1999/08/03 ComOS 4.1 Release Note Introduction The new Lucent Technologies ComOS® 4.1 software release is now available for general availability (GA) for the PortMaster® 4 Integrated Access Server. This release note applies only to the PortMaster 4. This release is provided at no charge to all Lucent customers. This GA release is recommended for any customer using a PortMaster 4. This release note documents commands and features added between ComOS 4.0.3 and ComOS 4.1 on the PortMaster 4. This release contains the same modem code as ComOS 4.0.3c2 for the PortMaster 4. Before upgrading, thoroughly read "Limitations" and "Upgrade Instructions." NOTE: If you downgrade from ComOS 4.1 to ComOS 4.0.3c2 or earlier, you must perform the downgrade process twice because of changes in the nonvolatile memory layout in ComOS 4.1. Contents Introduction Bugs Fixed in ComOS 4.1 New Features in ComOS 4.1 Dual and Single Ethernet Boards Non-Facility Associated Signaling (NFAS) RIP Version 2 Enhanced OSPF Area Range Signaling System 7 Intermachine Trunk (SS7 IMT) Layer 2 Tunneling Protocol (L2TP) Named IP Address Pools Crossbar IP Local IP Interface NAS Port Details Multilink Accounting Session ID Unique Accounting Session ID IPX Support Modem Enhancements Call-Check on MFR2 MFR2 for Saudi Arabia IGMP Proxy Temperature Threshold Setting "show bootlog" Command "set Line0 off" Command "show isdn" and "reset D0" Commands "set M0 off" Command New Board Identifiers Enhanced "show" Commands "set chassis-type" Command New SNMP Trap Information Enhanced PMVision support Configuring NFAS Configuring RIP-2 Configuring SS7 IMT Configuring L2TP Configuring Named IP Address Pools Configuring Crossbar IP Limitations Upgrade Instructions Technical Support Bugs Fixed in ComOS 4.1 The following bugs are fixed in ComOS 4.1. Multiple Dial-Ins Fixed In ComOS 4.1b14, Point-to-Point Protocol (PPP) dial-in users sometimes had to dial in multiple times before obtaining a successful connection. This problem is fixed in ComOS 4.1. Improved Modem Support This release includes the modem code from ComOS 3.8.2c2 and ComOS 4.0.3c2, which fixes the following modem bugs: * A NO EC (no error control) connection problem with Cirrus Logic modems is fixed. * Performance with Cirrus Logic modems is improved. * The number of rate renegotiations with USR/3Com and Cirrus Logic modems has been reduced because ComOS now allows the client to specify spectral shaping. * Rate renegotiation and retrain problems with USR/3Com and Rockwell HCF clients are fixed. * Connectability with USR/3Com and Rockwell HCF modems and LT Winmodems is improved. * A downward spiraling upstream rate caused by an incorrect Link Access Procedure for Modems (LAPM) error check is fixed. * The number of disconnections due to LAPM retrains within a retrain is reduced. * Rate reduction due to LAPM errors has been made less sensitive. * Motorola SM56 modems can now connect with V.90. * A V.90-to-V.34 fallback problem, which can result in a disconnection, is fixed by earlier V.34 detection. * A-law V.90 connectability is improved. * K56flex connectability is improved by an increase in a K56flex timeout. European PRI Net5 Layer 2 Bug Fixed The Net5 Layer 2 bug fixed in ComOS 4.0.3 is also fixed in ComOS 4.1. When using the Net5 ISDN Primary Rate Interface (PRI) switch type, the PortMaster 4 now attempts to activate Layer 2 if it is inactive during a dial-out attempt or when an inbound call arrives. In ComOS 4.0, if a Net5 ISDN PRI switch initiated a Layer 2 inactive state, the PortMaster 4 did not activate Layer 2 again before attempting an outbound call, and the call failed. Likewise, if Layer 2 was down and an inbound call arrived, the PortMaster 4 did not activate Layer 2 and did not answer the call. "show sessions" Output Corrected In a previous release the "show sessions" command sometimes incorrectly displayed the start or idle timer as 99 days. This problem is fixed. RADIUS User-Password fixed The RADIUS User-Password sent in an access-request packet is no longer corrupted. Corrected E1 Numbering Fractional E1 channel numbering is now correct. ICMP Message and the DF bit The PortMaster 4 now sends an Internet Control Message Protocol (ICMP) Destination Unreachable message to the source host when the PortMaster cannot forward a packet with the Don't Fragment (DF) bit set onto a interface that has a smaller maximum transmission unit (MTU). Back To TOP New Features in ComOS 4.1 The following commands and features have been added in ComOS 4.1. The following information is also available in the "PortMaster 4 Configuration Guide" and "PortMaster 4 Command Line Reference." Dual and Single Standalone Ethernet Boards The dual-interface Ethernet module (PM4-100E-2P, Dual 10/100 Ethernet Board) provides an additional two 10/100Mbps Ethernet interfaces. The dual-interface Ethernet module must be inserted into slot 3. The configuration is the same as for Ether0 or Ether1 and supports the same routing protocols. Interface numbering for the dual-interface Ethernet module is Ether30 and Ether31. The single-interface Ethernet board (PM4-100E-1P, Single 10/100 Ethernet Board) provides an additional 10/100Mbps Ethernet interface. It can be inserted into any available slot except slot 4, which is reserved for the primary system manager module (SMM). Interface numbering is as follows: Ether00 Single-interface Ethernet board in slot 0 Ether10 Single-interface Ethernet board in slot 1 Ether20 Single-interface Ethernet board in slot 2 Ether30 Single-interface Ethernet board or dual-interface Ethernet module in slot 3 Ether31 Dual-interface Ethernet module in slot 3 Ether50 Single-interface Ethernet board in slot 5 Ether60 Single-interface Ethernet board in slot 6 Ether70 Single-interface Ethernet board in slot 7 Ether80 Single-interface Ethernet board in slot 8 Ether90 Single-interface Ethernet board in slot 9 Although physically installed in slot 3, the Ether31 interface is monitored and reset through virtual slot 11. Back To TOP Non-Facility Associated Signaling (NFAS) Non-facility associated signaling (NFAS) is a service offered by telephone companies that permits a single D channel to provide the signaling for a group of PRIs. This service allows the channel that is normally used for signaling on the remaining PRIs to be used as a B channel. Because combining the signaling onto a single D channel increases the consequences if communication with that channel fails, some telephone companies use the D channel backup (DCBU) system. DCBU requires two D channels per NFAS group, one as a primary and one as a secondary. The Lucent ComOS implementation of NFAS supports both standard NFAS and NFAS with DCBU across up to 20 PRIs. See the section titled "Configuring NFAS" for NFAS configuration information. Back To TOP RIP Version 2 ComOS 4.1 adds support for RIP version 2 (RIP-2). RIP-2 adds netmasks, next-hop information, and authentication to RIP. While OSPF is often a better choice of routing protocol, some environments prefer RIP-2. See the section titled "Configuring RIP-2" for RIP-2 configuration information. Back To TOP Enhanced OSPF Area Range OSPF areas now support 16 OSPF range entries. Back To TOP Signaling System 7 Intermachine Trunk (SS7 IMT) ComOS 4.1 on the PortMaster 4 can communicate with a Signaling System 7 (SS7) signaling gateway through Q.931+ protocol to receive calls over an intermachine trunk (IMT). See the section titled "Configuring SS7 IMT" for SS7 IMT configuration information. Back To TOP Layer 2 Tunneling Protocol (L2TP) ComOS 4.1 on the PortMaster 4 supports Layer 2 Tunneling Protocol (L2TP) as both an L2TP access concentrator (LAC) and an L2TP network server (LNS). A PortMaster 4 can support up to 100 tunnels. A Quad T1 board supports up to 64 L2TP sessions when configured as a LNS. Note that the number of L2TP tunnels is for the entire PortMaster 4, while the number of L2TP sessions is for each board. Multiple sessions can be sent through a single tunnel. See the section titled "Configuring L2TP" for L2TP configuration information. Back To TOP Named IP Address Pools The IP pool table allows for multiple dynamically assigned address pools within the PortMaster. Each entry in the IP pool table contains a name, a starting base IP address with a subnet mask, and a crossbar IP address. A RADIUS access-accept packet can indicate to the PortMaster which IP pool to assign a user's address from. See the section titled "Configuring Named IP Address Pools" for configuration information. Back To TOP Crossbar IP Crossbar IP is a per-interface-directed gateway. Instead of comparing the IP packet's destination address to the routing table for traffic coming in on an interface, the PortMaster 4 instead looks up the configured crossbar IP address in the routing table and sends the packet to that next hop. The crossbar IP address affects the packet's routing to the next hop only. The crossbar IP address can come from a user profile or from the IP pool table. When both are used, the crossbar IP setting in the user profile takes precedence over the gateway in the IP pool table. Crossbar IP can also be configured on Ethernet ports, network hardwired ports, dial-out locations, the local user table, and in RADIUS. See the section titled "Configuring Crossbar IP" for configuration information. Back To TOP Local IP Interface The PortMaster 4 now supports up to four internal routable IP addresses. When a local IP address is configured, it becomes the PortMaster 4's global address used by all network handles such as RADIUS, the Domain Name System (DNS), the Simple Network Management Protocol (SNMP), an IMT, and BOOTP. These IP addresses are host-based, with no configuration options other than the address itself. The "ifconfig" command displays the logical interface(s) when local IP addresses are configured. The interface names are local1, local2, local3, and local4. Use the following command to globally assign to the PortMaster 4 IP addresses that are not limited by network interface: set local-ip-address [1|2|3|4] Ipaddress 1|2|3|4 Up to four local IP addresses can be set on the PortMaster. The default is 1. Ipaddress IP address or hostname of up to 39 characters used by the PortMaster to identify itself. Set the IP address to 0.0.0.0 to clear the setting. The local IP address feature has two main purposes. First, the PortMaster can advertise its local IP addresses as host routes through configured routing protocols. In this way, PortMaster services can be referred to a particular IP address and are not dependent on any one network interface. The second use for local IP addresses is to determine how the PortMaster identifies itself. IPCP Negotiation: During PPP negotiations for the IP Control Protocol (IPCP), the PortMaster 4 identifies itself with an address chosen in the following order: The local IP address configured in the user profile, if set. The global reported IP address, if set. The first global local IP address, if set. The second global local IP address, if set. The third global local IP address, if set. The fourth global local IP address, if set. The IP address of Ether1, if set. The IP address of Ether0. Main IP Address: When the PortMaster creates an IP packet, it must identify itself by placing a source address in the IP header. To do so, the PortMaster chooses either the main IP address or the nearest IP address, depending on the service used. The main IP address is chosen in the following order: The first global local IP address, if set. The second global local IP address, if set. The third global local IP address, if set. The fourth global local IP address, if set. The IP address of Ether1, if set. The IP address of Ether0. The following services use the main IP address: * syslog * traceroute * telnet * DNS * RADIUS authentication and accounting * ChoiceNet(R) * Communicating with Signaling System 7 (SS7) for Intermachine Trunk (IMT) The nearest IP address is the IP address of the interface on which the packet exits the PortMaster. The following services use the nearest IP address: * ping * OSPF * RIP * rlogin * L2TP The global local IP address settings can be displayed with the "show global" and "show routes" commands. Examples: Command> set local-ip-address 10.112.34.17 Local IP Address (1) changed from 0.0.0.0 to 10.112.34.17 Command> set local-ip-address 2 192.168.54.6 Local IP Address (2) changed from 0.0.0.0 to 192.168.54.6 Back To TOP NAS Port Details The value reported by the PortMaster 4 for NAS-Port in RADIUS accounting-request packets has been enhanced to encode the PortMaster 4 slot number (0-9), line number (0-31, although only 0-3 are used now), and channel number (0-31). The NAS-Port Number Format in network byte order is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Channel | Line | Slot | All zero | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ So channel 4 of line 1 in slot 2 is, for example, NAS-Port = 2084 (4 + 1 * 32 + 2 * 1024). Back To TOP Multilink Accounting Session ID The PortMaster 4 now sends the Acct-Multi-Session-Id in RADIUS accounting-request packets using attribute 50 as described in RFC 2139. The Acct-Multi-Session-Id associates all the sessions comprising a multilink connection. The PortMaster uses the Acct-Session-Id of the first connection as the Acct-Multi-Session-Id for all connections in the multilink session. To account for all the sessions that make up a multilink connection, add the following line to your RADIUS dictionary file, and then stop and restart your RADIUS server: ATTRIBUTE Acct-Multi-Session-Id 50 string Back To TOP Unique Accounting Session ID The Acct-Session-Id that the PortMaster 4 sends in a RADIUS Accounting-Request packet now includes the slot number of the board where the session is running. The first 2 hexadecimal digits are incremented on each reboot. The next hexadecimal digit is the number of the slot the board is in, and the final 5 hexadecimal digits are incremented for each user login on that board. CAUTION! Because the encoding of the Acct-Session-Id is subject to change in future releases, RADIUS server implementers must minimize dependence on the format of the Acct-Session-Id and treat it only as a string to be used when matching accounting start and stop records. In particular, Lucent strongly discourages the practice of converting the 8 hexadecimal digits into a 32-bit integer because the length of the string is likely to increase in a future release. Back To TOP IPX Support Novell's Internetwork Packet Exchange (IPX) protocol was not supported on the PortMaster 4 in ComOS 4.0 and ComOS 4.0.3, but is now supported in ComOS 4.1. Back To TOP Modem Enhancements Modem performance under high loads is improved through enhancements to the modem driver software. Back To TOP Call-Check on MFR2 Call-check is now supported with multifrequency robbed bit (MFR2) signaling. Refer to the "PortMaster 4 Configuration Guide" for complete line configuration details. Back To TOP MFR2 for Saudi Arabia MFR2 profile 0 is now supported in Saudi Arabia. Refer to the "PortMaster 4 Configuration Guide" for complete line configuration details. Profile 0 is the ITU-T standard. ITU Reference: - Q.422 Standard R2 signaling - Q.441 & Q.442 Multifrequency (MFR2) signaling Back To TOP IGMP Proxy The PortMaster 4 supports Internet Management Group Protocol version 2 (IGMP) multicast proxy as described in RFC 2236. The PortMaster 4 looks like a multicast router to clients and like a multicast host to routers. To enable multicast IGMP, configure either Ether0 or Ether1 to have multicast proxy enabled. The single-interface Ethernet board and dual-interface Ethernet module do not support multicast proxy in this release. The following command starts the Ethernet interface listening for IGMP traffic. It also sends out an IGMP member report for the ALL_SYSTEM group. set Ether0 mproxy on Users enable multicast by setting the RADIUS vendor-specific attribute LE-Multicast-Client to 1. Add the following two lines to your RADIUS server dictionary file. They are already included in RADIUS 2.1. ATTRIBUTE LE-Multicast-Client 23 integer Livingston VALUE LE-Multicast-Client On 1 When the PortMaster 4 creates the interface for this user, the PortMaster 4 turns multicast on for that interface, and sends an IGMP member report for the ALL_SYSTEM group. When the user joins a group, the rest is handled by the IGMP protocol. The "show igmp" command displays current dynamic multicast groups, including local and dial-in client group members. This is a dynamic group table only. Static groups cannot be added. Command 1> show igmp Multicast Source: ether1 Group: 224.0.0.1 ether1 Group: 224.0.0.99 ether1 IGMP Multicast Heartbeat: You can monitor IGMP multicast traffic from a heartbeat group of multicast routers. To do so, you set time slots during which a multicast-enabled host must receive multicast traffic for the heartbeat group. You can establish five time slots of 120 seconds each, for example, and set the minimum number of time slots that must receive traffic to three. The PortMaster 4 then keeps track of multicast messages from the heartbeat group by checking five time slots every 120 seconds. If the number of time slots receiving a heartbeat is less than three out of five, the PortMaster 4 sends an SNMP trap to indicate a problem with multicast traffic. Example: set ether1 mproxy addr 224.0.0.99 # Multicast heartbeat group. set ether1 mproxy port 2000 # Port number to listen. set ether1 mproxy src-add 192.168.20.1 # Source of heartbeat. set ether1 mproxy src-netmask 255.255.255.255 # Netmask for source. set ether1 mproxy slot 120 # Length of each time # slot (0 to 120). set ether1 mproxy num 5 # Number of time slots # (1 to 6). set ether1 mproxy timeout 360 # Timeout for IGMP clients # (60 to 600 seconds). set ether1 mproxy alarm 3 # Minimum number of slots # to receive heartbeat # (1 to 6). Example: Command> show alarms Alarm Id Age Severity Alarm Message -------- ------ --------- ------------------------------------------ 6263196* 16:10 0 No Multicast Heart beat 224.0.0.99 Back To TOP Temperature Threshold Setting The following command sets the temperature (in degrees Celsius) above which the system manager module starts to turn off boards. The "show global" command displays the current temperature threshold setting in degrees Celsius and degrees Fahrenheit. set shutdown Temperature Temperature A temperature in degrees Celsius. Example: Command> set shutdown 60 Setting Shutdown Temperature to 60C Command> show global Shutdown Temp: 60C / 140F Back To TOP "show bootlog" Command Reboots and stack traces on the system manager module and line boards are now saved to a boot log file. ComOS reserves an area in memory for storing stack traces and the last process ID. When a board reboots, ComOS checks for information in the reserved area and sends it to the console and the boot log. If power to the board is lost, memory is reset and the information in the reserved area is not logged. The boot log is stored in the nonvolatile RAM file system in a file named "bootlog", a circular buffer up to 64KB in length. You can display the boot log with the "show bootlog" command. Each entry in the boot log contains the following information: Time stamp Time elapsed since the board was last rebooted. Slot Slot in which the reboot occurred. Description Indicates if the unit is turned on, was soft booted, or crashed. - For soft boots and crashes, the last process to run before the crash is identified. - For crashes, the stack trace is displayed. Version For crashes, the version number of the running ComOS is displayed. The boot log can be erased with the "erase file bootlog" command. If a board crashes, provide the stack trace to Lucent for analysis. Example: Command> show bootlog [000:00:00:00:25] Slot4 - Soft Boot - Last Process 0x138bc0 [000:00:00:00:25] Slot4 - Crash Boot @ 32:54 pm4OS: 4.1 Crash type 3 - Last Proc 0x134a04 - IP 0x1d8e0c Regs: 0000000A 00000002 00000028 0023E160 00318B94 00000018 00000020 00318B80 1d937f (1d0008 293 51 18 20 0 0 0) 1d8e0c (18 318c44 0 0 0 0 0 0) 1d821e (18 51 3bad18 e 0 0 e 0) 136b6f (3bad18 0 0 318c44 0 0 0 0) 1372c6 (0 318d54 0 318d84 1c3868 0 18 0) 13423e (0 5 0 381930 0 246 0 0) 1349da (3bcaf0 50 0 0 0 0 0 0) 134a01 (3216cc 18599 0 0 0 0 0 0) 134ad0 (0 40 ffff240 1 318dd8 8b4e 8b4c 70b7) 1dba8c (1f4 137b27 0 0 0 0 0 0) Back To TOP "set Line0 off" Command The following command allows the administrator to "busy out" a T1 or E1 line by turning off the transmitter. The result is a yellow alarm, which causes the switch to advance to the next line in the hunt group if configured. The "show Line0" command shows the status of a disabled port as ADMIN. The "show isdn" command never shows a disabled line as ACTIVE. The result of "set Line0 off" is not saved by "save all." set Line0 on | off Line0 line0, line1, line2, or line3. on Enables the transmitter on the specified line. off Disables the transmitter on the specified line. Back To TOP "show isdn" and "reset D0" Commands The following command displays the current status of the D channels and their associated B channels on a Quad T1 or Tri E1 board. Set the view to the slot containing the board. show isdn Example: Command> set view 0 View changed from 4 to 0 Command 0> show isdn D Ports State L1 L2 Change init Up Down -- ------- ------------- ------- ----- ----- ----- 0 S0-S22 UP Active 2 3 3 0 1 S24-S46 UP Active 0 2 2 0 2 S48-S70 UP Active 0 2 2 0 3 S72-S94 UP Active 0 2 2 0 The following command resets individual D channels for troubleshooting purposes. Set the view to the slot containing the Quad T1 or Tri E1 board. reset D0 D0 D channel d0, d1, d2 or d3. Example: Command> set view 0 View changed from 4 to 0 Command 0> reset d0 Send reset (9) Board ISDN channel D0 RESET Back To TOP "set M0 off" Command The following command disables and enables modems for troubleshooting and maintenance. This command did not exist in ComOS 4.0 and ComOS 4.0.3 for the PortMaster 4. set M0 on | off M0 A modem from m0 to m95. Example: Command> set m0 off Modem M0 changed from on to off Command> show modems Mdm Port Status Speed Compression Protocol Calls Retrain Disconnect --- ---- ------ ----- ----------- -------- ------ ------- ------------ M0 ADMIN UNKNWN NONE NONE 0 0 NORMAL M1 READY UNKNWN NONE NONE 0 0 NORMAL M0 now displays "ADMIN" under the "Status" column. Command> set m0 on Modem M0 changed from off to on Back To TOP New Board Identifiers The "show slots" and "show boards" commands show new board identifiers for the single-interface Ethernet board and dual-interface Ethernet module. Back To TOP Enhanced "show" Commands The "show sessions", "show all", and "show modems" commands have been enhanced to search on a specified string. If entered from the manager view (4), these commands show, by board, any output that matches the specified string. If the command is entered from a particular slot view, only output for the board in that slot is shown. show sessions [ String ] show all [ String ] show modems [ String ] Back To TOP "set chassis-type" Command The following command determines how PMVision(TM) displays the chassis it is monitoring: as a PortMaster 4 or as another slot-based remote access concentrator (RAC) running ComOS 4.1: set chassis-type pm4 | msm pm4 PortMaster 4 chassis. msm 7R/E(TM) Packet Driver remote access concentrator---also known as a 5ESS(R) Switch MultiService Module (MSM) RAC. The "show global" command displays the chassis type only when it is set to "msm", because "pm4" is the default. Back To TOP New SNMP Trap Information The PortMaster now sends an SNMP "coldstart" trap if the system manager module reboots. Example: Command> show alarms Alarm Id Age Severity Alarm Message -------- ------ --------- ------------------------------------------ 3657108 40 99 ColdStart Host: 192.168.9.214 Back To TOP Enhanced PMVision Support Additional support has been added to ComOS 4.1 to allow PMVision to monitor and configure PortMaster 4 features. See the PMVision release notes for details. Back To TOP Configuring NFAS Non-facility associated signaling (NFAS) is a service offered by telephone companies that permits a single D channel to provide the signaling for a group of T1 ISDN PRIs. This service allows the channel that is normally used for signaling on the remaining PRIs to be used as a B channel. Because combining the signaling onto a single D channel increases the consequences if communication with that channel fails, some telephone companies use the D channel backup (DCBU) system. DCBU requires two D channels per NFAS group, one as a primary and one as a secondary. Upon failure of the primary channel, the secondary channel switches roles and takes the signaling responsibility for the group. When the failed primary channel returns to service, it becomes a backup for the secondary. The Lucent ComOS implementation of NFAS supports both standard NFAS and NFAS with DCBU on T1 lines across up to 20 PRIs. Configuration You must set the view to enter the NFAS configuration into the Quad T1 board. To configure a line for NFAS operation, use the following command: set Line0 nfas primary | secondary | slave | disabled Identifier Group Line0 line0, line1, line2, or line3. primary This PRI contains the primary D channel. secondary This PRI contains the secondary D channel. slave This PRI contains no D channel. disabled Clears this PRI's NFAS configuration. Identifier Number between 0 and 19 that is unique among all PRIs in the same NFAS group. Group Number between 1 and 99 identifying which NFAS group this PRI belongs to. The following example is for a single PortMaster 4 with two NFAS groups, one with DCBU and one without. Each group contains two Quad T1 boards. Use the following commands to configure the PortMaster 4: NFAS bundle #1 (with DCBU) Slot0 (Line0 contains the primary D channel. Line1, line 2, and line3 are slave lines.): set view 0 set line0 nfas primary 0 1 set line1 nfas slave 1 1 set line2 nfas slave 2 1 set line3 nfas slave 3 1 save all reset slot0 Slot1 (Line0 is a slave line, and line1 contains the secondary D channel.): set view 1 set line0 nfas slave 4 1 set line1 nfas secondary 5 1 save all reset slot1 NFAS bundle #2 (without DCBU) Slot3 (Line0 contains the primary D channel, and line1 is a slave line.): set view 3 set line0 nfas primary 0 2 set line1 nfas slave 1 2 save all reset slot3 Slot6 (Line0 and line1 are slave lines.): set view 6 set line0 nfas slave 2 2 set line1 nfas slave 3 2 save all reset slot6 See the "PortMaster 4 Configuration Guide" and the "PortMaster 4 Command Line Reference" for more information about NFAS configuration. Displaying NFAS Information The following command displays statistics and information specific to NFAS operation. Set the view to the appropriate slot before using this command. show nfas The "show nfas" command displays Quad T1 boards in the same NFAS group as this slot and shows in-service D channel information and slave status. Displaying NFAS Debugging Information A new debug command has been added to aid in diagnosing problems that might occur in testing. You must set the view to a Quad T1 board to use this command. set debug nfas on | off This command enables or disables the logging of NFAS events to the console. Remember to use "set console" before using this command. Back To TOP Configuring RIP-2 ComOS 4.1 adds support for RIP version 2 (RIP-2). RIP-2 adds netmasks, next-hop information, and authentication to RIP. While OSPF is often a better choice of routing protocol, some environments prefer RIP-2. RIP-2 Command Summary The command split across three lines must be entered on one line. It is split here for legibility. set rip-password Password set Ether0 | C0 | S0 | W1 | user Username | location Locname rip broadcast | listen | on | off | v2 broadcast | v2 listen | v2 on | v2 v1-compatability set Ether0 | C0 | S0 | W1 rip cost Cost set user Username rip cost Cost set location Locname rip cost Cost set default broadcast | listen | on | off set debug rip on | off set debug rip-detail on | off Password A string 0 to 16 characters in length. Ether0 ether0, ether1 or other Ethernet interface. C0 c0 or c1. S0 s0, s1, or another serial port. W1 w1 or another synchronous serial port. Username A user in the user table. Locname A location in the location table. Cost A cost from 0 to 16. See the "PortMaster 4 Command Line Reference" for detailed command descriptions. RIP-2 Authentication The following command sets up simple password authentication in each RIP-2 packet: set rip-password Password | none Password String of up to 16 characters. The first character cannot be a question mark (?). If quotation marks (" ") are used around the password, they are dropped. none Removes the RIP-2 password. This is the default. RIP authentication is used to administer an autonomous system using RIP-2. The password is sent in the packet as clear text, so no security is provided. The purpose of the authentication is to prevent any RIP packets from being accepted unless the router they come from has been explicitly configured to be part of the routing protocol. This feature can help the administrator protect against misconfiguration, but not intruders. This feature adds an additional 20 bytes of overhead for every 24 routes sent by RIP-2, because the authentication occupies the first route slot in every RIP-2 packet sent. The RIP-2 password takes effect as soon as it is set. If authentication is configured, any RIP version 1 (RIP-1) packet and any RIP-2 packet without a matching password are dropped on receipt. Example: Command> set rip-password test RIP Password Updated Propagating Default Route Information Use the following command to set the way default route information is propagated with RIP and OSPF: set default broadcast | listen | on | off broadcast Advertise default route information through OSPF or RIP. listen Listen for default route information being received through OSPF or RIP. on The same as broadcast and listen. off Do not send or listen to default route information. Example: Command> set default on Default routing changed from on (broadcast,listen) to on (broadcast,listen) RIP Interface Settings You must configure RIP on an interface-by-interface basis. The following command gives the syntax for configuring RIP on various interface types. Enter the command on a single line, although it is split across several lines here for legibility. NOTE: Changed RIP settings take effect the next time the interface comes up. set Ether0 | C0 | S0 | W1 | user Username | location Locname rip broadcast | listen | on | off | v2 broadcast | v2 multicast | v2 listen | v2 on | v2 v1-compatability Ether0 ether0, ether1 or other Ethernet interface. C0 c0 or c1. S0 s0, s1, or another serial port. W0 w1 or another synchronous serial port. Username A user in the user table. Locname A location in the location table. rip Enables or disables RIP-1 or RIP-2 on the interface. Use "rip" with one of the following options. broadcast RIP-1 packets are sent to the interface's broadcast address every 30 seconds, and any RIP packets received are ignored. listen RIP packets received on the interface are interpreted as RIP-1 updates. Any subnet mask or next-hop information is ignored. off Turns RIP routing off on the interface. This is the default for all interfaces. on Sets the interface to send RIP broadcasts and receive RIP-1 updates. v2 broadcast Enables RIP-2 on the interface and sends RIP-2 updates using the interface's broadcast address every 30 seconds. Any RIP packets received on the interface are ignored. v2 multicast Enables RIP-2 on the interface and sends RIP-2 updates every 30 seconds using the multicast broadcast address 244.0.0.9. The PortMaster 4 does not use IGMP to send RIP-2 packets because the updates are sent from router to router. Received RIP packets are ignored. v2 listen Enables RIP-2 on the interface. No RIP updates are sent, but RIP updates are listened for via the interface's broadcast address. v2 on Enables RIP-2 on the interface. RIP-2 updates are sent every 30 seconds via multicast, and RIP updates are listened for on the multicast address, or on the interface's broadcast address. v2 v1-compatability This compatibility switch enables RIP-2 on the interface and sends RIP-2 updates on the broadcast address of the interface every 30 seconds. RIP updates are listened for coming from the broadcast address. Setting RIP Cost per Interface: set Ether0 | C0 | S0 | W1 | user User | location Locname rip cost Cost Cost A decimal value between 0 and 16 that is added to the metric of RIP routes sent over the interface. Example: Command> set ether1 rip cost 10 Routing for ether1 changed to RIP On (Broadcast, Listen) Cost 10 Back To TOP Configuring SS7 IMT ComOS 4.1 on the PortMaster 4 can communicate with a Signaling System 7 (SS7) signaling gateway through Q.931+ protocol to receive calls over an intermachine trunk (IMT). set imt-parms Ipaddress Tport1 Tport2 [ default | 1a ] set Line0 imt set Line0 signaling rbs | norbs show imt Configuring IMT Settings The following command sets the SS7 signaling gateway address, the listening port on the SS7 gateway, the PortMaster 4 base port, and the switch type. These settings support an IMT that uses out-of-band signaling to control the channels on a trunk. set imt-parms Ipaddress Tport1 Tport2 [1a | default] Ipaddress The SS7 gateway IP address in dotted decimal notation. This address is provided by the SS7 gateway administrator. Tport1 The TCP port in the SS7 gateway that listens for SS7 clients. This socket is provided by the SS7 gateway administrator. Tport2 The local TCP port on slot 0 of the PortMaster 4, used to communicate with the SS7 gateway. Use the same local port value for all slots on any single PortMaster 4. Each Quad T1 or Tri E1 board derives its actual local port number by adding its slot number to this Tport2 value. 1a Sets the switch type to 1A ESS. This setting enables the PortMaster 4 to interpret the loopback command from the SS7 gateway as a 1A continuity check request. default Supports all other switch types. If no keyword is specified, this is the default. NOTE: If you set the switch type to 1a, you must also set robbed bit signaling (RBS) on the lines attached to the switch. Use the "set Line0 signaling rbs" command. The PortMaster 4 supports only one SS7 gateway at this time. The PortMaster 4 supports 96 modems per Quad T1 board when used with an IMT. Because modem pools are managed on a slot-by-slot basis, each slot on the PortMaster 4 connected to an SS7 gateway is an independent SS7 client and establishes an independent session with the SS7 gateway. To configure a line for IMT out-of-band signaling, you must first select a Quad T1 board with the "set view" command. Then configure the lines of the Quad T1 board using the "set Line0 imt" command. To save the SS7 settings and activate them, use the "save all" and "reset slot" commands. Example: Command> set view 0 View changed from 4 to 0 Command> set imt-parms 192.168.100.10 10000 7000 Changed gateway IP address from 192.168.100.10 to 192.168.100.10 Changed gateway port from 0 to 10000 Changed local port from 0 to 7000 If you configure any other slots on this PortMaster to use IMT, they must also use port 7000 as the local port. Configuring a Line for IMT The following command sets the line connected to an IMT to use the out-of-band IMT signaling provided by the SS7 gateway. This command requires that you configure the slot being used for this line with the "set imt-parms" command. set Line0 imt Line0 line0, line1, line2, or line3. Example: Command> set view 0 View changed from 4 to 0 Command 0> set line1 imt line1 changed to imt Configuring IMT Signaling Recognition The following command enables and disables recognition by the PortMaster 4 of robbed bit signaling on a line: set Line0 signaling rbs | norbs Line0 line0, line1, line2, or line3. rbs Sets the PortMaster 4 to recognize the IMT as a line with twenty-four 56Kbps channels using robbed bit signaling. This setting is used for 1A IMT lines only. norbs Sets the PortMaster 4 for all other switch types, and is the default. If the switch type is 1a, you must configure the line for robbed-bit signaling using the "set Line0 signaling rbs" command. To save and activate the new settings, you must use "save all", and reset every slot affected. Example: Command> set view 0 View changed from 4 to 0 Command 0> set line0 signaling rbs line0 signaling changed to rbs Displaying IMT Information The "show imt" command displays settings for a slot configured for IMT signaling. You must select a slot using the "set view" command before using this command. Example: Command> set view 0 View changed from 4 to 0 Command 0> show imt Gateway IP address: 192.168.100.10, gateway port: 10000, local port: 7000 Switch type: Default Back To TOP Configuring L2TP ComOS 4.1 supports Layer 2 Tunneling Protocol (L2TP) on the PortMaster 4. The entire PortMaster 4 or individual Quad T1 or Tri E1 boards can function as an L2TP access concentrator (LAC) or an L2TP network server (LNS). The implementation of L2TP in ComOS 4.1 is based on the latest IETF L2TP draft (revision 12 and 13 as of this writing). For specific details of operation and protocol implementation of L2TP, refer to the IETF Internet-Drafts. NOTE: To configure L2TP, you must be running RADIUS 2.1, or PortAuthority, or an equivalent RADIUS server that supports call-checking. A PortMaster 4 can support up to 100 tunnels. A Quad T1 board supports up to 64 L2TP sessions when configured as an LNS. Note that the number of L2TP tunnels is for the entire PortMaster 4, while the number of L2TP sessions is for each board. Multiple sessions can be sent through a single tunnel. L2TP allows PPP frames to be tunneled from one PortMaster that answers an incoming call (LAC) to another PortMaster that processes the PPP frames (LNS): End user--->incoming call--->LAC--->LNS--->network access Description and Applications The Layer 2 Tunneling Protocol (L2TP) provides tunneling of PPP connections, allowing for the separation of the functionality normally provided by a single network access server (NAS) into two parts: * The L2TP access concentrator (LAC) provides the "physical" connection point between the telephone network (and therefore the dial-in user) and the host network. * The L2TP network server (LNS) terminates the PPP sessions and handles the "server-side" of the connection, such as authentication of the user, routing network traffic to and from the PPP user, and so forth. The LNS does not have any actual physical ports, only virtual interfaces. An outsourcer can use L2TP to provide dial-up ports to customers using a central and "shared" common physical dial-up pool. The pool resides in a shared access server (the LAC). The outsourcer's customers maintain a home gateway (the LNS) and some type of IP connectivity to the outsourcer. L2TP provides virtual dial-up ports to the outsourcer's customers. This configuration is sometimes referred to as a virtual private dial-up network (VPDN). The service is transparent to the customer, because users still terminate PPP sessions on the customer network via the LNS. RADIUS authentication, accounting, and IP address assignment are all done by the customer. The LAC does no PPP processing unless it is using partial authentication for determining the tunnel end point. It only accepts the call and establishes a tunnel to the LNS for that PPP session. The tunnel can be established based upon Called-Station-Id or User-Name (where partial authentication occurs on the LAC before tunnel establishment). For example, if you use Called-Station-Id (and Call-Check) with L2TP, the session follows these steps: First, the end user places a call. The LAC detects the incoming call. Using call-check, the LAC sends an access-request to a RADIUS server containing the Called-Station-Id and Calling-Station-Id before answering the call. If the RADIUS server accepts the user, an access-accept message is returned to the LAC along with information on how to create the L2TP tunnel for this session: the type of tunnel, IP address of the LNS, and so on. The LAC then creates a tunnel to the LNS by encapsulating the PPP frames into IP packets and forwarding those packets to the LNS. The LNS negotiates PPP normally with the end user. RADIUS Dictionary Updates for L2TP Add the following lines to your RADIUS dictionary. They are already included in RADIUS 2.1. VALUE Service-Type Call-Check 10 VALUE NAS-Port-Type Virtual 5 ATTRIBUTE Tunnel-Type 64 integer ATTRIBUTE Tunnel-Medium-Type 65 integer ATTRIBUTE Tunnel-Server-Endpoint 67 string ATTRIBUTE Tunnel-Password 69 string VALUE Tunnel-Type L2TP 3 VALUE Tunnel-Medium-Type IP 1 The RADIUS server must be stopped and restarted to read the new dictionary. RADIUS User Profiles for L2TP The user profiles for the LNS are the same as for your users who do not use L2TP. For the LAC, some new user profiles are required. Exactly which ones are dependent on whether you are using Call-Check or partial username-based tunneling on the LAC. The following profiles can be used on the RADIUS server serving the LAC for each scenario: # Uses Called-Station-Id with Call-Check to route callers that dial # 555-1313 to the LNS "172.16.1.221". # Note that the LNS address must be enclosed in double quotes because # it is sent as a string, not as a 32-bit integer. DEFAULT Called-Station-Id = "5551313", Service-Type = Call-Check Service-Type = Framed-User, Framed-Protocol = PPP, Tunnel-Type = L2TP, Tunnel-Medium-Type = IP, Tunnel-Server-Endpoint = "172.16.1.221" # Same as the previous profile, but uses a shared secret to authenticate # the session to the LNS. DEFAULT Called-Station-Id = "5551313", Service-Type = Call-Check Service-Type = Framed-User, Framed-Protocol = PPP, Tunnel-Type = L2TP, Tunnel-Medium-Type = IP, Tunnel-Password = "mrsparkle", Tunnel-Server-Endpoint = "172.16.1.221" In both these user profiles, the first line contains the RADIUS check item, with the Called-Station-ID being used to match the entry before the call is answered. The L2TP tunnel parameters from the matching entry are then sent in the RADIUS access-accept message. The Tunnel-Type specifies the tunneling protocol to be used. The Tunnel-Medium-Type specifies the transport medium over which the tunnel is created, IP for now. Tunnel-Server-Endpoint indicates the other end of the tunnel, which is the LNS in the case of L2TP. Note that the LNS address must be enclosed in double quotation marks because it is sent as a string, not as a 32-bit integer. If you are not using Call-Check and are instead providing partial authentication based on User-Name, the following user profile works. The user "bgerald" dials in to the LAC, which initiates a L2TP tunnel on the user's behalf to LNS 172.16.1.55. bgerald Password = "wackamole" Tunnel-Type = L2TP, Tunnel-Medium-Type = IP, Tunnel-Server-Endpoint = "172.16.1.55" L2TP and RADIUS Accounting The LAC and LNS both log user sessions to RADIUS accounting, but different accounting data is available from each. If you are using call-check to establish the tunnel, the LAC's accounting data shows the Calling-Station-Id, but not the user's name because that information has not been passed over the link yet. The LNS accounting data shows both the Calling-Station-Id and the User-Name along with the assigned IP address. If partial authentication (instead of call-check) is taking place on the LAC, then the username might be available to it. In that case, the username shows up in the RADIUS accounting logs for both the LNS and the LAC. In both cases, the LNS shows the NAS-Port-Type as "Virtual", while the LAC shows the NAS-Port-Type set to the actual physical interface's connection type. Redundant Tunnel Server End Points To increase the robustness of L2TP, you can configure a user profile to contain redundant tunnel server end points. If the primary LNS stops working, inbound L2TP tunnels can be redirected to other machines. Up to three redundant tunnel server end points can be specified. Any more than three are ignored by the LAC. The following example shows a RADIUS user profile with multiple redundant tunnel server end points. Each tunnel server end point is preceded by the tunnel medium type for that tunnel. DEFAULT Service-Type = Call-Check, Called-Station-Id = "5551234" Service-Type = Framed-User, Framed-Protocol = PPP, Tunnel-Type = L2TP, Tunnel-Medium-Type = IP, Tunnel-Server-Endpoint = "192.168.11.2", Tunnel-Medium-Type = IP, Tunnel-Server-Endpoint = "192.168.11.17", Tunnel-Medium-Type = IP, Tunnel-Server-Endpoint = "192.168.230.97" This feature provides redundant LNS backup, not load balancing. L2TP Command Summary set l2tp noconfig | disable | enable lac | enable lns set l2tp authenticate-remote on | off set l2tp secret [ Password | none ] set l2tp-lac enable | disable show l2tp global | sessions | stats | tunnels reset l2tp [ stats | tunnel Number ] create l2tp tunnel udp Ipaddress [ Password | none] set l2tp choose-random-tunnel-endpoint on | off set debug l2tp max | packets [Bytes] | rpc | setup | stats Loading L2TP Use the following command to have the PortMaster load the L2TP feature on startup. You must first set the view to the board you are configuring. set l2tp noconfig | disable | enable lac | enable lns noconfig Sets the board to have no configuration for L2TP. A PortMaster 4 board configured for "noconfig" inherits its configuration from the system manager module. A manager module configured for "noconfig" cannot provide L2TP configuration to any line boards. disable Sets L2TP off. On the system manager module, L2TP is turned off for the entire PortMaster 4. On a line board, L2TP configuration is not inherited from the manager module. enable lac On the system manager module, enables the entire PortMaster 4 as a LAC. On a line board, sets the board to be a LAC. enable lns On the system manager module, enables the entire PortMaster 4 as an LNS. On a line board, sets the board to be an LNS. When a Quad T1 board is configured to be an LNS, the line ports are configured for T1 and cannot be used for dial-in. The virtual S0 ports follow the W1 ports. Example: Command> set view 0 View changed from 4 to 0 Command 0> set l2tp enable lns L2TP LNS will be enabled after next reboot After using the "set l2tp" command, you must use the "save all" command to save the configuration and the "reboot" or "reset slot" command for the L2TP module to load. You reset the slot for a line board and reboot the PortMaster 4 if the command is set on the manager board. On a PortMaster 4 you can configure the global setting on the manager board to be either LAC or LNS. This global setting is used by each slot that is not configured individually. So if the manager board is configured as an LNS and slot 0 has no setting, then slot 0 is an LNS. If the manager board is configured as an LNS and slot 0 is configured as a LAC, then slot0 is a LAC. Local slot configuration of LAC or LNS overrides the global setting for that slot. If a slot is configured with "set l2tp disable", then that slot does not inherit its configuration from the manager board. Configuring L2TP to Initiate Authentication The following command configures L2TP to initiate tunnel authentication: set l2tp authenticate-remote on | off on The PortMaster initiates authentication with the other end point of the tunnel before a tunnel is established. off The PortMaster does not initiate authentication. This command determines only whether the PortMaster initiates the authentication. It does not determine how the PortMaster responds to an authentication request. The "set l2tp authenticate-remote" command functions the same on both a LAC and an LNS. Configuring an L2TP Secret The "set l2tp secret" global command configures the L2TP password that the PortMaster uses to respond to all L2TP tunnel authentication requests. set l2tp secret Password | none Password 0-to-15-character string used as a password for responding the L2TP tunnel authentication requests. none Removes the L2TP secret. This is the default. The "set l2tp secret" command sets the L2TP secret for the entire PortMaster. If a PortMaster configured as a LAC receives a tunnel authentication request, it uses the Tunnel-Password from the RADIUS access-accept packet, if present, instead of the global L2TP secret. Displaying L2TP Information The following command shows information on how L2TP is functioning: show l2tp global | sessions | stats | tunnels The formats shown here are subject to change for the general availability release of ComOS 4.1. Examples: Command> show l2tp global debug packets debug stats debug setup Tunnel Authentication Enabled Initiation of Authentication Remote Tunnel Disabled Default Board Configuration Command> show l2tp sessions Id Assign-Id Tunnel-Id Portname 2305 1 1 S0 Command> show l2tp stats NEW_SESSION 1 NEW_TUNNEL 4 TUNNEL_CLOSED 3 HANDLE_CLOSED 3 L2TP_STATS_MEDIUM_HANDLE 3 INTERNAL_ERROR 14 CTL_SEND 9 CTL_REXMIT 1 CTL_RCV 10 MSG_CHANGE_STATE 4 WRONG_AVP_VALUE 3 EVENT_CHANGE_STATE 3 Command> show l2tp tunnels Id Assign-Id Hnd State Server-Endpoint Client-Endpoint 1 1 24 L2T_ESTABLISHE 192.168.6.13 192.168.10.28 Resetting L2TP Use the "reset l2tp" command to reset an L2TP tunnel or the L2TP statistic counters. reset l2tp [ stats | tunnel Number ] stats Resets the L2TP counters displayed by "show l2tp stat" to zero. tunnel Number Destroys the specified tunnel. Number is an integer between 1 and 100 that identifies the tunnel. The "show l2tp tunnels" command displays a list of active tunnel IDs. CAUTION! Entering "reset l2tp tunnel" without a tunnel ID destroys ALL L2TP tunnels created on this PortMaster 4. Creating an L2TP Tunnel Manually The following command manually brings up a L2TP tunnel for testing and troubleshooting: create l2tp tunnel udp Ipaddress [ Password | none ] Ipaddress IP address of the L2TP tunnel end point. Password Password to use when responding to a tunnel authentication request from the peer. If none is specified, the global L2TP secret is used if configured. Example: Command> create l2tp tunnel udp 149.198.110.19 OK Selecting a Tunnel End Point The following command determines in what order to choose an end point when multiple tunnel end points are returned in a RADIUS access-accept packet. set l2tp choose-random-tunnel-endpoint on | off on Causes the tunnel end point to be chosen randomly from the list of tunnel end points returned by RADIUS. off Selects the first tunnel end point that can be reached. Normally, when L2TP is configured with multiple tunnel end points the end points are chosen serially, always beginning with the first. If a tunnel cannot be established with the first, then the second is tried, and then the third. When this feature is on, a random tunnel end point is selected from those returned in the RADIUS access-accept packet. Debugging L2TP The following command is used to troubleshoot L2TP problems: set debug l2tp max | packets Size | rpc | setup | stats on | off max Provides the same debugging as rpc, setup, and stats, combined. packets [Bytes] Shows a representation of the L2TP packets, similar to the "ptrace dump" command. Bytes is an optional integer between 0 and 1500 that specifies the number of bytes to display. rpc Shows L2TP remote procedure call communications between the system manager module and the line boards. setup Shows L2TP control messages and errors. stats Displays L2TP session statistics in detail. When you are using debug commands on the PortMaster 4, the debug output matches the current view. If your view is set to the manager module, you see debug output for the entire PortMaster. If the view is set to one Quad T1 board, for example, you see debug information for just that board. Back To TOP Configuring Named IP Address Pools The IP pool table allows for multiple dynamically assigned address pools within the PortMaster. Each entry in the IP pool table contains a name, a starting base IP address with a subnet mask, and a crossbar IP address. This feature also introduces a new vendor-specific RADIUS attribute, which takes a string that corresponds to a name in the IP pool table. A user profile can be configured for IP pool only through RADIUS. The local user table on the PortMaster does not support IP pools. If the RADIUS access-accept packet indicates that the user receives a dynamically assigned address and also includes the vendor-specific LE-IP-Pool attribute, the PortMaster assigns an address for the user from the specified IP pool. If no LE-IP-Pool is specified, the PortMaster checks for a named IP pool called "default". If the "default" pool exists, it is used. Otherwise, the PortMaster 4 uses the line board pool settings to get its address, as configured by the "set assigned-address" and "set pool" commands. Assigning and Reclaiming Addresses The PortMaster assigns the address during IPCP negotiation for PPP. Because the PPP negotiation might fail after the address has been assigned from the address pool, the PortMaster waits one minute before verifying that the address is in use. If the address is not in use, it is recycled back into the address pool. When an interface is destroyed, the IP address is reclaimed back into the pool. Duplicate Addresses If a nonmultilink user logs on multiple times and asks for a dynamically assigned address, that user receives a different address each time. The PortMaster never assigns the same address to two users that are running at the same time. The PortMaster checks for duplicate addresses only among the dynamically assigned users. If another interface is using an address from within the address pool, a conflict occurs when the PortMaster assigns that address. RADIUS for Named IP Pools Add the following lines to the RADIUS dictionary to enable the LE-IP-Pool feature. The RADIUS 2.1 dictionary already includes this line. ATTRIBUTE LE-IP-Pool 6 string Livingston The following example shows a RADIUS user profile with the IP pool feature. homers Password = "kwyjibo" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, LE-IP-Pool = "livermore" Command Summary for IP Pools The following commands are used for configuring IP Pools. show table ippool add ippool Poolname set ippool Poolname address-range Ipaddress/Mask [ Gateway ] set ippool Poolname address-range Ipaddress Ipnetmask [ Gateway ] delete ippool Poolname address-range Ipaddress | all reset ippool set ippool Poolname default-gateway Gateway Poolname Name of the IP pool, up to 31 characters in length. Ipaddress The base address of the pool. Mask A subnet mask in bits, between 1 and 30. Ipnetmask A subnet mask expressed in dotted decimal form. Gateway A gateway address for addresses in this range. Displaying IP Pools The following command displays the IP pool table: show table ippool Example: Command> show table ippool Name: livermore Default Gateway: 10.23.45.56 Address/netmask Gateway ------------------ -------------------- 192.168.1.0/29 0.0.0.0 192.168.2.253/30 0.0.0.0 192.168.3.50/25 0.0.0.0 10.4.5.0/24 192.168.222.3 Adding IP Pools The following command adds a named IP pool. There is no preset limit to the number of IP pool entries that can be configured. add ippool Poolname Poolname Name of the IP pool, up to 31 characters in length. Example: Command> add ippool livermore IP pool livermore successfully added Setting Address Ranges Address ranges represent the addresses that are assigned to users. Up to eight ranges can be specified within a single IP pool. The first ranges are preferred over the latter ranges. Each range has a base address and netmask associated with it. The base address is incremented to assign addresses. The number of addresses that are assigned is determined by the netmask. The first and last address in each range are not assigned to avoid possible conflicts with broadcast addresses. After creating an IP pool with the "add ippool" command, set address ranges for the IP pool with the following command. The command can be entered in either format: set ippool Poolname address-range Ipaddress/Mask [ Gateway ] set ippool Poolname address-range Ipaddress Ipnetmask [ Gateway ] Poolname Name of the IP pool. Ipaddress The base address of the pool. Mask A subnet mask in bits, between 1 and 30. Ipnetmask A subnet mask expressed in dotted decimal form. Gateway A gateway address for addresses in this range. Example: Command> set ippool livermore address-range 192.168.1.0/24 Range 192.168.1.0/24 256 with gateway 0.0.0.0 add to livermore OR Command> set ippool livermore address-range 192.168.1.0 255.255.255.0 Range 192.168.1.0/24 256 with gateway 0.0.0.0 add to livermore The "256" in the previous output indicates that 256 addresses are covered by the 24-bit mask. Of these 256 addresses, 254 are available to be assigned. The first and last addresses are not assigned. Each range can optionally be assigned a gateway address (also referred to as a crossbar IP). When a packet comes in from a user assigned a gateway address, the PortMaster forwards the packet to the gateway address instead of checking the forwarding table. If a gateway address is not assigned to a range, addresses in the range use the default gateway of the IP pool. If neither the address range nor the IP pool has a gateway, then the forwarding table is used. Example: Command> set ippool livermore address-range 192.168.1.0/24 10.34.56.78 Range 192.168.1.0/24 256 with gateway 10.34.56.78 add to livermore Deleting IP Pools The following command removes an address range from an IP pool or removes the IP pool entirely: delete ippool Poolname address-range Ipaddress | all Poolname Name of the IP pool. Ipaddress Specifies an address range to remove. all Removes the entire IP pool entry. Examples: Command> delete ippool livermore address-range 192.168.1.0 Range 192.168.1.0 in livermore successfully deleted Command> delete ippool livermore all Pool livermore successfully deleted Resetting IP Pools Use the following command after making any changes to the IP pool settings. Changes do not take effect until you use the "reset ippool" command. reset ippool The "reset ippool" command causes any new changes to take effect and converts the address ranges into routes to be propagated through the routing protocols. NOTE: Even after the "reset ippool" command has been issued, the routing protocols might take a while to replace the old routes with the new changes. Setting the Default Gateway for an IP Pool Use the following command to specify a default gateway for the named IP pool: set ippool Poolname default-gateway Gateway Poolname Name of an IP pool. Gateway Specifies the gateway address (crossbar IP address) for the IP pool. The default gateway functions as a crossbar IP. When a packet comes in from a user assigned an address from this pool, the PortMaster forwards the packet to the gateway address instead of consulting the forwarding table. If a gateway address is not assigned to a range, the range uses the default gateway of the IP pool. See the following section for information about the crossbar IP feature. Back To TOP Configuring Crossbar IP Crossbar IP is a per-user-directed gateway. Instead of comparing the IP packet's destination address to the routing table, the PortMaster 4 instead looks up the configured crossbar IP address in the routing table to determine the packet's next hop. The crossbar IP address affects the packet's routing to the next hop only. The crossbar IP address can come from a user profile or from the IP pool table. When both are used, the crossbar IP setting in the user profile takes precedence over the gateway in the IP pool table. Crossbar IP can also be configured on Ethernet ports, network hardwired ports, dial-out locations, the local user table, and in RADIUS. The vendor-specific RADIUS attribute for crossbar IP is called LE-IP-Gateway: ATTRIBUTE LE-IP-Gateway 7 ipaddr Livingston The following example shows a RADIUS user profile with crossbar IP: kodos Password = "kangroo" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, LE-IP-Gateway = 192.168.72.3 The "ifconfig" command displays the keyword CROSSBAR for any interface where crossbar IP is active. Command Summary for Crossbar IP The following commands are for crossbar IP: set Ether0 crossbar-ip Ipaddress set S0 | W1 crossbar-ip Ipaddress set location Locname crossbar-ip Ipaddress set user User crossbar-ip Ipaddress Setting Crossbar IP on Ethernet The following command configures an Ethernet interface to use the specified IP address instead of the packet destination field to determine the next hop to route the packet to: set Ether0 crossbar-ip Ipaddress Ether0 ether0 or ether1, or other Ethernet interface. Ipaddress A dotted decimal IP address or a hostname of up to 39 characters. An address of 0.0.0.0 removes the crossbar IP. For the crossbar IP setting to take effect on the Ethernet interface, the slot containing the Ethernet board must be reset. Example: Command> set ether1 crossbar-ip 192.168.96.78 Changing crossbar ip address from 0.0.0.0 to 192.168.96.78 Command> reset slot10 Setting Crossbar IP on Dial-out Locations The following command allows dial-out locations and Frame Relay subinterfaces to use the crossbar IP feature: set location Locname crossbar-ip Ipaddress Locname A location name. Ipaddress A dotted decimal IP address or a hostname of up to 39 characters. An address of 0.0.0.0 removes the crossbar IP. The crossbar IP setting takes effect the next time the location is used. Example: Command> set location krabappel crossbar-ip 192.168.96.69 Changing crossbar ip address from 0.0.0.0 to 192.168.96.69 Setting Crossbar IP for Network Users The following command configures a user with the crossbar IP feature: set user Username crossbar-ip Ipaddress Username A user in the local user table. Ipaddress A dotted decimal IP address or a hostname of up to 39 characters. An address of 0.0.0.0 removes the crossbar IP. User profiles can be configured by RADIUS or from the local user table of the PortMaster. The PortMaster always checks the local user table before querying RADIUS. The crossbar IP setting takes effect the next time the user connects. Example: Command> set user skinner crossbar-ip 192.168.1.2 Changing crossbar ip address from 0.0.0.0 to 192.168.1.2 Setting Crossbar IP on Network Hardwired Ports The following command configures a network hardwired port with the crossbar IP feature[. You must first select the slot associated with the port with the "set view" command. set S0 | W1 crossbar-ip Ipaddress S0 | W1 s0, w1, or any other serial port configured as network hardwired. Ipaddress A dotted-decimal IP address or hostname of up to 39 characters. An address of 0.0.0.0 removes the crossbar IP. The crossbar IP setting takes effect the next time the port is reset. Example: Command> set view 2 View changed from 4 to 2 Command 2> set w70 crossbar-ip 192.168.123.4 Changing crossbar ip address from 0.0.0.0 to 192.168.123.4 Back To TOP Limitations * Multichassis PPP (MCPPP) is not supported in this release, but is currently planned for a future release. * The redundant system manager module is not supported in this release, but is currently planned for a future release (ComOS 4.1.1). * The "erase configuration", "erase comos", and "erase partition" commands must not be used. The configuration is now stored in files in subdirectories of the nonvolatile file system, not in partitions. * When using a Quad T1 or Tri E1 line board, you must plug in any lines from the telephone company that use telephone company clocking into the lower-numbered line ports starting with Line0. Lines that do not have telephone company clocking must be plugged into the higher-numbered line ports starting with Line3 and counting down. The line board uses the clock signal of the first line port that comes up, starting with Line0, for its transmit clock signal which is shared among all the line ports. If the frequency of the clock signal is shifted, as it is in the case of clock generated by non-telephone company sources, then analog modems encounter problems and might not answer calls. ISDN and hardwired connections are mostly immune to shifts in clock frequency. * The PortMaster 4 system manager module reboots if an snmpwalk is done at the same time that BGP is loaded. * Ethernet subinterfaces can be configured on Ether0 only. * The modem table is not supported. This limitation affects only users who want to connect external modems to C0 or C1. * You must reboot the PortMaster 4 after deleting an Ethernet subinterface. * Entering "reset l2tp tunnel" without a tunnel ID destroys ALL L2TP tunnels created on a PortMaster 4. * The "show l2tp stats" command works only from the manager view. At this time, you cannot view L2TP status for boards other than the system manager module. * The "show l2tp sessions" command truncates output after about 58 sessions. Use the "show sessions" command to show all sessions including all the L2TP sessions. * The output of the "show ospf neighbor" command on a single-interface Ethernet board or a double-interface Ethernet module truncates the last character of the Ethernet interface. Back To TOP Upgrade Instructions You can upgrade your PortMaster 4 using PMVision 1.6, or pmupgrade 4.3 from PMTools. Alternatively, you can upgrade using the older programs pminstall 3.5.3, PMconsole 3.5.3, or PMconsole for Windows 3.5.1.4, or later releases. You can also upgrade using TFTP with the "tftp get" command from the PortMaster command line interface. See ftp://ftp.livingston.com/pub/le/software/java/pmvision16.txt for installation instructions for PMVision 1.6. *** CAUTION! If the upgrade fails, do NOT reboot! Contact *** Lucent Remote Access Technical Support without rebooting. The upgrade process on the PortMaster 4 erases the configuration area from nonvolatile memory and saves the current configuration into nonvolatile memory. Never interrupt the upgrade process, or loss of configuration information can result. This upgrade does not otherwise affect your stored configuration in the PortMaster 4. The installation software can be retrieved by FTP from ftp://ftp.livingston.com/pub/le/software/, and the upgrade image can be found at ftp://ftp.livingston.com/pub/le/upgrades/: ComOS Upgrade Image Product _________ _____________ _____________________________________ 4.1 pm4_4.1 PortMaster 4 Back To TOP Copyright and Trademarks Copyright 1999 Lucent Technologies. All rights reserved. PortMaster, ComOS, and ChoiceNet are registered trademarks of Lucent Technologies Inc. PMVision, IRX, and PortAuthority are trademarks of Lucent Technologies Inc. PolicyFlow is a service mark of Lucent Technologies Inc. All other marks are the property of their respective owners. Notices Lucent Technologies Inc. makes no representations or warranties with respect to the contents or use of this publication, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Lucent Technologies Inc. reserves the right to revise this publication and to make changes to its content, any time, without obligation to notify any person or entity of such revisions or changes. Contacting Lucent Remote Access Technical Support Lucent Technologies Remote Access Business Unit (previously Livingston Enterprises) provides technical support via voice or electronic mail, or through the World Wide Web at http://www.livingston.com/. Specify that you are running ComOS 4.1 when reporting problems with this release. Internet service providers (ISPs) and other end users in Europe, the Middle East, Africa, India, and Pakistan should contact their authorized Lucent Remote Access sales channel partner for technical support; see http://www.livingston.com/International/EMEA/distributors.html. For North America, the Caribbean and Latin America (CALA), and Asia Pacific customers, technical support is available Monday through Friday from 7 a.m. to 5 p.m. U.S. Pacific Time (GMT -8). Dial 1-800-458-9966 within the United States (including Alaska and Hawaii), Canada, and CALA, or 1-925-737-2100 from elsewhere, for voice support. Otherwise, send email to support@livingston.com (asia-support@livingston.com for Asia Pacific customers).