[Top] [Prev] [Next] [Bottom]
This chapter describes how to configure settings that the PortMaster uses across all its ports and interfaces.
This chapter discusses the following topics:
The system name is the name that identifies the PortMaster for SNMP queries, IPX protocol routing, and CHAP authentication. Enter a name that is valid for your network. The system name can have up to 16 characters, and appears in place of the Command> prompt on PortMaster products that have it set.
To set the system name, use the following command:
The PortMaster is shipped without a password. Press Enter at the password prompt when accessing the PortMaster for the first time. The password is an ASCII printable string of up to 16 characters used to access the PortMaster administration features. Only the administrator can change the password.
To set the password, use the following command:
Using the set password command and pressing Enter resets the password to the default value, which is no password.
The default route gateway is the address of a router of last resort to which packets are sent when the PortMaster has no routing information for a packet. The default route gateway is also the destination address the PortMaster selects when it cannot locate the destination of a packet on the local Ethernet segment. You identify the default gateway by its IP address entered in dotted decimal notation. A PortMaster can never be its own default gateway.
You can set a metric between 1 and 15 for the IP and IPX gateways to indicate the hop count associated with the gateway route. The PortMaster uses the hop count value for comparisons if the PortMaster is set to listen for default routes from other routers.
Refer to Appendix A, "Networking Concepts," for more information about address formats. Refer to the PortMaster Routing Guide for more information about routing.
To set the default gateway, use the following command:
If you do not specify a value for Metric, the PortMaster assumes a default value of 1.
As described in the PortMaster Routing Guide, PortMaster products can automatically send and accept route information as part of RIP messages if routing is turned on. If default routing is on, default routes are sent and accepted as part of the messages.
To configure default routing, use the following command:
Table 3-1 describes the results of using each keyword.
Keywords for Configuring Default Routing
You can use either a network name service or the host table on the PortMaster to map hostnames to IP addresses.
Each host attached to an IP network is assigned a unique IP address. Every PortMaster supports a local host table to map hostnames to IP addresses. If your network lacks a computer that can perform hostname resolution, the PortMaster allows entries in a local host table. Hostnames are used by the PortMaster only for your convenience when using the command line interface, or if you require users to enter hostnames at the host prompt.
To avoid confusion and reduce administrative overhead, Lucent Remote Access recommends using the Domain Name System (DNS) or Network Information Service (NIS) for hostname resolution rather than the local host table. The PortMaster always checks the local host table before using DNS or NIS. For information on setting the NIS or DNS name service, refer to "Setting the Name Service" on page 3-5.
The PortMaster can work with network name services such as the Network Information Service (NIS) or the Domain Name System (DNS). Appendix A, "Networking Concepts," describes these name services. You must explicitly identify any name service used on your network.
The PortMaster stores all information by address rather than name. As a result, configuring the name server is useful only if you are using the command line interface for administration or if you prompt a login user for a host. If you are not using either of these features, you do not need to set the name service.
To set the name service, use the following command:
Once the name service is set, you must set the address of your NIS or DNS name server and enter the domain name of your network. See "Setting the Name Server" on page 3-5 for instructions.
The PortMaster supports RFC 1877, which allows remote hosts also supporting RFC 1877 to learn a name server through PPP negotiation. You must provide the IP address of the name server if you use a name service.
You must set a name service before you set a name server. See "Setting the Name Service" on page 3-5. If you are not using a name service, you do not need a name server.
To set the name server, use the following command:
You can set an alternate name server with the following command:
You must set a domain name for your network after you set a name server. See "Setting the Domain Name" on page 3-6.
You can disable the use of a name service by setting the name server's IP address to 0.0.0.0.
The domain name is used for hostname resolution. If you are using DNS or NIS, you must set a domain name for your network.
To set the domain name of your network, use the following command:
The Telnet access port can be set to any number between 0 and 65535. The Telnet port enables you to access and maintain the PortMaster using a Telnet connection to this TCP port. If 0 (zero) is used, Telnet administration is disabled. The default value is 23. Ports numbered 10000 through 10100 are reserved and should not be used for this function. Up to four administrative Telnet sessions at a time can be used.
To set the Telnet access port to port number Tport, use the following command:
If the console port is set from a Telnet session, the current connection becomes the console. This feature is useful for administrators who log in to a port using Telnet and need to access the console for debugging purposes.
Note ¯ 
Only one Telnet session can receive console messages at a time.
To set the current Telnet access port as a console port, use the following command:
PMconsole, ChoiceNet, and the ComOS utilities pmdial, pmcommand, pminstall, pmreadconf, pmreadpass, and pmreset all use port 1643. In order for more than one of these utilities to connect at the same time, you must set the maximum number of PMconsole connections to two or higher. The maximum is 10 connections.
To set the maximum number of concurrent PMconsole connections into the PortMaster, use the following command:
PortMaster products enable you to log authentication information to a system log file for network accounting purposes.
To set the IP address of the loghost-the host to which the PortMaster sends syslog messages-use the following command:
Note ¯ Do not set a loghost at a location configured for on-demand connections, because doing so 
keeps the connection up or brings up the connection each time a syslog message is queued for the syslog host.
Setting the loghost's IP address to 0.0.0.0 disables syslog from the PortMaster. This change requires a reboot to become effective.
RADIUS accounting provides a more complete method for logging usage information. Refer to the RADIUS Administrator's Guide for more information on accounting.
By default, the PortMaster logs five types of events at the informational (info) priority level using the authorization (auth) facility on the log host. You can disable logging of one or more types of events and change the facility and/or priority of log messages.
To disable logging of a type of event, use the following command:
Use the Logtype keyword described in Table 3-2 to identify the type of event you want to disable-or enable again:
You can change the facility, the priority, or both, of log messages.
To change the facility or priority of log messages, use the following command. Be sure to separate the Facility and Priority keywords with a period (.).
The facility and priority can be set for each of the five types of logged events listed in Table 3-2.
Table 3-3 and Table 3-4 show the keywords used to identify facilities and priorities. Lucent Remote Access recommends that you use the auth facility or the local0 through local7 facilities to receive syslog messages from PortMaster products, but all the facilities are provided. See your operating system documentation for information on configuring syslog on your host.
You can use the following command to determine current syslog settings:
When you log in using !root, administrative logins to the serial ports are enabled by default. You can disable or enable them using the following command:
If administrative login is disabled, you can still use port S0 (or C0) by setting the console DIP switch (first from the left, also known as DIP 1) to the up position.
IP addresses can be assigned dynamically to network dial-in users using PPP or SLIP to access the network. By assigning addresses as needed form a pool, the PortMaster requires fewer addresses than if every user had his own address. Once a connection is closed, the address goes back into the pool and can be reused after it has expired from the routing table. You explicitly identify the first address in the sequence of addresses available for temporary assignment. The PortMaster allocates one address in the pool of addresses for each port configured for network dial-in.
To set the value of the first IP address to assign for dial-in ports, use the following command:
The default number of addresses available for the address pool is equal to the number of ports configured for network dial-in. The address pool size is determined during the boot process. You can instead set the number of IP addresses assigned to the pool with the set pool command.
To limit the size of the IP address pool, use the following command:
Note ¯ 
If you decrease the number of addresses in the pool, you must reboot the PortMaster for the change to take effect.
Some sites require a number of different PortMaster devices to appear as a single IP address to other networks. You can set a reported address different from the Ether0 address. For PPP connections, this address is reported to the outside and placed in the PPP startup message during PPP negotiation. For SLIP connections, this address is reported and placed in the SLIP startup message during SLIP startup.
To set a reported IP address, use the following command:
The Simple Network Management Protocol (SNMP) is an application-layer protocol that allows devices to communicate management information. You can configure the PortMaster to provide network and device information via SNMP to a network management system (NMS). You must have NMS software to use SNMP.
SNMP has the following parts:
SNMP monitoring is used to set and collect information on SNMP-capable devices. This feature is most often used to monitor network statistics such as usage and error rate.
If the SNMP monitoring is on, the PortMaster accepts SNMP queries. If this parameter is off, all SNMP queries are ignored.
To turn SNMP monitoring on or off, use the following commands:
Community strings allow you to control access to the MIB information on selected SNMP devices. The read and write community strings act like passwords to permit access to the SNMP agent information. The read community string must be known by any device allowed to access or read the MIB information. The default read community string is public. The write community string must be known by any device before information can be set on the SNMP agent. The default write community string is private. Community strings should be set on SNMP agents so that configuration information is not changed by unauthorized users.
To use this feature, you must set both a read community string and a write community string for your network.
To set SNMP read and write community strings, use the following command:
Note ¯ 
Use of the default write community string-private-is strongly discouraged. Because it is the default, it is known to all users and therefore provides no security. You should use some other value for the write community string.
PortMaster products allow you to control SNMP security by specifying the IP addresses of the hosts that are allowed to access SNMP information. The specification of read and write hosts allows another level of security beyond the community strings. If SNMP hosts are specified, each host wanting to access SNMP information must not only possess the correct community string, it must also be on the read or write host list. This additional level of security allows only authorized SNMP managers to access or change sensitive MIB information.
You can also specify a list of hosts allowed to read or write SNMP information. You can permit all hosts (not recommended because this setting reduces system security), or you can deny all hosts.
To add SNMP read and write hosts, use the following command:
To delete read and write hosts, use the following command:
Settings for SNMP monitoring, read and write community strings, and read and write hosts are stored in the SNMP table.
To display the SNMP table, use the following command:
Use the following command to display the IP routing table entries:
You can replace String with ospf or bgp to display only OSPF or BGP routes. Replacing Prefix/NM with an IP address prefix and netmask will display only routes to that destination. Enter the IP address prefix in dotted decimal format and the netmask as a number from 1 to 32, preceded by a slash-for example, /24. The netmask indicates the number of high-order bits in the IP prefix.
Use the following command to display the IPX routing table entries:
The routes are displayed in the following order:
-
1. Default route
-
2. Host routes
-
3. Network routes
-
4. Expired routes that are no longer being advertised
Static routes are used to provide routing information unavailable from the Routing Information Protocol (RIP), Open Shortest Path First (OSPF) protocol, or Border Gateway Protocol (BGP). RIP, OSPF, or BGP might not be running for two reasons:
A static route for IP contains the following items:
A static route for IPX contains the following items:
-
For IPX networks, the gateway address consists of 8 hexadecimal digits for the
network address, a colon (:) and the node address of the gateway router expressed
as 12 hexadecimal digits-for example, 00000002:A0B1C2D3E4F5.
-
The IPX node address is usually the media access control (MAC) address on a
PortMaster.
The netmask table is provided to allow routes advertised by RIP to remain uncollapsed on network boundaries in cases where you want to break a network into noncontiguous subnets. The PortMaster normally collapses routes on network boundaries as described in RFC 1058. However, in certain circumstances where you do not want to collapse routes, the netmask table is available.
Note ¯ 
Do not use the static netmask table unless you thoroughly understand and need its function. In most circumstances its use is not necessary. Very large routing updates can result from too much use of the netmask table, adversely affecting performance. In most cases it is easier to use OSPF instead of using the netmask table and RIP. Lucent Remote Access strongly recommends you use OSPF if you require noncontiguous subnets or variable-length subnet masks (VLSMs).
For example, suppose the address of Ether0 is 172.16.1.1 with a 255.255.255.0 subnet mask (a class B address subnetted on 24 bits) and the destination of ptp1 is 192.168.9.65 with a 255.255.255.240 subnet mask (a class C address subnetted on 28 bits). If routing broadcast is on, the PortMaster routing broadcast on Ether0 claims a route to the entire 192.168.9.0 network. Additionally, the broadcast on ptp1 claims a route to 172.16.0.0.
Sometimes, however, you want the PortMaster to collapse routes to some bit boundary, other than the network boundary. In this case, you can use the static netmask table. However, RIP supports only host and network routes, because it has no provision to include a netmask. Therefore, if you set a static netmask in the netmask table, the PortMaster collapses the route to that boundary instead, and broadcasts a host route with that value. Other PortMaster routers with the same static netmask table entry convert the host route back into a subnet route when they receive the RIP packet.
This work-around works only if all the products involved are from Lucent Remote Access, with two exceptions:
The most common use for the static netmask table is to split a single class C network into eight 30-host subnets for use in assigned pools. Subnetting allows each PortMaster to broadcast a route to the subnet instead of claiming a route to the entire class C network. An example of that use is provided below.
The next most common use for the static netmask table is to allow dial-in users to use specified IP addresses across multiple PortMasters in situations where assigned IP addresses are not sufficient. This use can result in very large routing tables and is not recommended except where no other alternative is possible.
The netmask table can be accessed only through the command line interface. To add a static netmask, use the add netmask command. To delete a static netmask, use the delete netmask command. The show table netmask command shows both dynamic netmasks and static netmasks, marking them accordingly.
Note ¯ 
Static routes use the netmask table entries that are in effect when the routes are added. If the netmask table is changed, the static route must be deleted from the route table and added again.
Note ¯ 
Lucent Remote Access recommends that you use OSPF in this circumstance instead of static routes.
This static netmask example assumes the following:
To create subnets, you enter the following commands on all the PortMaster routers:
The netmask table collapses routes on the boundaries specified. As a result, if one PortMaster has an assigned pool starting at 192.168.207.33, it broadcasts a host route to 192.168.207.32 instead of broadcasting a route to the 192.168.207.0 network. The other PortMaster routers consult their own netmask tables and convert that route back into a subnet route to 192.168.207.33 through 192.168.207.32.
If your gateway on the Ethernet is not a Lucent Remote Access product, the netmask table is not supported. However, you can set a static route on the gateway for each of the three destination networks for your assigned pools (192.168.207.0, 192.168.208.0, and 192.168.209.0), pointing at one of the PortMaster routers. The identified PortMaster then forwards packets to the proper PortMaster.
If you are using an IRX running ComOS 3.2R or later as your gateway, you can configure the netmask table on the router also. This allows your PortMaster to listen to RIP messages from the other PortMaster routers and route directly to each of them.
NetBIOS is a programmable entry into the network that enables systems to communicate over multiple media. NetBIOS over IPX uses type 20 broadcast packets propagated to all networks to get and forward information about the named nodes on the network.
NetBIOS uses a broadcast mechanism to get this information because it does not implement a network layer protocol. Before forwarding the packets, the PortMaster performs loop detection as described by the IPX Router Specification available from Novell.
Full NetBIOS protocol compliance requires that the PortMaster be set to propagate and forward type 20 broadcast packets across your IPX network router. When the NetBIOS parameter is on, the PortMaster broadcasts type 20 packets. When the NetBIOS parameter is off, the type 20 packets are not broadcast across the router. The default is off.
To turn NetBIOS on or off, use the following command:
You can configure the PortMaster for three authentication methods, PAP, CHAP, and username/password login.
By default, PAP and CHAP are set to on. Dial-in users are asked to authenticate with PAP when PPP is detected. If users refuse, they are asked to authenticate with CHAP.
If you set PAP to off, and CHAP to on, dial-in users are asked to authenticate with CHAP. PAP authentication is neither requested nor accepted. If you set both PAP and CHAP to off, dial-in users must authenticate with a username/password login.
To set PAP authentication, use the following command:
To set CHAP authentication, use the following command:
You can configure the switch provisioning for ISDN PRI and BRI connections to PortMaster ISDN ports. See Chapter 11, "Configuring the PortMaster 3," for details on PRI connections. See Chapter 12, "Using ISDN BRI," for details on BRI connections.
[Top] [Prev] [Next] [Bottom]
spider@livingston.com
Copyright © 1998, Livingston Enterprises, Inc. All rights
reserved.
Never set the gateway for the PortMaster to an address on the same PortMaster; the gateway must be on another router.
Never set the gateway for the PortMaster to an address on the same PortMaster; the gateway must be on another router.