[Top] [Table Of Contents] [Prev] [Next] [Index]
5 out of 21 total pages
 

Configuring Global Settings   2

  This chapter describes how to configure settings that the PortMaster 4 uses across all its ports and interfaces.
  This chapter discusses the following topics:
  See the PortMaster 4 Command Line Reference for more detailed command descriptions and instructions.
  You can also configure the PortMaster 4 using the PMVision application for Microsoft Windows, UNIX, and other platforms supporting the Java Virtual Machine (JVM). PMVision replaces the PMconsole interface to ComOS.
 

       Setting the View

  You configure global settings from the manager view. If you are not already in slot 4 (the default), use the following command to set the view to slot 4:

  Command 3> set view 4
View changed form 3 to 4
Command>

 

       Configuring Name Resolution

  You can use either a network name service or the host table on the PortMaster 4 to map hostnames to IP addresses.
 

       Using the Host Table

  Each host attached to an IP network is assigned a unique IP address. Every PortMaster supports a local host table to map hostnames to IP addresses. If your network lacks a computer that can perform hostname resolution, the PortMaster allows entries in a local host table. Hostnames are used by the PortMaster only for your convenience when using the command line interface, or if you require users to enter hostnames at the host prompt.
  To avoid confusion and reduce administrative overhead, Lucent recommends using the Domain Name System (DNS) or Network Information Service (NIS) for hostname resolution rather than the local host table. The PortMaster always checks the local host table before using DNS or NIS. For information on setting the NIS or DNS name service, refer to "Setting the Name Service."
 

       Setting the Name Service

  The PortMaster can work with network name services such as the Network Information Service (NIS) or the Domain Name System (DNS). Appendix A, "Networking Concepts," describes these name services. You must explicitly identify any name service used on your network.
  The PortMaster stores all information by address rather than name. As a result, configuring the name server is useful only if you are using the command line interface for administration or if you prompt a login user for a host. If you are not using either of these features, you do not need to set the name service.
  To set the name service, use the following command:

  Command> set  namesvc  dns |nis 

  Once the name service is set, you must set the address of your NIS or DNS name server and enter the domain name of your network. See "Setting the Name Server" for instructions.
 

       Setting the Name Server

  The PortMaster supports RFC 1877, which allows remote hosts also supporting RFC 1877 to learn a name server through PPP negotiation. You must provide the IP address of the name server if you use a name service.
  You must set a name service before you set a name server. See "Setting the Name Service." If you are not using a name service, you do not need a name server.
  To set the name server, use the following command:

  Command> set  nameserver  Ipaddress

  You can set an alternate name server with the following command:

  Command> set  nameserver  Ipaddress

  You must set a domain name for your network after you set a name server. See "Setting the Domain Name."
  You can disable the use of a name service by setting the name server's IP address to 0.0.0.0.
 

       Setting the Domain Name

  The domain name is used for hostname resolution. If you are using DNS or NIS, you must set a domain name for your network.
  To set the domain name of your network, use the following command:

  Command> set  domain  String

 

       Setting the Telnet Port

  The Telnet access port can be set to any number between 0 and 65535. The Telnet port enables you to access and maintain the PortMaster using a Telnet connection to this TCP port. If 0 (zero) is used, Telnet administration is disabled. The default value is 23. Ports numbered 10000 through 10100 are reserved and should not be used for this function. Up to four administrative Telnet sessions at a time can be active.
  To set the Telnet access port to port number Tport, use the following command:

  Command> set  telnet  Tport

 

       Using the Telnet Port as a Console Port

  If the console port is set from a Telnet session, the current connection becomes the console. This feature is useful for administrators who log in to a port using Telnet and need to access the console for debugging purposes.

  Note ¯ Only one Telnet session can receive console messages at a time.

  To set the current Telnet access port as a console port, enter the following command:

  Command> set  console 

 

       Setting Management Application Connections

  PMVision, ChoiceNet, and the ComOS utilities pmdial, pmcommand , pminstall , pmreadconf , pmreadpass , and pmreset  all use port 1643. For more than one of these applications to connect at the same time, you must set the maximum number of connections to two or more. The maximum is 10 connections.
  If you use ChoiceNet to download filters dynamically, be sure to set the maximum number of connections to 10.
  To set the maximum number of concurrent connections for management applications into the PortMaster, use the following command:

  Command> set  maximum  pmconsole  Number

 

       Setting System Logging

  PortMaster products enable you to log authentication information to a system log file for network accounting purposes.
 

       Setting the Loghost

  To set the IP address of the loghost--the host to which the PortMaster sends syslog  messages--use the following command:

  Command> set  loghost  Ipaddress

  Note ¯ Do not set a loghost at a location configured for on-demand connections, because doing so keeps the connection up or brings up the connection each time a syslog  message is queued for the syslog host .

  Setting the loghost's IP address to 0.0.0.0 disables syslog  on the PortMaster. This change requires a reboot to become effective.
  RADIUS accounting provides a more complete method for logging usage information. Refer to the RADIUS for Windows NT Administrator's Guide and RADIUS for UNIX Administrator's Guide for more information on accounting.
 

       Disabling and Redirecting Syslog Messages

  By default, the PortMaster logs five types of events at the informational (info ) priority level using the authorization (auth ) facility on the loghost. You can disable logging of one or more types of events and change the facility and/or priority of log messages.
  To disable logging of a type of event, use the following command:

  Command> set  syslog  Logtype disabled 

  Use the Logtype keyword described in Table 2-1 to identify the type of event you want to disable--or enable again.

  Table 2-1 Logtype Keywords 

 
  Logtype Keyword    Description 
 admin-logins   !root  and administrative logins.
 user-logins   Nonadministrative logins; you might want to disable this logtype if you are using RADIUS accounting.
 packet-filters   Packets that match rules with the log  keyword.
 commands   Every command entered at the command line interface.
 termination   More detailed information on how user sessions terminate.
  You can change the facility, the priority, or both, of log messages.
  To change the facility or priority of log messages, use the following command. Be sure to separate the Facility and Priority keywords with a period (.).

  Command> set  syslog  Logtype FacilityPriority

  The facility and priority can be set for each of the five types of logged events listed in Table 2-1.
  Table 2-2 and Table 2-3 show the keywords used to identify facilities and priorities. Lucent recommends that you use the auth  facility or the local0  through local7  facilities to receive syslog  messages from PortMaster products, but all the facilities are provided. See your operating system documentation for information on configuring syslog  on your host.

  Table 2-2 Syslog Facility Keywords 

 
  Facility    Facility Number    Facility    Facility Number 
 kern   0  cron   15
 user   1  local0   16
 mail   2  local1   17
 daemon   3  local2   18
 auth   4  local3   19
 syslog   5  local4   20
 lpr   6  local5   21
 news   7  local6   22
 uucp   8  local7   23

  Table 2-3 Syslog Priority Keywords 

 
  Priority    Number    Typically Used For 
 emerg   0  Messages indicating the system is unusable
 alert   1  Messages announcing action that must be taken immediately
 crit   2  Critical messages
 err   3  Error messages
 warning   4  Warning messages
 notice   5  Normal but significant messages
 info   6  Informational messages
 debug   7  Debug-level messages
  To determine current syslog  settings, enter the following command:

  Command> show syslog 

 

       Setting Administrative Logins to Serial Ports

  When you log in using !root ,  administrative logins to the serial ports are enabled by default. You can enable or disable administrative logins them by using the following command:

  Command> set  serial-admin  on |off 

  If administrative login is disabled, you can still use port C0 by setting the console (bottom) DIP switch to the left (on) position.
 

       Setting the Chassis

  When you use the PortMaster 4 as an AnyMediaTM MultiService Module (MSM), you must specify the chassis type for PMVision to be able to display it. Use the following command to set the PortMaster 4 as an MSM:

  Command> set chassis msm-rac

  Use the save all  command to save changes to nonvolatile RAM. The chassis is identified as a PortMaster 4 by default.
 

       Configuring Local IP Addresses

  The PortMaster 4 supports up to four internal routable IP addresses, which the PortMaster advertises as host routes through RIP-2 and the Open Shortest Path First (OSPF) routing protocol. When you configure a local IP address, it becomes the PortMaster global address for network handles such as RADIUS, the Domain Name System (DNS), SNMP, the intermachine trunk (IMT), and bootp . By referencing an IP address instead of an interface, you do not lose the service if the interface goes down.
  With the local IP address feature, you can specify the Ethernet interface the PortMaster uses as the default service address. For example, if RADIUS and the Signaling System 7 (SS7) gateway are on a private network range attached to Ether0, you can use the Ether0 address as the first local IP address.
 

       IPCP Negotiation

  During PPP negotiations for the IP Control Protocol (IPCP), the PortMaster 4 uses the following order of precedence when choosing an IP address to identify itself:

  1. The Local IP address configured in the user profile, if set

  2. The global reported IP address, if set

  3. The first global local IP address, if set

  4. The second global local IP address, if set

  5. The third global local IP address, if set

  6. The fourth global local IP address, if set

  7. The IP address of Ether1

  8. The IP address of Ether0

 

       Main IP Address

  When the PortMaster creates an IP packet, it must identify itself by placing a source address in the IP header. To do so, the PortMaster chooses either the main IP address or the nearest IP address, depending on the service used. The main IP address is chosen in the following order, but the nearest IP address is the IP address of the interface on which the packet exits the PortMaster 4:

  1. The first global local IP address, if set

  2. The second global local IP address, if set

  3. The third global local IP address, if set

  4. The fourth global local IP address, if set

  5. The IP address of Ether1

  6. The IP address of Ether0

  The following services use the main IP address:
  The following services use the nearest IP address:
  The global local IP address settings can be displayed with the show global  and show routes  commands.
 

       Setting the Local IP Address

  To assign the PortMaster 4 IP addresses that are not limited by network interfaces, use the following command:

  Command> set local-ip-address [|||] Ipaddress

  For example, to set the local IP address to 10.112.34.17, enter the following command:

  Command> set local-ip-address 10.112.34.17
Local IP Address (1) changed from 0.0.0.0 to 10.112.34.17

  To set 192.168.54.6 as the second local IP address on the same PortMaster, enter the following:

  Command> set local-ip-address 2 192.168.54.6
Local IP Address (2) changed from 0.0.0.0 to 192.168.54.6

  Use the show global  command to view local IP addresses.
 

       Configuring an IP Address Pool

  You can dynamically assign IP addresses to PPP or SLIP dial-in users. By assigning addresses as needed from a pool, the PortMaster requires fewer addresses than if each user is assigned a specific address. When a dial-in connection is closed, the address goes back into the pool and can be reused.
  When creating an address pool, you explicitly identify the first address in the sequence of addresses available for temporary assignment. The PortMaster allocates one address in the pool of addresses for each port configured for network dial-in.
  To set the value of the first IP address to assign for dial-in ports, use the following command:

  Command> set  assigned_address  Ipaddress

  The default number of addresses available for the address pool is equal to the number of ports configured for network dial-in. The address pool size is determined during the boot process. You can also set the number of IP addresses assigned to the pool with the set  pool  command.
  To limit the size of the IP address pool, use the following command:

  Command> set  pool  Number

  Note ¯ If you decrease the number of addresses in the pool, you must reboot the PortMaster for the change to take effect.

 

       Setting the Reported IP Address

  Some sites require a number of different PortMaster devices to appear as a single IP address to other networks. You can set a reported address different from the Ether0 or Ether1 address. For PPP connections, this address is reported to the outside and placed in the PPP startup message during PPP negotiation. For SLIP connections, this address is reported and placed in the SLIP startup message during SLIP startup.
  To set a reported IP address, use the following command:

  Command> set  reported_ip  Ipaddress

 

       Configuring Named IP Pools

  With the IP pool feature, you can set up multiple dynamically assigned address pools on the PortMaster. Each IP pool contains four elements.
  The named IP pools feature introduces a new RADIUS attribute (193) that takes a string corresponding to a name in the IP pool table. You must configure a user profile for named IP pools through RADIUS. The PortMaster does not support IP pools in the local user table.
  This section describes how to set up named IP pools and includes the following topics:
 

       How PortMaster Address Assignment Works

  The order of priority for address assignment is as follows for a user dialing in and expecting to receive an address from an assigned pool:

  1. If a named IP pool is configured in the pool table and  the RADIUS user profile has the IP-Pool-Name attribute configured for the user, the PortMaster assigns an address from the named IP pool.

  2. If the IP-Pool-Name attribute is not configured in the RADIUS user profile and  an address range is configured for the Quad T1 or Tri E1 board that the user comes in on, the PortMaster assigns the user an address from the address range configured for the Quad T1 or Tri E1 board.

  3. If the IP-Pool-Name attribute is not configured in the RADUS user profile and  the Quad T1 or Tri E1 board's assigned range is set to 0.0.0.0, and  a default IP pool is configured in the pool table, the PortMaster assigns the user an address from the address range specified for the default IP pool.

 

       Displaying Named IP Pool Information

  Use the show table ippool  command to display IP pool configuration information. For example, to display the configuration for an entire IP pool and to view all entries, enter the following command:

  Command> show table ippool
Name: livermore Default Gateway: 10.23.45.56
Address/netmask Gateway
------------------ -----------------
192.168.1.0/29 0.0.0.0
192.168.2.253/30 0.0.0.0
192.168.3.50/25 0.0.0.0
10.4.5.0/24 192.168.222.3

  Refer to your RADIUS documentation for information about modifying a RADIUS dictionary.
 

       Creating Named IP Pools

  To add a named IP pool to the pool table, use the following command:

  Command> add ippool Name

  An IP pool name can contain up to 31 characters. There is no limit to the number of IP pool entries you can configure. When you add a named IP pool to the pool table on the PortMaster, you must also add the IP-Pool-Name attribute to the RADIUS user profile. (See "Setting Named IP Pools in RADIUS" on page 2-13.) If you do not want to configure a RADIUS user profile, you can create a default IP pool. (See "Creating a Default IP Pool.")
 

       Creating a Default IP Pool

  When you configure a named IP pool, you must also add the IP-Pool-Name attribute to the RADIUS user profile. If you do not want to configure a RADIUS user profile with a named IP pool, you can create a default IP pool. When you create a default IP pool, a user dialing in receives an address from the address range specified in the default IP pool, unless you also have an IP address range configured on the Quad T1 or Tri E1 board the user comes in on.
  To add a default IP pool to the pool table, enter the following command:

  Command> add ippool default

 

       Resetting the IP Pool

  Whenever you make changes to the IP pool table, you must reset the pool for the changes to take effect.

  Command> reset ippool

  Resetting the IP pool causes the PortMaster to convert address ranges into summarized routes for propagation through the routing protocols.

  Note ¯ After you issue the reset ippool  command, the routing protocols can take a short while to replace the old routes.

 
 

       Deleting Named IP Pools

  To remove an address range from a named IP pool, or to remove the IP pool entirely, use the following command:

  Command> delete ippool Name address-range Ipaddress|all

  For example, to delete an IP pool named livermore with the address range 192.168.1.0, enter the following command:

  Command> delete ippool livermore address-range 192.168.1.0
Range 192.168.1.0 in livermore successfully deleted

  To remove the entire IP pool entry, for example, livermore, enter the following command:

  Command> delete ippool livermore all
Pool livermore successfully deleted

  Remember to enter the reset ippool  command to make the changes take effect.
 

       Setting Address Ranges

  The PortMaster assigns addresses to users from address ranges that you set for named IP pools with the following command:

  Command> set ippool Name Ipaddress/NM|Ipaddress Netmask [Gateway]

  You can specify up to eight address ranges for each IP pool. When you specify multiple ranges, the earlier ranges are preferred over later ranges.
  As the syntax of the set ippool  command indicates, an address range must have a netmask associated with it. The address-netmask pair can be expressed as a dotted decimal base IP address followed by a mask number between 1 and 30 (for example, 192.168.1.0/24), or by the older dot-separated netmask notation (for example, 192.168.1.0 255.255.255.0). Because the first and last addresses in a range are used for the network and for broadcast and are not assigned, netmasks of /31 and /32 (255.255.255.254 and 255.255.255.255) are not valid.
  For example, to assign a range of 254 address to an IP pool named livermore, enter the following command:

  Command> set ippool livermore address-range 192.168.1.0/24
Range 192.168.1.0/24 256 with gateway 0.0.0.0 add to livermore

  Although the output to this command indicates a range size of 256 address as specified by the /24 netmask, only 254 of these addresses are available to be assigned to users. The first and last addresses are not assigned. The base (second) address in the range is incremented as addresses are assigned. Remember to enter the reset ippool  command whenever you make changes to the IP pool.
  This same address range can be expressed using the dot-separated netmask notation as follows:

  Command> set ippool livermore address-range 192.168.1.0 255.255.255.0
Range 192.168.1.0/24 256 with gateway 0.0.0.0 add to livermore

  As the syntax of the set ippool  command indicates, you can optionally assign a default gateway address to an address range. For example, to set 10.34.56.78 as the default gateway for IP pool livermore with address range 192.168.1.0/24, enter the following command:

  Command> set ippool livermore address-range 192.168.1.0/24 10.34.56.78
Range 192.168.1.0/24 256 with gateway 10.34.56.78 add to livermore

  Always reset the pool when you make changes to the named IP pool.

  Command> reset ippool

  The default gateway functions as a crossbar IP address. See the PortMaster 4 Command Line Reference for details about how to configure crossbar IP address for an interface, user, or location.
  When a packet comes in from a user whose address includes an assigned gateway, the PortMaster does not consult the forwarding table but forwards the packet to the gateway address. If a gateway address is not assigned to a range, the range uses the default gateway address of the IP pool. If the IP pool is not assigned a default gateway address, no crossbar IP address is used and the PortMaster consults the forwarding table.
 

       Setting a Named IP Pool Gateway

  Use the following command to set a default gateway for the entire named IP pool:

  Command> set ippool Name default-gateway Gateway

  Always reset the pool when you make changes to the named IP pool.

  Command> reset ippool

  When a packet comes in from a user whose address includes an assigned gateway, the PortMaster does not consult the forwarding table but forwards the packet to the gateway address. If a gateway address is not assigned to a range, the range uses the default gateway address of the IP pool. If the IP pool is not assigned a default gateway address, no crossbar IP address is used and the PortMaster consults the forwarding table.
  The default gateway functions as a crossbar IP address. See the PortMaster 4 Command Line Reference for details about how to configure crossbar IP for an interface, user, or location.
 

       Setting Named IP Pools in RADIUS

  You must modify the RADIUS dictionary to enable named IP pools. You cannot configure the local user table on the PortMaster for named IP pools. To enable named IP pools, add the following line to the RADIUS dictionary:

  ATTRIBUTE Ip-Pool-Name 193 string

  The following example shows a RADIUS user profile using an IP pool named livermore:

  homers Password = "kwyjibo"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Ip-Pool-Name = livermore

 

       Setting the Dynamic Host Control Protocol (DHCP) Server

  The set dhcp server  command supports the Cable Modem Telephone Return Interface Specification (CMTRIS) developed by the Multimedia Cable Network System (MCNS) Partners Limited. The CMTRIS solves the problem of limited upstream bandwidth in a cable modem system by providing for the use of a standard telephone interface for upstream traffic. Downstream traffic travels on the coaxial cable.
  The specification requires that a cable modem be able to use the telephone interface to request and receive the cable interface address and configuration information via a dynamic host control protocol (DHCP) request.
  Use the following command to configure the PortMaster 4 to forward a DHCP request from a cable modem to the DHCP server:

  Command> set dhcp server address

  Note ¯ ComOS does not support DHCP requests over Ethernet--nor requests from a PortMaster 2Ei or a PortMaster ISDN Office Router (OR-U) used for dial-up.

 

       How the Cable Modem Telephone Return System Works

  After you set the IP address of the DHCP server on the PortMaster 4, the cable modem dynamically configures itself so that all subsequent data travels upstream via the telephone interface, and downstream on the coaxial cable.
  Figure 2-1, using sample IP addresses, illustrates the series of events that begin upon startup and culminate in the dynamic configuration of the cable modem.

  Figure 2-1 Cable Modem Telephone Return Interface Startup

  1. Using the telephone interface, the cable modem dials the PortMaster 4 and establishes a PPP connection. The PortMaster 4 assigns IP address 192.168.33.10 to the telephone interface of the cable modem.

  2. Using the telephone interface, the cable modem broadcasts a DHCP request. The destination of the request is 255.255.255.255 and the source is 192.168.33.10.

  3. The PortMaster 4 forwards the request to the DHCP server by substituting the IP address of the DHCP server (10.66.98.96) for the broadcast destination address.

  4. The DHCP server responds with configuration information for the cable modem and an IP address (172.16.98.67) for the coaxial cable interface on the cable modem.

  5. Using the configuration information received from the DHCP server, the cable modem dynamically assigns 172.16.98.67 to the cable interface, and configures the cable modem so that upstream IP packets leave the cable modem via the telephone interface with the IP address of the cable interface (172.16.98.67) as the source address. Because packets now carry the source address of the cable interface, response to these packets travels via the coaxial cable.

  ComOS does not add routes to its table when forwarding or returning DHCP requests. It transparently forwards and returns DHCP requests from dial-in clients to the specified server.
  To view DHCP relaying information, use the set consol e command followed by the set debug 0x81  command. See the PortMaster Troubleshooting Guide for debugging information.
  To disable DHCP reply information, enter the following command:

  Command> set dhcp server 0.0.0.0.

  The PortMaster 4 does not forward packets to the address 255.255.255.255.
 

       Displaying the Routing Table

  Use the following command to display the IP routing table entries:

  Command> show  routes [ StringPrefix/NM

  You can replace String with ospf  or bgp  to display only OSPF or BGP routes. Replacing Prefix/NM with an IP address prefix and netmask displays only routes to that destination. Enter the IP address prefix in dotted decimal format and the netmask as a number from 1 to 32, preceded by a slash--for example, /24. The netmask indicates the number of high-order bits in the IP prefix.
  To display the IPX routing table entries, enter the following command:

  Command> show  ipxroutes 

  Note ¯ The PortMaster 4 supports the IPX protocol when running ComOS 4.1 or later. IPX is not supported in ComOS 4.0.

  The routes appear in the following order:

  1. Default route

  2. Host routes

  3. Network routes

  4. Expired routes that are no longer being advertised

 

       Setting Static Routes

  Static routes provide routing information unavailable from the Routing Information Protocol (RIP), Open Shortest Path First (OSPF) protocol, or Border Gateway Protocol (BGP). RIP, OSPF, or BGP might not be running for one of the following two reasons.
  Separate static routes tables are maintained for IP and for IPX, which you display with the show routes  and show ipxroutes  commands.
  You construct a static route table manually on a PortMaster by adding and deleting static routes as described in the following sections. Refer to the PortMaster Routing Guide for information about routing and static routes.
 

       Adding and Deleting a Static Route for IP

  A static route for IP contains the following items:
  Use the following commands to add a static route for IP:

  Command> add route  Ipaddress[NM] Ipaddress(gw) Metric
Command> save all 

  Use the following commands to delete a static route for IP:

  Command> delete route  Ipaddress[NM] Ipaddress(gw)
Command> save all 

  You can delete only static routes.
 

       Adding and Deleting a Static Route for IPX

  A static route for IPX contains the following items:
  Use the following commands to add a static route for IPX:

  Command> add route  Ipxnetwork Ipxaddress Metric Ticks
Command> save all 

  Use the following commands to delete a static route for IPX:

  Command> delete route  Ipxnetwork Ipxaddress
Command> save all 

  Use the following command to set a static default route for all IPX packets not routed by a more specific route:

  Command> set ipxgateway  Network|Node Metric

  Note ¯ You can delete only static routes.

 
 

       Modifying the Static Netmask Table

  Note ¯ ComOS 4.1 and later releases support both RIP-1 and RIP-2 on the PortMaster 4. Earlier releases of ComOS support only RIP-1.

  The netmask table is provided to allow routes advertised by RIP-1 to remain uncollapsed on network boundaries in cases where you want to break a network into noncontiguous subnets. The PortMaster normally collapses routes on network boundaries as described in RFC 1058. However, in certain circumstances where you do not want to collapse routes, the netmask table is available.

  Caution ¯ Do not use the static netmask table unless you thoroughly understand and need its function. In most circumstances its use is not  necessary. Very large routing updates can result from too much use of the netmask table, adversely affecting performance. In most cases it is easier to use RIP-2 or OSPF instead of using the netmask table and RIP-1. Lucent strongly recommends you use OSPF if you require noncontiguous subnets or variable-length subnet masks (VLSMs).

  For example, suppose the address of Ether0 is 172.16.1.1 with a 255.255.255.0 subnet mask (a class B address subnetted on 24 bits) and the destination of PTP1 is 192.168.9.65 with a 255.255.255.240 subnet mask (a class C address subnetted on 28 bits). If routing broadcast is on, the PortMaster routing broadcast on Ether0 claims a route to the entire 192.168.9.0 network. Additionally, the broadcast on PTP1 claims a route to 172.16.0.0.
  Sometimes, however, you want the PortMaster to collapse routes to some bit boundary, other than the network boundary. In this case, you can use the static netmask table. However, RIP supports only host and network routes, because it has no provision to include a netmask. Therefore, if you set a static netmask in the netmask table, the PortMaster collapses the route to that boundary instead, and broadcasts a host route with that value. Other PortMaster routers with the same static netmask table entry convert the host route back into a subnet route when they receive the RIP packet.
  This approach works only if all the routers involved are PortMaster products, with the following two exceptions:
  The most common use for the static netmask table is to split a single class C network into eight 30-host subnets for use in assigned pools. Subnetting allows each PortMaster to broadcast a route to the subnet instead of claiming a route to the entire class C network. An example of that use is provided below.
  The next most common use for the static netmask table is to allow dial-in users to use specified IP addresses across multiple PortMaster products in situations where assigned IP addresses are not sufficient. This use can result in very large routing tables and is not recommended except where no other alternative is possible.
  The netmask table can be accessed only through the command line interface. To add a static netmask, use the add netmask  command. To delete a static netmask, use the delete netmask  command. The show table netmask  command shows both dynamic netmasks and static netmasks, marking them accordingly.

  Note ¯ Static routes use the netmask table entries that are in effect when the routes are added. If the netmask table is changed, the static route must be deleted from the route table and added again.

  This static netmask example assumes the following:
  To create the subnets defined in this example, enter the following commands on all the PortMaster routers:

  Command> set  Ether0  address  192.168.206. X (for some value of X)
Command> set  gateway  192.168.206. Y (where Y points at your gateway)
Command> add  netmask  192.168.207.0  255.255.255.224 
Command> add  netmask  192.168.208.0  255.255.255.224 
Command> add  netmask  192.168.209.0  255.255.255.224 
Command> set  Ether0  rip  on 
Command> save  all 

  The netmask table collapses routes on the boundaries specified. As a result, if one PortMaster has an assigned pool starting at 192.168.207.33, it broadcasts a host route to 192.168.207.32 instead of broadcasting a route to the 192.168.207.0 network. The other PortMaster routers consult their own netmask tables and convert that route back into a subnet route to 192.168.207.33 through 192.168.207.32.
  If your gateway on the Ethernet is not a PortMaster product, the netmask table is not supported. However, you can set a static route on the gateway for each of the three destination networks for your assigned pools (192.168.207.0, 192.168.208.0, and 192.168.209.0), pointing at one of the PortMaster routers. The identified PortMaster then forwards packets to the proper PortMaster.
  If you are using an IRX running ComOS 3.2R or later as your gateway, you can configure the netmask table on the router also. This allows your PortMaster to listen to RIP messages from the other PortMaster routers and route directly to each of them.
 

       Setting Authentication for Dial-In Users

  You can configure the PortMaster for three authentication methods, PAP, CHAP, and username/password login.
  By default, PAP and CHAP are set to on . Dial-in users are asked to authenticate with PAP when PPP is detected. If users refuse, they are asked to authenticate with CHAP.
  If you set PAP to off , and CHAP to on , dial-in users are asked to authenticate with CHAP. PAP authentication is neither requested nor accepted. If you set both PAP and CHAP to off , dial-in users must authenticate with a username/password login.
  To set PAP authentication, use the following command:

  Command> set  pap on |off 

  To set CHAP authentication, use the following command:

  Command> set  chap  on |off 

 

       Setting Call-Check Authentication

  You can enable services without authenticating the user at the point of entry on PortMaster products that support PRI or in-band signaling. Use the show global  command to find out if call-check is enabled on your PortMaster.
  To enable the call-check feature in ComOS, you must first configure call-check user entries on the RADIUS 2.1 server. Otherwise, the PortMaster issues a busy signal to every call. See the RADIUS for UNIX Administrator's Guide for more information about RADIUS.
  To enable call checking on the PortMaster, use the following command:

  Command> set call-check on |off 

  Note ¯ The call-check feature is off  by default.

 
  If the call-check feature is on , the PortMaster sends a ringing message to the switch while the service information is being looked up in RADIUS.
  RADIUS does one of the following:
  Call-check enables the PortMaster--via RADIUS--to check the telephone number of a caller before answering the call. The PortMaster can then hang up and call the user back with no charge incurred for connecting the user in the first place. Alternatively, the PortMaster can reject the call to limit the number of users who can call a given number, such as an 800 number, or to prevent certain users from calling the number.
  You can also use call-check to support virtual points of presence (POPs) by redirecting a call. If a caller dials one number, the PortMaster can authenticate normally. If a caller dials a different number, the PortMaster can accept the call and forward the caller information through a netdata (TCP clear) or L2TP connection to an IP address and port of your choosing, where another process handles the user.
  Additionally, you can provide guest access or establish tunnels based on dial number information services. Call checking can be done against the calling number ID (CNID) or calling line ID (CLID) or both. The RADIUS attributes are Called-Station-Id and Calling-Station-Id, respectively.
 

       Setting the ISDN Switch

  You can configure the switch provisioning for ISDN PRI connections to PortMaster ISDN ports. See Chapter 11, "Configuring T1, E1, and ISDN PRI," for details on PRI connections.
 

       PortMaster Security Management

  The PortMaster provides security through the user table, or if configured, RADIUS security. When a dial-in user attempts to authenticate at the login prompt, or via PAP or CHAP authentication, the PortMaster refers to the entry in the user table that corresponds to the user. If the password entered by the user does not match, the PortMaster denies access with an "Invalid Login" message. If no user table entry exists for the user and port security is off, the PortMaster passes the user on to the host defined for that port using the selected login service. In this situation, the specified host is expected to authenticate the user.
  If port security is on and the user was not found in the user table, the PortMaster queries the RADIUS server, if one has been configured. If the username is not found in the user table, port security is on, and no RADIUS server is configured in the global configuration of the PortMaster, access is denied with an "Invalid Login" message. If the RADIUS server is queried and does not respond within 30 seconds (and neither does the alternate RADIUS server), access is denied with an "Invalid Login" message.
  If security is off, any username that is not found in the user table is sent to the port's host for authentication and login. If security is on, the user table is checked first. If the username is not found and a RADIUS server is configured, RADIUS is consulted. When you are using RADIUS security, you must use the set  C0 security  command to set security to on .
  Access can also be denied if the specified login service is unavailable--for example, if the PortMaster Login Service has been selected for the user but the selected host does not have the in.pmd  PortMaster daemon installed. Access is denied with the "Host Is Currently Unavailable" message if the host is down or otherwise not responding to the login request.
  If an access filter is configured on the port and the login host for the user is not permitted by the access filter, the PortMaster refuses service with an "Access Denied" message. If the access override parameter is set on the port, the PortMaster instructs the user to authenticate himself, even though the default access filter is set to deny access.
  Refer to the RADIUS for Windows NT Administrator's Guide and RADIUS for UNIX Administrator's Guide for more information about RADIUS.
[Top] [Table Of Contents] [Prev] [Next] [Index]
5 out of 21 total pages
spider@livingston.com
Copyright © 1999, Lucent Technologies. All rights reserved.