ComOS 3.3.3 Release Note

INTRODUCTION

The new Lucent Technologies ComOSTM 3.3.3 software release is now available for the PortMasterTM 2, 2E, 2ER, 2R and 25. This release is provided at no charge to all Lucent customers. The following document describes the features of the ComOS 3.3.3 software release and how to upgrade your PortMaster. Upgrade instructions are included at the end of this release note.

WARNING! YOU MUST USE PMINSTALL VERSION 3.3.1 OR LATER TO PERFORM THIS UPGRADE! If you are upgrading using PMconsoleTM for Windows, you must use PMconsole for Windows version 1.1 or later. See "Additional Notes" on page 12. If you have any port speeds set to 115200, upgrade to ComOS release 3.3.3, and later downgrade to any earlier release you must set the port speeds after downgrading.

NEW FEATURES

ComOS 3.3.3

ComOS 3.3.3 includes the following new feature:

For compatibility with the RADIUSTM RFC, Framed-Route attributes delivered from the RADIUS server which contain network masks of the type "/xx" no longer create an error condition. The PortMaster strips the mask value from the destination address and ignores it.

ComOS 3.3.2

ComOS 3.3.2 includes the following new features:

* Support for International ISDN
* Command to show flash file system
* Session Termination Cause logging in RADIUS Accounting
* RADIUS Outbound-User support
* TCP port number for Login User in RADIUS Accounting
* Maximum Receive Unit increased to 1520 bytes
* PAP and CHAP for Dialback PPP users
* Easier configuration of CHAP for dial-out Locations
* ChoiceNetTM without RADIUS
* Set all command made easier
* Debug off command

Support for International ISDN

Support for International ISDN using the MOD-10I-ST expansion board has been added. This is the ISDN 5 BRI expansion card for use in Europe, Japan, and other countries using international ISDN standards. See "MOD-10I-ST LED Behavior" on page 12 for LED behavior. New ISDN switch type settings for "set isdnswitch" are listed in the following table.

set isdn-switch	Used for

net3	EuroISDN standard (includes Swiss extensions)
vn2	France - Older switch type
vn3	France - Older switch type
vn4 	France - Current National switch type
1tr6	Germany - Older switch type
ntt	Japan
kdd	Japan

A change in switch type does not take effect until the PortMaster is rebooted.

Command to show flash file system

The "show files" command has been added to display how much of the 128 KB flash configuration file system is in use. Output also shows file names. Files are:

confdata
Extensions to port configurations, ether1, RADIUS

config
Global configuration and standard port configurations

passwd
User Table

hosttab
Host Table

routes
Static Routes

location
Location Table, except for chat scripts

script
Chat Scripts for the Location Table

snmp
SNMP

filters
IP filters

listnames
ChoiceNet list IDs contained in filters

ipxfilt
IPX filters

sapfilt
SAP filters

netmasks
Static Netmask Table

modem
Modem Table

Session Termination Cause logging in RADIUS Accounting

RADIUS accounting now reports the reason for session termination. In addition, the new "set debug termination on" command displays more detailed port terminations to the system console as well as sending these messages to syslog. See "RADIUS Accounting Terminate Cause" on page 14 for more information on termination causes and how to edit the RADIUS dictionary file to take advantage of them. (Also available in 3.3.1c1.)

RADIUS Outbound-User support

The PortMaster now supports the RADIUS Outbound-User service-type. In addition, the PortMaster logs outbound user activity to RADIUS accounting.See "RADIUS for Outbound Users" on page 13 for information on using this feature.

IMPORTANT NOTE: If you are currently using outbound Telnet security with RADIUS you must change those entries in your RADIUS users file to use ServiceType = Outbound-User when you upgrade to ComOS release 3.3.2.

TCP port number for Login User in RADIUS Accounting

The Telnet and Netdata TCP port number is now identified in RADIUS accounting. Previously, Login Users sent to a host with Telnet would be identified only as using the Telnet service even if they were directed by RADIUS to a TCP port number other than 23. In ComOS release 3.3.2, if the user is sent to a port other than 23 RADIUS accounting reports the TCP port number. This is useful for determining whether the user was sent to a special service on the identified host. Accounting records for Login Users using the Netdata (TCP-Clear) login service now always include the TCP port number.

Maximum Receive Unit increased to 1520 bytes

LCP now allows the remote end to request (via a NAK) a maximum receive unit of up to 1520 bytes instead of the previous limit of 1500. This accommodates some Multilink PPP implementations which use a MRU larger than 1500 bytes.

PAP and CHAP for Dialback PPP users

PAP and CHAP authentication support has been added for Dialback PPP users.

Easier configuration of CHAP for dial-out Locations

The new command "set location Location_Name chap [ on|off ]" has been added to make outbound CHAP authentication easier to configure. When "chap on" is set for the location, the PortMaster requires that it be authenticated using CHAP on an outbound dial. The username and password entered in the location table are used as the "system identifier" and "MD5 secret" in the CHAP authentication. Use of this feature eliminates the need to use the sysname and user table configurations for CHAP unless the device being dialed to also sometimes dials into the PortMaster. The default setting is "chap off".

ChoiceNet without RADIUS

ChoiceNet can now be used without RADIUS, using the commands "set choicenet Ipaddress" and "set choicenet-secret String".

Set All command made easier

The "set all" command no longer affects the W1 port, the P0 parallel port or the new C0 (PM-2I and PM-2E-10I only) console port. Now it affects only ports S0-29.

The command "set all network dialin" is now supported.

Debug off command

The command "set debug off" has been added. This command clears all debug settings which are currently active in the PortMaster.

ComOS 3.3.1

ComOS 3.3.1 adds the following new features:

* 5ESS Custom Point-to-Point ISDN Support
* Ascend Multilink PPP compatibility
* Data over voice for both inbound and outbound ISDN connections
* AT strings for more user control for outbound ISDN dialing
* Console now ignores modem type and autolog
* !root login on serial ports can be disabled
* Non-printing characters allowed in passwords
* RADIUS Accounting records signed
* Port Type included in RADIUS Authorization and Accounting
* Input and output octet counters in RADIUS Accounting
* RFC 1877 support added so clients can learn their DNS server from PortMaster
* Location Table entries made simpler and easier

5ESS Custom Point-to-Point ISDN Support

5ESS Custom Point-to-Point ISDN Support has been added.

PMconsoleTM 3.3 does not support the 5ess-ptp switch type, so if you are using 5ESS Point-to-Point you must set the switch type from the command line as follows:

set isdn-switch 5ess-ptp
save all
reboot

Ascend Multilink PPP compatibility

Compatibility with Ascend's version of Multilink PPP has been added.

Data over voice for both inbound and outbound ISDN connections

Data over voice is now supported for both inbound and outbound ISDN connections. The PortMaster automatically accepts voice calls inbound and treats them as data calls. Outbound, setting the voice attribute in the location table with "set Location_Name voice on" forces a voice call. In outbound asynchronous mode, the AT&N55 command forces a voice call.

AT strings for more user control for outbound ISDN dialing

In asynchronous ISDN mode new AT strings have been added to allow more user control when performing outbound dialing. Specifically the new strings are:

&N55 Perform an outbound call using data over Voice (a Voice call is originated).
&N56 Perform an outbound call using a 56000 data connection.
&N64 Perform an outbound call using a 64000 data connection.
&N0 Attempt to autodetect the available data service (64000 or 56000)

Console now ignores modem type

When the console diagnostic switch is up, the PortMaster no longer attempts to configure the modem specified for the console port. This allows a terminal to be more easily attached to the console for debugging purposes when a modem was previously attached. Any autolog setting on S0 is now ignored if the console diagnostic switch is up.

!root login on serial ports can be disabled

The command "set serial-admin off" disables !root logins on the serial ports. !root can still login on port S0 if the console dip switch is up.

Non-printing characters allowed in passwords

Support has been added to allow the entry of non-printing characters in the login password field.

RADIUS Accounting records signed

RADIUS accounting has been extended to deliver signed accounting records for verification of authenticity as per the current RADIUS Internet-Draft.

Port Type included in RADIUS Authorization and Accounting

RADIUS accounting and authorization has been extended. The new NAS-Port-Type is now included in Access Requests and Accounting Requests. This allows administrators to know definitively whether a user is attempting a session on an asynchronous port, an ISDN port, or a synchronous port.

Input and output octet counters in RADIUS Accounting

RADIUS accounting has been extended to include input and output bytes counts in the RADIUS Stop records.

RFC 1877 support added so clients can learn their DNS server from PortMaster

Support for RFC 1877 has been added. This allows hosts which support RFC 1877 to learn their DNS (and other servers) through the PPP protocol negotiation. Use the "set nameserver Ipaddress" command on the PortMaster to set the nameserver that the PortMaster tells the host about. You can set an alternate name server with "set nameserver 2 Ipaddress".

Location Table entries made simpler and easier

New location table entries now default to PPP and its associated configuration parameters to simplify data entry for the most common types of dial locations.

Automatic location table scripting has been implemented. Instead of requiring the administrator to enter a V.25bis or AT style send/expect dial script, they can simply enter the telephone number, user name, and password to use when dialing to a remote location.

The following commands have been added to support this:

set location Location_Name telephone 8005551212
set location Location_Name username PPP_PAP_username
set location Location_Name password PPP_PAP_password

ComOS 3.3.3

ComOS 3.3.3 includes the following new features:

* ISDN Basic Rate Interface (BRI) support
* Multilink PPP on ISDN
* Multilink V.120 on ISDN
* Dynamic loadable software modules for memory management
* ARP entries cleared on Frame Relay
* Require PAP option
* Per user port limit for Multilink PPP and Multilink V.120
* Per user idle timeouts
* Per user session time limits
* IP numbered interfaces through User Table
* BOOTP support
* Called-Station-Id and Calling-Station-Id for RADIUS accounting
* RADIUS accounting sends notification of PortMaster boot
* Outbound PAP authentication
* Increase in active interfaces

ISDN Basic Rate Interface (BRI) support

ISDN basic rate interface support has been added. This release added full support for the new MOD-10I-U ISDN expansion boards available for the PortMaster 2E and 2ER. Consult the "Installing the MOD-10I-U ISDN Expansion Board" release note for a full list of supported capabilities.

See "ISDN Basic Rate Interface (BRI) support" on page 22 for instructions on configuring the PortMaster 2E to use the MOD-10I-U ISDN expansion board.

Multilink PPP on ISDN

Multilink PPP (MP) is now supported on ISDN interfaces. This is supported concurrently with the Lucent Multi-line Load Balancing. The PortMaster automatically detects and accepts both Multi-line Load Balancing and Multilink PPP connections. Outbound, the PortMaster can be set to use Multilink PPP via the Location Table by using the "set location Location_Name multilink on" command.

Multilink V.120 on ISDN

Implemented Multilink V.120 on ISDN interfaces. This allows the Lucent PowerLink128 ISDN Modem to make 128Kbps connections to the PortMaster. Second connections generate PowerLink128 RADIUS Accounting records.

Dynamic loadable software modules for memory management

Memory management has been improved and Dynamic Load modules have been implemented. Device drivers now only load if the specific device is present in the PortMaster (i.e. sync port or ISDN). In addition if SNMP or IPX are not needed they can be disabled to save memory. The commands "set ipx off" and "set snmp off" cause the modules to not load. Any device drivers or subsystems not needed provide additional operational memory for the PortMaster. See the memory guidelines below for PortMaster memory requirements.

IMPORTANT - to use IPX, you must now use the "set ipx on" command. If you are upgrading from a previous release and had IPX configured, it defaults to "on" in this release. When turning IPX or SNMP off, you must do a "save all" and reboot the PortMaster before the change takes effect.

ARP entries cleared on Frame Relay

ARP entries are now cleared on Frame Relay interfaces when LMI stops reporting the DLCI. This eliminates packet traffic on PVC's which have been disabled.

Require PAP option

The support for Challenge Handshake Authentication Protocol (CHAP) can now be disabled. Administrators who do not wish to support inbound CHAP authentication can now use the command "set chap off" to disable it. If CHAP is disabled, the only authentication supported is PAP or simple username/password login. It is recommended that this form of authentication use more advanced security subsystems like one-time password smart cards.

Per user port limit for Multilink PPP and Multilink V.120

Implemented Port Limits on a per user basis, only for Multilink V.120 and Multilink PPP users. If left unconfigured, port limits are not imposed, and Multilink V.120 and Multilink PPP sessions are allowed. If a port limit is set, the user is limited to that number of ports on the PortMaster for Multilink V.120 and Multilink PPP only. The command to do so is "set user Username maxports Number". This can be specified as part of the new RADIUS Port-Limit attribute.

Per user idle timeouts

Implemented idle timeouts on a per user basis. Idle timeouts can be set in the User Table or can be provided as part of the new RADIUS Idle-Timeout attribute. To set them in the User Table use the "set user Username idle Minutes" command.

Per user session time limits

Implemented session limits from the User Table or RADIUS. If RADIUS returns a session time limit using the new Session-Timeout attribute, the user is automatically disconnected when the time limit is exceeded. To set a session limit in the User Table use the "set user Username session-limit Minutes" command.

IP numbered interfaces through the User Table

Implemented IP numbered interfaces for network users through the User Table. By using the "set user Username local-ip-address IPaddress" command, the PortMaster uses the local-ip-address as its IP address to the serial interface. This function is not available in RADIUS.

BOOTP support

BOOTP Support has been added. Clients dialing into the PortMaster can now make BOOTP requests to determine IP address, Subnet Mask, Default Gateway, DNS server, and Domain Name. The PortMaster only responds to BOOTP requests on its serial or ISDN lines.

Called-Station-Id and Calling-Station-Id for RADIUS accounting

RADIUS Accounting has been extended to provide Called-Station-Id and CallingStation-Id on ISDN dial-up connections (where provided by the ISDN carrier). These attributes can be used to differentiate ISDN calls from analog calls and to track origination of ISDN calls.

RADIUS accounting sends notification of PortMaster boot

The PortMaster logs a Start record with no Username to the RADIUS accounting server at boot time.

Outbound PAP authentication

Outbound PAP authentication is now supported. The PortMaster previously required the remote end to authenticate with CHAP. Now, by specifying a PAP username and Password in the Location Table dial script, the PortMaster can be authenticated by the remote end using PAP. This is done by setting the Send String in the last line of the dial script to contain the PAP information. The command is:

set location Location_Name script Number "=PAP=User/Password"

This authenticates using PAP as user User with password Password. ComOS 3.3.1 has an even simpler method of specifying PAP authentication in the location table.

Increase in active interfaces

The ceiling on maximum active interfaces has been raised from 100 to 500 when more than 1MB of memory is found.

BUG FIXES

ComOS 3.3.3

Basic rate ISDN lines using switch type 5ESS point-to-point (5ESS-PTP) now establish LAPD sessions on their D channels immediately after system startup. This allows some hunt group provisioning to work properly.

ISDN ports configured for "host prompt" now accept synchronous PPP connections.

When dialing from one PortMaster to another using the V.120 protocol, users occasionally would not receive a login prompt until they pressed the Enter key. This problem has been fixed.

ISDN calls made using French switch type VN4 now pass their called telephone number using the "unnumbered" plan. This increases compatibility with some switches.

Calls rejected due to service incompatibility now provide proper cause codes to the switch.

A larger number of processes are now supported on the PM-2. This is required at boot time on a fully loaded PM-2E with 15 ISDN BRI ports.

The PortMaster occasionally rebooted while auto-detecting asynchronous PPP sessions. This problem has been fixed.

If a RADIUS server sent an Access-Challenge to users being authenticated with PAP the PortMaster incorrectly treated it as an ACK. This has been fixed. An AccessChallenge received for a PAP user is now treated as a NAK.

 

ComOS 3.3.2

The following bugs have been fixed in ComOS 3.3.2.

PM-2ER WAN port lockup fixed

The W1 lockup problem on the PM-2ER has been fixed. Previously, from every few days to every few weeks the W1 port on the PM-2ER would stop transmitting packets and would recover after some amount of time or after a port reset. This software bug has been fixed. (Also available in 3.3.1c1.)

MOD-10I-U port S14-15 lockup fixed

In some cases, one of the middle BRI ports (S14-15 or S24-25) on the MOD-10I-U ISDN expansion card would stop functioning and require a reboot of the PortMaster to reenable. This has been fixed.

Zero Length Filters are now ignored

Zero length filters applied to Ethernet interfaces are now treated as permit filters. That is, if a filter has no rules at all it now permits everything through. If it has one or more rules then anything not explicitly permitted by a rule is denied at the end of the filter.

Ports using ChoiceNet can be reset safely

Previously, resetting or disconnecting a port which is waiting for ChoiceNet to upload a dynamic packet filter would cause the PortMaster to reboot. This has been fixed; ports can now be reset without causing a problem.

State Attribute cleared properly

Previously the RADIUS State attribute could be inadvertently retained between login sessions, displaying the wrong RADIUS menu when users logged on. This has been fixed. (RADIUS menus are supported in the RADIUS 2.0 server, to be released later.)

Too-long Filter-Id Attributes now truncate

Previously, a RADIUS Filter-Id attribute longer than 12 characters for PPP users would cause the PortMaster to reboot. This has been fixed. A Filter-Id longer than 12 characters is now truncated to 12 characters before appending the ".in" and ".out" to the filter name.

Host Prompt now works over ISDN

Previously an ISDN port set for host prompt would not echo characters back to the user. This has been fixed.

Location username now deletes properly

Previously, adding a username to a location, deleting the location, and adding the location again would bring back the username entry. The username is now properly deleted when the location is deleted.

Extraneous console message removed

If a user dials in and negotiates IPX while the console is set, the console gets a burst of "e_getpacket: no packet available" messages at the end of negotiations. These are harmless, but have been removed.

Commands fixed

The usage statement for ptrace has been fixed.

Previously, only the command "save host" would save the PortMaster Hosts Table. The plural form "save hosts" is now supported as well.

ComOS 3.3.1

"No Circuit Available" on ISDN lines has been fixed. In some cases a call was not being completely disconnected even though the PortMaster thought the disconnect had completed. In this case additional attempts to dial out would fail because a new circuit was not actually available. The PortMaster now fully cleans these connections up.

Occasionally the message "mwac_cmd: ISDN command timeout - ip0<0200, 8014>" would be displayed on the PortMaster console. At this point ISDN traffic would cease until rebooting. This has been fixed.

Some PPP packets would fail to transmit over ISDN with the message "remote_slifrecv: Limited expansion room - packet lost" being displayed on the console. This has been fixed.

Release 3.3.3 introduced a bug in which duplicate IP addresses would be assigned to multiple users. This typically happened if the port was configured as a host prompt port with network dial-in disabled and a network connection was started by PPP autodetect or entering "ppp" at the host prompt. All additional PPP users coming in on other ports with the same configuration would receive the same IP address. In some cases this problem occurred with other configurations. This has been fixed. NOTE: Users should verify that ports which they want to allow PPP connections to be established from the "host:" prompt have network dial-in enabled.

Multiple simultaneous outbound dialing over ISDN has been fixed. Previously if multiple outbound dial attempts were initiated within 200ms of each other, the second dial attempt would be lost and the second outbound dial would never complete.

ComOS 3.3.3

The PortMaster no longer loses track of IP addresses it provided as assigned address from the pool. This bug caused the PortMaster to start giving out address 0.0.0.0 to dial-in hosts because it is out of addresses.

Users which have initiated a PPP connection using PPP autodetect and get authenticated and authorized as a SLIP user are now properly handled. Service is denied and the PortMaster cleans up the session. Previously a variety of symptoms would be experienced causing an incorrect active configuration.

The correct active user is retained for ports configured for host prompt.

Serial port spurious interrupt handling has been extended to include detecting streams of framing errors. Some modems get confused about their configuration and begin sending continuous data to the PortMaster at a baud rate different than set on the PortMaster. This would cause all operation on the PortMaster to appear stopped for several minutes to several hours. The PortMaster now attempts to reset the modem and continues to operate properly even if the modem does not recover.

ADDITIONAL NOTES

ComOS 3.3.2

MOD-10I-ST LED Behavior

When you first turn power on, each BRI status LED on the MOD-10I-ST expansion card blinks twice a second for up to ten seconds while the board is performing a self-test. If the BRI synchronizes with the attached NT1 and switch the LED turns solid. If it fails to synchronize the LED stays off, except that if a Directory Number is set on the port, the LED flashes on briefly once every five seconds as the PortMaster tries to activate the BRI. If no Directory Number is set, the LED stays off. If the Directory Number is set and you plug in the RJ-45 from the NT1, at the next 5-second flash the LED comes on and stays on, or if the switch tries to activate the BRI the LED goes on. If the PortMaster tries to dial out and finds the BRI has been inactivated, the LED goes off.

RADIUS for Outbound Users

RADIUS on the PortMaster now supports Service-Type = Outbound-User, used to authenticate users gaining outbound access to network device ports.

If you do not have any ports set to "device /dev/network" or "twoway /dev/network" you can ignore this entire section, it does not apply to you. If you do have any ports set to "device /dev/network" or "twoway /dev/network" and have been using RADIUS to authenticate outbound users, you should read this section carefully and understand it completely before upgrading to this release, because things will work differently after the upgrade.

In ComOS release 3.3.1 and earlier, to allow users to access the modems for outbound dialing across your network but require a password for such access, you set the port up like this (after first moving your telnet administration port to something other than 23 with a command like "set telnet 24"):

set s1 device /dev/network
set s1 service_device telnet 10000
save s1
reset s1
And then set up a user like this in the PortMaster User Table.

add user fred
set user fred password What4ever
set user fred service telnet 10000
set user fred host <PortMaster ether0 IP address>
save user

A user can then telnet to the PortMaster at the usual telnet port of 23, get a login prompt, enter "fred", get a password prompt, enter "What4ever", and would be connected to the device connected to port s1, typically a modem. You can pool multiple ports together by setting their service device telnet port to the same number. Any port number between 10000 and 10100 has this special property.

In ComOS 3.3.2 and later (3.4.2L and later on the Office Router, 3.4.2R and later on the IRXTM) this behavior has changed. In 3.3.2, you set up the port the same way as before, but now when the user telnets to port 23 and gives his username and password, the PortMaster first checks the local User Table, as it did before. If the user is not found in the local User Table and the PortMaster is configured to use a RADIUS server, the PortMaster sends a RADIUS Access-Request to the RADIUS server with the hint that Service-Type (6) = Outbound-User (5).

If the PortMaster receives back an AccessAccept from the RADIUS server with Service-Type = Outbound-User, it allows the user to connect to the port. Check your /etc/raddb/dictionary file for the exact spelling of attribute 6 and value 5.

An example entry in the /etc/raddb/users file for an Outbound-User follows:

fred Password = "What4ever", Service-Type = Outbound-User
     Service-Type = Outbound-User,
     Login-Service = Telnet,
     Login-TCP-Port = 10000

Note that the user file can only have one entry named "fred". If fred is already used in the RADIUS users file as a different kind of user, you must use a different username to dial out with. RADIUS 2.0 will make this easier.

RADIUS Accounting Terminate Cause

Release 3.3.2 has added support for the RADIUS Accounting Acct-Terminate-Cause attribute to provide information on the cause of session termination. In addition, if termination debugging is turned on using the "set debug termination on" command, additional termination information is sent to syslog (auth.info) and the system console.

Before upgrading the PortMaster, update your /etc/raddb/dictionary file by adding the following lines, kill your radiusd and restart it. An updated dictionary file is available at ftp://ftp.livingston.com/pub/le/radius/dictionary.


ATTRIBUTE Acct-Terminate-Cause	49
						  integer
VALUE	  Acct-Terminate-Cause	User-Request	    1
VALUE 	  Acct-Terminate-Cause	Lost-Carrier	    2
VALUE	  Acct-Terminate-Cause	Lost-Service	    3
VALUE	  Acct-Terminate-Cause	Idle-Timeout	    4
VALUE	  Acct-Terminate-Cause	Session-Timeout	    5
VALUE	  Acct-Terminate-Cause	Admin-Reset	    6
VALUE	  Acct-Terminate-Cause	Admin-Reboot	    7
VALUE 	  Acct-Terminate-Cause	Port-Error	    8
VALUE	  Acct-Terminate-Cause	NAS-Error	    9
VALUE	  Acct-Terminate-Cause	NAS-Request	    10
VALUE	  Acct-Terminate-Cause	NAS-Reboot	    11
VALUE 	  Acct-Terminate-Cause	Port-Unneeded 	    12
VALUE	  Acct-Terminate-Cause	Port-Preempted	    13
VALUE	  Acct-Terminate-Cause	Port-Suspended	    14
VALUE	  Acct-Terminate-Cause	Service-Unavailable 15
VALUE	  Acct-Terminate-Cause	Callback 	    16
VALUE	  Acct-Terminate-Cause 	User-Error 	    17
VALU	  Acct-Terminate-Cause	Host-Request	    18

The following simple script produces a list of termination causes seen. Note that this script does not remove duplicates, so it provides only an approximate count.

cat /var/adm/radacct/*/detail | grep Acct-Terminate-Cause | \ sort | uniq c

Here are the syslog messages and their meanings. Where a message would also go to RADIUS Accounting, the Acct-Terminate-Cause is included in the syslog message before the dash. In normal operation you would expect to see User-Request, HostRequest, and Lost-Carrier, although Lost-Carrier can be caused by the user hanging up his end of the connection or by line or modem problems.

Admin Reset

Port was reset by administrator. Also sent to RADIUS Accounting if a session was active on the port.

Callback

Callback User is disconnected so the port can be used to call user back.

Cause Unknown

Contact Lucent InterNetworking Systems Technical Support.

Host Request - PMD

Disconnected or logged out from host using in.pmd service. This can mean either normal termination of a login session, or the remote host has crashed or become unreachable. Also sent to RADIUS Accounting.

Host Request

Disconnected or logged out from host. This can mean either normal termination of a login session, or the remote host has crashed or become unreachable. Also sent to RADIUS Accounting.

Idle Timeout

Idle timer expired for user or port. Also sent to RADIUS Accounting.

Login Timeout

The login:, password:, or host: prompt is set to timeout after five minutes with no input and has done so.

Lost Carrier

Session terminated when modem dropped DCD. This can either mean the user or his modem hung up the phone from their end, in which case there is no problem, or can mean that the line was dropped or took a noise hit too severe for the modems to recover from, or can mean that the local modem dropped DCD for some other reason. Also sent to RADIUS Accounting.

Lost Service - Interface Down

Contact Lucent InterNetworking Systems Technical Support.

Lost Service - Interface Error

Contact Lucent InterNetworking Systems Technical Support.

Lost Service - Invalid Network Handle

Contact Lucent InterNetworking Systems Technical Support.

Lost Service - LMI

A Frame Relay interface missed six consecutive LMI replies.

Lost Service - No netbufs

No netbufs are available for service. Contact Lucent InterNetworking Systems Technical Support.

NAS Error - PPP Unknown State

The PortMaster could not determine state of PPP. Contact Lucent InterNetworking Systems Technical Support.

NAS Request - Modem Config Complete

The Modem table entry has finished initializing the modem attached to the port.

NAS Request - PPP Maximum Retransmissions

PPP negotiations failed after the PortMaster sent 10 configuration requests. This is caused by a configuration error on the client, PortMaster, or RADIUS user entry.

No Event Identified

Contact Lucent InterNetworking Systems Technical Support.

Port Error - PPP Couldn't Send

The PortMaster could not send PPP negotiation. Check that the port and modems at both ends are properly configured for hardware flow control (RTS/CTS); if the problem still occurs, contact Lucent InterNetworking Systems Technical Support.

Port Error - PPP Loop Detect

The PortMaster saw its own Magic Number in an LCP Configuration Request. The two most likely causes are either that our modem is in echo mode or that we dialed into a UNIX system and it is echoing our packets back to us. In the former case, correct the configuration in the modem. In the latter case, change the chat script in the location table entry on the PortMaster to expect "~" instead of "PPP".

Port Error - Spurious Interrupts

Attached device is causing too many interrupts, so the PortMaster reset the port. Also sent to RADIUS Accounting if a session was active on the port.

Port Error - Unknown State

Contact Lucent InterNetworking Systems Technical Support.

Port Error - Wrong Type

Port is configured for login users only and a network user is trying to log in, or vice versa. To configure ports appropriately:

set all login Login users only
set all network dialin Network users only
set all login network dialin Both
Service Unavailable - Access Denied

The port Access Filter does not permit connection to requested host. If you get this message and you wish to allow a connection to the host:

1. If you did not intend to use an access filter, remove the ifilter from the port with "set Port ifilter"

2. If you are using an access filter, check your filter rules.

Service Unavailable - Auth Failed

Three attempts by the user to authenticate at the login: prompt have failed, so the user is disconnected.

Service Unavailable - Device

Port is set for host device but in.pmd or the pseudo-tty configured is unavailable. This gets logged once per second until the situation is corrected.

Service Unavailable - Host

Login session was unable to connect to host. The most common cause is that the host is down or refusing connections or not running in.pmd or rlogind.

Service Unavailable - PPP Auth Failed

Contact Lucent InterNetworking Systems Technical Support.

Service Unavailable - PPP CHAP Auth Failed

The user's PPP CHAP authentication failed.

Service Unavailable - PPP No Protocol

Neither IP nor IPX was negotiated for PPP, so no service can be provided. This is a configuration error for either the dial-in client or the user entry.

Service Unavailable - PPP Outbound PAP Auth Failed

PortMaster dialed out to another site and was being authenticated by PAP but failed, so the PortMaster is hanging up. (Note that if we are authenticated by CHAP and fail, it is the responsibility of the other end to hang up.)

Service Unavailable - PPP PAP Auth Failed

The user's PPP PAP authentication failed.

Session Timeout

Session timer expired for user. Also sent to RADIUS Accounting.

User Error - PPP LCP Protocol Reject

The PortMaster received a LCP Protocol Reject. This should never happen; it indicates there is a bug in the software of the remote system since the remote system is claiming it does not support LCP.

User Error - PPP NCP Active to Reply

PortMaster received a PPP Configuration ACK when a session was already established, so it terminated the session. This is caused by a PPP implementation error in the dialin client. Also sent to RADIUS Accounting.

User Error - PPP NCP Active to Request

PortMaster received a PPP Configuration Request when a session was already established, so it terminated the session. This is caused by a PPP implementation error in the dial-in client. Also sent to RADIUS Accounting.

User Request - Admin Quit

Quit command issued from the command line interface.

User Request - PPP Term Ack

Dial-in client requested that we terminate immediately without sending an acknowledgment. This message is expected from a proper PPP client termination. Also sent to RADIUS Accounting.

User Request - PPP Term Req

Dial-in client requested that we send a Termination ACK and then terminate. This message is expected from a proper PPP client termination. Also sent to RADIUS Accounting.

ComOS 3.3.1

ISDN Basic Rate Interface (BRI) support

ComOS 3.3.3 adds support for Lucent's new 5 BRI ISDN card. Up to two ISDN cards, in addition to a 10-port 115.2 Kbps asynchronous card, are supported in the PortMaster 2E or 2ER.

PortMasters support dial-on-demand ISDN connections using BRI ports and the PPP protocol. Each BRI supports two 64 Kbps B channels for data and one 16 Kbps D channel for signaling. Multiple lines can be used to increase bandwidth, either using Multilink PPP, as defined by RFC 1717, or using LucentÕs Multi-line Load Balancing. ISDN BRI ports are easier to configure than asynchronous or synchronous ports because the NT1 is integrated in the port. No modem, CSU/DSU, or external terminal adapter is required.

ISDN ports can also be used to do anything that an asynchronous port can be used for except network hardwired. Async or sync usage is autodetected. 56K or 64K speeds are also autodetected. The ISDN ports support synchronous PPP and asynchronous V.120 PPP or SLIP.

ISDN connections can be initiated on an as-needed basis or they can remain active all the time. A dial-out location must be specified in the Location Table for dial-out connections and a dial-in user must be specified in the User Table or RADIUS for dial-in connections.

CHAP is available for dial-in or dial-out authentication. PAP is available for dial-in authentication, and is available for dial-out authentication if the =PAP= Send string is used in the V.25bis dialing script.

The following commands have been added to configure ISDN:

set isdn-switch ni-1|dms-100|5ess|5ess-ptp
set Port spid Number
set Port directory Number

See "Configuring ISDN" for more information on the ISDN commands.

Any 64K ISDN B-channel port can be used as a dial-out ISDN modem. A user can telnet to a ISDN port and then execute a Hayes AT dialing command to connect to a remote ISDN PortMaster, PortMaster ISDN Office Router, or external ISDN modem.

The PortMaster responds to any "AT" command which is not specifically a dial command with an "OK". That way, attempts to set S registers, flow control, or other things needed by analog modems are accepted by the PortMaster but ignored. This allows existing configured dialer software to be used with the PortMaster ISDN port without any changes.

The "AT&N56" command sets the port for 56K operation for this dialout, and the "AT&N64" command sets the port for 64K. The "AT&N0" command attempts to autodetect the available data service, either 56000 or 64000. The "AT&N55" command performs an outbound call using data over voice.

A dial command can be ATDT, ATD or ATDP followed by the phone number. Phone numbers can have dashes "-", commas ",:" or digits in them, ending with a carriage return. Since ISDN does not require pauses in dialing, commas in the phone number are accepted but ignored.

Configuring ISDN

Only three additional things need to be configured on the PortMaster to permit ISDN service. They are: the ISDN Switch type, a Service Profile Identifier (SPID) for each ISDN port, and a directory number(DN) for each ISDN port. All three can be configured from PMconsole 3.3 or from the command line interface. To display ISDN debug information on the console, use the commands:

show isdn
set console
set debug isdn on

To turn off debugging use the commands:

set debug isdn off
reset console
ISDN Switch Type

The ISDN Switch Type can be set to one of four values. Your telephone company can tell you which type its switch is: National ISDN-1 (NI-1), Northern Telecom DMS-100 Custom, AT&T 5ESS Custom Multi-Point, or AT&T 5ESS Custom Point-to-Point. If they have a DMS-100 or 5ESS switch that uses National ISDN-1, treat that as NI-1.

Use one of the following commands to set the switch type. The default is NI-1. If you change the switch type after setting a SPID on a port you must reboot the PortMaster for the change to take effect.

set isdn-switch ni-1
set isdn-switch dms-100
set isdn-switch 5ess
set isdn-switch 5ess-ptp

PMconsole 3.3 does not support the 5ess-ptp switch type, so if you are using 5ESS Point-to-Point you must set the switch type from the command line.

SPID

The Service Profile Identifier (SPID) is a number up to 20 digits long set for each port, which identifies the port to the telephone company. The telephone company can provide you with the SPIDs for each line. If the spid is invalid, "set debug isdn on" can reveal that. An example command is:

set s10 spid 1510555121200

Directory Number

If you set the Directory Number, then an incoming call must match this number to determine which port the call is taken on. It is a 10-digit phone number provided by the telephone company. Either of the following commands are accepted:

set s10 dn 5105551111
set s10 directory 5105551111

Other port configuration

ISDN ports are simpler to configure than asynchronous ports. You never set modem control (carrier detect), flow control or speed on an ISDN port. The PortMaster senses the speed and sets the port to 64000 or 56000 accordingly, flow control isn't needed on a synchronous line since clock is provided by the telephone company, and carrier detect is always used. Refer to the Communications Server Hardware Installation Guide for information on ISDN LED activity.

The ports support both sync and async PPP (V.120). The show port command displays 64000/async if async PPP is in use. The port can be configured for anything an async port can be configured for, except that network hardwired is not supported.

When using the ISDN port for network dial-out, the dial-out location should use a V.25bis script and authenticate using CHAP, but PAP is also available.

Here is a table for what show port displays according to port status:

NO-SERVICE
DCD- CTS- TELCO- NT1-
No SPID set

NO-SERVICE
DCD- CTS- TELCO- NT1+
No cable or no circuit to Telephone Company

NO-SERVICE
DCD- CTS+ TELCO+ NT1+
Cable and ISDN circuit OK but SPID not registered

IDLE
DCD- CTS+ TELCO+ NT1+
SPID registered and ready to use

ESTABLISHED
DCD- CTS+ TELCO+ NT1+
Connecting or providing device service but no carrier sensed

ESTABLISHED
DCD+ CTS+ TELCO+ NT1+
Connected

ESTABLISHED
DCD+ CTS- TELCO+ NT1+
Connected with V.120 async but flow controlled by other end

New RADIUS Attributes

To use the new RADIUS attributes with RADIUS 1.16, upgrade your PortMaster to ComOS 3.3.1 as described below, add the following lines to your /etc/raddb/dictionary file, kill your radiusd daemon and restart it.


ATTRIBUTE	Session-Timeout		27	 integer
ATTRIBUTE	Idle-Timeout		28	 integer
ATTRIBUTE	Called-Station-Id	30	 string
ATTRIBUTE	Calling-Station-Id	31	 string
ATTRIBUTE	Acct-Input-Octets	42	 integer
ATTRIBUTE	Acct-Output-Octets	43	 integer
ATTRIBUTE	NAS-Port-Type		61	 integer
ATTRIBUTE	Port-Limit		62	 integer
VALUE		NAS-Port-Type		Asyn	  0
VALUE		NAS-Port-Type		Sync	  1
VALUE		NAS-Port-Type		ISDN	  2
VALUE		NAS-Port-Type		ISDN-V120 3
VALUE		NAS-Port-Type		ISDN-V110 4

Idle-Timeout is expressed in seconds but is rounded to a minute boundary, and can be any value from 120 (2 minutes) to 14400 (4 hours). Session-Timeout is expressed in seconds but is rounded to a minute, and can be up to a year long. Note that Port-Limit only works with certain types of users; see the New Features section above for restrictions.

Here is an example /etc/raddb/users entry for a network user that is authenticated using a login script or PAP using her password from the UNIX /etc/passwd file, and uses PPP with an address assigned from the PortMaster's dynamic address assignment pool. She is only allowed to connect once concurrently per PortMaster. After 10 minutes (600 seconds) of idle time without any traffic she is disconnected. After 2 hours (7200 seconds) elapsed time she is disconnected regardless of what she's doing.

#
# Example PPP user, address Assigned by PortMaster
#

pam	Password = UNIX
	User-Service-Type = Framed-User,
	Framed-Protocol = PPP,
	Framed-Address = 255.255.255.254,
	Framed-MTU = 1500,
	Idle-Timeout = 600,
	Session-Timeout = 7200,
	Port-Limit = 1

ISDN Basic Rate Interface (BRI) support

ComOS 3.3.3 adds support for Lucent's new 5 BRI ISDN card. Up to two ISDN cards, in addition to a 10-port 115.2 Kbps asynchronous card, are supported in the PortMaster 2E or 2ER.

PortMasters support dial-on-demand ISDN connections using BRI ports and the PPP protocol. Each BRI supports two 64 Kbps B channels for data and one 16 Kbps D channel for signaling. Multiple lines can be used to increase bandwidth, either using Multilink PPP, as defined by RFC 1717, or using Lucent's Multi-line Load Balancing. ISDN BRI ports are easier to configure than asynchronous or synchronous ports because the NT1 is integrated in the port. No modem, CSU/DSU, or external terminal adapter is required.

ISDN ports can also be used to do anything that an asynchronous port can be used for except network hardwired. Async or sync usage is autodetected. 56K or 64K speeds are also autodetected. The ISDN ports support synchronous PPP and asynchronous V.120 PPP or SLIP.

ISDN connections can be initiated on an as-needed basis or they can remain active all the time. A dial-out location must be specified in the Location Table for dial-out connections and a dial-in user must be specified in the User Table or RADIUS for dial-in connections.

CHAP is available for dial-in or dial-out authentication. PAP is available for dial-in authentication, and is available for dial-out authentication if the =PAP= Send string is used in the V.25bis dialing script.

The following commands have been added to configure ISDN:

set isdn-switch ni-1|dms-100|5ess|5ess-ptp
set Port spid Number
set Port directory Number

See "Configuring ISDN" for more information on the ISDN commands.

Any 64K ISDN B-channel port can be used as a dial-out ISDN modem. A user can telnet to a ISDN port and then execute a Hayes AT dialing command to connect to a remote ISDN PortMaster, PortMaster ISDN Office Router, or external ISDN modem.

The PortMaster responds to any "AT" command which is not specifically a dial command with an "OK". That way, attempts to set S registers, flow control, or other things needed by analog modems are accepted by the PortMaster but ignored. This allows existing configured dialer software to be used with the PortMaster ISDN port without any changes.

The "AT&N56" command sets the port for 56K operation for this dialout, and the "AT&N64" command sets the port for 64K. The "AT&N0" command attempts to autodetect the available data service, either 56000 or 64000. The "AT&N55" command performs an outbound call using data over voice.

A dial command can be ATDT, ATD or ATDP followed by the phone number. Phone numbers can have dashes "-", commas "," or digits in them, ending with a carriage return. Since ISDN does not require pauses in dialing, commas in the phone number are accepted but ignored.

Configuring ISDN

Only three additional things need to be configured on the PortMaster to permit ISDN service. They are: the ISDN Switch type, a Service Profile Identifier (SPID) for each ISDN port, and a directory number(DN) for each ISDN port. All three can be configured from PMconsole 3.3 or from the command line interface. To display ISDN debug information on the console, use the commands:

show isdn
set console
set debug isdn on
To turn off debugging use the commands:
set debug isdn off
reset console

ISDN Switch Type

The ISDN Switch Type can be set to one of four values. Your telephone company can tell you which type its switch is: National ISDN-1 (NI-1), Northern Telecom DMS-100 Custom, AT&T 5ESS Custom Multi-Point, or AT&T 5ESS Custom Point-to-Point. If they have a DMS-100 or 5ESS switch that uses National ISDN-1, treat that as NI-1.

Use one of the following commands to set the switch type. The default is NI-1. If you change the switch type after setting a SPID on a port you must reboot the PortMaster for the change to take effect.

set isdn-switch ni-1
set isdn-switch dms-100
set isdn-switch 5ess
set isdn-switch 5ess-ptp

PMconsole 3.3 does not support the 5ess-ptp switch type, so if you are using 5ESS Point-to-Point you must set the switch type from the command line.

SPID

The Service Profile Identifier (SPID) is a number up to 20 digits long set for each port, which identifies the port to the telephone company. The telephone company can provide you with the SPIDs for each line. If the spid is invalid, "set debug isdn on" can reveal that. An example command is:

set s10 spid 1510555121200

Directory Number

If you set the Directory Number, then an incoming call must match this number to determine which port the call is taken on. It is a 10-digit phone number provided by the telephone company. Either of the following commands are accepted:

set s10 dn 5105551111
set s10 directory 5105551111

Other port configuration

ISDN ports are simpler to configure than asynchronous ports. You never set modem control (carrier detect), flow control or speed on an ISDN port. The PortMaster senses the speed and sets the port to 64000 or 56000 accordingly, flow control isn't needed on a synchronous line since clock is provided by the telephone company, and carrier detect is always used. Refer to the Communications Server Hardware Installation Guide for information on ISDN LED activity.

The ports support both sync and async PPP (V.120). The show port command displays 64000/async if async PPP is in use. The port can be configured for anything an async port can be configured for, except that network hardwired is not supported.

When using the ISDN port for network dial-out, the dial-out location should use a V.25bis script and authenticate using CHAP, but PAP is also available.

Here is what show port displays according to port status:

NO-SERVICE
DCD- CTS- TELCO- NT1-
No SPID set

NO-SERVICE
DCD- CTS- TELCO- NT1+
No cable or no circuit to Telephone Company

NO-SERVICE
DCD- CTS+ TELCO+ NT1+
Cable and ISDN circuit OK but SPID not registered

IDLE
DCD- CTS+ TELCO+ NT1+
SPID registered and ready to use

ESTABLISHED
DCD- CTS+ TELCO+ NT1+
Connecting or providing device service but no carrier sensed

ESTABLISHED
DCD+ CTS+ TELCO+ NT1+
Connected

ESTABLISHED
DCD+ CTS- TELCO+ NT1+
Connected with V.120 async but flow controlled by other end

New RADIUS Attributes

To use the new RADIUS attributes with RADIUS 1.16, upgrade your PortMaster to ComOS 3.3.1 as described below, add the following lines to your /etc/raddb/dictionary file, kill your radiusd daemon and restart it.


ATTRIBUTE	Session-Timeout		27	  integer
ATTRIBUTE	Idle-Timeout		28	  integer
ATTRIBUTE	Called-Station-Id	30 	  string
ATTRIBUTE	Calling-Station-Id	31	  string
ATTRIBUTE	Acct-Input-Octets	42	  integer
ATTRIBUTE	Acct-Output-Octets	43	  integer
ATTRIBUTE	NAS-Port-Type		61	  integer
ATTRIBUTE 	Port-Limit		62	  integer
VALUE		NAS-Port-Type		Async 	  0
VALUE		NAS-Port-Type		Sync 	  1
VALUE		NAS-Port-Type		ISDN 	  2
VALUE		NAS-Port-Type		ISDN-V120 3
VALUE 		NAS-Port-Type		ISDN-V110 4

Idle-Timeout is expressed in seconds but is rounded to a minute boundary, and can be any value from 120 (2 minutes) to 14400 (4 hours). Session-Timeout is expressed in seconds but is rounded to a minute, and can be up to a year long. Note that Port-Limit only works with certain types of users; see the New Features section above for restrictions.

Here is an example /etc/raddb/users entry for a network user that is authenticated using a login script or PAP using her password from the UNIX /etc/passwd file, and uses PPP with an address assigned from the PortMaster's dynamic address assignment pool. She is only allowed to connect once concurrently per PortMaster. After 10 minutes (600 seconds) of idle time without any traffic she is disconnected. After 2 hours (7200 seconds) elapsed time she is disconnected regardless of what she's doing.

#
# Example PPP user, address Assigned by PortMaster
#

pam	Password = "UNIX"
	User-Service-Type = Framed-User,
	Framed-Protocol = PPP,
	Framed-Address = 255.255.255.254,
	Framed-MTU = 1500,
	Idle-Timeout = 600,
	Session-Timeout = 7200,
	Port-Limit = 1

Memory Requirements

3.3.2 and 3.3.3

If you are installing a MOD-10I-U or MOD-10I-ST expansion card into a PM-2E-20 you should first install four megabytes of memory. This is the only hardware configuration that requires additional memory in ComOS 3.3.2 or 3.3.3. For instructions on upgrading the memory see the Communications Server Hardware Installation Guide.

3.3.3 and 3.3.1

Release 3.3.3 and 3.3.1 function on all existing PortMasters in about the same memory as release 3.1.4. Memory considerations are only required when adding ISDN modules to the PM-2E chassis.

PM-2E-10 + 1 ISDN
Async:10
Sync: 0
ISDN: 10
Base Memory: 850K

PM-2E-10 + 2 ISDN
Async:10
Sync: 0
ISDN: 20
Base Memory: 900K

PM-2E-20 + 1 ISDN
Async:20
Sync: 0
ISDN: 10
Base Memory: 925K

PM-2ER-10 + 1 ISDN
Async:10
Sync: 1
ISDN: 10
Base Memory: 875K

PM-2ER-10 + 2 ISDN
Async:10
Sync: 1
ISDN: 20
Base Memory: 925K

PM-2ER-20 + 1 ISDN
Async:20
Sync: 1
ISDN: 10
Base Memory: 950K

If SNMP is used an additional 50K is used. If IPX is used an additional 20K is used.

In addition to the base and module memory required, memory is used to manage each table within the PortMaster. The most common table requiring memory is the routing table. 5K per 100 routes should be budgeted. With these guidelines the standard 1MB (1024K) should work on most configurations. If user entries are being managed on the PM-2ER-20 + 1 ISDN and IPX and SNMP are required, the PortMaster should be upgraded to 4MB (4096K).

The PortMaster auto-detects the physical installed memory. 30-pin 70ns SIMMs are required, and there must be 4 SIMMs, all of them either 256K, 1MB, or 4MB. Mixing SIMMs is not supported.

Upgrade Instructions

If you are upgrading from ComOS 2.3 or 2.4 to 3.3.3, you must first upgrade to ComOS 3.0.4, reboot, then upgrade to 3.3.3.

If you have any port speeds set to 115200, upgrade to ComOS release 3.3.3. and downgrade to any release before 3.3.2 you must set the port speeds again after downgrading.

WARNING! YOU MUST USE PMINSTALL VERSION 3.3.1 OR LATER TO PERFORM THIS UPGRADE! If you are upgrading using PMconsoleª for Windows, you must use PMconsole for Windows version 1.1 or later.

The 3.3.3 upgrade image is available for the PortMaster 2, 2E, 2ER, and 2R at ftp://ftp.livingston.com/pub/le/upgrades/pm2_3.3.3 and for the PortMaster 25 at ftp://ftp.livingston.com/pub/le/upgrades/pm25_3.3.3.

ComOS 3.3.3 uses the same RADIUS dictionary file as ComOS 3.3.2. The dictionary file is available at ftp://ftp.livingston.com/pub/le/radius/dictionary.

The installation software can be FTPed from ftp://ftp.livingston.com/pub/le/software/system/tarfile.

umask 22
mkdir /usr/portmaster
cd /usr/portmaster
tar xvf tarfile
./pminstall

To upgrade a PM-2, PM-2E, PM-2ER, or PM-2R to ComOS 3.3.3, run pminstall and choose the Upgrade PortMaster option, choose pm2_3.3.3 from the menu of upgrade choices, enter your PortMaster's hostname or IP address, and enter your PortMasterÕs administrative password. pminstall upgrades your PortMaster to ComOS 3.3.3.

To upgrade a PM-25 follow the above instructions except choose pm25_3.3.3 from the menu of upgrade choices instead of pm2_3.3.3.

The upgrade does not affect your stored configuration in the PortMaster. If you would like to backup your PortMaster configuration before upgrading, run pmreadconf:

cd /usr/portmaster
./pmreadconf pmname pmpassword data/pmname.conf
chmod 600 data/pmname.conf

Copyright and Trademarks

© Copyright 1997 Lucent Technologies, Inc. All rights reserved.

The product names, "ComOS," "IRX," "PortMaster," "PMconsole," and "RADIUS" are trademarks belonging to Lucent Technologies, Inc.

All brand product names mentioned in this document are trademarks or registered trademarks of their respective manufacturers.

Notices

Lucent Technologies, Inc. makes no representations or warranties with respect to the contents or use of this manual, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Lucent Technologies, Inc. reserves the right to revise this publication and to make changes to its content, any time, without obligation to notify any person or entity of such revisions or changes.

Contacting Lucent InterNetworking Systems Technical Support

Every Lucent PortMaster or IRX¿ product comes with a one year hardware warranty. Lucent Technologies provides technical support via voice, FAX, and electronic mail. Technical support is available Monday through Friday 6am-5pm Pacific Time (GMT-8).

To contact Lucent InterNetworking Systems technical support by voice, dial 1-800-458-9966 within the US or 1-510-426-0770 outside the US, by FAX, dial 1-510-426-8951, by electronic mail, send mail to support@livingston.com, and through the World Wide Web at http://www.livingston.com/.