[Top] [Prev] [Next] [Bottom]
Each asynchronous port can be configured for several different functions, giving the PortMaster configuration more flexibility. However, each port can carry out only one function at a time. For example, if a port receives a dial-in user login request, this port cannot be used for anything else until the current session is terminated. The port is then available for dial-out use or any other purpose specified when the port was configured.
This chapter discusses the following topics:
The following examples describe various uses for asynchronous ports.
Connections between Offices. Office-to-office connections can be achieved with either dial-up asynchronous connections or dial-up synchronous connections, depending on your application. Chapter 15, "Using Office-to-Office Connections," gives an example of a dial-up asynchronous office-to-office connection. Chapter 12, "Using ISDN BRI," gives an example of a dial-up synchronous office-to-office connection.
Once a PortMaster is installed in each office and connected to the local Ethernet with an AUI, 10Base2, or 10BaseT connector, one or more asynchronous serial ports can be configured to dial another office or a set of offices when network traffic for the specified location exists. The two most common configurations are a star where multiple branch offices dial into a central hub that routes among them, and a mesh where every office can speak to any other office on demand. Intermediate configurations between star and mesh are also possible.
To add network bandwidth on-demand, additional ports can be configured for load-balancing. These ports can be configured to connect to a location when the network traffic exceeds a specific level. In this configuration, multiple ports are connected during times of heavy traffic, thereby adding bandwidth as needed, and are disconnected when traffic drops.
Connections to the Internet. You can set an asynchronous port for a continuous connection to an Internet service provider (ISP) by configuring it for continuous dial-out. In this configuration if the dial-out line is dropped, the PortMaster automatically reestablishes the connection.
Connecting to the Internet should include packet filtering and security to ensure that access to the local network is restricted.
Chapter 16, "Using Internet Connections," gives an example of an asynchronous continuous dial-out connection to the Internet.
Logging in to Remote Hosts. Communication servers are most commonly used to allow remote users to dial in to a network location and access a host with their local account. This configuration is also used by ISPs that provide many users access to shell accounts. PortMaster asynchronous ports can be configured for login by dial-in users. When users dial in, they are connected to a modem, are allowed to log in, and are then connected to a specified host for the current session.
Chapter 17, "Providing User Dial-In Access," gives an example of an asynchronous remote log-in connection.
Dial-In Network Connectivity. A PortMaster asynchronous port can provide PPP or SLIP service to a dial-in user, allowing the user to route TCP/IP traffic across a modem to access the local network or the entire Internet. If the port is running PPP, the user can also route IPX traffic in this way. This configuration is very heavily used by ISPs and by corporations with remote users running client/server applications that require to access central hosts from home, field offices, or on the road.
Chapter 17, "Providing User Dial-In Access," gives an example of an asynchronous dial-in connection.
Sharing Devices across the Network. PortMaster asynchronous ports can be configured to allow network hosts access to shared devices connected directly to the PortMaster. If the network host is running the PortMaster in.pmd daemon, a connection can be established to a specified port on the PortMaster. Once the connection is established, the connected device such as a printer or modem can be accessed as if it were connected directly to the host.
Ports can also be configured to be accessed by programs using TCP/IP sockets, or by Telnet from the network.
Chapter 18, "Accessing Shared Devices," gives an example of sharing devices across a network.
Certain settings must be configured for every asynchronous port, regardless of the port type and configuration you select.
If you configure a port as a host device, you can specify that the host device can override certain port settings. This feature allows the host running in.pmd to alter the active parameters through software control, by using operating system I/O calls (ioctl calls in UNIX). The settings that the host can override are speed, parity, databits, and flow control. These settings can be changed by the host using an ioctl() system call. All overrides are turned off by default. If you want to allow a host to override a port setting, turn override for the parameter on.
You can override the settings for all asynchronous commands by using the set all override command.
To turn override on for a particular parameter, use the following command:
Modern modems should be set to run at a fixed rate. To define a fixed rate, lock the data terminal equipment (DTE) rate by setting all three speeds to the same value.
You can set the speed for all the asynchronous ports simultaneously by using the set all speed command.
To set the speed, use the following command-entered on one line:
You can substitute any of the following for Speed:
Parity checking is off by default.
You can set the number of databits per byte for a single asynchronous port or all asynchronous ports. The default of 8 is the most widely used.
You can set the databits for all the asynchronous ports simultaneously by using the set all databits command.
To set databits, use the following command:
The PortMaster can use either software or hardware flow control to communicate with the attached device to start and stop the flow of data. Because hardware flow control is more reliable, Lucent Remote Access recommends that you set software flow control to off and hardware flow control to on.
To set software flow control to off, use the following command:
To set hardware flow control to on, use the following command:
You can create modem pools for dial-out connections by associating ports and dial-out locations with dial groups. Dial groups can be used to reserve ports for dial-out to specific locations, or to differentiate among different types of modems that are compatible with the remote location. Dial groups are numbered 0 to 99. The default dial group is 0.
To assign a port to a dial group, use the following command:
The PortMaster can display port information in brief or extended modes. The default setting is off.
To enable or disable extended information for a port, use the following command:
Note ¯ 
This command only affects the display of port information. It does not affect port behavior.
You can set a custom login prompt for each port using any valid ASCII characters. The default login prompt is $hostname login:. For example, on a host named marketing, the login prompt is marketing login:. Double quotation marks and control characters must not be used inside the login prompt.
To set a login prompt for a port, use the following command:
For example
:
The PortMaster allows you to specify a message for each port, up to 240 characters long, that is displayed to the user before login. To insert a new line, use a caret (^). Do not include double quotation marks within the message.
To set a login message for a port, use the following command:
For example
:
An access filter can provide additional login security. To enable access security, you must define an access filter as described in Chapter 9, "Configuring Filters."
Port security requires that each username be found in the user table or in the RADIUS database. If port security is on, all users who log in must have their usernames verified before they are allowed to connect to the specified host.
If security is turned off, any user not found in the user table is passed through to the host for authentication. If you are using RADIUS authentication, security must be turned on.
To turn security for a port on or off, use the following command:
Automatic login allows users to be connected with the specified host without seeing the login prompt. The username that you provide in String is automatically substituted for the login prompt response and the host session is started.
To enable automatic login for a particular user on a particular port, use the following command:
You can set any asynchronous port to be the console for administrative functions such as configuring the PortMaster. The set console command takes effect immediately. If you use the save console command, the port remains the console even after the current session is ended.
To set a port as the console port, use the following command:
The idle timer is used to control how long the PortMaster waits after activity stops on a port before disconnecting a dial-in connection, and how long the PortMaster should wait for a response to a login, password, or host prompt.
You can set the idle time in seconds or minutes, to any value from 0 to 240. The default setting is 0 minutes.
If set to the special value of 1 second, a dial-in user has 5 minutes to respond to a login, password, or host prompt. If the user does not respond, the port resets, making it available to another user. Setting the idle time to 1 second turns off the idle timer after the user logs in.
Note ¯ 
The idle time special value of 1 second applies only to asynchronous ports that have modem control turned on with the set S0 cd on command. Ports that are in the command state-with an administrator logged on-are not timed out with the special value of 1 second. In ComOS releases earlier than 3.5, the idle time special value is 1 minute.
You can set the idle time of all the ports simultaneously by using the set all idletime command.
To enable the idle timer and set a timeout value, use the following command:
To disable the idle timer, set it to 0.
A PortMaster can be configured to allow dial-in users to log in to a specified host. This configuration is called user login. In user login mode, the user is prompted for his or her login name after the attached modem answers and completes rate negotiation. Once the user is identified as a valid user through the user table or RADIUS security, a login session is established on the host specified for the asynchronous port.
Figure 5-1 User Login Configuration
In Figure 5-1 the user named susan is verified as an authorized user and is connected to the host named sales, which has been specified as the host for this port.
To configure a PortMaster for user login, use the following steps. These steps are described in more detail in the sections following.
-
Set the port type to login:
-
Set the login service:
-
Set the login host:
-
Specify the terminal type:
-
Reset the port and save the settings:
If you use the set S0 login command, the port is set for user login. After being verified or authenticated, a login session is established to the host computer.
You can set the port type to login for all asynchronous ports simultaneously by using the set all command as shown in the following example:
The login service specifies how login sessions are established. Four types of login service are available as described in Table 5-1.
You can specify how the login host is determined for the selected port. The three ways to determine the login host are described in Table 5-2.
You can set the terminal type for a port if it has been configured as a user login or twoway port and you have set the login service to PortMaster, rlogin, or Telnet. The terminal type is passed as an environment variable when a connection is established with a host. The terminal type should be compatible with the host you are logging in to.
You can set the terminal type for all asynchronous ports simultaneously using the set all termtype command.
One of the functions of a communications server is to provide network users access to shared devices such as printers and modems. The port connected to the printer or modem can provide shared access if it is configured as a host device port. This configuration is also useful when using the UNIX tip command and UNIX-to-UNIX Copy Protocol (UUCP) services.
Once a port is defined as host device, a device service must be selected that defines the method used to connect the user to the specified port and device. Host device services include PortMaster, Telnet, and netdata.
You can provide access to host device ports by establishing a pseudo-tty connection to the port from a UNIX host with the PortMaster daemon software installed. In this case, the port operates as a host-controlled device. Figure 5-2 shows a host device configuration using the PortMaster device service and a pseudo-tty connection. This configuration is most commonly used to provide access to shared devices such as printers.
Figure 5-2 Host Device Configuration
Figure 5-3 shows a host device configuration where the device service is set as rlogin, Telnet, or netdata. In this configuration, the host device name is set as /dev/network. This configuration is used in cases where users want to log in remotely via Telnet or rlogin to the shared device before transferring data, such as with a modem.
Figure 5-3 Network Device Configuration
Once the port type is set to accommodate a host device, the device service must be selected and the hostname entered. If the device service selected is PortMaster for pseudo-tty service, a hostname must be specified either in the port configuration or as the global default host. In addition, the PortMaster in.pmd daemon must be installed on the specified host.
To configure a port for access to shared devices, use the following steps:
-
Set the port type to device:
-
Set the device service:
-
Save the configuration:
The device service defines the method used to connect a host to a host device port. The following device service options can be selected:
The PortMaster device service is the most efficient and highest-performance service. This service can be used with any workstation that has the PortMaster in.pmd daemon installed. PortMaster service is the default and preferred service because it allows the specified port to operate like a serial port installed on the host.
When using the PortMaster device service, you must use a host device name listed in the /dev directory of each UNIX host with access to the shared device. The standard device entries have ranges like the following:
Telnet is a remote terminal protocol supported by most computers using TCP/IP protocols. Telnet allows the user at one site to establish a TCP connection to a login server at another site. Once the connection is established, keystrokes are passed from one system to the other. Use Telnet service in networks where a variety of hardware devices with different operating systems must use the selected port.
In this configuration, the device name must be set to /dev/network.
The default TCP port number for Telnet is 23; however, another TCP port can be specified on a per-port basis. All ports with a common Telnet port number form a pool similar to the rlogin pool.
Note ¯ 
If you use Telnet to administer the PortMaster, select a TCP port number for your shared device port that is different from your administrative Telnet port.
The netdata device service provides a TCP clear channel on which 8-bit data is passed without interpretation. This service can be used to connect to the selected port from another serial port on a different PortMaster. This configuration can provide network connections between hosts on different networks. The netdata service is most commonly used for special applications which require the use of TCP-CLEAR channel access to a network socket. This device service provides a direct data link from the application to the device connected to the PortMaster port. With the socket connection, no special option negotiation or protocol is required.
The default TCP port number for the netdata service is 6000, but you can specify another port.
In this configuration, the device name must be set to /dev/network.
You can configure PortMaster asynchronous ports for network dial-in-only access, dial-out-only access, or both dial-in-and-out access (also known as two-way access). You can combine dial-in and dial-out access with the login and device services discussed in the previous sections.
When you configure a port for network dial-in, dial-out, or two-way access, the port becomes available for connections to and from remote sites using modems and the Serial Line Internet Protocol (SLIP) or the Point-to-Point Protocol (PPP).
To configure a port for network access, use the following steps:
-
Set the port to network and choose the access type:
-
Save the configuration:
Note ¯ 
In any of these dial modes (dial-in, dial-out, and two-way) you can also configure the port for other concurrent port types.
Network dial-in-only access can be set on ports dedicated to answering requests from mobile or home users. In this configuration, the selected port allows an authorized user to connect to the network for mail, file, and other services through SLIP or PPP encapsulation. Figure 5-4 shows how the PortMaster provides network connectivity for remote users.
Figure 5-4 Dial-In-Only Port Access
Network dial-out-only access can be set on ports dedicated to Internet connections or connections to another office. In this configuration, the port is used to establish communication from the PortMaster to an outside location. SLIP or PPP is used for these types of connections. Figure 5-5 shows an example of a dial-out-only configuration.
Figure 5-5 Dial-Out-Only Access
Dial-in-and-out service on a selected port is also called two-way access. Two-way access is specified for ports where both dial-in and dial-out access are needed. Dial-in modes with modems allow users to connect to the main network without the cost of a leased-line connection. This method can also be used for connecting to remote sites that need only occasional telecommuting or backup connectivity.
To configure two-way access, set the port type for network use and then set the network dial access for two-way use. The specified port operates in user login mode if DCD is detected on pin 8 of the RS-232 connector. Otherwise, it can be accessed as a host device on the computer through in.pmd or a Telnet session.
As mentioned in "Network Dial-In-Only Access" on page 5-17, SLIP or PPP is used to define the method for sending IP packets over standard asynchronous lines with a minimum line speed of 1200bps. These encapsulation methods allow you to establish connections on an as-needed basis to reduce telephone costs.
To set a port for network two-way access, use the following commands:
The Serial Line Internet Protocol (SLIP) is an older protocol than PPP and not as robust. However, some hosts support only SLIP. The type of protocol allowed is specified for each dial-in user, dial-out location, or network hardwired port.
PPP is a method of encapsulating network layer IP protocol information on asynchronous point-to-point links. PPP is described in RFC 1331 and RFC 1332. Lucent Remote Access' implementation of PPP provides PPP autodetection support for the Challenge Handshake Authentication Protocol (CHAP) and Password Authentication Protocol (PAP) on serial ports running PPP. ComOS 3.3 and later releases support Multilink PPP as described in RFC 1717 on ISDN BRI ports, and all ports on the PortMaster 3.
Note ¯ 
Be sure to use the set S0 rts/cts command to enable hardware flow control (RTS/CTS) for all SLIP and PPP connections.
PAP and CHAP authentication occur in the following sequence:
-
1. A user dials in to a port and starts sending PPP packets.
-
2. The PortMaster negotiates the authentication protocol with the remote host.
-
3. If the host refuses PAP authentication, the PortMaster prompts the host to authenticate using CHAP. If the host refuses CHAP authentication, the PortMaster hangs up.
Both the local communications server and the remote device must support CHAP to use this protocol.
To configure PAP or CHAP for PPP users, the local user table or RADIUS must have an entry for each authorized user that includes the username and password. The passwords on both ends of the connection must be identical or the authentication process fails.
To disallow PAP authentication and accept only CHAP, use the set pap off command.
You can configure an asynchronous port for a permanent network connection (also known as a hardwired connection). Hardwired connections require no modem dialing or authentication protocol and are designed for connections to modems configured for leased line service, asynchronous-to-synchronous converters, or Frame Relay asynchronous devices (FRADs). Hardwired connections can use SLIP or PPP with IP and IPX.
Note ¯ 
This type of configuration creates a continuous uninterrupted connection on this port. If the port is configured for a hardwired connection, it cannot be used for any other purpose.
An example of a hardwired connection is shown in Figure 5-6.
Figure 5-6 Hardwired Port Configuration
Hardwired connections on asynchronous ports provide the continuous connection advantage of a synchronous port at lower bandwidth, but without the cost of T1 line connection.
To configure a port for a hardwired connection, use the following steps:
-
Set the port for network hardwired:
-
Set the protocol:
-
Set the maximum transmission unit (MTU) size:
-
Set the destination IP address:
-
Set the IPX network number if you are using IPX:
-
Enable RIP routing:
-
Set compression:
-
Set the PPP asynchronous map (if required):
-
Set input and output filters (if using):
-
Omitting the Filtername removes any filter previously set on the port.
-
Save the configuration:
-
Reset the port:
The network protocol for the hardwired port can be set for PPP packet encapsulation or SLIP encapsulation as described in "PPP and SLIP Connections" on page 5-19. If you want to use PPP you have your choice of the following options:
The maximum transmission unit (MTU) defines the largest frame or packet that can be sent through this port. If a packet exceeds the specified MTU size, it is automatically fragmented if IP or discarded if IPX. PPP connections can have an MTU set from 100 to 1500 bytes. SLIP connections can have an MTU set from 100 to 1006 bytes. The remote host can negotiate smaller MTUs if necessary.
The MTU is typically set to the maximum allowed for the protocol being used, either 1500 or 1006 bytes. Setting smaller MTU values is useful for interactive (typing) users who send small packets, while larger values are better for multi-line load balance.
The IP address or hostname of the machine on the other end of the hardwired connection must be entered to identify the port destination. For PPP, the IP destination can be set to negotiated (255.255.255.255). You can optionally specify the netmask of the system on the other end of the hardwired connection.
IPX traffic can be passed through a port if you assign an IPX network number to the hardwired network connection.
Note ¯ 
The IPX network number must be different from the IPX networks used on the Ethernets on either end of the connection.
As described in the PortMaster Routing Guide, PortMaster products automatically send and accept route information as part of RIP messages if RIP routing is turned on.
To configure RIP routing for a network hardwired asynchronous port, use the following command:
Note ¯ ComOS releases prior to 3.5 use routing instead of the rip keyword.
Table 5-3 describes the results of using each keyword.
See the PortMaster Routing Guide for instructions on configuring OSPF routing or configuring BGP routing.
Compression can increase the performance of interactive TCP sessions over network hardwired asynchronous lines. PortMaster products use Van Jacobson TCP/IP header compression and Stac LZS data compression. Compression is on by default.
Compression should not be used with multiline load-balancing, but can be used with Multilink PPP.
Compression must be enabled on both ends of the connection if you are using SLIP. For PPP connections, the PortMaster supports both bidirectional and unidirectional compression. Refer to RFC 1144 for more information about header compression.
The PortMaster supports Stac LZS data compression only for PPP connections with bidirectional compression. Stac LZS data compression cannot be used for SLIP connections.
To configure compression, use the following command:
Table 5-4 describes the results of using each keyword.
Note ¯ 
This command is used only on network hardwired asynchronous ports. Dial-in users must use the user table or RADIUS instead. Dial-out locations must use the location table instead.
The PPP protocol supports the replacement of nonprinting ASCII characters found in the datastream. These characters are not sent through the connection but are instead replaced by a special set of characters that the remote system interprets as the original characters. The PPP asynchronous map is a bitmap of characters that should be replaced. The default PPP asynchronous map is 00000000. If the remote host requires a PPP asynchronous map, the PortMaster accepts the request for the map.
Input and output packet filters can be attached to a network hardwired port. Filters allow you to monitor and restrict network traffic. If an input filter is attached, all incoming packets on that port are evaluated against the rule set for the attached filter. Only packets permitted by the filter are passed through the PortMaster. If an output filter is attached, packets going to the interface are evaluated against the rule set in the filter and only packets permitted by the filter are sent to the interface.
For more information about filters, see Chapter 9, "Configuring Filters."
You can configure the PortMaster to connect to bulletin board service (BBS) systems or other hosts that have serial ports and allow bidirectional communications, but do not support TCP/IP. This connection requires that you connect the PortMaster to the host with a null modem cable. For more information about null modem cables, refer to your hardware installation guide.
The default setting is on, which sets the DTR drop time to 500 milliseconds (ms). Setting the Data Terminal Ready (DTR) signal to off changes the behavior of the port to better accommodate the connection.
To turn DTR on or off, use the following command:
The following example shows how to configure this feature on port S1:
Note ¯ 
The PortMaster ignores the Data Set Ready (DSR) signal. Some PCs might require DSR high, but they do not tie DSR to DTR.
[Top] [Prev] [Next] [Bottom]
spider@livingston.com
Copyright © 1998, Livingston Enterprises, Inc. All rights
reserved.