LAT Protocol V5 2 Data Link Frame Size 1500 Identification Software Engineering Development Node Groups 20 50 100 200 Service Name Status Rating Identification DEVELOP 2Connected 255 Hardware Development System TEST Available 150 High powered Performance Testing TIMESHARING Available 27 Acc
477. vice e Managing Your Access Server As a LAT Node Offering a Service Configuring and Managing LAT Services 12 1 Configuring a Port to Offer a LAT Service Configuring a Port to Offer a LAT Service Configuration Parameters After you attach a device to a port and ensure that the port and device characteristics match you need to specify certain configuration parameters to enable all devices as LAT services The following table lists the configuration parameters In addition to the parameters listed in the table you need to configure certain parameters for specific types of devices as described in the Configuration of Specific Types of Devices As LAT Services section in this chapter For This Parameter Use This Command And Refer to This Section and Chapter Service groups Authorized groups Service name Port name ID string Modem control Signal control Service Password CHANGE SERVER SERVICE GROUPS ENABLED CHANGE PORT AUTHORIZED GROUPS ENABLED CHANGE SERVICE NAME CHARACTERISTIC S CHANGE PORT n NAME CHANGE SERVICE NAME CHANGE PORT n SIGNAL CONTROL ENABLED CHANGE PORT n MODEM CONTROL ENABLED CHANGE SERVICE NAME PASSWORD WORD Changing Access Server Service Groups in Chapter 6 Configuring LAT Group Codes for Interactive Devices in Chapter 11 Assigning a Service Name in this chapter Assigning a Port Name in this chapter Assigning an Identification String
478. wards packets from an attached SLIP host through the Ethernet interface to the Internet When the access server receives a packet addressed to an attached SLIP host it forwards the packet to that host The access server also directly forwards packets from one attached SLIP host to another attached SLIP host The access server acts like an ordinary IP router to an attached SLIP host The access server appears like a multihomed IP host to the IP routers on the Internet A multihomed host is an IP host with more than one IP address Network Configuration Containing SLIP Hosts The following figure shows a sample network configuration that contains SLIP hosts ULTRIX host ULTRIX host named dec com pa 195 1 1 61 195 1 1 62 BN Sy RSS SS 195 1 1 63 sy DECserver 700 aaa 195 1 1 60 LAN L ges Personal ULTRIX Computer host LJ 05085 AM Configuring and Managing SLIP Ports 15 3 Displaying SLIP Characteristics Displaying SLIP Characteristics Introduction Command The LIST SHOW MONITOR SLIP CHARACTERISTICS command enables you to display the SLIP configuration for a given port The characteristics that you manage are the host address the Maximum Transmission Unit MTU and the compression If you change SLIP characteristics while a SLIP session is already established the changes have no effect until you start a new SLIP session Use the SHOW PORT n SL
479. work Access Server 4 Check your configuration Operational Checkout and Diagnosis 20 4 Managing IPX Hardware and Software Requirements Hardware and Software Requirements Introduction This section describes the hardware and software necessary to run IPX There must be at least one NetWare fileserver version 3 xx or greater on the network If a fileserver is not directly attached to the same LAN as the network access server there must be a NetWare router on the LAN Software Requirements The following software is required to run IPX Network Access Software version 1 4 or greater Remote node access software for the PC which must support NetWare IPX using Point to Point Protocol PPP Can be acquired from a third party network software communications vendor Novell NetWare workstation software for the PC Can be acquired from your Novell NetWare or third party remote node access software kit Novell NetWare utilities on the PC Can be acquired from your Novell NetWare or third party remote node access software kit Hardware Requirements The following hardware is required to run IPX PC with a high performance Universal Asynchronous Receiver Transmitter UART on the COM port Either standard 16450 or 16550 UART or equivalent may be used Dial out modem for PC dial in modem for network access server Minimum 9600 baud recommended Highest speed modem available preferred References For a comprehen
480. ying DSRLOGOUT and Specifying LONGBREAK LOGOUT in Chapter 9 if you wish the access server to log out the port when the device is turned off Note that the access server device and device cable must support the DSR signal if you use DSRLOGOUT Configuring and Managing Interactive Devices 11 11 Configuring an Interactive Device for Telnet Sessions Reference For a description of the default protocol characteristic refer to Specifying the Default Protocol in this chapter For a description of the Telnet client profiles refer to Specifying the Telnet Client Session Profile in this chapter 11 12 Configuring and Managing Interactive Devices Configuring a Session Management TD SMP Terminal Configuring a Session Management TD SMP Terminal Introduction The MULTISESSION characteristic allows a session management terminal using the terminal device session management protocol TD SMP to manage each terminal session at the terminal itself not at the access server A terminal session is a single session on an access server port that is operating under session management control Session management terminals can have more than one terminal session with the access server but each terminal session can have one service session A service session is a session between a network resource and the terminal session With session management terminals TD SMP maintains the context of a service session when the user switches to another terminal
481. your remote node access software on the PC 20 10 Managing IPX Summary of DECserver IPX Management Commands Summary of DECserver IPX Management Commands The following are the network access server commands you can use to manage IPX Port PPP IPX Commands for LCP The following table explains the PORT PPP IPX commands for LCP SHOW LIST MONITOR Description PORT n LCP CHARACTERISTICS Display the current values for the LCP characteristics SHOW MONITOR PORT n LCP Description COUNTERS Display the current values of the IPXCP counters STATUS Display the current values of the IPXCP counters and characteristics CHANGE SET DEFINE Description PORT n LCP ACFC Address and Control Field Compression for PPP datagram AUTHENTICATION Password authentication is enabled ENABLE Enable LCP DISABLE Disable LCP MAP Specifies characters that may not be sent in the clear MAXFAILURE Number of times LCP sends NAK before rejecting option MAXTERMINATE Number of times LCP sends terminate request without ACK MRU Maximum receive units PASSIVE When enabled LCP must be initiated by attached device Managing IPX 20 11 PFC RESTART Port PPP IPX Commands for IPXCP Summary of DECserver IPX Management Commands Protocol Field Compression for PPP datagram Restart a suspended session The following table explains the PORT PPP IPX commands for IPXCP SHOW LIST MONITOR Port n IPXCP CHAR
482. ys to Switch Between Sessions Defining the Break Key and Specifying a Key to Switch to Local Mode 11 16 Configuring and Managing Interactive Devices Configuring for Block Mode Terminals Configuring for Block Mode Terminals Description Block mode terminals do not require any special setup to communicate with a host through an access server The access server software automatically allows terminals that support block mode to transmit large blocks of data without using FLOW CONTROL Buffer Size The maximum receive buffer size is 2048 bytes 512 bytes for DS700 16 access servers with less than 1 MB Configuring and Managing Interactive Devices 11 17 Specifying the Telnet Client Session Profile Specifying the Telnet Client Session Profile Introduction You can set various features for a Telnet client session You can either choose a profile that has many of the characteristics predefined or set the characteristics individually refer to Configuring Individual Telnet Client Session Characteristics in this chapter Many of the characteristics have factory set defaults Profiles Types Each profile is a set of predefined Telnet client session characteristics There are two basic profiles e CHARACTER Typically used with interactive users at a terminal or similar device All characters entered by the user are sent to the Internet host for handling The host edits ECHOes and processes the user data This is the factory se
483. zing the Access Server 5 7 Booting from the Network Booting from the Network Loading the Software Image If your network server is configured with Flash RAM but does not have the correct image the access server performs a network load Determining Boot Protocols During the network boot sequence the access server searches for a load host The access server tries both MOP and BOOTP protocols in a factory defined order The boot sequence includes a wait period after passing through all the boot protocols Once the access server finds a load host it records the protocol and load host in its permanent database The software is then downline loaded from the load host Reference For more information about installing the software refer to the DECserver Network Access Software Installation guide 5 8 Initializing the Access Server Booting Using Console Commands Booting Using Console Commands Introduction Console functions require DECserver ROM Version 4 0 or greater If you program Flash RAM with a nonstandard boot image name and a load host is not available pressing the reset to factory button may leave the access server unbootable Procedure To allow booting of a nonstandard boot image name perform the following steps Step Action 1 During the boot sequence of the access server initialization process press Ctrl B two times consecutively on the port defined as the console port The boot process stops
Download Pdf Manuals
Related Search