ComOS 3.5 Release Note

For PM-2, PM-25, IRX, and OR

Introduction

The new Lucent Technologies ComOS 3.5 software release is now available for the PortMaster 2, PortMaster 25, PortMaster IRX, and PortMaster Office Router.

This release note documents commands and features in ComOS release 3.5 in addition to those described in the Command Line Administrator's Guide. All Lucent manuals are available in PostScript and Adobe Acrobat PDF format on ftp://ftp.livingston.com/pub/le/doc/manuals/.

Note - You must use PMconsole 3.5.1 when upgrading to ComOS 3.5; see "Upgrade Instructions" after reading "Memory Requirements", below.

Contents

New Features in ComOS 3.5

ComOS 3.5 includes the following new features:

  • Variable Length Subnet Masks. In previous releases ComOS required the same netmask to be used for all subnets of a network. In release 3.5, variable length subnet masks (VLSM) are supported. To ease the transition, the command "set user-netmask off" is available; see below for details.
  • OSPF. See the OSPF chapter in the Command Line Administrator's Guide, which is available in printed form or in PostScript and Adobe Acrobat PDF format on ftp://ftp.livingston.com/pub/le/doc/manuals/.
  • The "add route" command supports VLSM.
  • The "show routes" command can show specific networks.
  • RADIUS can now be used to authenticate administrative logins.
  • Syslog messages can now be directed to facilities other than AUTH.
  • Easier commands for erasing flash memory.
  • Support for VLSM in RADIUS Framed-Route.
  • RADIUS Accounting entries are retransmitted sooner.
  • RADIUS now supports passwords up to 48 characters in length.
  • The size of the Assigned Address Pool can be set with the "set pool" command.
  • The ARP cache has been increased from 24 to 96 entries.
  • Debug statements can now be timestamped.

Variable Length Subnet Masks

ComOS release 3.5 supports Variable Length Subnet Masks. In previous releases ComOS required the same netmask to be used for all subnets of a network. In release 3.5, variable length subnet masks (VLSM) are supported. To ease the transition, the command "set user-netmask off" treats all netmasks specified in the User Table or RADIUS as though they were 255.255.255.255, the way earlier releases did. The command "set user-netmask on" adds routes based on the specified netmask. The default is off.

In ComOS 3.3.3 and earlier the PortMaster always used 255.255.255.255 for the user's Framed-IP-Netmask, regardless of the value of the attribute. ComOS 3.5 adds support for Variable Length Subnet Masks (VLSM), but by default ignores the Framed-IP-Netmask the same way earlier releases did. To have ComOS 3.5 accept the netmask value, issue the following commands on the PortMaster:

set user-netmask on
save all

After user-netmask is set on, the PortMaster uses the actual value of the Framed-IP-Netmask to update the routing table when a user logs in.

Use caution with this feature, because it affects both routing and Proxy ARP on the PortMaster.

If you want to route to that one host, use the attribute

	Framed-IP-Netmask = 255.255.255.255

You should always use netmask 255.255.255.255 when using the PortMaster assigned address pool (or omit the attribute, which defaults to 255.255.255.255).

If you want to route to an entire 24-bit subnet, you use

	Framed-IP-Netmask = 255.255.255.0

"add route" command supports VLSM

Static Routes support VLSM. For example, to add a route to the 192.168.1.32/27 subnet through gateway 192.168.1.1 with metric 2 you would use the command

add route 192.168.1.32/27 192.168.1.1 2

OSPF

ComOS 3.5 supports the Open Shortest Path First (OSPF) routing protocol.

See the OSPF Chapter in the Command Line Administrator's Guide, available in printed form or in PostScript and Adobe Acrobat PDF format on ftp://ftp.livingston.com/pub/le/doc/manuals/. Some additional commands were added after that manual went to press and are documented in ftp://ftp.livingston.com/pub/le/doc/notes/ospf.txt and here.

Virtual links are not supported, meaning that all PortMasters running OSPF must either be in one area, or have at least one interface in area 0.

When injecting RIP routes into OSPF, ComOS 3.5 includes the RIP gateway as the gateway.

Before configuring OSPF, you must enter the following commands.

set ospf enable
save all
reboot

reset ospf

The "reset ospf" command resets the OSPF router engine in the PortMaster. You must enter this command after making changes to the PortMaster's OSPF configuration.

OSPF cost, hello-interval, dead-time

OSPF cost, hello-interval, and dead-time can be configured by interface.

Note - The value for cost, hello-interval, and dead-time must be the same for all routers attached to a common network.

set Ether0 ospf on cost Number

This command sets the cost of sending a packet on the interface, expressed in the link state metric. Number is a number from 1 to 65535. The default value is1. Example: set ether0 ospf on cost 2

set Ether0 ospf on hello-interval Number

This command sets how often the hello packet is transmitted; the interval can be any value from 10 to 120 seconds. The default value of hello-interval is 10 seconds. Example: set ether0 ospf on hello-interval 40

set Ether0 ospf on dead-time Number

This command sets the number of seconds the PortMaster will wait after ceasing to receive a neighbor router's hello packets before marking the remote router as down. The range is 40 to 1200 seconds. The default value is 40 seconds. Example: set ether0 ospf on dead-time 60

"show routes" command can show specific networks

The "show routes" command now accepts an optional argument to only display routes that match that argument. For example, "show routes 172.16" only shows routes that contain "172.16".

RADIUS for administrative logins

The PortMaster now supports Service-Type Administrative-User and NAS-Prompt-User.

In previous releases, the !root administrative login granted full control to the PortMaster. While !root remains, ComOS 3.5 adds the ability to authenticate administrative logins with RADIUS to provide two classes of users:

  • administrative users with full configuration ability (everything that !root can do)
  • read-only administrative users who cannot change the configuration, but can reset ports, reboot, set debug flags, and show status.

Now, rather than requiring everyone in a Network Operations Center (NOC) to know the global administrative passwords to all your PortMasters, you can create individual accounts to track access and limit configuration changes to appropriate personnel, if desired.

In ComOS 3.5 and later, if a RADIUS Access-Accept returns a Service-Type of Administrative-User (6), the PortMaster treats it as a !root login. If a RADIUS Access-Accept returns a Service-Type of NAS-Prompt-User, a restricted administrative login is granted that has permission to use the following commands:

  • ifconfig
  • ping
  • ptrace
  • reboot
  • reset
  • set console
  • set debug
  • show
  • traceroute
  • Any other commands that do not affect the configuration

A NAS-Prompt-User does not have access to the following commands: add, delete, erase, save, tftp, or any set commands other than "set debug" and "set console".

To enable this feature on your RADIUS server:

If running RADIUS 1.16, modify /etc/raddb/dictionary to include the following two lines; then kill and restart radiusd:

VALUE	User-Service-Type	Administrative-User	6
VALUE	User-Service-Type	NAS-Prompt-User		7

If running RADIUS 2.0, modify /etc/raddb/dictionary to add the following line (it already has a definition for Administrative-User); then kill and restart radiusd:

VALUE	Service-Type		NAS-Prompt-User		7

Here are two examples (for RADIUS 2.0) of /etc/raddb/users file entries to illustrate:

!pmmon  	Password = "dontuseth1s"
		Service-Type = NAS-Prompt-User

!pmconfig	Auth-Type = System, Prefix = "!"
		Service-Type = Administrative-User

Caution - If you are using your RADIUS server with a combination of Lucent products and other vendors' products, confirm that they either do not use these two Service-Types or that their use is compatible.

Syslog messages can be redirected

In releases prior to ComOS 3.5, packet filter logging went to the loghost at AUTH facility and NOTICE priority, and all other logging was done to the AUTH facility at INFO priority. In ComOS 3.5, the facility and priority can be set for each of five types of logged events.

To display the current syslog settings, use the "show syslog" command. The default settings are displayed in this example:

Command> show syslog
   Syslog Configuration Settings
    admin-logins: auth.info
     user-logins: auth.info
  packet-filters: auth.notice
        commands: disabled
     termination: disabled

To change the syslog settings, use the "set syslog Logtype Where" command. Logtype is one of the following: admin-logins, user-logins, packet-filters, commands, or termination. Where is either the keyword "disabled", indicating not to send that type of message to syslog, or a facility and priority separated by a period. For example, to log all commands issued on the PortMaster to the LOCAL0 facility at DEBUG priority use the command

Command> set syslog commands local0.debug

The five areas you can set logging for are defined as follows:

Logtype Description
admin-logins !root and administrative logins
user-logins Non-administrative logins (You might want to disable this if you already use RADIUS Accounting.)
packet-filters Packets that match rules with the "log" keyword
commands Every command entered at the command line interface
termination More detailed information on how user sessions terminate (See the ComOS 3.3.2 Release Notes.)

The facilities and priorities are defined as follows. Lucent recommends that you use the AUTH facility or LOCAL0 through LOCAL7 facilities for receiving syslog messages from PortMasters, but all the facilities are provided. See your operating system documentation for information on configuring syslog on your host.

Facility Number
kern 0
user 1
mail 2
daemon 3
auth 4
syslog 5
lpr 6
news 7
uucp 8
cron 15
local0 16
local1 17
local2 18
local3 19
local4 20
local5 21
local6 22
local7 23

The following priorities are available:

Pri Number Typically Used for
emerg 0 system is unusable
alert 1 action must be taken immediately
crit 2 critical messages
err 3 error messages
warning 4 warning messages
notice 5 normal but significant message
info 6 informational message
debug 7 debug-level messages

Flash erasure commands

For more information on these commands see the "General Commands" chapter of the Command Line Administrator's Guide. ComOS 3.5 has a set of commands for erasing all or part of the nonvolatile flash memory of the PortMaster. erase configuration does what "set register 0xffff 0x0102" used to do.

Command Use
erase all-flash Erases all the nonvolatile memory in the PortMaster including the configuration and ComOS.
erase comos Erases the ComOS that the PortMaster boots from. erase configuration Erases the configuration, returning the PortMaster to factory defaults after its next reboot.
erase file String Erase the specified file from configuration nonvolatile memory, see "show files" for a list.
erase partition Number Use this command only if told to do so by Lucent InterNetworking Systems Technical Support.

RADIUS Framed-Route supports VLSM

ComOS release 3.5 supports the subnet length specifier in RADIUS Framed-Route attributes. For example:

	Framed-Route = "192.168.1.32/28 192.168.1.33 1"

RADIUS Accounting retransmits sooner

RADIUS Accounting packets are now retransmitted every 30 seconds. The Authenticator field in a retransmitted Accounting-Request is now calculated using the method specified in the current RADIUS specification.

RADIUS now supports passwords up to 48 characters in length

RADIUS now supports user passwords up to 48 characters in length. The RADIUS 1.16 and RADIUS 2.0 servers support passwords up to 16 characters in length; a future release of the Lucent RADIUS server will support passwords up to 48 characters long.

Assigned pool size

The PortMaster allocates a pool of IP addresses starting at the Assigned Address base value (set from the global menu or by the "set assigned" command) and counting up. The total number of addresses is equal to the number of ports configured for Network Dialin. If someone dials in and requests an unused address from the pool, that is assigned; if someone dials in and requests any address, the next address from the pool is assigned, if someone disconnects, their address is placed at the end of the pool for reuse.

In ComOS 3.5, the size of the pool can also be set explicitly with the "set pool Number" command, where Number is the number of IP addresses to allocate for the pool. If the pool size is decreased, the PortMaster must be rebooted for the change to take effect.

Increased ARP cache

The Ethernet ARP cache has been increased from 24 entries to 96, to improve performance.

Debug timestamps

The command "set debug clock on" time-stamps console debug messages using the time since last reboot, specified in days, hours, minutes, seconds, and hundredths of a second. To turn the timestamps off use the command "set debug clock off".

Bug Fixes in ComOS 3.5

The following bugs are fixed in ComOS 3.5:

  • Three small memory leaks are fixed.
  • In previous releases, if both B channels on a BRI were active and the BRI was provisioned for "Additional Call Offering" and a voice call came in, a B channel was set to idle. In ComOS 3.5, the PortMaster properly refuses the call.
  • In previous releases, if a synchronous PPP device called in and the PortMaster missed the first PPP packet, after one second the PortMaster sent a V.120 frame to wake up the device. Some devices treated the V.120 frame as an invalid protocol and hung up. In ComOS 3.5, the PortMaster waits five seconds before sending the V.120 frame, because the PPP specification requires the device to retransmit within three seconds.
  • The Omron ME2814BII modem drops CTS for less than 80 microseconds. In a previous release, the PortMaster detected the drop but not the rise 1/12500 second later, causing the PortMaster to flow control the port and hang the session. This behavior has not been detected on any other brand of modem, but ComOS 3.5 now handles it properly.

Memory Requirements

The following section discusses memory requirements for ComOS 3.5 in general terms; actual memory usage depends on the configuration and use of your PortMaster. For instructions on upgrading memory see the installation guide for the product. All installation guides are available on the Total Access CD, in PDF format on the Lucent InterNetworking Systems web site www.livingston.com, and in PDF and PostScript format on the Lucent InterNetworking Systems FTP site ftp.livingston.com.

All models of the PortMaster Office Router have 1MB of nonupgradable memory, which is sufficient for ComOS 3.5L.

All models of the PortMaster IRX have 1MB of memory, which is sufficient for ComOS 3.5R unless you are using OSPF with very large networks.

For the PortMaster 2 and PortMaster 25 use the following guidelines to estimate memory usage.

Model Async Sync ISDN Base Memory
PM-25 25 0 0 780KB
PM-2E-30 30 0 0 800KB
PM-2E-10 + 1 ISDN 10 0 10 860KB
PM-2E-10 + 2 ISDN 10 0 20 910KB
PM-2E-20 + 1 ISDN 20 0 10 935KB
PM-2ER-10 + 1 ISDN 10 1 10 885KB
PM-2ER-10 + 2 ISDN 10 1 20 935KB
PM-2ER-20 + 1 ISDN 20 1 10 960KB
  • If SNMP is used, an additional 50KB is required.
  • If IPX is used, an additional 20KB is required, plus memory for SAP and RIP.
  • If RIP is used, 5KB for every 100 RIP routes should be added.
  • If OSPF is used, an additional 50KB is required, plus 5KB for every 40 routes.
  • If any other tables are used, such as the User Table or Location Table, those require additional memory.

The PortMaster auto-detects the physical installed memory. Four 30-pin 70ns parity SIMMs are required, either 256KB, 1MB, or 4MB. Mixing of SIMMs is not supported. They can be either 3-chip or 9-chip SIMMs.

Upgrade Instructions

WARNING! YOU MUST USE PMINSTALL VERSION 3.5.1 OR LATER TO PERFORM THIS UPGRADE! If you are upgrading using PMconsole for Windows, you must use PMconsole for Windows version 3.5.1.1 or later.

If you are upgrading from ComOS 2.3 or 2.4 to ComOS 3.5, you must first upgrade to ComOS 3.0.4, reboot, then upgrade to ComOS 3.5.

If you have any port speeds set to 115200 and upgrade to ComOS release 3.5. and then downgrade to any release before 3.3.2, you must set the port speeds again after downgrading.

The installation software can be retrieved by FTP from ftp://ftp.livingston.com/pub/le/software/system/tarfile.tar.Z, replacing system and tarfile.tar.Z with the actual names of the files.

/pub/le/software/ Operating System
bsdi/pm_3.5.1_BSDOS_2.0.tar.Z BSD/OS 2.0 and 2.1
sgi/pm_3.5.1_IRIX_5.2.tar.Z SGI Irix 5.2
linux/pm_3.5.1_Linux.tar.Z Linux 1.2.13 ELF
rs6000/pm_3.5.1_RS6000_4.1.tar.Z RS6000 AIX 4.1 (no longer 3.2.5)
alpha/pm_3.5.1_alpha_T3.0.tar.Z Digital Alpha OSF/1 T3.0
hp/pm_3.5.1_hp9000_10.01.tar.Z HP 9000 HP/UX 10.01
sun4/pm_3.5.1_sun4.tar.Z SunOS 4.1.4, 5.5.1 on Sparc
sun86/pm_3.5.1_sun86_5.5.tar.Z Solaris/X86 2.5.1
pc/pmw3511.exe Windows 95 and Windows NT 4.0

You can FTP the upgrade image at the same time. This example shows an administrator retrieving the SunOS pminstall and PortMaster 2 upgrade image.

umask 22 mkdir /usr/portmaster cd /usr/portmaster ftp ftp.livingston.com (Enter anonymous) (Enter your e-mail address; it will not echo.) binary cd /pub/le/software/sun4 get pm_3.5.1_sun4.tar.Z pm.tar.Z cd /pub/le/upgrades get pm2_3.5 quit tar xvf pm.tar rm pm.tar mv pm2_3.5 data ./pminstall

PMconsole 3.5.1.1 for Windows 95 and Windows NT 4.0 is available on ftp://ftp.livingston.com/pub/le/software/pc/pmw3511.exe in a self-extracting file. FTP that file, run the file to install PMconsole for Windows, move the upgrade file into the data directory, run PMconsole for Windows, and click on the Upgrade button.

The upgrade images are at ftp://ftp.livingston.com/pub/le/upgrades/.

ComOS Upgrade Image Product
3.5 pm2_3.5 PortMaster 2, 2E, 2ER, 2R, 2i, 2E-10I
3.5 pm25_3.5 PortMaster 25
3.5R irx_3.5R IRX-111, 112, 114, 211
3.5L or_3.5L OR-M, U, ST, LS and HS

ComOS 3.5 uses the same RADIUS dictionary file as ComOS 3.3.3, with the addition of the NAS-Prompt-User. An updated dictionary file is available for RADIUS 1.16 and RADIUS 2.0 at ftp://ftp.livingston.com/pub/le/radius/dictionary.

The upgrade does not affect your stored configuration in the PortMaster. If you would like to backup your PortMaster configuration before upgrading, run pmreadconf:

cd /usr/portmaster
./pmreadconf pmname pmpassword data/pmname.conf
chmod 600 data/pmname.conf

Copyright and Trademarks

© Copyright 1997 Lucent Technologies, Inc. All rights reserved.

The product names, "ComOS," "IRX," "PortMaster," "PMconsole," and "RADIUS" are trademarks belonging to Lucent Technologies, Inc.

All brand product names mentioned in this document are trademarks or registered trademarks of their respective manufacturers.

Notices

Lucent Technologies, Inc. makes no representations or warranties with respect to the contents or use of this manual, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Lucent Technologies, Inc. reserves the right to revise this publication and to make changes to its content, any time, without obligation to notify any person or entity of such revisions or changes.

Contacting Lucent InterNetworking Systems Technical Support

Every Lucent PortMaster or IRX¿ product comes with a one year hardware warranty. Lucent Technologies provides technical support via voice, FAX, and electronic mail. Technical support is available Monday through Friday 6am-5pm Pacific Time (GMT-8).

To contact Lucent InterNetworking Systems technical support by voice, dial 1-800-458-9966 within the US or 1-510-426-0770 outside the US, by FAX, dial 1-510-426-8951, by electronic mail, send mail to support@livingston.com, and through the World Wide Web at http://www.livingston.com/.