Patton electronic 29XX User's Manual
Contents
1. 276 Te 1a NET E PET TE TEE T E A EA E T 278 WAN Circuit CONFIGURATION Wi dO Wes iii ias 278 Layer 2 Tunneling Protocol L2TD ooccocoononnonoononnonnonnonconeononncnnonnonconconcononnonnonnonconcon canoso ron onnon non ESSES ESSN EOSS 290 Introducir airada 291 LZTP Confjpitdtlon eee efron aa 291 jUOnn Q 295 lisa PP 296 Patton Electronics Company contact Informator isiro airin re E E E E E E eee 296 ETS P Ey 297 sabe 298 End Usen license Arrestan neuter eee ntn E OE UE ERE RUD e NEN eee te de 298 Supported RADIUS Attributes RR ss se pedore vesitse SKos 300 a NO 301 AtcesRequestiAtulbutes inicial PH HTH 301 Access Challenge Att Dutesc uc codo E pite ida 302 Accountitig St rt AGEIDUTeS on ia nacida 302 Accoumunb Stop AEIHIDUEES cae dl iria Det el Er eO pre crag sete E ertet deus Pepe Ee E 303 MIB trees 304 Model 2960 MID Tree Struc tutes ER 305 Technical Reference civic ii a sisi 306 NN 307 Configure 3 RATS server codem emeret mre tita es Dee Sos carnage it ss 307 Using SNMP with the Acces E ua 313 Configuring Non Facility Associated Signaling NFAS sssesssssssesssesssseseecesessseseeeeesscsesesseavseeeesacersceeserataeets 316 Gonfieurinp Frame Rel ii REOR HEURE PU TREHUS 317 Conligurine MOINS2. eerte 129 Local Frame Check Sequence size doStat l ransmitFEesSIze iniciarte 129 Remote Frame Check Sequence size doStatReceivel csSize 5 eter nit 129 ld 130 Number Called doactNumberDialed eese eene nnne nnne nnns eene sentes 130 Ie muti uaa debe sa E tas 130 Oetets Sent doactSent O tels A beer vss Eo E ec evel ee eben pine ee eve aE 130 Octets Received doactReceived Octets cicatrices cian esse rese esos bee epa ee Era eve 130 105 Access Server Administrators Reference Guide 8 Dial Out Packets Sent Td oap Senrt ara Frames viii acacia raa rada pue 130 Packets Received doactReceivedDataFrames sss 130 Bad Packets doactErrotFrames ti esee bet liada 130 Physical Layer contraataca 131 Connection Modulation doactModulation eese nennen enenatis int 131 Tx Connection Speed doat xSpeed sidad 131 Rx Connection Speed EST e 1 oonioiro eon Ea E EEE E T 131 Error Correction Protocol doactErrorCorrection eese nnne nne a gana 131 Data Compression Protocol doact Compression cinco 132 Modulation Symbol Rate doactSymbolRate sss 132 Locally Initiated Renegotiated doactLocalRenegotiates eene 132 Locally Initiated Revrains doactLocalRetrains iii 132 Remote Initiated Renegotiates doactRemoteRenegotiates eese 132 Remote Initiated Retrains doactRemot
3. reete reete ree nacen cacaos 114 UE Messages to Radiusi di V 59 Enable ee eso ie pa E 114 Modin lo roro coheret T EM RA d Aere 115 a A A ier et tei M NOEL Me E M E cee 115 Neta V OR allg sec et mest cay ER URN RUNE RUIN 115 Access Server Administrators Reference Guide 8 Dial Out Ksoflex diModemkE3SGEnable civic cri rar E a AEE E raga ena pend 115 Vld Modemy o4IEnable is 115 M32 dMedemwv 32 Enable t etre ene ite eee tette tee RERO Oe iiec den 115 V29 diModem V23 Enable innata 115 V22 doModemV22EBnabl iii EA banda iba 115 V21 doModemWw2 LED a ida 115 Maximum Speed doModemMaxSpeed iii ta tl E EE 115 Minimum Speed doModem Mins pled e sesiis irit cs iii dee 116 Guard Tone doModemGuardTone eese ENEE EESE E E ETNE 116 Carrier Loss Duration doModemCarrierLossDuration sss sese 116 Retraim do Modem Retain 3 5 eret id eodera us 116 Tx Tevel doModemIxLeyel siue eerie rette treo eee e beret nd aaa ale eine raa 116 Protocol doModembProtocol a cabe cet bee S 116 Compression doModemComipression 5 dore oa tare e ED dca eee ade ea dede 116 Restrict Modification doModemRestrictMods esee nnne nnne 117 Dialnt Locations Window eric rer adi ee reca S C ra E DUO a 117 Status locatio Stat ia etre vetro ea Ce ra ve oci RE QS Eee n Fa epe e aE d dea etre ue grate 117 AAA ee leed dE EU 118 loca onid aa A 118 Location Name locatonName 5 2 21 dead TEE epa E EE E AS 118
4. Routing Information 200 Access Server Administrators Reference Guide 16 e IP Table 3 Masks 255 255 255 0 class C Gateway RouteGateway Specifies the IP address to which the packets should be forwarded Cost RouteCost This is the cost of the route as defined by RIP standards Cost is sometimes considered to be number of hops A cost of 16 is considered to be infinite A cost can be given to user entered routes so their preference in rela tion to learned routes can be calculated Interface ipRoutelflndex The index value that identifies the local interface through which the next hop of this route should be reached The interface identified by a particular value of this index is the same interface as identified by the same value of ifIndex State RouteState e invalid 1 This setting deletes the route e active 2 A valid route is in use nopath 3 No route is available to the specified gateway The gateway is not known to local networks e agedout 4 Invalid route soon to be removed costly 5 A valid route but not in use because of it s higher cost Add a route This portion of the IP Routing Information window is where you can add a new route to the IP Routing Infor mation table The first entry see figure 84 can be used to add or change the default gateway or as a short cut to creating a point to point connection The second entry under Add a route see figure 84 is where static route
5. RadTunnelPassword RADIUS Attribute 69 example gt gt Tunnel Password tunnel pass This parameter defines the password which will be used to authenticate the tunnel If no password is sup plied by the RADIUS server the tunnel will not use authentication on the tunnel link Note that this is not the password for the dialin user or the PPP link this will only be used to authenticate the tunnel RadServerEndpoint RADIUS Attribute 67 example gt gt Tunnel Server Endpoint 192 168 200 15 This is the IP address of the LNS To define a different LNS server for a specific dialin user simply use a new IP address Multiple calls which will be sent through the same tunnel same IP address will always go through the currently established tunnel i e we do not create a new tunnel per call we will establish a new tunnel if a new remote LNS is defined by this parameter RadTunnelClientID RADIUS Attribute 90 example gt gt Tunnel Client Auth ID patton_lac If defined this will be used as the hostname parameter supplied from the LAC to the LNS when the tun nel is being established The cisco devices provide a command terminate from under L2TP If this cisco L2TP Configuration 292 Access Server Administrators Reference Guide 24 Layer 2 Tunneling Protocol L2TP command is used then the value used cisco gt terminate from patton_lac would need to match the host name provided by the RAS device If this variable
6. wrap 2 All packets received on the specified dialup link will be encapsulated in an extra IP header as defined in RFC2003 The destination IP address of the wrapper is given by the destination IP setting in the filter The source IP address of the wrapper is the ethernet address of the remote access server All wrap filters are inbound only Note Block filters take priority therefore any applied and matching block filters will drop the packet Next pass filters are examined if PASS filters have been defined then at least one of them must match or else the packet will be dropped After the block and pass filters are examined the WRAP filter if it exists will be applied Source IP Applies the filter action based on the results of the stated comparison to the IP address and subnet mask Comparison filterlpSourceAddressCmp equal 0 apply the action of the filter if the Source IP equals the IP address subnet mask combination supplied e notEqual 1 apply the action of the filter if the Source IP does not equal the IP address subnet mask com bination supplied Address filterlpSourcelp The IP address to which the filter will compare the source IP address Mask filterlpSourceMask The subnet mask the filter will apply to the source IP address to make the comparison Note These fields are ignored unless either the IP address or Mask have been entered Bit positions that are set to 1 will be compared and 0s will be ign
7. Far End Line Statistics Current History Totals Figure 102 T1 E1 Link Activity main window Click on T1 E1 Link under the Configuration Menu to display the T1 E1 Link Activity main window The T1 E1 Link Activity main window contains the following items Information that identifies the DS1 Interface on a managed device indicates the type of DS1 line using the circuit and shows the transmission vendor s circuit identifier see figure 102 For more information about the objects in this window refer to T1 E1 Link Activity main window on page 253 Line Status This variable indicates interface line status If any condition other than No Alarms exists you can click on the Alarms Present link to view the Line Status Alarms window For more information about these objects refer to The physical line failures currently registering will be indicated by the ACTIVE label next to the failure type on page 254 Line Status Configuration link clicking on this link takes you to the page that displays the WAN Cir cuit Configuration window This window contains general information about the DS1 interface amount of time intervals passed and kind of line coding For more information about this page refer to Line Sta tus Configuration on page 258 Line Status Channel Assignment link clicking on this link takes you to the page that displays the WAN Circuit Channel Assignment window where T1 E1 lines ar
8. Selects how the access server will authenticate an incoming call Select from using the default service No Validation 0 Select this to allow un authenticated calls into the access server and on to your LAN static Users 1 Use the access server internal user database only to authenticate Static users are simply users and passwords entered into the access server s internal users database radius Users 2 Use RADIUS to authenticate and provision user services RADIUS is a client server sys tem developed to manage the flexible requirements of remote dial in users The RADIUS protocol is speci fied under RFC 2138 for authentication and RFC 2139 for accounting RADIUS servers are available as freeware for most computer platforms and is an excellent method for managing user dial in security Any RADIUS entries will require an associated server to process authentication requests from the access server or the access server will reject users access For more information about RADIUS see RADIUS User Authen tication below e tacacs Users 3 This feature is not currently available static Then RADIUS 4 Check the internal user database first if no match is found then use RADIUS to authenticate and provision user services static Then Tacacs 5 Check the internal user database first if no match is found then use TACACS to authenticate and provision user services Not currently implemented Note The following opt
9. Sent udpOutDatagrams The total number of UDP datagrams sent from this entity Listener Table udpTable A table containing UDP listener information Local Address udpLocalAddress The local IP address for this UDP listener In the case of a UDP listener that is willing to accept datagrams for any IP interface associated with the node the value 0 0 0 0 is used Local Port udpLocalPort The local port number for this UDP listener ICMP Under normal circumstances IP makes very efficient use of system resources However errors congestion and system malfunctions occur periodically ICMP Internet Control Message Protocol assists network managers with IP routing by sending control and error reporting messages between IP hosts ICMP 195 Access Server Administrators Reference Guide 16 e IP ICMP Block Icmp redirects Parameter Receive Send Total 77969 3037193 w Errors 0 0 DestinationsUnreachable 30 75 TimesExceeded 8 20 ParameterProblems 0 0 SourceQuenchs 27 0 Redirects 0 146 Echos T7900 0 EchoReplys 4 77900 TimeStamps 0 0 TimeStampReplys 0 0 AddressMaskRequests 0 0 AddressMaskReplys 0 0 Figure 80 ICMP window Click on ICMP under the Configuration Menu to monitor access server ICMP statistics see figure 80 Block ICMP redirects boxBLockIcmpRedirects Enables you to configure how the access server handles ICMP redirects Enabling the access server to receive redirected messages is generally
10. Those variables valid for a group of products Those variables valid for a Model 29XX 31XX Series m3120 node Active Calls is a product specific parameter Now the OID can start to be built up Choose the nodes that will take you to the private Patton MIB these nodes are shaded red in figure 128 on page 315 All private Patton MIB variables will begin with this series 1 3 6 1 4 1 1768 Finding the branch where the SNMP parameter resides On the SNMP web page are links to the Patton MIB definitions Most of the MIBs are common to all Patton access server products therefore the parameter is likely to be found in the Enterprise MIB Click on Enterprise MIB and open the file Search for the SNMP name diActive that maps to Active Calls The following entry is listed diActive OBJECT TYPE SYNTAX INTEGER ACCESS read write STATUS mandatory DESCRIPTION The total number of active calls 7 calldialin 25 L The entry includes the name the type the access available and the description of the parameter The last line gives another part of the OID There the diActive parameter is identified as parameter 25 under the calldialin branch Looking at the MIB tree the calldialin node is labeled as branch 5 shaded green in figure 128 on page 315 Note For the purpose of this example figure 128 on page 315 shows parameter identifier 25 diActive Normally a MIB tree shows only branches and nodes it will not show the myriad of parameters
11. telnet 2 User will be automatically given a telnet prompt e tcpraw 3 All 8 bits are passed unchecked and unaltered ppp 4 Only a PPP connection will be allowed Dial In Modify default window 68 Access Server Administrators Reference Guide 7 Dial In slip 5 SLIP or PPP connection will be allowed SLIP is not currently implemented e vpn 6 Not currently implemented tcpraw cpn 7 Send a Called Party Number Information Element CPNIE Packet to the server that accepts the TCP RAW connection This feature is for a proprietary application only do not use Default IP Service diServicelP This object defines the IP address that will be used for login connections telnet or rlogin when the authenti cation technique has not provided an IP address to connect to Default Service Port diServicePort This object defines the IP port number that will be used for login connections telnet or rlogin when the authentication technique has not provided a port number to connect to If no TCP port number is provided then the following UNIX defaults will be used telnet port 23 e rlogin port 513 Force Next Hop diForceNextHop All packets received on the specified dial up link will be forwarded to the specified gateway The gateway must be on the same network at the remote access server This is the default setting that will be used if the setting is not overridden by the RADIUS response for that particular user A
12. 5 gl 46 availabe y 47 available 4 y 48 Javailable 4 y Submit Query DSP Memory Capture Jo Submit Query i DSP PCM Capture 0 Submit Query DSP Debugging Events disabled 2 2 Submit Query Figure 60 DSP Memory Capture and DSP PCM Capture settings DSP Settings main window 146 Access Server Administrators Reference Guide 11 Digital Signal Processing DSP DSP Memory Capture This portion of the DSP Settings window see figure 60 will store the memory content in 5 rotating circular buffers Each buffer contains the program and data memory associated with a call on the DSP The buffer con tent is saved when the memory capture is triggered Do not turn on unless requested by technical support DSP PCM Capture This portion of the DSP Settings window see figure 60 captures the first 30 seconds of the pulse code modu lation on the incoming call on the specified DSP Do not turn on unless requested by technical support DSP Debugging Events Events for each call are automatically saved into a buffer This buffer holds the last 100 DSP events for each DSP These are used for analysis by Patton Electronics DSP Connection Performance This window see figure 61 shows connection summaries and statistics about the individual DSPs Click on Connection Summary on the DSP main window see figure 59 on page 144 to display this window DSP CONNECTION PERFORMANCE 4 Failure to Negotiate CONNECTION SUMMARY
13. Access Server Administrators Reference Guide A Supported RADIUS Attributes Access Accept Attributes Username 1 Service Type 6 Framed Protocol 7 Framed IP Address 8 Framed Netmask 9 Framed Route 10 Filter Id 11 Framed MTU 12 Framed Compression 13 logndPHos MA Login Service 15 Login Port 16 Reply Message 18 CalbackNumber 9 State 24 Class 25 Session Timeout 27 Idle Timeout 28 Termination Action 29 Port Limit 62 Primary DNS Ascend Compatibility 135 Secondary DNS Ascend Compatibility 136 Assign DNS Ascend Compatiblity 137 Force Next Hop 209 MS CHAP Success VSA MS CHAP Domain VSA Access Request Attributes User Password 2 CHAP Password 3 NAS IP Address 4 NAS Port 5 Service Type 6 Framed Protocol 7 State 24 Called Station Id 30 Calling Station Id 31 NAS Identifier 32 Access Accept Attributes 301 Access Server Administrators Reference Guide A Supported RADIUS Attributes CHAP Challenge 60 NAS Port Type 61 MS CHAP Challenge MS CHAP Response MS CHAP CPW2 MS CHAP Nt Enc Password MS CHAP Lm Enc Password MS CHAP Challenge MS CHAP2 Response MS CHAP2 CPW MS CHAP Nt Enc Password Access Challenge Attributes State 24 Session Timeout 27 Idle Timeout 28 Accounting Start Attributes User Name 1 NAS IP Add
14. Configuring Frame Relay 322 Access Server Administrators Reference Guide C Technical Reference Configuring DNIS DNIS Dialed Number Identification Service is a telephone service that identifies for the the receiver of the call the number that the caller dialed DNIS works by passing the touch tone digits dual tone multi frequency of MF digits to the destination where a special facility can read and display them or make them available for use by the terminating device The RAS uses its ability to capture DNIS information to provide the customer the ability to set up parameters for their dial in clients based on the phone number that has been dialed or which physical WAN port they have dialed into If none of the specified conditions are met then the default conditions of the RAS will be applied to the user In its current implementation the following parameters can be configured based on DNIS Authentication can select traditional authentication or no validation P Address Pool Data over voice bearer services Setting up IP address pools by configuring DNIS Ip Pools Note This section is optional If you are not going to set up IP address pools refer to section Setting up a DNIS user profile If IP address pools are to be assigned based on DNIS or WAN port configure your DNIS Ip Pools see figure 35 on page 86 as follows 1 Enter an ID number to identify the IP address pool 2 Enter the IP address range 3 Cl
15. Setting Up Authentication 37 Access Server Administrators Reference Guide 5 e Authentication auValidation below configure the additional parameters as shown in figure 17 to configure RADIUS parameters See Static User Authentication on page 41 to set up Static users AUTHENTICATION Configuration Validation Host Address 9216081519 Secondary Host Address 921681521 Host Port 1802 1 Timeout D O O 1 Retries i o Secret access sewer secret NAS Identifier es Accounting Address 21681519 Secondary Accounting Address 1921681521 Accounting Port fer Accounting Enable enableAccounting 1 3 RADIUS Packet Format fullRfcPacket 0 2 RADIUS Session ID Size To edit specific static users go back and click on the username Figure 17 Authentication Configuration screen Validation auValidation Selects how the access server will authenticate an incoming call Select from No Validation 0 Select this to allow un authenticated calls into the access server and on to your LAN using the default service static Users 1 Use the access server internal user database only to authenticate Static users are simply users and passwords entered into the access server s internal users database radius Users 2 Use RADIUS to authenticate and provision user services RADIUS is a client server sys tem developed to manage the flexible requirements of remote dial in use
16. affected e destroy 7 user selectable set by the administrator to remove the location from the table Dial Out Locations Window 117 Access Server Administrators Reference Guide Add Location Locations are added to the table using the following form at the bottom of the locations window Id locationld Add Location Id o Location Name User Name Password Phone Number oo el Destination IP moon Destination NetMask mono Multilink o Connection Type manual 0 y Idle Timeout o Maximum Session Time II Authentication Technique none D y Ip Filters cT Modem Profile TIM Submit Query 1 Figure 46 Add Location Form 8 Dial Out The unique identifier for this location There are a maximum of 120 locations so the range is from 1 to 120 Location Name locationName A name can be given to each location Maximum size is 12 characters User Name locationUserName This is the username to log into the remote location Maximum size is 32 characters Password locationPassword This is the password to log into the remote location Maximum size is 32 characters Phone Number locationPhoneNumber This is the phone number to dial to reach the remote location Maximum size is 80 characters Destination IP locationDestinationIP This is the IP address of the remote location This field is required for Dial On Demand calls If this field is left to 0 0 0 0 the IP address will be nego
17. Access Server Administrators Reference Guide 7 Dial In DP Addressqdiacelb a toni 90 Pore on Remote Machine diactPort ii 90 o H EI MU ELE II IIIA NEM eet n 90 Start me of call diactSessionStart l une cuida 90 Time Call Is Was Active diactSessiton LIME acia 90 Minutes Until Timeout diactRemainingldle 2 2 teer tpe tenere ette petita 90 Time Left In Session diactRemalningSessiOn noia lili 91 Termination Reason diact l ermainateReason iii dit iia 91 State at termination diact l eriminateState 2 0 crie core eerie tete tote eer dee oa Fee derer Eye PE EE isis 94 A ce tette icig nb UE rix d Potente tete ttn cest eese dandsvesesucetiat E EE eS 95 Bad Address diStatBadAddresses c ccccsscccsssccecesessesencccassrcesncevesetcusessesescecesooseccacccaessedecteuscucsncenesteesoouses 95 Bad Controls daStatBad Cia 95 Packets Too Long diStatPacketTooLongs sicaire nennen teninin eana S eE 95 Bad Prame Check Sequences diStatBad POSE cota iia 95 Eae O 95 Local MRU diStatLoca lMRU id 95 Remote MRU diStatRemoteMRUJ a ieeo etch tete ita 96 Local Multilink MRRU diStatLepLocalM RR rencia tete ti ctt tere th ob reta tlic 96 Remote Multilink MRRU diStatLepRemoteMRRU coin irm tere ES 96 LCP Authentication LCPAulhOptiots viii ia 96 ACC MapridistatLoca l oPesrAC CM ap i eet terere tet Ee sive ret fee e I tata 96 Peer Local ACC Map diStatPeerToLocal amp C CMuap teer de tte ttt ette eee hee h
18. Chapter contents Tisttoctuctioi reete eru EU O O 296 Patton Electronics Company contact ornato ecelesie eU IU eR IEEE 296 295 Access Server Administrators Reference Guide 25 Contacting Patton Introduction The About link displays Patton Electronics Company contact information see Patton Electronics Company contact information Click on About under the Configuration Menu to display the About main window see figure 122 ABOUT Patton Electronics Co 7622 Rickenbacker Drive Gaithersburg Maryland 20879 Phone 301 975 1000 Fax 301 869 9293 E mail sales patton com WWW hittp www patton com Figure 122 About window Patton Electronics Company contact information Patton Electronics Company 7622 Rickenbacker Drive Gaithersburg Maryland 20879 U S A Phone 1 301 975 1000 Fax 1 301 869 9293 E mail sales patton com support patton com WWW www patton com Introduction 296 Chapter 26 License Chapter contents Mairo deto eee UTRUM NEUE O OOO OO 298 End User Licensp AREA Ia EE 298 A TEE D C eee eee eae ee 298 Dona eter e t 299 EMI P S 299 AGr licensen non keee temo ccr T Meet eee ee ee 299 I WTAE a EO edere cast EURO REY 299 a E M E 299 297 Access Server Administrators Reference Guide 26 License Introduction The License link presents the End User License Agreement for the access server software Click on License under the Configuration Menu to display t
19. Figure 89 MFR Version 2 Modify window Line Signalling This portion of the MFR Version 2 Modify window contains information described in the following sec tions Set the access server objects based upon codes that pertain to Idle Seized Answered Clear back Release and Blocked conditions Note Line Signalling setup codes are country specific Please refer to Recommen dation Q 400 Q 490 and to the host country s PTT for national signalling specifications MFR Version 2 Modify 212 Access Server Administrators Reference Guide 17 MFR Version 2 Country lineSigCountry Specifying a particular country or itu Standard defines the values of the remaining fields based on the specs Custom allows for any values in the following fields Line Signalling objects are country specific Please refer to the host country s PTT for national signalling specifications e jtuStandard 1 custom 2 mexicoModified 3 e czechRepublic 4 e pbxDropOut 5 brazil 6 e chinaRI 7 southAfrica 8 india 9 Idle Code lineSigldleCode Code to indicate that a line is in use e abcd 0000 0 e abcd 0001 1 e abcd 0010 2 e abcd 0011 3 e abcd 0100 4 e abcd 0101 5 e abcd 0110 6 e abcd 0111 7 abcd 1000 8 e abcd 1001 9 e abcd 1010 10 e abcd 1011 11 e abcd 1100 12 e abcd 1101 13 e abcd 1110 14 e abcd 1111 15 MFR Version 2 Modify 213 Access Server Administrators Reference Guide 17
20. Indicates if the IP pool is used in any DNIS Profile e active 1 This IP pool is used in one or more DNIS Profiles e notUsed 2 This IP pool is not used in any configurations e destroy 3 deletes the IP Address Pool entry Manage DNIS Window 87 Access Server Administrators Reference Guide 7 Dial In Dial In User Statistics window This window shows statistics for individual dial in users The headings DSP Link Interface Link and WAN Link shown in figure 37 pertain to the unique time slot defined for each of these links For specific details on the function of access server parameters defined under these sections refer to each under the access server Con figuration Menu DIAL IN Call ID 1329 State Call Identification Username spatel Password No Access Shared Unique ID 1329 Protocol ppp 1 Security Level i 0 DSP Link 55 Interface Link 17 WAN Link 1 Time Slot 2 IP Address 192 49 110 124 Port on Remote Machine 0 Session Start time of call 5 days 05 36 59 hours Time Call Is Was Active 19 08 53 hours Minutes Until Timeout 15 Time Left In Session 0 00 sec Termination Reason userHangup 5 State at termination online 6 Figure 37 User Statistics Call Identification Session The Dial In User Statistics window see figure 27 is where you can view the following Call Identification information see Call Identification on page 89 Session information see Ses
21. Locally Initiated Renegotiated doactlocalRenegotiates The number of times the local modem has initiated a modem speed renegotiate Locally Initiated Retrains doactLocalRetrains The number of times the local modem has initiated a modem carrier retrain Remote Initiated Renegotiates doactRemoteRenegotiates The number of times the remote modem has initiated a modem speed renegotiate Remote Initiated Retrains doactRemoteRetrains The number of times the remote modem has initiated a modem carrier retrain An example section of dialout 1 Display the Dial Out main window Click on the Modify link Set the TCP port to 24 or some other unused port Set TCP Type to telnet Set Login Technique to Text Click on Submit Query 2 Display the Authentication main window Scroll down until Static User Identification is displayed see figure 18 on page 41 then click on Static User Identification Refer to section Adding Static Users on page 41 to create a static user with dialOut as the service Click on Submit Query 3 Telnet x x x x aa where x x x x is the IP of your remote access server and aa is the port Dial Out is listening to for connections 4 Login as the user you made in the static database in step 2 At the OK prompt type ATDT then a phone number to place an analog call or ATDI then a phone num ber to digital 64k ISDN call An example section of dialout 132 Chapter 9 Callback
22. Model 29xx Series Remote Access Server Administrator s Reference Guide Sales Office 1 301 975 1000 Technical Support 1 301 975 1007 E mail support patton com WWW www patton com Part Number OZMDAS ARG Rev I Revised February 28 2012 Patton Electronics Company Inc 7622 Rickenbacker Drive Gaithersburg MD 20879 USA Voice 1 301 975 1000 Fax 1 301 869 9293 Technical Support 1 301 975 1007 Technical Support e mail support patton com WWW www patton com Copyright O 2012 Patton Electronics Company All rights reserved The information in this document is subject to change without notice Patton Electronics assumes no liability for errors that may appear in this document The software described in this document is furnished under a license and may be used or copied only in accor dance with the terms of such license Contents AU ans 9 T E ON 9 Typographical conventions SS T ririn nan anaa aA AE E E E 10 MO 12 A DAE E E c eR EM 13 Logging into the HI WERET TAM ddministration Pages nenen n a a a E UII NUNG EUIS 13 A M Gand TAE O O A 13 Saving HEIP Val Obje 14 TE O A A 15 a a a ET E T ES A E E A E E A No 16 a E E E E A E ore 17 Dd aZ Ea 18 RN 19 rod AS Ne eee oi 20 E Conie Wan I e e A E ino sii 20 I A Tea a ec E E T E E EI po Gi el ETT cocosccencencennenstoccoscocecnococtoncicoacosnosensecocdoo sano chenocoockecksacdens coor conor onuendcbotircchoctonaenbonaecbadocucansoscnot O 23
23. Name filterlpName This is the name of the filter Direction filterlpDirection Specifies the direction of the filter that is whether it applies to data packets inbound or outbound from the access server The filter only applies to dial in users users on other interfaces that is Ethernet Frame Relay and so on are not affected The following options are available inactive 0 Disables filter operation e inbound 1 Relates to packets coming into the access server e outbound 2 Relates to packets leaving the access server e both 3 Specifies both inbound and outbound operation Note Enabling or disabling filters that are applied to dial in users who are currently online will immediately change those users ability to send or receive packets depending on the changes that are made to the filters Modify Filter 163 Access Server Administrators Reference Guide 13 e Filter IP Action filterlpAction Specifies the action to take on a packet whether to block or pass the packet The following options are available pass 0 If pass is selected checking will continue on to other filters until either a match occurs a block occurs or there are no more filters remaining to check Note Ifthere are any applied PASS filters then at least one of them must match or the packet will be dropped block 1 Ifa filter has block set and the filter matches the block the packet is discarded and no further processing is done
24. dChannel 13 The D channel for ISDN Near End Line Statistics Current Click on Near End Line Statistics Current to display line statistics for the current 15 minute interval see figure 109 CIRCUIT ID 1 CURRENT NEAR END PERFORMANCE Errored Seconds 0 Severely Errored Seconds 0 Severely Errored Frame Seconds 409 Unavailable Seconds 409 Controlled Slip Seconds 10 Path Code Violations 0 Line Errored Seconds 0 Bursty Errored Seconds 0 Degraded Minutes 0 Line Code Violations 0 Figure 109 Current Near End Performance window Near End Line Statistics Current 265 Access Server Administrators Reference Guide 22 e T1 E1 Link Errored Seconds dsx1CurrentESs The number of errored seconds encountered by a DS1 interface in the current 15 minute interval Severely Errored Seconds dsx1CurrentSESs The number of severely errored seconds encountered by a DS1 interface in the current 15 minute interval Severely Errored Frame Seconds dsx 1CurrentSEFSs The number of severely errored framing seconds encountered by a DS1 interface in the current 15 minute interval Unavailable Seconds dsx1CurrentUASs The number of unavailable seconds encountered by a DS1 interface in the current 15 minute interval Controlled Slip Seconds dsx1CurrentCSSs The number of Controlled Slip Seconds encountered by a DS1 interface in the current 15 minute interval Path Code Violations dsx 1CurrentPCVs The number of path codi
25. A t tenete e deer Re M rU enu tI Le Deed eme tedio ee 134 praet ted E onnaa Colo d e ee rl e LR E ere area eee area eer 134 Callback di allbackConhip eii 134 IER Vaa Ninel pig e E E PER E E IE 135 A A E M ALLE PEG Re 135 Static User TT 136 e aa aeoe er a E E R pee E E A EEA 136 Callback phone number sutcallbackiNunmbst o iia 136 RADIUS Con EU OC DIO DO DIDI TIC oer eee eee ee 136 Accounting T E E AE E 137 Y yee en epee ere inne e te ere E A UD oa RY A eee E 137 133 Access Server Administrators Reference Guide 9 Callback Introduction The RAS has the ability to call back any user dialing into it This can provide extra security since you can verify the user s identity by calling back to a known number Callback can also be used to reverse or reduce toll charges by having the server call the user back Callback can be configured on a global basis for all users or on a per user basis You can also specify whether the user dialing in can specify a callback number or must be called back at a pre determined number A num ber captured by Caller ID can also be used as the number to call back At the present time LCP negotiated callback and callback control protocol CBCP are supported text or script based callback are not supported Microsoft Windows uses CBCP Callback is supported on PRI and robbed bit lines it is not supported on E1 R2 lines Dial in Modify Configuration Both the dial in details and modify windows hav
26. C Submit Query Configuration Link Compression enabled 1 Default Max Receive Unit 1524 Allow Magic Number Negotiation enable Frame Check Sequence Size 16 Compression pr 2 MultiLink Max of Calls per User o 0 MultiLink disabled MultiBox Query timeout _disable o FS 0 MultiBox disabled Callback noCallback 0 21 Submit Query Maximum Time Maximum Session Time min o Maximum Idle Time min 15 Time to login sec 60 Call history timeout min 60 0 eternal Submit Query Figure 28 Dial In Modify window modify Attempts Configuration and Maximum Time objects Failure Banner diFailureBanner This defines a message of up to 254 characters in length that will be displayed to a user if authentication fails This message only appears when the authentication technique is Text Success Banner diSuccessBanner The string sent to the dial in window after a text login is authenticated successfully The string can contain any printable characters with the exception of the excape character V The following special sequences are recog nized and will be replaced before being sent to the customer e r carriage return n replaced with a new line t replaced by a tab M teplaced by the MTU maximum transfer unit I replaced by the IP address assigned to the connection Dial In Modify default window 70 Access Server Administrato
27. Controlled Slip Seconds dsx 1FarEndIntervalCSSs The number of far end controlled slip seconds encountered by a DS1 interface in one of the previous 96 indi vidual 15 minute intervals Path Code Violations dsx 1FarEndlntervalPCVs The number of far end path coding violations encountered by a DS1 interface in one of the previous 96 indi vidual 15 minute intervals Line Errored Seconds dsx1FarEndIntervalLESs The number of far end line errored seconds encountered by a DS1 interface in one of the previous 96 individ ual 15 minute intervals Bursty Errored Seconds dsx 1FarEndIntervalBESs The number of far end bursty errored seconds BESs encountered by a DS1 interface in one of the previous 96 individual 15 minute intervals Degraded Minutes dsx1FarEndIntervalDMs The number of far end degraded minutes DMs encountered by a DS1 interface in one of the previous 96 individual 15 minute intervals Line Code Violations dsx 1FarEndIntervalLCVs The number of far end line code violations LCVs encountered by a DS1 interface in the current 15 minute interval Far End Line Statistics History 272 Access Server Administrators Reference Guide 22 e T1 E1 Link Far End Line Statistics Totals Click on Far End Line Statistics Totals to display the total statistics of errors that occurred during the previ ous 24 hour period see figure 114 CIRCUIT ID 1 FAR END PERFORMANCE Errored Seconds 0 Severely Errored
28. DSP SETTINGS 32 DSPs Available 32 Detected 0 H W Failures 0 calls without an available DSP Connection Summary DSP Admin Instance 1 Instance 2 Index Desire State Use State Use T 2 3 4 5 javailable 4 if 8 3 available 4 zl 3 sale y zl zl available 4 available 4 Figure 59 DSP main window Introduction 144 Access Server Administrators Reference Guide 11 Digital Signal Processing DSP DSP Settings main window This is where you can view and modify current DSP parameters The following sections describe each parameter DSPs Available dspAvailable Indicates the number of DSPs available for use Detected dspDetected Indicates the number of installed DSPs the access server detected at time of boot up HW Failures dspFailed Indicates the number of DSPs taken out of the DSP resource pool Calls without an available DSP dspDspNotAvailable Indicates the number of calls taken by the RAS when a DSP was not available to be assigned to the call This statistic is only valid for PRI For CAS lines channels on the T1 E1 are busied out if DSP resources are not available DSP Index dsplndex The unique identifier of the DSP being reported on Admin Desire dspDesiredState The state of the DSP desired by the administrator this state may be different than its actual state e pendingReboot 1 This will put the individual DSP into the pendingBoot reset state an
29. INAS Tatesface ID limeNiael mterkace de coria 262 NES Pomar VAN asa 262 ig rp o PEE 262 Force Yellow Alami time Yelow Forc oc ad etie ici 262 Loopback Conte des LoopbackCanfig eese eI RUE PEOR USE UE 263 eT E o erect SP tUi IM DELE ENA 263 Access Server Administrators Reference Guide 22 e T1 E1 Link Esrot Injection mnlInjectEEtOL ita ias 263 Line Status Channel Assi canine nt ao onto een HORN ias 264 Channel elannellndex iiec nie ith vH Ee aO rendi EIL tend ieee 264 Desired Function harris ii 264 Cuna C hannelState de 265 Near End Line Statistics T sc cec re eerte eni erige EF E PHARM Ea inci cin E siria 265 Birored Seconds dsx CubrentES8 i am e rante tete teer e e etel ie te io ct ad Pe o aur eg 266 Severely Errored Seconds del e ertt eren tr at 266 Severely Errored Frame Seconds dsx1 Current SEFSs acacia 266 Unavailable Seconds dsx1CurrentUASs cccccccsssescsssscssscessccsseessescssscscesessssssssesescsssscsssessssessseseesssessssseseseees 266 Controlled Slip Seconds dex CurrentESSS Vitis a tere pied esci dia T 266 Path Code Violations dsx GurrentP CVs e dao 266 Line Errored Seconds dsxi CurrentLESs iia 266 Bursty ExoredSeconds dsel Current BES sonia oed e m d Demi nente ween 266 Degtaded Minutes sx Currents race ceret reo etr ee Prati rie TREO E laa UE Pe Fee ioa 266 Line Code Violations dsxICurtentIO Vs euren eto xri ettet nen Ene exer rore orbe nt ne eo raa Peau eere EO ova 266 Neat End Lin
30. INTERFACE 1 DETAILS Description Ethernet Type ethernet csmacd 6 Max Transfer Unit 1500 Speed 0 Physical Address 0x00 A0 B A 00 02 5D Admin Status up 1 Operational Status up 1 Last Change 0 00 sec Received Octets 0 Received Unicast Packets 0 Received Non Unicast Packets 0 Received and Discarded w No Errs 0 Received Errored Packets 0 Received w Unknown Protocol 0 Transmitted Octets 0 Requested Unicast Packets 0 Requested Non Unicast Packets 0 Requested and Discarded w No Errs 0 Requested Errored Packets 0 Output Packet Queue Length 0 Figure 74 Interface Details window Description ifDescr A textual string containing information about the interface This string should include the name of the manu facturer the product name and the version of the hardware interface Type ifType The type of interface distinguished according to the physical link protocol s immediately below the net work layer in the protocol stack The following interface types are available e other 1 e ethernet csmacd 6 e iso88023 csmacd 7 e ds1 18 e el 19 e basicISDN 20 e primaryISDN 21 pppQ3 softwareLoopback 24 Interface Details 181 Access Server Administrators Reference Guide 15 Interfaces slip 28 frame relay 32 Max Transfer Unit ifMTU The size of the largest protocol data unit which can be sent received on the interface specified in octets For int
31. Maitre SLU ge gite T M em 24 Ensplaving A windows totes Iu eid iN ee ILIUM E 25 Modify Response Configuring tbe alarm response systern eee eret eee uet UE ES py Modi Alam confisdane ls eee eee Lee Uere 29 O EE A 30 A DE ese ee ne 32 Displaying H T idas 32 A E 32 TE a des 34 Setting Up Aut COM o 37 A LE 41 Adding Static Us aa 41 Modi aos 42 L n O eee Ee T 44 A DS 45 STT Fe See nO ER ee ee ESOP I EO ee Tee ee 45 Fe WAU 5 TO So ota ao ORCOS 48 Ie herent 54 RITE M uL d E 55 Dial Modulations window esteem a 57 Erat hie yn el ite o qoe eer eee Ee Lee e e E verte eret dete eee 60 Contents Access Server Administrators Reference Guide 10 1 12 13 14 Dial Protocol A NEO 62 Dial Ta p aa ea E EE E E E EE A E OIE TE 65 Dial In Modify default windo 5 nt eter rore ettet er ede eter EE e ERE TORRE 66 Manase TONES Wid wis cte ore eio errem aen Tene edm 77 Dial In User Statistics WInduw u ue een Eius te piii bep ERE R p sea eee bep de 88 primae 103 IntroductiGh ueri nee ten et ltda 107 DilQui Man Window escort ier secede tert ee deri Presta ee eee Pere EE EEE E HEISE REE CREE TERRENAE 107 Ip Ee Weta ihe Girth ceo om eere A ia 110 pualOut Modi AT a dei 111 Dial Out Locations Window 3523 5 ertet cre a eed Sends tit etre oe duda 117 Dial Out User Statistics Wind Ow RT 123 Atwexamiple section of T oda 132 Le A ON 133 NO 1
32. Not used e CCCCC Call ID in hex The call ID used is the one recorded on the main dial in screen Setting Up Authentication 40 Access Server Administrators Reference Guide 5 e Authentication Static User Authentication To view or modify the static users in the internal user database click on Authentication in the Configuration Menu The Authentication window displays Scroll down until Static User Identification is displayed see figure 18 Static users consist of usernames and passwords entered into the access server s internal users database You can have up to 111 static users in the access server database You must have superuser level access to make changes to the static users database The following sections describe each of the variables found in the Static User Identification section Static User Identification ID Username Password Service Multilinks Service IP Service Port Service Mask Filter ID O jeff sour default 0 0 192 168 155 11 0 255 255 255 255 0 1 jo amp flower default 0 0 0 0 0 0 0 255 255 255 255 0 2 jill hour default 0 0 0 0 0 0 0 S295 a pl 3 jon power default 0 0 0 0 0 0 0 255 255 255 255 0 4 jay tower default 0 0 0 0 0 0 0 255 255 255 255 0 Add Static Users Username Password d a Figure 18 Static User Identification setup Adding Static Users ID suID Identifies the entry in the table of users For the next user select the next unused number If you select a num ber that is a
33. Select dsx1AMI 5 or dsx1 HDB3 3 Most installations will use HDB3 6 Click on the Line Build Out drop down menu and choose one of the following options For T1 Select tIpulseOdB 2 For El select el pulse 1 7 Click Submit 8 Select none for Signalling Protocol 9 Click Submit At this point the access server s front panel LEDs should now be showing signs that the line is active If the phone company line is not connected to the access server the error indicator will glow red for that line connection WAN Channel Assignment main screen The next stage in configuring a Frame Relay link is to set the number of 64 kbps channels on the T1 E1 that will carry the data Each channel is 64 kbps in speed and must correspond to the same channels that your pro vider is using Usually your provider will start from channel 1 For example a 256 kbps link could be divided into 64 kbps channels numbered 1 2 3 and 4 To set the channel assignment 1 Click on T1 El Link under the Configuration Menu to display the T1 E1 Link Activity main window see figure 102 on page 252 2 Click on Channel Assignment in the appropriate Link x section for example if the T1 E1 cable was con nected to port 2 you would click on Channel Assignment in the Link 2 section 3 Click on the appropriate channel s drop down menu and select frameRelay 3 Repeat step 3 to configure remaining channels 5 Click Submit The link should now be
34. Using SNMP with the Access Server 315 Access Server Administrators Reference Guide C Technical Reference Configuring Non Facility Associated Signaling NFAS NFAS allows PRIs to be fully utilized by increasing the number of data channels Now PRIs can have 24 B channels for data rather than the traditional 23 B channels for data and a D channel for signaling The telephone company can configure a group of PRIs to share a single D channel In that group of PRIs one PRI will contain a D channel and 23 B channels The other PRIs in the NFAS group will have 24 B channels The request for an in bound call now contains an interface identifier that indicates for which PRI in the NFAS group the call is destined The NFAS group cannot span multiple remote access server units Each RAS must have at least one PRI con figured with a D channel Configuring NFAS NFAS only impacts the configuration of the signaling settings The line interface settings do not change with an NFAS implementation Example 1 The RAS hosts 2 NFAS groups each containing 2 PRIs WAN 1 will have the PRI with the D channel WAN 2 will have the second PRI for that group WANs 3 and 4 will contain the second NFAS group Signal setting for each WAN port WAN 2 WAN 3 Switch Type nfsSlave 7 att 2 nfsSlave 7 Interface ID 1 0 1 The switch type for the primary WAN is set to the flavor of ISDN the switch is configured for This does not change for an NFAS imp
35. a Clear Alarm o Generate Alarm Alarm _ OlearAlarm Alarm 2 Fail Figure 10 Alarms main window Note The POWER LED will flash if a power supply failure alarm is present Total System Alarms X alarmTotal The total number of alarms currently active on the system Besides enabling a user to view current alarm status manually generate an alarm as a test and clear the alarm time and alarm count variables the Alarms main window also contains links to the following Modify Response Clicking on this link takes you to a window where you can change how the SYSLOG SNMP function notifies remote users of an alarm see Modify Response Configuring the alarm response system on page 27 Displaying the Alarms window 25 Access Server Administrators Reference Guide 4 Alarms Modify Alarms Clicking on this link takes you to a window where you can change how the access server perceives the severity of each alarm Modify Alarms Configuring alarm severity levels on page 29 Alarm Response Outputs Alarm Response Outputs display the current settings for handling alarm notification via SYSLOG SNMP messages To change how the SYSLOG SNMP function notifies remote users of an alarm refer to Modify Response Configuring the alarm response system on page 27 Alarm Syslog Priority syslogAlarmPriority Displays the SYSLOG priority of the alarm SYSLOG message If the minimum prio
36. diactCallingPhone The user s phone number this is a caller ID feature Dial Telco window 61 Access Server Administrators Reference Guide Dial Protocol window 7 Dial In This window shows the protocol negotiations of the connection for individual users DIAL PROTOCOL ID ML User State 26 106 107 108 109 110 111 112 113 114 115 116 vtsirlin online 6 ppp 1 wilyk dead 9 ppp 1 sue dead 9 ppp l sue dead 9 ppp 1 decker online 6 ppp 1 nching online 6 ppp 1 ted onlne 6 ppp 1 wilyk dead 9 ppp 1 milt dead 9 ppp 1 mit dead 9 ppp 1 ann dead 9 ppp l mit dead 9 ppp 1 117 117 dibert dead 9 ppp 1 118 jk dead ppp 1 119 117 dibert dead 9 ppp 1 120 121 122 123 dibert2 online 6 ppp 1 milt dead 9 ppp l vtsirlin dead 9 ppp 1 cindy dead 9 ppp 1 Call ID diactindex Unique identification of this active call for internal use ProtocolIP 192 49 110 135 0 0 0 0 0 0 0 0 0 0 0 192 49 110 110 0 192 49 110 111 0 192 49 110 112 0 192 49 110 110 0 192 49 110 113 0 192 49 110 114 0 192 49 110 114 0 192 49 110 1150 192 49 110 113 0 192 49 110 114 0 192 49 110 113 0 192 49 110 114 0 192 49 110 114 0 192 49 110 115 0 192 49 110 116 0 192 49 110 113 0 Figure 25 Shared Unique ID diactMultilndex Used for multi link PPP this is the unique identification shared between multi link active calls Username diactUserna
37. link takes you to the page where you can make global changes to items that are associated with the user dialing in including type of service used configuration parameters for login service domain name service login attempts configuration of link maximum time outs and modem configuration For more information about the Modify page refer to Dial In Modify default window on page 66 Manage DNIS link clicking on the Manage DNIS link takes you to a page where you can make changes to the dial in user s configuration based on the number dialed by the end users Modulations link clicking on the Modulations link takes you to the page that shows statistics about the modem connection listed by individual users For more information about the Modulations page refer to Dial Modulations window on page 57 Telco link clicking on the Telco link takes you to a page that shows the Telco characteristics for individ ual users For more information about the Modify page refer to Dial Telco window on page 60 Protocol link clicking on the Protocol link takes you to a page that shows the protocol negotiations of the connection for individual users For more information about the Modify page refer to Dial Protocol window on page 62 Introduction 54 Access Server Administrators Reference Guide 7 Dial In DIAL IN y 3 E Patton Closet Call Sorting descending 0 y Submit Query Active Peak 18 Total
38. priorityO ddity 40 Unix Facility disable 0 Call trace S disable 0 Maintain Flash Storage syslogFlashOK 0 SYSTEM DEBUGGING DSP Errored Memory Dump DSP Eventlog Figure 98 System Log main window System Log Main Window Besides displaying the results from the system wide error reporting utility the System Log main window also contains links to the following Modify Clicking on this link displays syslog and SNMP trap daemon locations priority and maintenance information see System Log Modify on page 243 e Volatile Memory Clicking on this link displays timestamp and stored system log message information System Log Volatile Memory on page 247 Non Volatile Memory Clicking on this link displays non volatile RAM messages for each 10ms time stamp see System Log Non Volatile Memory on page 248 DSP Errored Memory Dump Clicking on this link exports or dumps the DSP memory to a text file The memory dump gives those troubleshooting the RAS information about registers and the state of the DSPs at the moment of the dump It is intended for debugging purposes e DSP Event Log Clicking on this link exports or dumps the last 100 DSP events to a text file It is intended for debugging purposes Click on System Log under the Configuration Menu to display the System Log main window Introduction 242 Access Server Administrators Reference Guide 21 System Log System Log
39. to access the web server and the mail server Now if you wanted to add the ability to ping to test the dial in users connectivity to the network the following filter would be created ID 4 Name PING Direction both An example of using a filter 168 Access Server Administrators Reference Guide 13 e Filter IP Action pass e Source IP and mask not set Destination IP and mask not set Source Port no compare Destination Port no compare Protocol 1 e TCP Established anyPackets Default for dial in apply to Dial in Note This would also allow traceroute to work An example of using a filter 169 Chapter 14 Frame Relay Chapter contents A ei oo E dde 1222 The Frame Relay o OO 172 inis E Deane Te 7 sere rece e e E E a E E e M I MCN 173 HER AO T LE A E A A A A E E A E A a A A 173 EDS Sto E on 173 o e E A tete t Li cie e dete ee e eere ee eee 173 Receive pits Sec rame re PRAOST eee n estero cc ree E M er ee ede 173 No Buffers Available framerelBxNNoButferAvailable ua scada 173 Data O vertlow bramerelBx Data vertlow aaa 173 Message Ends ma Message Ende eene uestra ede ene enit u 173 Packers Too Lone Cramer Ra ota 173 Overtlow T e E a E E is E EE E E E A E CENE 173 Er E Er Ree Cast T a E cene Se Rees ET AET E DRED eto E ESO E D Ee aa 173 Bad CRC Uramerc REBI a A n a turc A T E M IM E 174 Invalid Frames framerelxInvalidEramig acrin eaae s eR E EE ee 174 Ta Undenmans ramer da ttem
40. 1 Modem Modulation analog 34 4 v Guard Tone teneNone 1 gt Carrier Loss Duration 2 Retrain retrain 1 x Transmit Level f 5 Protocol requestv42 1 y Compression x frequestV42bis 1 v Billing Delay SN Modem Profile Status vaia E Submit Query Figure 49 View modify modem profile Dial Out User Statistics Window Clicking on the state link of an individual call will show the statistics for that call The hyperlink headings DSP Link and WAN Link shown below point to the DSP and WAN information used for the outbound call For specific details about the function of parameters defined under these sections refer to the appropriate section under the access server Configuration menu The Dial Out Statistics window is where you can view the following Unique ID information Session information PPP statistics for location based calls e IP statistics for location based calls Dial Out User Statistics Window 123 Access Server Administrators Reference Guide Phone information Data transfer statistics e Physical layer configuration information DIAL OUT Call ID 1 State dead 0 Submit Que Call Identification s Username isdn Password Shared Unique ID 1 DSP Link 6 WAN Link 1 Time Slot 1 IP Address 0 0 0 0 Session Start time of call 22 33 40 hours Time Call Is Was Active 3 13 sec Minutes Until Timeout 0 I Time Left In Session 0 00 sec Terminat
41. 1 for primary timing Generally the first WAN connection will be used as the main reference wan 2 2 Use WAN Port 2 for primary timing Generally the second WAN connection will be used as the fallback reference see Fallback Reference daxClockFallbackRef wan 3 3 Use WAN Port 3 for primary timing e wan 4 Use WAN Port 4 for primary timing wan 5 5 Use WAN Port 5 for primary timing wan 6 6 Use WAN Port 6 for primary timing e wan 7 7 Use WAN Port 7 for primary timing wan 8 8 Use WAN Port 8 for primary timing netref 1 101 Use to obtain system timing from a slave circuit e netref 2 102 Use to obtain system timing from a slave circuit internal 200 Use internal free run oscillator for the system clock e external 300 Not currently implemented Fallback Reference daxClockFallbackRef The fallback reference enables the configuration of a back up clock reference should the main reference fail The following settings are available none 0 No clock selection This would be used in conjunction with either a secondary or slave circuit wan 1 1 Use WAN Port 1 for secondary timing Generally the first WAN connection will be used as the main reference wan 2 2 Use WAN Port 2 for secondary timing Generally the second WAN connection will be used as the fallback reference If there is only one WAN connection then the fallback reference should be set to oscillator wan
42. 12064 s Setting Default details Modify default Manage DNIS Summations Modulations Telco Protocol Call ID ML ID User State Duration Discnct Reason Modulation Speed 12064 12063 ISDNTEST onlin amp 6 6 56 sec stillActive 0 isdn64 9 64000 12063 12063 ISDNTEST online 6 11 05 sec stillActive 0 isdn64 9 64000 12062 12061 ISDNTEST dead 9 59 43 sec sessionTimeout 66 isdn64 9 64000 Figure 22 Dial In main window Dial In main window The Dial In window displays statistics for individual users This window shows currently attached users the users state and time that the user has been on access server This window can also display recently disconnected sessions The following sections explain the meaning of each statistic Call Sorting diPageSort Change the order of the calls on the screen Descending calls are sorted from the latest call at the top to the oldest call at the bottom e Ascending calls are sorted from the oldest call at the top to the latest call at the bottom Active Calls diActive The total number of active calls and calls that are being initiated Peak Active Calls diMaxActive The maximum number of active calls seen at one time since the unit was powered up Total Calls diTotalCallAttempts The total number of calls attempted since the last boot of the box Call ID diactindex Unique identification of this active call for internal use Call ID diactind
43. 22 0 0 0 0 0 6 0 0 900 900 22 0 0 0 0 0 TA 0 0 900 900 22 0 0 0 0 0 8 0 0 900 900 22 0 0 0 0 0 9 0 0 900 900 22 0 0 0 0 0 10 0 0 900 900 22 0 0 0 0 0 11 0 0 900 900 22 0 0 0 0 0 12 0 0 900 900 22 0 0 0 0 0 13 0 0 900 900 22 0 0 0 0 0 Figure 110 History of Near End Performance window Interval dsx 1IntervalNumber A number between 1 and 96 where 1 is the most recently completed 15 minute interval and 96 is the least recently completed 15 minutes interval assuming that all 96 intervals are valid Errored Seconds dsx lintervaless The number of errored Seconds encountered by a DS1 interface in one of the previous 96 individual 15 minute intervals Severely Errored Seconds dsx 1IntervalSESs The number of severely errored seconds encountered by a DS1 interface in one of the previous 96 individual 15 minute intervals Severely Errored Frame Seconds dsx1IntervalSEFSs The number of severely errored framing seconds encountered by a DS1 interface in one of the previous 96 individual 15 minute intervals Unavailable Seconds dsx 1IntervalUASs The number of unavailable seconds encountered by a DS1 interface in one of the previous 96 individual 15 minute intervals Near End Line Statistics History 267 Access Server Administrators Reference Guide 22 e T1 E1 Link Controlled Slip Seconds dsx 1IntervalCSSs The number of controlled slip seconds encountered by a DS1 interface in one of the previous 96 individual 15 min
44. 234 A eese e ecu n A M E m eee 234 Largos ombleaplarcests pace ecce e EU ERU REN EE PIU UE 234 Enclosure System eedem ias oda 235 Internal Temperature Bos Vem perature ee o dalt 235 Pighest Femperature bos E T coiro ienn oe aR R E EE E E E 235 J Eee aI Se os 235 Enable Payable Features boxPeatureEnableKey 2 23scicistiesectivassceccateacateccauaacateenaunecgueeedcaccacvessecazaecosueentvees 235 IE a E E 235 Comm RET pu EI cerina naa e RE ere e aiii 235 Bg E 235 Total DRAM Derecred box D eteciedl epp Ey ose tette IRURE 235 RHH E A E tereeRIERERURR Hee EROR EORR AERE ORE 235 Running omo Last Door isy UpTime 5 05 0 ecce aaa a 235 System Manaset FC ona cce e EHE UU RI EIE ETUR 235 Box Name sys Name ette te es terete ec er exter AT rect 235 Iposcal Locruonsvslocatignd OO UE 236 System Services SNS EEES ca 236 a de Ee secet te eee e e elt DRM eet eei e e 236 Montar Privilege d boxNloniterPriyiliegel ao iones UE EE 236 System Modify WIlidow mace utente neue RN ERU eR IUD IEEE 237 Access Server Administrators Reference Guide 20 System SNMP and ATT ci ida 237 Version bOxSnimp VelsioD iii is 237 Super User Password boxSnmpMasterPassword eese nennen eene enne 237 User Password boxSumpMonitorPaseword vio en e emerat ias 237 Web Page Refresh Rate box WebRefresh Rate e ette ree Dto poete Ec EEES 237 Payable DEdUIBES ia 238 Enable Payable Features boxFeature na bleKey nestle tease aida 238 F T indie aa
45. 39 characters This should be a ASCII printable string and can include carriage returns and line feeds This applies only for text users not PPP See also Initial Banner For example the prompt could be Enter your username Password Prompt diPasswordPrompt This defines the character string that will be displayed at user authentication time to request the users pass word The string can be up to 39 characters This should be a ASCII printable string and can include carriage returns and line feeds This applies only for text users not PPP For example the prompt could be Enter your password Initial Banner diBanner This is usually a message welcoming the user The message can be up to 39 characters and should be an ASCII printable string It can include carriage returns and line feeds The username prompt immediately follows the initial banner This banner only appears for text login users Modify Service This portion of the Dial In Modify default window see figure 27 on page 66 describes changing user login services Default Service diService This object defines the default service that will be provided if the authentication technique does not specifically name a service type and if no service is specified in the static user s profile under Authentication For informa tion about the static users database see 5 Authentication on page 30 The options are rlogin 1 User will be automatically given a rlogin prompt
46. 5 6 7 8 9 mfr2 authenticate listener calldialin testmanager installation dropinsert calldialout 1 2 lineSig interRegSig 12 13 14 15 18 20 frame relay filterip genroute dax alarm model3120 1 7 8 13 box syslog flash fconfig 8 BoxEther Model 2960 MIB Tree Structure 305 1768 patton Appendix C Technical Reference Chapter contents A RETE o EU E 307 Contigunas a RADIOS serias 307 ES nece eet ctc med LEE Me cu e E e 307 TS SD Se SIT cue eco E E i UU 307 RADIUS Sete Pe 308 RADIUS A a ER e e 309 RADIUS Staricha O NO 309 O ee ee ere 310 RADMIS RSE ed cei 310 o 311 Vengo et ecd E a do tic e AN 311 Contigua RADIS Aedes e 311 R E E O RE pet ce rng eee Peay 311 Cia por Panon RAS a eene TEUER tetra tienen teretes 311 Using SINMD with the Access aia 313 errors te tasa re c iy E L UE 313 Finding the section of the MIB tree in which the SNMP parameter resides coiii 314 Pinding the branch where the SNIMI params co oe ea ete reete emere e E 314 Ganfiguring Non Facility Associated Signaling NIBAS spaces 316 Connoanne n ce M M Eee 316 Cari Priame ue eee eere e m C e 317 EA T T 317 MA a ed ec 318 Conte Frame Rda aien a ea EA a E AR AE ER A E 319 Conreu aaa 319 Contiene Permanent Viraal Circuits pides 320 T TTT TTT Rely Link o ae ie ae E e A E EET 321 Addie UI E 321 A o RUE EUER 322 A St a eens T eee LA Le e LEE IE e ncc AR se uA tacts 323 Setting up IP address poale by cabfiguring DONIS Tp Pools o 323 Resin
47. 9 00 04 00 hours lcpClose 9 00 47 43 hours stillActive 0 00 01 25 hours lcpclose 9 00 37 56 hours stillActive 0 00 04 12 hours userHangup 5 online 6 00 04 07 hours userHangup 5 online 6 00 03 59 hours userHangup 5 online 6 00 03 54 hours userHangup 5 online 6 00 28 48 hours stillActive 0 00 07 32 hours userHangup 5 online 6 00 07 27 hours userHangup 5 online 6 00 07 21 hours still ctive O 00 01 44 hours stillActive 0 ENS AtState Called calling Ov 1165 7035557646 0 1165 3015553994 1165 3015551693 disconnecting 7 1165 3015551539 disconnecting 7 1165 3015556974 0 1165 3015558419 0 1165 3015550870 disconnecting 7 1165 3015559015 disconnecting 7 1165 3015553446 0 111651 3015531693 disconnecting 7 1165 3015559015 0 1165 3015557363 1165 3015553108 1165 3015553109 1165 3015553108 1165 3015553109 0 1165 3015553446 1165 3015553108 1165 3015553109 0 1165 3015557287 0 1165 3015553638 Figure 24 Dial Telco window Ringing The call has been recognized by the access server and is in the process of going off hook Connecting The access server has assigned a DSP to the incoming call and is now in the process of nego tiating the type of modulation V 34 V 32 ISDN or 56K e LepNegotiate The link is negotiating LCP parameters Authenticating T he access server is in the process of verifying the user s password by using static or RADIUS authentication e Online The access serve
48. Alarm Format link YellowF ormatDL 2 Fdl dsx1F dl none 8 Signalling Settings Signal Mode robbedBit 2 Robbed Bit Signalling Protocol linkEMWinkStart 6 Message Onented Switch Type att 2 NFAS Interface ID 0 NFAS Primary WAN 1 Test Settings Force Yellow Alarm link YellowDisable 3 Loopback Config dsx1NoLoop 1 Send Code dsx1SendNoCode 1 Figure 105 WAN Circuit Configuration window Note Use the DAX menu to view clock source for the Model 29XX series access servers The WAN Circuit Configuration window also displays the amount of time that has passed and the number of intervals passed during which valid data was collected Time Elapsed dsx 1TimeElapsed The number of seconds that have elapsed since the beginning of the current error measurement period Valid Intervals dsx1ValidIntervals The number of previous intervals for which valid data was collected The value will be 96 unless the interface was brought on line within the last 24 hours in which case the value will be the number of complete 15 minute intervals since the interface has been online Line Status Configuration 258 Access Server Administrators Reference Guide 22 T1 E1 Link WAN Circuit Configuration Modify Clicking on the Configuration link in the T1 E1 Link Activity window displays the WAN Circuit Configura tion Modify window From this window you can change line interface settings signalling settings test set tings and cha
49. Function for each channel on WAN A and B to dropInsert 7 using channel assignment under the T1 E1 link that is going to be performing drop and insert The channels on WAN A selected for drop and insert must match the channels on WAN B selected for drop and insert Note We do not send digits with the EMWinkStart signalling What this means is that you can not direct the inbound call to a specific extension on the PBX How Drop and Insert works 141 Chapter 11 Digital Signal Processing DSP Chapter contents ars ro OO O EET ETE 144 DSP SES A TT pas 145 DSPs A essem 145 IE RE ER sce e des E UOTE UO EG I ET be atone tetas asia 145 PIW Failures dsp 1 i e a E E E E EA E 145 Calk yvithoucan available DSP dsp Dsp Norsvalable ce Aaea EEEE EEE E E SEN 145 DS Pinder dspIndex onore ERA ER RES E E at R E ned ie RAR RERO 145 Rama dts oL DIES IC C T eee E A see O E E E 145 lanceer orae d a 145 Instance ri Use lap Usem o RE E R RRA A E E IAEE E R E 146 Menee Ste TT 146 Instance 2 Use fdspliseSecondi in miin e ses arsine e E E ER E HD R apa 146 IE E PE a a a E E SERS Sea ee O OEE 147 IS R R Oe are E E E 147 IR R TT T 147 IE TT 147 Failure to Negotiate dspEalurePercent tia 147 ET A e T E E UT CTU TNT E ONIS 148 Oreinating CallstdsplocalOneimadinstalls iaa 148 Anowenne Cale dp TorlAnsvenng Calle ecc cere ne e eS 148 Succesul Connects dsp Total StecessbulG aletas 148 Failed Connect Ire V8 dsp TotalbaedCannectlre V8 eet Pr eU e 148 Fa
50. If a management station sets this object to the value TCP 193 Access Server Administrators Reference Guide 16 IP delete TCB 12 then this has the effect of deleting the TCB as defined in RFC 793 of the corresponding con nection on the managed node resulting in immediate termination of the connection dosed 1 Connection closed listen 2 The access server is listening for connections synSent 3 Waiting for a matching connection request after having sent a connection request synReceived 4 Waiting for a confirming connection request acknowledgement after having both received and sent a connection request e established 5 The link is open data can be transferred finWaitl 6 Waiting for a connection termination request from the remote TCP or an acknowledgement of the connection termination request previously sent e finWait2 7 Waiting for a connection termination request from the remote TCP closeWait 8 Waiting for a connection termination request from the local user e lastAck 9 Waiting for an acknowledgement of the connection termination request previously sent to the remote TCP e dosing 10 Waiting for a connection termination request acknowledgement from the remote TCP timeWait 11 Waiting for enough time to pass to be sure the remote TCP received the acknowledgement of its connection termination request e deleteTCB 12 Delete connection immediately UDP User Datagram
51. If no DNIS groups profiles have been created or if a calling number does not match the number in any of the configured groups ASCII telnet mode will be used for the call and no telnet environment user option exchange will take place The DNIS Profiles Window see figure 33 contains the following items Information about DNIS profiles set up To view or modify individual DNIS profiles select an ID in the ID column For more information about modifying a DNIS profile refer to DNIS Profile Entry Window on page 83 Manage DNIS clicking on the Manage DNIS link takes you to the link that shows the DNIS configura tions including the DNIS Profiles used Refer to Manage DNIS main window on page 78 DNIS Ip Pools clicking on the DNIS Ip Pools link takes you to the page where you can view and change the IP address pools associated with the DNIS profiles Refer to DNIS IP Pools Window on page 82 Manage DNIS Window 80 Access Server Administrators Reference Guide 7 Dial In DNIS Profiles Main Window DNIS Profiles Settings Manage DNIS DNIS Ip Pools ID IP Pool Login Technique DOVBS Service Port Service IP Telnet Userld Telnet Mode Status 11 none 0 disable 0 405 10 102051 BINARY 1 penveg Add DNIS profile Id lo IP Address Pool o Login Technique none 0 DOVBS disable Service Pont Service IP 00 0 TelnetUserld Telnet Mode asco gt Submit
52. Modemy IQ Emable ii tii 75 K56flex diModemKS6 Enable srera teo E AE di ii E sleds 75 N34 diModemMV SAE Mable oi 75 Ke diNfodemV32Enable ii i 75 KEST H vo Enable ui 75 Vr Modemy Enable id E OP n 75 VAN diModem B 2 VE MAA tm 75 Maximum V8 Failures diModemMaxV8Failures sss seene 75 MaxSpeed diModemMaxSpeed Not Currently Implemented eere 75 MinSpeed diModemMinSpeed Not Currently Implemented eee 75 Guard Tone diModemGuardTone sonses na ia eaa rara 76 CarrierLossDuration diModemCarrierLossDuration eese eene asenne nnn nnns 76 Billie Delay aise clay sr eei eo re ree e Pee ee bestes 76 Answer Tone Length diModemAnswerToneLength eere eter eite tse 76 Rettaim diModermfRettalm acacia an EEA e a reto tbe diia ERE TE a 76 TxLevel diModem Level or Currently in Use ion 76 Protocol diModem Protocol nic dd eee et reet etes eese ro eo rei ee ret eese eu ee redeo Cet etilo 76 Compression di Modem Compression aiii e ERR esti tn levee Prep ep ree op o 76 Manage DINIS Window passar ta ic ias 77 Manace DNUS Mata IBOOW icono ds ado E a a 78 NOAA A E E E PUBS va duceine E A 78 WAN Link dinis oolDesre Wan cis 78 Dialed Number dnisPoolDesrcDialedNumber eese ennt rinia ae 78 DNIS profile inisPoolAssisnedProlile cavidad trier terre reperies 78 Status dnisPoolStqtUs PS tese eer ep rcr ere o er Ree SE EE DO PATET REIS YE RE TEE FE deve T
53. OR V2 authentication DOVBS dnisProfileDOVBS With Data over Voice Bearer Service DOVBS the remote end initiates a voice call that is to be terminated dig itally A voice call carrying data is indicated by the presence of 3 1khz or speech in the bearer capability infor mation element of the SETUP message e disable 0 DOVBS is not supported e dovbs56 1 The voice call will be terminated as a 56k digital call e dovbs64 2 The voice call will be terminated as a 64k digital call Service Port dnisProfileServicePort The TCP port on the remote machine listening for TCP raw or telnet connections Service IP dnisProfileServicelP The IP address of the remote machine that the dial in customer is to be redirected Telnet Userld dnisProfileTelnetUserld Specifies the ID string that the device will submit during a Telnet session Telnet Mode dnisProfileTelnetMode Specifies the mode ASCII or Binary that the device will use to start a Telnet session Manage DNIS Window 82 Access Server Administrators Reference Guide 7 Dial In Status dnislpProfileStatus Indicates if the DNIS Profile is used in any DNIS configuration e active 1 This profile is used in one or more DNIS configurations e notUsed 2 This profile is not used in any configurations Add a DNIS Profile Use this portion of the window to add a DNIS Profile 1 Entera unique ID in the ID field 2 Enter a valid IP Pool Id 3 Enter the login t
54. Originating Calls 0 Answering Calls 153 Successful Connects 141 Failed Connect PreV8 5 Failed Connect PostV8 7 Remote Retrans 60 Remote Renegotiates 398 Local Retrains 42 Local Renegotiates 192 Suspect A Transitions into suspect state 0 o B Recoveries from suspect state Reboot A Reboots due to consecutive fails 0 B Reboots due to error detection 0 DSP CONNECTION TOTALS DSP Connects s Remote Local Suspect Reboot Index Good No Modem Failed Neg Retrain Reneg Retran Reneg A B A B 1 4 0 0 3 22 8 0 ON ON DO P 0 0 3 17 4 3 OON ONO EMI 2 1 n 5 2 1 1 DE nl A Figure 61 DSP Connection Performance window Failure to Negotiate dspFailurePercent Indicates the percentage of incoming calls that failed during modem negotiation DSP Connection Performance 147 Access Server Administrators Reference Guide 11 Digital Signal Processing DSP Connection Summaries This part of the window shows DSP statistics as a whole Originating Calls dspTotalOriginatingCalls The number of calls the DSP initiates for outbound calls Answering Calls dspTotalAnsweringCalls The number of calls answered regardless if the call was successfully completed Successful Connects dspTotalSuccessfulConnects The number of calls that successfully connected Failed Connect PreV8 dspTotalFailedConnectPre V8 The number of calls that failed before modulation V8 was completed Failed Connect PostV8 dspTotalFailed
55. Protocol UDP is supported by the access server To manage and collect statistics on UDP click on UDP under the Configuration Menu to display the UDP window see figure 79 UDP DATAGRAMS Sere Handling of NETBIOS UDP Broadcasts L doNotPassNetbiosBroadcasts 0 Submit Received 251270 Received w No Ports 3019543 Others Received w No Delivery 0 Sent 2661 Listener Table Local Address Local Port 0 0 0 0 0 0 0 0 0 161 0 0 0 0 520 0 0 0 0 581 0 0 0 0 1701 0 0 0 0 3000 192 49 110 253 513 Figure 79 UDP window UDP 194 Access Server Administrators Reference Guide 16 e IP Handling of NETBIOS UDP Broadcasts boxNetbiosUdpBridging Enables the passing of broadcast UDP packets with a port of 137 and 138 from other interfaces to the local LAN interface Netbios uses these packets to communicate with WINS servers A WINS server can work with out this option enabled but the remote PC will appear to be on the LAN The following options are available e doNotPassNetbiosBroadcasts 0 e passNetbiosBroadcasts 1 Received udplnDatagrams The total number of UDP datagrams delivered to UDP users Received With No Ports udpNoPorts The total number of received UDP datagrams for which there was no application at the destination port Others Received with No Delivery udplnErrors The number of received UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port
56. RUSSE ARE UNSERES 243 Mia Priority for Syslog Daemon sysloe DaemomPriotityy cita E lit dias 243 Min Priority dor Consol RS 232 log Conalep oia 244 Min Pisouty dor Flash Storage syslog Flash Prony eee eee EE 244 Min Prionty for SNMP rap Dann eysloe T rapPriority eo e e e A E 244 Mio Priority for BAM Syslog Tableros 245 Mitad dc a a TR 245 Callar all rao oe RUSSIE ERUIT TUERI 246 Maintenance M E 246 Mantua Fash Seorase evslag S e eat 2 cfs ce ee tated dad 246 System Log Violate MISI eee ice ten cence Ree rete ARE EE rete Die eens 247 MS TO 247 Message Mesa tie 247 Bysrem bas A O c e e ee T Meus 248 g S 9 E eris ie ed d i AE 248 LHS eu a a E E R I NDUIU URESUEN CUIU AIL I Ite 248 What the System Log messages ate telling you eee oreet cathe eB 248 241 Access Server Administrators Reference Guide 21 System Log Introduction The System Log window see figure 98 displays the results from the system wide error reporting utility The object parameters in the system log are all Patton Enterprise MIB object identifiers SYSTEM LOG Modify Volatile Memory Non Volatile Memory SysLog Daemon IP Address 0 0 0 0 SNMP Trap Daemon IP Address 0 0 0 0 Min Priority for SysLog Daemon priontyDisable 1000 Min Priority for Console RS 232 priorityDisable 1000 Min Priority for Flash Storage prioritySystem 80 Min Priority for SNMP Trap Daemon priorityDisable 1000 Min Priority for RAM
57. SEEN Configuration information pane m M O Import Export Remote Access Server Det Nov 8 2001 14 09 46 Alarms Authentication mE DAX STATUS OF ACCESS SERVER A Dial In eiee E Dial Out Active Calls 9 ya Drop and Insert Peak Active Calls 120 9a DSP Total Calls 1532 m Ethernet L E NE Filter IP DSPs Not Working 0 Frame Relay Total DRAM Detected 30506336 Interfaces Running Since Last Boot 5 days 06 43 49 hours vag IP gt MER Version 2 ka RIP Version 2 SNMP IMMEDIATE ACTIONS System SENE lli Illae About TENER Set Factory Default Configuration Figure 3 HOME page Introduction 16 Access Server Administrators Reference Guide 2 Home Operating Status Variables There are seven system variables which describe the immediate operating status access server These variables are shown in figure 4 and are described in the following sections Active Calls 12 i E Peak Active Calls 18 Total Calls 787 DSPs Not Working 0 Total DRAM Detected 1305 18240 Running Since Last Boot 3 days 19 29 50 hours Figure 4 STATUS menu Active Calls diActive This number ranging from 0 to 120 displays the total number of calls being processed connecting online authenticating and so on in the access server at the time the HOME page was displayed Peak Active Calls diMaxActive The maximum number of active calls seen at one time since
58. Seconds Violations Seconds Minutes 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 3 0 0 0 0 0 0 0 0 0 4 0 0 0 0 0 0 0 0 0 5 0 0 0 0 0 0 0 0 0 6 0 0 0 0 0 0 0 0 0 7 0 0 0 0 0 0 0 0 0 8 0 0 0 0 0 0 0 0 0 9 0 0 0 0 0 0 0 0 0 10 0 0 0 0 0 0 0 0 0 11 0 0 0 0 0 0 0 0 0 12 0 0 0 0 0 0 0 0 0 13 0 0 0 0 0 0 0 0 0 14 0 0 0 0 0 0 0 0 0 Figure 113 History of Far End Performance window Far End Interval dsx 1FarEndIintervalNumber A number between 1 and 96 where 1 is the most recently completed 15 minute interval and 96 is the least recently completed 15 minutes interval assuming that all 96 intervals are valid Errored Seconds dsx1FarEndIntervalESs The number of far end errored seconds encountered by a DS1 interface in one of the previous 96 individual 15 minute intervals Far End Line Statistics History 271 Access Server Administrators Reference Guide 22 e T1 E1 Link Severely Errored Seconds dsx1FarEndIntervalSESs The number of far end severely errored seconds encountered by a DS1 interface in one of the previous 96 individual 15 minute intervals Severely Errored Frame Seconds dsx 1FarEndIntervalSEFSs The number of far end severely errored framing seconds encountered by a DS1 interface in one of the previous 96 individual 15 minute intervals Unavailable Seconds dsx1FarEndIntervalUASs The number of far end unavailable seconds encountered by a DS1 interface in one of the previous 96 individ ual 15 minute intervals
59. Speed 1 1 ppp walCallback 13 24 39 sec callngback 88 v34 4 33600 Figure 54 Dial in user waiting to be called back State diactState ringing 1 leave as is connecting 2 leave as is e IcpNegotiate 3 PPP LCP negotiations are currently taking place e authenticating 4 leave as is e tcpEstablish 5 telnet or raw TCP based connection is being established e online 6 leave as is e disconnecting 7 call is currently disconnecting e cleaningup 8 call is disconnected waiting on reply from radius server for stop packet e dead 9 leave as is e DtpTunneled 12 call is tunneled through L2TP e waitCallback 13 callback has been negotiated and the call has been disconnected and is waiting the negotiated delay before calling back Dial in Main Window 135 Access Server Administrators Reference Guide 9 o Callback Static User Authentication In the Modify Static User window are two extra settings for callback The callback type and callback number can be set on a user basis STATIC USER 1 Delete a user by deleting the Username and clicking the Submit button Username ppp Password ppp Callback callbeckToCallincNum 3 7 Callback Number RA Service detaut 0 7 Max Multilinks P Service IP booo Service Port b Service Mask 255 255 255 255 Filter ID B Submit Query Figure 55 Static user configuration showing callback configuration Callback Configur
60. Static User logins gathered since the last access server reset Validated authentications auAuthenticationsValidTotal The total number of validated authentications since the last access server reset Validated via primary server auAuthenticationsValidPrimary The number of authentications validated by the primary RADIUS authentication server since the last access server reset Validated via secondary server auAuthentications ValidSecondary The number of authentications validated by the secondary RADIUS authentication server since the last access server reset Introduction 32 Access Server Administrators Reference Guide 5 e Authentication Validated via static database auAuthenticationsValidStatic The number of authentications validated by the Static User database since the last access server reset Denied authentications auAuthenticationsDenied The total number of authentication attempts requested but denied since the last access server reset Primary server retries auPrimaryServerRetrys The number of times the access server needed to make subsequent requests for a call to the primary RADIUS authentication server Secondary server retries auSecondaryServerRetrys The number of times the access server needed to make subsequent requests for a call to the secondary RADIUS authentication server Accounting server retries auAccountingServerRetrys The number of times the access server needed to make subsequent accountin
61. The available settings are none 1 no compression vjICPQ enabled Next Hop diForceNextHop All packets received on the dial up link are forwarded to this gateway A setting of 0 0 0 0 indicates that this option is not in effect Dial Protocol window 64 Access Server Administrators Reference Guide 7 Dial In Dial In Details The Dial In Details window see figure 26 shows how the system is currently set up to handle dial in users To view this page select Default Details from the main Dial In window Scroll down the window to view addi tional Dial In access server parameters To modify the Dial In access server parameters click on the Modify default link For more information about modifying Dial In settings refer to Dial In Modify default win dow on page 66 DIAL IN Total Active Calls 0 Modify Login IP Address Pool 192 168 200 175 192 168 200 190 This is the default IP address pool It will be used if DNIS is not defined or there is no match to the DNIS pool Login Technique textORchapORpap 6 Username Prompt Username Password Prompt Password Initial Banner 1 Welcome to the Matrix Service Default Service ppp 4 Default Service IP 0 0 0 0 Default Service Port 0 Secondary Service IP 0 0 0 0 Secondary Service Port 0 Service Timeout 60 Force Next Hop 0 0 0 0 Domain Name Server Primary Domain Name Server 192 168 200 151 Secondary Domain Name Server 0 0 0 0 Prima
62. The dial up user must be configured on his com puter for MS CHAP V1 authentication e MschapV2 This setting assumes that all calls will be PPP users No username or password prompt will be displayed The system will go directly to PPP processing The dial up user must be configured on his com puter for MS CHAP V2 authentication e MschapVIORV2 This setting assumes that all calls will be PPP users No username or password prompt will be displayed The system will go directly to PPP processing The dial up user must be configured on his computer for MS CHAP V1 OR V2 authentication DOVBS dnisProfileDOVBS With Data over Voice Bearer Service DOV BS the remote end initiates a voice call that is to be terminated digitally e disable 0 DOVBS is not supported e dovbs56 1 The voice call will be terminated as a 56k digital call This option allows an ISDN type call over a robbed bit T1 e dovbs64 2 The voice call will be terminated as a 64k digital call Manage DNIS Window 84 Access Server Administrators Reference Guide 7 Dial In Service Port dnisProfileServicePort The TCP port that the remote server is listening at for connections Service IP dnisProfileServicelP The host IP address that rlogin telnet and tcpraw connections will be forwarded to Note Ifthe login technique is set to a value other than none the default service must be configured via RADIUS or the static user database for the user s to make use o
63. Verification Web Page Refresh Rate rate5sec 5 J Submit Payable Features Enable Payable Features 0000000100000000 Installation Country unitedStates 1 E Submit Other System Manager amie Box Name fvo2Unit Physical Location Patton Electronics Web Settings Monitor Privilege readonly 2 Figure 96 System Modify window SNMP and HTTP This portion of the System Modify window contains information described in the following sections Version boxSnmpVersion This parameter selects the SNMP version number supported by this unit see figure 96 Select sampv1 1 only SNMP2 is not currently supported Super User Password boxSnmpMasterPassword This modifies the super user password for SNMP and HTTP see figure 96 on page 237 User Password boxSnmpMonitorPassword This modifies the user monitoring password for SNMP and HTTP Web Page Refresh Rate boxWebRefreshRate The rate at which the main dial in web page automatically refreshes The refresh rate can be set from 5 seconds to 5 minutes The default is to never refresh System Modify window 237 Access Server Administrators Reference Guide 20 System Payable Features This portion of the System Modify window contains information described in the following section Enable Payable Features boxFeatureEnableKey Not currently implemented Installation This portion of the System Modify window contains
64. WAN Circuit CONFIGURATION window 283 Access Server Administrators Reference Guide 23 Sync PPP e pap 3 password authentication protocol will be used e chap 4 challenge handshake authentication protocol will be used e chapORpap 5 chap will be negotiated first if that fails pap will be attempted Authentication Side pppAuthentication Side Side of the link which will be authenticating e local 1 local server will be authenticating Remote needs to log into local server e remote 2 remote server will be authentication Local needs to log into remote server Authentication Username pppAuthenticationUsername This is the username that will be sent to the remote side if the remote machine is authenticating If the local server is authenticating the username that the remote sends will be compared to this username Maximum size is 40 characters Authentication Password pppAuthenticationPassword This is the password that will be sent to the remote side if the remote machine is authenticating If the local server is authenticating the password that the remote sends will be compared to this username Maximum size is 40 characters Security Level pppAccesslevel The security level given to this call e passthru 1 allows no access in the configuration screens e monitor 2 allows read only access to the configuration screens change 3 allows full read and write access to the configuration screens MRU p
65. a learned RIP route Gateway RouteGateway Specifies the IP address to which the packets should be forwarded Cost RouteCost This is the cost of the route as defined by RIP standards Cost is sometimes considered to be number of hops A cost of 16 is considered to be infinite A cost can be given to user entered routes so their preference in rela tion to learned routes can be calculated State RouteState Defines the state which a route may be in during its lifetime e invalid 1 This setting deletes the route e active 2 A valid route is in use nopath 3 No route is available to the specified gateway The gateway is not known to local networks e agedout 4 Invalid route soon to be removed costly 5 A valid route but not in use because of it s higher cost Address Translation Information The IP address translation table window see figure 87 contain the IP address to physical address equivalences Some interfaces do not use translation tables for determining address equivalences for example DDN X 25 uses an algorithmic method if all interfaces are of this type then the Address Translation table is empty zero entries Address Translation Information 206 Access Server Administrators Reference Guide 16 e IP ADDRESS TRANSLATION INFORMATION Serve Interface Net Address Physical Type 1 19249 1101 0x00 00 0C 33 5D 48 1 19249 110 34 0x00 05 02 66 FE 11 1 19249 110 57 0x00 60 97D2 06F3
66. aaa 207 Type tpNetLoMediaType erri ert e EH RO Er pcne ed fo a eeu e 207 186 Access Server Administrators Reference Guide 16 e IP Introduction The IP Internet Protocol window lists IP configuration statistics and parameters and enables you to modify IP settings All items described in this chapter are defined in RFC 1213 Management Information Base for Network Man agement of T CP IP based internets MIB II As specified in the RFC implementation of the IP TCP UDP and ICMP MIB groups are required for all TCP IP networks IP CONFIGURATION TCP UDP ICMP Modify Addressing Info Routing Info Address Translation Info Forwarding forwarding 1 Default Time To Live 64 Total Datagrams Received 170936 Discarded for Header Errors 0 Discarded For Address Errors 1134 Forwarded Datagrams 154454 Discarded for Unknown Protos O Discarded w No Errors 0 Total Deliveries 15348 Out Requests 10177 Out Discards x 0 Discarded for No Routes 0 Reassembly Timeout 30 of Reassembled Fragments 0 Successfully Reassembled O Reassembly Failures 0 Fragmented OK D amp Fragmented Failed 0 Fragments Created 0 Valid but Discarded 0 Figure 75 IP main window Click on IP under the Configuration Menu to display the IP window IP main window The IP main window contains basic IP configuration parameters and statistics and it has the following links to windows that will enable
67. access server System Packet Holding Message Blocks The access server system manages the 1960 processor utilization by allocating message blocks for data transfers This Message Blocks window see figure 97 buffer usage of access server message blocks based upon message block sizes SYSTEM Message Blocks Buffer Size No of Buffers No Free No of Tasks Waited No of Times Unavailable 0 9183 9183 0 0 128 3672 2482 0 0 512 3672 3572 0 0 2560 218 215 0 0 Figure 97 Packet Holding Message Blocks window Buffer Size boxbuffersize The size in bytes of the buffer No of Buffers boxbuffercount The number of buffers this size which are currently free for use System Packet Holding Message Blocks 239 Access Server Administrators Reference Guide 20 System No Free boxbuffersfree The number of buffers this size which are currently free for use No of Tasks Waited boxCountBufferTaskWait The number of times a task has waited for this buffer size No of Times Unavailable boxCountBufferUnavailable The number of times one of these buffers was unavailable System Packet Holding Message Blocks 240 Chapter 21 System Log Chapter contents a E E ed dio eere 242 Ste Los Maus WM T TE EO E E E E OE 242 Sye m Woe Mod iy eene E AeA E E EU O R A R ed Lee 243 IE T 243 SysLog Daemon IP AddressisyslogDagemon lP ic ee ce 243 IA Diemon I Address o apii out eoe eL e eee eS 243 Lesa to hel 3 e etes
68. access server is connected This only needs to be set when messageOriented is chosen for signalling protocol e nil 0 National ISDN 1 e dms 1 Northern Telecom e att 2 AT amp T Lucent ctr 3 E1 ISDN ts014 4 Australia AUSTEL e ins1500 5 Japan nfasSlave 7 T 1 that uses the D channel of another T1 for signalling NFAS Interface ID linkNfasInterfaceld The ID number assigned to the PRI by the telephone company The interface ID is used by the common D channel to determine which PRI in the NFAS group will receive the incoming call NFAS Primary WAN linkNfasPrimaryPointer The WAN port that the PRI with the common D channel is plugged into Test Settings This portion of the WAN Circuit Configuration window contains information described in the following sections Force Yellow Alarm linkYellowForce This variable identifies which standard will be used to transmit and identify the Yellow Alarm linkYellowAuto Do not force the transmission of a yellow alarm But yellow alarm may be automatically transmitted WAN Circuit Configuration Modify 262 Access Server Administrators Reference Guide linkYellowOn Force the transmission of a yellow alarm even if the received signal is in frame linkYellowDisable Do NOT transmit a yellow alarm even if the received signal is out of frame Loopback Config dsx1LoopbackConfig This variable represents the loopback configuration of the DS1 interface A
69. activated on your access server The next stages will configure Frame Relay and IP routing Configuring Frame Relay 318 Access Server Administrators Reference Guide C Technical Reference Configuring Frame Relay link parameters Click on Frame Relay under the Configuration Menu to display the Frame Relay main window see figure 70 on page 172 Click on Modify to display the DLMI window DLMI 2 Help Signaling ansiT1 617 D 3 E Data Link Protocol q922 4 2 DLCI Length two octets 2 Y 2 Polling Interval T391 Rn 2 Full Enquiry Interval N391 le 2 2 Error Threshold N392 Monitored Events N393 E Max Virtual Circuits 32 Multicast Service nonBroadcast 1 LMIInterface user 0 X The following pertain only to LMI Interface Network 2 Bidirectional Polling disable 0 E 2 Polling Verification T392 20 Submit Query Figure 129 DLMI window Each Frame Relay instance with the access server is known as the data link management interface or DLMI The access server software currently supports one Frame Relay Link or DLMI on each of the T1 E1 WAN ports Frame Relay has a set of protocols responsible for maintaining the link This is known as the management link interface or LMI The management protocol link must agree with your service provider In most cases the sig naling setting may be the only variable you will need to change The common link management or signaling pr
70. after all the calling number digits are sent set the total digits to a large number for example 30 The access server will send the last response code when it sees the a15 tone First and Middle Response Code interRegCallingNumFirst The code specifying what is done after every digit is sent except the last for the calling number e al l a2 2 a3 3 a4 4 a5 5 e a6 6 e a7 7 a8 8 a9 9 e al0 10 e al1 11 a12 12 e al3 13 al4 14 e al5 15 Last Response Code interRegCallingNumLast The code specifying what is done after the last digit is sent for the calling number e al 1 a2 2 a3 3 e 24 4 MFR Version 2 Modify 217 Access Server Administrators Reference Guide a5 5 a6 6 a7 7 a8 8 a9 9 al0 10 all 11 212 12 al3 13 al4 14 al5 15 17 MFR Version 2 Speech Condition Set up interRegGroupBAck The code sent when acknowledging the Group B digit to set up speech conditions MFR Version 2 Modify b1 1 b6 6 218 Chapter 18 RIP Version 2 Chapter contents Tp ars LO ON O E E 220 RIP Verion 2 main window eee o HER IINE REIS TENER REA TEENS ERN Ede eed Eesti E 220 Route Changes Made np2 GlobalRouteChanges tii 220 Reponse Sene p Global ee cr eee eut AE Le 220 Address pod ERR ERU DEREN EDIDI MI CIUS 220 A cec occ cep m esr p eed EM UM eee rT oe 220 Recene palo ccce oeeseoRU RETE REP RU EU EE 221 ad ET T 221 RIE Yero d C On TG Ue oce Tue eu e e e n
71. at the default unless directed to change by technical support Configuring the remote end using Microsoft Windows 1 After installing the modem driver uncheck Wait for dial tone before dialing under the General tab of the modem properties Figure 136 Modem properties window 2 Uncheck Use dialing rules in the DUN Connection under the General tab 3 Set the phone number to This phone number is required to make the dial up connect work as it is pro vided by windows The phone number is not used for the dedicated line Configuring a leased line dedicated line connection 325 hayes leased line Properties DIES code A me ountry regiori code r Figure 137 Leased Line Properties window General tab Under the Options tab set Redial attempts to a high number Set Time between redial attempts to 3 Disable the idle timer Check the box Redial if line is dropped Sb PY Gm hayes leased line Properties Security Networking Shaina Figure 138 Leased Line Properties window Options tab Configuring a leased line dedicated line connection 326
72. below IP Address Secret friendly name 192 168 200 1 my red ras shared secret mw red roas 192 168 200 2 my red ras2 shared secret mw red ras2 Add the IP address shared secret and friendly name for your RAS to the list of known clients at your RADIUS server Record the shared secret and friendly name for use in the next procedure On your Patton RAS In the following procedure you will configure your RAS with the information collected previously 1 From your RAS Configuration Menu click the second link Authentication then click the Modify hyper link to edit the configurable parameter fields shown below Configuring a RADIUS server 311 Access Server Administrators Reference Guide HOME Import Export Alarms Authentication DAX Dial In Dial Out Drop and Insert DSP Ethernet Filter IP Frame Relay Interfaces IP MER Version 2 RIP Version 2 SNMP System System Log Tl El Link C Technical Reference AUTHENTICATION Configuration Validation staticThenPadius 4 Y Host Address 192 168 2001 Secondary Host Address i321682002 Host Port B2 Timeout S oY Retries ET Serret my_red_ras1_shared_se NAS Identifier dest Accounting Address fiszi682001 8 Secondary Accounting Address isz1582002 Accounting Port beng ts Accounting Enable enableAccounting 1 y RADIUS Packet Format fullRfcPacket D L RADIUS Session ID Size eight B Submit Query To edit spe
73. connection will be terminated even if there is active traffic on the connection A setting of O disables the time out Call History Timeout drLingerTime Number of seconds a MIB entry remains in the Active table will remain after the call is disconnected Active Calls drActive The total number of active calls Session ID dractindex Unique identification of this active call Introduction 139 Access Server Administrators Reference Guide 10 Drop and Insert Originating Link dractLinkIndex Which WAN link this call originated on Originating Channel dractChannel Which channel this call originated on Passed to Link dractPassLinkIndex Which link this call was passed to Passed to Channel dractPassChannel Which channel this call was passed to Number Dialed dractNumberDialed The phone number that was used to dialed into the server if this service is available from the exchange Calling Number dractCallingPhone The phone number that was dialed from if this service is available from the exchange Session Time dractSessionTime The amount of time this call was is active Remaining Time dractRemainingSession The amount of time remaining in this session State dractState Indicates current call progress setup 1 Idle state waiting for call to be attached e alerting 2 Channel is being alerted for transfer of call connecting on other WAN link e flash 3 An incoming and outgoing c
74. default route Multiple routes to a single destination can appear in the table but access to such multiple entries is dependent on the table access mechanisms defined by the network management protocol in use Mask ipRovteMask Indicates the mask to be logical ANDed with the destination address before being compared to the value in the ipRouteDest field For those systems that do not support arbitrary subnet masks an agent constructs the value of the ipRouteMask by determining whether the value of the correspondent ipRouteDest field belongs to a Class A B or C network and then using the appropriate mask from Table 3 on page 200 O S forwarding table window 203 Access Server Administrators Reference Guide 16 IP Next Hop ipRouteNextHop The IP address of the next hop of this route In the case of a route bound to an interface which is realized via a broadcast media the value of this field is the agent s IP address on that interface Interface ipRoutelfindex The index value that identifies the local interface through which the next hop of this route should be reached The interface identified by a particular value of this index is the same interface as identified by the same value of ifIndex Type ipRouteType One of the following route types other 1 none of the following invalid 2 an invalidated route e direct 3 route to directly connected sub network indirect 4 route to a non local host ne
75. displayed and a password must be entered Note Text login for 56k and 64k ISDN is not currently supported e pap 3 This setting assumes that all calls will be PPP users No username or password prompt will be dis played The system will go directly to PPP processing The dial up user must be configured for PAP authen tication Note Ifthe user trying to connect to the access server is not configured for PAP he will be disconnected e chap 4 This setting assumes that all calls will be PPP users No username or password prompt will be dis played The system will go directly to PPP processing The dial up user must be configured on his computer for CHAP authentication Note Ifthe user trying to connect to the access server is not configured for CHAP he will be disconnected e chapORpap 5 This setting assumes that all calls will be PPP users No username or password prompt will be displayed The system will go directly to PPP processing The dial up user must be configured for PAP or CHAP authentication The access server will always request CHAP authentication first Therefore if a user can negotiate either CHAP or PAP CHAP authentication will be performed textORchapORpap 6 This setting enables clear text logins or PPP calls using PAP or CHAP authentication e MschapVI This setting assumes that all calls will be PPP users No username or password prompt will be displayed The system will go directly to PPP processing
76. do not put an at sy START CONFIGURATION D 9 fconfigData 5 04 04 04 04 II E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97 AD fconfigData 9 0x04 00 00 00 02 6E 31 D1 6D 06 00 00 02 6E 31 D1 6E 06 00 00 0A 00 00 00 03 00 00 00 01 00 00 00 6D 6F 64 65 6C 32 38 30 30 73 65 63 72 65 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 OF 00 00 00 63 6c 6P 73 65 74 2D 32 39 36 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 n0 nn no 0n nn nn 00n 00 00 00 00n 0n0 00 00 00 00 00 00 00 00 00 n0n 0n xl WD poama Dans E N ao cm sl Figure 8 Saving the access server flash memory configuration data as a text file Import Configuration To import a configuration file into the access server type the complete path and filename for the configuration file you wish to load or click on the Browse button to select the desired file then click on the Submit Query button see figure 6 on page 20 Upon successfully importing the file the access server will display Configuration Load Complete indicating that the new operating parameters have been loaded in
77. doNotRecieve 4 Adding a RIP address Do the following 1 Enter the IP network address of the interface on the access server that you want to enable RIP This is not the IP address of the device you want to direct RIP packets to 2 Enter the protocol version to be used for sending RIP packets The following choices are available doNotSend 1 ripVersionl 2 Broadcasting RIP updates compliant with RFC 1058 ripl Compatible 3 Broadcasting RIP 2 updates using RFC 1058 route subsumption rules ripVersion2 4 Multicasting RIP 2 updates 3 Enter the protocol version to be used for receiving RIP packets The following choices are available note that rip2 and riplOrRip2 implies reception of multicast packets ripl 1 Accept RIP updates compliant with RFC 1058 rip2 2 Accept multicasting RIP 2 updates riplOrrip2 3 Accept both doNotReceive 4 4 Click on Submit Further modifications can be made by clicking on the Address link of the specific subnet see RIP Version 2 Configuration RIP Version 2 main window 221 Access Server Administrators Reference Guide 18 RIP Version 2 RIP Version 2 Configuration The RIP Version 2 Configuration window see figure 91 shows objects for each subnet address including authentication method RIP Version 1 or Version 2 compatibility and metric value RIP Version 2 Configuration Address 192 49 110 253 Domain 0x00 00 Authent
78. ee ettet E Ro sets 174 E cer o edere mue Ho c ees a cee terete e d er 174 Eroduce Stanis Chanae Drap br Minas iSo eoe cer ec ere e erede ere er ertet tee meas 174 DEMIVindo I M 174 A E A ecce oed A e e o esM Kee M M A 175 Dato Link Protocol aeDA dares 4 E E M aes 175 DECI Length ei crated dese eta eS a 175 Pollingnterval TID 6 DansPollingluterval pis 175 Pull Enquiry Interval QN39 DW EDlemiFullEnguirylnterval tte tee ettet 175 Error Threshold N392N te DlcmubrrorDbsesholdk ra 175 Monitored Events IN393 frDIemiMonitoredEvents ed sica 175 E URT E LST A A LIRE 175 Max Virtual Circuits f DlemiMaxsupported Vis iaa 175 E O E or ee EEE E RE 176 IST TIN TEE OE1 T ST E ET 176 Polling Verification 13921 trOlemiPolling Verification e tes 176 A O ee E E E ROS RON 176 DAR A NO E I7 Mirar c Frame Praesta NUn core a e E E E A T ae T e 177 SrA E oa WA Committed Burst bits irCiscurtGomamated Bursi 22 mu eet REESE SERERE A Excess Burst bits EL CireunrExees Bur a 177 Turouebpue bres irl pecu rouge tai 177 P Address O H S AE E EEES S C A O A 177 Congestion frameEnableGongestion iii iaa 177 171 Access Server Administrators Reference Guide 14 Frame Relay Introduction Erame Relay is a high speed datalink communications technology that is used in hundreds of networks throughout the world to connect LAN SNA Internet and voice applications Within the network Frame Relay uses a
79. ente nete deese leve eene eb RS REPERES 59 Dri Dele aU EE E T mo Uc Eie eec 60 SSU TIE GS ec oc enc eot cen Mere eue a RES c ro e RE A 60 rene degli Sepatu so eoe eei eee eee heec e eer eT 60 SI AEE E E E E A ITE ODDO rc E ME 60 Transmit Oca e Md utet tese ce A ciere ced tien dE 61 WAN kink n LTG SOR RET E E eed 61 Dimelo alle std ay iaa A E E E E E a T 61 Time Sallis Wag sa 61 Termination Reason dicta 3 esee ceteeses terrere tec RR TE EP viret EDI 61 State ae termination a 61 Access Server Administrators Reference Guide 7 Dial In Number Called diactNumberDialed eese eene nnne nente ian a ar o AE aR aE EEr EEEE 61 Number Called From diactCalling Ome cid 61 Dial Protocol windo iii iia 62 es AA EE II E Eo OEE NE 62 Shared Unique ID diaceMultiIndex 2 2 nai dali 62 Username diactUSerm anne x2 ecce ctor eec ere a tere cina Desa ee be e epa decre TO E Cama deals a EVER a ERE ege 62 Sat TT tE ii a siada 62 Protocol diactProtocol i s n eee rote eate e rr eter Dess et tot da P rou corales 63 MIP Ach hire T RCNH 63 Port on Remote Machine decoro iia 63 Local MRU diStathocal WIR caia 63 Remote MRU diStatRemoteMIRLJI aiii 63 LCP Authentication ECPAutbOptions cai ds 63 Local Remote VJ Protocol Comprsn dilpLocalToRemoteCompProt eese 64 Remote Local VJ Protocol Comprsn dilpRemoteToLocalCompProt eee 64 Nexe Hop diForceNent Hop 2 545 onc ncab eire fe a
80. eta tti eie eei ER ion t HU REIR US 323 Configuring a leased Ime dedicated line CONTEO ec et tette eden eerie 324 About this guide This guide describes configuring a Patton Electronics access server This section describes the following e Who should use this guide see Audience e How this document is organized see Structure e Typographical conventions and terms used in this guide see Typographical conventions used in this doc ument on page 10 Audience This guide is intended for the following users e System administrators Operators Installers Maintenance technicians Structure This guide contains the following chapters e Chapter 1 describes configuring the Administration Page window Chapter 2 describes configuring the Home window e Chapter 3 describes configuring the Import Export window Chapter 4 describes configuring the Alarms window Chapter 5 describes configuring the Authentication window e Chapter 6 describes configuring the DAX window Chapter 7 describes configuring the Dial In window e Chapter 8 describes configuring the Dial Out window Chapter 9 describes configuring the Callback window e Chapter 10 describes configuring the Drop and Insert window e Chapter 11 describes configuring the DSP window e Chapter 12 describes configuring the Ethernet window e Chapter 13 describes configuring the Filter IP window e Chapter 14 describes configuring the Frame Relay
81. file can be reloadedinto your system at a later date You may edit and comm ent the top portion of this file but do not modify any data after the at symbol Also do not put an at symbol in the comment area START CONFIGURATION DATA a fconfigData 5 0x01 00 00 00 04 04 04 04 04 04 04 04 03 08 08 03 08 03 08 03 04 04 04 04 04 04 04 0 4 03 08 08 08 08 03 08 08 04 04 04 04 04 04 04 04 08 08 08 08 03 08 03 03 04 04 04 04 04 03 04 04 03 03 03 08 03 03 08 03 00 00 00 00 feonfigData 6 Ox01 00 00 00 04 04 04 04 04 04 04 04 08 08 08 08 08 08 08 08 04 04 04 04 04 04 04 04 08 08 08 08 08 03 08 08 04 04 04 04 04 04 04 04 08 08 08 08 08 08 08 08 04 04 04 04 04 08 04 04 08 08 08 08 08 08 08 08 00 00 00 00 Figure 7 Typical access server flash memory configuration data 21 Access Server Administrators Reference Guide 3 Import Export To save the displayed data as a text file select the Save option on your browser see figure 8 For example under Netscape select File gt Save As A dialog box will display enabling you to save the contents of the export parameters to a text file Select the location where you want the file stored type a file name and click Save BRD Flash configuration data for Server Save As 21x Gi Access Server Contigs aja esl rj The data below is the of your configurable File Save As option t file can be reloaded You may edit and comm but do not modify any
82. header flags that the connection is established The following choices are available e anyPackets 0 Applies the filter to all packets onlyEstablishedConnections 1 Only applies the filter to established TCP connections Default for dialin filterlpDefaultDialin This option applies the filter to as a default filter for all dial in users If another filter is specified either in RADIUS or in the static user profiles then all dial in defaults are disabled and only the specified filters are applied The following choices are available no 0 applyToDialin 1 Modify Filter 166 Access Server Administrators Reference Guide 13 e Filter IP FILTER 1 Delete a filter by deleting the name and clicking the Submit button Name fet Direction inactive 0 2 Action block 7 A Source IP equal jooo MaskJ0 0 0 0 Destination IP equo s ooo Mask 0 0 0 0 Source Port noCompare 0 o Destination Port noCompere 0 y fo Protocol lo TCP Established anyPackets 0 y Default For dian no y Default for dalout no 2 Submit Query Figure 69 IP Filter showing default for dialout Default for dialout filterlpDefaultDialout This option applies the filter as a default for all dialout locations If a location has a filter specifically specified for that location see section Locations Link on page 121 the default filter is disabled for that location and only the specified filter
83. main window contains information described in the following sections see figure 95 on page 234 Internal Temperature boxTemperature Displays the current temperature in celsius centigrade Highest Temperature boxMaxTemperature The highest temperature registered in celsius centigrade sinc the access server was last re booted Payable features This portion of the System main window contains information described in the following section see figure 95 on page 234 Enable Payable Features boxFeatureEnableKey This encoded string is used to enable payable features This feature is not currently implemented Installation This portion of the System main window contains information described in the following section see figure 95 on page 234 Country installCountry Specifies the country that the access server is installed in so it can be configured in accordance with local laws Other This portion of the System main window contains information described in the following sections see figure 95 on page 234 Total DRAM Detected boxDetectedMemory The total number of bytes of DRAM detected by the CPU SystemlD sysObjectlD This SNMP variable represents the type of access server being managed as defined by specification RFC 1213 MIB Running Since Last Boot sysUpTime This SNMP variable represents the time in hundreds of seconds since the network management portion of the system was last re initialized as specif
84. parameters are end to end 2 out of 6 in band code signals that use backward and forward compelled signalling Set the access server objects based upon codes that pertain to Forward Line Sig nals Forward Register Signals Backward Line and Backward Register Signals MFR Version 2 Modify 215 Access Server Administrators Reference Guide 17 MFR Version 2 Note Interregister Signalling setup codes are country specific Please refer to Rec ommendation Q 400 Q 490 and to the host country s PTT for national sig nalling specifications Called Number Total Digits interRegCalledNumDig The number of digits expected for the called number First and Middle Response Code interRegCalledNumFirst The code specifying what is done after every digit is sent except the last for the called number al 1 a2 2 a3 3 e a4 4 a5 5 e a6 6 a7 7 a8 8 a9 9 e al0 10 all 11 a12 12 e a13 13 al4 14 e al5 15 Last Response Code interRegCalledNumLast The code specifying what is done after the last digit is sent for the called number e al l a2 2 a3 3 e a4 4 a5 5 e a6 6 e a7 7 a8 8 a9 9 MFR Version 2 Modify 216 Access Server Administrators Reference Guide 17 MFR Version 2 e al0 10 all 11 al2 12 e al3 13 al4 14 al5 15 Calling Number Total Digits interRegCallingNumDig The number of digits expected for the calling number If an a15 tone will be sent
85. point to point route to a remote host eese eee enne 202 Adding a static rotites to a remote BebWoIle inm eere ub ij 202 A iced ee oe pev Pete etit bea esatto ross bec reet ot dero e edite telo iet cert idees 203 DS Beaty anit table windoWis ancianidad de dla 203 Destination UpRouteDest 0 rec eG SERERE ET EEEUU AELIAN ho 203 Mask tip Route Mask cnr ten Den Rente een neis 203 Next Hop pRoutelYextElop obedientie roe ei adads 204 Interface IpRoutellinde ioo eme E Dre SR eer EHE IH EU RE R IEEE EE SCR Du ta re DAC EESEO 204 Type Up Rone PE uci ttti tte tet OO GR ET RR EIER Mia cet ia des Soe ast Pe Le UR Ee e ag 204 Protocol GpRoutePtoto neni eter tarde sii 204 Ipro TE TT ro EM 205 IP Routing Destination WILLOW cia ri 205 Route Destination ip Route Dest ee RON ee nt rre rade e ee XR ag apta 205 Das ANA 25s eerte EN 205 Interface ipRouteliDides iioi ree e PH eo a eE 205 Protocol rBRouteDEOUO os ee CR erepti e E RE ERE REO e ERU bte e ee e eee ened 205 seconds nee Updated pRouteAge 1e e eere ord rd ia cote or m He RR 206 Tag Route Tag T 206 Gateway Route Gateway ia A dai 206 Gost Rone Coh aaa 206 State ROUES O e EET E EEEE SE 206 Address Translation formation 2 nee RH RE RU HUE E EE ER ests saves iE 206 Interface UpNet l 6MediaEntry uie a A tei tea iin 207 Net Address apNetToMediaNetAddE6ess 5 2 0 ied raid m pere RES 207 Physical GpNetToMediaPhysAddress
86. port WAN 2 WAN 3 Switch Type nfsSlave 7 att 2 Interface ID Primary WAN The switch type for the primary WAN is set to the flavor of ISDN the switch is configured for This does not change for an NFAS implementation The Interface ID must match what the central office has designated The PRI with the D channel must be configure with an ID of 0 Typically the other PRIs have interface IDs which are numbered sequentially but the IDs can be any number up to 31 Far End Line Statistics Totals 274 22 T1 E1 Link Example 2 The RAS hosts 1 NFAS group containing 3 PRIs Signal setting for each WAN port N2 WAN 3 Switch Type Nil O 7 Primary WAN 1 1 Far End Line Statistics Totals 275 Chapter 23 Sync PPP a 278 Aa Gk O E O AE E 278 Liae Status Channel Asma Nc 278 Desired Leon a A A Seer deed Duo CO Tey ot T T Re E Td Do PPP Con ve AT COUETTE E E EA A EE 279 PPP Main Windon orte eO RI HE EUR AO EE er 279 A n sse oue e eI C RUNURRUSSE Eee eee 279 MA oneen oann A tree ern Perr eer R D 279 a OO 280 lp Address pppoe ru ce iodides o E A E ME 280 lp Maki esu IU rJ EE 280 Detayli ror eee 280 Authentication Technique pppDetaultAuthentication Technique etre 281 Authentication Side ppplJefaultAuthentcatianside aos 281 Authentication Username pppliefaulcAuthenticatienlsermame reete eem 281 Authentication Password pppDetauliAuthenticationPasswortd cete eena
87. retrain Dial In User Statistics window 7 Dial In 102 Chapter 8 Dial Out Chapter contents Ip ars A E ON O E E 107 Dil Our Maia T O e r a E E R 107 Call Soring doPape Sar oia 107 TIL E ot Ws ere a T EE Pa A 107 ENEK Era Ta a co 107 A e nae O A E EE 107 Weer a Forres O TT coraa a ENERO I E A R ETEO eee 108 Sete dare a E reer 108 E arora E TT 0 E A A A E dl E E Mele eue E E A 108 Disconnect Reason doactkerminateReIson A e E aea 108 Tob s dode Medalion o aa Ae 110 hpeed do e E E DE 110 ao eV ae a 110 Dial Out Md a ARE 111 Modi Login M 112 TCP Pore doTi pron e R nien eI RRA 112 TOP Type K 112 Restrietita Lan do Eeestblc tl oll ani vo trade S 112 Login Technique daliopinTechmgue 5 ios 112 Usemame Prompt ttt reveren ce LM o e Te RAE A 112 Password Tl romptidoPasswordDtom a 112 inital Banner do ccce temet UE ETT 112 e a e E A E A TA 112 Failure Banner dofailure Banner oere e eb ce eene M E A a E reer 113 bosim Arempi Alloncd eot tempi cocer EA E A E E E A E E 113 Modify Maximum TMe e EA EE TAER 113 Maximum Session Mime da Ses OU cerier ae orea er E AEE E EERE E iia 114 Main ide Time dolde R eenn Iii 114 Time to Login sec dolLopin Timeout sorer aa an E EELA RE EU e AAR AE 114 Calero Timeout min isa 114 Nod MS Conf Ur oD nen a a a a sear vee N A E E EE 114 SOS OO 114 6 TTC EL e TS T 1 eter CR aE 114 Modemon Hold div 2 Modemtnb Told reete hee 114 Modem on Hold Timeout diV92ModemOnELPoldTimeott
88. s is are used The following options are available no 0 applyToDialout 1 An example of using a filter All customers are limited to the local mail server mail internal com and an internal website www internal com The IP address for mail internal com is 192 10 10 1 for www internal com is 192 10 10 2 DNS server for name resolution is 192 10 10 1 The filters needed ID 1 Name Mail Server Direction inbound Action pass Source IP and mask not set Destination IP 192 10 10 1 mask 255 255 255 255 Source Port no compare Destination Port equal 110 for POP3 or 25 for SMTP An example of using a filter 167 Access Server Administrators Reference Guide 13 e Filter IP Protocol not set TCP Established anyPackets Default for dial in apply to Dial in e D 2 Name WebSite Direction inbound Action pass Source IP and mask not set Destination IP 192 10 10 2 mask 255 255 255 255 Source Port no compare Destination Port equal 80 Protocol not set TCP Established anyPackets Default for dial in apply to Dial in e D 3 Name DNS Direction inbound Action pass Source IP and mask not set Destination IP 192 10 10 1 mask 255 255 255 255 Source Port no compare Destination Port equal 53 Protocol not set TCP Established anyPackets Default for dial in apply to Dial in Note Ifthe DNS filter was not created then users would have to use IP addresses
89. simple form of packet switching that provides high throughput and reliability For more informa tion refer to the Frame Relay MIB 1315 Management Base for Frame Relay DTEs The access server offers IP in Frame Relay or RFC 1490 Multi protocol encapsulation Because the access server has a built on router the access server can route IP traffic to multiple locations over multiple virtual channels Using a T1 or El WAN link the access server can function as a network to network interface NNI switch or as a User to Network Interface UNI Most applications will be as an UNI A Frame Relay network consists of endpoints the access server frame relay access equipment bridges rout ers hosts frame relay access devices and network devices switches network routers T1 E1 multiplexers The most popular application is to use the access server as a POP in a box with a Frame Relay IP connection to the Internet backbone The Frame Relay main window The Frame Relay main window displays diagnostic information about the Frame Relay link and lists complete statistics configuration information for each WAN link that has been selected for Frame Relay service Click on Frame Relay on the left hand frame to display this window see figure 70 FRAME RELAY Link 2 Status UP Modify DLCI HDLC Statistics on Link TRANSMIT Bits Sec 24352 RECIEVE Bits Sec 32856 No Buffers Available 12 Data Overflow 2 Message Ends 20780875 Packets T
90. software release The L2TP Software supports the following features Shared Tunnel Support If multiple clients requests an L2TP Tunnel to the same LNS they will use the same tunnel Multiple Tunnel Support If a client requests a connection to a new L2TP Tunnel then a new tunnel will be established Keep Alive Messages Full Challenge and Challenge Response check for each tunnel authentication request Hostname verification supported when configured for authentication ID support e Packet sequence checking and support e No AVP Hiding supported CPU Idle Time available to the web interface on the Home Page LNSIP Address displayed on the dialin all web interface page Tunnel Id displayed on the dialin all web interface page L2TP provides a means of backhauling the PPP connection from the local RAS device which will provide the physical work on terminating the phone call and the Access Server which will authenticate the call The RAS will be acting a LAC L2TP Access Concentrator in this application A seperate device typically a Cisco router will be acting as the LNS L2TP Network Server L2TP Configuration The Patton Electronics Remote Access Server can be configured to initiate an L2TP tunnel using either Static Authentication or RADIUS Authentication The following information defines the configuration and the fea tures which are available Static Authentication The user has the ability to initiate an L2TP tu
91. such as bytes transmitted and received Centrally stored security data is more secure easier to manage and scales more smoothly than data scattered throughout the network on mul tiple devices RADIUS Client Server Architecture RADIUS operates on the client server model A RADIUS Authentication Server provides security services and stores security data A RADIUS Accounting Server collects and stores statistical data Most often a single machine provides both functions however the two RADIUS servers may reside on separate machines Net work managers may configure a RADIUS Client to use RADIUS security services RADIUS accounting ser vices or both X IP Network c Connection Network Access Server NAS Authentication Server Accounting Server RADIUS Client RADIUS Server Figure 124 RADIUS diagram Introduction 307 Access Server Administrators Reference Guide C Technical Reference A RADIUS client consists of a Network Access Server NAS such as your Patton RAS which provides one or more remote users with access to network resources A single RADIUS Server can serve hundreds of RADIUS cli ents and up to tens of thousand of end users Fault tolerance and redundancy concerns can be addressed by con figuring a RADIUS client to use one or more alternate RADIUS servers A NAS your Patton RAS can access a local RADIUS Server on the connected LAN or a remote RADIUS Server via WAN connections RADIUS Services AA
92. support if you see these termination reasons noPoll 12 e ipcPutMsdErr 13 pollErr 15 joctlErr 16 e pppPutMsgErr 17 e dsplocdErr 18 e timerErr 19 pppOpenErr 22 e ipLinkErr 23 e pppLinkErr 25 tcpOpenErr 26 e tcpPushErr 27 tcpPutMsgErr 28 invalidPrim 29 noTimers 33 tcpLinkErr 34 dspLinkErr 35 Dial In User Statistics window 93 Access Server Administrators Reference Guide 7 Dial In e dspPutMsgErr 36 noDsp 37 lisIpcErr 38 e dspOpenErr 39 invalidCode 40 e callContention 41 e dspCommErr 42 unknownBearerContent 43 e dspOutOfState 46 e dspRequestUnsupported 47 e dspBadPrimitive 48 e tcpNoBuffers 68 udpOpenErr 75 e udpBindErr 76 e DtpOpenErr 77 DtpLinkErr 78 e relinkErr 79 State at termination diactTerminateState Indicates the value of diactState when the call was terminated A value of 0 indicates the call is still online Dial In User Statistics window 94 Access Server Administrators Reference Guide 7 Dial In PPP Statistics This portion of the Dial In User Statistics window see figure 38 shows PPP statistics as 32 bit variables of the current user selected PPP Statistics Bad Address 7 0 Bad Controls 0 Packets Too Long 0 Bad Frame Check Sequences 0 LCP Statistics Local Remote MRU 1524 1524 Multilink MRRU 2048 1524 LCP Authentication pap 2 ACC Map 0x00 00 00 00 0x00 00 00 00
93. the last octet as 0 Add a route Destination Mask Gateway 0 0 0 0 o 0 0 0 Add Route S fo 0 0 0 Add Route Advanced Interface fo 0 0 0 fo 0 0 0 o Add Route Figure 132 Adding a route 3 Type in the Mask to define the network This must correspond to the destination network For example if you wish to forward a C class address you would specify the mask as 255 255 255 0 4 Type in the next hop gateway Click Add Route The route will now appear in the routing table To use the frame relay as the default gateway enter the next hop gateway of the frame relay link in the gateway field of the first set of entry items Click Add Route Link Status and the IP Forwarding If the Frame Relay link is down the address will automatically be removed from the routing table If there are any routes which specify this IP address as the next hop the routing table will show the state of noPath 3 see figure 133 IP ROUTING INFORMATION Destination Mask Gateway Cost Interface Protocol State 0 0 0 0 0 0 0 0 192491101 1 1 user 2 active 2 10 10 10 0 2552552550 19216811 1 0 user 2 nopath 3 192 49 110 0 2552552550 0 0 0 0 11 1 local l active 2 Figure 133 Link status and IP forwarding When the Frame Relay Link returns to the UP state the IP route for the link will be re added and used to for ward IP packets Any routes that specify this IP address as the next hop will automatically return to the active state
94. the names of options on pull down menus Futura type Indicates the names of fields or windows Garamond bold type Indicates the names of command buttons that execute an action lt gt Angle brackets indicate function and keyboard keys such as lt SHIFT gt lt CTRL gt lt C gt and so on Are you ready All system messages and prompts appear in the Courier font as the system would display them dir Bold Courier font indicates where the operator must type a response or command 10 Access Server Administrator s Reference Guide About this guide Mouse conventions The following conventions are used when describing mouse actions Convention Left mouse button Table 2 Mouse conventions Meaning This button refers to the primary or leftmost mouse button unless you have changed the default configuration Right mouse button This button refers the secondary or rightmost mouse button unless you have changed the default configuration Point This word means to move the mouse in such a way that the tip of the pointing arrow on the screen ends up resting at the desired location Click Means to quickly press and release the left or right mouse button as instructed in the procedure Make sure you do not move the mouse pointer while clicking a mouse button Double click means to press and release the same mouse button two times quickly Drag This word means to point the arrow and then
95. the remote PPP entity This value is the MRU that the local entity is using when sending packets to the remote PPP entity This setting becomes active when the link is in the up able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 Local Multilink MRRU diStatLcpLocalMRRU Multilink maximum receive reconstruction unit for the local device Remote Multilink MRRU diStatLcpRemoteMRRU Multilink maximum receive reconstruction unit for the remote device LCP Authentication LCPAuthOptions Authentication type used by the dial in user The following options are available none l papQ chap 3 e MSChapV1 4 MSChapV2 5 e tacacs 6 not currently implemented e edp 7 e ShivaPap 8 not currently implemented ACC Map diStatLocalToPeerACCMap The current value of the ACC Map used for sending packets from the local modem to the remote modem The local modem sends this character map to the remote peer modem to ensure that the data being transferred is interpreted correctly This setting becomes active when the link is in the p able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 Peer Local ACC Map diStatPeerToLocalACCMap The current value of the ACC Map used by the remote peer modem when transmitting packets to the local modem The local modem sends this character map to the re
96. tine eet e eret rettet riar 125 Time lefe ini session doactRemainingSessiOn s crede tie m E ERE EE HR 125 Termination Reason doactTerminateReason eese nennen nennen rnit eana 125 PIE Stats csi deter ree ri tei rare e e eue vive eiie tete Pe t RD 127 Bad Address doStatBadAddresses oe ota iia die iaa ini Pa deer tene 127 Bad Controls doStatBadGonttrols erret ette rae ether A nene nente ener eren ee pereo ee op PUER IE iun 127 Packetstoo long doSvatPacket DooLongs i eret ed tee e eeu p rie eed seine 127 Bad Frame Check Seguences dostatBadE Ss iure Gitter iet reta evt RESEERUYNL edil GERE cda 127 E M C E 127 Local MRU doSiatLoealMBU 2 iet tntetette a a eile iri S 128 Remote MRU doStatRemoteMRU ia ia 128 Local Multilink MRRU doStatLcpLocalMRRBU 2 id a 128 Remote Multilink MRRU doStatLcpRemoteM RRU eiii pao 128 Remote LCP Authentication doStatlepAuth l onto nm mre ep e d PE Eten 128 Local ACE Map doStatLocalToPEstACEMAD irre tret al e tte FO IRE breeds 128 Remote ACC Map doStatPeerToLocalAC C Map sirenita it 128 Local PPP Protocol Compression doStatLocalToRemoteProtComp eee 129 Remote PPP Protocol Compression doStatRemoteToLocalProtComp eere 129 Local AG Compression doStatLocal ToRemoreAC Comp viii ete ted reet peret tene eet 129 Remote AC Compression doStatRemoteToLocalACComp
97. type set to Callback Framed The accounting stop packet will have the Callback Number attribute present with the number the server is calling back On the callback call the start and stop packets will have service type set to framed with no Call back Number attribute Dialout When callback is being used and the user is being called back the outbound call will be shown in the dial out window DIAL OUT Call Sorting descend ng 0 l Submit Query Active Calls 1 Peak 1 Total 2 Settings Details Modify Locations Modem Profiles Call ID ML ID User State Duration Disconnect Reason Modulation Speed 2 ppp online 7 37 49 sec stilA ctive 0 v92 22 52000 SER ppp dead 10 00 01 36 hours sessionTimeout 66 v92 22 52000 Figure 56 Dial out window showing callback outbound call Configuration for the outbound callback call timeouts modulations compression etc is set through the dial out settings Modify Authentication on the outbound call is done in the same way as an inbound call DNS and WINS entries are passed from the dial in call to the dial out call Accounting information 137 Chapter 10 Drop and Insert A ID E III UM 139 Dropand mer so eoe eee ee TEE THERE 139 Session Dingeout drSession KT a NEUES REIN Sa eee 139 Sa Mns de 139 P e dV AE A A A RCE SN a ORR ASE ORR A MER 139 IS 139 RT Lale decides eese Ge NU EE DIES 140 Gustan Channel race hanngl o eU REESE A 140 al T dex e O 14
98. used reserved 8 The instance is fully operational and could be used to take a call But another DSP in the same boot group as this one is pendingBoot Therefore we are not to use this until the reboot occurs This state only appears where the PCB version is 1 or less for information on displaying the version refer to section PCB Revision boxManufacturePcbRevision on page 233 suspect 9 The instance is operational and could be used to take a call But we have seen a number of consecutive failures so it will not be used until no other available instances can be found A successful call will place this instance back into the available state available 10 The instance is fully operational and can be used to take a call Instance First Used By dspUseFirst Identifies whether the first instance is in use or free Instance Second State dspStateSecond Identifies the current state of the second instance of the DSP See dspStateFirst for parameter values Instance Second Used By dspUseSecond Identifies whether the second instance of the DSP is in use or free Call Statistics This portion of the DSP information window see figure 63 on page 151 shows the statistics of the individual DSP Originating Calls dspOriginatingCalls The number of calls the DSP initiates for outbound calls Answering Calls dspAnsweringCalls The number of calls answered regardless if the call was successfully completed DSP inf
99. will not compared to the inbound call to determine if the dial in user matches its conditions Add a DNIS Group Use this portion of the window to add a DNIS configuration 1 Enter a unique ID in the ID field 2 Ifneeded enter the WAN link 3 Enter the dialed number 4 Enter the DNIS profile to activate the configuration Note Entering an ID that is already configured will change the configuration Manage DNIS Window 78 Access Server Administrators Reference Guide 7 Dial In DNIS Entry Window Clicking on the ID in the Manage DNIS Window displays the DNIS Entry window see figure 32 where you can change the DNIS configuration DNIS Entry 3 WAN Link OA Called Calling Number 8005551212 DNIS profile lo Status notUsed 2 gt Figure 32 DNIS Entry window WAN Link dnisPoolDesrcWan The WAN link the dial in user must be connected to in order to use this DNIS configuration Note 0 indicates that the WAN Link is not considered when determining if the dial in user matches the conditions of the DNIS configuration Called Calling Number dnisPoolDesrcDialedNumber The number the dial in user must call in order to use this DNIS configuration If more than one number is specified they must be separated by semi colons Note This field has a limit of 80 characters DNIS profile dnisPoolAssignedProfile The DNIS profile used if the dial in user meets the conditions of this configuration The profil
100. 0 Passed to Channel draet Pass Chanel 140 o A erre eeu eer MMC UL E rec T eee uud e Me ec ee UE T 140 callus O T e e aa E E E E E E A A ERS 140 Sessiom Due dtactSsssion KT T 140 Remanine Time T Meine mite sian orri no ao na E RET AA NNR sd 140 State draet O Pe ee 140 Fov Dropar a E tesa E E E ces EER 140 Uang Dropand Insert oec eo oT anA AOA OAT A AAA 141 138 Access Server Administrators Reference Guide 10 Drop and Insert Introduction The Drop and Insert window see figure 57 contains setup objects associated with using the access server as a drop and insert box to an upstream or downstream location DROP AND INSERT server Session Timeout pooo Call History Timeout pw Submit Query Active Calls 1 Originating Destination Link Link Called Session ID Channel Channel Calling Remaining State 8 0 1 unknown 28 57 sec dead 8 SCR AH wnknown 0 00 sec KILL 9 0 1 unknown 58 90 sec online 4 3 1 unknown i 0 00 sec KILL Figure 57 Drop and Insert window Click on Drop and Insert under the Configuration Menu to display the Drop and Insert main window Drop and Insert main window This Drop and Insert window contains channel information for each unique session ID If there are no drop and insert connections to the access server this screen will be blank Session Timeout drSessionTimeovt This is the maximum time in minutes which a connection is allowed to be maintained After this time the
101. 1E1 4 Based on CCITT ITU G 704 without CRC e dsx1EI CRC 5 Based on CCITT ITU G 704 with CRC e dsx1E1 MF 6 Based on CCITT ITU G 704 with TS16 multiframing without CRC e dsx1EI CRC MF 7 Based on CCITT ITU G 704 with TS16 multiframing with CRC Line Coding dsx 1 LineCoding This variable describes the type of Zero Code Suppression used on the link which in turn affects a number of its characteristics e dsx1JBZS 1 Jammed Bit Zero Suppression in which the AT amp T specification of at least one pulse every 8 bit periods is literally implemented by forcing a pulse in bit 8 of each channel Thus only seven bits per channel or 1 344 Mbps is available for data This feature is not currently implemented e dsx1B8ZS 2 Binary 8 Zero Suppression The use of a specified pattern of normal bits and bipolar viola tions which are used to replace a sequence of eight zero bits e dsx1HDB3 3 High Density Bipolar Order 3 It is based on AMI but extends this by inserting violation codes whenever there is a run of 4 or more 0s e dsx1ZBTSI 4 May use dsx1 ZBTSI or Zero Byte Time Slot Interchange This feature is not currently implemented dsx1AMI 5 Alternate Mark Inversion Refers to a mode wherein no zero code suppression is present and the line encoding does not solve the problem directly In this application the higher layer must provide data which meets or exceeds the pulse density requirements such as inverting HDLC da
102. 2 V 22 modulation e y32 3 V 32 modulation e v34 4 V 34 modulation e k56 5 K56 Flex modulation x2 6 X 2 modulation e y90 7 V 90 modulation e v110 8 V 110 modulation not currently implemented isdn64 9 ISDN 64 modulation isdn56 10 ISDN 56 modulation not currently implemented e 12tp 11 12tp tunneled multilink call e phase2 20 Phase 2 an advanced state of modulation in v34 and higher answerack 21 acknowledgement phase of modulation Tx Connection Speed doactTxSpeed The connected speed of the modem link for example 28 8 bps These values in bits per second range from 300 33 600 Rx Connection Speed doactRxSpeed The connected speed of the modem link for example 28 8 bps These values in bits per second range from 300 53 000 Error Correction Protocol doactErrorCorrection The modem error correction scheme used during this call None No error correction on the call e V42 Error correction mode e V120 Mode for ISDN B Dial Out User Statistics Window 131 Access Server Administrators Reference Guide 8 Dial Out Data Compression Protocol doactCompression The modem data compression technique used during this call None No compression e V42bis Compression is running e Stac Not currently implemented Modulation Symbol Rate doactSymbolRate The modulation symbol rate during the call This is used only when in V 34 and above modulations
103. 2 Modify on page 212 Line Signalling This portion of the MFR Version 2 main window contains information described in the following sections Country lineSigCountry Displays a particular country or itu Standard Custom allows for any values in the following fields Line Signal ling objects are country specific Please refer to the host country s PTT for national signalling specifications Introduction 210 Access Server Administrators Reference Guide 17 MFR Version 2 Idle Code lineSigldleCode Code to indicate that a line is in use Forward Seize lineSigForwardSeize Code to indicate there is a desire to use a line Back Acknowledge lineSigBackAck Code to indicate there is an agreement to use a line Back Answer lineSigBackAnswer Code to indicate a call has been completed Minimum Transition Time lineSigMinTransTime The minimum transition time in milliseconds Minimum Detection Time lineSigMinDetectTime The minimum detect time in milliseconds Protocol Timeout lineSigProtoTimeout The time for a protocol timeout in milliseconds Interregister Signalling This portion of the MFR Version 2 main window contains information described in the following sections Called Number Total Digits interRegCalledNumDig The number of digits expected for the called number First and Middle Response Code interRegCalledNumFirst The code specifying what is done after every digit is sent except the last f
104. 2 20 Phase 2 an advanced state of modulation in v34 and higher e answerack 21 acknowledgement phase of modulation e V92 22 V 92 modulation moh 23 Modem is using V 92 s modem on hold feature v23 24 V 23 modulation Transmit Connection Speed diactTxSpeed The connected speed of the modem link for example 28 8 bps These values in bits per second range from 300 33 600 Dial Modulations window 58 Access Server Administrators Reference Guide 7 Dial In Receive Connection Speed diactRxSpeed The connected speed of the modem link for example 28 8 bps These values in bits per second range from 300 53 000 Error Correction diactErrorCorrection The modem error correction scheme used during this call None 1 No error correction on the call e V42 2 Error correction mode e V120 4 Mode for ISDN B Data Compression Protocol diactCompression The modem data compression technique used during this call None 1 No compression e V42bis 2 Compression is running Stac 4 Compression is running e v44 5 V44 compression is running Locally Initiated Renegotiates diactLocalRenegotiates The number of times the local modem has initiated a modem speed renegotiate Locally Initiated Retrains diactLocalRetrains The number of times the local modem has initiated a modem carrier retrain Remote Initiated Renegotiates diactRemoteRenegotiates The number of times the remote modem has i
105. 237 System Packet Holding Message Blacks niae e aeo te leidas trt te eese be ttt seed eee 239 Systeinn LOG E 241 Introduction RE eevee 242 System Log Main Wind Wisin d e te E E Ed devi e t e es 242 Contents Access Server Administrators Reference Guide 22 23 24 25 26 System Loy Modi reen da tdi iia 243 System Log Volaule Membty ici al is 247 System Log Non Volatile Memory eese ennt ente nennen entente tenen rar tenentes 248 What the System Log messages are telling you rice d rere ner e ere nere pere ede 248 t Rr ET NO 249 Introduccion unan noite 252 TEL Link Activity man wibdQw o cce err eae nre ee ene eee ces eee re E repere eae 253 aras Present a meine insertada EE CHE Er er MESE HE RSS E E ERES 254 Line Status Conn gurao saer sie aaa aieiaa TE EE ETa EEA Oea ER EO ASEE ii 258 WAN Circuit Gonfiguration Modify ree aa 259 Line Status Ghansel Assie tame rit ogo oraina iii dia 264 Near End Line Statistiese Current oios ieee sia 265 Near End Line Statistics Pista Ai 267 Near End Line Statistics L ini lies 268 Far End Line Statistics Currents a o sese tereti eiecit EE lebt ii 270 Par End Line Statistics IIISEOE oie terrd eiae e ee Erb Ai 271 Far End Linesta stits T atals 66 nete md ar edente eie eO RIPE be robes 273 gredi t Lise
106. 284 MRU pps pointe aR eR 284 IP Address ipppSeivice lp Address tuae rete dete o 284 DP Mask pppServiceIpMMiask nacida oct 284 IP Compression pppl p Compression sist roe ete Ree EXE HORE EX EE RE NR UA RE PEL EHE 284 IP Force Next Hop ppp orce NestHop oen rm terrere tee uei Cid eui ee die tir dO 284 Link Compression ppplunkGompresston italia fertnr aida i turis 285 Allow Magic Number Negotiation pppMagicNumber eese 285 Sd PT 285 Bad Address pppStatBadAddresses viii iii 285 Bad Controls pppStatBadCGontrols ie er rem te tertie E rte ones 285 Packets Too Long pppstatPacketTooLongs Jte trt titi 285 E curo P 285 Local MRU pppStatLocal MRU 12 2 5 rentre rera ette rr e uev x e aae Re ose verbe de seg ehe 285 Remote MRU pppStatRemoteMBRU coman 285 Local Multilink MRRU pppStatLcpLocalMRRU seccion anidar 285 Remote Multilink MRRU pppStatLcpRemoteMRRU asset agos satana Tasata otra 285 LCP AuthenticauonlpppStratLepA udi iniciados 286 ACC Map pppStatbocalEoPeerAGC Map coi tt lead 286 Peer Local ACC Map pppStatPeerTeLocalA OCMap neral 286 Local Remote PPP Protocol Comprsn pppStatLocalToRemoteProtComp ee 286 Remote Local PPP Protocol Comprsn pppStatRemoteToLocalProtComp eee 286 Local Remote AC Comprsn pppStatLocalToRemoteACComp eerte 286 Remote Local AC Comprsn pppStatRemoteToLocalACComp eene 287 Transmit Frame Cheek Seq Siz
107. 3 3 Use WAN Port 3 for secondary timing wan 4 4 Use WAN Port 4 for secondary timing wan 5 5 Use WAN Port 5 for secondary timing wan 6 6 Use WAN Port 6 for secondary timing wan 7 7 Use WAN Port 7 for secondary timing wan 8 8 Use WAN Port 8 for secondary timing e netref 1 101 Use to obtain system timing from a slave circuit Configuring the DAX 46 Access Server Administrators Reference Guide 6 DAX netref 2 102 Use to obtain system timing from a slave circuit internal 200 Use internal free run oscillator for the system clock e external 300 Not currently implemented Clock Status daxClockFailure The clock status indicates alarm conditions relating to the system clock If there are no alarms the DAX page will indicate No Alarms see figure 20 on page 45 Should one or more alarms be present an Alarms Present message will be displayed with the following list of potential clock failures figure 21 Main Reference Fail 1 The main clock reference has failed Fallback Reference Fail 2 The fall back clock reference has failed Master System Fail 4 The Master System clock has failed Secondary System Fail 8 The Secondary System clock has failed Digital Cross Connect DAX Configuration Circuit 1 Type master 1 y Main Reference wan 1 1 x Fallback Reference Jwan 3 3 2 Clock Status ALARMS PRESENT Main Reference Fail Submit Query Fi
108. 34 Dialao Modify Configuration iii daa de 134 Dial in Main WindoW cuicos 135 Static User Authentic iaa 136 RADIUS Conf SU JEOE 25 oo erred quete iio tt 136 Accounting OMAN dai in Re ce ta ar 137 DMG tit is cee 137 RIT NE NN 138 Oda IA A A E EAEE 139 Drop and Insert R di 139 How Dropand Insejt works 2 ai 140 Digital Signal Processing E N eee eee eee esee entente tnt tn eaten tn senties s enata enses sensns tasses essen senses eneen 142 A uenti ter aren dann ML A e t 144 DSP Settings main un M 145 DSP Connection Performante v nete re ente Fea ER ore eO ee Pt epe PU ae NRI Etre ee RODEO 147 DSP informati n window nece hi e ee E a ETE tete einn im iere dd 151 Kea H 154 Dutrodtctnilt tion errata e seres Ie PNIS 155 Ethernet Mam Window nete eie nene teu Oh e itecto pie tr eds 155 Ethernet Modify WIBUOW A RO 157 E 158 A NO 161 IT AN 162 Denmine dpi 162 IMG GLP ae ind 162 Ap exampleofusing a ler iaa is 167 AAA ANNO 170 Vitae LTA aes x8 nen eene ee reed lla ia 172 Access Server Administrators Reference Guide Contents 15 16 17 18 19 20 21 The Frame Relay main Ta Le ia 172 DEMI 1 Te a E E A E E OE A SSRA 174 ane p n mE 176 P H H 178 Introductio RE idea 179 Int
109. 5 155 1 6 192 155 160 41 46 Note The IP address pool is limited to 39 characters Login Technique diLoginTechnique This variable defines the login sequence that a dial up user will see The various options are defined below none 0 no login sequence is enabled e textORpap 1 This setting enables clear text logins or PPP calls using PAP authentication text 2 A username prompt is displayed and a username must be entered If the received username is a static user with no password defined then the connection completes and no password prompt is issued If a password is required then a password prompt is displayed and a password must be entered Note Textlogin with 56k ISDN and 64k ISDN is not supported e pap 3 This setting assumes that all calls will be PPP users No username or password prompt will be dis played The system will go directly to PPP processing The dial up user must be configured for PAP authen tication Note Ifthe user trying to connect to the access server is not configured for PAP he will be disconnected e chap 4 This setting assumes that all calls will be PPP users No username or password prompt will be dis played The system will go directly to PPP processing The dial up user must be configured on his computer for CHAP authentication Note Ifthe user trying to connect to the access server is not configured for CHAP he will be disconnected e chapORpap 5 This setting assumes that a
110. 79 Access Server Administrators Reference Guide 15 Interfaces Type ifType The type of interface distinguished according to the physical link protocol s immediately below the net work layer in the protocol stack The following valid interface options are available other 1 ethernet csmacd 6 e iso88023 csmacd 7 e ds1 18 el 19 e basicISDN 20 e primaryISDN 21 ppp 23 softwareLoopback 24 slip 28 frame relay 32 Admin Stat ifAdminStatus The desired state of the interface e up 1 The selected interface is ready to pass frames down 2 The selected interface is not ready to pass frames testing 3 The selected interface is being tested No operational frames may be passed in this mode Operational Status ifOperStatus The current operational state of the interface e up 1 The selected interface is ready to pass frames e down 2 The selected interface is not ready to pass frames e testing 3 The selected interface is being tested No operational frames may be passed in this mode Interfaces main window 180 Access Server Administrators Reference Guide 15 Interfaces Interface Details When you click on a Details link the type and description of the interface speed status maximum size of pro tocol data units PDUs and physical address display see figure 74 The SNMP variables for this table are ref erenced through the SNMP MIB interfaces table
111. 9 110 124 255 255 255 255 gius np 4 192 49 110 201 255 255 255 255 2 1 np 4 Add a route Destination Mask Gateway pooo o000 0000 Advanced Interface O S forwarding table Figure 83 IP Routing Information window The IP Routing Information window also has a link to the O S forwarding table where the forwarding param eters are displayed O S forwarding table window on page 203 Destination ipRouteDest The destination IP address of this route An entry with a value of 0 0 0 0 is considered a default route Multiple routes to a single destination can appear in the table but access to such multiple entries is dependent on the table access mechanisms defined by the network management protocol in use To view or modify next hop routing information for each destination click on a destination link in the Desti nation column For more information about modifying next hop routing information settings refer to IP Routing Destination window on page 205 Mask ipRovteMask Indicates the mask to be logical ANDed with the destination address before being compared to the value in the ipRouteDest field For those systems that do not support arbitrary subnet masks an agent constructs the value of the ipRouteMask by determining whether the value of the corresponding ipRouteDest field belongs to a Class A B or C network and then using the appropriate mask from table 3 Table 3 Masks 255 0 0 0 255 255 0 0
112. 942190 inetd http c http down Error 5942190 srcipgmsg c error STRERR STRHUP 5942390 inetd http c http down Error Figure 101 System Log Non Volatile Memory window Time slfTick The time stamp in 10 ms intervals of the stored message Message slfMessage Stored system log message What the System Log messages are telling you e DSP going suspect on 0x0000 An instance on this DSP transitioned into the Suspect state If an entire DSP is put into the suspect state this message will appear twice once for each instance DSP recovered from suspect on 0x0000 An instance on this DSP was in the suspect state and was placed back into the Available state because it connected on the last call DSP being rebooted due to instance consecutive failures on 0x0000 or DSP being rebooted due to total consecutive failures on 0x0000 followed by DSP group 0 HW reset This DSP has been rebooted because it was in the suspect state and then took additional calls which also did not connect successfully The DSP group refers to which group of 8 DSPs were rebooted DSPs 1 8 are in group 0 DSP error detected initiating reboot on 0x0000 followed by DSP group 0 HW reset This DSP has been rebooted because it was not responding properly to the main CPU driver code The DSP group refers to which group of 8 DSPs were rebooted DSPs 1 8 are in group 0 System Log Non Volatile Memory 248 Chapter 22 T1 E1 Link Chapter contents A e e
113. A RADIUS provides three network services known as authentication authorization and accounting or AAA These services give network managers an easy way to Identify remote users and control which users can access the network authentication Define what each user can do by controlling access to network resources authorization Track what resources each user consumes in order to bill them for services accounting RADIUS login procedures combine authentication and authorization services to provide security functions Authentication is essentially a login procedure involving a username and password the process by which the net work validates a dial in user s identity distinguishing a legitimate user from a malicious or mischievous hacker RADIUS supports multiple authentication protocols including password authentication protocol PAP and chal lenge handshake authentication protocol CHAP RFC 1994 MS CHAP V1 REC 2433 and MS CHAP V2 RFC 2759 as well as Unix login PAP and CHAP are specified within the point to point protocol PPP authen tication procedures RFC 1661 To prevent interception by snoopers on the network RADIUS encrypts user passwords for transmission between client and server A RADIUS authentication server will respond to requests from known clients and discard requests from unknown clients Before authenticating any users the NAS your Patton RAS must validate its own identity by authenticating with the RA
114. Add entries nl Figure 87 Address Translation Information window Interface ipNetToMediaEntry Each entry contains one IP address to physical address equivalence Net Address ipNetToMediaNetAddress The IP address corresponding to the media dependent physical address Physical ipNetToMediaPhysAddress The media dependent physical address Type ipNetToMediaType The type of mapping Setting this object to the value invalid 2 has the effect of invalidating the corresponding entry in the ipNetToMediaTable That is it effectively disassociates the interface identified with said entry from the mapping identified with said entry It is an implementation specific matter as to whether the agent removes an invalidated entry from the table Accordingly management stations must be prepared to receive tabular information from agents that corresponds to entries not currently in use Proper interpretation of such entries requires examination of the relevant ipNetToMediaType object other 1 none of the following invalid 2 an invalidated mapping e dynamic 3 created by access server static 4 created by administrator Address Translation Information 207 Chapter 17 MFR Version 2 Chapter contents A laos 210 MER Version mali ide A 210 Line Srenallimg nai 210 Countrys dme Se OUO ere ee eet eee Le DA LI eU LE Les 210 Ide Coke Cie Sie T code eeu RU EU EEUU E III 211 T ll o ec meet UR Ped iO Es 211 Back Acknowledg
115. Bidirectional Polling pertains only to the Network LMI side If enabled the Network LMI issues STATUS ENQUIRY messages and waits for a STATUS reply from the User Polling Verification T392 frDlemiPollingVerification Polling Verification pertains only to the Network LMI side It is the amount of time permitted without receiv ing a STATUS ENQUIRY message from the User before Counting an Error DLCI window The Data Link Connection Identifier DLCI provides each PVC with a unique identifier at both the access server and the Frame Relay switch Within each link DLMI there can be multiple Permanent Virtual Circuits PVC Each of these PVCs are point to point links to remote locations and define the data path between the access server and the Frame Relay network Within each DLMI are one or more Data Link Channel Identifier DLCIs This is the identification of a PVC within the Frame Relay link There will be at least one PVC automatically installed This is the management DLCI or LMI This DLCI often DLCI 0 is the communication channel between the access server and the Frame Relay network switch This management channel communicates configuration and health information of the Frame Relay link See figure 72 DLMI1 s Configuration View Statistics View DLCI Interfaces State Committed Burst bits Excess Burst bits Throughput bps IP Address Congestion 0 0 Enea y o o fo 0 0 0 disable 1 Submit 100 2 E
116. ConnectPostV8 The number of calls that failed to connect after V8 modulation was completed Remote Retrains dspTotalRemoteRetrains The number of times the remote modem has asked for a retrain to be done Remote Renegotiates dspTotalRemoteRenegotiates The number of times the remote modem has asked for a renegotiation to be done Local Retrains dspTotallocalRetrains The number of times the local DSP has requested a retrain to be done Local Renegotiates dspTotallocalRenegotiates The number of times the local DSP has requested a renegotiation to be done Suspect A Transitions into suspect state dspTotalWentSuspect The number of times an instance went into the suspect state An instance will go into the suspect state when it fails to complete several calls in succession Suspect B Recoveries from suspect state dspTotalSavedFrom Suspect An instance in the suspect state will recover from the suspect state as soon as it successfully takes an incoming call Reboot A Reboots due to consecutive fails dspTotalRebootDueToFails The number of times a DSP has been rebooted because it was in the suspect state and then took additional calls which also did not connect successfully Reboot B Reboots due to error detection dspTotalRebootDueToError The number of times a DSP has been rebooted because it was not responding properly to the main CPU driver code DSP Connection Performance 148 Access Server Administrators
117. DIUS server using a common shared secret The shared secret is a text string configured on both the RADIUS client and server and is never sent across the network in its pure original form During authentication the RADIUS server sends a random number to the NAS which is combined with the shared secret using a hash code algorithm RSA Message Digest Algorithm MDS and then sent back to the RADIUS server The RADIUS server will decode the received message for validation against its own copy of the shared secret The RAS will disconnect users that fail to authenticate with the RADIUS server Authorization is the process of restricting and enabling what each user can do RADIUS servers are responsible for knowing which services and privileges a given user may legitimately access for example PPP SLIP Telnet rlogin and returning that information to the communications server when the user successfully authenticates Accounting is the process of collecting and reporting statistics The RADIUS accounting server collects and stores the statistics sent by RADIUS clients and responds to client queries for statistics These data include user login times and durations packets sent received bytes sent received and so on and may be used for billing traffic and performance analysis and troubleshooting Configuring a RADIUS server 308 Access Server Administrators Reference Guide C Technical Reference RADIUS Authentication Procedure The proce
118. DL exchange recommended by ANSI e dsx1Att 54016 3 Refers to ESF FDL exchanges e dsx1Fdl none 4 Indicates that the device does not use the FDL Note This is valid for T1 only Signalling Settings This portion of the WAN Circuit Configuration window contains information described in the following sections Signal Mode dsx1SignalMode none 1 Indicates that no bits are reserved for signaling on this channel e robbedBit 2 Indicates that T1 Robbed Bit Signaling is in use bitOriented 3 Indicates that El Channel Associated Signaling is in use e messageOriented 4 Indicates that Common Channel Signaling is in use either on channel 16 of an El link or channel 24 of a T1 WAN Circuit Configuration Modify 261 Access Server Administrators Reference Guide 22 lt T1 E1 Link Robbed Bit Signalling Protocol linkSignalling This variable determines which robbed bit signalling technique is used The techniques designated OFFICE are used to simulate the central office site These allow back to back connection of access servers This is set only when the signal mode is robbedBit 2 linkGroundStart 1 linkLoopStart 2 linkOfficeGroundStart 2 linkOfficeLoopStart 4 e linkEMWinkStart 6 linkEMImmediateStart 7 linkTaiwanR1 8 Message Oriented Switch Type linklsdnSwitchType This object allows the selection of the ISDN variations on the ISDN protocol depending on the brand of switch to which the
119. DP port number for RADIUS accounting from 1646 conflicting with sa msg port service to 1813 The April 1977 standards have been widely implemented and remain extensively deployed in public and private networks In June 2000 IETF published a third revision of the RADIUS standards RFC2865 and RFC2866 RFC 5865 defined congestion control mechanisms to solve performance problems sometimes encountered when the ear lier standard is deployed in large scale networks RFC2866 defined additional accounting features Patton remote access servers RAS support the April 1977 standards for RADIUS RFC2138 and RADIUS Accounting RFC2139 The RADIUS attributes Patton RAS supports are listed in Appendix A of the Access Server Administrators Reference Guide available online at htip www patton com manvals AccessServer_Admin D_lo res pdf Configuring a RADIUS server 309 Access Server Administrators Reference Guide C Technical Reference RADIUS Where Can Get It RADIUS available for free Microsoft s RADIUS implementation for WindowsNT is called IAS and comes included with the Win dowsNT operating system Another freeware option is WinRADIUS available at hitp www itconsult2000 com en product WinRadius himl A few of the many freeware implementations of RADIUS for UNIX are available on the Internet at the links below Product URL FreeRADIUS http www freeradius org Cistron hitp www radius cistron nl GNU RADIUS http www
120. E 252 TIE Link Ac man O sete er ERO GG ERR RECEN SNR UI EN eee EI ERA ENSE REA ERR UR 253 ipis ese Tome lel ombre er sene dem ecc c e ree DL RSS Oe red 253 LX AH ET ai E A E NOIE TEONE OE OEN TEE 253 MAS lC ireuitidentitien eee eet ue EUM E E N E 254 IE UM RE 254 Physical Line Alarms dE ecce e eer RERO Rene tee TERANA 254 inser Sua batur ci ur eeu e Md rr LT ETE 254 E od cato SeA SY ale eee ER LU MIS tes a 255 Los OF Frame A testcase Sasha eee eee enue ed au ae ta ese eee 255 AU St gh T a E MM 255 Loopback Pseudo Failure no cnn ee Pepe E rea eee IIS 255 JE Mei E ra Ere E N OE N A 2 25 Loss AOE Molubrame Bal atlas 255 Far Bnd Loss OF Multiitame Failure ais 255 SON Sienna Alarms inb SIsRalS titus ia 256 SNMP MID e treten Emme t cC E a eSI abd tera 256 Mines ery gh D rid as Pe ee arp E meis ede eee 258 Tine Elapsed else Times dl cin n E aa 258 Valid Tareryals dsx Valdi nren S AA 258 EU Nodi r ee TT 259 IE P NT 259 STEEL Crd e E E a to E Mat Sone etes Eee celo decida 259 pre wpe da Dane e 260 Line Codina Ca ETT Wi recede e uc ere are erect 260 Recone equalizer lirbelteb ol A oo 260 EmeBula Out RTE uncut LU eec eee 261 Yelow Alar Formar link Yellow bo rsnax o ee trot BR EN 261 PDL dIE DI ee Saad Saas ea race A TE acta Sea soa ae aes desea teas ta eee acdc ed A REE 261 e eee eA eA AD do eer 261 Signal Made delirar aaa cias 261 T Signalling Protocol alaridos 262 Message Oriented Switch Type linklsduSwacch lype io UE 262
121. E ak ce Oy cae N E 228 Out Packers Gamp Ouke di 228 Error Status Too Dig sompllucloobigs ica iaa 228 No Such Names snimpOutNaSuchiN anneg oett eee teret tete teet etii aii 228 AE Values eec ee tro D Me Te 228 at Tror anp Outa en M T T 229 Gar uc cy aimp BED PC ML 229 Ger Next Requests snmp Ol mets cb 1 aida 229 Set Requests amp Outset Regut cod E 229 Ger Reponse sump ura T i ter 229 Tape amp a a c eer a e E E E EA E N N ETA 229 Authentication Failure Drapsteamplbabledurhen Dep tion tete dedic 229 225 Access Server Administrators Reference Guide 19 SNMP Introduction The access server provides management and statistical information on SNMP Detailed information on the SNMP MIB variables are found in RFC 1213 Management Information Base for Network Management of TCP IP based internets MIB II Select SNMP from the access server Configuration Menu to monitor SNMP statis tics Click on SNMP under the Configuration Menu to display the SNMP window see figure 93 SNMP see Display Corporate MIB Display Enterprise MIB Display Product MIB In Out Packets 102 Out Packets 98 Bad Versions 0 Error Status Too Big 0 Bad Community Names 4 No Such Names 1 Bad Community Uses 0 Bad Values 0 ASN Parse Errors 0 Generated Errors 0 Error Status Too Big 0 Get Requests 0 No Such Names 0 Get Next Requests 0 Bad Values 0 Set Requests 0 Error Status Read Only 0 Get Responses 98 Generated Errors 0 Trap
122. ERE Eet 281 MRU ppp ina ibl LE 281 Links Compresion pp Linc T cocoa ce UU NU e eae 281 Allow Magic Number Negotation pppDefaultMagicNumber cacon centenaria 281 Compresion DP Dea pompes oer oe a 282 PEP Das WORdOW eee ERES T 282 EIDEG Sttsucs on Dnk ensure 282 Treo o C E NON 282 Staus trame ota se doe orien eee eec DU HM CU Ne UC E ne 282 TRAINS NATO Gabe pe Uu CO Cte Ea oerte rte eee reete Ree ED RI Ee 282 RECENT h Re IUueemeerL M Nee IM LL Len ID ILI E 283 No Buffets Available framerelRxNoBufterAyailable 5 center ener nnne tnter ornnes 283 Dara Overtlow am RI Darn Over NOn ceret ette tee eU TENUES 283 Message Ends a cL Po e TU SEE iii soii 283 Packer Too Lone rana oec e le eec LAS 283 Overtlosv ratmerel A oe ders aer hu La vete nU E Cc DUE UR HU ee 283 boream SE ceri ear M md Mr MEM cei 283 Barr HEE L e oo A TE 283 Inyalid Frames camere dia il A Ree 283 Al saddle prunes a e DAD io ue eet o dames tee det econ M SLM AUC eee ed 283 MUNK Resets framer Reet a 283 i o CA 283 PPP protocol pppDesired Function A ai 283 Authentication Technique ppputhentieationlechnicue er aee menie eerte 283 276 Access Server Administrators Reference Guide 23 Sync PPP Authentication Side pppAuthenticationSide inicias eee nani 284 Authentication Username pppAuthentication Username vinci 284 Authentication Password pppAuthenticationPassword eee 284 Security Level ppp amp ccessLevel i iia is did
123. Guard Tone modemGuard Tone icon nina 122 Carrier Loss Duration modemCarrierLossDuration cccsccccssesssssccescesesscsesccssssnsesecesssusesecesseaseeseseseases 122 BettainimiodemBettall nui ira i 122 Transmit Level modem xLevel mnot 1n idea 122 Protocol modembrotocol ada 122 Access Server Administrators Reference Guide 8 Dial Out Compression nodemCGonaptesstan cin adas 122 Billing Delay miodembillineD lay 2 GU rrr RE HR HERE E den 123 Stars modestos secessit cette certet o id 123 View modem prole 2256 aid 123 IDial Out User Statistics Wand owe meer vec terrai pain PURO cR ERU PU 123 alle eh Catt Git su dere cerner quee ceret Dira eta e eb E ig vested ones cried 124 Gal oath tides s a ee Eire eb n ti cb ec et vasti eerte ico Eat 124 Username dodct Username 2 eerie tes etre rre trt erepti s PR coe Ta 124 Password 4 dodctassword 2 tanien b eee NEAN MU 124 Shared Unique ID doactMul lndexz ie eo ree eite etie eee Gee eene 124 Dip Link doactDSPEdex occ EX HR ERE ERE Fa ERE PER ERIT RR ETUR EUR RES 125 Wan Tanke fbr 0 E dh rio 125 Time Slot doaetSlotindez o cbe ais 125 DDoAddresetdodosll caius iris 125 EIS S a NN 125 Start time of call doactSessionStart Time eese nnne nennen nennen ea aaia an 125 Time Call Is Was active doactSession Time cccsssecccssessostscvsseccessstescstesessscecocsercecsscesssesessusserectcevoossers 125 Minutes nti timeout doactRemamingldle 2
124. IESI 78 Adda DNIS Groupi iaa 78 DNS Entry Window cote ere redet reae tate heb CU pes EAT bata pe o en OR ee ERR prae A rea aite G 79 WAN Link dnisPoolDesreWan bird 79 Called Calling Number dnisPoolDesrcDialedNumber eene 79 Access Server Administrators Reference Guide 7 Dial In DNIS jprotile dmisPoolAssigmed Profile cinc iii een 79 Status dnisPoolStatu 5 ios 79 NUS Proteo e oe petunt da EI 80 DNIS Profiles Main Window dedi ee dd dn eiie ree Ede 81 WD dail pP re ri D 81 IP Pool dnisPromleAssipmed pV ool tract iia 81 Login Technique dnisProhleLogin Technique air dina 81 DOV BS duisProtleDONB SS usina dd sthea Sean etes cese etes teet ere tete tei cen rete edens 82 Service Port dnisProfileServicePort 1 etie ttn adan sabe d ose Naag 82 Service IP doisProltleSetvice D 5 sch nite ee ici 82 Telnet Userid diusProbileTelnetUserid eee tec reete tee trot etr ete en berto 82 Telnet Mode dnisProfileTelnetMode cccsccscscscscsccccssseccsccccessccecsscscccsoccsessessscscecsessecescsensseseeseseeeace 82 Status dnisIpProfileStatus ocn a da 83 Adda DNIS Profile eet eintreten e eiie enu eis 83 DNIS Profile Entry Window tati RE SR e EN ees eere te regt ad Ie ei eot e ee ER P Pepe dis 83 JP Pool dnisProlileSAssienedlpD60l sirisser siise iai dis 83 Login Technique dnisProlileLogin Technique tetti sai 83 DOV BS fepisProfilebO BS dios 84 Service Po
125. IONS Record Current Configuration J Set Factory Default Configuration Figure 5 Immediate Actions buttons Record Current Configuration clicking this button causes the current configuration to be stored in FLASH memory Any changes made to the access server configuration are stored in non volatile RAM This allows the user to set the box up with a running configuration before committing it to FLASH Configura tion changes become permanent when you select Record Current Configuration You will lose all changes not stored to FLASH the next time the access server is re booted Hard Reset this button causes the access server to perform a cold restart When you select Hard Reset the access server confirm that you want to execute this command Then the access server will disconnect all current sessions re initialize the interfaces and re load configuration parameters from FLASH Set Factory Default Configuration this button clears out the configuration in FLASH and loads the fac tory default parameters into FLASH memory The factory default settings will not execute on the access server until it is re booted Note Set Factory Default Configuration will delete any routing information the access server s Ethernet IP address and any other site specific settings made for your particular installation You will have to re enter the access server s Ethernet IP address and netmask using the front panel control port in order to use th
126. L Udo TE etu se dt 222 Address rima Ti Con Addres id EE 222 A a ee a E M A E TA 222 Authentication Type ap IR ostAutbl K aaa 222 A a A ee e cie e EE E EM 222 Send rip T e H o eee e he eet mba e as eere e E E LM 222 A oerni T oaea a UU E T NE IINE II Ires 223 Merne trp HCO DaN conet E E E eeh e teo E 223 o E iL ger 223 SRTR ETE a E E SE EA E ANE 223 Subnet DP Address aprestos 223 Mba e o rote 223 Bad Retrato ere 223 Sent Updates palas eau rita 224 o E S a e p e tco e e eR CL MEE 224 219 Access Server Administrators Reference Guide 18 RIP Version 2 Introduction The RIP Version 2 main window see figure 90 describes routing information as defined by the Routing Information Protocol RIP All object identifiers described in this chapter comply with those contained in RFC 1389 RIP Version 2 MIB Extension RIP Version 2 Route Changes Made 9 Responses Sent 4 Configuration Statistics Address Send Receive 109 168 15 19 ripVersion2 4 rip2 2 Add a RIP address Figure 90 RIP Version 2 window Click on RIP Version 2 under the Configuration Menu to display the RIP Version 2 main window RIP Version 2 main window The RIP Version 2 window describes routing information as defined by the Routing Information Protocol RIP The window also contains the following links Statistics xxx xx xxx xxx Clicking on the link under the Address column displays the RIP Version 2 Sta tus window see RIP V
127. MP sends the parameter problems message if the gateway or host has discarded the whole packet Source Quenchs icmplnSrcQuenchs icmpOutSrcQuenchs The number of ICMP source quench messages received sent A gateway will discard packets if it cannot allo cate the resources such as buffer space to process the packet If a gateway discards the packet it will send an ICMP source quench message back to the sending device A host may send this messages if packets arrive too fast to be processed or if there is network congestion The source quench message is a request to reduce the rate at which the source is sending traffic If the access server receives a source quench it will wait for acknowledg ment of all outstanding packets before sending more packets to the remote destination Then it will begin sending out packets at an increasing rate until the connection is restored to standard operating conditions Redirects icmplnRedirects icmpOutRedirects The number of ICMP redirect messages received sent A gateway sends a redirect message to a host if the net work gateways find a shorter route to the destination through another gateway Echos icmplnEchos icmpOutEchos The number of ICMP echo request messages received send The ICMP echo is used whenever one uses the diag nostic tool ping Ping is used to test connectivity with a remote host by sending regular ICMP echo request pack ets and then waiting for a reply Received echos icmpInEchos wil
128. Modify The System Log Modify window see figure 99 displays syslog and SNMP trap daemon locations priority and maintenance information SYSTEM LOG Daemons SysLog Daemon IP Address 0 0 0 0 SNMP Trap Daemon IP Address 0 0 0 0 Priority Min Priority for SysLog Daemon priorityDisable 1000 Min Priority for Console RS 232 Min Priority for Flash Storage prioritySystem 80 Min Priority for SNMP Trap Daemon gt o Min Priority for RAM s priorityOddity 40 Uni Facility Call trace Maintenance Maintain Flash Storage syslogFlashOK 0 J Figure 99 System Log Modify window Daemons This portion of the System Log Modify window contains information described in the following sections Syslog Daemon IP Address syslogDaemonlP The IP address of a host system which is running a syslog daemon System messages with a priority greater than or equal to Min Priority for SysLog Daemon will be sent to this IP address SNMP Trap Daemon IP Address syslogTraplP The IP address of a host system which is running a SNMP trap daemon System messages with a priority greater than or equal to Min Priority for SNMPtrap Daemon will be sent to this IP address Priority This portion of the System Log Modify window contains information described in the following sections Min Priority for Syslog Daemon syslogDaemonPriority System messages which have a priority equal to or greater
129. N Call ID diactindex v90 7 45333 v90 7 49333 v34 4 28800 v34 4 24000 v34 4 28800 v34 4 26400 v34 4 26400 v34 4 26400 v34 4 26400 v34 4 28800 v34 4 26400 v34 4 33600 isdn64 9 64000 isdn64 9 64000 isdn64 9 64000 isdn64 9 64000 v34 4 26400 isdn64 9 64000 isdn64 9 64000 v90 7 50666 Figure 23 Dial Modulations window 24000 24000 28800 26400 28800 26400 19200 28800 24000 31200 28800 31200 64000 64000 64000 64000 24000 64000 64000 24000 v42 2 v42bis 2 0 v42 2 v42bis 2 O v42 2 v42bis 2 1 v42 2 v42bis 2 1 v42 2 v42bis 2 1 v42 2 v42bis 2 0 v42 2 v42bis 2 O v42 2 v42bis 2 1 v42 2 v42bis 2 0 v42 2 v42bis 2 5 v42 2 v42bis 2 1 v42 2 v42bis 2 0 none 1 none 1 0 none 1 none 1 0 none 1 none 1 0 none 1 none 1 0 v42 2 v42bis 2 0 none 1 none 1 0 none l none 1 0 v42 2 v42bis 2 0 Unique identification of this active call for internal use Username diactUsername The caller s username State diactState Indicates current progress of the selected call Le ASQ L L TO E Ae OC Cua Om QU t QA SOLO OC CORRO TOO O TE FUNDO TRONO a Ona C O O GO OOO GG O OF 0 00 KA ot Ringing The call has been recognized by the access server and is in the process of going off hook Connecting The access server has assigned a DSP to the incoming call and is now in the process of nego tiating the type of modulation V 34 V 32 I
130. Object Changes 14 Chapter 2 Home Chapter contents Os a ECRIRE et EIE 16 Operating Status Variables td 17 Aawe CMs P L A E a 17 Pala al ada TUER 174 Total Calls ddi Taal C all ttenptsl ee A 34 IE Noe proe hes Mailed ecc eet keen qose dL eee LM bleue etu e te E er 17 Total DRAM Detected ale a 14 Running Since Last Door test plum c r cec e Leni UID ERN 17 A des 18 15 Access Server Administrators Reference Guide 2 Home Introduction This chapter describes the HOME window the first Administration Page that you see after logging into the access server see figure 3 From HOME you can monitor current system status modify the Static User data base save any system changes or reset the system without power cycling the server Note Clicking on the HOME link in the Configuration Menu pane will return you to the HOME page from any other page The HOME window is divided into two panes the Configuration Menu pane and the configuration informa tion pane see figure 3 The Configuration Menu contains the links to the various access server subsystems while the configuration information pane is where you can view status and other information or make changes to the system configuration Unlike the Configuration Menu pane which looks the same no matter which sub system page you may move to the configuration information pane contents will change as you move from one subsystem page to another Configuration Menu pane
131. P and HTTP Version snmpvi 1 Super User Password No Access User Password monitor Web Page Refresh Rate rateSsec 5 Manufacturer Serial Number 10 30 01 PCB Revision 3 General Information Message Blocks Packet Holding Message Blocks Total 53124 Free 50931 Total Time Waited D Total Times Unavailable O Figure 94 System main window SNMP and HTTP Manufacturer and Message Blocks System main window From this window you can view SNMP and HTTP manufacturer and message block information The main window also has the following links e Modify click on this link to change SNMP and HTTP payable features country of installation and other parameters see System Modify window on page 237 Packet Holding Message Blocks click on this link to view message block statistics see System Packet Holding Message Blocks on page 239 This section describes certain CPU utilization parameters SNMP and HTTP This portion of the System main window contains information described in the following sections see figure 94 on page 232 Version boxSnmpVersion This parameter indicates the SNMP version number supported by this unit for example sampv1 1 means SNMP version 1 is supported SNMP2 is not currently supported Introduction 232 Access Server Administrators Reference Guide 20 System Super User Password boxSnmpMasterPassword This displays the super user password for SNMP a
132. PDUs that have been generated by the SNMP protocol entity Traps snmpOutTraps The total number of SNMP Trap PDUs that have been generated by the SNMP protocol entity Authentication Failure Traps snmpEnableAuthenTraps Indicates whether the SNMP agent process is permitted to generate authentication failure traps The value of this object overrides any configuration information as such it provides a means whereby all authentication failure traps may be disabled enable 1 disable 2 Out 229 Chapter 20 System Chapter contents Ip ars A E CON OOO TOO 232 System oA WIBdQW oc NRI DUO UN UH EMIN EMIL 292 e A Md e d UM M RM TEE A EA 232 LIA A aii 232 Super User Password boxSnmpMaster Password icon eret Ea 233 Ween Password boxSomp Monitor ass word reee tiet EL M Ricans eons ase eect pores eee 233 Web Page Refresh Bate bux WebRefreshRate ccce et eeeRROERUSPRORH RUSSIE 233 DDI Ci ei ot em e cer T T nr Lr HM Tm M 233 Serial Number boxManufacture Datecode iaa 233 PCB Revision box Manuiachuter cle vision a a 233 General Information boxManufactureGeneralInfo aaa 233 huc Mus mE 233 ad N iesca e Bor E eet up EMEN 233 Toral thoxbise Bikes anfiouredi sone att 233 estos MesBlla T 233 Metal Kime Waited box oun ies bik lank Watt iaa 233 Total Times Unavailable boxCountMesgBlkUnavaila bl cert tette 233 Operating System Heap MEMO iris metre eee at e eerie rete teres er eene inan 234 Total Size cucuceuetete SERIO UR ii
133. PPP Protocol Comprsn enabled 1 disabled 2 AC Comprsn enabled 1 enabled 1 Frame Check Seq Size 2 1 2 Figure 38 User Statistics PPP Statistics LCP Statistics IP Bad Address diStatBadAddresses The number of packets received with an incorrect address field Bad Controls diStatBadControls The number of packets received on this link with an incorrect control field Packets Too Long diStatPacketTooLongs The number of received packets that have been discarded because their length exceeded the maximum receive unit MRU Note Packets that exceed the MRU but are successfully received and processed anyway are not included in this count Bad Frame Check Sequences diStatBadFCSs The number of packets received on this link with an incorrect control field LCP Statistics This portion of the Dial In User Statistics window see figure 38 on page 95 shows LCP statistics of the cur rent user selected Local MRU diStatLocalMRU The current value of the MRU for the local PPP entity This value is the MRU that the remote entity is using when sending packets to the local PPP entity This setting becomes active when the link is in the zp able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 Dial In User Statistics window 95 Access Server Administrators Reference Guide 7 Dial In Remote MRU diStatRemoteMRU The current value of the MRU for
134. Query Figure 33 DNIS Profiles window ID dnislpProfileld The ID that uniquely identifies the DNIS profile IP Pool dnisProfileAssignedlpPool The ID of the IP Address Pool that will be used to select an IP address for the dial in user The IP Pool is con figured using the DNIS Ip Pool link Login Technique dnisProfileLoginTechnique This variable defines the login sequence that a dial up user will see The various options are defined below none 0 no login sequence is enabled e textORpap 1 This setting enables clear text logins or PPP calls using PAP authentication e text 2 A username prompt is displayed and a username must be entered If the received username is a static user with no password defined then the connection completes and no password prompt is issued If a password is required then a password prompt is displayed and a password must be entered Note Text login with ISDN is not currently implemented e pap 3 This setting assumes that all calls will be PPP users No username or password prompt will be dis played The system will go directly to PPP processing The dial up user must be configured for PAP authen tication Note Ifthe user trying to connect to the DMA is not configured for PAP he will be disconnected Manage DNIS Window 81 Access Server Administrators Reference Guide 7 Dial In e chap 4 This setting assumes that all calls will be PPP users No username or password prompt wil
135. RA 100 soo toos Ez 168 1 3 enable 0 Submit Add DLCIs DECKS 4 gt Cormmmitted Burst Excess Burst A Throughput IP Address i Congestion o o o o fo 0 0 0 enable 0 Submit Query Figure 72 DLMI Configuration View window DLCI window 176 Access Server Administrators Reference Guide 14 Frame Relay DLCI frCircuitDlci The Data Link Connection Identifier DLCI for this virtual circuit Note DLClIs can automatically appear if your Frame Relay Service provider has already configured your link In this case all you will need to enter is the IP address of the router at the far end of the link Interface FramelPInterfaceNum The interface number assigned to a DLCI This is a variable number which is assigned from a resource pool within the access server State frCircuitState This is the state of the interface with the following definitions invalid 1 Use this setting to delete DLCT s on your access server s configuration view To delete a DLCI simply set the state to invalid 1 and Submit Query Note A deleted DLCI will reappear if your service pro vider s Frame Relay switch is still configured to recognize that DLCI This occurs after a Frame Relay Full Status Enquiry e active 2 The link is up and passing data This is the desired condition of the link invalid 3 The link is down and not passing data Reasons for this may be your service provider hasn t enabled your service or the l
136. Reference Guide DSP Connection Totals 11 Digital Signal Processing DSP This portion of the window see figure 62 shows statistics on a per DSP basis Remote Local Suspect Reboot Index Good No Modem Failed Neg Retrain Reneg Retran Reneg A B A B DSP CONNECTION TOTALS DSP Connects N43 1 1 11 Pul 0 0 13 346 0 0 26 4 40 1 0 19 ENI39 0 2 31 50131 0 2 32 EMI 0 1 24 EN39 2 0 23 9 41 0 0 34 10 40 3 3 28 EN 0 1 15 pg 10 5 33 13 38 0 6 24 14 34 1 3 11 HUN 5 1 4 20 16 41 0 0 51 Bag 2 2 12 18 40 0 3 28 H28 59 1 2 23 20 41 0 2 16 2137 2 3 29 EXNI35 1 0 11 23 39 4 0 8 24 38 1 3 14 Figure 62 Connection Summary portion of DSP Connection Performance window DSP Index dsplndex 80 66 104 194 202 137 257 120 110 125 114 130 92 174 136 210 159 81 82 92 340 62 229 87 15 8 14 64 30 21 33 4 18 14 9 17 20 17 23 20 11 13 12 29 19 17 8 9 12 13 32 19 71 65 23 88 35 22 68 44 45 97 28 70 92 18 48 6 s 12 184 38 oo oo goaqno oo 0000000000000 OO oo 68 oo 2 02 0 ooo oOo Oo E Oo oooO ono co ono 90000000000 O 00 ooo oo amp ooo co co ER EE C ET EE T E H G EE IE E E ET CL E ae The unique identifier of the DSP being reported on Clicking on the DSP Index link displays detailed informa tion about the DSP see section DSP information window on page 151 Connects Good dspSuccessfulConnects The number of calls that successfully co
137. Reference Guide 22 e T1 E1 Link Bursty Errored Seconds dsx 1FarEndTotalBESs The number of far end bursty errored seconds BESs encountered by a DS1 interface in the previous 24 hour interval Degraded Minutes dsx1FarEndTotalDMs The number of far end degraded minutes DMs encountered by a DS1 interface in the previous 24 hour interval Using Non Facility Associated Signaling NFAS NFAS allows PRIs to be fully utilized by increasing the number of data channels Now PRIs can have 24 B channels for data rather than the traditional 23 B channels for data and a D channel for signaling The telephone company can configure a group of PRIs to share a single D channel In that group of PRIs one PRI will contain a D channel and 23 B channels The other PRIs in the NFAS group will have 24 B channels The request for an in bound call now contains an interface identifier that indicates for which PRI in the NFAS group the call is destined The NFAS group cannot span multiple remote access server units Each RAS must have at least one PRI con figured with a D channel Configuring NFAS NFAS only impacts the configuration of the signaling settings The line interface settings do not change with an NFAS implementation Example 1 The RAS hosts 2 NFAS groups each containing 2 PRIs WAN 1 will have the PRI with the D channel WAN 2 will have the second PRI for that group WANs 3 and 4 will contain the second NFAS group Signal setting for each WAN
138. Routelnfo A reference to MIB definitions specific to the particular routing protocol which is responsible for this route as determined by the value specified in the route s ipRouteProto value If this information is not present its value should be set to the OBJECT IDENTIFIER 0 0 which is a syntactically valid object identifier and any conformant implementation of ASN 1 and BER must be able to generate and recognize this value IP Routing Destination window The IP Routing Destination window see figure 86 shows next hop routing information Clicking on a Desti nation in the IP Routing Information window displays this window ROUTE DESTINATION 192 49 110 0 Mask 255 255 255 0 Interface 1 5 Protocol local 1 Seconds Since Updated 508023 Tag 0 Gateway pana Cost a 77771 State Figure 86 Routing Destination window Route Destination ipRouteDest The destination IP address of this route An entry with a value of 0 0 0 0 is considered a default route Multiple routes to a single destination can appear in the table but access to such multiple entries is dependent on the table access mechanisms defined by the network management protocol in use Mask ipRouteMask Indicates the mask to be logical ANDed with the destination address before being compared to the value in the ipRouteDest field For those systems that do not support arbitrary subnet masks an agent constructs the value of the ipRouteMask by de
139. SDN or 56K e LepNegotiate The link is negotiating LCP parameters Authenticating T he access server is in the process of verifying the user s password by using static or RADIUS authentication Dial Modulations window 57 Access Server Administrators Reference Guide 7 Dial In e Online The access server has completed authentication and the user is now able to access the Internet I2tpTunneled Subsequent multilink call that was answered by another access server and tunneled to the access server that has the originating call e Kill The administrator can manually disconnect the user by activating this parameter e Dead The user s call has been disconnected This message disappears when the linger time expires Bury The call has been killed and removed from the dial in main window DSP Link diactDSPIndex The physical DSP chip that the user s call is on This is a number from 0 to 59 Connection Modulation diactModulation The modulation type of the modem link for example V 34 The modem link can have these modulation or data types unknown 0 e v21 1 V 21 modulation v22 2 V 22 modulation y32 3 V 32 modulation e v34 4 V 34 modulation e k56 5 K56 Flex modulation x2 6 X 2 modulation e y90 7 V 90 modulation e vll10 8 V 110 modulation isdn64 9 ISDN 64 modulation e isdn56 10 ISDN 56 modulation e 12tp 11 12tp tunnelled multilink call e phase
140. Seconds 0 Severely Errored Frame Seconds 0 Unavailable Seconds 0 Controlled Slip Seconds Line Errored Seconds Path Code Violations Bursty Errored Seconds Degraded Minutes oo cc fo Figure 114 Far End Performance window Errored Seconds dsx1FarEndTotalESs The number of far end errored seconds encountered by a DS1 interface in the previous 24 hour interval Severely Errored Seconds dsx1FarEndTotalSESs The number of far end severely errored seconds encountered by a DS1 interface in the previous 24 hour interval Severely Errored Frame Seconds dsx 1FarEndTotalSEFSs The number of far end severely errored framing seconds encountered by a DS1 interface in the previous 24 hour interval Unavailable Seconds dsx 1 FarEndTotalUASs The number of far end unavailable seconds encountered by a DS1 interface in the previous 24 hour in 24 hour interval Controlled Slip Seconds dsx 1FarEndTotalCSSs The number of far end controlled slip seconds encountered by a DS1 interface in the previous 24 hour interval Line Errored Seconds dsx1FarEndTotalLESs The number of far end line errored seconds encountered by a DS1 interface in the previous 24 hour interval Path Code Violations dsx 1FarEndTotalPCVs The number of far end path coding violations reported via the far end block error count encountered by a DS1 interface in the previous 24 hour interval Far End Line Statistics Totals 273 Access Server Administrators
141. Statistics window 90 Access Server Administrators Reference Guide 7 Dial In Time Left In Session diactRemaining Session Number of seconds remaining in this session This value is only displayed if session timeout has been activated Termination Reason diactTerminateReason The reason a call was disconnected stillActive 0 Call is currently connected idleTimeout 2 Call exceeded idle timeout parameter killed 3 Call terminated by administrator userHangup 5 DSP discovered remote modem was hung up abruptly Examples could be that the phone line was pulled out of the wall jack or the user terminated the communications without closing the connec tion down If the modems are unable to bring up the physical line by successfully negotiating the modula tion userHangup will be registered if the remote modem gave up trying to complete the call modemCanNotConnect 6 The modems are not able to bring up the physical line by successfully negotiat ing the modulation The remote access server has given up trying further to complete the physical connection pppClose 8 This termination reason will be given after PPP is initiated and the connection is discon nected An example would be if LCP negotiations failed Another cause could be if the bundlehead in a multilink call is terminated before the tunneled call is termination lcpClose 9 Close initiated by LCP normal shutdown of call loginTimeOut 10 Exceeded login timeou
142. The following rates are supported 600 1200 2400 3600 4800 7200 9600 14400 19200 38400 4800 and 56000 V 110 and its data rate is determined via the bearer capability information element or the lower layer compatibility information element in the ISDN SETUP message as defined in the Q931 specification Limitations e 56000 only supports PAP and CHAP MS CHAP v1 and MS CHAP v2 authentication All other data rates support text PAP or CHAP e 56000 only supports a synchronous connection all other data rates support both synchronous and asyn chronous connections Note IfV 110 is disabled and a V 110 call comes in the call will be terminated and V110 disabled will be displayed on the dial in screen as the disconnect rea son V 110 diV1 10Enable The following options are available see figure 29 Enable or disable V 110 modem modulation Enable or disable 56K ISDN connections Dial In Modify default window 73 Access Server Administrators Reference Guide 7 Dial In Modify V 92 Configuration This portion of the Dial In Modify Default window see figure 29 describes modifying the V 92 Configura tion parameters V 92 Features diModemV92Enable Enables and disables V92 functionality Quick Connect diV92QuickConnect Quick connect shortens a modem s time to learn a phone line s characteristics by reusing some information pre viously learned This setting enables or disables quick connect Modem on H
143. The number of packets received with an incorrect address field Bad Controls pppStatBadControls The number of packets received on this link with an incorrect control field Packets Too Long pppStatPacketToolongs The number of packets received that have been discarded because their length exceeded the maximum receive unit MRU LCP Statistics This portion of the Dial In User Statistics window shows LCP statistics of the current user selected Local MRU pppStatlocalMRU The current value of the MRU for the local PPP entity This value is the MRU that the remote entity is using when sending packets to the local PPP entity This setting becomes active when the link is in the up able to pass packets operational state Remote MRU pppStatRemoteMRU The current value of the MRU for the remote PPP entity This value is the MRU that the local entity is using when sending packets to the remote PPP entity This setting becomes active when the link is in the up able to pass packets operational state Local Multilink MRRU pppStatLcpLocalMRRU Multilink maximum receive reconstruction unit for the local device Remote Multilink MRRU pppStatlcoRemoteMRRU Multilink maximum receive reconstruction unit for the remote device WAN Circuit CONFIGURATION window 285 Access Server Administrators Reference Guide 23 Sync PPP LCP Authentication pppStatLcpAuth Authentication type used The following options are available none
144. The number of times TCP connections have made a direct transition to the SYN SENT state from the CLOSED state Passive Opens tcpPassiveOpens The number of times TCP connections have made a direct transition to the SYN RCVD state from the LIS TEN state Attempt Fails tcpAttemptFails The number of times TCP connections have made a direct transition to the CLOSED state from either the SYN SENT state or the SYN RCVD state plus the number of times TCP connections have made a direct transition to the LISTEN state from the SYN RCVD state ESTABLISHED Resets tcpEstabResets The number of times TCP connections have made a direct transition to the CLOSED state from either the ESTABLISHED state or the CLOSE WAIT state Current ESTABLISHED tcpCurrEstab The number of TCP connections for which the current state is either ESTABLISHED or CLOSE WAIT Total Received tcpInSegs The total number of segments received including those received in error This count includes segments received on currently established connections Total Sent tcpOutSegs The total number of segments sent including those on current connections but excluding those containing only retransmitted octets TCP 192 Access Server Administrators Reference Guide 16 e IP Total Retransmitted tcpRetransSegs The total number of segments retransmitted that is the number of TCP segments transmitted containing one or more previously transmitted octets Total Receive
145. Trap PDUS that have been accepted and processed by the SNMP protocol entity Ovt Out Packets snmpOutPkts The total number of SNMP messages that were passed from the SNMP protocol entity to the transport ser vice Error Status Too Big snmpOvtTooBigs The total number of SNMP PDUS that were generated by the SNMP protocol entity and for which the value of the error status field is tooBig No Such Names snmpOutNoSuchNames The total number of SNMP PDUs that were generated by the SNMP protocol entity and for which the value of the error status is noSuchName Bad Values snmpOutBadValues The total number of SNMP PDUs that were generated by the SNMP protocol entity and for which the value of the error status field is badValue Out 228 Access Server Administrators Reference Guide 19 lt SNMP Generated Errors snmpOvtGenErrs The total number of SNMP PDUS that were generated by the SNMP protocol entity and for which the value of the error status field is genErr Get Requests snmpOutGetRequests The total number of SNMP Get Request PDUs that have been generated by the SNMP protocol entity Get Next Requests snmpOutGetNexts The total number of SNMP Get Next PDUs that have been generated by the SNMP protocol entity Set Requests snmpOutSetRequests The total number of SNMP Set Request PDUs that have been generated by the SNMP protocol entity Get Responses snmpOutGetResponses The total number of SNMP Get Response
146. Type dax ClockMode Main Reference Determines which WAN link supplies the clock for the system refer to Main Reference daxClockMainRef on page 46 Fallback Reference Enables the configuration of a back up clock reference should the Main Reference fail refer to Fallback Reference daxClockFallbackRef on page 46 Circuit Type daxClockMode Defines the overall clocking scheme for the entire access server For each circuit a selection must be made as to the overall clocking scheme of the entire system If your system has only one circuit displayed then that circuit must be set to Master The following settings are available master 1 The master device is responsible for providing the master system clock in synchronization with one of its references If your access server has only one circuit then this setting must be Master e secondary 2 The secondary circuit provides the master system clock if the master circuit fails e slave 3 Slave devices provide the system clock references for use by the master or secondary Introduction 45 Access Server Administrators Reference Guide 6 DAX Main Reference daxClockMainRef The main reference parameter determines which WAN link will supply the clock for the system The following settings are available none 0 No clock selection This would be used in conjunction with either a secondary or slave circuit wan 1 1 Use WAN Port
147. User Name locion UserName nc a iere te iere Ee iste ei baee 118 Password location ass word ii ibn Paene E vede 118 Phone Number locationPhoneNumber cccccssssssssssessscccsssscssssesesscsscessescssesesesecessssesesssseceseeesesseesens 118 Destination IP location DestinationIP ccsssssccccsessessccesecsstsccceescseeccoessosscceessevesceeecrsasvatcrscarsvaceeee 118 Destination NetMask locationDestinationNet eee enne eene tna ne testen aa 118 Multilink l ocationConbigMuldbhbE 4 eren tipicidad 119 Connection Type locationConnectlype 1 ii teni ere eti Ree e cere 119 Idle Timeout locationIdle Timeout nocens es teet er dt tere etie 119 Maximum Session Time locationSession Timeout 2 rere rti ieper rn en anga nen 119 Authentication Technique locationAuth Technique ettet treten ine tede 119 Tp Filters location pei ters noe dete eio teo me RE EU tet Rr eH REPRE edes 119 Modem Profile locationModembPtrofile iii ida treten trito reete Erotica 119 View Modity location details ce eere terni eer ne HIER ere Ree eer ee E EIER eens 120 Dialing Locations Nx 120 Dial Out Modem Profiles Window niit tree e m ee reete trece aar anaa ana eaae 121 Add Modeni Prol nia ede RE trie ae tI eal tA rele etas cet a A 121 Locations Linke iet eee di tas 121 PyotileTD imodembrohileld m eite eire ais 121 Modem Modulation modem ye 555 rette eerte traen tr tr bere Io Patet THAT HTH dai 121
148. Version snmplInBadVersions The total number of SNMP Messages that were delivered to the SNMP protocol entity and were for an unsup ported SNMP version Bad Community Names snmpInBadCommunityNames The total number of SNMP Messages delivered to the SNMP protocol entity which used a SNMP community name not known to said entity Bad Community Uses snmplnBadCommunity The total number of SNMP messages delivered to the SNMP protocol entity which represented an SNMP operation which was not allowed by the SNMP community named in the message ASN ParseErrors snmpInASNParseErrs The total number of ASN 1 or BER errors encountered by the SNMP protocol entity when decoding received SNMP messages Error Status Too Big snmpInTooBigs The total number of SNMP PDUS that were delivered to the SNMP protocol entity and for which the value of the error status field is tooBig No Such Names snmplnNoSuchNames The total number of SNMP PDUS that were delivered to the SNMP protocol entity and for which the value of the error status field is noSuchName Bad Values snmpInBadValues The total number of SNMP PDUs that were delivered to the SNMP protocol entity and for which the value of the error status field is badValue Error Status Read Only snmpInReadOnlys The total number of valid SNMP PDUs that were delivered to the SNMP protocol entity and for which the value of the error status field is readOnly It should be noted that it is a prot
149. a factory representative This sets the transmit level power level of the modem The scale is 12 12 dB to 20 20 dB in 1 db increments Note Larger numbers mean less transmit power is being output in other words a setting of 20 will result in less power than a setting of 12 Protocol diModemProtocol Assigns the error correction protocol to use with the modem The following options are available e Direct 0 No error correction will be used request VA2 1 Enables V 42 error correction If this is selected the modem will either negotiate for V 42 error correction or if V 42 correction is not available will use no error correction e requireV42 2 V 42 error correction is mandatory otherwise disconnect Compression diModemCompression Assigns the data compression protocol to use with the modem This setting is in effect only when V 42bis error correction see Protocol diModemProtocol is active Dial In Modify default window 76 Access Server Administrators Reference Guide 7 Dial In e Direct 0 No compression will be used e requestV42bis 1 Enable V 42bis compression If this is selected the modem will either negotiate for V 42bis data compression or if V 42bis compression is not available will use no data compression e requireV42bis 2 V 42bis data compression is mandatory otherwise disconnect e V44 3 allows V 44 and V 42bis data compression Manage DNIS Window The Manage DNIS w
150. ad to wait for a message block Total Times Unavailable boxCountMsgBlkUnavailable The number of times a message block was unavailable System main window 233 Access Server Administrators Reference Guide 20 System Operating System Heap Memory Total Size 29528064 Free 24622080 Largest 24454144 Enclosure System Internal Temperature 44 celsius Highest Temperature 47 celsius Payable Features Enable Payable Features 0000000 100000000 Installation Country unite dStates 1 Other Total DRAM Detected 30955552 System ID E 1 3 6 1 4 1 1768 1 Running Since Last Boot 6 days 06 21 29 hours System Manager Unknown Contact Box Name Server S Physical Location Unknown Location System Services 13 Background Image enableGraphics 1 Monitor Privilege readonly 2 Figure 95 System main window Operating System Heap Memory Enclosure System Payable Features Installation and Other Operating System Heap Memory This portion of the System main window contains information described in the following sections see figure 95 Total Size boxHeapSize The size of the operating system heap memory Free boxHeapFreeSpace The amount of operating system heap memory currently available Largest boxHeapLargestSpace The largest contiguous memory block in the memory heap System main window 234 Access Server Administrators Reference Guide 20 System Enclosure System This portion of the System
151. agrams received by but not addressed to this entity IP gateways forward datagrams IP hosts do not except those source routed via the host Note Forsome managed nodes this object may take on only a subset of the values possible Accordingly it is appropriate for an agent to return a badValue response if a management station attempts to change this object to an inap propriate value The following conditions can be displayed e forwarding 1 acting as a gateway e not forwarding 2 ot acting as a gateway in this condition packets will not be forwarded to dial in users Default Time To Live ipDefaultTTL The default value inserted into the time to live field of the IP header of datagrams originated at this entity whenever a TTL value is not supplied by the transport layer protocol Total Datagrams Received ipInReceives The total number of input datagrams received from interfaces including those received in error Discarded for Header Errors iplnHdrErrors The number of input datagrams discarded due to errors in their IP headers including bad checksums version number mismatch other format errors time to live exceeded errors discovered in processing their IP options and so on Discarded for Address Errors iplnAddrErrors The number of input datagrams discarded because the IP address in their IP header s destination field was not a valid address to be received at this entity This count includes invalid address
152. aii 238 Country neall County a ertt teret et e een evs e EYE ERREUR ERE ATE ERAT ERE EEETE TEE EUE HE TENER weds 238 O 238 System Manager ys Contact 11 nece nere rte 238 Box Name sys Nam E E 238 Physical Location sys Location A i EUER e retenir Eie riori din 238 Systemi Services 5ySS BEVICOS Scene ie omg nO PO Ora ar EH RERO Ped e e Fat rid 238 Web Settings basBackeroundFlag 5 tret erre retirer bi 238 Monitor Privilege boxMonit sPrivilege pontiac 239 System Packer Holding Message Bloch s ee eite teet erret ir certe Fee re aeter eee ra se dert ige en 239 Buffer Size boxb ffebsIZ8 x o reto E rine nt etae ener ec eret aee eae booa ro tre ee rne e eo caa repe eet eben rede EE E ER NIE 239 No of Butters boxbutercount ii 239 No Sr e a dt di rd 240 No of Tasks Waited boxCountBuffer Task Wait 2 teet te tette etitm intercedente re eren 240 No of Times Unavailable boxCountBufferUnavailable sse 240 231 Access Server Administrators Reference Guide 20 System Introduction The System main window see figure 94 contains general setup information about the access server System parameters are Patton Enterprise MIB object identifiers though some are contained in RFC 1213 Manage ment Information Base for Network Management of TCP IP based internets MIB II Click on System under the Configuration Menu to display the System main window SYSTEM Modify SNM
153. all are contending for the same channel online 4 Call is actively being transferred through remote access server e sessiontime 5 Call is transitioning to down state e cearForward 6 Call is transitioning to down state e clearBackward 7 Call is transitioning to down state e dead 8 Call is disconnected e kill 9 Call is disconnected by administrator How Drop and Insert works The Telco informs the RAS that a call is inbound on a specific channel If the desired function for that channel is set for dropInsert then the RAS will redirect the call out another WAN port see figure 58 In effect it looks as if the RAS is not there How Drop and Insert works 140 Access Server Administrators Reference Guide 10 Drop and Insert Telco Figure 58 Drop and insert diagram Note This functionality can only be done on robbed bit lines You can not per form drop and insert on a PRI line Using Drop and Insert 1 Configure each WAN port doing drop and insert Links 1 and 2 perform drop and insert together Links 3 and 4 perform drop and insert together The line type coding for all of the lines can be either D4 AMI or ESF B8ZS WAN A can have the following types of line signalling EMWinkStart GroundStart LoopStart EMImmediate WAN B and x on PBX must be configured identically WAN B can have the following types of line signalling EMWinkStart EMImmediateStart 2 Set the Desired
154. allowed 12tpCallDisconnected I2tp tunnel disconnected The tunnel will be disconnected at the normal termina tion of the call callingback 88 call has been disconnected and user is being called back The following error messages are as a result of problems with connecting to the IP address port specified for the connection tcpSideClosure 61 Dial In User Statistics window 92 Access Server Administrators Reference Guide 7 Dial In telnetError 62 e rloginError 63 tcpConnAborted 67 Connection to the remote service has been disconnected abruptly For example the administrator of the remote machine killed the process tcpConnRefused 69 Connection to specified service on the remote machine was refused tcpConnReset 70 Connection was reset tcplimedOut 71 Request to initiate connection to the remote service timed out Connection timed out because the remote side did not respond on the connection in a timely manner e DtpCallDisconnected 80 Client disconnected the call DtpLNSConnectTimeout 81 We accepted a tunnel and did not get a response from authenticator in time 5 seconds e DtpLACConnectTimeout 82 We initiated the tunnel but the other RAS didn t get back to us in time within 5 seconds e vllOdisabled 83 UsSer with V110 attempted to connect but V 110 under Dial in gt Modify Defaults is disabled The following are internal access server errors Please contact technical
155. ame Relay j PPP 05 S Default Service ppp is Interfaces M IP Default Service IP 0 0 0 0 MFR Version 2 Default Service Port 0 RIP Version 2 Secondary Service IP 0 0 0 0 M ion 2 Secondary Service Port o Service Timeout 60 System System Log Force Next Hop 0 0 0 0 T1 E1 Link Submit Query About Domain Name Server License Primary Domain Name Server 192 168 200 151 Secondary Domain Name Server 0 0 0 0 Primary WINS 0 0 0 0 Secondary WINS 0 0 0 0 Submit Query Figure 27 Dial In Modify window modify Login Service and DNS objects Dial In Modify default window 66 Access Server Administrators Reference Guide 7 Dial In Modify Login This portion of the Dial In Modify default window see figure 27 on page 66 describes configuring the IP address pool login technique and general login information IP Address Pool dilpPool The IP address pool contains the IP addresses that are assigned dynamically to the dial in connections Type the IP address pool in the space provided The IP addresses can be non contiguous addresses configured as follows Blocks of IP addresses are designated with a dash separating the first and last host in the block for example 192 49 110 151 155 The addresses can be from a subnet other than the local network the RAS is on The IP address pool can have IP addresses from multiple subnets The subnets must be separated by a semi colon for example 192 15
156. analog v22bis 6 analog v22 7 analog v21 8 Guard Tone modemGuardTone Normally a guard tone is not required but one can be inserted This setting works for Phase Shift Key PSK modulations only not for v 32 v 34 or v 90 toneNone 1 guard tone not used tone1800 3 guard tone is inserted Carrier Loss Duration modemCarrierLossDuration The number of seconds the carrier signal must be missing before the connection is considered lost Retrain modemRetrain Enable the modem to monitor line quality and request a fallback or retrain for poor quality and a fall forward for good quality none 0 do not allow modem to retrain fall forward or fall back ratrain 1 all modem to retrain or fallback if the line quality is poor or fall forward to a faster speed if the line quality is good fallForwardFallBack 2 allow the modem to fallback to a slower speed if the line quality is poor or fall for ward to a faster speed if the line quality is good Transmit Level nodemTxLevel not in use Protocol modemProtocol Assigns the error correction protocol for use with the modem The following options are available direct 0 no error correction will be used e request VA2 1 enables v 42 error correction If this is selected the modem will either negotiate for v 42 error correction or if v 42 correction is not available will not use any error correction e requireV42 2 V 42 error correction i
157. ansmitted to a non unicast that is a sub network broadcast or sub network multicast address including those that were discarded or not sent Requested and Discarded w No Errs ifOutDiscards The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being transmitted One possible reason for discarding such a packet could be to free up buffer space Requested Errored Packets ifOutErrors The number of outbound packets that could not be transmitted because of errors Output Packet Queue Length ifOutQLen The length of the output packet queue in packets Interface Details 183 Chapter 16 IP Chapter contents O ars o OO OO EEUU 187 NON 187 Forwatding A TT ososinioraiio taaan an E AAA E A 188 persule ime ko Lre np Perie T TI a ee E e E e E A E A E 188 Total Datagrams Received iplnReceives cit ni a tend thereat 188 Discarded for Header Ertais STET T oeeie er Le et E E A E R EE 188 Discarded for Address Errors plnAddrE crate eer E E R E 188 Honwarded Datagrams Gp bond ate tang csc tse sok elon AA AAA ES EE E A R Ra 189 Discarded for Unknown Froros plo onto cias 189 Discarded w No Errors pln Discards A ON RAE 189 Total Deliveres apinElelivershe cnet eu LM M EET 189 Cut Requeste O ee e EROR NHIEU IU ME 189 ISO I M LE Se 189 Diseardeditar No Roures POutNo Routes dere eroe e CUem ta iia 189 Reassembly Timeout GpReasm Timeout ici RR UE UR UE eU P less 189 mo R
158. arEndLOF 4 dsxIXmtFarEndLOF 8 dsx1RcvAIS 16 dsx1XmtAIS 32 dsxlLossOfFrame 64 dsx1LossOfSignal 128 dsx1 LoopbackState 256 dsx1T16AIS 512 dsx1 RcvFarEndLOMF 1024 dsxIXmtFarEndLOMF 2048 dsx1RcvTestCode 4096 dsx1OtherFailure n dsx1ConfigEntry 10 Alarms Present No Alarm Present Far end LOF a k a Yellow Alarm Near end sending LOF Indication Far end sending AIS Near end sending AIS Near end LOF a k a Red Alarm Near end Loss Of Signal Near end is looped El TS16 AIS Far End Sending TS16 LOMF Near End Sending TS16 LOMF Near End detects a test code any line status not defined here 257 Access Server Administrators Reference Guide 22 e T1 E1 Link Line Status Configuration Clicking on the Line Status Configuration link in the T1 E1 Link Activity window displays the WAN Cir cuit Configuration window This window contains general information about the DS1 interface including the type of line D4 Superframe or Extended Superframe and kind of line coding B8ZS or AMI To modify the WAN circuit configuration click on the Modify link For more information about modifying WAN circuit settings refer to WAN Circuit Configuration Modify on page 259 WAN Circuit CONFIGURATION Modify Time Elapsed 429 Valid Intervals 96 Line Interface Settings Line Type dsxlESF 2 Line Coding dsx1B8Z5 2 Receive Equalizer link RxEqualizerOff 1 Line Build Out tlpulse0dB 2 Yellow
159. at contain eight DSPs each The access server can access these DSPs in several ways Ona per instance basis When a DSP is set to AvailableSecondOnly the access server can disable the sec ond instance of a DSP Ona per DSP basis Each DSP can be set to available unavailable or RebootNow in order to enable dis able disabling or reboot both instances simultaneously Note On boards manufactured before October 31 2001 printed circuit board revisions 1 or less DSPs are rebooted on a per chip basis For information on displaying the PCB revision number refer to PCB Revision boxManu facturePcbRevision on page 233 When a DSP is selected to be rebooted not only will that DSP be rebooted but so will the other seven DSPs that are located on the same chip For example if DSP1 is set to reboot DSPs 2 8 will also reboot Click on DSP under the Configuration Menu to display the DSP Settings main window The DSP main window see figure 59 displays the current state of the DSPs see DSP Settings main win dow Clicking on the Connection Summary link takes you to a page that displaying summarized statistics for the DSPs as a group and individual statistics for each DSP For more information about the Connection Summary window refer to DSP Connection Performance on page 147 Clicking on the DSP Index link displays detailed information about the DSP see section DSP information window on page 151
160. ate Tp address Ip mask 2 lepNegotiate 3 192 168 200 1 255 255 255 255 Figure 117 The PPP main window PPP ID pppIndex This field provides a unique identifier for each active PPP link This is a read only variable and is for display purposes only User pppAuthenticationUsername If authentication is used this field shows the username used during authentication WAN Circuit CONFIGURATION window 279 Access Server Administrators Reference Guide 23 Sync PPP State pppActState This is the current state of the PPP negotiation process e restarting 1 the link is currently restarting due to a configuration change or line error connecting 2 the link is currently connecting lcpNegotiate 3 PPP LCP negotiation is in progress e authenticating 4 Either local or remote side is authenticating the user if enabled pppUp 5 the PPP link is up e disconnecting 6 the link is currently disconnecting e dead 7 the link is currently dead e onlineBcp 8 BCP has been negotiated and data can be passed across the link onlineIpcp 9 IPCP has been negotiated and both sides have agreed on IP addresses and data can be passed across the link lp Address pppServicelpAddress The IP address assigned and negotiated for this interface The default IP address is 792 168 200 1 and should be changed to match your network lp Mask pppServicelpMask The IP net mask configured for this link Default Settings Clic
161. ation suCallbackConfig This is the type of callback allowed for this user The following options are available noCallback 0 no callback allowed for this user default e setByCaller 1 callback and phone number assigned by the user e alwaysCallbackTo 2 always call back to the phone number specified by suCallbackNumber callback number needs to be specified e callbackToCallingNum 3 call back to the calling phone number This is only available with ISDN PRI lines Callback phone number suCallbackNumber When the callback type is set to alwaysCallback To this is the phone number that the RAS will call after call back is negotiated This entry has a limit of 80 characters RADIUS Configuration If using a radius server for authentication and global callback is enabled and set to setByAuth the user profile in radius will determine callback If the service type attribute is not Callback Framed no callback will be allowed If the service type attribute is set to Callback Framed with no phone number the user will be allowed to assign the callback number If the service type attribute is set to Callback Framed and the Callback Number attribute has a valid telephone number the user will be called back at that number Static User Authentication 136 Access Server Administrators Reference Guide 9 e Callback Accounting information Before callback is initiated the accounting start and stop packets will have service
162. atl hysAddress Suet ep ERES RENE RERE 182 Pme DINI STOOD DR KU M 182 Operational tas O pa 2a eves eee ae eee eee ence eee tees 182 last Change Maha ae 182 A ccc ts AEAEE eec ster obi AA see A dA lucis sec dede dne 182 ea Unicast T ae Meme QUE A eU E T E E 182 Reserved Non Unicast Packets UN caste Ae erede DATEI 182 Received and Discarded wi No Errs iflmiseards as 183 Received Errored Packots Ne 183 Received w Unknown Protocol GflnUnknowhnbPtrotos 2 eerie teen eene enata ere ea a Eeee 183 Nm Octet OMON eere eS Se ID e M TIRE 183 Reguested Unicast Packers up UM eds eia ee oen et ec Len e E 183 Requested Non Unica Packets HO Cocos e ehe EEUU 183 Requested and sad NO E Seats e EUER ET REOS 183 Requested Errored Packets UFONCETTORS coc a 183 Omput Ticker Ouere Longri WO Oea ee e cheer E A A E E EEE 183 178 Access Server Administrators Reference Guide 15 Interfaces Introduction The Interfaces window see figure 73 shows the quantity of incoming and outgoing traffic as well as errors that cause frames to be discarded for each of the local interfaces The statistics listed on the access server Inter faces page comprise those contained in RFC 1213 Management Information Base for Network Management of TCP IP based internets MIB II Frames are counted when they arrive on the network Some frames are then discarded during error screening The remaining frames are delivered to the appropriate higher layer or sub lay
163. authentication and the user is now able to access the Internet 12tpTunneled Subsequent multilink call that was answered by another access server and tunneled to the access server that has the originating call e Kill The administrator can manually disconnect the user by activating this parameter e Dead The user s call has been disconnected This message disappears when the linger time expires Bury The call has been killed and removed from the dial in main window Username diactUsername The caller s username Password diactPassword The caller s password Shared Unique ID diactMultilndex Used for multi link PPP this is the unique identification shared between multi link active calls Protocol diactProtocol Indicates the type of service or link being provided for this call e PPP The user has a PPP link running e Slip The user has a Slip link running Telnet The user has a telnet session running Dial In User Statistics window 89 Access Server Administrators Reference Guide 7 Dial In Rlogin The user has an rlogin session running Security Level diactAccessLevel This is the security level assigned to the selected call Passthru is the default security level Monitor and Change security levels are used by the access server administrator e Passthru 1 Allows no access to the configuration screens e Monitor 2 Allows read only access to the configuration screens e Admin 4 Allo
164. bling or disabling the reporting of accounting information on the access server The following options are available enableAccounting Begin accounting of RADIUS authenticated users disableAccounting Disable the accounting feature e enableAccounting no validation When a response is received from either the authentication or the accounting server it is validated using the defined secret If the secret does not match the reply packet is dropped just as if it never existed Early versions of the Livingston RADIUS server used a method for encoding the accounting reply packet that was incorrect Accounting replies from these servers would therefore be dropped because they could not be authenticated eventually resulting in timeouts and shutting the call down with the reason authenAc counting Timeout As a workaround for this issue the state enableAccountingNoValidation which does not check for valid encoding on the accounting reply packet was added as an option Radius Packet Format auRadiusPacketFormat The following options are available e fullRfcPacket The accept request packet includes Calling Station Id and Service Type RADIUS attributes minimumRfcPacket This setting does not include Calling Station Id and Service Type RADIUS attributes Radius Session ID Size auRadiusRunningldSize The session ID which is sent in the Accounting start and stop packets can be configured as either an 8 or 12 character str
165. ce Guide 7 Dial In DNIS Profiles clicking on the DNIS Profiles link takes you to the page where you can view and change the DNIS profiles Refer to DNIS Profiles on page 80 DNIS Ip Pools clicking on the DNIS Ip Pools link takes you to the page where you can view and change the IP address pools Refer to DNIS IP Pools Window on page 82 Manage DNIS main window ID dnisPoollD The identification number that uniquely identifies the DNIS configuration WAN Link dnisPoolDesrcWan The WAN link the dial in user must be connected to in order to use this DNIS configuration Note 0 indicates that the WAN Link is not considered when determining if the dial in user matches the conditions of the DNIS configuration Dialed Number dnisPoolDesrcDialedNumber The number the dial in user must call in order to use this DNIS configuration If more than one number is specified they must be separated by semi colons Note This field has a limit of 80 characters DNIS profile dnisPoolAssignedProfile The DNIS profile used if the dial in user meets the conditions of this configuration Note ADNIS profile of 0 indicates that no profile has been selected and the DNIS configuration is not activated Status dnisPoolStatus Indicates if the DNIS Configuration will be used e active 1 This configuration will be compared to the inbound call and used if the dial in user meets its conditions e notUsed 2 This configuration
166. cific static users go back and click on the username Figure 126 Authentication window 2 On the Authentication page define values for the parameters as follows Validation Select staticThenRadius 4 or radiusUsers 2 Note We recommend you select staticThenRadius then add a static user to the RAS s user database This will provide you an alternate login method so you can still manage your RAS if RADIUS authentication should fail Host Address Enter the IP address of your RADIUS server Secondary Host Address Enter the IP address of your fallback RADIUS server if you have one Other wise leave blank Host Port Enter the UDP Port number your RADIUS server uses to receive authentication requests typically 1645 or 1812 Note The primary and secondary RADIUS server will use the same port number Timeout 2 is the default value leave it alone unless you know better Retries 3 is the default value leave it alone unless you know better Secret Enter the secret from your RAS client profile on your RADIUS server NAS Identifier Optional You may enter the IP address or friendly name of your RAS as defined in your RADIUS server s client list Configuring a RADIUS server 312 Access Server Administrators Reference Guide C Technical Reference Note Depending on how you define NAS Identifier Authentication Request packets sent to the RADIUS server will contain the NAS Ident
167. considered a security breach The following options are available allowredirects 0 stopredirects 1 ICMP Receive Send Messages window The ICMP window displays the ICMP message counters ICMP messages are displayed in the window as col umns comprising two types of messages Messages received by the access server InMibVariable Messages sent by the access server OutMibVariable The numbers following the parameters can be a good source of what is happening on the network to point out potential problems Both gateways routers and hosts can send ICMP messages Total Received Sent icmplnMsgs imcpOutMsgs The number of ICMP messages the access server has received sent This number also includes ICMP messages received sent which have ICMP specific errors w Errors icmplnErrors impOutErrors The number of ICMP messages which the access server has received sent but are deemed to be faulty for example bad ICMP checksums bad length or non routable errors ICMP 196 Access Server Administrators Reference Guide 16 IP Destinations Unreachable lcmplnDestUnreachs IcmpOutDestUnreachs The number of ICMP destination unreachable messages received sent For instance if the information in a gateway s routing table determines that the network specified in a packet is unreachable the gateway will send back an ICMP message stating that the network is unreachable The following conditions will send back an unreachable messa
168. csssersscesossessederssesevaesencedevessencotssestssactvsessesazeccdsteesvecessnces 269 Degraded Minutes dsx 1 TotalDMS aia ari ertet tee a e te ee e etd eis tede 269 Line Code Violations dsxT R HE a eseeeve es eesevt ence ee teet ote ertet ere eee E es tee tese IR E essi teet voce tio 269 Far End Line Statistics UEBFeBE ioni nerit ertet ii 270 Time Elapsed dsxIParEnd uneBlapsed eerte atadas 270 Errored Seconds dsx1lFarEndCurrentESs ccccccssscscsssssssssccccsccscssccessescccssssecssccevsseecessssesesseeesesssesonssesosenens 270 Severely Errored Seconds dss Park nd GusrentSE98 aia aE 270 Severely Errored Frame Seconds dsx1FarEndCurrentSEFSs asses eee 270 Access Server Administrators Reference Guide 22 e T1 E1 Link Unavailable Seconds dsx1FarEndCurrentUASs eese nennen nennen anaoat nennen sinn 270 Controlled Slip Seconds dsx FarEndGuttent 2SS8 nissan e ER HEREDES 270 Line Errored Seconds dsx1FarEndCutrentLESs lt 0 lt cscicscosssvecosscesveacecssntecestescestcceseestecesdecesoesscdsvsdaveesecevavenes 270 Path Code Violations dsel FarEmd Current OVS tii 271 Bursty Errored Seconds del FarEndCurrentBESS ica diesen 271 Desraded Minutes dsx FarendCurentDMs euer Ec tete obeacs NE RE iS 271 Far End Line Statistics HO ode 271 Far End Interval dsxl1FEarEndIntervalNumber cri cc nea 271 Errored Seconds dsxl FarEndIntervalESs iii 271 Severely Errored Seconds dsx1FarEndInte
169. d by the End User B The End User may copy licensed Program s as necessary for backup purposes only for use with the Desig nated Equipment that was first purchased or used or its temporary or permanent replacement C The End User is prohibited from disassembling decompiling reverse engineering or otherwise attempting to discover or disclose the Program s source code methods or concepts embodied in the Program s or having the same done by another party D Should End User transfer title of the Designated Equipment to a third party after entering into this license agreement End User is obligated to inform the third party in writing that a separate End User License Agree ment from Patton Electronics Company is required to operate the Designated Equipment 5 Warranty The Program s are provided as is without warranty of any kind Patton Electronics Company and its licen sors disclaim all warranties either express or implied including but not limited to the implied warranties of merchantability fitness for a particular purpose or non infringement In no event shall Patton Electronics Company or its licensors be liable for any damages whatsoever including without limitation damages for loss of business profits business interruption loss of business information or other pecuniary loss arising out of the use of or inability to use the Program s even if Patton Electronics Company has been advised of the possi bility of such da
170. d in Error tcplnErrs The total number of segments received in error e g bad TCP checksums Total Sent w RST Flag tcpOutRsts The number of TCP segments sent containing the RST flag TCP Details From this screen you can view port details for remote and local TCP connections see figure 78 You must enable the Facility Data Link FDL object in the T1 E1 Link section to read remote TCP port connections To reach this screen click on the Details link from the TCP main window TCP Details Local Port Remote Address Remote Port State 21 0 0 0 0 0 listen 2 23 0 0 0 0 0 listen 2 24 0 0 0 0 0 listen 2 80 0 0 0 0 0 listen 2 80 253 68 39 1 56538 close Wait 8 80 253 68 39 1 56596 close Wait 8 80 192 49 110 34 2223 established 5 80 192 198 253 132 1222 close Wait 8 80 192 198 253 132 1226 close Wait 8 80 192 198 253 132 1236 close Wait 8 80 192 198 253 132 1238 close Wait 8 Figure 78 TCP Details window Local Port tcpConnLocalPort The local port number for this TCP connection Remote Address tcpConnRemAddress The remote IP address for this TCP connection Remote Port tcpConnRemPort The remote port number for this TCP connection State tcpConnState The state of this TCP connection The only value which may be set by a management station is deleteTCB 12 Accordingly it is appropriate for an agent to return a badValue response if a management sta tion attempts to set this object to any other value
171. d reserve all DSPs in the group It will not perform the reboot until there are no calls in the group of associated DSPs or until 10 minutes have elapsed at which point it will disconnect any remaining calls to do the reboot e RebootNow 2 This will disconnect all calls on the group of associated DSPs and perform the DSP reboot immediately unavailable 3 DSP has been taken out of the resource pool s available 4 DSP is available for use availableFirstOnly 17 Marks the second instance of the DSP unavailable availableSecondOnly 18 Marks the first instance of the DSP available ForceDerail 19 This is for use by the engineers and technical support for testing purposes only Do not use Instance 41 State dspStatefirst Identifies the current state of the first instance of the DSP e hardwareFailure 1 During power up a self test routine detected a problem with this DPS It will not be booted with code or used for calls pendingBoot 2 Software on this DSP has stopped acting properly This DSP will not be used for calls At the next convenient time the DSP will be rebooted DSP Settings main window 145 Access Server Administrators Reference Guide 11 Digital Signal Processing DSP booting 3 The DSP has just been loaded with code and we are now waiting for an indication from the DSP that the code loaded properly and is running hwReseted 4 The DSP is reset swLoaded 5 Software
172. de This setting becomes active when the link is in the zp able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 The values are from 0 to 128 IP This portion of the Dial In User Statistics window see figure 38 on page 95 shows operational status and the type of IP compression used Dial In User Statistics window 97 Access Server Administrators Reference Guide 7 Dial In IP Operational Status 1 Local Remote VJ Protocol Comprsn wj tep 2 Remote Local VJ Protocol Comprsn vj tcp 2 Remote Max Slot ID its Local Max Slot ID 15 Next Hop Gateway 0 0 0 0 Primary Domain Name Server 192 49 110 149 Secondary Domain Name Server 192 205 242 132 Filters Figure 39 IP window Operational Status dilpOperStatus The current operational state of the interface These are the available options e up 1 able to pass packets down 2 unable to pass packets testing 3 in test mode and unable to pass packets Local Remote VJ Protocol Comprsn dilpLocalToRemoteCompProt The IP compression protocol that the local IP entity uses when sending packets to the remote IP entity The available settings are none 1 no compression vjICP 2 compression is enabled Remote Local VJ Protocol Comprsn dilpRemoteTolocalCompProt The IP compression protocol that the remote IP entity uses when sending packets to the local IP entity The available
173. der of the calls on the screen e Descending calls are sorted from the latest call at the top to the oldest call at the bottom e Ascending calls are sorted from the oldest call at the top to the latest call at the bottom Active Calls doActive The total number of active outbound calls Call ID doactindex Unique identification of this call for internal use Subsequent calls in a multilink PPP session refer to this ID as a pointer to the bundlehead or originating call ML ID doactMultilndex Pointer to the bundle head or originating call of a multlink PPP session Introduction 107 Access Server Administrators Reference Guide 8 Dial Out User doactUsername The username that the caller entered for a character based call or the location name for a location based call State doactState Indicates current call progress as follows commandmode 1 dial out character based user is connected to access server but has no active outbound call ringing 2 The outbound call has been dialed and is waiting for the remote site to go off hook connecting 3 call is in the process of negotiating the type of connection v 34 v 90 IDSN etc lcpNegotiate 4 the physical layer is connected and lcp options are being negotiated for PPP based calls e authenticating 5 The call is currently in the authenticating process online 7 Dial out user is connected to remote site e disconnecting 8 The call i
174. dure for RADIUS authentication and authorization is outlined in figure 125 LEE LN 1 Connection A 2 4 gt 2 Network Access Server NAS 5 3 x Authentication Server RADIUS Client RADIUS Server Figure 125 RADIUS authentication and authorization procedure 1 User dials into the RAS and establishes a connection 2 The RAS prompts for user ID and password PAP or challenge CHAP MS CHAP V1 and MS CHAP V2 3 User responds with user ID and password PAP or challenge response CHAP MS CHAP V1 and MS CHAP V2 4 RAS forwards an authentication request packet to the RADIUS server containing user identification encrypted password and RAS identification 5 RADIUS server validates the user and sends the RAS an authentication acknowledgement packet contain ing user configuration and one of the following Specifying what network services and privileges the RAS should provide to the user Access accept or Denying the Authentication Request Access reject RADIUS Standards RADIUS was initially developed in January 1977 by Lucent Technologies on recommendation from the Inter net Engineering Task Force IETF The second generation JETF Standards for RADIUS RFC 2138 and RADIUS Accounting RFC 2139 were published in April 1977 The second set of RFCs changed the assigned UDP port number for RADIUS from 1645 conflicting with datametrics service to 1812 and changed the assigned U
175. e FORWARDING TABLE Destination Mask Next Hop 0 0 0 0 0 0 0 0 192 49 110 1 1 192 49 110 0 255 2552550 0 0 0 0 1 192 49 110 110 255 255 255 255 192 49 110 152 1 192 49 110 111 255 255 255 255 192 49 110 152 1 192 49 110 112 255 255 255 255 192 49 110 152 1 192 49 110 113 255 255 255 255 192 49 110 152 1 192 49 110 114 255 255 255 255 192 49 110 152 1 192 49 110 115 255 255 255 255 192 49 110 152 1 192 49 110 116 255 255 255 255 192 49 110 152 1 192 49 110 117 255 255 255 255 192 49 110 152 1 192 49 110 118 255 255 255 255 192 49 110 152 1 192 49 110 119 255 255 255 255 192 49 110 152 1 192 49 110 120 255 255 255 255 192 49 110 152 1 192 49 110 121 255 255 255 255 192 49 110 152 192 49 110 123 255 255 255 255 192 49 110 152 1 192 49 110 124 255 255 255 255 192 49 110 152 1 192 49 110 201 255 255 255 255 192 49 110 152 1 Interface Type Proto Info indirect 4 local 2 0 0 direct 3 local 2 0 0 indirect 4 local 2 0 0 indirect 4 local 2 0 0 indirect 4 local 2 0 0 indirect 4 local 2 0 0 indirect 4 local 2 0 0 indirect 4 local 2 0 0 indirect 4 local 2 0 0 indirect 4 local 2 0 0 indirect 4 local 2 0 0 indirect 4 local 2 0 0 indirect 4 local 2 0 0 indirect 4 local 2 0 0 indirect 4 local 2 0 0 indirect 4 local 2 0 0 indirect 4 local 2 0 0 Figure 85 IP Routing Forwarding Table Destination ipRouteDest The destination IP address of this route An entry with a value of 0 0 0 0 is considered a
176. e pppStatl ransimithesSize Jte e eter tete renes 287 Receive Frame Check Seq Size pppStatReceiveFcsSize eene 287 pe 287 Operational Status ppplp OperStatus 2 erae terere rra i rn ED d e D i ERR ieee 287 Local Remote VJ Protocol Comprsn ppplpLocalToRemoteCompProt eee 287 Remote Local VJ Protocol Comprsn pppIpRemoteToLocalCompProt eee 287 Remote Max Slot ID pppIpRemoteMaxSlotld eese nennen nennen 288 Local Max Slot ID ppplpLocalMasxSlotld sun tern retirer e rd eerie 288 1 suecectioeeas 288 Octets Sent DpppActSent Blets casita inicia nia asa da 288 Oetets Received pppActBeceived etets is cas enia ete dida 288 Packets Sent pppacioentllatabrames re ciere rir E EP PER ONE DURER siesta a cds 288 Packets Received pppActReceivedDatabram s iii etie ER PUB e pes 288 Modify Link Configuration Window eese nennen nennen nete ener eene tennenene 289 277 Access Server Administrators Reference Guide 23 Sync PPP Introduction Point to point protocol PPP is a widely used data link layer protocol for connecting remote devices in point to point configuration Mainly used in dial up applications and in network core applications PPP is used for multiplexed transport over a point to point link it operates on all ful
177. e 71 Modi y COT POUR Oieee ire tetto renti ied iden ite Ieri ee DES FREIER ORE 71 Link Compression dilankCompressian ais 71 Default Max Receive Unit diConheInisialMBUJI cocina pert te rese th aeree rct reete ipia 71 Allow Magic Number Negotiation diConfigMagicNumber eene 71 Frame Check Sequence Size diConfipPcsSize cinc tede etri detecte cep eren pete seal ee ERS Edd e 71 Compression dilpConlig Compression e ia e wie Sea Pe tan a EE de 71 Access Server Administrators Reference Guide 7 Dial In Multilink dGonfeMuleilink eda ieu rite eti ai 71 Mulubos d Connie MMP conti aliado ER 72 Modity Mamut Time ad 72 Maximum Session Time min diSession Timeout ass ettet ette tenerent eter tete serre Ra 72 Maximum Idle Lime min didle Timeout Lun ii ici 72 Tune to login sec tdil ogin Timeout linia rer Dott rect rb dt vean 72 Call History Timeout min dilinger Time ettet ertet eta canada cie cda did 72 Modify ISDN Configuration cree tre pt rate eite e eve ee iat ciere de PEL petet dd 73 RON K LOT E To yn re S EE E E ET 73 Modify V92 Contisuratiob concilio 74 V 92 Features diModemV92Enable ccccccccscccceeseseessecescevesacsoccnsecteassconceosstesescecsoveversesetcessisenesereeseopesees 74 Quick Connect diV 92 OuiekGontect ni ias 74 Modem on Hold diV92ModemOmHold ici nda eat 74 Modem on Hold Timeout diV9I2ModemOnHoldTimeout eene nennen 74 Modify Modem CoBDSUEAEOD saltaron ida 74 VIOU
178. e Guide C Technical Reference Intel RADIUS Overview http support intel com support si library bi0407 htm Configuring RADIUS This section describes how to configure your Patton RAS for RADIUS authentication and accounting Overview You may configure your Patton RAS to use RADIUS Athentication RADIUS Accounting or both Before authenticating any users your Patton RAS must first authenticate with the RADIUS server to validate its identity Configuring RADIUS authentication comprises the following Configuring RAS authentication on the RADIUS server and on the RAS Configuring user authentication and authorization on the RAS Configuring your RAS for RADIUS Accounting is completed on a single management page Configuring RADIUS Authentication On your radius server In the following procedure you will learn your RAIDUS server s IP address and UDP port numbers and add your RAS to your server s list of known RADIUS clients The following information provides an overview of the necessary steps For detailed operating procedures for your specific RADIUS server please consult the user documentation 1 Collect the following information from your RADIUS server What is the IP Address of your RADIUS Server Which UDP port numbers does your RADIUS server use for RADIUS 1645 or 1812 RADIUS accounting services 1646 or 1813 2 Defining your RAS as a known client An example client list from a Cistron RADIUS server is shown
179. e HTTP HTML Management pages Immediate Actions 18 Chapter 3 I mport Export Chapter contents Introduction Export Configuration Import Configuration 19 Access Server Administrators Reference Guide 3 Import Export Introduction The Import Export function enables you to make a backup or export copy of your access server s configura tion parameters By exporting the configurations the saved files can quickly be loaded or imported into a replacement access server greatly speeding up the installation process should an access server need replacing Note All actions for Import Export require superuser access privileges To import or export a configuration click on Import Export under the Configuration Menu to display the Import Export main window see figure 6 IMPORT EXPORT Server EXPORT CURRENT FLASH CONFIGURATION The current power up settings as stored in the system flash will be dumped to your screen You may then save them in a file for later import back into the system Note that the information which is exported is the current hard storage settings NOT the current settings You may want to issue a Record Current Configuration on the home page first Export Flash IMPORT FLASH CONFIGURATION FROM FILE If you have previously exported the system configuration to a file then you can submit that file below and the system will update its flash configuration from the data saved in th
180. e MFR Version 2 Forward Seize lineSigForwardSeize Code to indicate there is a desire to use a line e abcd 0000 0 e abcd 0001 1 e abcd 0010 2 e abcd 0011 3 e abcd 0100 4 e abcd 0101 5 e abcd 0110 6 e abcd 0111 7 e abcd 1000 8 e abcd 1001 9 e abcd 1010 10 e abcd 1011 11 e abcd 1100 12 e abcd 1101 13 e abcd 1110 14 e abcd 1111 15 Back Acknowledge lineSigBackAck Code to indicate there is an agreement to use a line e abcd 0000 0 e abcd 0001 1 e abcd 0010 2 e abcd 0011 3 e abcd 0100 4 e abcd 0101 5 e abcd 0110 6 e abcd 0111 7 e abcd 1000 8 e abcd 1001 9 e abcd 1010 10 e abcd 1011 11 MFR Version 2 Modify 214 Access Server Administrators Reference Guide 17 MFR Version 2 e abcd 1100 12 e abcd 1101 13 e abcd 1110 14 e abcd 1111 15 Back Answer lineSigBackAnswer Code to indicate a call has been completed e abcd 0000 0 e abcd 0001 1 e abcd 0010 2 e abcd 0011 3 e abcd 0100 4 e abcd 0101 5 e abcd 0110 6 e abcd 0111 7 e abcd 1000 8 e abcd 1001 9 e abcd 1010 10 e abcd 1011 11 e abcd 1100 12 e abcd 1101 13 e abcd 1110 14 e abcd 1111 15 Minimum Transition Time lineSigMinTransTime The minimum transition time in milliseconds Minimum Detection Time lineSigMinDetectTime The minimum detect time in milliseconds Protocol Timeout lineSigProtoTimeout The time for a protocol timeout in milliseconds Interregister Signalling The Interregister Signalling
181. e Mines BacluAck eee esce eee Sese ERROR E ee 211 Back Am T e ceo cte eror UM a es 211 Minimum Transition Time lineSigMin Trans Time ias 211 Mimimum Detection Lime MineSigMin Deret Time 2 0 ees ete e E E EERE 211 Protocol Timeone dineSiz Proto RT EL 211 IT TTT 211 H RT pones Torn Ht A Helen 211 Total Digits inter all as 211 Firstand Middle Response Code antesBegCalledNumbirst teo tested 211 Last Response Code rotas 211 Calling Number a 211 Toral teres per Ree Cal lied Nia Dios e ccrte eee UTE ETE 211 Firstand Middle Response Code imterBegGallingNumblrgt c ee cenae na E 211 Last Response Code ar T E erect 211 Speech Condition REI AG oer eno e 211 MER Vernon 2 Modibu ria 212 Lraesrenalling ic E 212 Country A erordesenseemeniee pe etre rte eer ee EE e ten 213 E de cese cte eer c MU IU AM e Ue T 213 Forward SeizeXlinesiePumwardScize oronro NUS SEN DUEREUSERUE EE 214 Back Acknowledge desde Bac kA T E A 214 Back AnswerthneSioBackAuswer nta E Goi eee ee 215 Minimum Transition Time lineSig Mp Trans Time aserrada 215 nucum Detection Ma Rr R oia 215 Protocol Timeout limesie rove lente Ren ege PEERS 215 o ES 215 Called Number te eb EESRE UE tease SN URUSSINUI MIND E 216 Tolstoi tevin eee tenets 216 First and Middle Response Code rarer Rept alled Numi eee e Ee 216 Last Response Code IT E TTT T iii EEE 216 A eet ee i uU D E E E bp den iu RS 217 Totales mater K tio so ise icds 217 First and Middle Response Code interR
182. e Port tepConnBembolt aces rere rS aiii 193 State tepComnState E 193 DD 194 Handling of NETBIOS UDP Broadcasts boxNetbiosUdpBridging eee 195 Received udplnbDatagtam aceite e t eet aiebant ai 195 Received With No Ports udp MOP Ores 5 tei eto teet aem er i RO TU e E LR ep ERE 195 Others Received with No Delivery udpInEstofg viii ai renidet etd pe reget te Eee RE kn en 195 Sent udpOutDatasrams sin entente HR ds 195 Listener Table udp Table ueteri e re OE ente eter tee De rehab c eet 195 Local Address udplkocalAddres siii pre ves gs REPRE e TEEN tet te ie Ei Eiaeia 195 Local Port idee Gal DOS eri ertapree iere e dica 195 KE MP ar a a a a teu LIUM MM II 195 Block ICMP redirects BoxBLockicmpRedirects cuina di ra 196 ICMP Receive Send Messages WINDOW rene e a r einen eL Re sois 196 Total Received Sent icmpInMsgs imcpOutMsgs ooccncocononnnnnnononnoncnnaononennnnnnononnnncnon enana ra cnonnnnnrnor coran 196 wi Errors icinpln Errors empOntERORS 5 sivas ire irte reiecit ia 196 Destinations Unreachable IcmpInDestUnreachs IcmpOutDestUnreachs eee 197 Times Exceeded icmplo l imeExcds i mpOutTimeExeds cuca eee ettet 197 Parameter Problems icmpInParmProbs icmpOutParmProbs eese 197 Source Quenchs icmpInSrcQuenchs icmpOutSrcQuenchs eee 197 Redirects
183. e Statistics P IstOEy cauere ter E GE a dira 267 Interval da ater N DN tetro ti 267 Errored Seconds dsxlantetvaless ii ii 267 EIA A tette ente tenete repere tet vasevvastcvessoededecdancsesaces 267 Severely Errored Frame Seconds dsx lT tervalSEPSs ij irte nene em er idet 267 Unavailable Seconds dsx1IntervalUASs eee eter etre tne aorta Lene pne ete roro terrena karen snae eina ean 267 Controlled Slip Seconds dsx IntervalG Seg music ro He tet tent ep eec EH n Pp aet ee 268 Path Code Violations dsxlIntervalPQ Vs csssesscssssssscssscssseccecessccscsesessscecessecescusencosccsevessceseesesensatccsocssens 268 Line Ertored Seconds dex Interval Es etre tiere rire ter Peri eerta 268 Bursty ExtoredSeconds dsx Interval BESS cines arar 268 Degraded Minutes dsxl Interval DMs oi ea 268 Line Code Violations dizl Internal CVS a li 268 Near End Line TTT T a N 268 Errored Seconds dsxT TotalESS unirte iia 268 Severely Errored Seconds dsxl TotalSBSS iii met eerte n t oie iaa 269 Severely Errored Frame Seconds dsx1TotalSEFSs eese eese eee ne enne enne ente rocio annan 269 Unavailable Seconds dsxl lotalU AS iii ai 269 Controlled Slip Seconds dex l Total noe Dette rete re ee aiidoa 269 Path Code Violations dex LotalP Vs i etti acetate ttes tei re Eee E e rtt di p Ee dun 269 Line Errored Seconds dexl TotalLESS tado iia 269 Bursty ExroredSeconds des T T otal BESs cccsscscss
184. e an extra entry for callback under configuration The follow ing describes this setting Configuration Link Compression enebled 1 y Default Max Receive Unit f 524 Allow Magic Number Negotiation enab e 1 Frame Check Sequence Size 16 Compression vitcp 2 E MultLink Max 4 of Calls per User Bo MultiLink disab MultiBox Query timeout disable 0 Callback setByCaller 2 Submit Query Figure 53 Dial in Configuration showing callback config Callback diCallbackConfig This is the global callback configuration This configuration takes precedence over user configuration through static or RADIUS database The following options are available noCallback 0 callback is globally disabled e setByAuth 1 callback type is determined by either the static user configuration or radius user configura tion e setByCaller 2 callback is determined by the caller during LCP or CBCP negotiations The user will set the phone number to be called back callingNum 3 callback using caller ID The calling number will be used to call back Introduction 134 Access Server Administrators Reference Guide 9 e Callback Dial in Main Window DIAL IN Call Sorting descending 0 Submit Query Active 0 Peak 1 Total 1 Setting Default details Modify default Manage DNIS Summations Modulations Telco Protocol Call ID ML ID User State Duration Discnct Reason Modulation
185. e dsx1E1 CRC MF Based on CCITT ITU G 704 with TS16 multiframing with CRC T1 E1 Link Activity main window 253 Access Server Administrators Reference Guide 22 T1 E1 Link Circuit ID dsx 1Circuitldentifier This is the transmission vendor s circuit identifier Knowing the circuit ID can be helpful during troubleshooting Alarms Present This window indicates alarms on the physical line and in the case of a PRI the status of Layer 2 CIRCUIT ID 1 PHYSICAL LINE ALARMS Far end LOF S K a Yellow Alarm Near end sending LOF Indication ACTIVE Far end sending AIS Near end sending AIS Near end LOF aka Red Alarm ACTIVE Near end Loss Of Signal ACTIVE Near end is looped E1TSI6 AIS Far End Sending T516 LOMF Near End Sending T516 LOMF Near End detects a test code any line status not defined here Transmit Short Transmit Open Figure 103 Line Status Alarms window The physical line failures currently registering will be indicated by the ACTIVE label next to the failure type Physical Line Alarms dsx 1 LineStatus This variable indicates interface line status It contains loopback failure received alarm and transmitted alarm information If any condition other than No Alarms exists you can click on the Alarms Present link to view the Line Status Alarms window see figure 103 The following failure states are reported in the dsx1LineStatus object The items listed in this section comprise those contai
186. e fastest data rate that will be negotiated Dial Out Modify window 115 Access Server Administrators Reference Guide 8 Dial Out Minimum Speed doModemMinSpeed This setting determines the slowest data rate that will be negotiated Guard Tone doModemGuardTone Normally a guard tone is not required But one can be inserted This operates for Phase Shift Key modulations only toneNone 1 tonel800 3 Carrier Loss Duration doModemCarrierLossDuration The number of seconds the carrier must be lost before the connection is determined to have been lost A set ting above 25 indicates forever Retrain doModemRetrain Enables the modem to monitor the line quality and request a fallback or retrain for poor quality and a fall for ward for good quality none 0 Do not allow modem to retrain fallback or fall forward retrain 1 Allow the modem to retrain if the line quality is poor fallForwardFallBack 2 Allow the modem to fallback to a slower speed if the line quality is poor of fall forward to a faster speed if the line quality is good Tx Level doModemTxLevel Not currently implemented Protocol doModemProtocol Assigns the data error correction protocol to use with the modem The following options are available Direct 0 No compression will be used e requestV42 1 Enable V 42 compression If this is selected the modem will either negotiate for V 42 data compression or if V 42 compression
187. e file After this operation the system should be rebooted to activate the new settings The configuration is loaded directly into the flash and so does NOT immediately modify any settings WARNING This operation will erase whatever settings you currently have in the system Browse Submit Query Figure 6 Import Export main window Export Configuration Note The exported configuration file is a text format file Do not try however to edit the operating characteristics contained in the file Note The parameters that will be exported are the power up settings as they are Introduction stored in flash memory and may not be the current operating parameters To ensure that you export the most current parameters go to HOME then click on the Record Current Configuration button under Immediate Actions 20 Access Server Administrators Reference Guide 3 Import Export To export the flash configuration click on the Export Flash link on the Import Export main page The access server will display text configuration information resembling that shown in figure 7 Export Configuration spe espe dodo spoke spoke jeje pee beoe eoe eoe seo dok dak det jeje jeje jeje jeje beoe eoe seo seo sese skate spoke ako joke spoke Flash configuration data for Server The data below is the current hexadecimal representation of your configurable data inthe system Selectthe File Save As option to save the data to a file This
188. e indicates the authentication method and IP address pool that the IP address will be selected from for the dial in user that matches the conditions of the configuration Note ADNIS profile of 0 indicates that no profile has been selected and the DNIS configuration is not activated Status dnisPoolStatus Indicates if the DNIS Configuration will be used e active 1 This configuration will be compared to the inbound call and used if the dial in user meets its conditions notUsed 2 This configuration will not compared to the inbound call to determine if the dial in user matches its conditions e destroy 3 Deletes the DNIS configuration Manage DNIS Window 79 Access Server Administrators Reference Guide 7 Dial In DNIS Profiles DNIS profiles can be set in two different ways Per CALLED number Configured DNIS profile would apply for all calls TO the number specified in the DNIS Profile regardless of the calling number OR Per CALLING number Configured DNIS Profile would apply only for the calls made FROM the number specified in the DNIS Profile In either case the Dialed Number field should be used when creating or modifying a DNIS group The DNIS profile lookup first tries to find the match for a given CALLED number If the Profile for a given number is not found it tries to find the match for a given CALLING number If the Profile for a given number is not found the default configuration is used
189. e information about this page refer to Far End Line Statis tics History on page 271 Far End Line Statistics Totals link clicking on this link takes you to the page that displays the total far end statistics of errors that occurred during the previous 24 hour period For more information about this page refer to Far End Line Statistics Totals on page 273 T1 E1 Link Activity main window The T1 E1 Link Activity window has three main sections that display the following T1 E1 parameters Line Status Shows the configuration of the T1 E1 Interface and service provided on each user time slot Near End Line Statistics Show error statistics collected from the near end of the T1 E1 line Far End Line Statistics Show statistics collected from the far end T1 E1 line Far End Line Statistics can be used by devices that support the facility data link FDL Link dsx 1Linelndex This object identifies a DS1 Interface on a managed device Type dsx ILineType This variable indicates the type of DS1 line using the circuit The circuit type determines the bits per second rate that the circuit can carry and how it interprets error statistics The values are as follows dsx1ESF Extended Superframe DS1 e dsx1D4 AT amp T D4 format DSI e dsx1EI Based on CCITT ITU G 704 without CRC e dsx1EI CRC Based on CCITT ITU G 704 with CRC e dsx1E1 MF Based on CCITT ITU G 704 with TS16 multiframing without CRC
190. e instead of the NAS Identifier attribute Accounting Address auAcctAddress This is the IP address of the accounting server RADIUS also allows for the recording of accounting informa tion Secondary Accounting Address auSecondaryAcctAddress When using a remote accounting server such as RADIUS Accounting this variable provides the IP address of the accounting server Setting Up Authentication 39 Access Server Administrators Reference Guide 5 e Authentication Accounting Port auAcctPort This is the UDP port on the accounting server specified in Acct Address that the access server should use to transfer accounting information RFC 2139 states that port 1813 is the standard RADIUS accounting port Some older implementations of RADIUS use port 1646 as the accounting port Accounting Enable auAccountingEnable This is a switch that allows the enabling or disabling the reporting of accounting information on the access server The following options are available e enableAccounting Begin accounting of RADIUS authenticated users disableAccounting Disable the accounting feature e enableAccounting no validation When a response is received from either the authentication or the accounting server it is validated using the defined secret If the secret does not match the reply packet is dropped just as if it never existed Early versions of the Livingston RADIUS server used a method for encoding the accounting reply packe
191. e less than the source port specified for the filter to be applied greaterThan 3 the source port in the IP packet must be greater than the source port specified for the filter to be applied Port filterlpSourcePort The port number to be compared to the source port in the IP packet Destination Port Applies the filter action based on the stated comparison to the destination port number Comparison filterlpDestinationPortCmp noCompare 0 no comparison to the destination port in the IP packet equal 1 the destination port in the IP action must be the same for the filter to be applied e lessThan 2 the destination port in the IP packet must be less than the source port specified for the filter to be applied Modify Filter 165 Access Server Administrators Reference Guide 13 e Filter IP e greaterThan 3 the destination port in the IP packet must be greater than the source port specified for the filter to be applied Port filterlpDestinationPort The port number to be compared to the destination port in the IP packet Protocol filterlpProtocol Specifies the IP Protocol number to use for filtering Some examples of protocol numbers are 1 for ICMP 6 for TCP and 17 for UDP A list of protocol numbers can be found in RFC 1340 A setting of 0 disables process ing based on protocol number TCP Established filterlpTcpEstablished Specifies whether the filter should match only those packets which indicate in the TCP
192. e segmented into individual channels or time slots For more information about this page refer to Line Status Channel Assignment on page 264 Introduction 252 Access Server Administrators Reference Guide 22 e T1 E1 Link Near End Line Statistics Current link clicking on this link takes you to the page that displays line sta tistics for the current 15 minute interval For more information about this page refer to Near End Line Statistics Current on page 265 Near End Line Statistics History link clicking on this link takes you to the page that displays line sta tistics for previous 15 minute intervals For more information about this page refer to Near End Line Sta tistics History on page 267 Near End Line Statistics Totals link clicking on this link takes you to the page that displays the total statistics of errors that occurred during the previous 24 hour period For more information about this page refer to Near End Line Statistics Totals on page 268 Far End Line Statistics Current link clicking on this link takes you to the page that displays far end sta tistics for the current 15 minute interval For more information about this page refer to Far End Line Sta tistics Current on page 270 Far End Line Statistics History link clicking on this link takes you to the page that displays far end sta tistics for previous 15 minute intervals For mor
193. e was exactly one collision Multiple Collision Frames dot3StatsMultipleCollisionFrames The number of successfully transmitted frames in which there was more than one collision SQE Test Errors dot3StatsSQETestErrors The number of times that the SQE TEST ERROR message is generated by the PLS sublayer Deferred Transmissions dot3StatsDeferredTransmissions The number of times in which the first transmission attempt is delayed because the medium is busy This num ber does not include frames involved in collisions Late Collisions dot3StatsLateCollisions The number of times that a collision is detected later than 512 bit times into the transmission of a packet Five hundred and twelve bit times corresponds to 51 2 microseconds on a 10 Mbps system Excessive Collisions dot3StatsExcessiveCollisions The number of frames in which transmission failed due to excessive collisions Other Errors dot3StatsInternalMacTransmitErrors The number of frames transmission on a fails due to an internal MAC sublayer transmit error Carrier Sense Errors dot3StatsCarrierSenseErrors The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame on a particular interface Ethernet Statistics 159 Access Server Administrators Reference Guide 12 Ethernet Received Frames Too Long dot3StatsFrameTooLongs The number of frames received that exceed the maximum permitted frame size Other Recei
194. eRetrains ccccssseccssssscesssecesseccsescescesseecsseeecesseesesseescsseeeeees 132 An example section T L reis iii drid 132 106 Access Server Administrators Reference Guide 8 Dial Out Introduction The Dial Out PPP feature allows the Remote Access Server to initiate PPP calls to remote locations The administrator can set locations to be called manually continuously or only when needed dial on demand The Dial Out window see figure 41 contains the following items Ability to change the order of calls on the main dial out screen Statistics for individual users able to view user settings Details link view dialout parameters Modify link modify dialout parameters locations link view add and modify dial out locations Modem Profiles link view add and modify modem profiles used to dial locations DIAL OUT Call Sorting descencing 0 v Submit Query Active Calls 2 Settings Details Modify Locations Modem Profiles Call ID ML ID User State Duration Disconnect Reason Modulation Speed 2 test digital waitingOnDemand 16 1 30 sec stillActive 0 unknown 0 0 1 test analog waltingOnDemand 16 1 20 sec stillActive 0 unknown 0 0 Figure 41 Dial Out main window Dial Out Main Window The Dial Out main window displays statistics for individual calls The following section explains the meaning of each statistic Call Sorting doPageSort Change the or
195. eader plus payload Bad Packets diactErrorFrames Number of bad received packets received during this call Bad packets are those that failed CRC error checks Physical Layer This portion of the Dial In User Statistics window see figure 40 on page 99 contains statistics about the modem connection It includes modulation levels and other modem related statistics that are helpful when troubleshooting modem problems This section covers only modem type statistics not ISDN connections Connection Modulation diactModulation The modulation type of the modem link for example V 34 The modem link can have these modulation or data types unknown 0 e v21 1 V 21 modulation e v22 2 V 22 modulation v32 3 V 32 modulation e v34 4 V 34 modulation k56 5 K56 Flex modulation x2 6 X 2 modulation Dial In User Statistics window 100 Access Server Administrators Reference Guide 7 Dial In e y90 7 V 90 modulation e vl110 8 V 110 modulation not currently implemented isdn64 9 ISDN 64 modulation isdn56 10 ISDN 56 modulation not currently implemented e 12tp 11 12tp tunnelled multilink call e phase2 20 Phase 2 an advanced state of modulation in v34 and higher e answerack 21 acknowledgement phase of modulation e V92 22 V 92 modulation moh 23 Modem is using V 92 s modem on hold feature e v23 24 V 23 modulation Transmit Connection Speed diactTxSpeed The connected
196. easembled Fremeni apReasmbeqdgi oot um OE UR eed cer beens 190 2 Successfully Iesssembled REMO eet etae Ue ene Deme E 190 easel lyse ailes TO e eec 190 FExagmiented CU pra E URN UU E E DE 190 A ae Re ees re MeL eds 190 7 Prsemente reared Pra o xe tees echte eee T ed e LUE 190 Valid but Discuded pRousnglisc mdg ai 190 T AEI TES E A PME ce E 190 Porwarding pborwardihg cotum ee tue A END NT 190 De aule necs pose TET DE e e Y B a a A E E E A A E A 191 ye E E ee E eee er ee 191 ECP mA aL ee e A E E E E ee E E E e TQ TOES 191 Betranamit Timeout Algorithm Gcpitollggritbm ts 192 TXerransmit Timeout Minimum tepRtoMinD Ree RI E ERES 192 Retransmit Timeout Maximum sep Rta Mi ita 192 Maximum Connections tepMiax Comin A as homes 192 Motives Opens EPA OpenId UH UEBER ES 192 Passive Opens icp arre OPEN ences eu e HUE UBER T EI 192 A Fals tep empi a nci cte eroe to eot e Medi ru e ues E eve des 192 ESTABLISHED Resets pls eee e EU EEUU 192 Current ESTABLISHED tepOurrBstab rete tee tee e EE e ER EH ERI eS dea 192 A aie sets sacs cer ue et eue M TE 192 Talan UPO Sees m aada 192 e dedos 193 184 Access Server Administrators Reference Guide 16 e IP Total Received TA T ET c as 193 Total Sent w RST Flag tcpOutRsts cimas iii 193 TEP Detali init ii ds 193 Local Port tcpGConnlLocalDost anat erba pier tete e iste erp tudn 193 Remote Address tep Corin Remi Address ciere ci rere ente etit ere ree Cep Peste at cb 193 Remot
197. ecause it was not responding properly to the main CPU driver code DSP Connection Performance 150 Access Server Administrators Reference Guide 11 Digital Signal Processing DSP DSP information window This is where you can view and modify parameters for a single DSP DSP 1 Desired State available 4 J Submit Instance First Second State available 8 available 8 Used By free 1 free 1 Call Statistics Originating Calls 0 Answering Calls 45 Successful Connects 43 Failed Connect no far modem 1 Failed Connect bad negotiation 1 Remote Retrains 11 Remote Renegotiates 80 Local Retrains 15 Local Renegotiates 12 Page Requests s 576 Debug Statistics Reserved A 0 Reserved B 0 Figure 63 DSP information window Call and Debug Statistics DSP Status This portion of the DSP information window shows information about the overall status of the selected DSP Desired State dspDesiredState The state of the DSP desired by the administrator this state may be different than its actual state e pendingReboot 1 This will put the individual DSP into the pendingBoot reset state and reserve all DSPs in the group It will not perform the reboot until there are no calls in the group of associated DSPs or until 10 minutes have elapsed at which point it will disconnect any remaining calls to do the reboot e RebootNow 2 This will disconnect all calls on the group of associated DSPs and perform t
198. echnique for authentication Note Entering an ID that is already configured will change the configuration DNIS Profile Entry Window Clicking on the ID in the DNIS Profiles Window displays this window see figure 34 In this window you can change the DNIS profile DNIS Profile 1 Login IP Pool 1 Login Technique none 0 pals DOVBS disable y Service Port 405 Service IP 10 10 205 1 Telnet Userld Telnet Bin BINARY 1 v Status active 1 y Submit Query Figure 34 DNIS Profile 1 window IP Pool dnisProfileSAssignedlpPool The ID of the IP Address Pool that will be used to select an IP address for the dial in user The IP Pool is con figured using the DNIS Ip Pool link See DNIS IP Pool Entry Window on page 87 for more information Note Do not enter actual IP address range here Login Technique dnisProfileLoginTechnique The authentication method used to authenticate the dial in user The following methods are available choices e none 0 no login sequence is enabled e textORpap 1 This setting enables clear text logins or PPP calls using PAP authentication Manage DNIS Window 83 Access Server Administrators Reference Guide 7 Dial In text 2 A username prompt is displayed and a username must be entered If the received username is a static user with no password defined then the connection completes and no password prompt is issued If a password is required then a password prompt is
199. econds encountered by a DS1 interface in the previous 24 hour interval Near End Line Statistics Totals 268 Access Server Administrators Reference Guide 22 e T1 E1 Link Severely Errored Seconds dsx1TotalSESs The number of severely errored seconds encountered by a DS1 interface in the previous 24 hour interval Severely Errored Frame Seconds dsx 1 TotalSEFSs The number of severely errored framing seconds encountered by a DS1 interface in the previous 24 hour interval Unavailable Seconds dsx 1 TotalUASs The number of unavailable seconds encountered by a DS1 interface in the previous 24 hour interval Controlled Slip Seconds dsx 1TotalCSSs The number of controlled slip seconds encountered by a DS1 interface in the previous 24 hour interval Path Code Violations dsx 1TotalPCVs The number of path coding violations encountered by a DS1 interface in the previous 24 hour interval Line Errored Seconds dsx 1 TotalLESs The number of line errored seconds encountered by a DS1 interface in the previous 24 hour interval Bursty ErroredSeconds dsx 1TotalBESs The number of bursty errored seconds BESs encountered by a DS1 interface in the previous 24 hour interval Degraded Minutes dsx1TotalDMs The number of degraded minutes DMs encountered by a DS1 interface in the previous 24 hour interval Line Code Violations dsx1TotalLCVs The number of line code violations LCVs encountered by a DS1 interface in the pr
200. ection Ip Filters LocationlpFilters on page 119 Modem Profile locationModemProfile ID of the modem profile to use to dial to this location If no profile is specified the default settings from the details page will be used Dial Out Locations Window 119 Access Server Administrators Reference Guide View Modify location details To view and or modify the location details click on the location ID link on the locations page From this page location settings can be modified and submitted Any changes made will take effect on the next call to this location Dialing Locations back Location ID 1 Location Name isdnt User Name fisan1 Password fisan1 Phone Number 22203 Destination IP 192 168 200 41 Destination MetMask 255 255 255 255 Connection Type dia on demand 2 7 Idle Timeout RN Maximum Session Time f s S CS S Authentication Technique foan 2 Modem Profile fe Submit Query Figure 47 View Modify location details 8 Dial Out To initiate an outbound PPP call to a location set the status of the location to dial and submit To stop a continuous or dial on demand call set the status to stop When the current call is disconnected no further calls will be placed Dial Out Locations Window 120 Access Server Administrators Reference Guide 8 Dial Out Dial Out Modem Profiles Window This window allows the administrator to set up different modem profiles to be
201. ed link or from being forced into this link state PrimarylPAddress boxEtherAPrimarylpAddress The Primary ethernet IP address PrimarylpMask boxEtherAPrimarylpMask The primary ethernet IP subnet mask PrimarylpFilters boxEtherAPrimarylpFilters Filters packets based on the filters assigned to the Primary IP address of the Ethernet port Enter the Filter ID of a filter configured under Filter IP Separate multiple filters using a comma SecondarylpAddress boxEtherASecondarylpAddress The secondary ethernet IP address Note This address is not propagated via RIP SecondarylpMask boxEtherASecondarylpMask The secondary IP ethernet IP subnet mask SecondarylpFilters boxEtherASecondarylpFilters Filters packets based on the filters assigned to the Secondary IP address of the Ethernet port Enter the Filter ID of a filter configured under Filter IP Separate multiple filters using a comma Note Only outbound filters can be applied to the secondary Ethernet Inbound fil ters for the secondary Ethernet must be entered in the Primary IP Filter field Technique boxEtherATechnique Turns ethernet port off and on The remote access server must be reset for this setting to take effect e disable 0 ethernet port is disabled static 1 ethernet port is turned on IP address es and mask s are obtained from data entered under the Ethernet link Config Indicates the specified fixed rate and duplex for the Ethernet int
202. ee arado 96 Local Remote PPP Protocol Comprsn diStatLocalToRemoteProtComp eee 96 Remote Local PPP Protocol Comprsn diStatRemoteToLocalProtComp eee 97 Local Remote AC Comprsn diStatLocalToRemoteACComp eene 97 Remote Local AC Comprsn diStatRemoteTaLocalAC Comp 22 reete terree irre eret 97 Transmit Frame Check Seq Size diStatTransmitFcsSize eee 97 Receive Frame Check Seq Size diScatiecelvelesS16 soni agere prete ee tene ine 97 DE rc EE A uae A 97 Operational Status dil pO per Stars iodo DE ep eie Oe e ER bed 98 Local Remote VJ Protocol Comprsn dilpLocalToRemoteCompProt sissies 98 Remote Local VJ Protocol Comprsn dilpRemoteToLocalCompProt eee 98 Remote Max Slot ID dilpRemoreMaxSlotld ici 98 Local Max Slot ID dilpLocalMaxSlotld inicia titi 98 Next Hop Gateway diForcelNextHop suicida ada Rats 98 Primary Domain Name Server diactPrimary ONS mori a enana 99 Secondary Domain Name Server diactSecondaryDNS eese 99 Filters diSeatipPiltesAto os sire tette toe Ee Mutat a Le eo pde ttr in ettet 99 NO 99 Number Called diactNumberDialed essent e traen tatnen 100 Number Called From diactCallingDliope id aret Rp tede rte rero beer 100 Ie oeconomia anta 100 Oetets Sent diactSent eres oo ecce rectores b ere e esie Eee A ebc evel ee eben eee eb ener aE 100 Octets Received diActReceivedOcte
203. ee figure 42 For more information about modifying Dial Out settings refer to Dial Out Modify window on page 111 Dial Out Details window 110 Access Server Administrators Reference Guide 8 Dial Out DIAL OUT Call Sorting descending 0 Submit Query Active Calls 2 Settings Details Modify Locations Modem Profiles S Call ID ML ID User State Duration Disconnect Reason Modulation Speed 2 S test digital waitingOnDemand 16 1 30 sec still ctive 0 unknown 0 0 1 test analog waitinpOnDemand 16 1 30 sec stillActive 0 unknown 0 0 Figure 42 Dial Out Details window Dial Out Modify window The Dial Out Modify window see figure 43 is where you can make changes to the following Login settings see Modify Login Maximum number of login attempts and the authentication failure banner see Modify Attempts on page 112 Maximum session time idle time time to login and call history timeout see Modify Maximum Time on page 113 Outgoing modem configuration parameters Modify Modem Configuration on page 115 To reach this window select Modify from the Dial Out Details window or in the Dial Out main window DIAL OUT Login TCP Port a TCP Type Restrict To Lan Login Technique Username Prompt Usemame Password Prompt Password Initial Banner a Attempts Failure Banner Login Attempts Allowed 3 Figure 43 Dial Out Modify window Login At
204. ee these termination rea sons on a consistent basis noPoll 12 ipcPutMsgErr 13 pollErr 15 ioctlErr 16 pppPutMsgErr 17 dsploctlErr 18 timerErr 19 pppOpenErr 22 pppLinkErr 25 tcpOpenErr 26 tcpPushErr 27 tcpPutMsgErr 28 invalidPrim 29 noTimers 33 tcpLinkErr 34 Dial Out Main Window 109 Access Server Administrators Reference Guide 8 Dial Out dspLinkErr 35 dspPutMsgErr 36 lisIpcErr 38 dspOpenErr 39 invalidCode 40 dspCommErr 42 unknownBearerContent 43 Modulation doactModulation The modulation of the link unknown 0 unknown modulation v21 1 v 21 modulation v22 2 v 22 v 22bis modulation v32 3 v 32 v 32bis modulation v34 4 v 34 modulation k56 5 K56 Flex modulation v90 7 v 90 modulation v110 8 v 110 ISDN connection isdn64 9 64k ISDN connection isdn56 10 56k ISDN connection phase2 20 currently training to a modulation answerAck 21 acknowledge state of the modulation v92 22 v 92 modulation moh 23 Modem is using v 92 s modem on hold feature v23 24 v 23 modulation Speed doactTxSpeed The transmit in relation to the access server speed of the modulation Dial Out Details window The Dial Out Details window see figure 42 shows the active Dial Out configuration of the access server Scroll down the window to view additional Dial Out access server parameters You can modify Dial Out parameters by clicking on the Modify link s
205. eeCalliing Num Fitst ttr teret tens 217 Last Response Code interRepCallingINunmbast etre terere eR HERE 217 Speech Condition Set up interRegGroupBAck 2 tere eerte eC S 218 209 Access Server Administrators Reference Guide 17 MFR Version 2 Introduction The MFR Version 2 window see figure 88 contains objects for networks that use Signalling System R2 To set up R2 Signalling in the access server refer to Recommendations Q 400 Q 490 and to the host country s P TT for national signalling specifications MFR Version 2 Modify Line Signalling Country ituStandard 1 Idle Code abcd 1001 9 Forward Seize abcd 0001 1 Back Acknowledge abcd 1101 13 Back Answer abcd 0101 5 Minimum Transition Time ms 100 Minimum Detection Time ms 20 Protocol Timeout ms 3000 Interregister Signalling Called Number Total Digits 6 First and Middle Response Code a1 1 Last Response Code a6 6 Calling Number Total Digits 0 First and Middle Response Code al 1 Last Response Code a6 6 Speech Condition Set up bl Figure 88 MFR Version 2 main window Click on MFR Version 2 under the Configuration Menu to display the MFR Version 2 main window MFR Version 2 main window The MFR Version 2 window displays parameters for networks that use Signalling System R2 The MER Ver sion 2 window also has the Modify link that you can click to modify Line Signalling parameters see MFR Version
206. eeese i eea EA 35 Aecounbitie Port lice pe itll dt 36 Accounting Enable GuNccountingEnable sti 36 Radius Packer Formac an Ral ST soreer aeaea RER EE RAR AER DR EAER r EE EE REE 36 Radius Session ID Size au Badius Running IdSizel as osea eE ete EUREN ES 36 Jere TO Cau Eidos L ea eee A uer A eere E E E E er ae 37 Set Up Abeni i aE A A A A E AA A EN 37 A o Rene eae 38 I Tostexeldinessstin la AR Ts a SE EER 39 Secondary Host Address anSecondaryHostAddress eter EUR EI RESI ia 39 cad E ol A A E E EA AEA A E ee E eR Ee ME ETT 39 Timeout au TO 39 E O 39 Access Server Administrators Reference Guide 5 e Authentication E ERE 39 INAS Identifier auNASIden fier a 39 Accounting Address auAcctAddtess a ranita ia 39 Secondary Accounting Address auSecondaryAcctAddress ettet tinet 39 Accounting Port auAGctPOrt L1 Pitt certe E e ERE ia 40 Accounting Enable auAccoubting Enable voca oett tutte Rees ede ce deletae dd 40 Radius Packet Format auRadiusPacketFormat ccccccssssscccsssssssccccsssssseccescesseeceescosseceessossseseescossssesecceessseee 40 Radius Session ID Size auRadnisRunnmglIdSi6 italia 40 Static User Authentication NO 41 Adding State Uni e 41 Ihs T a is 41 Username sul s rie entrer eto ete e eere ES Cure i Fe a reso bia EU dp PE ce PPAR Pa cba EE CEU DEREN RUA 41 EE O A eir Ar E D n E cb iet oce T 41 NO 41 Mods Usada A didnt add 42 Service T AIE a D eset aaa aae aa desse e ee ee ONE Te Ye eo eub ec R
207. emote node This setting becomes active when the link is in the up able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 The values are from 0 to 128 Remote Frame Check Sequence size doStatReceiveFcsSize The size in bits of the frame check sequence FCS that the remote node will generate when sending packets to the local node This setting becomes active when the link is in the up able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 The values are from 0 to 128 Dial Out User Statistics Window 129 Access Server Administrators Reference Guide 8 Dial Out Phone This portion of the Dial Out User Statistics window see figure 52 shows the phone numbers that were used by this caller Phone Number Called 1165 Number Called From 3015562973 Data Octets Sent 44817 Octets Received 108439 Packets Sent 462 Packets Received 1135 Bad Packets 0 Physical Layer Connection Modulation v34 4 Transmit Connechon Speed 31200 Receive Connection Speed 31200 Error Correction Protocol v42 2 Data Compression Protocol y42b 5 2 Modulation Symbol Rate 3429 Locally Imtated Renegotiates 2 Locally Ininated Retrams D Remote Initiated Renepotates 2 Remote Iniated Retrains 1 Figure 52 Dial Out User Statistics window Number Called doactNumberDialed The phone number that was u
208. ems that are associated with the user dialing in including call statistics type of service used modem specific statistics as well as configuration parameters for login service domain name service login attempts configuration of link maximum time and modem configuration Note The Dial In main window can be automatically refreshed by setting the Web Page Refresh Rate under the System menu see section SNMP and HTTP on page 237 Click on Dial In under the Configuration Menu to display the Dial In main window The Dial In window contains the following items The ability to change the order of the calls on the main dial in screen Statistics for individual users for example users jill jeff and jay as shown in figure 22 For more informa tion about the statistics displayed on the Dial In main window refer to Dial In main window below To view or modify individual user settings select an active user in the State column for example if you wanted to modify user jill you would click on the online 6 link next to jill s username For more informa tion about individual user settings refer to Dial In User Statistics window on page 88 Default Details link clicking on the Details link takes you to the page where you can see how the system is currently set up to handle dial in users For more information about the Details page refer to Dial In Details on page 65 Modify default link clicking on the Modify
209. en the Internet standard all ones broadcast address is used the value will be 1 This value applies to both the subnet and network broadcast addresses used by the entity on this interface Entry Reassembly Maximum Size ipAdEntReasmMaxSize The size of the largest IP datagram which this entity can re assemble from incoming IP fragmented datagrams received on this interface Routing Information The IP Routing Information window see figure 83 displays information required to route IP datagrams including the IP address subnet mask next hop router and interface for each network interface defined in the access server Routing Information 199 Access Server Administrators Reference Guide 16 e IP IP ROUTING INFORMATION Destination Mask Gateway Cost Interface Protocol State 0 0 0 0 0 0 0 0 ld user 2 19249 110 0 255 255 255 0 l L 1 local 1 192 49 110 110 255 255 255 255 2 1 np 4 19249 110 111255 255 255 255192 49 110 1522 1 np 4 192 49 110 112 255 255 255 255 192 49 110 1522 1 rip 4 192 49 110 113 255 255 255 255 192 49 1 22 1 np 4 192 49 110 114 255 255 255 255 2 T np 4 192 49 110 115 255 255 255 255 2311 rip 4 192 49 110 116 255 255 255 255 Que rip 4 192 49 110 117 255 255 255 255 2l rip 4 192 49 110 118 255 255 255 255 2 np 4 192 49 110 119 255 255 255 255 22 1 tip 4 192 49 110 120 255 255 255 255 1 25 np 4 192 49 110 121 255 255 255 255 2 1 np 4 192 49 110 123 255 255 255 255 20 nip 4 192 4
210. ence Guide 23 Sync PPP RECEIVE framerelRxOctets Receive rate in bits per second No Buffers Available framerelRxNoBufferAvailable The number of packets received when no receive buffers were available Data Overflow framerelRxDataOverflow The number of packets received with overflow indicated by the hardware Message Ends framerelRxMessageEnds The number of packets received with message correct endings This value increases each time a valid packet is received Packets Too Long framerelRxPacketToolong The number of packets received that were too long Overflow framerelRxOverflow The number of packets received with overflow indicated by software Aborts framerelRxAbort The number of packets received that were aborted Bad CRCs framerelRxBadCrc The number of packets received with bad CRC values Invalid Frames framerelRxInvalidFrame The number of packets received with invalid frames Tx Underruns framerelTxUnderrun The number of times the transmit buffer was not replenished in time to be sent out on the line LINK Resets framerelResets Number of times the link was reset Link Configuration PPP protocol pppDesiredFunction This is the actual desired kind of ppp protocol e ppp 1 point to point protocol ppp bcp 2 bridge control protocol Authentication Technique pppAuthenticationTechnique The login technique used for authentication none 0 No authentication will be used
211. endpoints the access server frame relay access equipment bridges rout ers hosts frame relay access devices and network devices switches network routers T1 E1 multiplexers The most popular application is to use the access server as a POP in a box with a Frame Relay IP connection to the Internet backbone The most common configuration is setting up the access server as a DCE and connecting to a provider s Frame switch via a T1 E1 line In this application the access server will establish a point to point link via one or more DLCT s or virtual channels Each DLCI is a pipe with an associated far end IP address You may then modify the access server s routing table and enter routes to use the Frame Relay link as the next hop A Frame Relay link is configured as follows Configuring the WAN link for Frame Relay Selecting the correct Frame Link configuration parameters LMI e Assigning an IP address to the DLCI Assigning next hop routes to the new DLCI Line Configuration The first stage in setting up a Frame Relay WAN link is configuring a T1 or E1 line for Frame Relay service Note You can have some channels as a Frame Relay link on the same WAN link that you are also using for dial up calls Each channel that is set to Frame Relay will reduce the number of simultaneous calls You also must arrange with your provider to allow both Frame Relay and cir cuit switched calls on the same WAN link In this case you do not need to se
212. entifying the branch chosen is added to the object identifier When the last branch is selected taking you to the desired parameter the OID is completed The following sections give an example of building an OID In the example a customer wants to monitor the number of active calls to find out if the access server becomes full during peak hours Finding the SNMP Name The Access Server Guide gives the SNMP name for each parameter that appears on the web interface The total number of active calls can be found on the dial in screen The description for that parameter gives the following information Identification SNMP Name On screen Active Calls diActive Figure 127 Parameter format Using SNMP with the Access Server 313 Access Server Administrators Reference Guide C Technical Reference Finding the section of the MIB tree in which the SNMP parameter resides Refer to figure 128 on page 315 and look at the Model 2960 MIB tree There two sections in the tree The Internet standards section identified by the shaded box surrounding it In this section are MIBs Man agement Information Base that deal with Internet standards such as SNMP IP ICMP Frame Relay and Ethernet It contains parameters that could potentially be on any machine that implements these features e The private Patton MIB In this section are MIB variables that are specific to Patton products This section is further divided into
213. er Implementation of the Interfaces group is mandatory for all systems INTERFACES There are 126 total interfaces Number Type Admin Stat Operational Stat 1 ethernet csmacd 6 up l up 1 Details 2 ethernet csmacd 6 down 2 down 2 Details 3 ppp 23 S up 1 up 1 Details 4 ppp 23 up 1 up 1 Details 5 ppp 23 up 1 up 1 Details 6 ppp 23 up 1 up 1 Details 7 ppp 23 up 1 up 1 Details 8 ppp 23 up 1 up 1 Details 9 ppp 23 up 1 up 1 Details 10 ppp 23 up 1 up 1 Details 11 ppp 23 up 1 up 1 Details 12 other 1 down 2 down 2 Details Figure 73 Interfaces main window Click on Interfaces under the Configuration Menu to monitor interfaces statistics Interfaces main window This section explains the meaning of the other items contained in the main window Click on the Details link to monitor the status of each connected interfaces see Interface Details on page 181 The Interfaces main window displays the total number ifNumber of network interfaces regardless of their current state present on this system Number iflndex A unique number for each interface that ranges between 1 and the value of ifNumber The value for each inter face must remain constant at least from one re initialization of the entity s network management system to the next re initialization Many MIB tables refer back to the interfaces table Introduction 1
214. er the remote PPP entity will use protocol compression when transmitting packets to the local PPP entity This setting becomes active when the link is in the up able to pass packets operational state These are the available options e disabled 0 PPP compression is disabled e enabled 1 PPP compression is enabled Local Remote AC Comprsn pppStatlocalToRemoteACComp Indicates whether the local PPP entity will use address and control compression ACC when transmitting packets to the remote PPP entity This setting becomes active when the link is in the up able to pass packets operational state These are the available options e disabled 0 ACC is disabled WAN Circuit CONFIGURATION window 286 Access Server Administrators Reference Guide 23 Sync PPP e enabled 1 ACC is enabled Remote Local AC Comprsn pppStatRemoteTolocalACComp Indicates whether the remote PPP entity will use address and control compression ACC when transmitting packets to the local PPP entity This setting becomes active when the link is in the up able to pass packets operational state These are the available options e disabled 0 ACC is disabled e enabled 1 ACC is enabled Transmit Frame Check Seq Size pppStatTransmitFcsSize The size of the Frame Check Sequence FCS in bits that the local node will generate when sending packets to the remote node This setting becomes active when the link is in the up able to pass packe
215. erface auto 0 auto negotiate the settings for the interface default 100M full 1 force the interface to 100M amp full duplex 100M half 2 force the interface to 100M amp half duplex e 0M full 3 force the interface to 10M amp full duplex e 10M_half 4 force the interface to 100M amp half duplex Ethernet Main Window 156 Access Server Administrators Reference Guide 12 Ethernet Ethernet Modify Window This window allows you to make changes to the ethernet configuration To reach this window select Modify from the Ethernet main window ETHERNET A State linkIndication100Duplex 6 PrimarylpAddress 10 10 200 155 PrimarylpMask 255 255 0 0 PrimarylpFilters peu SecondarylpAddress 0 0 0 0 SecondarylpMask 0 0 0 0 SecondarylpFilters Technique suci 2 Technique auto 0 Submit Figure 65 Ethernet Modify Window State boxEtherAState Indicates the state of the ethernet interface The following states are valid notInstalled 0 Ethernet interface is not installed in the hardware e noLlinkIndication 1 The link is in the down state adminOff 2 The link is administratively down linkIndication10M 3 The link is up and running at 10M half duplex linkIndicationl0Duplex 4 The link is up and running at 10M full duplex e linkIndication100M 5 The link is up and running at 100M half duplex linkIndication100Duplex 6 The link i
216. erfaces is O AAN 179 Hui Detaile ainia 181 AQ bonds A E 184 todo e dolia et n rss e Secured erre 187 Pina WIndOW e eO Urn tee a Ui iin palum 187 jor C A 190 jc m X C A m 191 96 eevee M 194 s EC NS 195 Addressing InfoMine 198 Routine Info rm ton oce sette tete n DUI e en E eei UN ERE Ene 199 QS Forwarding table with Owe e teer tren e Per e eese e ee rete he ra 203 IP Rowting Destination he ME 205 Address Translation nota seus eere reete roe ert ine ee Ad 206 jLP 208 NN 210 MER Veisiop 231 WIDSOW diablo dendo Eae re ret dR lees Pes 210 Int rresister ill M 211 MPR Version 2 3MGdIEg ier Ere ni et true een eese Ere e exe eb tae ie eR RR e RU e ere een CERE REN R8 212 d aAn 219 Tit Cu tO fi ete LE 220 RID Version 2 T 220 RIP Version 2 CohBPUfatlOoh cour rri reri eter ttd e et EEE EEN Een e oie teeter oe dada 222 RIP Version 2 Statistics n d edite epe cr even pre eee e a 223 SNMP M 225 Introduction nina C iaa 226 SNMP TT 226 I 227 O AR 228 K O O ANO 230 Tato dm Te ites x 20 8 EE 232 E RSS 232 ao WINdOW NN
217. erfaces that are used for transmitting network protocol data units this is the size of the largest network pro tocol data unit that can be sent on the interface Speed ifSpeed An estimate of the interface s current bandwidth in bits per second For interfaces which do not vary in band width or for those in which no accurate estimation can be made this object should contain the nominal band width Physical Address ifPhysAddress This value is the MAC address of the Ethernet port Admin Stat ifAdminStatus The desired state of the interface up 1 The selected interface is ready to pass frames down 2 The selected interface is not ready to pass frames testing 3 The selected interface is being tested No operational frames may be passed in this mode Operational Status ifOperStatus The current operational state of the interface up 1 The selected interface is ready to pass frames down 2 The selected interface is not ready to pass frames testing 3 The selected interface is being tested No operational frames may be passed in this mode Last Change ifLastChange The value of sysUpTime at the time the interface entered its current operational state If the current state was entered prior to the last re initialization of the local network management subsystem then this object will be zero Received Octets iflnOctets The number of octets received on the interface including framing charac
218. ersion 2 Statistics on page 223 where you can view routing and update informa tion for each subnet address e Address Clicking on this link displays the RIP Version 2 Configuration window see RIP Version 2 Configuration on page 222 This window is where you can configure objects for each subnet address including authentication method RIP Version 1 or Version 2 compatibility and metric value Route Changes Made rip2GlobalRovteChanges The number of route changes made to the IP Route Database by RIP This does not include the refresh of a route s age Responses Sent rip2GlobalQueries The number of responses sent to RIP queries from other systems Address rip2IfConfAddress The IP address of the interface on the access server Send rip2IfConfSend The types of RIP packets the router sends on this interface doNotSend 1 Introduction 220 Access Server Administrators Reference Guide 18 RIP Version 2 e ripVersionl 2 Send RIP updates compliant with RFC 1058 e ripl Compatible 3 Broadcast RIP 2 updates using RFC 1058 route subsumption rules ripVersion2 4 Send multicasting RIP 2 updates Receive rip2IfConfReceive This indicates which version of RIP updates are to be accepted Note that rip2 and ripl OrRip2 implies recep tion of multicast packets ripl 1 Accept RIP updates compliant with RFC 1058 rip2 2 Accept multicasting RIP 2 updates riplOrRip2 3 Accept both
219. es e g 0 0 0 0 and addresses of unsupported Classes e g Class E For entities which are not IP Gateways and therefore do not forward data grams this counter includes datagrams discarded because the destination address was not a local address IP main window 188 Access Server Administrators Reference Guide 16 IP Forwarded Datagrams ipForwDatagrams The number of input datagrams for which this entity was not their final IP destination as a result of which an attempt was made to find a route to forward them to that final destination In entities which do not act as IP Gateways this counter will include only those packets which were source routed via this entity and the source route option processing was successful Discarded for Unknown Protos iplnUnknownProtos The number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol Discarded w No Errors ipInDiscards The number of input IP datagrams for which no problems were encountered to prevent their continued pro cessing but which were discarded for example due to lack of buffer space Note The Discarded w No Errors counter does not include any datagrams dis carded while awaiting re assembly Total Deliveries ipInDelivers The total number of input datagrams successfully delivered to IP user protocols including ICMP Ovt Requests ipOutRequests The total number of IP datagrams which local IP user prot
220. essage Ends 0 Packets Too Long 0 Overflow Aborts 0 Bad CECS 0 Invalid Frames 1 30 Tx Underruns 0 LINK Resets 57 Link Configuration Modify PPP protocol ppp l Authentication Technique none 0 Authenticahon Side local 1 Figure 120 Link Configuration Refer to section Default Settings on page 280 for a description of the following options PPP protocol pppDesiredFunction Authentication Technique pppAuthenticationTechnique Authentication Side pppAuthenticationSide Authentication Username pppAuthenticationUsername Authentication Password pppAuthenticationPassword e MRU ppplnitialMRU P Address pppServicelpAddress P Mask pppServiceIpMask P Compression ppplpCompression P Force Next Hop pppForceNextHop Link Compression pppLinkCompression Allow Magic Number Negotiation pppMagicNumber WAN Circuit CONFIGURATION window 289 Chapter 24 Layer 2 Tunneling Protocol L2TP A A Dee Ie iUe 29 I RB uk GTR a a ODIO DO DERI TELE 291 Beatie Autbenticgtidte 225 ete de n A E IEEE EE I 291 RADIUS Antie T 292 Conteur om EA PE e E E A E E E E Te eo m e TUS 293 Cisco Configuration 290 Access Server Administrators Reference Guide 24 Layer 2 Tunneling Protocol L2TP Introduction This chapter explains the operation of the L2TP feature on the Patton Electronics Remote Access Servers This feature has been introduced into the Patton RAS line with the 3 8 4
221. ever reason timed out errors etc Note The Reassembly Failures value is not necessarily a count of discarded IP frag ments since some algorithms notably the algorithm in RFC 815 can lose track of the number of fragments by combining them as they are received Fragmented OK ipFragOKs The number of IP datagrams that have been successfully fragmented at this entity Fragmented Failed ipFragFails The number of IP datagrams that have been discarded because they required fragmenting at this entity but were not fragmented because their Don t Fragment option was set Fragments Created ipFragCreates The number of IP datagram fragments that have been generated at this entity Valid but Discarded ipRoutingDiscards The number of routing entries which were chosen to be discarded even though they are valid One possible reason for discarding such an entry could be to make more buffer space available for other routing entries Modify The Modify IP configuration window see figure 76 is where you can change IP forwarding and time to live settings IP CONFIGURATION Forwarding forwarding 1 Default Time To Live IB Figure 76 IP configurations modification window Forwarding ipForwarding Determines whether this entity is acting as an IP gateway that will forward datagrams received by but not addressed to this entity IP gateways forward datagrams IP hosts do not except those source routed via the host M
222. evious 15 minute interval Near End Line Statistics Totals 269 Access Server Administrators Reference Guide 22 e T1 E1 Link Far End Line Statistics Current Click on Near End Line Statistics Current to display far end statistics for the current 15 minute interval 96 previous intervals will be shown unless the remote access server has been reinitialized in the last 24 hours See figure 112 CIRCUIT ID 1 CURRENT FAR END PERFORMANCE Time Elapsed 677 Errored Seconds 0 Severely Errored Seconds 0 Severely Errored Frame Seconds 0 Unavailable Seconds 0 Controlled Slip Seconds 0 Line Errored Seconds 0 Path Code Violations 0 Bursty Errored Seconds 0 0 Degraded Minutes Figure 112 Current Far End Performance window Time Elapsed dsx 1 FarEndTimeElapsed The number of seconds that have elapsed since the beginning of the far end current error measurement period Errored Seconds dsx1FarEndCurrentESs The number of far end errored seconds encountered by a DS1 interface in the current 15 minute interval Severely Errored Seconds dsx1FarEnd CurrentSESs The number of far end severely errored seconds encountered by a DS1 interface in the current 15 minute interval Severely Errored Frame Seconds dsx 1FarEndCurrentSEFSs The number of far end severely errored framing seconds encountered by a DS1 interface in the current 15 minute interval Unavailable Seconds dsx1FarEndCurrentUASs The numbe
223. ex Subsequent calls in a multilink PPP ISDN call refer to this ID as a pointer to the bundlehead or originating call ML ID diactMultilndex Subsequent calls in a multilink PPP ISDN call have a pointer to the bundlehead or originating call User diactusername The user name that the caller entered This can be a static user or a radius user s login name Dial In main window 55 Access Server Administrators Reference Guide State diactState As the call comes into the access server it can be in one of five states Ringing The call has been recognized by the access server and is in process of going off hook 7 Dial In Connecting The unit has assigned a DSP to the incoming call and is now in the process of negotiation of the type of modulation V 34 V 32 ISDN or 56K Authenticating T he access server is in the process of verifying the users passwords by using static or RADIUS authentication Online The access server has completed authentication and we are ready to access the Internet Dead The user has been disconnected and this message will go away after the linger time has expired Bury Kill the call and remove it from the dial in main window Duration diactSessionTime The number of seconds this call was is active Time in seconds the user has been connected Disconnect Reason diactTerminateReason The reason a call was disconnected refer to Termination Reason diactTerminateReason o
224. f this redirection feature Telnet Userld dnisProfileTelnetUserld Specifies the ID string that the device will submit during a Telnet session Telnet Mode dnisProfileTelnetMode Specifies the mode ASCII or Binary that the device will use to start a Telnet session Status dnislpProfileStatus Indicates if the DNIS Profile is used in any DNIS configuration e active 1 This profile is used in one or more DNIS configurations e notUsed 2 This profile is not used in any configurations e destroy 3 deletes the DNIS profile Manage DNIS Window 85 Access Server Administrators Reference Guide 7 Dial In DNIS IP Pools Window DNIS Ip Pools Settings Manage DNIS DNIS Profiles ID IP Address Pool 1 115 4933 110 129 MN 2 10101025 0 BEEN 3 LL11 6 Add DNIS profile Pool Format XXX XXX XXXAGA XXX XXX XXX bbb where aaa lt bbb Id IP Address Pool EA 1 Submit Query S s Figure 35 DNIS IP Pools window The DNIS IP Pools Window see figure 35 contains the following items Information about DNIS IP Pools set up to view or modify individual DNIS IP Pools select an ID in the ID column For more information about modifying a DNIS IP Pool refer to DNIS IP Pool Entry Win dow on page 87 e Manage DNIS clicking on the Manage DNIS link takes you to the link that shows the DNIS configura tions including the DNIS Profiles used Refer to page Manage DNIS main window on page 78 DNIS Profi
225. fic After this time the connection will be terminated This is a default setting and it can be overridden by the authentication set tings of a specific user Note The maximum value is 357 910 minutes Time to login sec diLoginTimeout This is the maximum time in seconds that a user is given to log in This only applies to the time before the user is authenticated This setting should take into account any time delays incurred when querying a remote authentication server such as a RADIUS Call History Timeout min diLingerTime Number of minutes a MIB entry will remain in the Active table after the call it pertains to is disconnected Up to 15 dead calls can be displayed Setting the parameter to 0 disables the timeout feature Dial In Modify default window 72 Access Server Administrators Reference Guide 7 Dial In ISDN Configuration V 110 enable 1 E NOTE V 110 is detected through either the bearer capability or the low level compatibility element of the ISDN setup message Submit Query V 92 Configuration V 92 Features enable 1 y Quick Connect enable 1 sj Modem on Hold disable 0 Modem on Hold Timeout disabled 0 3 Submit Query Figure 29 V 92 Configuration window Modify ISDN Configuration V 110 signaling is a form of ISDN rate adaptation see figure 29 V 110 is a fixed frame based rate adaptation standard that allows lower data rates to be communicated across 64 kbps ISDN
226. formadon her ORE 151 IRE ai AA ete Gian etait A 151 Desired State dsp Desired State ori ias 151 Instance First State dapStatebust sas 152 Instance First Used By dspUseFitst io iii ii 152 Instance Second State dspStateSecasd ii la ii regu e en eto ne revel eg 152 Instance Second Used By dspUseSecond noni DRE ect p eive da e Raetia Feeds 152 ALIAS CARRS PP 152 Originating Calls dspOrigimaunpCalls url ts edes 152 Answering Calls dspAuswernpCAalls unimarc pie tdi 152 Successful Connects dspSuccesstulConnects iria ais 153 Failed Connect no far modem dspFailedConnectPreV8 eese 153 Failed Connect bad negotiation dspFailedConnectPostV8 iseina 153 R mote Retrams dspRemoteRettaltis nono nino 153 Remote Renegotiates dspRemoteRenegotiates eese nennen nnne enne 153 Local Retrains dspLocalRetrains voii ein nte eae Hee ree brian 153 Local Renegotiates dspLocalRenegotlates iii did 153 Page Requests dspP ase Requests sonrisa e reet RR nd RA UTD alii 153 pei sida iaa depa 153 Reserved A dip Reseed A sano dll ide or tii 153 Reserved B dspReservedB iie e nee RERO RT EPA EATER 153 143 Access Server Administrators Reference Guide 11 Digital Signal Processing DSP Introduction The access server uses between 12 and 60 digital signal processors DSPs to pass digital information Each DSP can accept two incoming calls one on each instance The DSPs are located on chips th
227. g requests for a call Primary server timeouts auPrimaryServerTimeouts The total number of authentication timeouts by the primary RADIUS authentication server Secondary server timeouts auSecondaryServerTimeouts The total number of authentication timeouts by the secondary RADIUS authentication server Accounting server timeouts auAccountingServerTimeouts The total number of accounting timeouts by the primary RADIUS accounting server Maximum Response Time The maximum time it has taken for authentication to be completed since the server rebooted Last Response Time The time taken for the last authentication to be completed The Statistics section 33 Access Server Administrators Reference Guide The Configuration section 5 e Authentication The configuration section of the main Authentication screen see figure 14 shows how the authentication method used by the RAS is configured Configuration Validation Host Address Secondary Host Address Host Port Timeout Retries Secret NAS Identifier Acct Address Secondary Acct Address Acct Port Accounting Enable RADIUS Packet Format RADIUS Session ID Size RADIUS Session ID staticThenRadius 4 192 168 15 88 192 168 15 19 1812 2 3 No Access Closet Unit 192 168 15 88 192 168 15 19 1813 enable Accounting 1 fullR cPacket 0 eight 0 5B 1 Figure 14 Authentication main screen Configuration section Validation auValidation
228. ge The network is unreachable The host is unreachable The protocol is not available to the network The port on the host is unavailable A specified source route failed A packet must be fragmented that is broken up into two or more packets before being sent to the next hop but the packet was sent anyway with instructions not to be fragmented Times Exceeded icmplnTimeExcds icmpOutTimeExcds The number of ICMP time exceeded messages received sent Each time a packet passes through a gateway that gateway reduces the time to live TTL field by one The default starting number is defined under the IP sec tion If the gateway processing a packet finds that the TTL field is zero it will discard the packet and send the ICMP time exceeded message Time exceeded will also be incremented when a host which is reassembling a fragmented packet cannot complete the reassembly due to missing packets within its time limit In this case ICMP will discard the packet and send the time exceeded message Parameter Problems icmplnParmProbs icmpOutParmProbs The number of ICMP parameter problem messages received sent If while processing a packet a gateway or host finds a problem with one or more of the IP header parameters which prohibits further processing the gateway or host will discard the packet and return an ICMP parameter problem message One potential source of this problem may be with incorrect or invalid arguments in an option IC
229. gents supporting read write access should return badValue in response to a requested loopback state that the interface does not support The val ues mean 22 T1 E1 Link dsx1 NoLoop Not in the loopback state A device that is not capable of performing a loopback on the interface shall always return this as it s value dsx1PayloadLoop The received signal at this interface is looped through the device Typically the received signal is looped back for retransmission after it has passed through the device s framing function dsx1LineLoop The received signal at this interface does not go through the device minimum penetra tion but is looped back out dsx1OtherLoop Loopbacks that are not defined here Send Code dsx 1 SendCode This variable indicates what type of code is being sent across the DS1 interface by the device The values mean dsxISendNoCode Sending looped or normal data dsx1SendLineCode Sending a request for a line loopback dsx1SendPayloadCode Sending a request for a payload loopback dsxISendResetCode Sending a loopback termination request dsxISendQRS Sending a Quasi Random Signal QRS test pattern dsx1Send511Pattern Sending a 511 bit fixed test pattern dsx1Send3in24Pattern Sending a fixed test pattern of 3 bits set in 24 dsx1SendOtherTestPattern Sending a test pattern other than those described by this object Error Injection linkInjectError Force an output error to see if the o
230. gnal 53177848 listenerlliststat c WAN 1 loss of signal 53177948 listenerlliststat WAN 1 loss of signal 53178048 listenerlliststat c WAN T loss of signal 53178148 listenerliststat c WAN 1 loss of signal 53178248 listenerliststat c WAN 1 loss of signal 53178348 listenerliststat c WAN 1 loss of signal Figure 100 System Log Volatile Memory window The time stamp in 10 ms intervals of the stored message Message slMessage Stored system log message System Log Volatile Memory 247 Access Server Administrators Reference Guide 21 System Log System Log Non Volatile Memory The System Log Non Volatile window see figure 101 displays non volatile RAM messages for each 10 ms time stamp SYSTEM LOG Non Volatile Memory Time Message 3365442 srclroot c DSPs feeding interrupt 0 stuck interrupting 4132904 srciroot c DSPs feeding interrupt 1 stuck interrupting 4229402 srclroot c DSPs feeding interrupt 1 stuck interrupting 4626841 srclroot c D5Ps feeding interrupt 1 stuck interrupting 4943240 srclroot c DSPs feeding interrupt 1 stuck interrupting 5106600 srclroot c DSPs feeding interrupt 1 stuck interrupting 5361295 srclroot c DSPs feeding interrupt 1 stuck interrupting 5582615 srciroot c DSPs feeding interrupt 1 stuck interrupting 5594250 srclroot c DSPs feeding interrupt 1 stuck interrupting 5595055 srciroot c DSPs feeding interrupt 1 stuck interrupting 5706888 srclroot c DSPs feeding interrupt 1 stuck interrupting 5
231. gnu org software radius radius html Vovida http www vovida org protocols downloads radius RADIUS RADIUS available for purchase A few of the many commercial implementations of RADIUS are available for purchase at the links below Product Vendor URL Steel Belted RADIUS Funk Software hitp www funk com sbrframe html RadiusNT IEA Software http www emerald iea com radiusnt index html Lucent Navis RADIUS Lucent Navis http www lucentradius com VOP RADIUS Vircom http www vircom com solutions vopradius NTRadius Advanced Instruments http ntradius ai com BillNet PrimeData http billnet net NTX Access Internet Transaction Services http www itrans com RADIUS Resources RADIUS Standards Specifications hitp www ietforg rfc rfc21 38 txt Authentication April 1977 hitp www ietforg rfc rfc2139 txt Accounting April 1977 http www ietf org rfc rfc2865 txt Authentication June 2000 hitp www ietforg rfc rfc2866 txt Accounting June 2000 PPP Standard Specification http www fags org rfcs rfc1 331 html Lucent White Paper http portmasters com marketing whitepapers radius_paper html Cisco How Does RADIUS WORK http www cisco com warp public 707 32 html Microsoft RADIUS Security and Best Practices http www microsoft com technet treeview default asp url technet itsolutions network maintain security radiusec asp Configuring a RADIUS server 310 Access Server Administrators Referenc
232. gotiations failed e lcpClose 9 close initiated by LCP This is a normal shutdown of a call loginTimeOut 10 exceeded time limit to login userlerminated 11 the TCP connection was terminated from the remote side e maxNumCalls 21 exceeds the maximum number of channels that can be allocated to the same call maxLoginAttempts 32 exceeded maximum login attempts as defined under the dial out link e noDspAvailable 45 when the server tried to allocate a DSP for an outbound call but no available DSP s were available papAuthenticationFailure 49 invalid username password combination for tcp based calling e exceedsMultiLinkLimit 64 exceeds the maximum multilink calls set in the location table sessionTimeout 66 the length of the connection exceeds the session time limit allowed e noAnswer 85 the remote modem did not answer the call userBusy 86 the remote location is busy and did not answer the call e noChannelAvail 87 no channels on the T1 E1 port were available to dialout with The following are internal access server errors Please contact technical support if you see these termination rea sons on a consistent basis noPoll 12 e ipcPutMsgErr 13 e pollErr 15 e octlErr 16 e pppPutMsgErr 17 e dsploctlErr 18 timerErr 19 e pppOpenErr 22 pppLinkErr 25 tcpOpenErr 26 tcpPushErr 27 e tcpPutMsgErr 28 invalidPrim 29 nolimers 33 tcpLinkErr 34 e dspLi
233. gure 21 DAX Clock Status alarm condition Configuring the DAX 47 Chapter 7 Dial In Chapter contents O ars A UE ECRIRE EIS 54 Dial a AA tiere ISI oad ea EE RUE E ERES EE SERES ERREUR UNES ES 55 Call Sorting o ene 55 EUS og OB ll SL Pane peer e rs ON OO A gn Nye R E APE 55 Peale Active Calls clita eta 55 MA RIR H O eere dede 55 e m dicsdndes 4 9 o eec t erem et dnd e E cer Rd MM IHE 55 a Wi Celiacd dex ic ier ek TTT eed Ne RON PEERS ROPE de MIA AOE OR Oe BLOT OE 55 I DIC HRH aes IN A O 55 MA L eorom rc tec rct che Maece m tc m Meu ct do ero 55 ESTE RCA T 16 J 19 RSD PRR Oe PROD ea OO ER RN ee PAE aE TOA PEARS RO ERR ER EOD NOP SSAA SE Roe Le A OR Pa 56 ti e A EEE A rM OM IDEE DU DII DICAM IM C CL PD T e dd 56 Disconnect Reason diana O UT ENS 56 Modan dao eT E A a 56 Connect Speed diast I xSpeed ea 57 Dada ad e e de de S eE TITRE T TT TT 57 E TPE A ce obe ree al n aah ERE net Slee ATTE 57 T T L EDO COD Das Hr ET PE 57 ISPs A o eTe IAAT C ae e R A 58 Connecaon Modulation a aa 58 Transmit Connection Speed di acu K 58 Receive Connection Speed dc perdio ticestesnte eT 59 Evo C witection di3ct E DROECCOTES CIO Cerere der ce Lote ie eek oe a he ne e 59 Dip IST He TE RTE T ooa eea ee e e E A 59 Locally Initiated Renegotiates diactLocalRenegotiates aa 59 ii OT TEN 59 Remote Initiated Benesotiates diactRamoteRenegatiates secco eee eee eee EET 59 Remote Initiated Retrams diactRemoteBebtalns ec eecot oet tetra et ertet dee ener
234. hange Trap frTrapState This feature is not currently implemented DLMI Window Each Frame Relay instance with the access server is known as the Data Link Management Interface or DLMI The access server software currently supports one Frame Relay Link or DLMI on each of the T1 El WAN ports Frame Relay has a set of protocols responsible for maintaining the link This is known as the manage ment link interface or LMI DLMI 2 Help 2 Signaling ansiT1 617 D 3 E Data Link Protocol q922 4 DLCI Length two octets 2 2 Polling Interval T391 Ro 2 Full Enquiry Interval N391 le 2 Error Threshold N392 E 2 Monitored Events N393 P Max Virtual Circuits 32 Multicast Service nonBroadcast 1 LMI Interface user 0 X The following pertain only to LMI Interface Network Bidirectional Polling disable 0 amp 2 Polling Verification T392 20 Submit Query Figure 71 DLMI window DLMI Window 174 Access Server Administrators Reference Guide 14 Frame Relay Signalling frDIcmiState Inband signalling used to communicate link and PVC status between the User equipment and the Network equipment LMI is the generic term used to indicate Frame Relay signaling however the three specific types of signaling are LMI Frame Relay Forum Implementation agreement Uses DLCI 1023 for management e Annex D ANSI T1 617 Uses DLCI 0 for management Annex A ITU Q 933 Uses DLCI 0 for ma
235. he DSP reboot immediately unavailable 3 DSP has been taken out of the resource pool available 4 DSP is available for use availableFirstOnly 17 Marks the second instance of the DSP unavailable e availableSecondOnly 18 Marks the first instance of the DSP available forceDerail 19 This is for use by the engineers and technical support for testing purposes only Do not use DSP information window 151 Access Server Administrators Reference Guide 11 Digital Signal Processing DSP Instance First State dspStatefirst Identifies the current state of the first instance of the DSP e hardwareFailure 1 During power up a self test routine detected a problem with this DPS It will not be booted with code or used for calls pendingBoot 2 Software on this DSP has stopped acting properly This DSP will not be used for calls At the next convenient time the DSP will be rebooted booting 3 The DSP has just been loaded with code and we are now waiting for an indication from the DSP that the code loaded properly and is running hwReseted 4 The DSP is reset swLoaded 5 Software is downloaded to the DSP or DSP group waitForGroup 6 DSP has responded to start command DSP is now waiting for other DSPs in the group to respond unavailable 7 The instance is fully operational and could be used to take a call except that the adminis trator has indicated that this instance should not be
236. he License main window see figure 123 END USER LICENSE AGREEMENT By opening this package operating the Designated Equipment or downloading the Program s Sanm the End User agrees to the following CREE 1 Definitions A Effective Date shall mean n the earliest date of purchase or download of a product contamung the Patton Electronics Company Program s or the Program s themselves B Mic nce shall mean all ratius software documentation source tiaa object code or executable code S C End User shall mean the Bere or i wage en which has valid title to the Raed bs bi ans D Designated Equipment shall mean the hardware on which the Program s e been designed and provided to operate by 2 Title Title to the Program s all copies of the Program s all patent rights copyrights trade secrets and proprietary information in the Program s worldwide remains with Patton Electronics Company or its licensors i y 3 Term The term of this Agreement is from the Effective Date until title of ihe Designated Equipment i is transferred by End User or unless the license is terminated earlier as defined in section 6 below 4 Grant of License Figure 123 License window By opening the access server operating the Designated Equipment or downloading the Program s electroni cally the End User agrees to the conditions in the End User License Agreement below End User License Agreement By opening thi
237. he link If vj T CP header compression is not in use on the link the value of this object will be 0 The range is from 0 to 255 Local Max Slot ID ppplplocalMaxSlotld The Max Slot Id access server parameter that the local node has announced and that is in use on the link If vj CP header compression is not in use on the link the value of this object will be 0 The range is from 0 to 255 Data This portion of the User Statistics window describes the amount of PPP data sent and received by this user Octets Sent pppActSentOctets The number of octets bytes sent during this call Octets Received pppActReceivedOctets The number of octets bytes received during this call Packets Sent pppActSentDataFrames The number of packets sent to the user during this call Version 6 nomenclature for a packet is Ipv6 header plus payload Packets Received pppActReceivedDataFrames The number of packets received by the user during this call Version 6 nomenclature for a packet is Ipv6 header plus payload WAN Circuit CONFIGURATION window 288 Access Server Administrators Reference Guide 23 Sync PPP Modify Link Configuration Window Clicking on the Modify link in the PPP link window will allow configuration of the individual link settings PPP Ppp ID 2 State lepNegouse SwbmiQue HDLC Statistics on Link Link 0 Status UP TRANSMIT Bits Sec 32 RECIEVE Bits Sec 0 No Butters Available 0 Data Overflow 0 M
238. he remote node per the PPP specification Changes to this object take effect when the link is restarted For more information see Section 7 6 Magic Number of RFC1331 Frame Check Sequence Size diConfigFcsSize The size in bits of the frame check sequence FCS that the local node will generate when sending packets to the remote node This setting becomes active when the link is in the up able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 Compression dilpConfig Compression Determines whether the local node will attempt to negotiate IP compression The following options are available e none 1 The local node will not attempt to negotiate IP compression e vj tcp 2 The local node will attempt to negotiate compression mode indicated by the enumerated value Changes to this object take effect when the link is restarted For more information see Section 4 0 Van Jacobson TCP IP Header Compression of RFC1332 MultiLink diConfigMultilink MultiLink enables a user to connect using multiple channels This enables dial up users whose equipment sup ports MultiLink PPP or multi channel ISDN to use multiple channels to get higher data transfer rates Dial In Modify default window 71 Access Server Administrators Reference Guide 7 Dial In Set the MultiLink Max of Calls per User parameter to the maximum number of channels a user can take for a single co
239. hich enables users to configure monitor and test major and minor alarms The alarm system can be set to notify if equipment fails for example a power supply failure or if a T1 E1 PRI port malfunctions There are 11 access server items that can be configured by the user to generate alerts based on the condition of the access server The access server has three methods to notify of an alarm condition Front panel LED The front panel ALARM LED has three states that indicate the presence and severity of an alarm The states are Off No alarm present Solid Minor alarm Flashing Major alarm Administration web page indication The alarms window of the administration page uses highlighting to indicate which items are in alarm state and how critical the alarm is according to the alarm severity set see figure 9 Red Indicates that the alarm has been designated as a critical alarm by the system administrator Gold Indicates that the alarm has been designated as a major alarm by the system administrator Yellow lindicates that the alarm has been designated as a minor alarm by the system administrator Blue Indicates that the alarm has informational value only as designated by the system administrator None There is no alarm present or the system administrator has chosen for the alarm to be ignored Alarm Time Since Alarm Generate Alarm Clear Alarm Severity Alarm Count a ERU LL BoxFallback pe
240. hold down the left or right mouse but ton as instructed in the procedure as you move the mouse to a new location When you have moved the mouse pointer to the desired location you can release the mouse button Chapter 1 Introduction Chapter contents A ette e estet ete e ete pa tete ceti in tetris 13 Logging nte the bil TCU MIL Ad mumistration Pages R E OE E EU EDI 13 HTIPVATML and SNMP Object Pott ettet esee eee ee ees 13 Saving EET TPT NAL Object liam aa 14 12 Access Server Administrators Reference Guide 1 Introduction Introduction You may configure the access server by using its internal HTTP HTML Administration Pages However to enter into the HTTP HTML pages you must first define the LAN Address Technique LAN IP Address and LAN Subnet Mask for the access server If you have not done so refer to the Model 29xx Series RAS User Man ual available online at www patton com manuals 29xx pdf Logging into the HTTP HTML Administration Pages To log into the HTTP HTML Administration pages you must enter the 4 octet Internet Protocol IP for example http your server ip address address as the Universal Resource Locator URL into a World Wide Web WWW browser After you enter the IP address the access server will ask for your user name and password as shown in figure 1 Realm Administration Y Remember Password ox Figure 1 Access server login window Your access server will accept the foll
241. hoose the new setting then click on Submit Query Modify Alarms Configuring alarm severity levels 29 Chapter 5 Authentication Chapter contents A as IEEE 32 Displaying aii 32 A eoe eum Ke re erc c cp Uo P pt Una Ae cte cr eed 32 Validated authentications auAuthenticationsValidTotal eese aoaeeoo oaaao aa 32 Validated v a primary server lawAuthenticatons Valderas 32 Validated via secondary server an Authentications ValidSecondaty 2 ertet meten 32 Validated via static database auwAuthentications ValidStatic morsio ires ieres eter trece cette tette 33 Denied authentications auwSurhendacationsDienied ies 33 Paman setvergetites a re lu mM Mee aret 33 Secondary server Tete aun econdary Set T eere eA eU EET EN E TRES EIS ETIN 33 Accounting server Tethles AAC T ooreen ennari a iA EE EEA 33 Primary server timeouts A macia 33 Secondary server timeouts auSecondaryServer Timeouts vecrccennesrnomeernner samenit enine 33 Accounting server timeouts ay Accounting Server TImeouts ni eee 33 Nair Repanse Ime daa 33 Last Response TMe coraios mBeo a Ein 33 The Congar ON SeCHO a 34 Valdano 34 Host Adra eS 35 Secondary Host Address H East uds oc erre eere erre emere Ter ENS 35 jole TEE 9 occ e M ree Et 35 Ere RTT oriri er eol secet eer eb DEUM EIU AM OT cede 35 Ml o ETT TUTTO ies ack Oe E ae un Ee SA oe ase ta atta ted sons E AE aL etre 35 aia n ede HR 35 Na aao Di 35 A Address ies 35 Secondary Accounting Address T nen
242. ication Type noAuthentication 1 Authentication Key 0x00 00 00 00 00 00 00 00 0 Send Receive Metric V Submit Status anan s Figure 91 RIP Version 2 Statistics Configuration window Address rip2IfConfAddress The IP address of the interface on the access server Domain rip2If ConfDomain Value inserted into the Routing Domain field of all RIP packets sent on this interface Authentication Type rip2IfConfAuthType The type of Authentication used on this interface noAuthentication 1 simplePassword 2 Authentication Key rip2IfConfAuthKey The value to be used as the Authentication Key whenever the corresponding instance of rip2IfConfAuth Type has a value other than authentication A modification of the corresponding instance of rip2IfConfAuthType does not modify the rip2IfConfAuthKey value If a string shorter than 16 octets is supplied it will be left jus tified and padded to 16 octets on the right with nulls 0x00 Reading this object always results in an OCTET STRING of length zero authentication may not be bypassed by reading the MIB object Send rip2IfConfSend The types of RIP packets the router sends on this interface e doNotSend 1 e ripVersionl 2 Send RIP updates compliant with RFC 1058 ripl Compatible 3 Broadcast RIP 2 updates using RFC 1058 route subsumption rules ripVersion2 4 Send multicasting RIP 2 updates RIP Version 2 Configuration 222 Acce
243. ick on the Submit Query button Setting up a DNIS user profile Set up a DNIS user profile see figure 33 on page 81 to be applied based on DNIS or WAN port as follows 1 Enter an ID number to identify the specific DNIS profile 2 Enter the ID for the IP address pool if you wish to apply a specific set of IP addresses to these users Use 0 if you wish the users to use the default IP address pool or a static IP address from RADIUS 3 Set the authentication type Enable data over voice bearer services if desired This allows either 64k or 56k ISDN calls If you wish to redirect the users to a remote host or service on a remote host then enter the remote host s IP address and port the application is listening at For example telnet listens on port 23 6 Click on the Submit Query button Setting up a DNIS group Set up a DNIS group see figure 31 on page 77 as follows 1 Enter an ID number to identify the specific DNIS profile Configuring DNIS 323 Access Server Administrators Reference Guide C Technical Reference 2 Ifyou wish to apply the parameters specified in steps 1 and 2 based on WAN port then enter the appropri ate WAN port Enter 0 if you want to apply the parameters based on number dialed only 3 Enter the number dialed this is not optional Multiple phone numbers can be entered separated by semi colons Note The number dialed in the phone number received by the RAS from the switch Check the Telco lin
244. icmplInRedirects 1cemp O utRedirects ii e aeneae ter etd petite Re no ned 197 Echos iemplnEchos iempOutEchS ini EE e bir e ede tene 197 Echo Replys Dermen eps cmpOutkReps sustancia prete reo tette di 198 Time Stamps iempln Timestamps jicmpln Vimiestamps 5 ettet trt trot secostescestocsussons 198 Time Stamp Replys icmpInTimestampsReps icmpOutTimestampsReps eee 198 Address Mask Requests icmpInAddrMasks icmpOutAddrMasks eee 198 Address Mask Replys icmpInAddrMasksReps icmpOutAddrMasksReps eee 198 Addressing Information iria 198 IP addressing Information Details cia iii 198 Entry Interface Index pAdEndfndex taa A 199 Entry Subnet Mask GpAdEntNetMask dis rerba os 199 Entry Broadcast Address pAdEntBeastAddt etti eee teta tendente tede teg 199 Entry Reassembly Maximum Size iphdEntReasmMaxSize vrsiti 199 Routine Iniot idt oli asta tacto lisis aaa tias 199 at A debere ie CC GET EEUU REEL ERE RD RR ERE HERE ERROR 200 Mask Ad AVETE n 200 Gateway Route Gateway ieina e a lios 201 e E UTE ET TORO EE EE EE E A EA E E E E E 201 Intertace ipRouteliIndex A a is 201 Access Server Administrators Reference Guide 16 e IP SE ROTE A E E 201 Add ato a 201 Adding the default gateway cad ani PPP IEEE IRR UP S 201 Adding a poinet point TOE cscri N E dei e pr a P HE p Petr aded ades 202 Adding a static
245. ied in RFC 1213 System Manager sysContact This SNMP variable represents the textual identification of the contact person for this managed node together with information on how to contact this person as defined by specification RFC 1213 Box Name sysName This is an administratively assigned name for this managed node By convention this is the node s fully quali fied domain name as defined in RFC 1213 System main window 235 Access Server Administrators Reference Guide 20 System Physical Location sysLocation The physical location of this node e g telephone closet 3rd floor as defined in REC 1213 System Services sysServices A value which indicates the set of services that this entity primarily offers as defined in RFC 1213 Web Settings boxBackgroundFlag The following options are available e disableGraphics 0 When this option is selected graphics on WWW pages will not be displayed This results in faster page display times e enableGraphics 1 When this option is selected graphics on WWW pages are displayed e disableWeb 2 When this option is selected access to the WWW pages is denied for everyone Monitor Privilege boxMonitorPrivilege Specifies the privileges given to the monitor user Privileges can be removed or additional write access can be given beyond read only access The following options are available none 0 The monitor user can not log in read only 2 This is
246. ifier attribute or the NAS IP Address If you define this parameter your RAS will insert the value into the NAS Identifier attribute field in Authentication Request packets sent to the RADIUS server If you leave the field blank your RAS will insert its IP address as the value in the NAS IP Address attribute field in Authentication Request packets sent to the RADIUS server Note Your RAS is now configured for RADIUS Authentication but not yet con figured for RADIUS Accounting Using SNMP with the Access Server SNMP is used to configure and monitor the access server There are numerous third party software applica tions available that are capable of using SNMP to control the access server To interact with the access server these network management applications need Acommunity string which determines their level of access to the access server An object identifier which identifies the specific parameter the application wants to view or modify SNMP has two levels of access e Read only for which the community string is the user password Read write for which the community string is the superuser password Object identifiers OIDs comprise a series of integers separated by dots that identify a specific parameter for example 1 3 6 1 4 1 1768 5 25 The series of integers are built by traversing down a tree structure see figure 128 on page 315 As a decision is made at each branch of the tree structure a new integer id
247. ify window 114 Access Server Administrators Reference Guide 8 Dial Out hard disk space on your server It is recommended that you only enable this feature when performing specific troubleshooting Modify Modem Configuration This portion of the Dial Out Modify window see figure 44 on page 113 describes modifying the outgoing modem configuration ISDN doModemISDNEnable Enables ISDN modulation Not currently implemented V90 diModemV90Enable Enables or disables V90 modem modulation K5 flex diModemK5 Enable Enables or disables K56flex modem modulation V3A diModemV3 Enable Enables or disables V34 modem modulation V32 diModemV32Enable Allows V 32 and V 32bix modulations up to 14 4 kbps The following options are available e disable 0 neither option is enabled enable 1 support V 32 and V 32bis modulations V23 diModemV23Enable Enables or disables V23 modem modulation V22 doModemV22Enable Allow V 22 or Bell 212 modulations The following options are available e disable 0 Neither option is enabled e enableV22 1 V 22 modulation is enabled e enableBell212 2 Bell 212 modulation is enabled V21 doModemV2 1 Enable Allow V 21 or Bell 103 modulations The following options are available e disable 0 Neither option is enabled enableV21 1 V 21 modulation is enabled e enableBell103 2 Bell 103 modulation is enabled Maximum Speed doModemMaxSpeed This setting determines th
248. igning a filter to a static user will keep default dial in filters from being applied Modify Static User 43 Chapter DAX Chapter contents Rae a a Sa oe OOOO 45 E a the AX co rete EP eee ge EIER EE UE EET 45 Circuit Type daxClockModel eet ee ia 45 What IeferencedaxtlocksM aime o 46 Fallback Reference dial 46 AAN oe OIE 47 44 Access Server Administrators Reference Guide 6 DAX Introduction The digital cross connect DAX link allows configuration of the access servers digital cross connect that man ages the time slots and clocking between the WAN ports The access server uses a single clock source for all WAN ports Therefore to avoid data loss caused by variations in network timing each access server should terminate WAN connections from a single timing provider WAN connections from multiple timing providers can be terminated in the access server if all the providers source their timing from the same stratum clock or if the access server provides the network clock Click on DAX under the Configuration Menu to display the DAX main window see figure 20 Digital Cross Connect DAX Configuration Circuit 1 Type Main Reference Fallback Reference Clock Status No Alarm Figure 20 DAX main window Configuring the DAX There are three variables to select when configuring the DAX circuit Circuit Type Defines the overall clocking scheme for the entire access server refer to Circuit
249. iled Connect Posty 8 dspWotally aede angst te 148 Remote Retrans dsp Total RemoteRetrains ettet teet teet EE 148 Remote Remeeotiaces dsp LorlRerniot ecos ee 148 Local Retrans dsp Torallocal Reale ccoo A A A 148 Local Renegotiates a plo ooon aen ee E E A E E E EAE S 148 Suspect A Transitions into suspect state dspTotalWentSuspect eere 148 Suspect B Recoveries from suspect state dspTotalSavedFromSuspect ee 148 Reboot A Reboots due to consecutive fails dspTotalRebootDueToFails eee 148 Reboot B Reboots due to error detection dspTotalRebootDueToError eee 148 DP ed dde ER 149 DSPindes E iaa 149 Cornnecte Good dspSuccesstulConnecte as 149 Connecte No Modem depEaledGannectPseV8 cree eU See UPS 149 Cannects Failed Neg dspFailedConnect P ose V8 al EUER 149 Remote Retram dsp Remote om ceto netu t ve ene EH OI 149 Remote Renez kep Remo Rng oiT sci nccnwcnt viernes et t aes DI T cp ed 150 Local Retain dapl ocalB etes eR EU UE TENURE PIA TTE Aere 150 142 Access Server Administrators Reference Guide 11 Digital Signal Processing DSP Local Reneg dspLocalRenegotiates cia iii 150 suspect A dsp I otalWentSuspec l eee tend ie RIO old 150 Suspect B dspTotalSavedFrombSuspect cii eie teer eret epa 150 Rebocte A dspTotalRebootDueToFalls 1 ertet n e i tette tests 150 Reboot B dspTotalRebootDueToEtrot coincidir pil 150 DSP in
250. indow TCP main window The TCP main window contains the Details link that displays port details for remote and local TCP connec tions see TCP Details on page 193 and TCP statistics TCP 191 Access Server Administrators Reference Guide 16 IP RetransmitTimeout Algorithm tcpRtoAlgorithm The algorithm that determines the timeout value used for retransmitting unacknowledged octets RetransmitTimeout Minimum tcpRtoMin The minimum value permitted by a TCP implementation for the retransmission timeout measured in milli seconds More refined semantics for objects of this type depend upon the algorithm used to determine the retransmission timeout In particular when the timeout algorithm is rsre 3 an object of this type has the semantics of the LBOUND quantity described in RFC 793 Retransmit Timeout Maximum tcpRtoMax The maximum value permitted by a TCP implementation for the retransmission timeout measured in milli seconds More refined semantics for objects of this type depend upon the algorithm used to determine the retransmission timeout In particular when the timeout algorithm is rsre 3 an object of this type has the semantics of the UBOUND quantity described in RFC 793 Maximum Connections tcpMaxConn The limit on the total number of TCP connections the entity can support In entities where the maximum number of connections is dynamic this object should contain the value 1 Active Opens tcpActiveOpens
251. indow see figure 31 shows the current configurations for dial in users based on WAN link and called number Manage DNIS Settings DNIS Profiles DNIS Ip Pools ID WAN Link Dialed Number DNIS profile Status ye 1165 1 Boe 5551200 5551300 2 30 5551100 1 4 0 555 0 Add DNIS group i WAN Link Dialed Number DNIS profile Submit Query Figure 31 Manage DNIS window This feature makes use of DNIS Dialed Number Identification Service a feature that can be implemented on your T1 E1 DNIS is a telephone service that identifies for the receiver or a call the number that the caller dialed DNIS works by passing the touch tone digits dual tone multi frequency or MF digits to the destina tion for use by the terminating device The RAS uses its ability to capture DNIS information to provide the customer with the ability to set up dial in parameters for their dial in clients based on the phone number dialed and the physical WAN port they have dialed into or just the number dialed The DNIS management feature allows you to configure the authentica tion method and the IP address pool The Manage DNIS Window contains the following items Information about DNIS configurations set up to view or modify individual DNIS configurations select an ID in the ID column For more information about modifying a DNIS configuration refer to DNIS Entry Window on page 79 Manage DNIS Window 77 Access Server Administrators Referen
252. information described in the following section Country installCountry Specifies the country that the access server is installed in so it can be configured in accordance with local laws The following options are available other 0 unitedStates 1 australia 2 e canada 3 e europeanUnion 4 france 5 germany 6 Other This portion of the System Modify window contains information described in the following sections System Manager sysContact This SNMP variable represents the textual identification of the contact person for this managed node together with information on how to contact this person as defined by specification RFC 1213 Box Name sysName This is an administratively assigned name for this managed node By convention this is the node s fully quali fied domain name as defined in RFC 1213 Physical Location sysLocation The physical location of this node e g telephone closet 3rd floor as defined in RFC 1213 System Services sysServices A value which indicates the set of services that this entity primarily offers as defined in RFC 1213 Web Settings boxBackgroundFlag The following options are available e disableGraphics 0 When this option is selected graphics on WWW pages will not be displayed This results in faster page display times e enableGraphics 1 When this option is selected graphics on WWW pages are displayed System Modify window 238 Access Server Adm
253. ing MM R ccccc pam Reboot AA MAC Address Figure 15 8 Character String RADIUS Session ID format The 8 character session ID is formatted as follows see figure 15 e MM The last two digits of the MAC address e R The number of times the RAS has rebooted since the last code upload This rolls over to 0 after 10 reboots The Configuration section 36 Access Server Administrators Reference Guide 5 e Authentication e CCCCC Call ID in hex The call ID used is the one recorded on the main dial in screen MMMM RR S CCCCC TT Call ID Spare Reboot MAC Address Figure 16 12 Character String RADIUS Session ID format The 12 character session ID is formatted as follows see figure 16 MMMM The last four digits of the MAC address RR The number of times the RAS has rebooted since the last code upload This rolls over to 0 after 100 reboots e S Not used e CCCCC Call ID in hex The call ID used is the one recorded on the main dial in screen Radius Session ID auRadiusRunningld The RADIUS session ID shows the identifier created anew each time power is cycled on and off The ID is prepended onto the call ID to create the session ID that is sent to the RADIUS server Setting Up Authentication After selecting Modify from the main Authentication screen you may set up or change authentication parame ters for both RADIUS users and Static users After configuring the Validation method see Validation
254. inistrators Reference Guide 20 System disableWeb 2 When this option is selected access to the WWW pages is denied for everyone Monitor Privilege boxMonitorPrivilege Specifies the privileges given to the monitor user Privileges can be removed or additional write access can be given beyond read only access The following options are available none 0 The monitor user can not log in read only 2 This is the default setting The monitor user can view but not change any parameters Mon itor can not view passwords writeUser 18 The monitor user can change all parameters except passwords under authentication drop and insert and dial in links writeUserlp 50 The monitor user can change all parameters except passwords under authentication drop and insert dial in and IP links e writeUserlpWan 114 The monitor user can change all parameters except passwords under authenti cation drop and insert dial in IP T1 E1 and Frame Relay links writeUserlpWanSystem 242 The monitor user can change all parameters except passwords under authentication drop and insert dial in IP T1 E1 Frame Relay System and System Log links writeUserlpWanSystemUpload 498 The monitor user can change all parameters except passwords under authentication drop and insert dial in IP T1 E1 Frame Relay System and System Log links The monitor user can also load firmware updates into the
255. ink is not yet connected to your access server e needIPaddr 4 This is when the IP address needs to be entered for this DLCI e wait peer 5 In this state the Link is waiting for the far end to synchronize Committed Burst bits frCircuitCommitedBurst This specifies the committed data rate for the link in bits per second Excess Burst bits frCircuitExcessBurst This specifies the excess data rate for the link in bits per second Throughput bits frCircuitThroughput This specifies the throughput for the link in bits per second IP Address FramelPAddr As all of the interfaces on the access server run in un numbered mode the IP address to enter is that of the far end router This is not the IP address of the access server After the IP address is entered it will appear as a point to point link in the IP routing table with this address Congestion frameEnableCongestion This option enables or disables congestion tracking enable 0 Enables Congestion tracking e disable 1 Disables Congestion tracking DLCI window 177 Chapter 15 Interfaces Chapter contents Tp ars AE UE OS E EU 179 A A O 179 IS A A e Er D MU E E e brc 1523 pV 5 Gu Us NR SE ce OCC eer eo Re ae ener erent Pr 180 ESEL TET a 180 S MO ns 180 Toscrlace Detalle ernn ee CREE eant emet etu 181 ecco MIHI M Tec PE rp a TT E 181 X a o ee AR ad es Do He ae cas 181 WAE cad lst RN TIU NS a E TCR 182 KT T T aa A PR T E 182 Physical Address
256. ion Reason userHangup 5 PPP Statistics Bad Address 0 Figure 50 Dial out user statistics window Call Identification This portion of the dial out user statistics window shows user information for a unique user ID Call ID doactlndex Unique identification of this call for internal use Username doactUsername The callers username for Tcp based calls or the location name for location based calls Password doactPassword The callers password for Tcp based calls or blank for location based calls Shared Unique ID doactMultilndex Used for multilink PPP this is the unique identification shared between multi link calls Dial Out User Statistics Window 8 Dial Out 124 Access Server Administrators Reference Guide 8 Dial Out Dsp Link doactDSPlndex The physical DSP chip that the outbound call is on This is a number from 1 to 64 Wan Link doactLinkIndex The T1 E1 port number that the call is on Time Slot doactSlotindex Shows which T1 E1 channel the call is on This is a number between 1 and 30 IP Address doactlP Used for location based calls This is the currently assigned IP address of the remote location Session This section of the dial out user statistics window shows session information for a unique call ID Start time of call doactSessionStartTime The amount of time the server has been up since the start of this call Time Call Is Was active doactSessionTime The amount of time
257. ions apply only when using an external authentication Server The Configuration section 34 Access Server Administrators Reference Guide 5 e Authentication Host Address auHostAddress Tells the access server the IP address of the primary external authentication server This must be the IP address as the access server will not resolve a Fully Qualified Domain Name Secondary Host Address auSecondaryHostAddress When using a remote authentication server RADIUS this variable provides an alternative server IP address Host Port auHostPort This variable tells the access server which UDP port to use when connecting to the host specified in the Host Address variable The RADIUS standard as per REC 2138 specifies port 1812 for RADIUS authentication Some older installations of RADIUS use port 1645 Timeout auTimeout This option specifies the time in seconds before the access server will retransmit an authentication request to an external authentication server Retries auRetries This option specifies the number of times the access server will resend an authentication request to a RADIUS server after a TIMEOUT occurs If this number is exceeded then the secondary host will be tried If this num ber is exceeded by the secondary host the user will be rejected Secret auSecret The Secret variable sets the shared secret between the authentication client access server and the authentica tion server RADIUS It is used t
258. is 64 Dell Dels 65 Dial In Modify defaule added 66 Modify T deba RD II e de RT ERR 67 IPAddress Pool dil PON utet Snnt EE eu t eb ated te ees 67 Login Technique diLugin Technique acid dit 67 Username Prompt diUsermamie rompt reciente re tee tr cule che eee Che e eee cere eee ken Ee 68 Password Prompt dil aeswordPronpt lc tias 68 nta Banner diBdnneEk 22 2 veter ettet A o de ibid 68 Mod ASU VICE ava erede peterent ee etti etit euet ridad citant acute ade EUH edad dias 68 Default Service diServics 2 eee O PEERS EE FREE LEEEE HR 68 Default IP Service diSersicelD L2 ui tede etse tee eerte cepe ette iaa eee adi 69 Default Seryice Port diServicel OD iuda rides ai pee ie i Sevens end 69 Force Next Hop diForceNext Hop cecilia ree ade than tide tbe oie Che e Rp e Ege eR UNE EN 69 Medir Doman Name SERV EL c sese cc eater eere nnper a enter te ge nora eeques crue tee inrer ESeP E eR EARS 69 Primary Domain Name Server diPrimary DNS ciere tege one e e teer rte t DEG 69 Secondary Domain Name Server diSecondary DNS erradicar teiete iret et eerte ette toute trae e be dc 69 Primary WINS diPrimary WINS iii india 69 Secondary WINS diSecondaky WINS eio ere e o a pe ti 69 NIGOIY AGER de oet e ted dd TO CUR Od ees ira ec pedet rie 70 Failure Banner diFailure Banner al 70 Success Banner diSuccessBanfet airada lalalala 70 Login Attempts Allowed diAllowAttemipts 2 entere retener ettet teet ett
259. is column as well To initiate a call the status is set to dial 2 and submitted To remove a location from the table the status is set to destroy 7 and submitted To stop a dial on demand call or continuous call from dialing set the status to stop 6 Locations Modem Profiles ID Name Phone Number Type Modem Profile status 1 isdn1 22203 dial on demand 2 2 active 3 2 isdn2 22203 dial on demand 2 2 active 3 3 analog 22203 dial on demand 2 1 active 3 4 analog2 22203 dial on demand 2 1 active 3 E Submit Query Figure 45 Location Table status locationstatus This shows the current status of the location as well as accepts input from the administrator e idle 1 the location is currently idle administrator has to set this to dial in order for a call to be initiated e dial 2 user selectable set by the administrator to initiate a call e active 3 Uwhen a location is currently in use waitingRedial 4 for continuous calling when a location has been disconnected the location waits in this state for 30 seconds before dialing waitingDemand 5 for dial on demand calling the location waits in this state until data is preset in which case it will initiate a call stop 6 user selectable set by the administrator to stop continuous or dial on demand calling cycle When this is set no more calls will be placed to this location Current calls to this location will not be
260. is downloaded to the DSP or DSP group waitForGroup 6 DSP has responded to start command DSP is now waiting for other DSPs in the group to respond unavailable 7 The instance is fully operational and could be used to take a call except that the adminis trator has indicated that this instance should not be used reserved 8 The instance is fully operational and could be used to take a call But another DSP in the same boot group as this one is pendingBoot Therefore we are not to use this until the reboot occurs This state only appears where the PCB version is 1 or less for information on displaying the version refer to sec tion PCB Revision boxManufacturePcbRevision on page 233 suspect 9 The instance is operational and could be used to take a call But we have seen a number of consecutive failures so it will not be used until no other available instances can be found A successful call will place this instance back into the available state available 10 The instance is fully operational and can be used to take a call Instance 1 Use dspUsefirst Identifies whether the first instance of the DSP is in use or free Instance 42 State dspStateSecond Identifies the current state of the second instance of the DSP See Instance 1 State dspStatefirst for param eter values Instance 42 Use dspUseSecond Identifies whether the second instance of the DSP is in use or free 45 availabe
261. is not available will use no data compression e requireV42 2 V 42 data compression is mandatory otherwise disconnect Compression doModemCompression Assigns the data compression protocol to use with the modem This setting is in effect only when V 42bis error correction see Protocol doModemProtocol is active Direct 0 No compression will be used e requestV42bis 1 Enable V 42bis compression If this is selected the modem will either negotiate for V 42bis data compression or if V 42bis compression is not available will use no data compression e requireV42bis 2 V 42bis data compression is mandatory otherwise disconnect e V44 3 allows V 44 and V 42bis data compression Dial Out Modify window 116 Access Server Administrators Reference Guide 8 Dial Out Restrict Modification doModemRestrictMods Enabling this feature restricts the dialout user from modifying the modem settings Normally the dialout user has the ability to alter modem operation through the use of AT commands e disable 0 The user can alter modem operation through the use of AT commands e enable 1 The user is prevented from modifying the modem settings Dial Out Locations Window The first part of the locations window shows each location in the table There is a status column showing the current status of each location Calls are initiated from this column The continuous and Dial On Demand call cycles are stopped from th
262. is not configured in the RADIUS server then the RAS box will use the Box Name as the hostname This is configured on the RAS device under System gt Modify gt Box Name RadTunnelServerID RADIUS Attribute 91 example gt gt Tunnel Server Auth ID cisco Ins The LNS will supply a hostname to the LAC during tunnel establishment e Ifthis variable is defined in the RADIUS server then the RAS box will verify the name supplied by the LNS against this value fthis variable is not in the configuration on the RADIUS server then the RAS will accept any name sup plied by the LNS Configuration Example The following information defines a Cisco configuration which was used during the testing of this feature Cisco Configuration The following example shows the steps used to configure out local cisco for use as a L2TP LNS Notes are defined in brackets such as note Cisco Config LNS Router config Zvpdn enable Router config Zvpdn group 1 Router config vpdn Router config vpdn accept dialin Router config vpdn acc in Router config vpdn acc in protocol 12tp Router config vpdn acc in virtual template 99 Router config vpdn acc in exit Router config vpdn terminate from hostname patton ras The value used here will need to match the Tunnel Client Auth ID defined in the RADIUS server or the RAS s Box Name Router config vpdn Router config vpdn local name cisco _lns This is the name that the cisco LNS wi
263. isplay function call tracing on the computer monitor Maintenance This portion of the System Log Modify window contains information described in the following section Maintain Flash Storage syslogFlashClear Setting this variable to syslogFlashClear will cause the erasing of any system messages which have been saved in the Flash On reading this variable it will indicate if the syslog Flash is rejecting messages because it is full syslogFlashOK 0 Flash is accepting messages e syslogFlashFull 1 Flash is rejecting messages because it is full To empty the Flash PROM click on the Set Factory Default Configuration button refer to section Immediate Actions on page 18 then click on Record Current Configuration syslogFlashClear 2 Erase system messages stored in Flash System Log Modify 246 Access Server Administrators Reference Guide System Log Volatile Memory 21 System Log The System Log Volatile Memory window see figure 100 displays timestamp and stored system log mes sage information Time slTick SYSTEM LOG Volatile Memory Time Message 53177148 listenerlliststat c WAN 1 loss of signal 53177248 listenerlliststat c WAN 1 loss of signal 53177348 listenerlliststat c WAN 1 loss of signal 53177448 histenerlliststat c WAN 1 loss of signal 53177548 listenerlliststat c WAN 1 loss of sienal 53177648 listenerliststat c WAN 1 loss of signal 53177748 listenerlliststat c WAN 1 loss of si
264. it button Username jef Password or Max Multilink 0 Service IP 192 168 1551 Service Pert D Service Mask 255255255255 Filter ID n Figure 19 Static User settings window Service IP suServicelP This is the IP of the RLogin or Telnet host or the static IP address assigned to the user This is determined by the option selected in Service see Service suService on page 41 Service Port suServicePort This is the port number to connect to the service host If the number is 0 the access server will use the default values for Telnet port number 23 and RLogin port number 513 Note After you have submitted all changes click on the HOME link in the Config uration Menu Once there click on the Record Current Configuration but ton located under Immediate Actions to save the changes to FLASH memory on the access server All changes made to the running configuration must be saved to FLASH memory Failure to do so will cause all configuration information to be lost the next time the access server is re booted Service Mask suServiceMask This parameter defines the IP mask of the user Filter ID suFilterld This is the ID of the filter assigned to the static user A filter controls packets that can be sent or received by the dial in user to which it is applied Only one filter can be assigned to a user defined in the static user authentica tion database Note Explicitly ass
265. k on the Dial in main window to verify the phone numbers sent by the switch Configuring a leased line dedicated line connection The remote access server can connect to a remote modem for dedicated modem access Configuring the RAS 1 Configure the Line Interface Settings as usual for the T1 E1 2 Configure the Signalling Settings using none 1 for Signal Mode No other settings are necessary Signalling Settings Signal Mode 55 none 1 Robbed Bit Signalling Protocol linkLoopStart 2 Message Oriented Switch Type ni1 0 NEAS Interface ID 0 NEFAS Primary WAN 1 Figure 134 Signalling Settings window 3 Configure Channel Assignment for the T1 E1 setting each timeslot for which you want a dedicated con nection to leasedLine 4 WAN Circuit CHANNEL ASSIGNMENT Set all channels to Off Dialin Frame Relay Leased Line Drop and Insert Blocked Submit Query Channel Desired Function Current State leasedLine 4 Z off 0 leasedLine 4 leasedLine Active 6 lessedLine 4 off 0 leasedLine 4 y o0 hw N e Figure 135 WAN Circuit Channel Assignment window 4 Set Maximum V8 failures under Dialin gt Modify Defaults in the Modem Configuration section This will configure the number of times the modem on the remote access server will attempt to dial out before stop Configuring a leased line dedicated line connection 324 ping and beginning a new call It is recommended to leave this value
266. kes you to the page where you can change the configuration of your ethernet interface For more information about modifying Ethernet settings refer to Ethernet Modify Window on page 157 ETHERNET A Statistics Modify State linkIndication1 00Duplex 6 PrimarylpAddress 10 10 200 155 PrimarylpMask 255 255 0 0 PrimarylpFilters SecondarylpAddress 0 0 0 0 SecondarylpMask 0 0 0 0 SecondarylpFilters Technique static 1 Config auto 0 Figure 64 Ethernet Main Window Ethernet Main Window The Ethernet main window shows the current configuration of the ethernet interface The following sections describe each parameter State boxEtherAState Indicates the state of the ethernet interface The following states are valid notInstalled 0 Ethernet interface is not installed in the hardware e noLlinkIndication 1 The link is in the down state e adminOff 2 The link is administratively down e linkIndication10M 3 The link is up and running at 10M half duplex e linkIndicationl0Duplex 4 The link is up and running at 10M full duplex e linkIndication100M 5 The link is up and running at 100M half duplex linkIndication100Duplex 6 The link is up and running at 100M full duplex Introduction 155 Access Server Administrators Reference Guide 12 Ethernet Note Note that the speed settings indicated above could indicate that the device reached this speed duplex as a result of an auto negotiat
267. king on the Default Details or Modify default links on the PPP main window brings up the default settings window These are the default settings each PPP link will take when first initialized Settings for indi vidual links can be changed this is described in a later section PPP Default packet settings Authentication Technique ne El Authentication Side cce x Authentication Username Authentication Password AE MRU fi 500 Link Compression disabled 2 Allow Magic Number Negotiation disabled Compression none 1 Submit Query Figure 118 Default settings window WAN Circuit CONFIGURATION window 280 Access Server Administrators Reference Guide 23 Sync PPP Authentication Technique pppDefaultAuthenticationTechnique Technique to be used for authenticating e none 0 no authentication will be used e pap 3 password authentication protocol will be used e chap 4 challenge handshake authentication protocol will be used e chapORpap 5 chap will be negotiated first if that fails pap will be attempted Authentication Side pppDefaultAuthenticationSide This is the side of the link which will be authenticating e local 1 local server will be authenticating Remote needs to log into local server remote 2 remote server will be authentication Local needs to log into remote server Authentication Username pppDefaultAuthenticationUsername This is the username that
268. l papQ chap 3 e MSChap 4 not currently implemented e tacacs 5 not currently implemented e edp 6 e ShivaPap 7 not currently implemented ACC Map pppStatlocalToPeerACCMap The current value of the ACC Map used for sending packets from the local server to the remote unit The local unit sends this character map to the remote unit to ensure that the data being transferred is interpreted cor rectly This setting becomes active when the link is in the up able to pass packets operational State Peer Local ACC Map pppStatPeerTolocalACCMap The current value of the ACC Map used by the remote unit when transmitting packets to the local unit The remote unit sends this character map to the local unit to ensure that the data being transferred is interpreted correctly The local unit combines its ACC Map with the map received from the remote unit This setting becomes active when the link is in the up able to pass packets operational state Local Remote PPP Protocol Comprsn pppStatLocalToRemoteProtComp Indicates whether the local PPP entity will use protocol compression when transmitting packets to the remote PPP entity This setting becomes active when the link is in the up able to pass packets operational state These are the available options e disabled 0 PPP compression is disabled e enabled 1 PPP compression is enabled Remote Local PPP Protocol Comprsn pppStatRemoteToLocalProtComp Indicates wheth
269. l duplex media and is a symmetric peer to peer protocol which consists of the following major components Astandard method to encapsulate datagrams over serial links Alink control protocol LCP to establish configure and test the data link connection A family of network control protocols NCPs to establish and configure different network layer protocols In addition to offering PPP for the dial up links the remote access server also provides PPP connections on the WAN side via El or T1 uplinks WAN Circuit CONFIGURATION window In order to configure PPP on a T1 E1 WAN link go to the WAN Configuration page for the WAN circuit you wish to configure The Signal Mode on this configuration page must be set to none 1 for Sync PPP WAN Circuit CONFIGURATION Modify Time Elapsed 416 Valid Intervals 1 Line Interface Settings Line Type dsx1E1 4 Line Coding dsx1HDB3 3 Receive Equahzer hnkRxEquabzer Oft 1 Receiver Sensitivity linkSensimityLevell l Receiver Quality notApplicable 30 Line Build Out elpulse 1 Yellow Alarm Formar link YellowF ormatDL 2 Fadl dsx1Fdl none 8 Signalling Settings Signal Mode none 1 Robbed Bit Signalling Protocol linkLoopStart 2 Message Onented Switch Type ctr4 3 NFAS Interface ID 0 NFAS Primary WAN 1 Figure 115 WAN Circuit Configuration for PPP Line Status Channel Assignment To set channels for PPP within a WAN link go to the WAN Circuit Config
270. l be dis played The system will go directly to PPP processing The dial up user must be configured on his computer for CHAP authentication Note Ifthe user trying to connect to the DMA is not configured for CHAP he will be disconnected e chapORpap 5 This setting assumes that all calls will be PPP users No username or password prompt will be displayed The system will go directly to PPP processing The dial up user must be configured for PAP or CHAP authentication The DMA will always request CHAP authentication first Therefore if a user can negotiate either CHAP or PAP CHAP authentication will be performed textORchapORpap 6 This setting enables clear text logins or PPP calls using PAP or CHAP authentication e MschapVI This setting assumes that all calls will be PPP users No username or password prompt will be displayed The system will go directly to PPP processing The dial up user must be configured on his com puter for MS CHAP V1 authentication MschapV2 This setting assumes that all calls will be PPP users No username or password prompt will be displayed The system will go directly to PPP processing The dial up user must be configured on his com puter for MS CHAP V2 authentication e MschapVIORV2 This setting assumes that all calls will be PPP users No username or password prompt will be displayed The system will go directly to PPP processing The dial up user must be configured on his computer for MS CHAP V1
271. l increment when the access server is pinged ICMP 197 Access Server Administrators Reference Guide 16 IP Echo Replys icmplnReps icmpOutReps The number of ICMP echo reply messages received sent An echo reply is a response to an echo request Send echos icmpOutEchos will increment when the access server is pinged Time Stamps icmplnTimestamps icmplnTimestamps The number of ICMP time stamp messages received sent Time stamp and time stamp replies were originally designed into the ICMP facility to allow network clock synchronization Subsequently a new protocol Net work time protocol NTP has taken over this function Normally this number will be zero Time Stamp Replys icmplnTimestampsReps icmpOutTimestampsReps The number of ICMP timestamp reply messages received sent This message is part of a time stamp see Time Stamps icmpInTimestamps icmpIn Timestamps request Normally this number will be zero Address Mask Requests icmplnAddrMasks icmpOvtAddrMasks The number of ICMP address mask request messages received sent this message is generally used for diskless workstations which use this request at boot time to obtain their subnet mask This number will increase if there are hosts on the network which broadcast these requests Address Mask Replys icmplnAddrMasksReps icmpOutAddrMasksReps The number of ICMP address mask reply messages received sent Normally this number will be zero Addressing Info
272. l is split between link A and link B and a call has been routed to a link over and above the number of DSPs allocated to that link Dial In User Statistics window 91 Access Server Administrators Reference Guide 7 Dial In papAuthenticationFailure 49 Invalid username password combination papInvalidPacket 50 Non printable characters in username or password received from remote end dur ing authentication authenServerTimeout 51 Authentication request timed out The RADIUS server did not send a response to the authentication request before the timer expired authenAccountingTimeout 52 Accounting request timed out The RADIUS server did not send a response to the accounting request before the timer expired unknownProtocol 53 The user initiates a PPP connection but the RADIUS replies to the remote access server that the user is not allowed to connect using PPP mfr2 Dis WaitCalled 54 Call disconnected while we were waiting for the next expected called number digit The number of called number digits expected is more than the digits actually being sent or the Last response code is configured incorrectly so the remote access server and switch can not continue on with the interregister signalling m r2DisAckCalled 55 Call disconnected while we were in the process of sending back the ack tone for a called number digit or while we were waiting for the termination of the far end tone in response to our ack mfr2 DisAckLas
273. lementation The Interface ID must match what the central office has designated The PRI with the D channel must be configure with an ID of 0 Typically the other PRIs have interface IDs which are numbered sequentially but the IDs can be any number up to 31 Example 2 The RAS hosts 1 NFAS group containing 3 PRIs Signal setting for each WAN port Turned off nfsSlave 7 2 Switch Type nfsSlave 7 Interface ID 1 Primary WAN Configuring Non Facility Associated Signaling NFAS 316 Access Server Administrators Reference Guide C Technical Reference Configuring Frame Relay Frame Relay is a high speed datalink communications technology that is used in hundreds of networks throughout the world to connect LAN SNA Internet and voice applications Within the network Frame Relay uses a simple form of packet switching that provides high throughput and reliability For more informa tion refer to the Frame Relay MIB 1315 Management Base for Frame Relay DTEs The access server offers IP in Frame Relay or RFC 1490 Multi protocol encapsulation Because the access server has a built on router the access server can route IP traffic to multiple locations over multiple virtual channels Using a T1 or El WAN link the access server can function as a network to network interface NNI switch or as a user to network interface UNI Most applications will be as an UNI A Frame Relay network consists of
274. les clicking on the DNIS Profiles link takes you to the page where you can view and change the DNIS profiles Refer to DNIS Profiles on page 80 ID dnislpPoolld An identification number that uniquely identifies the DNIS IP Pool IP Address Pool dnislpPool The IP Address pool that an IP address will be selected from for a dial in user Status dnislpPoolStatus Indicates if the IP pool is used in any DNIS Profile e active 1 This IP pool is used in one or more DNIS Profiles e notUsed 2 This IP pool is not used in any configurations Add a DNIS Profile Use this portion of the window to add a DNIS Profile 1 Entera unique ID in the ID field Manage DNIS Window 86 Access Server Administrators Reference Guide 7 Dial In 2 Enter a valid IP Address range A valid IP address range is of the format xxx xxx xxx aaa bbb where aaa is less than bbb Note Entering an ID that is already configured will change the configuration DNIS IP Pool Entry Window Clicking on ID in the DNIS IP Pool Window will take you to this window see figure 36 In this window you can change the IP Address Pool DNIS Ip Pools 2 IP Address Pool fi0 10 10 25 30 Pool Format XXX XXX XXX GGG XXX XXX Xxx bbb where aad lt bbb Status active l Y Submit Query 5 Figure 36 DNIS IP Pools Entry window IP Address Pool dnislpPool The IP Address pool that an IP address will be selected from for a dial in user Status dnislpPoolStatus
275. ll calls will be PPP users No username or password prompt will be displayed The system will go directly to PPP processing The dial up user must be configured for PAP or CHAP authentication The access server will always request CHAP authentication first Therefore if a user can negotiate either CHAP or PAP CHAP authentication will be performed Dial In Modify default window 67 Access Server Administrators Reference Guide 7 Dial In textORchapORpap 6 This setting enables clear text logins or PPP calls using PAP or CHAP authentication e MschapV1 This setting assumes that all calls will be PPP users No username or password prompt will be displayed The system will go directly to PPP processing The dial up user must be configured on his com puter for MS CHAP V1 authentication e MschapV2 This setting assumes that all calls will be PPP users No username or password prompt will be displayed The system will go directly to PPP processing The dial up user must be configured on his com puter for MS CHAP V2 authentication e MschapVIORV2 This setting assumes that all calls will be PPP users No username or password prompt will be displayed The system will go directly to PPP processing The dial up user must be configured on his computer for MS CHAP V1 OR V2 authentication Username Prompt diUsernamePrompt This is what will be displayed when the user first connects after the Initial Banner is displayed The string can be up to
276. ll ones for all frames of two consecutive multiframes see G 732 Section 4 2 6 This condition is never declared for T1 Loss Of MultiFrame Failure The Loss Of MultiFrame failure is declared when two consecutive multiframe alignment signals bits 4 through 7 of TS16 of frame 0 have been received with an error The Loss Of Multiframe failure is cleared when the first cor rect multiframe alignment signal is received The Loss Of Multiframe failure can only be declared for El links operating with G 732 18 framing sometimes called Channel Associated Signalling mode Far End Loss Of Multiframe Failure The Far End Loss Of Multiframe failure is declared when bit 2 of TS16 of frame 0 is received set to one on two consecutive occasions The Far End Loss Of Multiframe failure is cleared when bit 2 of TS16 of frame 0 is received set to zero The Far End Loss Of Multiframe failure can only be declared for El links operating in Channel Associated Signalling mode Alarms Present 255 Access Server Administrators Reference Guide 22 T1 E1 Link ISDN Signaling Alarms linkSignalStatus Note ISDN Signaling Alarms will only appear if the T1 E1 is configured as a PRI ISDN SIGNALLING ALARMS Class Resource Class Syntax Class State Class Unknown Q3 Close Anchor ACTIVE Q3 Invalid Parameter Q3 Setup Anchor Q3 No stream Resource Q3 Ie miss Figure 104 ISDN Signalling Alarms e Class Resource for future use e Class Syntax f
277. ll supply to the LAC as its hostname If you would like the RAS to validate this name then the same value should be used in the RADIUS Tunnel Server Auth ID Router config vpdn exit Router config interface Virtual Template 99 Router config if Router config if ip unnumbered FastEthernet 0 0 Router config if no ip directed broadcast Router config if peer default ip address pool default You must also define the default pool with the IP Address range that you would like to supply to the dialin users L2TP Configuration 293 Access Server Administrators Reference Guide 24 Layer 2 Tunneling Protocol L2TP Router config if ppp authentication chap Router config if exit Router config vpdn group 1 Router config vpdn 12tp tunnel authentication This will enable the use of tunnel authentication Router config vpdn 12tp tunnel password tpass This will define the password for the tunnel authentication this needs to match the value set in Tunnel Password If Tunnel Password is not define in the RADIUS server then the RAS will use tpass Router config username cisco lns password upass cisco Router config username patton ras password upass patton You will need to define the username and password for the dialin users This can be defined in the local database or through any other means supported by cisco dialin RADIUS TACAS etc Router config L2TP Configuration 294 Chapter 25 Contacting Patton
278. lled From 3015552973 Data Octets Sent 44817 Octets Received 108439 Packets Sent 462 Packets Received 1135 Bad Packets 0 Physical Layer Connection Modulation v34 4 Transmit Connection Speed 31200 Receive Connection Speed 31200 Error Correction Protocol v42 2 Data Compression Protocol v42bis 2 Modulation Symbol Rate 3429 Locally Initiated Renegotiates 2 Locally Initiated Retrains 0 Remote Initiated Renegotiates 2 Remote Initiated Retrains 1 Figure 40 User Statistics Phone Data Physical Layer Dial In User Statistics window 99 Access Server Administrators Reference Guide 7 Dial In Number Called diactNumberDialed The phone number that was used to dial into the access server Number Called From diactCallingPhone The user s phone number this is a caller ID feature Data This portion of the Dial In User Statistics window see figure 40 on page 99 describes the amount of PPP data sent and received by this user Octets Sent diactSentOctets The number of octets bytes sent during this call Octets Received diActReceivedOctets The number of octets bytes received during this call Packets Sent diactSentDataFrames The number of packets sent to the user during this call Version 6 nomenclature for a packet is Ipv6 header plus payload Packets Received diactReceivedDataFrames The number of packets received by the user during this call Version 6 nomenclature for a packet is Ipv6 h
279. logUnixFacility This setting is used when syslog messages are sent to a Unix type syslog daemon In this case the message will include the facility and priority coding Syslog messages from the access server can be directed to an individual log file by selecting local0 local7 Syslog messages will be directed to a file called oca 0 if localO is selected Note The Syslog Daemon must be configured to direct incoming Syslog messages to different files If it is not configured correctly the Syslog messages will be dropped The messages will mot be recorded in the primary Syslog file e disable 0 e user l mail 2 e daemon 3 auth 4 syslog 5 Ipr 6 news 7 uucp 8 cron 9 System Log Modify 245 Access Server Administrators Reference Guide 21 System Log e authpriv 10 e ftp 11 e local0 16 locall 17 local2 18 local3 19 local4 20 local5 21 local6 22 local7 23 Call Trace syslogCallTrace Enabling this will activate the call tracing utility This is a powerful debugging utility which will log every sin gle function call and return At the death of a box the call trace will be printed out and can be sent to tech sup port This utility will take a large amount of CPU power therefore do not turn this feature on unless instructed to do so by technical support e disable 0 Disable function call tracing e enable 1 Enable function call tracing e dump 2 D
280. lready displayed in the Static User Identification table you will overwrite a current entry in user database Username suUsername This is a unique name to be provided at login time Note There is a 19 character limit on the username length Password suPassword This is the password that is provided at login time along with the username Service suService This option instructs the access server on how to service the incoming call Select from e default T his is the default service as specified under Dial In see 7 Dial In on page 48 We recommend that you select default Static User Authentication 41 Access Server Administrators Reference Guide 5 e Authentication admin Not currently implemented e monitor Not currently implemented e rlogin Causes the access server to rlogin into another host See Service IP suServicelP on page 43 for information on configuring the remote host IP addresss e telnet Causes the access server to telnet into another host e tcpraw All 8 bits are passed unchecked and unaltered e ppp Access server will try to negotiate a PPP session e cppp Access server will try to negotiate a Compressed PPP session Note Ifa user attempts to login in using a different service than the one he or she has been provided the access server will reject the user The exception to this is CPPP which will revert to PPP if CPPP is not available on the client e slip Access
281. m Re sec E Generate Alarm Clear Alarm Clock Fail Figure 9 Sample alarm indication Introduction 24 Access Server Administrators Reference Guide 4 Alarms SYSLOG SNMP For external notification the access server can be configured to send a SYSLOG mes sage oran SNMP TRAP to an external management host To configure the alarm response for either SNMP Traps or SYSLOG messages click on the Alarm Response link go to Modify Response Configuring the alarm response system on page 27 Displaying the Alarms window Click on Alarms under the Configuration Menu to display the Alarm System main window figure 10 Note The system administrator can manually generate a specific alarm for testin y yg p purposes or clear the alarm counters from the main window Alarm System Total System Alarms 4 Modify Response Modify Alarms Alarm Response Outputs Alarm Syslog Priority ptioritynfo 20 Alarm SNMP Trap IP 1 192 169 165 254 Alarm SNMP Trap IP 2 192 169 165 254 Alarm SNMP Trap IP 3 192 169 165 254 Alarm SNMP Trap IP 4 192 169 165 254 Temperature Threshold 0 celsius Current Box Temperature 40 celsius Clear All Alarms __ClearAlerms Alarms ID Alarm Name Alarm Time Since Alarm Generate Alarm Clear Alarm Seventy Alarm Goupt ie saree eee tate 1 Box Over critical 4 0 00 sec Temperature 3 BoxPower Supply major 5 0 00 sec BES Generate Alarm
282. mages Because some states do not allow the exclusion or limitation of liability for consequen tial or incidental damages the above limitation may not apply to you If the Program s are acquired by or on behalf of a unit or agency of the United States Government the Gov ernment agrees that such Program s are commercial computer software or computer software documenta tion and that absent a written agreement to the contrary the Government s rights with respect to such Program s are limited by the terms of this Agreement pursuant to Federal Acquisition Regulations 12 212 a and or DEARS 227 7202 1 a and or sub paragraphs a through d of the Commercial Computer Soft ware Restricted Rights clause at 48 C F R 52 227 19 of the Federal Acquisition Regulations as applicable 6 Termination A The End User may terminate this agreement by returning the Designated Equipment and destroying all copies of the licensed Program s B Patton Electronics Company may terminate this Agreement should End User violate any of the provisions of 4 Grant of License above C Upon termination for A or B above or the end of the Term End User is required to destroy all copies of the licensed Program s End User License Agreement 299 Appendix A Supported RADIUS Attributes Chapter contents Access Accept Attributes Access Request Attributes Access Challenge Attributes Accounting Start Attributes Accounting Stop Attributes 300
283. me The caller s username State diactState Indicates current progress of the selected call 1524 1500 1524 1500 1524 1500 1524 1500 1524 1500 1524 1500 1524 1500 1524 gt 1500 1524 1200 1524 1500 1524 1500 1524 1500 1524 1500 1524 1500 1524 1500 1524 1500 1524 1500 1524 1500 1524 1500 pap 2 vjTCP 2 vjTCP 2 0 0 0 0 pap 2 none 1 none 1 0 0 0 0 pap 2 none 1 none 1 0 0 0 0 pap 2 vjTCP 2 vjTCP 2 0 0 0 0 pap 2 vjTCP 2 vjTCP 2 0 0 0 0 pap 2 vjTCP 2 vjTCP 2 0 0 0 0 pap 2 vjTCP 2 vjTCP 2 0 0 0 0 pap 2 vjTCP 2 vjTCP 2 0 0 0 0 pap 2 vjTCP 2 vjTCP 2 0 0 0 0 pap 2 viTCP 2 vjTCP 2 0 0 0 0 pap 2 vjTCP 2 vjTCP 2 0 0 0 0 pap 2 vjTCP 2 vjTCP 2 0 0 0 0 pap 2 vjTCP 2 vjTCP 2 0 0 0 0 pap 2 vjTCP 2 vjTCP 2 0 0 0 0 pap 2 vjTCP 2 vjTCP 2 0 0 0 0 pap 2 vjTCP 2 vjTCP 2 0 0 0 0 pap 2 vjTCP 2 vjTCP 2 0 0 0 0 pap 2 vjTCP 2 vjTCP 2 0 0 0 0 pap 2 vjTCP 2 vjTCP 2 0 0 0 0 Dial Protocol window Closet Box Port LocMRU RemMRU Authen LocVJ RemVJ NextHop Ringing The call has been recognized by the access server and is in the process of going off hook Connecting The access server has assigned a DSP to the incoming call and is now in the process of nego tiating the type of modulation V 34 V 32 ISDN or 56K e LepNegotiate The link is negotiating LCP parameters Authenticating T he access server is in the process of verifying the user s
284. mote peer modem to ensure that the data being transferred is interpreted correctly The remote peer modem combines its ACC Map with the map received from the local modem This setting becomes active when the link is in the up able to pass packets opera tional state for more information refer to Operational Status dilpOperStatus on page 98 Local Remote PPP Protocol Comprsn diStatlocalToRemoteProtComp Indicates whether the local PPP entity will use protocol compression when transmitting packets to the remote PPP entity This setting becomes active when the link is in the up able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 These are the available options e disabled 0 PPP compression is disabled e enabled 1 PPP compression is enabled Dial In User Statistics window 96 Access Server Administrators Reference Guide 7 Dial In Remote Local PPP Protocol Comprsn diStatRemoteToLocalProtComp Indicates whether the remote PPP entity will use protocol compression when transmitting packets to the local PPP entity This setting becomes active when the link is in the 1p able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 These are the available options e disabled 0 PPP compression is disabled e enabled 1 PPP compression is enabled Local Remote AC Comprsn diStatLocalToRemoteACC
285. mp P Suede ctr M Rer e rede 323 eN ee eee EE UU SIUE RS ESI Ee HET ET 323 Configuring a leased Derdedicated line aii es 324 conum A O T m SE E npr 324 Contipurine the remote end using Microsoft Windows terra EEES 325 306 Access Server Administrators Reference Guide C Technical Reference Introduction This appendix contains the following information Configuring a RADIUS server on page 307 Using SNMP with the Access Server on page 313 Configuring Non Facility Associated Signaling NFAS on page 316 Configuring Frame Relay on page 317 Configuring DNIS on page 323 Configuring a leased line dedicated line connection on page 324 Configuring a RADIUS server This section covers the basics of the RADIUS protocol It defines key terms and provides an overview of RADIUS services and procedures It gives a concise history of the relevant standards cites those which Patton supports and lists selected sources for RADIUS software both available for free and available for purchase Finally online resources for more information are provided What Is RADIUS Remote Authentication Dial In User Service RADIUS is a data communications protocol designed to pro vide security management and statistics collection in remote computing environments especially for distrib uted networks with dial in users A central database the RADIUS Server maintains network security data such as user profiles and statistics
286. n If none 1 then the local node will not attempt to negotiate any IP Compression option Otherwise the local node will attempt to negotiate compression mode indicated by the enumerated value Changing this object will have effect when the link is next restarted e none 1 do not negotiate Ip compression negotiated e vi tcp 2 van jacobson TCP IP header compression will be negotiated per RFC 1332 PPP Link Window Clicking on the IP address link on the main page will bring up the PPP Link Window This gives a status of the current link PPP Ppp ID 2 State lepNegouse _ SubmitQuery HDLC Statistics on Link Link 0 Status UP TRANSMIT Bits Sec 32 RECIEVE Bits Sec 0 No Bu amp ers Available 0 Data Overflow 0 Message Ends 0 Patkets Too Long 0 Overllow Aborts 0 Bad CECS 0 Invalid Frames 130 Tx Underruns 0 LINK Resets 57 Link Configuration Modify PPP protocol ppp 1 Authentication Technique none 0 Authenticahon Side local 1 Figure 119 PPP Link Window HDLC Statistics on Link The RAS will report statistics for the HDLC link as described in the following sections Link frDIcmilflndex The HDLC link management number Status framerelStatus The status of the HDLC link If HDLC management has been established for this link the status will be UP TRANSMIT framere TxOctets Transmit rate in bits per second WAN Circuit CONFIGURATION window 282 Access Server Administrators Refer
287. n page 91 for the complete list of reasons Modulation diactModulation The modulation of the link unknown 0 v21 1 V 21 modulation v22 2 V 22 modulation v32 3 V 32 modulation v34 4 V 34 modulation k56 5 K56 Flex modulation x2 6 X 2 modulation v90 7 V 90 modulation v110 8 V 110 modulation isdn64 9 ISDN 64 modulation isdn56 10 ISDN 56 modulation 12tp 11 12tp tunnelled multilink call phase2 20 Phase 2 an advanced state of modulation in v34 and higher answerack 21 acknowledgement phase of modulation V92 22 V 92 modulation moh 23 Modem is using V 92 s modem on hold feature Dial In main window 56 Access Server Administrators Reference Guide v23 24 V 23 modulation Connect Speed diactTxSpeed The connected speed of the link Dial Modulations window 7 Dial In This window shows statistics about the modem connection listed by unique user ID DIAL MODULATIONS ID User State DSP Mod Tx Speed Rx Speed Prot Comp Loc Ren Loc Ret Rem Ren Rem Ret pebcpa online 6 1 MEFC online 6 1 decker dead 9 2 spatel dead 9 2 ken dead 9 3 ted online 6 3 sue online 6 4 ted dead 9 4 karenp dead 9 5 10 decker online 6 5 iited dead 9 6 12 psc online 6 6 13 davidf dead 9 7 l4davidf de d 9 7 15 davidf dead 9 8 16 davidf dead 9 8 17 karenp online 6 9 18 davidf dead 9 9 19 davidf dead 9 10 20 spatel online 6 10 003 004 qQ0
288. nagement Data Link Protocol frDlcmiAddress The layer 2 link protocol for Frame Relay is LAPF otherwise referred to as Q 922 The factory default of q922 4 will be the most common DLCI Length frDlcmiAddressLen The DLCI identifies the virtual connection on the bearer channel for the Frame Relay Interface The factory setting of two octets 2 represents 10 bit addressing Your access server can support a maximum of 32 separate PVCs or virtual channels per Frame Relay link Polling Interval T391 frDlcmiPollingInterval Each side of the Frame Relay interface the Network side and the User side communicate status T391 is the number of seconds between subsequent Status Enquiry messages An Error Count is logged if no response from the previous Status Enquiry message was received during the 1391 interval The default value is 10 Full Enquiry Interval N391 frDIcmiFullEnquirylInterval Status Enquiry messages are of two different varieties 1 Link Integrity Verification which simply exchange sequence numbers between peers and 2 Full Status messages which is a request from the peer for the list of all active inactive PVCs The default is 6 Error Threshold N392 frDIcmiErrorThreshold N392 is the number of errors 1392 and T391 timeouts and sequence number errors before action is taken Action consists of changing all the PVCs from active to inactive N392 must be less than or equal to N393 The default value is 3 Monitored Eve
289. nd HTTP User Password boxSnmpMonitorPassword This displays the user monitoring password for SNMP and HTTP Web Page Refresh Rate boxWebRefreshRate The rate at which the main dial in web page automatically refreshes The refresh rate can be set from 5 seconds to 5 minutes The default is to never refresh Manvfacturer This portion of the System main window contains information described in the following sections see figure 94 on page 232 Serial Number boxManufactureDatecode The datecode of manufacture and serial number PCB Revision boxManvfacturePcbRevision The revision of the printed circuit board The revision displayed will be a number whereas the revision printed on the ciruit board will be a letter A display of 0 zero indicates that the circuit board is revision A A display of 1 corresponds to a revision B circuit board and so on General Information boxManvfactureGenerallnfo A manufacturing notes area for additional information Message Blocks This portion of the System main window contains information described in the following sections see figure 94 on page 232 Packet Holding Message Blocks Buffer usage of access server message blocks based upon message block sizes Total boxMsgBlksConfigured The total number of message blocks on the system Free boxMsgBlksFree The number of free message blocks available Total Time Waited boxCountMsgBlkTaskWait The number of times a CPU task h
290. ned in RFC 1406 Definitions of Managed Objects for the DS1 and El Interface Types Far End Alarm Failure Far End Alarm failure is also known as a Yellow Alarm in the T1 case or Distant Alarm in the El case For D4 links the Far End Alarm failure occurs when bit 6 of all channels has been zero for at least 335 ms The alarm is cleared when bit 6 of at least one channel is non zero for a period 7 where T is usually less than 1 sec ond and always less than 5 seconds The Far End Alarm failure is not declared for D4 links when a Loss of Sig nal is detected For ESF links the Far End Alarm failure is declared if the Yellow Alarm signal pattern occurs in at least 7 out of 10 contiguous 16 bit pattern intervals The alarm is cleared when the Yellow Alarm signal pattern has not occurred for 10 contiguous 16 bit signal pattern intervals Alarms Present 254 Access Server Administrators Reference Guide 22 e T1 E1 Link For El links the Far End Alarm failure is declared when bit 3 of time slot zero is received set to 1 on two con secutive occasions The Far End Alarm failure is cleared when bit 3 of time slot zero is received set to zero Alarm Indication Signal AIS Failure The Alarm Indication Signal failure is declared when an AIS defect is detected at the input and the AIS defect still exists after the Loss Of Frame failure which is caused by the unframed nature of the all ones signal is declared The AIS failure is cleared when the Los
291. ng violations encountered by a DS1 interface in the current 15 minute interval Line Errored Seconds dsx1CurrentLESs The number of line errored seconds encountered by a DS1 interface in the current 15 minute interval Bursty ErroredSeconds dsx 1CurrentBESs The number of bursty errored seconds BESs encountered by a DS1 interface in the current 15 minute interval Degraded Minutes dsx1CurrentDMs The number of degraded minutes DMs encountered by a DS1 interface in the current 15 minute interval Line Code Violations dsx1CurrentLCVs The number of line code violations LCVs encountered by a DS1 interface in the current 15 minute interval Near End Line Statistics Current 266 Access Server Administrators Reference Guide 22 e T1 E1 Link Near End Line Statistics History Click on Near End Line Statistics History to display line statistics for previous 15 minute intervals 96 previ ous intervals will be shown unless the remote access server has been reinitialized in the last 24 hours See figure 110 CIRCUITID1 E HISTORY OF NEAR END PERFORMANCE Severely 2 Severely Errored Controlled Path Line Bursty Line Errored Errored Frame Unavailable Slip Code Errored Errored Degraded Code Interval Seconds Seconds Seconds Seconds Seconds Violations Seconds Seconds Minutes Violations 1 0 0 900 900 22 0 0 0 0 0 2 0 0 900 900 22 0 0 0 0 0 3 0 0 900 900 22 0 0 0 0 0 4 0 0 900 900 23 0 0 0 0 0 5 0 0 900 900
292. nge the T1 E1 pulse shapes WAN Circuit CONFIGURATION Line Interface Settings Circuit Identifier WAN Circuit Line Tope Line Coding Receive Equalizer Line Bud Out Yellow Alarm Format linkYellowFormatDL 2 FDL iiaeaa 2 Signalling Settings Signal Mode robbedBit 2 Robbed Bit Signalling Protocol linkEMwinkstart 6 Message Oriented Switch Type NFAS Interface ID 0 NFAS Primary WAN 1 Test Settings Force Yellow Alam Loopback Configuration Send Code Enoc etn Figure 106 WAN Circuit Configuration Modify window Note Use the DAX menu to view clock source for the Model 29XX series access servers Line Interface Settings This portion of the WAN Circuit Configuration window contains information described in the following sections Circuit ID dsx 1Circuitldentifier This variable contains the transmission vendor s circuit identifier for the purpose of facilitating troubleshooting WAN Circuit Configuration Modify 259 Access Server Administrators Reference Guide 22 e T1 E1 Link Line Type dsx 1 LineType This variable indicates the type of DS1 Line implemented on this circuit The type of circuit affects the num ber of bits per second that the circuit can reasonably carry as well as the interpretation of the usage and error statistics The values in sequence are other 1 Link is disabled e dsx1ESF 2 Extended Superframe DS1 e dsx1D4 3 AT amp T D4 format DS1 e dsx
293. nitiated a modem speed renegotiate Remote Initiated Retrains diactRemoteRetrains The number of times the remote modem has initiated a modem carrier retrain Dial Modulations window 59 Access Server Administrators Reference Guide Dial Telco window 7 Dial In This window shows the telco characteristics for individual users DIAL TELCO ID User State pebcpa online 6 45333 MEFC online 6 48000 decker dead 9 28800 spatel dead 9 24000 ken dead 9 28800 ted online 6 26400 sue online 6 26400 ted dead 9 26400 karenp dead 9 26400 10 decker online 6 28800 QOO Ul E WM f 11 ted dead 9 26400 12 psc online 6 33600 13 davidf dead 9 64000 14davidf de d 9 64000 15 davidf dead 9 64000 16 davidf dead 9 64000 17 karenp online 6 26400 18 davidf dead 9 64000 19 davidf dead 9 64000 20 spatel online 6 50666 21 mikhail online 6 48000 Call ID diactindex Unique identification of this active call for internal use Username diactUsername The caller s username State diactState Indicates current progress of the selected call K a HH HR nn RB mn pH A nm HB n Hn KA C QU C Ul 0 C Ul CO Ul K K i C x Q9 Ul K QN L Tx Speed WAN Slot Active 01 33 50 hours still ctive 0 01 32 53 hours stillActive 0 00 35 25 hours userHangup 5 online 6 00 09 05 hours lcpClose 9 00 19 28 hours lcpClose 9 01 17 02 hours stillActive 0 01 15 57 hours stillActive O 00 23 48 hours lcpClose
294. nkErr 35 Dial Out User Statistics Window 126 Access Server Administrators Reference Guide 8 Dial Out e dspPutMsgErr 36 lisIpcErr 38 e dspOpenErr 39 invalidCode 40 e dspCommErr 42 unknownBearerContent 43 PPP Statistics This portion of the dial out user statistics window shows PPP statistics of the current user selected PPP Statistics Bad Address 0 Bad Controls 0 Packets Too Long 0 Bad Frame Check Sequences 0 LCP Statistics Local Remote MRU 1524 1524 Multilink MRRU 0 1600 LCP Authentication pap 2 ACC Map 0x00 00 00 00 0x00 00 00 00 PPP Protocol Comprsn enabled 1 enabled 1 AC Comprsn enabled 1 enabled 1 Frame Check Seq Size 2 2 Figure 51 PPP user statistics Bad Address doStatBadAddresses The number of packets received with an invalid address field Bad Controls doStatBadControls The number of packets received with an incorrect control field Packets too long doStatPacketToolongs The number of packets received that were discarded because their length exceeded the MRU Bad Frame Check Sequences doStatBadFCSs The number of packets received with bad frame check sequences LCP Statistics This portion of the Dial Out User Statistics window see figure 51 shows LCP statistics of the current user selected Dial Out User Statistics Window 127 Access Server Administrators Reference Guide 8 Dial Out Local MRU doStatLocalMRU The current val
295. nnected Connects No Modem dspFailedConnectPreV8 The number of calls that failed before modulation V8 was completed Connects Failed Neg dspFailedConnectPostV8 The number of calls that failed to connect after V8 modulation was completed Remote Retrain dspRemoteRetrains The number of times the remote modem has asked for a retrain to be done DSP Connection Performance 149 Access Server Administrators Reference Guide 11 Digital Signal Processing DSP Remote Reneg dspRemoteRenegotiates The number of times the remote modem has asked for a renegotiation to be done Local Retrain dspLocalRetrains The number of times the local DSP has requested a retrain to be done Local Reneg dsplocalRenegotiates The number of times the local DSP has requested a renegotiation to be done Suspect A dspTotalWentSuspect The number of times an instance on this DSP went into the suspect state An instance will go into the suspect state when it fails to complete several calls to succession Suspect B dspTotalSavedFromSuspect An instance in the suspect state will recover from the suspect state as soon as it successfully takes an incoming call Reboot A dspTotalRebootDueToFails The number of times a DSP has been rebooted because it was in the suspect state and then took additional calls which also did not connect successfully Reboot B dspTotalRebootDueToError The number of times a DSP has been rebooted b
296. nnection Setting the parameter to O disables the MultiLink option MultiBox diConfigMMP MultiBox enables a user to have multiple connections even if the subsequent call for an additional channel is on a different access server from the originating channel bundlehead MultiBox is useful when a single num ber called by a user accesses multiple T1 E1s and subsequently different access servers Setting the MultiBox Query timeout parameter to enable 1 activates the MultiBox option Setting the parameter to disable 0 disables the MultiBox option If MultiBox is disabled then acquiring an additional channel will fail if the bundlehead is not on the same access server Modify Maximum Time This portion of the Dial In Modify window see figure 28 on page 70 describes modifying the time out values for the session idle time time to login and the MIB data linger time Maximum Session Time min diSessionTimeout This is the maximum time in minutes that a connection is allowed to be maintained After this time the con nection will be terminated even if there is active traffic on the connection This is a default setting and it can be overridden by the authentication settings of a specific user Setting the parameter to 0 means the connection will never be terminated Note The maximum value is 357 910 minutes Maximum Idle Time min dildleTimeout This is the maximum time in minutes that a connection is allowed to be idle with no traf
297. nnel for a dialed in user based on a staticly configured username This is done by configuring the service for VPN and defining the IP Address of the LNS as the Service IP It is important to note that when configuring the device using static authentication neither the hostname veri fication or password protection is enabled on the link Introduction 291 Access Server Administrators Reference Guide 24 Layer 2 Tunneling Protocol L2TP RADIUS Authentication AUTHENTICATION Configuration Validation radiusUsers 2 Host Address 192 163 200 103 Secondary Host Address 0 0 0 0 Host Port 1812 Timeout 2 Retries 3 Secret secret NAS Identifier Accounting Address 192 168 200 103 Secondary Accounting Address 0 0 0 0 Accounting Port 1813 Accounting Enable disableAccounbng 0 RADIUS Packet Format fullRicPacket 0 RADIUS Session ID Size eign 8 Submit Query To edit specific static users go back and click on the username Figure 121 L2TP RADIUS Authentication When RADIUS Authentication is used the following RADIUS attributes are used to configure the L2TP Tunnel The following information defines the RADIUS attributes which are supported and example usage from a RADIUS file as well as a description of their operation RadTunnelType RADIUS Attribute 64 example Tunnel Type 3 The Tunnel Type defines the type of tunnel used for this call A value of 3 indicates L2TP as defined in RFC 28668
298. nts N393 frDIcmiMonitoredEvents Expected and unexpected events are counted up till the Event Count reaches N393 whereupon the Event Count is cleared and the Error Threshold Count is cleared Events consist of timer 1391 and T392 expira tions and received Status Enquiry messages N393 must be greater or equal to N392 The default value is 4 MultiCast Service frDlcmiMulticast TBD Max Virtual Circuits frDicmiMaxSupported VCs The maximum number of PVCs determines the amount of internal resources are allocated for the Frame Relay system The default value is 32 DLMI Window 175 Access Server Administrators Reference Guide 14 Frame Relay LMI Interface frDIcmilnterface LMI is used in the generic sense as an in band signaling system The signaling is slightly different depending on which end of the Frame Relay Interface it is or in other words its orientation The User end issues periodic STATUS ENQUIRY messages and waits fora STATUS reply from the Network The USER setting is correct if the access server is a DCE connecting to a Frame Relay network It is possible to configure an access server to look like a Frame Relay Network By setting the LMI Interface to NETWORK you can connect another Frame Device directly to the access server This is also the setting if you were to connect two access servers back to back without the benefit of an established Frame Relay network Bidirectional Polling frDlc rDlcmiPollingBiDir
299. o encrypt an authentication request and to decrypt an incoming reply from the server The secret on the access server and the RADIUS server must match and must be 15 or fewer print able non space ASCII characters Note The same secret word must used on the access server and in the RADIUS cli ents file NAS Identifier auNASIdentifier This variable is used to identify the access server to the remote authentication server If this option is blank then the access server will use it s IP address to identify itself to the remote server It does this by using the NAS IP Address attribute instead of the NAS Identifier attribute Accounting Address auAcctAddress This is the IP address of the accounting server RADIUS also allows for the recording of accounting informa tion Secondary Accounting Address auSecondaryAcctAddress When using a remote accounting server such as RADIUS Accounting this variable provides the IP address of the accounting server The Configuration section 35 Access Server Administrators Reference Guide 5 e Authentication Accounting Port auAcctPort This is the UDP port on the accounting server specified in Acct Address that the access server should use to transfer accounting information RFC 2139 states that port 1813 is the standard RADIUS accounting port Some older implementations of RADIUS use port 1646 as the accounting port Accounting Enable auAccountingEnable This is a switch that allows the ena
300. ocol error to generate an SNMP PDU which contains the readOnly value in the error status field as such this object is provided as a means of detecting incorrect implementations of the SNMP Generated Errors snmplInGenErrs The total number of SNMP PDUS that were delivered to the SNMP protocol entity and for which the value of the error status field is genErr In 227 Access Server Administrators Reference Guide 19 lt SNMP Get Get Next Variables snmplInTotalReqVars The total number of MIB objects that have been retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP Get Request and Get Next PDUs Set Variables snmpInTotalSetVars The total number of MIB objects that have been altered successfully by the SNMP protocol entity as the result of receiving valid SNMP Set Request PDUs Get Requests snmpinGetRequests The total number of SNMP Get Request PDUS that have been accepted and processed by the SNMP protocol entity Get Next Requests snmplInGetNexts The total number of SNMP Get Next PDUs that have been accepted and processed by the SNMP protocol entity Set Requests snmpinSetRequests The total number of SNMP Set Request PDUs that have been accepted and processed by the SNMP protocol entity Get Responses snmplnGetResponses The total number of SNMP Get Response PDUs that have been accepted and processed by the SNMP proto col entity Traps snmpInTraps The total number of SNMP
301. ocols including ICMP supplied to IP in requests for transmission Note The Out Requests counter does not include any datagrams counted in ipForwDatagrams Out Discards ipOutDiscards The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination but which were discarded e g for lack of buffer space Note The Out Discards counter would include datagrams counted in ipForwDat agrams if any such packets met this discretionary discard criterion Discarded for No Routes ipOutNoRoutes The number of IP datagrams discarded because no route could be found to transmit them to their destination Note The Discarded for No Routes counter includes any packets counted in ipForwDatagrams which meet this no route criterion This includes any datagrams which a host cannot route because all of its default gateways are down Reassembly Timeout ipReasmTimeout The maximum number of seconds which received fragments are held while they are awaiting reassembly at this entity IP main window 189 Access Server Administrators Reference Guide 16 e IP of Reassembled Fragments ipReasmReqds The number of IP fragments received which needed to be reassembled at this entity Successfully Reassembled ipReasmOKs The number of IP datagrams successfully reassembled Reassembly Failures ipReasmFails The number of failures detected by the IP reassembly algorithm for what
302. odify 190 Access Server Administrators Reference Guide 16 e IP Note For some managed nodes this object may take on only a subset of the values possible Accordingly it is appropriate for an agent to return a badValue response if a management station attempts to change this object to an inap propriate value The following options are available forwarding 1 acting as a gateway e not forwarding 2 ot acting as a gateway Note Setting forwarding to not forwarding will prevent the access server from for warding packets to dial in users Default Time To Live ipDefaultTTL The default value inserted into the Time To Live TTL field in the IP header of datagrams originating from this entity whenever a TTL value is not already supplied by the transport layer protocol TCP Transmission Control Protocol TCP is the most widely used protocol among the TCP IP suite The access server provides management and statistical information on TCP Click on TCP under the Configuration Menu to display the TCP main window see figure 77 TCP Details Retransmit Timeout Algorithm vanj 4 Retransmit Timeout Minimum 1000 Retransmit Timeout Maximum 64000 Maximum Connections 1 Active Opens 0 Passive Opens S 1035 Attempt F ails 1 ESTABLISHED Resets 65 Current ESTABLISHED 7 Total Received 9561 Total Sent 11865 Total Retransmitted 207 Total Received in Error 12 Total Sent w RST Flag 0 Figure 77 TCP main w
303. old diV92ModemOnHold Modem on Hold allows a user to accept a phone call without breaking the connecting to the Internet This set ting enables or disables modem on hold Modem on Hold Timeout diV92ModemOnHoldTimeout If modem on hold is enabled sets the length of time the user can be in the modem on hold state before discon necting the call Modify Modem Configuration This portion of the Dial In Modify window see figure 30 describes modifying modem configuration access server parameters for dial in users Modem Configuration V90 13 x K56flex enable 1 E V34 enable 1 E V32 enable 1 Y N23 enable 1 Y V22 fenablev22 1 E V21 SES enab evel E Maximim V8 failures 200 Maximum Speed eao Minimum Speed 300 Guard Tone toneNone 1 Y Carrier Loss Duration sec fi 4 Billing Delay sec IE Answer Tone Length msec 3600 Retrain retrain 1 E TS Leve f B Protocol requestv42 1 Y Compression E frequestv42bis 1 y Submit Query Figure 30 Dial In Modify window modify Modem Configuration objects Dial In Modify default window 74 Access Server Administrators Reference Guide 7 Dial In V90 diModemV90Enable Enables or disables V90 modem modulation K5 flex diModemK5 Enable Enables or disables K56flex modem modulation V3A diModemV3 Enable Enables or disables V34 modem modulation V32 diModemV32Enable Allows V 32 and V 32bix modulations up to 14 4 kbps The following o
304. omp Indicates whether the local PPP entity will use address and control compression ACC when transmitting packets to the remote PPP entity This setting becomes active when the link is in the zp able to pass pack ets operational state for more information refer to Operational Status dilpOperStatus on page 98 These are the available options e disabled 0 ACC is disabled enabled 1 ACC is enabled Remote Local AC Comprsn diStatRemoteTolocalACComp Indicates whether the remote PPP entity will use address and control compression ACC when transmitting packets to the local PPP entity This setting becomes active when the link is in the wp able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 These are the available options disabled 0 ACC is disabled enabled 1 ACC is enabled Transmit Frame Check Seq Size diStatTransmitFcsSize The size of the Frame Check Sequence FCS in bits that the local node will generate when sending packets to the remote node This setting becomes active when the link is in the up able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 The values are from 0 to 128 Receive Frame Check Seq Size diStatReceiveFcsSize The size in bits of the frame check sequence FCS that the remote node will generate when sending packets to the local no
305. on when transmitting packets to the local PPP entity This setting becomes active when the link is in the up able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 These are the available options e disabled 0 PPP compression is disabled e enabled 1 PPP compression is enabled Local AC Compression doStatLocalToRemoteACComp Indicates whether the local PPP entity will use address and control compression ACC when transmitting packets to the remote PPP entity This setting becomes active when the link is in the up able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 These are the available options disabled 0 ACC is disabled enabled 1 ACC is enabled Remote AC Compression doStatRemoteToLocalACComp Indicates whether the remote PPP entity will use address and control compression ACC when transmitting packets to the local PPP entity This setting becomes active when the link is in the up able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 These are the available options e disabled 0 ACC is disabled enabled 1 ACC is enabled Local Frame Check Sequence size doStatTransmitFcsSize The size of the Frame Check Sequence FCS in bits that the local node will generate when sending packets to the r
306. oo Long 0 Overflow 2 Aborts 0 Bad CRCs 5 Invalid Frames 4 Tx Underruns 0 LINK Resets 0 Produce Status Change Trap disabled 2 Submit Query Figure 70 Frame Relay main window Note If frame relay has not already been configured under T1 E1 this win dow will only show the Produce Status Change Trap setting Introduction 172 Access Server Administrators Reference Guide 14 Frame Relay The Frame Relay main window also has the following links e Modify Clicking on the Modify link enables you to set up Frame Relay or to change any configuration parameters see DLMI Window on page xxx DLCI The Data Link Connection Identifier DLCI provides each PVC with a unique identifier at both the access server and the Frame Relay switch Within each link DLMI there can be multiple Permanent Virtual Circuits PVC Each of these PVCs are point to point links to remote locations and define the data path between the access server and the Frame Relay network Clicking on the DLCI link displays the DLCI window see DLCI window on page 176 that enables you to configure PVCs on the access server Link X frDIcmilfindex The Data Link Management Interface number Status X framerelStatus This specifies LMI Link Status If the management DLCI either DLCI 0 or 1023 is established then the sta tus will be UP If the management channel has not been established the status will indicate DOWN HDLC Stati
307. or future use Class State for future use Class Unknown for future use Q3 Close Anchor indicates that the D channel is down e Q3 Invalid Parameter invalid parameter an information element for last call according to Q 931 specifi cation Q3 Setup Anchor invalid parameter in the ISDN Setup message according to Q 931 specification Q3 No stream Resource Out of resources for last call Q3 Ie miss mandatory information element missing for last call Note Except for Q3 Close Anchor all other parameters are used for debugging purposes Note Alarm will activate for 5 seconds after the call is received for errors registered on last call SNMP MIB definition The SNMP MIB is defined as follows dsx1LineStatus OBJECT TYPE SYNTAX INTEGER 1 8191 ACCESS read only STATUS mandatory Alarms Present 256 Access Server Administrators Reference Guide 22 T1 E1 Link DESCRIPTION This variable indicates the Line Status of the interface It contains loopback failure received alarm and transmitted alarm information The dsx1LineStatus is a bit map represented as a sum therefore it can represent multiple failures alarms and a LoopbackState simultaneously dsx1 NoAlarm should be set if and only if no other flag is set If the dsx1 LoopbackState bit is set the loopback in effect can be determined from the dsx1 LoopbackConfig object The various bit positions are 1 dsx1 NoAlarm 2 dsx1 RcvF
308. or the called number Last Response Code interRegCalledNumLast The code specifying what is done after the last digit is sent for the called number Calling Number Total Digits interRegCallingNumDig The number of digits expected for the calling number First and Middle Response Code interRegCallingNumFirst The code specifying what is done after every digit is sent except the last for the calling number Last Response Code interRegCallingNumLast The code specifying what is done after the last digit is sent for the calling number Speech Condition Set up interRegGroupBAck The code sent when acknowledging the Group B digit to set up speech conditions Interregister Signalling 211 Access Server Administrators Reference Guide 17 e MER Version 2 MFR Version 2 Modify In the MFR Version 2 Modify window see figure 89 you can modify Line Signalling parameters The Line Signalling parameters are link by link digital signals that use two signalling channels in each direction per cir cuit MFR Version 2 Line Signalling Sate Idle Code R Sa Back Acknowledge abcd 1101 13 Back Answer Minimum Transition Time rms HOD Minimum Detection Time ms Bp Protocol Timeout ms oon Interregister Signalling Called Number Total Digits 6 First and Middle Response Code Last Response Code Calling Number Total Digits o First and Middle Response Code Last Response Code Speech Condition Set up
309. ored Thus a setting of 0 0 0 will have the effect of disabling source IP address comparison Modify Filter 164 Access Server Administrators Reference Guide 13 e Filter IP Destination IP Applies the action based on the results of the stated comparison to the IP address and subnet mask Comparison filterlpDestinationAddressCmp equal 0 apply the action of the filter if the destination IP equals the IP address subnet mask combination supplied notEqual 1 apply the action of the filter if the destination IP does not equal the IP address subnet mask combination supplied Address filterloDestinationlp The IP address the filter will apply to the destination IP address to make the comparison Mask filterlpDestinationMask The subnet mask the filter will apply to the destination IP address to make the comparison Note These fields are ignored unless either the IP address or Mask have been entered Bit positions that are set to 1 will be compared and 0s will be ignored Thus a setting of 0 0 0 will have the effect of disabling destination IP address comparison Source Port Applies the filter action based on the stated comparison to the source port number TCP or UDP Comparison filerloSourcePortCmp noCompare 0 no comparison to the source port in the IP packet equal 1 the source port in the IP action must be the same for the filter to be applied e lessThan 2 the source port in the IP packet must b
310. ormation window 152 Access Server Administrators Reference Guide 11 Digital Signal Processing DSP Successful Connects dspSuccessfulConnects The number of calls that successfully connected Failed Connect no far modem dspFailedConnectPreV8 The number of calls that failed before modulation V8 was completed Failed Connect bad negotiation dspFailedConnectPostV8 The number of calls that failed to after V8 modulation was completed Remote Retrains dspRemoteRetrains The number of times the remote modem has asked for a retrain to be done Remote Renegotiates dspRemoteRenegotiates The number of times the remote modem has asked for a renegotiation to be done Local Retrains dspLocalRetrains The number of times the local DSP has requested a retrain to be done Local Renegotiates dsplocalRenegotiates The number of times the local DSP has requested a renegotiation to be done Page Requests dspPageRequests This is the number of page requests the DSP has made The DSP does not have enough memory to hold all of the modulation protocols The DSP will make a page request when it needs to download a new protocol not currently in its memory Debug Statistics This portion of the DSP information window see figure 63 on page 151 shows statistics on DSP rebooting The information contained within these MIB variables are subject to change without notice Reserved A dspReservedA No assigned functionality at this
311. ote access server has given up trying further to complete the physical connec tion Dial Out Main Window 108 Access Server Administrators Reference Guide 8 Dial Out modemError 7 an internal DSP error has occurred pppClose 8 T his reason will be given after PPP is initiated and the connection is disconnected An exam ple would be if LCP negotiations failed IcpClose 9 close initiated by LCP This is a normal shutdown of a call login TimeO ut 10 exceeded time limit to login userTerminated 11 the TCP connection was terminated from the remote side maxNumCalls 21 exceeds the maximum number of channels that can be allocated to the same call maxLoginAttempts 32 exceeded maximum login attempts as defined under the dial out link noDspAvailable 45 when the server tried to allocate a DSP for an outbound call but no available DSP s were available papAuthenticationFailure 49 invalid username password combination for tcp based calling exceedsMultiLinkLimit 64 exceeds the maximum multilink calls set in the location table session Timeout 66 the length of the connection exceeds the session time limit allowed noAnswer 85 the remote modem did not answer the call userBusy 86 the remote location is busy and did not answer the call noChannelAvail 87 no channels on the T1 E1 port were available to dialout with The following are internal access server errors Please contact technical support if you s
312. otocols are LMI Frame Relay Forum Implementation agreement Uses DLCI 1023 for management Annex D ANSI T1 617 Uses DLCI 0 for management Annex A ITU Q 933 Uses DLCI 0 for management Do the following to change the signaling method 1 Click on the Signaling drop down menu and select ansiT1 617 D 3 2 Click Submit Configuring PVCs The Frame Relay link is now configured and should be available The final stage will be to configure PVCs and IP routing so traffic can be routed to the new link s Configuring Frame Relay 319 Access Server Administrators Reference Guide C Technical Reference Configuring Permanent Virtual Circuits The data link connection identifier DLCI provides each PVC with a unique identifier at both the access server and the Frame Relay switch Within each link DLMI there can be multiple permanent virtual circuits PVC Each of these PVCs are point to point links to remote locations and define the data path between the access server and the Frame Relay network Within each DLMI are one or more DLCIs This is the identification of a PVC within the Frame Relay link There will be at least one PVC automatically installed This is the management DLCI or LMI This DLCI often DLCI 0 is the communication channel between the access server and the Frame Relay network switch This management channel communicates configuration and health information of the Frame Relay link If you connection is properl
313. owing default administrative passwords superuser this password carries full permission to change and view any parameters in the access server monitor this password allows full viewing of any non password oriented variables Note For security reasons we recommend that you change these passwords imme diately after initial configuration HTTP HTML and SNMP Object Format In this document we shall describe the variables found on each of the internal HTTP HTML pages This description will include brief definitions of the Patton Enterprise MIB or SNMP MID II object identifiers wherever applicable The format of the variables will resemble figure 2 HTTP variable Patton Enterprise MIB or Product SNMP MIB Object Chip Set ID dot3StatsEtherChipSet Figure 2 HTTP HTML and SNMP object format Introduction 13 Access Server Administrators Reference Guide 1 Introduction Saving HTTP HTML Object Changes Sometimes you will need to save changes that you have made in the HTTP HTML pages Do the following to make changes to read write variables 1 mo S M Select the appropriate Modify screen Make changes to the desired parameter Click on the Submit button Return to the HOME screen Click on the Record Current Configuration button Note Make sure you follow steps 1 through 5 when modifying the HTTP HTML pages Otherwise your changes will be lost when the access server is power cycled Saving HTTP HTML
314. password by using static or RADIUS authentication Online The access server has completed authentication and the user is now able to access the Internet Dial Protocol window 62 Access Server Administrators Reference Guide 7 Dial In 12tpTunneled Subsequent multilink call that was answered by another access server and tunneled to the access server that has the originating call e Kill The administrator can manually disconnect the user by activating this parameter e Dead The user s call has been disconnected This message disappears when the linger time expires Bury The call has been killed and removed from the dial in main window Protocol diactProtocol Indicates the type of service or link being provided for this call e PPP The user has a PPP link running Slip The user has a Slip link running e Telnet The user has a telnet session running Rlogin The user has an rlogin session running IP Address diactIP The currently assigned IP address from the IP address pool or the RADIUS server The remote users PC is assigned to this address The address appears in the IP address 0 0 0 0 format Port on Remote Machine diactPort The TCP port number being used by this connection The range is from 0 to 65 535 Ports in the range of 0 to 1023 are well known ports used to access standard services Telnet uses port 23 and rlogin uses port 513 Local MRU diStatLocalMRU The current value of
315. pplnitialMRU Initial setting for Maximum Receive Unit MRU used for the PPP negotiation IP Address pppServicelpAddress This object defines the IP address which will be used for the PPP link IP Mask pppServicelpMask This object defines the IP mask which will be used for the PPP link IP Compression ppplpCompression This object defines the IP compression for the link IP Force Next Hop pppForceNextHop This object defines the IP address of the interface which should be the next hop for the packets fast routing WAN Circuit CONFIGURATION window 284 Access Server Administrators Reference Guide 23 Sync PPP Link Compression pppLinkCompression This object enables the PPP link layer address and protocol field compression When enabled the PPP negotia tions will DESIRE link compression but may disable the compression due the other end of the link not accept ing link compression When disabled the PPP negotiations will FORCE no compression on the PPP link e enabled 1 enable link compression e disabled 2 disable link compression Allow Magic Number Negotiation pppMagicNumber Determines if magic number negotiation should be done e enabled 1 enable magic number negotiation e disabled 2 disable magic number negotiation PPP Statistics This portion of the Dial In User Statistics window shows PPP statistics as 32 bit variables of the current user selected Bad Address pppStatBadAddresses
316. ptions are available e disable 0 neither option is enabled enable 1 support V 32 and V 32bis modulations V23 diModemV23Enable Enables or disables V23 modem modulation V22 diModemV22Enable Allow V 22 or Bell 212 modulations The following options are available e disable 0 Neither option is enabled enableV22 1 Enable V 22 modulation e enableBell212 2 Enable Bell 212 modulation V2 1 diModemV2 1 Enable Allow V 21 or Bell 103 modulations The following options are available e disable 0 Neither option is enabled e enableV21 1 Enable V 21 modulation e enableBell103 2 Enable Bell 103 modulation Maximum V8 Failures diModemMaxV8Failures Number of times the modem will attempt a V 8 connection before it is reinitialized Upon reinitialization it will automatically start making a V 8 connection Note This is for leased line operation only MaxSpeed diModemMaxSpeed Not Currently Implemented This variable assigns the fastest data rate that will be negotiated The range is 300 64000 MinSpeed diModemMinSpeed Not Currently Implemented This variable assigns the slowest data rate that will be negotiated The range is 300 33600 Note Increasing this number may prevent users with slower modems from success fully connecting Dial In Modify default window 75 Access Server Administrators Reference Guide 7 Dial In Guard Tone diModemGuardTone Normally a guard tone is not required bu
317. r has completed authentication and the user is now able to access the Internet I2tpTunneled Subsequent multilink call that was answered by another access server and tunneled to the access server that has the originating call Dial Telco window 60 Access Server Administrators Reference Guide 7 Dial In Kill The administrator can manually disconnect the user by activating this parameter e Dead The user s call has been disconnected This message disappears when the linger time expires Bury The call has been killed and removed from the dial in main window Transmit Connection Speed diactTxSpeed The connected speed of the modem link for example 28 8 bps These values in bits per second range from 300 33 600 WAN Link diactLinkIndex The T1 E1 WAN port number that the call is on Time Slot diactSlotindex Shows which T1 E1 channel the call is on This is a number from 1 30 Time Call Is Was Active diactSessionTime The amount of time the call was is active Termination Reason diactTerminateReason The reason a call was disconnected For the listing of reasons see Termination Reason diactT erminateRea son on page 91 State at termination diactTerminateState Indicates the value of diactState when the call was terminated A value of 0 indicates the call is still online Number Called diactNumberDialed The phone number that was used to dial into the access server Number Called From
318. r of far end unavailable seconds encountered by a DS1 interface in the current 15 minute interval Controlled Slip Seconds dsx 1FarEndCurrentCSSs The number of far end controlled slip seconds encountered by a DS1 interface in the current 15 minute interval Line Errored Seconds dsx 1FarEndCurrentLESs The number of far end line errored seconds encountered by a DS1 interface in the current 15 minute interval Far End Line Statistics Current 270 Access Server Administrators Reference Guide 22 e T1 E1 Link Path Code Violations dsx 1FarEndCurrentPCVs The number of far end path coding violations reported via the far end block error count encountered by a DS1 interface in the current 15 minute interval Bursty Errored Seconds dsx1FarEndCurrentBESs The number of far end bursty errored seconds BESs encountered by a DS1 interface in the current 15 minute interval Degraded Minutes dsx 1FarEndCurrentDMs The number of far end degraded minutes DMs encountered by a DS1 interface in the current 15 minute interval Far End Line Statistics History Click on Far End Line Statistics History to display far end statistics for previously completed 15 minute intervals see figure 113 CIRCUIT ID 1 Serve HISTORY OF FAR END PERFORMANCE Severely Severely Errored Controlled Line Path Bursty Errored Errored Frame Unavailable Ship Errored Code Errored Degraded Interval Seconds Seconds Seconds Seconds Seconds
319. rameters found in FilterIP IP FILTERING Server ID Action Source Destination Name Direction IP Port IP Port Protocol TCP Est Default Add Filter Specifications ID Name CREA Figure 67 Filter IP main window Defining a filter To define a new filter select a number and a name then click on the Submit Query button to submit the request The number and name must not already exist in the IP FILTER list and the number must be an inte ger between 1 and 20 To delete a filter enter just the ID number without a name and click on the Submit Query button Modify Filter After entering a number and name click on the name of the filter to display the filter parameters window see figure 68 Introduction 162 Access Server Administrators Reference Guide 13 e Filter IP FILTER 1 Delete a filter by deleting the name and clicking the Submit button Name misever Direction imboud EJ 7 Action passt E E Source IP equa Eoo O Mask 0 0 0 0 Destnat onIP fequal 0 19210101 Mask 255 255 255 255 Source Port noCompare 0 y lo Destination Port equattt sj f 10 Protocol lo TCP Established anyPackets 0 y Default for dialin no D m Submit Query Figure 68 Filter IP parameters window The following parameters can be configured for IP Filtering Note Any changes to a filter take place immediately This can aid in troubleshoot ing a filter profile while the user is online
320. red under the Ethernet link Technique Configuration Indicates the specified fixed rate and duplex for the Ethernet interface auto 0 auto negotiate the settings for the interface default e 100M full 1 force the interface to 100M amp full duplex e 100M half 2 force the interface to 100M amp half duplex e 0M full 3 force the interface to 10M amp full duplex e 10M_half 4 force the interface to 100M amp half duplex Ethernet Statistics This window shows statistics about the Ethernet Interface To reach this window select Statistics from the Ethernet main window Alignment Errors dot3StatsAlignmentErrors The number of frames received that are not an integral number of octets in length and do not pass the FCS check Ethernet Statistics 158 Access Server Administrators Reference Guide 12 Ethernet ETHERNET Alienment Errors FCS Errors Single Collision Frames Multiple Collision Frames SQE Test Errors Deferred Transmissions Late Collisions Excessive Collisions Other Errors Carrier Sense Errors Received Frames Too Long 0 Other Received Errors 0 Chip Set ID ES 21 1078 22 one O 20 o oo Figure 66 Ethernet window FCS Errors dot3StatsFCSErrors The number of frames received that are an integral number of octets in length but do not pass the FCS check Single Collision Frames dot3StatsSingleCollision Frames The number of successfully transmitted frames in which ther
321. ress 4 NAS Port 5 Service Type 6 Framed Protocol 7 Framed IP Address 8 Class 25 Called Station Id 30 Calling Station Id 31 NAS Identifier 32 Account Status Type 40 Account Delay Time 41 Account Session d 44 Account Authentic 45 Account Multiple Session Id 50 NAS PortType l Data Rate RX 197 Xmit Rate TX 255 Access Challenge Attributes 302 Access Server Administrators Reference Guide A Supported RADIUS Attributes Accounting Stop Attributes User Name NAS IP Address 4 NAS Port 5 Service Type 6 Framed Protocol 7 Framed IP Address 8 Class 25 Called Station Id 30 Calling Station Id 31 NAS Identifier 32 Account Status Type 40 Account Delay Time 41 Account Input Octets 42 Account OutputOctes 43 Account Session d 44 Account Authentic 45 Account Session Time 46 Account Input Packets 47 Account Output Packets 48 AccountTerminate Cause 49 Account Multiple Session ld 50 NAS PortType l Data Rate RX 197 XmitRate TX T 255 Accounting Stop Attributes 303 Appendix B MIB trees Chapter contents Model O E AN 305 304 Access Server Administrators Reference Guide B MIB trees Model 2960 MIB Tree Structure org dod 1 1 2 3 5 6 4 directory management experimental security snmpV2 private 1 1 mib 2 enterprise 1 2 5 6 7 system interfaces icmp tcp udp 10 23 transmission rip 7 18 32 ethernet dsl T1 frame relay 2 3 4
322. rity for SYSLOG daemon set under the System Log link is less than this value the SYSLOG daemon will receive the major or critical alarm SYSLOG message Alarm SNMP Trap IP 1 alarmTraplpO The IP address of a host system which is running the SNMP trap daemon Critical and major alarm messages will be sent to the system If set to 0 0 0 0 then no trap message will be sent in response to a major alarm Alarm SNMP Trap IP 2 alarmTraplp1 The IP address of a host system which is running the SNMP trap daemon Critical and major alarm messages will be sent to the system If set to 0 0 0 0 then no trap message will be sent in response to a major alarm Alarm SNMP Trap IP 3 alarmTraplp2 The IP address of a host system which is running the SNMP trap daemon Critical and major alarm messages will be sent to the system If set to 0 0 0 0 then no trap message will be sent in response to a major alarm Alarm SNMP Trap IP 4 alarmTraplp3 The IP address of a host system which is running the SNMP trap daemon Critical and major alarm messages will be sent to the system If set to 0 0 0 0 then no trap message will be sent in response to a major alarm Temperature Threshold boxAlarmTemperature If the box registers a temperature greater than this temperature an alarm will be reported Temperature is reported in degrees Celsius Current Box Temperature boxTemperature Displays the current temperature in Celsius Clear All Alarms Clicking on this bu
323. rmation The IP addressing Information window see figure 81 is where you can view the default address for outgoing IP datagrams the local or loopback address of the box and the IP address of the box as defined in 20 System on page 230 IP ADDRESSING INFORMATION IP Address 192 49 110 253 on interface 1 Details Figure 81 IP addressing Information window Click on the Details link to display IP address Table entries for each defined network interface see IP address ing Information Details IP addressing Information Details This window see figure 82 shows IP address Table entries for each defined network interface Addressing Information 198 Access Server Administrators Reference Guide 16 IP ADDRESS 192 49 110 253 Entry Interface Index 1 Entry Subnet Mask 255 255 255 0 Entry Broadcast Address 0 Entry Reassembly Maximum Size 65535 Figure 82 IP addressing Details window Entry Interface Index ipAdEntlfIndex The index value that identifies the interface to which this entry applies Entry Subnet Mask ipAdEntNetMask The subnet mask associated with the IP address of this entry The value of the mask is an IP address with all the network bits set to 1 and all the hosts bits set to 0 Entry Broadcast Address ipAdEntBcastAddr The value of the least significant bit in the IP broadcast address used for sending datagrams on the interface associated with the IP address of this entry For example wh
324. routes in valid RIP packets which were ignored for any reason e g unknown address family or invalid metric RIP Version 2 Statistics 223 Access Server Administrators Reference Guide 18 RIP Version 2 Sent Updates rip2IfStatSentUpdates The number of triggered RIP updates actually sent on this interface This explicitly does NOT include full updates sent containing new information Status rip2IfStatStatus Indicates validity of this interface RIP Version 2 Statistics 224 Chapter 19 SNMP Chapter contents tdo AU et Eee 226 SNMP L T pis 226 A os come teat eee eke at E aed oo oe N 227 I T eoe eed e ee T Doy Bad Version smmpInBad Versions Lettere tp tae testa Are hire ERE DURER 227 bad Community Names aamplnBadC omimunity Names 40 0 ee wees 22071 Bad Community Uses EET S TT td 227 ASN Tane rors sample coerente e 227 Error Status Too Big snropinToSBiSs ci R E ESI 227 No Such Names smmplniNoSuchiNames tette temet eee ee EN Do IR T nap T TT o C Sen Mr eer 227 Error Status Read Only snnopln ReadOnly lila 227 eus Ibi ters range lens cia betes IE sree eta CE 227 Gor Ger Next Variables smmpleatalB eq Vata oro ones ewe inca 228 Set Variables ap cd EIS 228 Get Requests sam pliner Requests ceret eet Cu Tibe ett tiet 228 Get Next Requests snmplnGetNexts ceste as 228 se snc p iS ce eg o OE 228 Ger Responses mrap ntser RespioESes o Eidos 228 Mea pas rout O E E 228 O e ae ee eee am ete tate Na
325. rs Reference Guide 7 Dial In Login Attempts Allowed diAllowAttempts The maximum number of attempts a user will be given to login before being disconnected This applies to Text authentication only PAP and CHAP authentication are only allowed a single attempt Modify Configuration This portion of the Dial In Modify window see figure 28 on page 70 describes modifying the link compres sion MRUs and MultiLink and MultiBox parameters Link Compression diLinkCompression This object enables the PPP link layer address and protocol field compression The following options are available e enable 1 PPP negotiations will perform link compression unless the other end of the link is unable to work with compression e disable 2 No compression will be used on the PPP link This is the default setting Default Max Receive Unit diConfiglnitialMRU This is the default setting for Maximum Receive Unit MRU This value can be changed by authentication or PPP Allow Magic Number Negotiation diConfigMagicNumber Determines if magic number negotiation should be done This access server parameter is used to check whether a link is in a looped back state The following options are available e enable 1 The local node will attempt to perform Magic Number negotiation with the remote node disable 2 Magic Number negotiation will not be performed In any event the local node will comply with any magic number negotiations attempted by t
326. rs The RADIUS protocol is speci fied under RFC 2138 for authentication and RFC 2139 for accounting RADIUS servers are available as freeware for most computer platforms and is an excellent method for managing user dial in security Any RADIUS entries will require an associated server to process authentication requests from the access server or the access server will reject users access For more information about RADIUS see RADIUS User Authen tication below e tacacs Users 3 This feature is not currently available static Then RADIUS 4 Check the internal user database first if no match is found then use RADIUS to authenticate and provision user services static Then Tacacs 5 Check the internal user database first if no match is found then use TACACS to authenticate and provision user services Not currently implemented Note The following options apply only when using an external authentication server Setting Up Authentication 38 Access Server Administrators Reference Guide 5 e Authentication Host Address auHostAddress Tells the access server the IP address of the primary external authentication server This must be the IP address as the access server will not resolve a Fully Qualified Domain Name Secondary Host Address auSecondaryHostAddress When using a remote authentication server RADIUS this variable provides an alternative server IP address Host Port auHostPort This variable tells the acces
327. rt dnisProBleServicePort a 85 Service IP CdoisProhleSesvies DD i nci feretur ER ere iia 85 Telnet Userld dnisProlileTelnetUserld ii 85 Telnet Mode dnisProfileTelnetMode orenera nE N E EAEE EET NRSR 85 Status dms IpP rone Statie NEUE 85 DINIS IP Pools Window ci eee votre t e itte it 86 Jp Cees oY NL tasas att lan 86 IP Address Pool dxusIpPool cti atico 86 Status dnishoDPoglStabus snc caninas di eet RE RERO MER UR DER Sansa LER PREIS ALE ce da Dali ob 86 Add a DNIS Profile hieme dla eiie one iiie eam ipee 86 DNIS TP Fool Entry Window aida diria 87 IPAddress Pool doisIpDool merecia lid 87 statusiamsIpLoo Status ul S RU RO do E e etd eases 87 Dial In User Statistics WIBOW ee eiecit deterrere aside dees eatin tina eee ena 88 Call Identification sii et e RR EE RE E ERR ERE RETI ects cae 89 CMD uut acces ee trier ve Ee ie eset tee end ce erect odes tee bera 89 State Aet State ds e ia 89 Username diact Username eiii 89 Password diastD AasSwOfl a Pes etes peb ceste eere cepas deua eu ue ead ve 89 Shared Unique ID diac Mul lndes i eie e di 89 Protocol dioer ro COCO sitial ltda 89 Security Level SA PU ERE EE EROR FEET N 90 DSP Link diaetl SPIBdex 2 ecce retie reete eter rer tie deren duces cova eee neo eo esset aet letras celestes eic odes ad 90 Interface Link diactIE Index cnica teneret pera oce rita cn aiii 90 WAN Parle eliactbankIndex eo 90 Tore Slot diaetS ot n dex ina tiec neret ea aiti aae nti e anser 90
328. rvalSESS eese eene tnnt aenn 272 Severely Errored Frame Seconds dsx1FarEndIntervalSEFSs risiini 272 Unavailable Seconds dsx1FarEndIntervalUASS aeaaaee Rasah anch agora oani n ORO 272 Controlled Slip Seconds dsxl FarEndIntervalESS5 reete tien td tdi 272 Path Code Violations dsxi FarbndIntetvalPG Vs e eee teer rt 272 Line Errored Seconds dsx1FarEndIntervalLESS coincida ttt ciet tenente enar tn tas 272 Bursty Errored Seconds dsxlFarEndIntervalBESS eter eterne re repente retia eene andate anadir 272 Degraded Minutes dsxlFarEndlIntervalDMS iii rr rine beet ae Bee ete rendre epu ee 272 Line Code Violations dsx1FarEndIntervalLC Ws eese ainan aaoun aga eano aneao Taan agne 272 Far End Line Statistics Totals ei aii 273 Errored Seconds dsx FarEnd LotalESs ci di idad 273 Severely Errored Seconds dez Par bnd TotalSESs ancianidad 273 Severely Errored Frame Seconds ds 1ParEnd TotalSEESS reiicteteee ise ettet rire eti a 273 Unavailable Seconds dsx1FarEndTotalUASS eee eeir ia airidas 273 Controlled Slip Seconds dsxIParEnd Total CSS ina Rat 273 Line Errored Seconds dsxl FarEnd TotalLESs secccccicccccescsiessavepesseciesecsscueevessscccseuessicassavassteusedvaseesctasdbersessesd 273 Path Code Violations dsxl FarEnd T otalPG Vs mein airis 273 Bursty Errored Seconds dsx1FarEndTotalBESS eese tette tette tnnt ennonn 274 Degraded Minute
329. ry WINS 0 0 0 0 Secondary WINS 0 0 0 0 Figure 26 Dial In Details window Dial In Details 65 Access Server Administrators Reference Guide 7 Dial In Dial In Modify default window The Dial In Modify default window see figure 27 is where you can make changes to the following Login access server parameters see Modify Login User login services see Modify Service on page 68 Primary and secondary domain name servers see Modify Domain Name Server on page 69 Dial in attempts access server parameters see Modify Attempts on page 70 Link compression MRUs MultiLink and MultiBox access server parameters see Modify Configuration on page 71 e Time out access server parameters for the session idle time to login and the MIB data linger time see Modify Maximum Time on page 72 Modem configuration objects for dial in users see Modify Modem Configuration on page 74 To reach this window select Modify from the Dial In Details window or the Dial In main window Patton Home Page DIAL IN HOME Import Export Login Alaims IP Address Pool 192 168 200 175 192 168 Authentication Pool Format XXX XXX XXX aaa Xxx Xxx Xxx bbb where aaa lt bbb DAX Login Technique textorchaporpap 6 21 Dial In Username Prompt username Dial Out Callback Password Prompt Password Drop and insert Initial Banner Welcome to the Matrix S t Submit Query Filter IP Service Fr
330. s 0 Get Get Next Variables 384 Set Variables 1 Get Requests 96 Get Next Requests 0 Set Requests 2 Get Responses 0 Traps 0 Authentication Failure Traps Figure 93 SNMP window Note Additional SNMP traps can be configured as described in Chapter 4 Alarms on page 23 and Chapter 21 System Log on page 241 See those chapters for details on SNMP trap configurations SNMP window The SNMP window displays incoming and outgoing SNMP statistics and has links for downloading and dis playing the following MIB documents e Corporate MIB defines overall structure of the RAS MIB Enterprise MIB defines MIB variables applicable to a group of products Product MIB defines MIB variables specific to a particular product The access server also supports MIB variables defined in the following RFCs 1155 Structure and Identification of Management Information for TCP IP based Internets 1213 Management Information Base for Network Management of T CP IP based Internets MIB II 1315 Management Information Base for Frame Relay DTEs 1389 RIP Version 2 MIB Extension Introduction 226 Access Server Administrators Reference Guide 19 lt SNMP 1406 Definitions of Managed Objects for the DS1 and El Interface Types 1643 Definitions of Managed Objects for the Ethernet like Interface Types Packets snmplnPkts The total number of Messages delivered to the SNMP entity from the transport service Bad
331. s dsx lFacEndTotalDM russia reper tee eee 274 Using Non Facility Associated Signaling INEAS nomina idas Foe rate Pei tere 274 Conto DIES aora r nda EE E e UNE EP odo Ue Tes eU 274 251 Access Server Administrators Reference Guide 22 e T1 E1 Link Introduction The T1 E1 Link Activity window see figure 102 shows the configuration of the T1 E1 Interface and reports statistics on the quality of the T1 E1 connection The statistics listed in this section comprise those contained in RFC 1406 Definitions of Managed Objects for the DSI and El Interface Types T1 E1 LINK ACTIVITY Link 1 Type dsx1ESF 2 Circuit ID WAN Circuit Line Status No Alarm Confguration Channel Assignment Near End Line Statistics Current History Totals Far End Line Statistics Current History Totals gt Link 2 Type other 1 Circuit ID WAN Circuit Line Status No Alarm Configuration Channel Assignment Near End Line Statistics Current History Totals Far End Line Statistics Current History Totals Link 3 Type other 1 Circuit ID WAN Circuit Line Status No Alarm Configuration Channel Assignment Near End Line Statistics Current History Totals Far End Line Statistics Current History Totals Link 4 Type other 1 Circuit ID WAN Circuit Line Status No Alarm Configuration Channel Assignment Near End Line Statistics Current History Totals
332. s Deferred D ransmissions aci 159 are Collisions doo A a 159 Excessive Collisions dat9StatsExcessiweCollisiOns lt sscssescssesectoascdvsooceasteccossocesevenedoavoceussicuodeteassveecevesdceeseees 159 Other Errors dot3Starslatermallviac Transmit Errors dia 159 Cartier Sense Errors dotaotabst appipgpS T ae sae eine eat 159 Received Frames Too Lone dot3StatsFrame l ooLongs 3e eeu Ue SO UERREHIE ES 160 Other Received Errors dot9StatsInteroalMacRecemeBtrors i eerte ertet et ense tosca enar 160 A o oec er e UR M MC 160 154 Access Server Administrators Reference Guide 12 Ethernet Introduction The access server provides management and statistical information in the Ethernet window see figure 66 Detailed information regarding the SNMP MIB II variables may be downloaded from RFC 1643 Definitions of Managed Objects for the Ethernet like Interface Types Click on Ethernet under the Configuration Menu to display the Ethernet main window The Ethernet main window displays information about the configuration of the Ethernet interface including IP addresses subnet masks and state of the Ethernet link The ethernet interface contains the following links Statistics link Clicking on the Statistics link takes you to the page where you can see the statistics on the ethernet interface For more information about the Statistics page refer to Ethernet Statistics on page 158 Modify Clicking on the Modify link ta
333. s Of Frame failure is cleared Loss Of Frame Failure For T1 links the Loss Of Frame failure is declared when an OOF or LOS defect has persisted for T seconds where 2 T 10 The Loss Of Frame failure is cleared when there have been no OOF or LOS defects during a period 7 where 0 T 20 Many systems will perform Ait integration within the period T before declaring or clearing the failure for more information see TR 62411 16 For El links the Loss Of Frame Failure is declared when an OOF defect is detected Loss Of Signal Failure For T1 the Loss Of Signal failure is declared upon observing 175 75 contiguous pulse positions with no pulses of either positive or negative polarity The LOS failure is cleared upon observing an average pulse density of at least 12 5 over a period of 175 75 contiguous pulse positions starting with the receipt of a pulse For El links the Loss Of Signal failure is declared when greater than 10 consecutive zeroes are detected see O 162 Section 3 4 4 Loopback Pseudo Failure The Loopback Pseudo Failure is declared when the near end equipment has placed a loopback of any kind on the DS1 This allows a management entity to determine from one object whether the DS1 can be considered to be in service or not from the point of view of the near end equipment TS16 Alarm Indication Signal Failure For El links the TS16 Alarm Indication Signal failure is declared when time slot 16 is received as a
334. s in the process of disconnecting e dead 10 Dial out user has disconnected from remote access server e kill 11 Kills dial out user s connection to access server e bury 12 kill the call and or remove from the call from dial out main window waitingForlpcp 14 the unit is in the process of negotiating an IP address for PPP based calls waitingRedial 15 The location is disconnected and waiting to 30 seconds to redial for continuous based calling e waitingOnDemand 16 The location is disconnected and waiting for demand to initiate a call Duration doactSessionTime The amount of time the call session has been active Disconnect Reason doactTerminateReason The reason the call was disconnected stillActive 0 call is currently connected e notKnown 1 unknown disconnect reason e idleTimeout 2 call exceeded idle timeout parameter Killed 3 call terminated by administrator userHangup 5 DSP discovered remote modem was hung up abruptly Examples could be that the phone line was pulled out of the wall jack or the user terminated the communications without closing the connec tion down If the modems are unable to bring up the physical line by successfully negotiating the modula tion userHangup will be registered if the remote modem gave up trying to complete the call modemCanNotConnect 6 the modems are not able to bring up the physical line by successfully negoti ating the modulation The rem
335. s mandatory otherwise disconnect Compression modemCompression Assigns the data compression protocol to use with the modem This setting is in effect only when v 42 error correction is active e direct 0 no compression will be used e requestV42bis 1 enable v 42bis data compression If this is selected the modem will negotiate for v 42bis and if it is not available will use no compression Dial Out Locations Window 122 Access Server Administrators Reference Guide 8 Dial Out e requireV42bis 2 v 42bis compression is mandatory otherwise disconnect e v44 3 allow v 42bis and v 44 data compression Will negotiated for v 44 compression first if that s not available then it will try v 42bis and if neither is available will use no compression Billing Delay modembBillingDelay The number of seconds after answering the call during which the modem should be silent Status modemStatus This is the status of the modem profile entry valid 1 means the entry is valid Set the profile to destroy 2 to remove the profile View modem profile To view and or modify a modem profile click on the profile ID in the table and you will see the following page Settings can be modified and submitted on this page Any changes will take place on the next call to the location s which are using this profile See the section Add Modem Profile on page 121 for an explanation of each field back Modem Profile ID
336. s package operating the Designated Equipment or downloading the Program s electronically the End User agrees to the following conditions 1 Definitions A Effective Date shall mean the earliest date of purchase or download of a product containing the Patton Electronics Company Program s or the Program s themselves B Program s shall mean all software software documentation source code object code or executable code C End User shall mean the person or organization which has valid title to the Designated Equipment D Designated Equipment shall mean the hardware on which the Program s have been designed and pro vided to operate by Introduction 298 Access Server Administrators Reference Guide 26 License 2 Title Title to the Program s all copies of the Program s all patent rights copyrights trade secrets and proprietary information in the Program s worldwide remains with Patton Electronics Company or its licensors 3 Term The term of this Agreement is from the Effective Date until title of the Designated Equipment is transferred by End User or unless the license is terminated earlier as defined in 6 Termination below 4 Grant of License A During the term of this Agreement Patton Electronics Company grants a personal non transferable non assignable and non exclusive license to the End User to use the Program s only with the Designated Equip ment at a site owned or lease
337. s server which UDP port to use when connecting to the host specified in the Host Address variable The RADIUS standard as per REC 2138 specifies port 1812 for RADIUS authentication Some older installations of RADIUS use port 1645 Timeout auTimeout This option specifies the time in seconds before the access server will retransmit an authentication request to an external authentication server Retries auRetries This option specifies the number of times the access server will resend an authentication request to a RADIUS server after a TIMEOUT occurs If this number is exceeded then the secondary host will be tried If this num ber is exceeded by the secondary host the user will be rejected Secret auSecret The Secret variable sets the shared secret between the authentication client access server and the authentica tion server RADIUS It is used to encrypt an authentication request and to decrypt an incoming reply from the server The secret on the access server and the RADIUS server must match and must be 15 or fewer print able non space ASCII characters Note The same secret word must used on the access server and in the RADIUS cli ents file NAS Identifier auNASIdentifier This variable is used to identify the access server to the remote authentication server If this option is blank then the access server will use it s IP address to identify itself to the remote server It does this by using the NAS IP Address attribut
338. s the alarm to a non alarm condition Clear Alarm resets Alarm Time to 0 0 seconds and resets the Alarm Count to 0 Modify Response Configuring the alarm response system The alarm response outputs only effect external notification via SYSLOG SNMP as the front panel ALARM LED and the web administration pages will always indicate an alarm condition The following user configura tion items can be set to permit external notification of access server alarm conditions Alarm Response System Alarm Response Outputs Alarm Syslog Priority pricrityinfo 20 El en y Alarm Trap IP 1 92169165254 Submit Query S Alarm Trap IP 2 92189165254 Submit Query Alarm Trap IP 3 fraoiea tessa Submit Query l Alarm Trap IP 4 192 169 165 254 Submit Query Temperature Threshold IS Submit Query Figure 11 Alarm Response System window Modify Response Configuring the alarm response system 27 Access Server Administrators Reference Guide 4 Alarms Alarm Syslog Priority syslogAlarmPriority The SYSLOG priority of the alarm SYSLOG message If the minimum priority for SYSLOG daemon set under the System Log link is less than this value the SYSLOG daemon will receive the major or critical alarm SYSLOG message prioritySystem has the highest priority priority Verbose the lowest priorityVerbose 5 priorityDebug 10 priorityInfo 20 e priorityOddity 40 priorityService 60 e prioritySystem 80 e priorityDi
339. s to remote networks or a specific remote host are created Add a route First Entry Destination Mask Gateway Second Entry 0 0 0 0 0 00 0 0 0 0 0 0 0 0 0 0 0 0 Advanced Interface 0 0 0 0 0 0 0 0 o Figure 84 Add a route portion of IP Routing Information window Adding the default gateway Do the following Routing Information 201 Access Server Administrators Reference Guide 16 IP 1 Type the IP address of the host that serves as a gateway for your local network in the Gateway column of the first entry 2 Click Add Route Adding a point to point route Do the following 1 Under Destination in the first entry type the IP address of the remote host to which you want make a point to point connection 2 Under Gateway type the IP address of the host that will be forwarding packets to the IP address you entered in the Destination field in step 1 3 Click Add Route Note The appropriate subnet mask 255 255 255 255 for a point to point route will automatically be added for you Adding a static pointto point route to a remote host Do the following 1 Under Destination in the second entry type the IP address of the remote host to which you want to make a point to point connection 2 Type 255 255 255 255 for the subnet mask 3 Under Gateway type the IP address of the host that will be forwarding packets to the IP address you entered in the Destination field in step 1 4 Click Add Route Adding a
340. s up and running at 100M full duplex Note Note that the speed settings indicated above could indicate that the device reached this speed duplex as a result of an auto negotiated link or from being forced into this link state PrimarylPAddress boxEtherAPrimarylpAddress The Primary ethernet IP address PrimarylpMask boxEtherAPrimarylpMask The primary ethernet IP subnet mask PrimarylpFilters boxEtherAPrimarylpFilters Filters packets based on the filters assigned to the Primary IP address of the Ethernet port Enter the Filter ID of a filter configured under Filter IP Separate multiple filters using a comma Ethernet Modify Window 157 Access Server Administrators Reference Guide 12 Ethernet SecondarylpAddress boxEtherASecondarylpAddress The secondary ethernet IP address Note This address is not propagated via RIP SecondarylpMask boxEtherASecondarylpMask The secondary IP ethernet IP subnet mask SecondarylpFilters boxEtherASecondarylpFilters Filters packets based on the filters assigned to the Secondary IP address of the Ethernet port Enter the Filter ID of a filter configured under Filter IP Separate multiple filters using a comma Technique boxEtherATechnique Turns ethernet port off and on The remote access server must be reset for this setting to take effect e disable 0 ethernet port is disabled e static 1 ethernet port is turned on IP address es and mask s are obtained from data ente
341. sable 1000 e priorityDisable 1000 Alarm SNMP Trap IP 1 alarmTraplpO The IP address of a host system which is running the SNMP trap daemon Critical and major alarm messages will be sent to the system If set to 0 0 0 0 then no trap message will be sent in response to a major alarm Alarm SNMP Trap IP 2 alarmTraplp1 The IP address of a host system which is running the SNMP trap daemon Critical and major alarm messages will be sent to the system If set to 0 0 0 0 then no trap message will be sent in response to a major alarm Alarm SNMP Trap IP 3 alarmTraplp2 The IP address of a host system which is running the SNMP trap daemon Critical and major alarm messages will be sent to the system If set to 0 0 0 0 then no trap message will be sent in response to a major alarm Alarm SNMP Trap IP 4 alarmTraplp3 The IP address of a host system which is running the SNMP trap daemon Critical and major alarm messages will be sent to the system If set to 0 0 0 0 then no trap message will be sent in response to a major alarm Temperature Threshold boxAlarmTemperature If the box registers a temperature greater than this temperature an alarm will be reported Temperature is in degrees Celsius Modify Response Configuring the alarm response system 28 Access Server Administrators Reference Guide 4 Alarms Modify Alarms Configuring alarm severity levels The Modify Alarms window see figure 12 is where you can set the severity le
342. security as well as to provi sion services for selected customers While IP filters are typically thought of as a security measure many pro viders wish to limit some services a customer may have access to These could include such things as limited access only to an e mail server or proxy server IP filters also include the ability to encapsulate all packets received on the specified dialup link in an extra IP header using RFC 2003 This would allow packets on a dial up link to be tunneled to a specific host Each filter is a defined list of parameters based upon attributes in the IP TCP and UDP headers There are two major steps to filter creation first defining the filter then applying it to a user connection The same filter can be shared by several users The access server enables 20 separate filters to be defined of which up to 10 can be used on a single user con nection single filter can be assigned to a user via the Static Users Authentication Multiple filters can be assigned by using the RADIUS Filter Id attribute Filters can be configured with default settings that are used for all dial in sessions If any filters are applied through either RADIUS or the Static User filter parameter then all of the dial in defaults will be disabled and only the specified filters will be applied Click on Filter IP under the Configuration Menu to display the Filter IP main window see figure 67 The fol lowing sections describe each of the pa
343. sed to dial the remote location Data This portion of the Dial Out User Statistics window see figure 52 describes the amount of PPP data sent and received by this user Octets Sent doactSentOctets The number of octets bytes sent during this call Octets Received doactReceivedOctets The number of octets bytes received during this call Packets Sent doactSentDataFrames The number of packets sent to the user during this call Version 6 nomenclature for a packet is Ipv6 header plus payload Packets Received doactReceivedDataFrames The number of packets received by the user during this call Version 6 nomenclature for a packet is Ipv6 header plus payload Bad Packets doactErrorFrames Number of bad received packets received during this call Bad packets are those that failed CRC error checks Dial Out User Statistics Window 130 Access Server Administrators Reference Guide 8 Dial Out Physical Layer This portion of the Dial Out User Statistics window see figure 52 on page 130 contains statistics about the modem connection It includes modulation levels and other modem related statistics that are helpful when troubleshooting modem problems This section covers only modem type statistics not ISDN connections Connection Modulation doactModulation The modulation type of the modem link for example V 34 The modem link can have these modulation or data types unknown 0 v21 1 V 21 modulation e v22
344. server will negotiate a SLIP connection Not currently implemented e cslip Access server will negotiate a Compressed SLIP connection Not currently implemented dialout Access server will give a dialout connection The dialout connection is an AT command set driven connection into one of the access server modems On line help is provided by typing at help cr e ypn This option is currently not supported Note Ifa user attempts to login in using a different service than the one he or she has been provided the access server will reject the user The exception to this is CPPP which will revert to PPP if CPPP is not available on the client Note All changes made to the running configuration must be saved to FLASH by selecting Record Current Configuration under Immediate Actions on the HOME page of the access server Failure to do so will cause all configuration information to be lost the next time the access server is re booted After the user information has been entered click Submit Modify Static User To modify or further configure the user click the username you just created to display the Static User window see figure 19 Refer to the following sections while modifying the Static User settings When you are finished click Submit to store the changes Modify Static User 42 Access Server Administrators Reference Guide 5 e Authentication STATIC USER 0 Delete a user by deleting the Username and clicking the Subm
345. setting of 0 0 0 0 indicates that this option is not in effect The RADIUS attribute used to set the Force Next Hop is attribute 209 a Patton vendor extension For a full list of RADIUS attributes see A Supported RADIUS Attributes on page 300 Modify Domain Name Server This portion of the Dial In Modify default window see figure 27 on page 66 describes modifying the primary and secondary domain name servers for IP and Microsoft Windows Primary Domain Name Server diPrimaryDNS The primary domain name server address to pass to the caller Win95 PPP The first place to try to resolve host names i e IP address 204 91 99 128 Secondary Domain Name Server diSecondaryDNS The secondary domain name server address to pass to the caller Win95 PPP The next place to try to resolve the host name Primary WINS diPrimary WINS The primary Windows name server address to pass to the caller Win95 PPP The Windows Internet Naming Service WINS Secondary WINS diSecondary WINS The secondary Windows name server address to pass to the caller Win95 PPP The Windows Internet Nam ing Service WINS Dial In Modify default window 69 Access Server Administrators Reference Guide 7 Dial In Modify Attempts This portion of the Dial In Modify default window see figure 28 describes modifying the login attempts parameters for dial in users Attempts Failure Banner Success Banner IP 11 MTU M r n Login Attempts Allowed 3
346. settings are none l no compression e vj TCP 2 enabled Remote Max Slot ID dilpRemoteMaxSlotld The Max Slot Id access server parameter that the remote node has announced and that is in use on the link If vjTCP header compression is not in use on the link the value of this object will be 0 The range is from 0 to 255 Local Max Slot ID dilpLocalMaxsSlotld The Max Slot Id access server parameter that the local node has announced and that is in use on the link If vj T CP header compression is not in use on the link the value of this object will be 0 The range is from 0 to 255 Next Hop Gateway diForceNextHop All packets received on the dial up link are forwarded to this gateway A setting of 0 0 0 0 indicates that this option is not in effect Dial In User Statistics window 98 Access Server Administrators Reference Guide 7 Dial In Primary Domain Name Server diactPrimaryDNS This is the DNS sent to us using RADIUS attribute 135 Secondary Domain Name Server diactSecondaryDNS This is the DNS sent to us using RADIUS attribute 136 Filters diStatlpFilterAtoJ The filters applied to the user s connection This includes inactive filters If an inactive filter is activated the rules of the filter will be applied immediately to the connection Phone This portion of the Dial In User Statistics window see figure 40 shows the phone numbers that were used by this caller Phone Number Called 1165 Number Ca
347. sion on page 90 PPP statistics see PPP Statistics on page 95 IP statistics see IP on page 97 Phone information see Phone on page 99 Data transfer statistics see Data on page 100 Physical layer configuration information see Physical Layer on page 100 Dial In User Statistics window 88 Access Server Administrators Reference Guide 7 Dial In To view individual user statistics select an active user in the State column on the Dial In main window see Dial In main window on page 55 For example if you wanted to modify user jill you would click on the online 6 link next to jill s username Call Identification This portion of the Dial In User Statistics window see figure 37 on page 88 shows user information for a unique user ID Call ID diactlndex Unique identification of this active call for internal use State diactState Indicates current progress of the selected call Ringing The call has been recognized by the access server and is in the process of going off hook e Connecting The access server has assigned a DSP to the incoming call and is now in the process of nego tiating the type of modulation V 34 V 32 ISDN or 56K e LepNegotiate The link is negotiating LCP parameters Authenticating T he access server is in the process of verifying the user s password by using static or RADIUS authentication Online The access server has completed
348. speed of the modem link for example 28 8 bps These values in bits per second range from 300 33 600 Receive Connection Speed diactRxSpeed The connected speed of the modem link for example 28 8 bps These values in bits per second range from 300 53 000 Error Correction diactErrorCorrection The modem error correction scheme used during this call None 1 No error correction on the call e V42 2 Error correction mode V120 4 Mode for ISDN B Data Compression Protocol diactCompression The modem data compression technique used during this call None 1 No compression e V42bis 2 Compression is running Stac 4 Compression is running e v44 5 V44 compression is running Modulation Symbol Rate diactSymbolRate The modulation symbol rate during the call This is used only when in V 34 and above modulations Locally Initiated Renegotiates diactLocalRenegotiates The number of times the local modem has initiated a modem speed renegotiate Dial In User Statistics window 101 Access Server Administrators Reference Guide Locally Initiated Retrains diactLocalRetrains The number of times the local modem has initiated a modem carrier retrain Remote Initiated Renegotiates diactRemoteRenegotiates The number of times the remote modem has initiated a modem speed renegotiate Remote Initiated Retrains diactRemoteRetrains The number of times the remote modem has initiated a modem carrier
349. ss Server Administrators Reference Guide 18 RIP Version 2 Receive rip2IfConfReceive This indicates which version of RIP updates are to be accepted Note that rip2 and ripl OrRip2 implies recep tion of multicast packets ripl 1 Accept RIP updates compliant with RFC 1058 rip2 2 Accept multicasting RIP 2 updates e riplOrRip2 3 Accept both doNotRecieve 4 Metric rip2IfConfDefaultMetric This variable indicates the metric that is to be used for the default route entry in RIP updates originated on this interface A value of zero indicates that no default route should be originated in this case a default route via another router may be propagated Status rip2IfConfStatus Choosing invalid has the effect of deleting this interface valid 1 invalid 2 RIP Version 2 Statistics The RIP Version 2 Status window see figure 92 displays routing and update information for each subnet address RIP Version 2 Status Subnet IP Address Bad Packets Bad Routes Sent Updates Status 19249 110 253 0 0 0 valid 1 Figure 92 RIP Version 2 details window Subnet IP Address rip2IfStatAddress The IP address of the interface on the access server Bad Packets rip2IfStatRcvBadPackets The number of RIP response packets received by the RIP process which were subsequently discarded for any reason e g a version 0 packet or an unknown command type Bad Routes rip2IfStatRcvBadRovtes The number of
350. static routes to a remote network Do the following 1 Under Destination type the IP address of the remote network for which you want to provide a static route 2 Type the appropriate subnet mask in the Mask field 3 Under Gateway type the IP address of the host that will be forwarding packets to the network you entered in the Destination field in step 1 4 Click Add Route Note Ifthe destination and subnet mask are incompatible or the Gateway address is not entered an error screen will appear Examples of correct and incorrect routes are shown in table 4 Table 4 Examples of IP routes Examples of correct entries Examples of incorrect entries Destination Mask Destination 192 10 10 11 255 255 255 255 192 10 10 11 255 255 255 0 Routing Information 202 Access Server Administrators Reference Guide Table 4 Examples of IP routes Examples of correct entries 192 10 10 0 253 2332390 Examples of incorrect entries 178 3 4 32 255 255 255 224 178 3 4 16 255 255 255 240 178 3 4 16 255 255 255 224 Advanced 16 IP Enables a route to be attached to an interface Packets to a network will be routed to that interface allowing the gateway IP address to be dynamic O S forwarding table window The O S forwarding table window lists forwarding information for all routes Click on the O S forwarding table window link on the IP Routing Information page to display this pag
351. stics on Link The HDIC statistics on the link are defined as follows Transmit Bits Sec framerelTxOctets This statistic shows the transmit rate in bits per second Receive Bits Sec framerelRxOctets This statistic shows the receive rate in bits per second No Buffers Available framerelRxNoBufferAvailable The number of packets received when no buffers were available Data Overflow framerelRxDataOverflow The number of packets received with overflow as indicated by hardware Message Ends framerelRxMessageEnds The number of packets received with message correct endings This value increases each time a valid Frame Relay packet is received Packets Too Long framerelRxPacketToolong The number of packets received that were too long Overflow framerelRxOverflow The number of packets received with overflow as indicated by software Aborts FramerelRxAbort The number of packets received that were aborted The Frame Relay main window 173 Access Server Administrators Reference Guide 14 Frame Relay Bad CRC framerelRxBadCrc The number of packets received that had bad CRC values Invalid Frames framerelRxInvalidFrame The number of packets received that had invalid frames Tx Underrruns framerelTxUnderrun The number of times the transmit buffer was not replenished in time to be sent out on the line LINK Resets framerelResets Number of times the link management LMI was reset Produce Status C
352. t that was incorrect Accounting replies from these servers would therefore be dropped because they could not be authenticated eventually resulting in timeouts and shutting the call down with the reason authenAc counting Timeout As a workaround for this issue the state enableAccountingNoValidation which does not check for valid encoding on the accounting reply packet was added as an option Radius Packet Format auRadiusPacketFormat The following options are available e fullRfcPacket The accept request packet includes Calling Station Id and Service Type RADIUS attributes minimumRfcPacket This setting does not include Calling Station Id and Service Type RADIUS attributes Radius Session ID Size auRadiusRunningldSize The session ID which is sent in the Accounting start and stop packets can be configured as either an 8 or 12 character string The 8 character session ID is formatted as follows see figure 15 on page 36 e MM The last two digits of the MAC address e R The number of times the RAS has rebooted since the last code upload This rolls over to 0 after 10 reboots e CCCCC Call ID in hex The call ID used is the one recorded on the main dial in screen The 12 character session ID is formatted as follows see figure 16 on page 37 e MMMM The last four digits of the MAC address e RR The number of times the RAS has rebooted since the last code upload This rolls over to 0 after 100 reboots e S
353. t one can be inserted This setting works for Phase Shift Key PSK modulations only not for V 32 or V 34 tone None 1 Guard tone is not used tonel1800 3 Guard tone is enabled CarrierlossDuration diModemCarrierLossDuration The number of seconds that the carrier signal must be missing before the connection is considered lost Choos ing a setting of 25 indicates forever The range is 1 to 25 Billing Delay diBillingDelay The number of seconds after answering the call during which the modem should remain silent Answer Tone length diModemAnswerTonelength The answer tone length can be adjusted for low speed modems If only modulations below v 34 are enabled the tone length can be reduced to a minimum of 1 millisecond which will reduce the total time it takes for the modem to connect The connection time can be reduced by up to 3 5 seconds Retrain diModemRetrain Enables the modem to monitor line quality and request a fallback or retrain for poor quality and a fall forward for good quality none 0 Do not allow modem to retrain fallback or fall forward retrain 1 Allow the modem to retrain if the line quality is poor FallForwardFallBack 2 Allow the modem to fallback to a slower speed if the line quality is poor or fall forward to a faster speed if the line quality is good TxLevel diModemTxLevel Not Currently in Use This variable should be set with caution and normally only after talking to
354. t parameter user l erminated 11 4A problem is discovered initiating the dial in users telnet rlogin or tcpclear session maxNumCalls 21 Exceeds maximum number of channels that can be allocated to the same call notPapReq 24 The access server is waiting for a PAP request packet containing the username password for a call but the packet received was not a PAP request packet nolpPoolAddr 30 Authentication server did not assign an IP address and access had no IP address pool defined to assign an IP address nolpAddr 31 Authenticator did not return an IP address for the service e g telnet or rlogin and the default service defined does not specify the service IP address maxLoginAttempts 32 Exceeded maximum login attempts as defined under the Dial in link invalidDefaults 44 Default service is set to a value other than rlogin telnet tcpraw ppp slip or vpn when using a login technique of None No IP address is defined when using rlogin or telnet Invalid telnet or rlogin services ports have been defined in the default service noDspAvailable 45 When the remote access server attempted to connect the incoming call to an avail able DSP no DSP could be found Some examples why a DSP could not be found are DSPs are no longer available to the resource pool because they are in reboot or hardware failure states DSPs are in an unavailable administrative state although they are functional The DSP resource poo
355. t up the line configu ration as it was already done when you installed the T1 for dial up 1 Click on T1 El Link under the Configuration Menu to display the T1 E1 Link Activity main window see figure 102 on page 252 2 Verify which port the T1 E1 cable is connected into on the access server that port number corresponds to the Link x where x is the same number as the port number portion of the T1 E1 Link Activity main window Click on Configuration in the appropriate Link x section for example if the T1 E1 cable was con nected to port 2 you would click on Configuration in the Link 2 section 3 Click on Modify Configuring Frame Relay 317 Access Server Administrators Reference Guide C Technical Reference The following settings must match the line configuration provided by the local telephone company For more information on setting up your T1 E1 see the Model 29xx Series RAS User Manual available online at www patton com manuals 29xx pdf 4 Click on the Line Type drop down menu and choose one of the following options Fora T1 line select dsx1 ESF 2 Extended SuperFrame DS1 or dsx1D4 3 A amp T D4 format DS1 For an El line choose dsx1E1 4 or dsx1E1 CRC 5 5 Click on the Line Coding drop down menu and choose one of the following options For T1 If you selected dsx1D4 3 line type select dsx1 AMI 5 line coding If you selected dsx 1 ESF 2 line type choose dsx1B8ZS 2 line coding For El
356. tCalled 56 Call disconnected while we were in the process of sending back the ack tone for the last expected called digit or while we were waiting for the termination of the far end tone in response to our ack mfr2DisWaitCalling 57 Call disconnected while we were waiting for the next expected calling number digit The number of calling number digits expected is more than the digits actually being sent or the Last response code is configured incorrectly so the remote access server and switch can not continue on with the interregister signalling mfr2DisAckCalling 58 Call disconnected while we were in the process of sending back the ack tone for a calling number digit or while we were waiting for the termination of the far end tone in response to our ack mfr2DisAckLastCalling 59 Call disconnected while we were in the process of sending back the ack tone for the last expected calling digit or while we were waiting for the termination of the far end tone in response to our ack mfr2 Dis WhileComplete 60 Call disconnected after the last expected digit was sent and acked The num ber of calling digits expected may be less than the number of digits sent or the last response code for the calling number is incorrect exceedsMultiLinkLimit 64 Exceeds multilink channel limit set either on the remote access server or in the user entry on the RADIUS server session Timeout 66 The length of the connection exceeds the session time limit
357. ta other 6 This feature is not currently supported Receive Equalizer linkRxEqualizer This variable determines the equalization used on the received signal Long haul signals should have the equal ization set for more Short haul signals require less equalization linkRxEqualizerOff 1 linkRxEqualizerOn 2 WAN Circuit Configuration Modify 260 Access Server Administrators Reference Guide 22 T1 E1 Link Line Build Out linkLineBuildOut This variable is used in T1 applications to adjust the T1 pulse shape at the cross connect point Select the pulse strength needed to minimize distortion at the remote T1 receiver end The default is tl pulseOdB which should be adequate for most situations triState 0 e elpulse 1 Select for El configuration e tlpulse0dB 2 Strong pulse shape e tlpulse 7dB 3 Medium pulse shape e tlpulse 15dB 4 Weak pulse shape Yellow Alarm Format linkYellowFormat This variable identifies which standard will be used to transmit and identify the Yellow Alarm link YellowFormatBit2 1 Bit 2 equal zero in every channel e YellowFormatDL 2 FF00 pattern in the Data Link e YellowFormatFrame12FS 3 ES bit of frame 12 FDL dsx EDU The framing bits used in a wide area link that are used for control monitoring and testing The following options are available e other 1 Indicates that a protocol other than one following is used dsxlAnsi T1 403 2 Refers to the F
358. tate 192 168 1 0 2552552550 19216813 1 2 user 2 active 2 192 168 13 255255255255 0000 1 2 local l active 2 Frame Relay NexHop 19249 110 0 2552552550 0000 1 1 local 1 active 2 Figure 131 IP routing with Frame Relay example In figure 131 the Frame Relay link shows the address of 192 168 1 3 As IP routing dictates the best fit for any forwarding decisions any destination with this address will automatically be sent across the Frame Relay link A network route using the Frame Relay link as its next hop is also shown in figure 131 The destination of 192 168 1 0 255 255 255 255 specifies the gateway or next hop of 192 168 1 3 With this entry any IP packet with the destination address in the range of 192 168 1 1 192 168 1 254 will automatically be sent down the Frame Relay link to the device with the IP address of 192 168 1 3 Adding a route To add a route do the following 1 To access the IP routing table in the access server click on IP under the Configuration Menu to display the IP window see figure 75 on page 187 2 Click on Routing Info Note To add a network route use the second set of entry items which allow for a destination mask and gateway Configuring Frame Relay 321 Access Server Administrators Reference Guide C Technical Reference 2 Type in the Destination network see figure 132 This number must correspond to the mask specified For example if you wish to forward a C class address you would leave
359. tempts Dial Out Modify window 111 Access Server Administrators Reference Guide 8 Dial Out Modify Login Use this section to configure the outgoing TCP port and general login information TCP Port doTcpPort The TCP port number that the dialout operation will listen to for connections TCP Type doServiceType TCP Service Type that will be placed on the TCP connection when established telnet 0 Telnet protocol e tcpclear 1 All 8 bits are passed unchecked and unaltered Restrict to Lan doRestrictToLan Enabling the restriction to LAN will stop dialout attempts from originating at any port other than the LAN port The options are defined below e disable 1 e enable 2 Login Technique dologinTechnique This variable defines the login sequence that a dial up user will see The options are defined below e none 1 Simply connecting to the TCP pipe enables dialout text 2 A valid username must be entered If the username is a static user with no password defined the connection will complete without requesting a password Otherwise a valid password must be entered Username Prompt doUsernamePrompt This prompt for a username is displayed at user authentication time A valid username should consist of ASCII characters and can include carriage returns and line feeds For example the prompt could be Enter your username Password Prompt doPasswordPrompt This prompt for a password is displayed at
360. termining whether the value of the corresponding ipRouteDest field belongs to a Class A B or C network and then using the appropriate mask from Table 3 on page 200 Interface ipRoutelfindex The index value which uniquely identifies the local interface through which the next hop of this route should be reached The interface identified by a particular value of this index is the same interface as identified by the same value of ifIndex Protocol ipRouteProto The routing mechanism via which this route was learned Inclusion of values for gateway routing protocols is not intended to imply that hosts must support those protocols unknown 0 local 1 Added by the access server to support an interface For example adding a route for a new dial in user IP Routing Destination window 205 Access Server Administrators Reference Guide 16 IP user 2 Added by an administrator on the IP Routing Information table or via SNMP management tools e dspf 3 Not currently implemented e rip 4 Learned via reception of RIP packet icmp 5 Learned via reception of ICMP packet e radius 6 Provided in RADIUS response packet Seconds Since Updated ipRouteAge The number of seconds since this route was last updated or otherwise determined to be correct Tag RouteTag An identifier associated with the route This can have different meanings depending on the protocol For exam ple this gives the tag that was passed with
361. terpreted correctly This setting becomes active when the link is in the up able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 Remote ACC Map doStatPeerToLocalACCMap The current value of the ACC Map used by the remote peer modem when transmitting packets to the local modem The local modem sends this character map to the remote peer modem to ensure that the data being transferred is interpreted correctly The remote peer modem combines its ACC Map with the map received from the local modem This setting becomes active when the link is in the up able to pass packets opera tional state for more information refer to Operational Status dilpOperStatus on page 98 Dial Out User Statistics Window 128 Access Server Administrators Reference Guide 8 Dial Out Local PPP Protocol Compression doStatLocalToRemoteProtComp Indicates whether the local PPP entity will use protocol compression when transmitting packets to the remote PPP entity This setting becomes active when the link is in the up able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 These are the available options e disabled 0 PPP compression is disabled e enabled 1 PPP compression is enabled Remote PPP Protocol Compression doStatRemoteTolocalProtComp Indicates whether the remote PPP entity will use protocol compressi
362. ters Received Unicast Packets ifUcastPkts The number of subnetwork unicast packets delivered to a higher layer protocol Received Non Unicast Packets ifNUcastPkts The number of non unicast that is sub network broadcast or sub network multicast packets delivered to a higher layer protocol Interface Details 182 Access Server Administrators Reference Guide 15 Interfaces Received and Discarded w No Errs iflnDiscards The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol One possible reason for discarding such a packet could be to free up buffer space Received Errored Packets iflnErrors The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol Received w Unknown Protocol iflnUnknownProtos The number of packets received via the interface which were discarded because of an unknown or unsupported protocol Transmitted Octets ifOutOctets The total number of octets transmitted out of the interface including framing characters Requested Unicast Packets ifOutUcastPkts The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Requested Non Unicast Packets ifOutNUcastPkts The total number of packets that higher level protocols requested be tr
363. than this setting will be sent to the syslog daemon defined by Syslog Daemon IP address The lower the number next to the priority listed below the more details System Log Modify 243 Access Server Administrators Reference Guide 21 System Log system logging will provide PriorityVerbose will generate the most messages while priorityDisable will turn off all messages e priorityVerbose 5 e priorityDebug 10 priorityInfo 20 e priorityOddity 40 priorityService 60 e prioritySystem 80 e priorityDisable 1000 Min Priority for Console RS 232 syslogConsolePriority System messages which have a priority equal to or greater than this setting will be printed directly to the RS 232 configuration port Messages will be printed regardless of the current operating state of the RS 232 config uration port If a manager is logged into the RS 232 port using PPP then syslog messages are not packed into PPP packets The lower the number next to the priority listed below the more details system logging will pro vide Priority Verbose will generate the most messages while priorityDisable will turn off all messages priorityVerbose 5 e priorityDebug 10 e priorityInfo 20 e priorityOddity 40 priorityService 60 e prioritySystem 80 e priorityDisable 1000 Min Priority for Flash Storage syslogFlashPriority System messages which have a priority equal to or greater than this setting will be permanently stored in
364. that come under each node Therefore while you can use the MIB diagrams in B MIB trees on page 304 to map out the OID through the Enterprise node level you will need to refer to section Using SNMP with the Access Server on page 313 for help in determining where the parameter you are interested in resides The calldialin node is immediately under the Patton branch therefore the OID is 1 3 6 1 4 1 1768 5 25 as shown in figure 128 on page 315 This new OID is used by the network management software to query the RAS for the total number of active calls Using SNMP with the Access Server 314 Access Server Administrators Reference Guide C Technical Reference iso gt org gt dod gt internet gt private gt enterprises gt patton gt calldialin gt diActive 1 3 6 1 4 1 1768 5 25 OID 1 3 6 1 4 1 1768 5 25 E ISO 3 e e 6 dod 1 internet 1 2 3 5 6 directory management experimental security snmpV2 1 1 mib 2 enterprise 1 2 5 6 7 system interfaces icmp tcp udp 10 23 transmission rip 7 18 32 ethernet dsl T1 frame relay 2 3 4 5 6 7 8 9 mfr2 authenticate listener calldialin testmanager installation dropinsert calldialout 25 1 2 diActive lineSig interRegSig 12 13 14 15 18 20 frame relay filterip genroute dax alarm model3120 1 7 8 13 box syslog flash fconfig 8 BoxEther Figure 128 MIB tree for Model 2960 access server 4 private 1768
365. the Flash PROM Some maximum number of messages may be stored in the Flash PROM before this storage area must be cleared e prioritySystem 80 Flash PROM will be used to store system level messages e priorityDisable 1000 No system level messages will be stored Min Priority for SNMP Trap Daemon syslogTrapPriority System messages which have a priority equal to or greater than this setting will be sent to the SNMP trap dae mon defined by syslogTrapIP The lower the number next to the priority listed below the more details system logging will provide Priority Verbose will generate the most messages while priorityDisable will turn off all messages e priorityVerbose 5 e priorityDebug 10 System Log Modify 244 Access Server Administrators Reference Guide 21 System Log e priorityInfo 20 e priorityOddity 40 priorityService 60 e prioritySystem 80 e priorityDisable 1000 Min Priority for RAM SyslogTablePriority System messages which have a priority equal to or greater than this setting will appear in System Log Volatile Memory The lower the number next to the priority listed below the more details system logging will provide Priority Verbose will generate the most messages while priorityDisable will turn off all messages e priorityVerbose 5 e priorityDebug 10 e priorityInfo 20 e priorityOddity 40 priorityService 60 e prioritySystem 80 e priorityDisable 1000 Unix Facility sys
366. the MRU for the local PPP entity This value is the MRU that the remote entity is using when sending packets to the local PPP entity This setting becomes active when the link is in the up able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 Remote MRU diStatRemoteMRU The current value of the MRU for the remote PPP entity This value is the MRU that the local entity is using when sending packets to the remote PPP entity This setting becomes active when the link is in the up able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 LCP Authentication LCPAuthOptions Authentication type used by the dial in user The following options are available e None 1 e Pap e Chap 3 e MSChapV1 4 MsChapV2 5 Dial Protocol window 63 Access Server Administrators Reference Guide 7 Dial In e Tacacs 6 Not currently implemented Edp 7 e ShivaPap 8 Not currently implemented Local Remote VJ Protocol Comprsn dilpLocalToRemoteCompProt The IP compression protocol that the local IP entity uses when sending packets to the remote IP entity The available settings are none 1 no compression vjICP 2 compression is enabled Remote Local VJ Protocol Comprsn dilpRemoteToLocalCompProt The IP compression protocol that the remote IP entity uses when sending packets to the local IP entity
367. the access server was powered on Total Calls diTotalCallAttempts The total number of calls attempted since the last boot of the box DSPs Not Working dspFailed This number should always be zero The DSPs in the access server are arranged as a resource pool and called upon at ring time If a DSP fails to respond to the access server s CPU it is determined to have failed at which point the CPU will remove the DSP from the resource pool If an incoming call attempts to access the failed DSP the RAS will answer then terminate the call to a person monitoring the failed call through a telephone handset he or she will hear only silence during the call ending with a faint click as the call is terminated One symptom indicating that a DSP has failed is if the access server is not handling as many calls as it normally does Total DRAM Detected boxDetectedMemory This number shows the total number of bits of installed and available DRAM Running Since Last Boot sysUpTime This tells you how long the access server has been running since the it was last reset It displays the number of hours and rolls over after 1 193 hours 497 days Operating Status Variables 17 Access Server Administrators Reference Guide 2 e Home Immediate Actions There are several immediate actions see figure 5 which when in superuser mode will cause the access server to operate according to the descriptions in the following sections IMMEDIATE ACT
368. the call is was active Minutes until timeout doactRemainingldle Number of minutes remaining until idle timeout if an idle timeout was specified Time left in session doactRemainingSession Number seconds remaining in this session if a maximum session time was specified Termination Reason doactTerminateReason Reason why the call was disconnected stillActive 0 call is currently connected e notKnown 1 unknown disconnect reason e idleTimeout 2 call exceeded idle timeout parameter Killed 3 call terminated by administrator e userHangup 5 DSP discovered remote modem was hung up abruptly Examples could be that the phone line was pulled out of the wall jack or the user terminated the communications without closing the connec tion down If the modems are unable to bring up the physical line by successfully negotiating the modula tion userHangup will be registered if the remote modem gave up trying to complete the call modemCanNotConnect 6 the modems are not able to bring up the physical line by successfully negoti ating the modulation The remote access server has given up trying further to complete the physical connec tion modemError 7 an internal DSP error has occurred Dial Out User Statistics Window 125 Access Server Administrators Reference Guide 8 Dial Out pppClose 8 This reason will be given after PPP is initiated and the connection is disconnected An exam ple would be if LCP ne
369. the default setting The monitor user can view but not change any parameters Mon itor can not view passwords e writeUser 18 The monitor user can change all parameters except passwords under authentication drop and insert and dial in links e writeUserlp 50 The monitor user can change all parameters except passwords under authentication drop and insert dial in and IP links e writeUserlpWan 114 The monitor user can change all parameters except passwords under authenti cation drop and insert dial in IP T1 E1 and Frame Relay links writeUserlpWanSystem 242 The monitor user can change all parameters except passwords under authentication drop and insert dial in IP T1 E1 Frame Relay System and System Log links e writeUserlpWanSystemUpload 498 The monitor user can change all parameters except passwords under authentication drop and insert dial in IP T1 E1 Frame Relay System and System Log links The monitor user can also load firmware updates into the access server System main window 236 Access Server Administrators Reference Guide 20 System System Modify window The System Modify window see figure 96 is where you can change SNMP and HTTP payable features country of installation and other parameters SYSTEM SNMP AND HTTP Version snmpvi 1 Superuser Password No Access Superuser Password Verification User Password monitor User Password
370. ther end detects it noErrorInjection 0 injectCRCerrorBurst 1 injectLineErrorBurst 2 WAN Circuit Configuration Modify 263 Access Server Administrators Reference Guide 22 e T1 E1 Link Line Status Channel Assignment Clicking on the Line Status Channel Assignment link in the T1 E1 Link Activity window displays the WAN Circuit Channel Assignment window see figure 107 T1 E1 lines are segmented into twenty four T1 or thirty E1 individual channels or time slots WAN Circuit CHANNEL ASSIGNMENT Set all channels to Off Dialin Frame Relay Private Line Drop and Insert Blocked Submit Query Channel Desired Function Current State dialin 1 Figure 107 WAN Circuit Channel Assignment Channel channellndex This object is the identifier of an entry in the channel table Submit Query ChannelDesired Function Current State eo JN 5 5 O scone SO ss N Figure 108 Channel assignment showing dialout desired function Desired Function channelfunction This variable defines how the connection is made to each of the 24 or 30 T1 E1 time slots off 0 Do not signal on this channel in response to the central office The access server will generate an idle signal e dialin 1 Used for dial in dialout 2 used for dial out When dialing out of the server the first available channel set to dialout will be used see figure 108 If no dialout channels are a
371. tiated Destination NetMask locationDestinationNet This is the net mask of the remote location Dial Out Locations Window 118 Access Server Administrators Reference Guide 8 Dial Out Multilink locationConfigMultilink This is the number of calls to multilink together When placing more than one call the first call will be placed then once it is online the additional calls will be dialed and multilinked together Connection Type locationConnectType This is the type of dial out to use The following options are available e Manual 0 administrator will manually initiate the call by setting status to dial Continuous 1 after the administrator initiates the first call the server will automatically reconnect after a 30 second delay if the connection goes down e Dial on demand 2 if the access server receives data destined for the IP address or net specified for this location the location will be dialed The connection will be dropped after the idle timeout or session time out specified Idle Timeout locationldleTimeout Maximum idle time before link is shut down Especially useful for Dial On Demand calls Maximum Session Time locationSessionTimeout Maximum session time before link is shut down Authentication Technique locationAuthTechnique Technique used to authenticate at the remote location Ip Filters LocationlpFilters Id of up to 10 IP filters which can be assigned to this interface See s
372. time Reserved B dspReservedB No assigned functionality at this time DSP information window 153 Chapter 12 Ethernet Chapter contents R EEES 155 a Man Window cioricricre nie ienie EEA E EEE E E EA E 155 SAA Rna e 155 Pamay Address Doc TE HEE T 156 PrimarylpMask boxEtherA Primari pMask tac 156 Poman ido de RITEN to 156 AecondearylpAddress boxEtherA Secondary dpAddtess aaa ads 156 Secnddardptasle bexEuserasecondanytplylaskie Decet e Ee e EUREN 156 EET Das T h ie eai e e E E E E E 156 Technigue bos sen Tecbrule eese e rE E E AEE E E AE usse A 156 LG AA ATA M OP Rp T 156 Ethernet A T x nete entes ete E daeesd dees duacsqauaseceeasuasuecasvasacsdeadecuaversioatenyece 157 ld ds a3 ioe OS Se A 157 Primary T Address boxer Pran pd le ee see 157 Primarglp Mask tboxi mierA Primary IpMask ano 157 PamanlpElres boxEtherAPrimatyl priltets antec TED ea cs 157 SecondaiylpAddrese boxEtlierASecondaryIpAdlelress ads 158 Seconda olas besEdsenaSscondarnyIply ask ete ecce eec Ea eT STEE EER 158 AecondaryIpEilters boxEtherASecondarylp Filters leia 158 Technique MA cec tert cT Ma I E Dec 158 Techmigue Xe ah Cou NA 158 Ethernet Stass O 158 Alenmem Errors dota an oa ie oaa a e E E N OH RG 158 PCS Emor doro Stas U T eee ea E A E E E A oe Il io 159 Single Collision Frames dot lol Frames aa 159 Multiple Collision Frames dot3StatsMulupleCalistanEranmes eroice enei eaan 159 SOEd esto doro A o E EE 159 Deferred Transmissions dot3Stat
373. tion Maximum Speed 64000 Minimum Speed 300 Guard Tone tonenone 1 Carrier Loss Duration 14 Retrain retrain 1 Tx Lev l 116 Protocol requestV42 1 Compression requestV42bis 1 Restrict Modification disable 0 Figure 44 Dial Out Modify window Maximum Time V 92 Configuation Modem Configuration Dial Out Modify window 113 Access Server Administrators Reference Guide 8 Dial Out Maximum Session Time doSessionTimeout This is the maximum time in minutes that a connection is allowed to be maintained After this time the con nection will be terminated even if there is active traffic on the connection This is a default setting which can be overridden by the authentication of a specific user Maximum Idle Time doldleTimeout This is the maximum time in minutes that a connection is allowed to be idle with no traffic After this time the connection will be terminated This is a default setting that can be overridden by the authentication of a specific user Time to Login sec dologinTimeout This is the maximum time in seconds that a user is given to log in This only applies to the time before the user is authenticated This setting should take into account any time delays incurred when querying a remote authentication server such as a RADIUS Call History Timeout min doLingerTime Number of minutes a MIB entry remains in the Active table after the call it pertains
374. to flash memory Click on HOME under the Configuration Menu then click on the Hard Reset button under Immediate Actions Note Do not select Record Current Configuration after importing configuration parameters Import Configuration 22 Chapter 4 Alarms Chapter contents ITE desd 24 Whsplayine the Alarme wiBdawi ec a 25 Tool sprm Aunn K lamn cipal a E A A en dee T TT 25 Aara Response O 26 Alarm Syslog Priority syslogAlarm Priority metet tere eer eI EH UU TR UMS 26 TREUT Trap A iS E t TI EE 26 Alarm SOMIT Trap IP alar apl p 1 hene eR eue e ERES 26 iem SNMP Trap I Y R TE a 26 Alarm IM Trap TP orn a eS 26 Temperature Threshold Maa ier eere retten eerte UU 26 Current Box Temperature box l empecatute eed e coe er eel ue Te eT 26 R S EA Er 26 OG UL Mf M D I E 26 Alara bog al etre gl LY Bars Ces Re ose A E t e E 26 a ks ame Noe crece er Ve sn Te need 27 AE A te edo 27 a E a 27 Ad Coma laa A T 27 ud CP QE LEM 29 MN TE OT d c M EE 27 Mod Respanse tContiguing de alari response Sy SEC oc metet ee ue ERES 2 Alarm Syslog Priority syslogAlarniPriofity nee 28 usc S NOM Trap I ofa i T DTI een ento tef oct ee e reU dee ru etn 28 Alarm SONT Trap IP cacas 28 aaron S NIV rom EP agr T e eU ere LIE UU LRL 28 ANETO a 28 ME A oa 28 Modify Alarms C onieumne alarni severiy el iaa 29 23 Access Server Administrators Reference Guide 4 Alarms Introduction The access server has an extensive alarm reporting system w
375. to is disconnected This setting is the amount of time dead calls remain on the dial out page Modify V 92 Configuration This portion of the Dial In Modify Default window see figure 30 on page 74 describes modifying the V 92 Configuration parameters V 92 Features diModemV92Enable Enables and disables V92 functionality Quick Connect diV92QuickConnect Quick connect shortens a modem s time to learn a phone line s characteristics by reusing some information pre viously learned This setting enables or disables quick connect Modem on Hold diV 2ModemOnHold Modem on Hold allows a user to accept a phone call without breaking the connecting to the Internet This set ting enables or disables modem on hold Modem on Hold Timeout diV92ModemOnHoldTimeout If modem on hold is enabled sets the length of time the user can be in the modem on hold state before discon necting the call V 59 Messages to Radius diV59Enable V 59 specifies a set of Modem Managed Objects MMO intended for modem diagnostics across standard ized interfaces on V series modems This will allow information from the remote modem to be accessed for fault finding and performance optimization This setting enables or disables the sending of V 59 packets to the RADIUS server using the RADIUS protocol Note V 59 generates an enormous amount of data This can interfere with your RADIUS server s ability to perform authentication and accounting and fill up Dial Out Mod
376. ts ertet ie ette iterata impara estne ansa epa i ITE 100 Access Server Administrators Reference Guide 7 Dial In Packets Sent diactSent DataErames 4 era teu AOA rH eri rte Hoe bb eia aue 100 Packets Received diactReceivedDataFrames essere donton ennt ran nr rana 100 Bad Packets diactEpror TAI eet tester ertet eot Lore ce ete vereor teer Does dd 100 Physical Layer cidad ten red e EO da n RO EE IER Re ah ea EE da 100 Connection Modulation diactModulation eee esent ennt nete tnn ennt nee tne nas 100 Transmit Connection Speed diactTxSpeed 12 tee tem rete EE Dei etd enfer dede reg 101 Receive Connection Speed diactRxSpeed mem de tee Rec n ie ec ete ceed ead ere 101 Error Correction diactEtror Correction eicere eite oerte ett ces ehe Co doce ceva ca borne e eoe eo cinta fede 101 Data Compression Protocol diactCom pression onns erriei e Ena EEE OaE 101 Modulation Symbol Rate diactSymbolRate sss 101 Locally Initiated Renegotiates diactLocalRenegotiates vinil 101 Locally Initiated Retrains diactLbocalR trains iii inn cae PRESA ERES 102 Remote Initiated Renegotiates diactRemoteRenegotiates eene 102 Remote Initiated Retrains diactRemoteRetrains eese eene nennen nnne nnn 102 53 Access Server Administrators Reference Guide 7 Dial In Introduction The Dial In main window see figure 22 is where you can change or view it
377. ts operational state The values are from 0 to 128 Receive Frame Check Seq Size pppStatReceiveFcsSize The size in bits of the frame check sequence FCS that the remote node will generate when sending packets to the local node This setting becomes active when the link is in the up able to pass packets operational state The values are from 0 to 128 IP This portion of the statistics window shows operational status and type of compression used Operational Status ppplpOperStatus The current operational state of the interface These are the available options e up 1 able to pass packets e down 2 unable to pass packets testing 3 in test mode and unable to pass packets Local Remote VJ Protocol Comprsn ppplpLocalToRemoteCompProt The current operational state of the interface These are the available options e up 1 able to pass packets e down 2 unable to pass packets e testing 3 in test mode and unable to pass packets Remote Local VJ Protocol Comprsn ppplpRemoteTolocalCompProt The IP compression protocol that the remote IP entity uses when sending packets to the local IP entity The available settings are e none 1 no compression vj TCP 2 enabled WAN Circuit CONFIGURATION window 287 Access Server Administrators Reference Guide 23 Sync PPP Remote Max Slot ID ppplpRemoteMaxSlotld The Max Slot Id access server parameter that the remote node has announced and that is in use on t
378. tton resets all alarms to a non alarm condition Clear All Alarms does the following for all alarms it resets the alarm resets Alarm Time to 0 0 seconds and resets the Alarm Count to 0 Alarms This portion of the Alarms main window displays the alarm status table where you can view current alarm sta tus manually generate an alarm as a test and clear the alarm time and alarm count variables Alarm ID alarmDeflndex This number identifies the alarm item Displaying the Alarms window 26 Access Server Administrators Reference Guide 4 Alarms Alarm Name alarmName The alarm items are grouped into two categories Box and WAN trunk alarms The Box group category lists access server temperature and power supply status The WAN category monitors the T1 E1 PRI ports for yel low and red alarms Alarm Severity alarmSeverity Shows the alarm severity selected by the system administrator Time Since Alarm alarmTicks The Alarm Time column displays the number of seconds the alarm has been activated Alarm Count alarmCount The Alarm Count column indicates how many times the alarm has occurred since the last time alarms were cleared It is a useful tool for monitoring self clearing alarms Generate Alarm For testing purposes clicking the Generate Alarm button next to each alarm name will cause that alarm condi tion to be activated as if the actual alarm trigger had occurred Clear Alarm Clicking the Clear Alarm button reset
379. twork sub network Note The values direct 3 and indirect 4 refer to the notion of direct and indirect routing in the IP architecture Note Setting this object to the value invalid 2 has the effect of invalidating the corresponding entry in the ipRouteTable object That is it effectively disas sociates the destination identified with said entry from the route identified with said entry It is an implementation specific matter as to whether the agent removes an invalidated entry from the table Accordingly management stations must be prepared to receive tabular information from agents that corresponds to entries not currently in use Proper interpretation of such entries requires examination of the relevant ipRouteType object Protocol ipRouteProto The routing mechanism via which this route was learned Inclusion of values for gateway routing protocols is not intended to imply that hosts must support those protocols unknown 0 e local 1 Added by the access server to support an interface For example adding a route for a new dial in user user 2 Added by an administrator on the IP Routing Information table or via SNMP management tools e dspf 3 Not currently implemented e rip 4 Learned via reception of RIP packet icmp 5 Learned via reception of ICMP packet radius 6 Provided in RADIUS response packet O S forwarding table window 204 Access Server Administrators Reference Guide 16 IP Info ip
380. ue NREFPAE ERRAT 43 Service Port suServIce OP nui iia 43 Service Mask sti Service Mask iet rcc i 43 Filter alli ita 43 31 Access Server Administrators Reference Guide 5 e Authentication Introduction Use the Authentication pages to set up system security and to provide specific users with access to appropriate network services This section describes the authentication parameters The access server uses static and or RADIUS authentication to decide which dial in users can access the system refer to A Supported RADIUS Attributes on page 300 for a full list of RADIUS attributes Displaying the Authentication window Do the following 1 Click on Authentication under the Configuration Menu see figure 13 AUTHENTICATION Modify Statistics Validated authentications 1148 Validated via primary server 1096 Validated via secondary server 0 Validated via static database 52 Denied authentications 68 Primary server retries 2 Secondary server retries 0 Accounting server retries 66 Primary server timeouts 5 Secondary server timeouts 0 Accounting server timeouts 0 Maximum Response Time 1 93 sec Last Response Time 1 19 sec Figure 13 Authentication main screen Statistics section 2 Select Modify to set up or change access server Authentication parameters The Statistics section The Statistics section of the main Authentication screen lists running totals of statistics for RADIUS and
381. ue of the MRU for the local PPP entity This value is the MRU that the remote entity is using hen sending packets to the local PPP entity This setting becomes active when the link is in the up able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 Remote MRU doStatRemoteMRU The current value of the MRU for the remote PPP entity This value is the MRU that the local entity is using when sending packets to the remote PPP entity This setting becomes active when the link is in the up able to pass packets operational state for more information refer to Operational Status dilpOperStatus on page 98 Local Multilink MRRU doStatLepLocalMRRU Multilink maximum receive reconstruction unit for the local device Remote Multilink MRRU doStatLcpRemoteMRRU Multilink maximum receive reconstruction unit for the remote device Remote LCP Authentication doStatlcpAuth Authentication type used by the dial in user The following options are available none l papQ chap 3 e MSChap 4 not currently implemented e tacacs 5 not currently implemented e edp 6 e ShivaPap 7 not currently implemented Local ACC Map doStatlocalToPeerACCMap The current value of the ACC Map used for sending packets from the local modem to the remote modem The local modem sends this character map to the remote peer modem to ensure that the data being transferred is in
382. uration Link page for the corre sponding WAN port and click on the Channel Assignment hyperlink The Desired function for each channel which is going to use Sync PPP must be set for ppp 5 The PPP button at the top of the page may be used to set all channels on this WAN circuit to ppp 5 Once the channels are set to PPP the PPP negotiation phase will begin Only one PPP link can be established per WAN link The band width will be the number of channels using PPP times 64 kbps For example if 12 channels are set for ppp 5 the bandwidth will be 12 x 64 kbps or 768 kbps Introduction 278 Access Server Administrators Reference Guide 23 Sync PPP Desired Function slotfunction ppp 5 channel is set for synchronous PPP Current State ChannelState ppp 7 Sync PPP connection is up on this channel WAN Circuit CHANNEL ASSIGNM Set all channels tc Off Dialin Frame Relay PPP Privy Submit Query Channel Desired Function Current State ppp 5 zj ppp Aun ow y amp Figure 116 Channel assignment showing PPP config PPP configuration Once the WAN Link has been set for PPP proceed to configure the PPP parameters PPP Main Window Clicking on the PPP link on the left pane of the screen shows the PPP main window This window shows the status of all PPP links and provides links for configuration each link and the default parameters PPP Setting Default details Modify default PPP ID User St
383. used for dialing out to loca tions For example an ISDN modem profile can be set up to dial to locations using ISDN TA s and v 34 modem profiles can be set up to dial to v 34 based locations Modem Profiles Locations ID Modulation Protocol Compression status 1 analog v34 4 r questV42 1 requestV42bis 1 walid 1 2 digital 64k 1 direct 0 direct 0 valid 1 Add Modem Profile Profile Id RN Modem Modulation sz Guard Tone sz i Carrier Loss Duration pooo Retrain none 0 y Transmit Level NN Protocol direct 0 y Compression direct 0 y Billing Delay 1 o Submit Query Figure 48 Modem Profile table Add Modem Profile New modem profiles are added to the table using the add modem profile form The following describes each setting Locations Link This will take you to the location table window Profile ID modemProfileld This is a unique ID for each modem profile Valid range is 1 to 20 Click on the ID link on the modem profile page to view and modify the settings for each individual profile The settings change will take effect on the next call to the location using this profile Modem Modulation modemType This is the type of modem modulation to use when dialing out The following options are valid digital G4k 1 analog v90 2 analog k56 3 Dial Out Locations Window 121 Access Server Administrators Reference Guide 8 Dial Out analog v34 4 analog v32 5
384. user authentication time A valid password should consist of ASCII characters and can include carriage returns and line feeds For example the prompt could be Enter your password Initial Banner doBanner This is usually a message welcoming the user The message should consist of ASCII and can include carriage returns and line feeds Modify Attempts This portion of the Dial Out Modify window see figure 43 on page 111 describes configuring the maximum number of login attempts and the authentication failure banner Dial Out Modify window 112 Access Server Administrators Reference Guide 8 Dial Out Failure Banner doFailureBanner This defines a message that will be displayed to a user if authentication fails This message only appears when the authentication technique is Text Login Attempts Allowed doAllowAttempts The maximum number of attempts a user will be given to login before being disconnected This applies to Text authentications only Modify Maximum Time This portion of the Dial Out Modify window see figure 44 describes configuring the maximum session time idle time time to login and call history timeout settings Maximum Time 0 eternal Maximum Session Time min D Maximum Idle Time min 15 Time to login sec 160 Call history timeout min 160 V 92 Configuration v92 enable 1 Quick Connect enable 1 Modem on Hold enable 1 Modem on Hold Timeout Modem Configura
385. ute intervals Path Code Violations dsx 1IntervalPCVs The number of path coding violations encountered by a DS1 interface in one of the previous 96 individual 15 minute intervals Line Errored Seconds dsx1IntervalLESs The number of line errored seconds encountered by a DS1 interface in one of the previous 96 individual 15 minute intervals Bursty ErroredSeconds dsx1IntervalBESs The number of bursty errored seconds BESs encountered by a DS1 interface in one of the previous 96 indi vidual 15 minute intervals Degraded Minutes dsx1IntervalDMs The number of degraded minutes DMs encountered by a DS1 interface in one of the previous 96 individual 15 minute intervals Line Code Violations dsx 1IntervalLCVs The number of line code violations LCVs encountered by a DS1 interface in the current 15 minute interval Near End Line Statistics Totals Click on Near End Line Statistics Totals to display the total statistics of errors that occurred during the previ ous 24 hour period see figure 111 CIRCUIT ID 1 TOTALS OF NEAR END PERFORMANCE Errored Seconds 9 Severely Errored Seconds 9 Severely Errored Frame Seconds 12885 Unavailable Seconds 12876 Controlled Slip Seconds 316 Path Code Violations 0 Line Errored Seconds 1 Bursty Errored Seconds 0 Degraded Minutes 1 Line Code Violations 149 Figure 111 Totals of Near End Performance window Errored Seconds dsx 1TotalESs The number of errored s
386. vailable the server will search for the next available dialin channel Line Status Channel Assignment 264 Access Server Administrators Reference Guide 22 T1 E1 Link frameRelay 3 64 k frame relay connection privateLine 4 channel is a dedicated modem connection dropinsert 7 the channel passes the data through to another channel on a different WAN port See How Drop and Insert Works on page xxxx blocked 8 Signals the central office that the access server will not accept any signals on this channel clear 9 Intended for robbed bit signalling protocols the access server will not add bits to the signal CurrentState ChannelState off 0 Do not signal on this channel in response to the central office The access server will generate an idle signal idle 1 Channel not in use active 2 Channel in use frameRelay 3 Channel configured for frame relay clear 4 Intended for robbed bit signaling protocols the access server will not add bits to the signal privateLineWait 5 modem is attempting to establish a V 8 connection with a remote modem for leased line operation but call is not yet connected P y privateLineActive 6 leased line connection is up adminBlocked 10 Administrator has blocked the channel resourceBlocked 11 Channel is blocked due to lack of DSPs to answer the inbound call telcoBlocked 12 The telco is blocking the channel because the channel is not active on the telco side
387. ved Errors dot3StatsInternalMacReceiveErrors The number of frames in which reception fails due to an internal MAC sublayer receive error Chip Set ID dot3StatsEtherChipSet Ethernet like interfaces are typically built out of several different chips This value identifies the chip set that gathers the transmit and receive statistics and error indications Ethernet Statistics 160 Chapter 13 Filter IP Chapter contents A ars a OOO E OOO 162 DP o 162 Kod or ne EE 162 Mame Wi teed TE e eem e RNE 163 Direction fiter po oi 163 Fates fo otf ul ves Je te 000 T el ay Bees eae 164 Source H NO 164 Mam pas ooo ee eee 164 Address lla casses ERU EUER UU steerer errr peer A es 164 E TE Euge com eek ere oe n M E 164 IE E T R O EAN 165 Comparison RilerTplDestesationddressCmp ime eRROERUNRUBUEBER ERES 165 as 165 Mask ikel pestina non Mask tii 165 SOME DI a 165 Compas ll e etc 165 A do EO LS 165 IE T E Eee pero eere E OTERO 165 Comparison RilcesIpIDestesationl artGmp ze REC eU E ERUBE OUR EIE IUE 165 ERT TE R cena onr e E E A A A E E 166 Protocol atp Protocollo ee E ee e E E A ae 166 TCP Established filteri co Established oops 166 Denu fordeliatie poe DA o oe E E EE Eee 166 Wetaule fordialout le Defaut Dion A ERE O RET 167 LET R a E E RO ee eee re 167 161 Access Server Administrators Reference Guide 13 e Filter IP Introduction The access server software provides an IP filtering system that enables you to set up
388. vel each alarm condition gener ates and whether it can be a self clearing condition Alarm System Alarms ID Alarm Name Alarm Severity Alarm Options Box Over Temperature crtica El E Submit Query Submit Query Boas Man Clock Fail zs B Submit Query Box Fallback Clock Fail mar El Submit Query WANI Yellow Alarm minor 6 y Submit Query Figure 12 Modify Alarms settings window 597 BoxPower Supply 1 Fail informational ignore 8 Sr UJ BoxPower Supply 2 Fail 4A un e The following alarm items that can be configured to generate alarm conditions Box Over Temperature An alarm will be triggered when the current temperature exceeds the temperature threshold Box Power Supply 1 2 Fail An alarm will be triggered if power supply 1 or 2 fails Box Main and Fallback Clock Fail An alarm will be triggered when either the main or fallback clock fail WAN 1 4 Yellow Alarm When a WAN port detects a yellow alarm condition the specific WAN alarm will be set e WAN 1 4 Red Alarm When a WAN port detects a red alarm condition the specific WAN alarm will be set Each alarm item can be set for one of the following severity levels e Critical 4 Major 5 Minor 6 nformational 7 e Ignore 8 Note For maximum flexibility defining the severity level of the alarm is left up to the administrator To set an alarm click on the drop down menu for the desired alarm item c
389. will be sent to the remote side if the remote machine is authenticating If the local server is authenticating the username that the remote sends will be compared to this username Maximum size is 40 characters Authentication Password pppDefaultAuthenticationPassword This is the password that will be sent to the remote side if the remote machine is authenticating If the local server is authenticating the password that the remote sends will be compared to this username Maximum size is 40 characters MRU pppDefaultlnitialMRU This is the initial maximum received unit that will be negotiated for the link This could possibly be changed during PPP negotiations Link Compression pppDefaultLinkCompression This object enables the PPP link layer address and protocol field compression When enabled the PPP negotia tions will DESIRE link compression but may disable the compression due the other end of the link not accept ing link compression When disabled the PPP negotiations will FORCE no compression on the PPP link e enabled 1 enable link compression e disabled 2 disable link compression Allow Magic Number Negotiation pppDefaultMagicNumber Determines if magic number negotiation should be done e enabled 1 enable magic number negotiation e disabled 2 disable magic number negotiation WAN Circuit CONFIGURATION window 281 Access Server Administrators Reference Guide 23 Sync PPP Compression pppDefaultlpCompressio
390. window e Chapter 15 describes configuring the Interfaces window e Chapter 16 describes configuring the IP window e Chapter 17 describes configuring the MFR Version 2 window Access Server Administrator s Reference Guide About this guide e Chapter 18 describes configuring the RIP Version 2 window e Chapter 19 describes configuring the SNMP window e Chapter 20 describes configuring the System window Chapter 21 describes configuring the System Log window e Chapter 22 describes configuring the T1 E1 Link window e Chapter 23 describes configuring the Sync PPP window e Chapter 24 describes configuring Layer 2 Tunneling Protocol L2TP e Chapter 25 describes the contents of the About window e Chapter 26 describes the contents of the License window Appendix A lists supported RADIUS attributes Appendix B lists supported RADIUS attributes Appendix C provides information on configuring a RADIUS server using SNMP with the access server configuring NFAS configuring Frame Relay configuring DNIS and configuring a leased line dedicated line connection Typographical conventions used in this document This section describes the typographical conventions and terms used in this guide General conventions The procedures described in this manual use the following text conventions Table 1 Text conventions Convention Meaning Futura bold type Indicates the names of menu bar options Italicized Futura type Indicates
391. ws full read and write access to the configuration screens e None 0 Validation failed DSP Link diactDSPIndex The physical DSP chip that the user s call is on This is a number from 0 to 59 Interface Link diactlFIndex Virtual interface in the PPP multiplexer inside the access server that accepts packets from the Ethernet port for the connected dial in user WAN Link diactLinkIndex The T1 E1 WAN port number that the call is on Time Slot diactSlotlndex Shows which T1 E1 channel the call is on This is a number from 1 30 IP Address diactlP The currently assigned IP address from the IP address pool or the RADIUS server The remote users PC is assigned to this address The address appears in the IP address 0 0 0 0 format Port on Remote Machine diactPort The TCP port number being used by this connection The range is from 0 to 65 535 Ports in the range of 0 to 1023 are well known ports used to access standard services Telnet uses port 23 and rlogin uses port 513 Session This portion of the Dial In User Statistics window see figure 37 on page 88 shows session information for a unique user ID Start time of call diactSessionStartTime The amount of time the access server had been up when the call was initiated Time Call Is Was Active diactSessionTime The amount of time the call was is active Minutes Until Timeout diactRemainingldle Number of minutes remaining until idle timeout Dial In User
392. y configured you will automatically see a listing of the valid DLCIs on your link 1 From the main Frame Relay window see figure 70 on page 172 select DL to configure the PVCs DLMI1 poems Configuration View Statistics View DLCI Interfaces State Committed Burst bits Excess Burst bits Throughput bps IP Address Congestion 0 0 active 2 y o o 0 p 0 0 6 disable 1 7 Submit 100 2 active 2 y 100 soo 1000 192 168 1 3 enable Submit Add DLCIs DECI Committed Burst Excess Burst Throughput TP Address Congestion o o o 0 0 0 0 enable D Submit Query Figure 130 DLMI Configuration View window An example Frame Relay connection with the management DLCI and one PVC with the DLCI of 100 is shown in figure 130 DLCI 100 has been configured by the Frame Relay service provider as the data link the provider will use for transporting your data 2 To configure a DLCI you will need the IP address of the far end router and the DLCI number if the DLCI did not automatically appear If the DLCI automatically appeared enter the IP address of the far end router in the IP address field Often this will be the Ethernet address or loopback address for that router 3 Select Submit If the DLCI did not automatically appear do the following 1 Under the DLCI entry type the DLCI number given to you by your provider Your DLCI identification must match that provided by your service provider or the frame rela
393. y link will not function properly 2 Under the IP Address entry type the IP address of the far end router This will be the next hop router for this DLCI Often this will be the Ethernet address or loopback address for that router 3 Click on Submit Query Configuring Frame Relay 320 Access Server Administrators Reference Guide C Technical Reference Configuring IP routing with a Frame Relay Link As each properly configured DLCI will have an IP address representing the next hop on that link the access server can use a Frame Relay link to access many remote networks The IP address of the Frame Relay link is unnumbered and specifies the next hop to another router As such it is a single host route with a mask of 255 255 255 255 By using the access server s routing table you can apply any number of network routes to use the Frame Relay link You can even use a PVC as the default gateway 0 0 0 0 Do the following to access the IP routing table in the access server l Click on IP under the Configuration Menu to display the IP window see figure 75 on page 187 2 Click on Routing Info When the Frame Relay link DLMI and a DLCI is in the UP state its IP address and interface will appear in the ZP Routing table The IP address of the PVC will not appear in the IP routing table if the Frame Relay link is down or the DLCI is not configured or inactive Network Route Using Destination Mask Gateway Cost Interface Protocol S
394. you to modify IP parameters and view IP statistics TCP Displays information about the TCP protocol such as TCP segments received and sent and remote and local TCP connections See TCP on page 191 e UDP Displays information about the UDP protocol such as the number of UDP datagrams sent and received See UDP on page 194 e ICMP Displays information about the ICMP protocol such as the number of echo replies sent See ICMP on page 195 Introduction 187 Access Server Administrators Reference Guide 16 IP Modify This window is where you can modify forwarding and time to live settings see Modify on page 190 Addressing Info This window see Addressing Information on page 198 displays IP addressing details for the default address for outgoing IP datagrams the local or loopback address of the box and the IP address of the box as defined in 20 System on page 230 Routing Info This window displays routing information for routing IP datagrams the IP address subnet mask next hop router and interface for each network interface defined in the box see Routing Informa tion on page 199 e Address Translation Info The IP address translation table contains the IP address to physical address equivalences see Address Translation Information on page 206 Forwarding ipForwarding The indication of whether this entity is acting as an IP gateway in respect to the forwarding of dat
Download Pdf Manuals
Related Search