[Top] [Prev] [Next] [Bottom]
This chapter summarizes PortMaster operation and capabilities so you can choose how to configure your system. Consult the glossary for definitions of unfamiliar terms.
This chapter discusses the following topics:
When you start up the PortMaster, it carries out the following functions during the booting process:
-
1. Self-diagnostics are performed. The results are displayed to asynchronous console port C0 or S0 if the console DIP switch (first from the left, also known as DIP 1) is up.
-
2. ComOS is loaded.
-
The TFTP process begins by transferring the /tftpboot/address.typ file, replacing
address with the uppercase 8-character hexadecimal expression of the IP
address of the PortMaster and typ with the 3-character boot extension
describing the model of PortMaster, as shown in Table 2-1. If
/tftpboot/address.typ is not found, the PortMaster requests
/tftpboot/GENERIC.OS.
-
The netbootable ComOS can also be downloaded via serial cable through the
console port. See "Booting from PROM" on page 20-18."
-
3. The user configuration is loaded from Flash RAM.
-
4. The IP address is located.
-
If no address is configured for the Ethernet interface and no address was obtained
from netbooting, the PortMaster sends a RARP message to discover its IP address.
If the PortMaster receives a reply to the RARP message, its IP address is set in
dynamic memory.
At this point the PortMaster is fully booted with its configuration loaded into DRAM. This process takes less than a minute. After the PortMaster boots successfully, the status LED is on, blinking off once every 5 seconds. Refer to the hardware installation guide for your PortMaster for the location of the status LED and for troubleshooting procedures if the LED is not behaving as described.
Once the PortMaster has successfully booted, it does the following:
-
1. Ethernet interfaces are started.
-
2. Modem initialization strings are sent to asynchronous ports that have modem table entries defined.
-
3. Network hardwired ports are initiated.
-
4. Continuous dial-out connections are initiated.
-
5. On-demand dial-out connections for locations that have routing enabled are initiated, and routing information is exchanged between the PortMaster and those locations.
-
6. Broadcasting and listening for routing packets are initiated on interfaces configured for routing.
-
7. TCP connections to PortMaster hosts are established.
-
8. TCP connections are established to ports configured as host devices by means of the PortMaster device service.
-
9. The PortMaster listens for TCP connections to any ports configured as network devices.
-
10. The PortMaster listens for activity on TCP and UDP ports, such as for administrative Telnet sessions on TCP port 23, PMconsole connections on TCP port 1643, and SNMP requests on UDP port 161.
-
11. Syslog starts, if configured.
-
12. RADIUS starts, if configured.
-
13. ChoiceNet starts, if configured.
The PortMaster is now ready to begin providing service.
The PortMaster establishes on-demand connections in the following way:
The PortMaster provides security through the user table, or if configured, RADIUS security. When a dial-in user attempts to authenticate herself at the login prompt, or via PAP or CHAP authentication, the PortMaster refers to the entry in the user table that corresponds to the user. If the password entered by the user does not match, the PortMaster denies access with an "Invalid Login" message. If no user table entry exists for the user and port security is off, the PortMaster passes the user on to the host defined for that port using the selected login service. In this situation, the specified host is expected to authenticate the user.
If port security is on and the user was not found in the user table, the PortMaster queries the RADIUS server if one has been configured. If the username is not found in the user table, port security is on, and no RADIUS server is configured in the global configuration of the PortMaster, access is denied with an "Invalid Login" message. If the RADIUS server is queried and does not respond within 30 seconds (and neither does the alternate RADIUS server), access is denied with an "Invalid Login" message.
If security is set to off, any username that is not found in the user table is sent to the port's host for authentication and login. If security is set to on, the user table is checked first. If the username is not found and a RADIUS server is configured, RADIUS is consulted. When you are using RADIUS security, you must use the set security s0 command to set security to on.
Access can also be denied if the specified login service is unavailable-for example, if the PortMaster Login Service has been selected for the user but the selected host does not have the in.pmd PortMaster daemon installed. Access is denied with the "Host Is Currently Unavailable" message if the host is down or otherwise not responding to the login request.
If an access filter is configured on the port and the login host for the user is not permitted by the access filter, the PortMaster refuses service with an "Access Denied" message. If the access override parameter is set on the port, the PortMaster instructs the user to authenticate himself, even though the default access filter is set to deny access.
Refer to the RADIUS Administrator's Guide for more information about RADIUS.
Use the following command to display the current status, active configuration, and default configuration of each port:
Table 2-2 describes each possible status. See "Verifying Port State for Old and New Cards" on page 20-9 for verification information.
[Top] [Prev] [Next] [Bottom]
spider@livingston.com
Copyright © 1998, Livingston Enterprises, Inc. All rights
reserved.