Section |
Page |
Contents |
3 |
1: Introduction 1-1 |
3 |
2: Getting Started 2-1 |
3 |
3: Console Server Features 3-1 |
3 |
4: Basic Remote Networking 4-1 |
4 |
5: Additional Remote Networking 5-1 |
4 |
6: IP 6-1 |
5 |
7: PPP 7-1 |
5 |
8: Ports 8-1 |
6 |
9: Modems 9-1 |
7 |
10: Modem Sharing 10-1 |
7 |
11: Security 11-1 |
8 |
12: Command Reference 12-1 |
8 |
A: Environment Strings A-1 |
13 |
B: Show 802.11 Errors B-1 |
13 |
C: SNMP Support C-1 |
13 |
D: Supported RADIUS Attributes D-1 |
13 |
Index |
13 |
1: Introduction |
15 |
1.1 What Is New |
15 |
1.2 How To Use This Manual |
15 |
2: Getting Started |
17 |
2.1 Configuration Methods |
17 |
2.1.1 EZWebCon |
17 |
2.1.2 Web Browser Interface |
17 |
2.1.3 Command Line |
18 |
2.1.3.1 Entering Commands |
19 |
2.1.3.2 Command Types |
19 |
2.1.3.3 Restricted Commands |
20 |
2.1.3.4 Abbreviating Commands |
20 |
2.2 Rebooting |
21 |
2.2.1 Sending a Broadcast Message |
21 |
2.2.2 Restoring Factory Defaults |
21 |
2.2.3 Reloading Operational Software |
22 |
2.2.4 Editing Boot Parameters |
22 |
2.3 System Passwords |
23 |
2.3.1 Login Password |
23 |
2.3.2 Privileged Password |
24 |
2.4 Basic Configuration |
25 |
2.4.1 Changing the Server Name |
25 |
2.4.2 Changing the Local Prompt |
25 |
2.4.3 Changing the Login Prompts |
26 |
2.4.4 Setting the Date and Time |
26 |
2.4.4.1 Setting the Clock |
26 |
2.4.4.2 Setting the Timezone |
26 |
2.4.4.3 Designating a Timeserver |
27 |
2.4.5 802.11 Configuration |
27 |
2.4.5.1 802.11 Terms |
28 |
2.4.5.2 Enabling 802.11 Networking |
29 |
2.4.5.3 802.11 Region |
29 |
2.4.5.4 MAC Address |
30 |
2.4.5.5 Extended Service Set ID (ESSID) |
30 |
2.4.5.6 Network Mode |
30 |
2.4.5.7 Channel |
31 |
2.4.5.8 WEP |
31 |
2.5 Configuration Files |
32 |
2.5.1 Creating a Configuration File |
32 |
1 On your host, enter a series of SCS commands in a text file, one command per line. Privileged c... |
32 |
2 Test the configuration file. To test the file, use the Source command, discussed on page 12-131. |
32 |
2.5.2 Using a Configuration File |
33 |
2.6 Disk Management |
34 |
2.6.1 Flash Disk |
34 |
2.6.2 ATA Cards |
34 |
3: Console Server Features |
36 |
3.1 Overview of Console Servers |
36 |
3.2 Event Port Logging |
37 |
3.2.1 Enabling Port Logging |
37 |
3.2.2 Viewing the Port Log |
37 |
3.2.2.1 Telnet/Serial Login |
37 |
1 At a Local_n >prompt, type disk ls to see the files. The file is Port_nn by default, where nn i... |
37 |
2 To view the entire log, type disk cat port_nn.log. |
37 |
3.2.2.2 Web Interface |
37 |
1 Open the web browser interface and http to the IP address or hostname of the SCS. The SCS Home ... |
37 |
2 Click the link to open the file in the default text viewer. |
37 |
3.2.2.3 FTP |
37 |
1 FTP to the SCS. |
38 |
2 Type ls to get a listing of log files. |
38 |
3 “Get” or “mget” a copy of the log file (for example., # mget Port_1.log). |
38 |
3.3 Email Alerts for Serial Events |
38 |
3.4 Configuring Menu Mode |
39 |
3.4.1 Menu Configuration at the Command Line |
39 |
3.4.2 Menu Configuration Files |
40 |
1 Start a new text file on a host other than the SCS. Once the file is complete, you will FTP it ... |
40 |
2 Define up to 10 groups of users. Each group, listed on separate lines, will later be assigned a... |
40 |
3 Begin defining the menus. Start by assigning a menu to a specific group. |
40 |
4 Define the items that will appear in the menu. The items will be numbered in the order entered.... |
40 |
5 After ENDMENU, you can go on to define more menus for other groups of users. |
41 |
6 FTP the file to the SCS /flash disk. |
41 |
3.4.3 Nested Menus |
42 |
3.5 Login Banner Pages |
43 |
1 Create text files with the desired text name prelogin.txt and/or postlogin.txt. |
43 |
2 FTP to the IP address of the SCS. |
43 |
3 Log in with the username root and enter the privileged password (system by default.) |
43 |
4 Change directories to /flash or /ram. |
43 |
5 “Put” the text files into the desired directory. |
43 |
6 Reboot the SCS. |
43 |
3.6 Managing the Attached Devices |
43 |
3.6.1 In-Band Management |
43 |
3.6.2 Out of Band Management |
44 |
1 Open a terminal emulator such as Hyperterminal |
44 |
2 Dial the phone number for the modem attached to the SCS. |
44 |
3 When the connection is complete, press <CR>. |
44 |
4 Enter your username and password. |
44 |
3.6.3 Connecting from the Local> Prompt |
44 |
3.6.4 Serial Break Handling |
44 |
3.6.4.1 Serial Breaks |
45 |
3.6.4.2 Alternate Break Sequences |
45 |
3.7 Serial Port Configurations |
49 |
3.7.1 Enabling the Incoming Password |
49 |
3.7.2 Setting the Port Access Mode |
49 |
3.7.3 Displaying Port Status |
49 |
3.7.3.1 SNMP Queries |
49 |
4: Basic Remote Networking |
50 |
4.1 Remote Connection Types |
50 |
4.1.1 Remote Dial-in |
50 |
4.1.2 LAN to LAN |
51 |
4.2 Managing Connections With Sites |
51 |
1 To configure the SCS and the remote router appropriately for a connection. For example, particu... |
51 |
2 To enforce specific network requirements. For example, compression may be required for all conn... |
51 |
3 To manage a connection once it is in place. For example, it may be desirable to control the amo... |
52 |
4 To enable a system administrator to monitor a single connection. For example, a system administ... |
52 |
4.2.1 Creating a New Site |
52 |
4.2.1.1 Default Site Configuration |
52 |
4.2.2 Displaying Existing Sites |
53 |
4.2.3 Editing Sites |
53 |
4.2.4 Testing Sites |
54 |
4.2.5 Deleting Sites |
54 |
4.2.6 Using Sites for Incoming Connections |
54 |
4.2.7 Using Sites for Outgoing Connections |
55 |
4.2.8 ISP Site Connections with NAT |
55 |
1 Create the SCS’s IP address to an address on a private subnet, for example: |
55 |
2 Create the site that will dial up the ISP. Your ISP will provide most of the information: |
55 |
3 Set the IP address of the site to the single non-private (Internet) address for your network. |
56 |
4 Enable NAT on the SCS, using the DEFINE IP NAT ENABLED command. |
56 |
5 Configure the NAT parameters if needed.The default parameters are sufficient for most situation... |
56 |
6 Configure the SCS as the gateway on the machines on the private network (e.g., 192.168.13.2,.3,... |
56 |
4.3 IP Address Negotiation |
56 |
4.4 IP Routing |
57 |
4.4.1 Routes for Outgoing LAN to LAN |
57 |
4.4.2 Routes for Incoming LAN to LAN |
58 |
4.4.3 Routes for Remote User Dial-ins |
58 |
4.4.4 Configuring RIP for Sites |
59 |
4.4.4.1 Disabling RIP |
59 |
4.4.4.2 Interval Between RIP Updates |
59 |
4.4.4.3 Configuring the Metric |
59 |
4.5 Incoming Connections |
60 |
4.5.1 Starting PPP/Slip for Incoming Connections |
60 |
4.5.1.1 Starting PPP or SLIP from the Local> Prompt |
61 |
4.5.1.2 Starting PPP or SLIP Using Automatic Protocol Detection |
61 |
4.5.1.3 Starting PPP or SLIP on a Dedicated Port |
62 |
4.5.2 Incoming Connection Sequence |
62 |
4.5.2.1 Ports Using Automatic Protocol Detection |
62 |
1 If automatic protocol detection (for PPP, SLIP, or both) is enabled, the link layer starts up w... |
62 |
2 The caller is attached to a temporary site. The name of this site is based on the port number u... |
62 |
3 If using SLIP, callers continue to use the temporary site for the remainder of the connection. |
62 |
A If the SCS port receiving the call has been configured to authenticate remote hosts using CHAP ... |
62 |
B The username and password are compared to existing site names. One of the following occurs: |
63 |
1 If the username matches the name of a site, the site will be checked to see if it has a local p... |
63 |
2 If a site isn’t configured with a password, or the password entered by the caller doesn’t match... |
63 |
4.5.2.2 Ports Not Using Automatic Protocol Detection |
63 |
1 The caller sends a carriage return. |
63 |
2 If the port is configured to prompt for a login password, the caller must enter the correct log... |
63 |
3 To start the link layer, the caller has to enter commands to start PPP or SLIP (Set PPP or Set ... |
63 |
A If the caller specifies a site to be started when PPP or SLIP is started, the user is attached ... |
63 |
B If a site isn’t specified, the user is attached to a temporary site. The name of this site is b... |
63 |
4.5.3 Configuring Incoming Connections |
63 |
1 Configure the Ports |
63 |
2 Create the Sites |
64 |
3 Configure Authentication |
64 |
4.6 Outgoing Connections |
65 |
4.6.1 Ports for Outgoing Connections |
66 |
4.6.2 Telephone Numbers |
66 |
4.6.3 Authentication |
66 |
4.6.4 Configuring Outgoing Connections |
67 |
4.6.4.1 Configure Ports |
67 |
4.6.4.2 Configure Modems |
67 |
4.6.4.3 Create a Site |
67 |
4.6.4.4 Select Ports to Use for Dialing Out |
68 |
4.6.4.5 Assign a Telephone Number to the Port or Site |
68 |
4.6.4.6 Configure Authentication |
68 |
4.6.4.7 Configure Routing |
69 |
4.7 Monitoring Networking Activity |
69 |
4.8 Examples |
70 |
4.8.1 LAN to LAN—Calling One Direction Only |
70 |
4.8.2 LAN to LAN—Bidirectional (Symmetric) Calling |
71 |
4.8.3 Remote Dial-in User Example |
73 |
4.8.3.1 Configure the Ports & Modems |
73 |
4.8.3.2 Define the IP Address Pool |
74 |
4.8.3.3 Configure the Default Site |
74 |
5: Additional Remote Networking |
75 |
5.1 Basic Security |
75 |
5.1.1 Port Authentication |
75 |
1 Ensure that the authentication databases have been configured using the Set/Define Authenticati... |
75 |
2 Associate commands with a username by entering the Set/Define Authentication User command. When... |
75 |
3 Enable authentication on each port that will be used for incoming logins. |
76 |
5.1.2 Filter Lists |
76 |
1 Allow any packet |
76 |
2 Deny all IP traffic matching a particular rule |
76 |
1 Deny all IP traffic matching a particular rule |
77 |
2 Allow any packet |
77 |
5.2 Chat Scripts |
77 |
5.2.1 Creating a Chat Script |
77 |
5.2.2 Editing and Adding Entries |
77 |
5.2.3 Configuring Timeouts |
78 |
5.2.4 Setting Markers |
78 |
5.3 Bandwidth On Demand |
78 |
5.3.1 How Bandwidth is Controlled |
79 |
5.3.2 Disadvantages of Additional Bandwidth |
79 |
5.3.3 Configuring Bandwidth Allocated to Sites |
80 |
5.3.3.1 Estimate Each Port’s Bandwidth |
80 |
5.3.3.2 Assign Port Priority Numbers |
80 |
5.3.3.3 Specify the Bandwidth Measurement Period |
81 |
5.3.3.4 Specify When Bandwidth is Added or Removed |
81 |
5.3.3.5 Configure the Delay Between Bandwidth Adjustments |
81 |
5.3.4 Displaying Current Bandwidth Settings |
82 |
5.3.5 Restoring Default Bandwidth Settings |
82 |
5.3.6 Monitoring Bandwidth Utilization |
82 |
5.4 Increasing Performance |
82 |
5.4.1 Filtering Unwanted Data |
82 |
5.4.2 Compressing Data and Correcting Errors |
83 |
5.4.3 Adding Bandwidth |
83 |
5.4.4 IP Header Compression |
83 |
5.5 Reducing Cost |
84 |
5.5.1 Inactivity Logouts |
84 |
5.5.2 Restricting Packets with Startup Filters |
84 |
5.5.3 Reducing the Number of Ports Used |
84 |
5.5.4 Using Higher Speed Modems |
84 |
5.5.5 Restricting Connections to Particular Times |
85 |
5.5.5.1 Determining if Site Restrictions are Appropriate |
85 |
5.5.5.2 Setting Up Site Restrictions |
85 |
5.5.5.3 Getting Timesetting Information |
85 |
5.5.6 Increasing Requirements for Adding Additional Bandwidth |
86 |
5.5.7 Controlling Frequency of Calls |
86 |
5.6 Using the SCS Without Dialup Modems |
87 |
5.6.1 Situations Where Dialup Modems Are Not Used |
87 |
5.6.1.1 Direct Connections |
87 |
5.6.1.2 Statistical Multiplexors |
87 |
5.6.1.3 Synchronous Leased Lines |
87 |
5.6.1.4 Analog Leased Lines |
87 |
5.6.2 Configuring the Unit for Modemless Connections |
88 |
5.6.2.1 PPP |
88 |
5.6.2.2 SLIP |
89 |
5.7 Character Mode Sites |
89 |
5.8 Examples |
90 |
5.8.1 Creating a Chat Script |
90 |
5.8.2 Creating a Simple Firewall |
90 |
5.8.3 Controlling Access During Weekend Hours |
90 |
6: IP |
92 |
6.1 IP Addresses |
92 |
6.1.1 IP Addresses for Incoming Connections |
93 |
6.1.1.1 Defining an IP Address Pool |
94 |
6.1.1.2 Specifying a Site’s IP Address Range |
94 |
6.1.1.3 Assigning a Specific IP Address for a Site |
95 |
6.1.2 IP Addresses For Outgoing Connections |
95 |
6.1.2.1 SLIP |
95 |
6.1.2.2 Dialing Out to an ISP |
96 |
6.2 Subnet Masks |
96 |
6.2.1 Length of Subnet Masks |
97 |
6.3 Name Resolving |
97 |
6.3.1 Configuring the Domain Name Service (DNS) |
98 |
6.3.2 Specifying a Default Domain Name |
98 |
6.3.3 Adding Hosts to the Host Table |
98 |
6.4 Header Compression |
99 |
6.5 Establishing Sessions |
99 |
6.5.1 Telnet and Rlogin Sessions |
100 |
6.5.1.1 Outgoing Telnet/Rlogin Connections |
100 |
6.5.1.2 Incoming Telnet/Rlogin Connections |
101 |
6.5.2 SSH Sessions |
101 |
6.5.2.1 Permanent Host Keys |
102 |
6.5.2.2 Supported SSH Connections |
102 |
6.5.2.3 Creating an Authorized_Keys File |
102 |
6.5.2.4 Shared Key Authentication |
103 |
1 The SSH client on the user’s computer sends the public half of its identity key to the SCS. |
103 |
2 The SCS checks to see if this user’s identity key is listed in the AUTHORIZED_KEYS (or AUTHORIZ... |
103 |
3 The SSH client then sends the private half of its identity key to the SCS. |
103 |
4 The SSH compares the private half of the user’s identity key to the key stored in the host_rsa_... |
103 |
5 If the private keys match, the user’s identity is confirmed and an SSH connection forms. |
103 |
6.5.2.5 Setting up RSA Shared Key Authentication (for SSH v1) |
103 |
1 FTP to the IP address of the SCS. |
103 |
2 Log in with the usernname of root and enter the privileged password (system by default). |
103 |
3 Change directories to /flash/ssh/. |
103 |
4 “Put” the AUTHORIZED_KEYS FILE into that directory. |
103 |
5 Reboot the SCS. |
104 |
6.5.2.6 Setting up DSA Shared Key Authentication (for SSH v2) |
104 |
1 FTP to the IP address of the SCS. |
104 |
2 Log in with the usernname of root and enter the privileged password (system by default). |
104 |
3 Change directories to /flash/ssh/. |
105 |
4 “Put” the AUTHORIZED_KEYS2 FILE into that directory. |
105 |
5 Reboot the SCS. |
105 |
6.5.2.7 Username/Password Authentication (SSHv1 or SSHv2) |
105 |
6.5.2.8 SSH Incoming Connections (Unix and Non-Unix) |
106 |
1 At the command prompt, enter ssh followed by the SCS host name or IP Address. You may also spec... |
106 |
2 If your RSA or DSA key is passphrase protected, enter your password. |
106 |
3 If you are not using an RSA or DSA key, specify the username and password that the SCS will use... |
106 |
4 If connecting directly to a serial port on the SCS, specify the port number as 22xx, where xx i... |
106 |
1 Start your SSH Client software. |
106 |
2 Enter the SCS host name or IP Address and specify the public key file to use. |
106 |
3 Enter the ssh command followed by the SCS name. |
106 |
4 If connecting directly to a serial port on the SCS, specify the port number as 22xx, where xx i... |
106 |
5 If your RSA or DSA key is passphrase protected, enter your password. |
107 |
6 If you are not using an RSA or DSA key, specify the username and password that the SCS will use... |
107 |
6.5.2.9 Outgoing SSH Connections |
107 |
6.5.3 Restricting Connections to SSH |
108 |
6.5.4 Disabling HTTP and FTP |
108 |
6.6 IP Security |
108 |
6.6.1 Configuring the Security Table |
109 |
6.6.2 Clearing Table Entries |
109 |
6.7 IP Routing |
110 |
6.7.1 How Packets are Routed |
110 |
6.7.2 Routing Tables |
110 |
6.7.2.1 Types of Routes |
110 |
6.7.2.2 Adding Routes to the Table |
111 |
6.7.3 Using RIP |
113 |
6.7.4 Proxy ARP |
113 |
6.7.5 Using the NetBIOS Nameserver (NBNS) |
113 |
6.7.6 Routing and Subnetworks |
114 |
6.8 Displaying the IP Configuration |
114 |
6.9 Examples |
116 |
6.9.1 IP Address Assignment for Remote Networking |
116 |
6.9.2 General IP Setup |
117 |
6.9.3 Adding Static Routes |
117 |
6.9.4 Default Routes to a Site |
117 |
7: PPP |
118 |
7.1 LCP |
118 |
7.1.1 Packet Sizes |
118 |
7.1.2 Header Compression |
118 |
7.1.3 Character Escaping |
118 |
7.1.4 PPP Authentication |
119 |
7.1.4.1 Configuring CHAP and PAP |
119 |
1 Remote hosts must authenticate themselves |
119 |
2 The SCS authenticates itself to remote hosts |
119 |
3 Remote hosts and the SCS authenticate each other |
119 |
7.1.5 CBCP |
120 |
7.2 NCP |
120 |
7.3 Starting PPP |
120 |
7.3.1 User-Initiated PPP |
121 |
7.3.2 Automatic Detection of PPP |
121 |
7.3.3 Dedicated PPP |
121 |
7.4 Multilink PPP |
121 |
7.4.1 Configuring the Calling SCS |
121 |
1 Enable Multilink PPP on all ports that may be used for a multilink connection. |
121 |
2 Create a site for the outgoing multilink PPP connection. |
122 |
3 Configure the ports associated with the multilink site. |
122 |
A Associate the site with two or more ports, giving each port a priority. Higher priority ports w... |
122 |
B Estimate the bandwidth of each port associated with the site. |
122 |
C Specify a telephone number for each port. |
122 |
4 Configure the site bandwidth parameters. |
122 |
A Specify the initial and maximum bandwidths. |
123 |
B Specify when to add and remove bandwidth from a connection. |
123 |
5 Configure site authentication. |
123 |
7.4.2 Configuring the Receiving SCS |
123 |
1 Configure the ports that will be used for the multilink connection. |
123 |
A Enable Multilink PPP on all ports that will be used. |
123 |
B Ensure that the telephone numbers of the modems attached to the receiving ports match those con... |
123 |
C Enable PPP CHAP and/or PAP authentication on the ports. |
124 |
2 Create a site to receive the multilink traffic. |
124 |
3 Configure site authentication. |
124 |
7.5 Restoring Default PPP Settings |
124 |
7.6 Pocket PC PPP Support |
124 |
7.7 Character Mode Sites |
124 |
7.8 Troubleshooting |
125 |
8: Ports |
126 |
8.1 Using Port Commands |
126 |
8.2 Setting Port Access |
126 |
8.3 Starting a Port |
126 |
8.3.1 Waiting for Character Input |
127 |
8.3.2 Starting Automatically |
127 |
8.3.2.1 Enabling Autostart |
127 |
8.3.2.2 Setting an Autostart Trigger |
127 |
8.4 Port Modes |
128 |
8.4.1 Character Mode |
128 |
8.4.2 PPP Mode |
128 |
8.4.3 SLIP Mode |
128 |
8.5 Automatic Protocol Detection |
129 |
8.6 Port-Specific Session Configuration |
129 |
8.6.1 Multiple Sessions |
129 |
8.6.2 Switching Between Sessions |
130 |
8.6.3 Exiting Sessions |
130 |
8.6.3.1 Breaking from a Session |
130 |
8.6.3.2 Disconnecting Sessions |
132 |
8.6.4 Monitoring Session Activity |
132 |
8.6.5 Setting Session Characteristics |
132 |
8.6.5.1 Configuring a Session at Connection Time |
132 |
8.6.5.2 Configuring a Session Once It’s Running |
133 |
8.7 Preferred/Dedicated Protocols & Hosts |
133 |
8.7.1 Dedicated Protocols |
133 |
8.7.2 Preferred/Dedicated Hosts |
134 |
8.7.3 Saving Autostart Characters |
134 |
8.8 Port Restrictions |
134 |
8.8.1 Locking a Port |
134 |
8.8.2 Enabling Signal Check |
135 |
8.8.3 Username/Password Protection |
135 |
8.8.3.1 Login Password |
135 |
8.8.3.2 Username/Password Authentication |
136 |
8.8.4 Automatic Logouts |
136 |
8.8.4.1 DSR Logouts |
136 |
8.8.4.2 Inactivity Logouts |
136 |
8.8.5 Restricting Commands |
137 |
8.8.6 Receipt of Broadcast Messages |
137 |
8.8.7 Dialback |
137 |
8.8.8 Enabling Menu Mode |
137 |
8.9 Serial Port Configuration |
138 |
8.9.1 Naming a Port |
138 |
8.9.2 Specifying a Username |
138 |
8.9.3 Notification of Character Loss |
138 |
8.9.4 Padding Return Characters |
139 |
8.9.5 Setting the Device Type |
139 |
8.9.6 Specifying a Terminal Type |
139 |
8.9.7 Transmitting Serial Data |
139 |
8.9.8 Restoring Default Port Settings |
140 |
8.10 RS-485 Configuration |
140 |
8.10.1 Two-wire Mode |
141 |
8.10.2 Four-wire Mode |
142 |
8.10.2.1 TXDrive |
142 |
8.10.3 Termination |
143 |
8.10.4 RS-422 Networking |
143 |
8.11 Flow Control |
143 |
8.11.1 Hardware Flow Control |
143 |
8.11.2 Software Flow Control |
144 |
8.11.3 Setting Up Flow Control |
144 |
1 Set Appropriate Line/Serial Speeds |
144 |
2 Disable Autobaud |
144 |
3 Determine the Appropriate Flow Control Method |
144 |
4 Configure Flow Control |
145 |
8.12 Serial Signals |
145 |
8.12.1 DSR (Data Set Ready) |
146 |
8.12.1.1 DSR for Automatic Logouts |
146 |
8.12.1.2 DSR for Controlling Remote Logins |
146 |
8.12.2 DCD (Data Carrier Detect) |
146 |
8.12.3 DTR (Data Terminal Ready) |
147 |
8.13 Virtual Ports |
147 |
8.14 Modem Emulation |
148 |
9: Modems |
149 |
9.1 Setup and Wiring |
149 |
9.2 Modem Speeds |
150 |
9.2.1 Serial Speed |
150 |
9.2.2 Line Speed |
150 |
9.3 Modem Profiles |
150 |
9.3.1 Using a Profile |
151 |
9.3.2 Editing a Profile |
151 |
9.3.2.1 Examine the Profile |
152 |
9.3.2.2 Edit the Init String |
152 |
9.3.2.3 Edit Other Settings |
153 |
9.3.2.4 Enable Modem Control |
153 |
9.3.2.5 Initialize the Modem |
153 |
9.3.3 Profile Settings |
153 |
9.3.4 Profiles for Modems with External Switches |
156 |
9.4 Modem and SCS Interaction |
156 |
9.4.1 Initialization |
156 |
9.4.2 Outgoing Calls |
156 |
9.4.3 Incoming Calls |
157 |
9.4.4 When a Port is Logged Out |
157 |
9.4.5 Compression |
157 |
9.4.6 Error Correction |
158 |
9.4.7 Modem Security |
159 |
9.4.8 Autostart |
159 |
9.4.9 Dialback |
159 |
9.5 Terminal Adapters |
160 |
9.6 Caller-ID |
160 |
9.7 Examples |
161 |
9.7.1 Typical Modem Configuration |
161 |
9.7.2 Modem Configuration Using Generic Profile |
161 |
9.7.3 Editing Modem Strings |
163 |
9.8 Troubleshooting |
164 |
10: Modem Sharing |
166 |
10.1 Services |
166 |
10.1.1 Creating a Service |
166 |
10.1.2 Associating Ports with a Service |
166 |
10.1.3 Displaying Current Services |
167 |
10.2 Sharing Modems |
168 |
10.2.1 Configuring an IP Modem Pool Service |
168 |
10.2.2 Using the COM Port Redirector |
168 |
10.2.3 Connecting to a TCP Listener Service |
168 |
10.2.4 Connecting to a Serial Port |
169 |
10.2.5 Connecting to a Service or Port |
169 |
10.3 Examples |
169 |
10.3.1 Configuring the Redirector |
170 |
10.3.2 Configuring the PC Communications Software |
170 |
11: Security |
172 |
11.1 Incoming Authentication |
172 |
11.1.1 Character Mode Logins |
172 |
11.1.1.1 Login Password |
172 |
11.1.1.2 Username/Password Pair |
173 |
11.1.1.3 Local Password |
173 |
11.1.2 PPP Logins |
174 |
11.1.2.1 CHAP and PAP |
174 |
11.1.2.2 Comparing Username/Password to Authentication Databases |
174 |
11.1.2.3 Offering Authentication Information to the Incoming Caller |
174 |
11.1.3 SLIP Logins |
175 |
11.2 Outgoing Authentication |
175 |
11.2.1 Outgoing Character Mode Connections |
176 |
11.2.2 Outgoing PPP Connections |
176 |
11.2.3 Outgoing SLIP Connections |
176 |
11.3 Dialback |
176 |
11.3.1 The Dialback Process |
177 |
1 When a username is entered on a dialback port, the SCS determines if it should allow the connec... |
177 |
2 The SCS sends a command to the applicable serial port. The command contains the modem command p... |
177 |
3 The dial string should perform any special configuration required for the call, then dial the r... |
177 |
4 The SCS waits the length of the Carrier Wait setting for the DCD signal to go high, indicating ... |
177 |
5 The SCS waits 30 seconds for the user to enter a username when in Dialback mode. After 30 secon... |
177 |
11.3.2 Dialback from Character Mode |
177 |
1 Enable modem control using the Define Ports Modem Control Enabled command. |
177 |
2 Assign a modem type to the port using the Define Ports Modem Type command. |
177 |
3 Enable dialback using the Define Ports Dialback Enabled command. |
177 |
4 Configure how Dialback treats users who are not in the dialback database. |
177 |
5 Add users to the dialback database. |
177 |
11.3.3 Dialback from SLIP/PPP Mode |
178 |
11.3.4 Dialback Using CBCP |
178 |
11.3.5 Potential Dialback Drawbacks |
179 |
11.3.6 Port User Restrictions |
179 |
11.4 Database Configuration |
180 |
11.4.1 Local (NVR) Database |
180 |
11.4.1.1 Changing the Precedence |
181 |
11.4.1.2 Adding Username/Password Pairs |
181 |
11.4.1.3 Forcing Execution of Commands |
181 |
11.4.1.4 Permitting Users to Change Their Passwords |
181 |
11.4.1.5 Forcing Selection of a New Password |
182 |
11.4.1.6 Displaying the Local Database |
182 |
11.4.1.7 Purging the Local Database |
182 |
11.4.2 Kerberos |
182 |
11.4.2.1 Configuring Kerberos |
183 |
1 Ensure that the SCS clock is synchronized with the clock on the Kerberos server. The Kerberos a... |
183 |
2 Designate a precedence number for the Kerberos server. |
183 |
3 Configure the primary and secondary Kerberos server locations by IP address: |
183 |
4 Configure the realm. The realm is the name of the Kerberos administrative region that defines t... |
183 |
5 Configure the principle, instance, and authenticator that enable the Kerberos server to identif... |
183 |
6 Configure the Key Version Number (KVNO). The key version number ensures that the SCS and Kerber... |
184 |
11.4.3 RADIUS |
185 |
11.4.3.1 RADIUS Authentication |
185 |
1 A user connects to the SCS. The SCS prompt the user for a username and password, or CHAP/PAP au... |
185 |
2 The SCS creates an Access-Request packet that includes the username/password pair, an identific... |
185 |
3 The RADIUS authentication server decrypts the Access-Request packet and routes it to the approp... |
186 |
A If authentication is successful, the server sends an authentication acknowledgement (Access- Ac... |
186 |
B If authentication fails, the server sends an Access-Reject packet to the SCS. The SCS will move... |
186 |
C The server may be configured to send a challenge to the user after attempting to log in. If thi... |
186 |
11.4.3.2 RADIUS and Character Logins |
187 |
11.4.3.3 RADIUS and Sites |
187 |
11.4.3.4 RADIUS Accounting |
187 |
11.4.4 SecurID |
188 |
11.4.4.1 Configuring SecurID |
189 |
11.4.5 UNIX Password File |
190 |
11.5 User Restrictions |
190 |
11.5.1 Privileged Commands |
190 |
11.5.2 IP Address Restriction |
191 |
11.5.3 Controlling Use of Set PPP/SLIP Commands |
191 |
11.5.4 Securing a Port |
191 |
11.5.5 Locking a Port |
192 |
11.5.6 Forcing Execution of Commands |
192 |
11.5.7 Restricting Multiple Authenticated Logins |
192 |
11.6 Network Restrictions |
193 |
11.6.1 Incoming Telnet/Rlogin Connections |
193 |
11.6.2 Outgoing Rlogin Connections |
193 |
11.6.3 Limiting Port Access |
193 |
11.6.4 Disabling the FTP and HTTP Servers |
194 |
11.6.5 Packet Filters and Firewalls |
194 |
11.6.5.1 Filter Order |
195 |
11.6.5.2 Preventing All IP Traffic |
195 |
11.6.5.3 Setting Up a Filter List |
195 |
1 When a filter list is created, it must be assigned a name of no more than 12 characters. The re... |
196 |
2 A single filter list can be associated with many sites. Each site may use a filter list as an i... |
196 |
11.7 Event Logging |
196 |
11.7.1 Setting the Destination |
196 |
11.7.2 Logging Levels |
197 |
11.8 Examples |
199 |
11.8.1 Database Search Order |
199 |
11.8.2 Terminal User Forced to Execute Command |
199 |
11.8.3 Multiple-User Authentication |
200 |
11.8.4 Outgoing LAN to LAN Connection |
201 |
11.8.5 Creating a Firewall |
201 |
11.8.6 Dialback |
204 |
11.9 Troubleshooting |
204 |
12: Command Reference |
205 |
12.1 Command Descriptions |
205 |
12.2 About Strings |
206 |
12.3 Conventions Used in This Chapter |
206 |
12.4 Modem Commands |
207 |
12.4.1 Define Ports Modem Answer |
207 |
12.4.2 Define Ports Modem Attention |
208 |
12.4.3 Define Ports Modem Busy |
208 |
12.4.4 Define Ports Modem CallerID |
209 |
12.4.5 Define Ports Modem Carrierwait |
209 |
12.4.6 Define Ports Modem Commandprefix |
210 |
12.4.7 Define Ports Modem Compression |
210 |
12.4.8 Define Ports Modem Connected |
211 |
12.4.9 Define Ports Modem Control |
212 |
12.4.10 Define Ports Modem Dial |
212 |
12.4.11 Define Ports Modem Error |
213 |
12.4.12 Define Ports Modem Errorcorrection |
214 |
12.4.13 Define Ports Modem Getsetup |
214 |
12.4.14 Define Ports Modem Init |
215 |
12.4.15 Define Ports Modem Nocarrier |
216 |
12.4.16 Define Ports Modem Nodialtone |
216 |
12.4.17 Define Ports Modem OK |
217 |
12.4.18 Define Ports Modem Reset |
217 |
12.4.19 Define Ports Modem Ring |
218 |
12.4.20 Define Ports Modem Save |
218 |
12.4.21 Define Ports Modem Speaker |
219 |
12.4.22 Define Ports Modem Statistics |
219 |
12.4.23 Define Ports Modem Type |
220 |
12.4.24 Show/Monitor/List Modem |
220 |
12.5 IP/Network Commands |
222 |
12.5.1 Clear/Purge Hosts |
222 |
12.5.2 Clear/Purge IP Factory |
222 |
12.5.3 Clear/Purge IP NAT Table |
222 |
12.5.4 Clear/Purge IP Route |
223 |
12.5.5 Clear/Purge IP Security |
223 |
12.5.6 Clear/Purge IP Trusted |
224 |
12.5.7 Connect |
224 |
12.5.8 Disconnect |
226 |
12.5.9 Purge IP Ethernet |
226 |
12.5.10 Rlogin |
226 |
12.5.11 Send |
227 |
12.5.12 Set/Define 80211 |
228 |
12.5.12.1 Set/Define 80211 Enabled |
228 |
12.5.12.2 Set/Define 80211 Antenna |
228 |
12.5.12.3 Set/Define 80211 Authentication |
229 |
12.5.12.4 Set/Define 80211 Channel |
230 |
12.5.12.5 Set/Define 80211 ESSID |
231 |
12.5.12.6 Set/Define 80211 Fragmentation |
232 |
12.5.12.7 Set/Define 80211 MAC Address |
232 |
12.5.12.8 Set/Define 80211 Network Mode |
233 |
12.5.12.9 Set/Define 80211 Power |
234 |
12.5.12.10 Set/Define 80211 Region |
234 |
12.5.12.11 Set 80211 Reset |
235 |
12.5.12.12 Set/Define 80211 RTS |
236 |
12.5.12.13 Set/Define 80211 WEP |
236 |
12.5.13 Set/Define Hosts |
238 |
12.5.14 Set/Define IP All/Ethernet |
239 |
12.5.15 Set/Define IP Create |
241 |
12.5.16 Set/Define IP Domain |
242 |
12.5.17 Set/Define IP Ethernet |
242 |
12.5.18 Set/Define IP Host Limit |
242 |
12.5.19 Set/Define IP IPaddress |
243 |
12.5.20 Set/Define IP Loadhost |
243 |
12.5.21 Set/Define IP Nameserver |
243 |
12.5.22 Set/Define IP NAT |
244 |
12.5.23 Set/Define IP NAT Table |
245 |
12.5.24 Set/Define IP NBNS |
245 |
12.5.25 Set/Define IP Route |
246 |
12.5.26 Set/Define IP Routing |
247 |
12.5.27 Set/Define IP Security |
247 |
12.5.28 Set/Define IP Subnet |
249 |
12.5.29 Set/Define IP TCP Keepalive |
249 |
12.5.30 Set/Define IP Timeserver |
250 |
12.5.31 Set/Define IP Trusted |
251 |
12.5.32 Set/Define IP Trusted |
251 |
12.5.33 Show IP Counters |
252 |
12.5.34 Show/Monitor/List Hosts |
252 |
12.5.35 Show/Monitor/List IP |
253 |
12.5.36 SSH |
255 |
12.5.37 Telnet |
255 |
12.6 Port Commands |
256 |
12.6.1 List Email |
256 |
12.6.2 Lock |
256 |
12.6.3 Logout Port |
257 |
12.6.4 Purge Port |
257 |
12.6.5 Purge Email |
258 |
12.6.6 Resume |
258 |
12.6.7 Set Noprivileged |
258 |
12.6.8 Snoop Port |
259 |
12.6.9 Define Email |
259 |
12.6.10 Set/Define Ports Access |
261 |
12.6.11 Set/Define Ports Authenticate |
262 |
12.6.12 Set/Define Ports Autobaud |
262 |
12.6.13 Set/Define Ports Autoconnect |
263 |
12.6.14 Set/Define Ports Autostart |
264 |
12.6.15 Set/Define Ports Backward Switch |
265 |
12.6.16 Set/Define Ports Break |
266 |
12.6.17 Define Ports Backspace |
267 |
12.6.18 Set/Define Ports Broadcast |
268 |
12.6.19 Set/Define Ports Character Size |
268 |
12.6.20 Set/Define Ports Command Completion |
269 |
12.6.21 Set/Define Ports Datasend |
270 |
12.6.22 Define Ports Dedicated |
272 |
12.6.23 Define Ports Dialback |
274 |
12.6.24 Set/Define Ports DSRLogout |
274 |
12.6.25 Set/Define Ports DTRWait |
275 |
12.6.26 Define Ports Event Email Serialdata |
275 |
12.6.27 Set/Define Ports Flow Control |
276 |
12.6.28 Set/Define Ports Forward Switch |
277 |
12.6.29 Set/Define Ports Inactivity Logout |
278 |
12.6.30 Set/Define Ports Local Switch |
278 |
12.6.31 Set/Define Ports Loss Notification |
279 |
12.6.32 Set/Define Ports Menu |
280 |
12.6.33 Set/Define Ports Modem Emulation |
280 |
12.6.34 Set/Define Ports Name |
281 |
12.6.35 Set/Define Ports Parity |
281 |
12.6.36 Set/Define Ports Password |
282 |
12.6.37 Set/Define Ports PocketPC |
283 |
12.6.38 Set/Define Ports Preferred |
283 |
12.6.39 Define Ports PPP |
285 |
12.6.40 Define Ports PPPdetect |
288 |
12.6.41 Set/Define Ports Printer |
288 |
12.6.42 Set/Define Ports Security |
289 |
12.6.43 Set/Define Ports Serial Log |
289 |
12.6.44 Set/Define Ports Session Limit |
290 |
12.6.45 Set/Define Ports Signal Check |
290 |
12.6.46 Define Ports SLIP |
291 |
12.6.47 Set/Define Ports SLIPdetect |
292 |
12.6.48 Set/Define Ports Speed |
292 |
12.6.49 Set/Define Ports Stop |
293 |
12.6.50 Set/Define Ports Telnet Pad |
293 |
12.6.51 Set/Define Ports TermType |
294 |
12.6.52 Set/Define Ports Type |
294 |
12.6.53 Set/Define Ports Username |
295 |
12.6.54 Set/Define Ports Verification |
296 |
12.6.55 Set Privileged/Noprivileged |
296 |
12.6.56 Define Protocols RS485 |
297 |
12.6.57 Set Session |
298 |
12.6.58 Set PPP |
299 |
12.6.59 Set SLIP |
300 |
12.6.60 Show/Monitor/List Ports |
300 |
12.6.61 Show RS485 |
302 |
12.6.62 Show/Monitor Sessions |
302 |
12.6.63 Test Port |
303 |
12.6.64 Unlock Port |
304 |
12.7 Service Commands |
305 |
12.7.1 Clear/Purge Service |
305 |
12.7.2 Remove Queue |
305 |
12.7.3 Set/Define Service |
306 |
12.7.4 Set/Define Service Banner |
307 |
12.7.5 Set/Define Service Binary |
307 |
12.7.6 Set/Define Service EOJ |
307 |
12.7.7 Set/Define Service Formfeed |
308 |
12.7.8 Set/Define Service Identification |
308 |
12.7.9 Set/Define Service Password |
309 |
12.7.10 Set/Define Service Ports |
309 |
12.7.11 Set/Define Service Postscript |
310 |
12.7.12 Set/Define Service PSConvert |
310 |
12.7.13 Set/Define Service RTEL |
310 |
12.7.14 Set/Define Service SOJ |
311 |
12.7.15 Set/Define Service TCPport |
311 |
12.7.16 Set/Define Service Telnetport |
312 |
12.7.17 Show/Monitor/List Services |
312 |
12.8 Server Commands |
315 |
12.8.1 Clear/Purge Menu |
315 |
12.8.2 Initialize Server |
315 |
12.8.3 Set/Define Menu |
316 |
12.8.4 Set/Define Protocol FTP |
318 |
12.8.5 Set/Define Protocol HTTP |
318 |
12.8.6 Set/Define Protocol SSH Mode |
318 |
12.8.7 Set/Define Server Altprompt |
319 |
12.8.8 Set/Define Server BOOTP |
319 |
12.8.9 Set/Define Server BOOTGATEWAY |
320 |
12.8.10 Set/Define Server Broadcast |
320 |
12.8.11 Set/Define Server Buffering |
320 |
12.8.12 Set/Define Server Clock |
321 |
12.8.13 Set/Define Server DHCP |
321 |
12.8.14 Set/Define Server Host Limit |
322 |
12.8.15 Set/Define Server Inactivity |
322 |
12.8.16 Set/Define Server Incoming |
323 |
12.8.17 Set/Define Server Loadhost |
324 |
12.8.18 Set/Define Server Lock |
324 |
12.8.19 Set/Define Server Login Password |
325 |
12.8.20 Set/Define Server Name |
325 |
12.8.21 Set/Define Server Nameserver |
326 |
12.8.22 Set/Define Server Password Limit |
326 |
12.8.23 Set/Define Server Privileged Password |
327 |
12.8.24 Set/Define Server Prompt |
327 |
12.8.25 Set/Define Server RARP |
329 |
12.8.26 Set/Define Server Retransmit Limit |
329 |
12.8.27 Set/Define Server Rlogin |
329 |
12.8.28 Set/Define Server Session Limit |
330 |
12.8.29 Set/Define Server Silentboot |
330 |
12.8.30 Set/Define Server Software |
330 |
12.8.31 Set/Define Server Startupfile |
331 |
12.8.32 Set/Define Server Timezone |
332 |
12.8.33 Show/Monitor/List Menu |
333 |
12.8.34 Show/Monitor/List Server |
333 |
12.8.35 Show/Monitor/List Timezone |
335 |
12.8.36 Show/Monitor Users |
335 |
12.8.37 Source |
335 |
12.9 Site Commands |
336 |
12.9.1 Define Site |
336 |
12.9.2 Define Site Authentication |
336 |
12.9.3 Define Site Bandwidth |
338 |
12.9.4 Define Site Chat |
340 |
12.9.5 Define Site Dial on Hangup |
342 |
12.9.6 Define Site Filter |
342 |
12.9.7 Define Site Idle |
343 |
12.9.8 Define Site IP |
344 |
12.9.9 Define Site MTU |
346 |
12.9.10 Define Site Permanent |
347 |
12.9.11 Define Site Port |
347 |
12.9.12 Define Site Protocol |
349 |
12.9.13 Define Site Telephone |
349 |
12.9.14 Define Site Time |
350 |
12.9.15 Logout Site |
352 |
12.9.16 Purge Site |
352 |
12.9.17 Show/Monitor/List Sites |
353 |
12.9.18 Test Site |
354 |
12.10 Security Commands |
355 |
12.10.1 Clear/Purge Authentication |
355 |
12.10.2 Clear/Purge Dialback |
356 |
12.10.3 Clear/Purge Filter |
356 |
12.10.4 Clear/Purge SNMP |
357 |
12.10.5 Set/Define Authentication |
357 |
12.10.6 Set/Define Authentication Kerberos |
358 |
12.10.7 Set/Define Authentication Local |
360 |
12.10.8 Set/Define Authentication RADIUS |
361 |
12.10.9 Set/Define Authentication SecurID |
363 |
12.10.10 Set/Define Authentication Strictfail |
365 |
12.10.11 Set/Define Authentication TFTP |
366 |
12.10.12 Set/Define Authentication Unique |
367 |
12.10.13 Set/Define Authentication User |
367 |
12.10.14 Set/Define Dialback |
369 |
12.10.15 Set/Define Filter |
370 |
12.10.16 Set/Define Filter Any |
371 |
12.10.17 Set/Define Filter Generic |
372 |
12.10.18 Set/Define Filter IP |
373 |
12.10.19 Set/Define FTP |
376 |
12.10.20 Set/Define HTTP |
376 |
12.10.21 Set/Define Logging |
376 |
12.10.22 Set/Define Password |
380 |
12.10.23 Set/Define Server Incoming Secure |
380 |
12.10.24 Set/Define SNMP |
381 |
12.10.25 Show/Monitor/List Authentication |
381 |
12.10.26 Show/Monitor/List Dialback |
382 |
12.10.27 Show/Monitor/List Filter |
382 |
12.10.28 Show/Monitor/List Logging |
383 |
12.10.29 Show/Monitor/List SNMP |
383 |
12.10.30 PC Card Commands |
383 |
12.10.31 Show PCCard |
383 |
12.11 Navigation/Help Commands |
384 |
12.11.1 Apropos |
384 |
12.11.2 Backwards |
384 |
12.11.3 Broadcast |
384 |
12.11.4 Cls |
385 |
12.11.5 Disk |
386 |
12.11.6 Finger |
390 |
12.11.7 Forwards |
390 |
12.11.8 Help |
391 |
12.11.9 Monitor |
391 |
12.11.10 Netstat |
391 |
12.11.11 Ping |
392 |
12.11.12 Resolve |
392 |
12.11.13 Save |
393 |
12.11.14 Show/Monitor Queue |
394 |
12.11.15 Show Version |
395 |
12.11.16 Zero Counters |
396 |
A: Environment Strings |
397 |
A.1 Usage |
397 |
A.1.1 Multiple Strings |
397 |
A.2 Available Strings |
397 |
A.2.1 Usage Examples |
397 |
A.2.1.1 nnnn |
398 |
A.2.1.2 +C and -C |
398 |
A.2.1.3 +D and -D |
398 |
A.2.1.4 +E and -E |
398 |
A.2.1.5 +P and -P |
398 |
A.2.1.6 R |
398 |
A.2.1.7 S |
398 |
A.2.1.8 T |
398 |
B: Show 802.11 Errors |
399 |
B.1 Introduction |
399 |
B.2 Error Bits |
399 |
B.2.1 Leftmost Number |
399 |
B.2.2 Rightmost Number |
401 |
C: SNMP Support |
404 |
C.1 Support |
404 |
C.2 Security |
404 |
D: Supported RADIUS Attributes |
406 |
D.1 Authentication Attributes |
406 |
D.1.1 Access-Request |
406 |
D.1.2 Access-Accept |
407 |
D.1.2.1 Framed-IP-Address |
408 |
D.1.2.2 Filter-ID |
408 |
D.1.2.3 Login-IP-Host |
408 |
D.2 Accounting Attributes |
409 |
D.3 Examples |
410 |
D.3.1 Configuring Authenticated PPP Connections |
410 |
D.3.2 Forcing a Telnet Connection to Preferred Host |
411 |
D.3.3 Forcing a Telnet Connection to a Specific Port |
411 |
D.3.4 Preventing RADIUS Authentication |
411 |