3Com Tablet Accessory 86-0621-000 Owner's Manual
Contents
1. Feature BF NW NE NS CF CL CE CS AX DLSW NetView Service Point BRITSS APPN LNM LAA Token Ring in Fast Ethernet IOS not supported ISDN BRI ISDN PRI ISDN T1 E1 ISDN CT1 CE1 ISDN T3 E3 ISDN CT3 CE3 Data over Analog Call Originate only CSU DSU Loopback SDLC SHDLC Polled Async Bisync BSC Conversion QLLC LLC2 Conversion Frame Relay SMDS X 25 Switching Tunneling gt lt gt lt gt lt x gt lt x gt lt gt lt gt lt gt lt x x x gt lt gt lt gt lt gt lt x x x gt lt gt lt gt lt gt lt x x x x lt WANExtender M P6E M odule Fast Ethernet 100Base ATM Module LANE PPPOE M POA Server Client ZMODEM Support in Software Flash Load LDAP Policy Engine Client Auto Startup x x x Xx gt lt x x Xx gt lt x x Xx gt lt x x Xx DES Crypto gt lt x x x gt lt 3DES 3DES 3 KEY gt lt x x x x Xx RC5 Crypto M PPE RC4 IKE IPsec KEK ISAKMP Tunnel M ode Fast Tunnel Policy Ul Policy M anager IPPCP gt lt gt lt x x x x x x Xx gt lt x x x x x x x Xx Core Features include Bridging MLN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPV2 NTP FTP TFTP HTTP Server Web Link W eb Lin2. 11 4 Software Packages 29 PathBuilder S5xx Series The PathBuilder S5xx Series Switches support the following software packages Switch PW Multiprotocol Router m PE Multiprotocol Router with 56 bit Encryption a PL Multiprotocol Router with 40 bit Encryption m PS Multiprotocol Router with 128 bit Encryption and 3DES Table 4 lists the software features in each package for the PathBuilder S5xx series switches Table 4 PathBuilder S5xx Series Switches Software Features Softw are Package Feature PW PL PE PS Voice Support Analog FXO FXS Voice FAX over IP Voice FAX over Frame Relay Core Features X X X X Boundary Routing central node X X X X Boundary Routing leaf node 40 Bit Encryption IPSec X X X 56 Bit Encryption IP Sec 128 Bit Encryption IP Sec IPCP IPv6 BGP X X X X VRRP Ethernet FDDI Token Ring X X X X VRRP for DLSW X X X X VRRP over VLAN X X X X RSVP RSVP Proxy X X X X Multicast IP PIM IGMP M BR X X X X IP OSI Connection Services IPX X X X X XNS OSI X X X X Appletalk X X X X VINES DECnet Ph IV Ph IV V GW X X X X DLSW X X X X NetView Service Point X X X X BRITSS APPN Core Features include Bridging M LN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPv2 NTP FTP TFTP HTTP Server W eb Link W eb Link Health M onitor HTTP client PPP PAP CHAP MLP CCP X 25 Dial ASCII Boot a
3. http www 3com com Part No 86 0621 000 Published January 2000 Enterprise OS Software Version 11 4 Release Notes 3Com provides a CD ROM that includes all Enterprise OS software version 11 4 software manuals plus version 11 4 new installation and upgrade manuals To obtain a hardcopy version of the 11 4 documentation order part number C36460T You can order the documentation CD ROM using part number 3C6461T Additionally all documentation for Enterprise OS software version 11 4 is located on the 3Com website http infodeli 3com com infodeli tools bridrout index htm 3Com Corporation 5400 Bayfront Plaza Santa Clara California 95052 8145 Copyright 3Com Corporation 2000 All rights reserved No part of this documentation may be reproduced in any form or by any means or used to make any derivative work such as translation transformation or adaptation without permission from 3Com Corporation 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change 3Com Corporation provides this documentation without warranty of any kind either implied or expressed including but not limited to the implied warranties of merchantability and fitness for a particular purpose 3Com may make improvements or changes in the product s and or the program s described in this docu
4. m File Transfers via HTTP wm Faster installation of Enterprise OS software images into Upgrade M anager for W indows95 m Flexibility of installing the upgrade files into a directory besides usr 3Com w Added support for PathBuilder S400 WAN convergence switches Web Link Enhancements Web Link is an embedded Web based interface for management of the NETBuilder bridge router or PathBuilder S5xx tunnel switch starting with 11 1 1 Web Link is available on all router platforms running version 11 0 or later To access Web Link use Netscape 4 08 or later or Internet Explorer 4 x or later New Features and Feature Enhancements 19 m Voice Wizard Starting with 11 2 2 and with enhancements made in 11 4 for the PathBuilder S400 WAN convergence switch Web Link provides a new Wizard configuration tool to aid in the configuration of the voice parameters The Voice Wizard eases the task of configuration by creating a dial plan that can be viewed and later edited a Performance Management Currently available statistics are a System Performance a Interface Performance physical path statistics and port and virtual port statistics a Protocol Performance Routing protocols a P Routing Protocol Total IP packets and IP packets per interface a PX Routing Protocol Total IPX packets m PX Packets Per Interface Frame Relay WAN Protocol m New Statistics for 11 4 VPN Performance VPN tunnels and total active tunnels a Psec Performance
5. CONTENTS ENTERPRISE OS SOFTWARE VERSION 11 4 RELEASE NOTES Encryption Packages Notice 7 Supported Platforms 8 OfficeConnect NETBuilder and SuperStack Il NETBuilder SI Release 9 Platforms Not Supported 9 New Features and Feature Enhancements 9 JAVA Runtime Environment 9 VPN and Security Features 9 Routing Support Features 11 Traffic Shaping amp QoS Features 14 Dial Service Features 17 Voice amp Multiservice Features 17 Network Management Features 18 Transcend VPN Application Suite 21 11 4 Software Packages 23 NETBuilder Il Bridge Router 23 SuperStack II NETBuilder SI 26 PathBuilder S5xx Series Switch 29 PathBuilder S400 Series Switches 32 OfficeConnect NETBuilder Bridge Routers 34 OfficeConnect NETBuilder 10 ST 37 SuperStack II NETBuilder Token Ring 40 Upgrade Management Utilities 43 Downloading Upgrade Management Utilities 43 UNIX Files 43 Windows Files 43 Executing profile bat 44 Version 11 4 Upgrade Management Utilities 44 Upgrading to 11 4 Utilities with Transcend Upgrade Manager 44 Transcend Enterprise Manager 44 Upgrade Management Notes 45 bcmdiagnose Error Message 45 SuperStack Il NETBuilder Token Ring Upgrades 45 bcmdiagnose and HP UX 45 bcmfdinteg 45 File Conversion Considerations 46 UNIX Platform Symbolic Links 46 Upgrading From Release 8 3 or Earlier 46 Upgrade Link and Netscape Browser Scroll Bars 46 Upgrade Link Window Resizing 47 IBM Protocols and Services Notes 47 APPN 47 APPN Connections to 31
6. HTTP Server W eb Link W eb Link Health M onitor HTTP client PPP PAP CHAP MLP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAM S Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels 11 4 Software Packages 37 Table 6 OfficeConnect NETBuilder Bridge Router Software Features continued Software Packages Faature JW JE JS BF NW NE NS AF OF OL OE OS M ax Physical Voice Ports Memory Requirements DRAM 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16MB 16 MB Flash memory Minimum required 4MB 4MB 4MB 4MB 8MB 8MB 8MB 8MB 8MB 8MB 8 MB 8 MB for Enterprise OS 11 4 Flash memory Minimum required 8MB 8MB 8MB 8MB 12MB 12MB 12MB 12MB 12MB 12MB 12MB 12MB for Dual Images Core Features include Bridging MLN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPv2 NTP FTP TFTP HTTP Server Web Link W eb Link Health Monitor HTTP client PPP PAP CHAP M LP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAM S Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels OfficeConnect The OfficeConnect NETBuilder 10 ST bridge router supports the following NETBuilder 10 ST software packages a RW Multiprotocol Router m RE Multiprotocol Router with 56 bit Encryption m RS Multiprotocol Router with 128 bit Encryption and 3DES Table 7 lists the software features in each package for OfficeConnect NET
7. MLN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPV2 NTP FTP TFTP HTTP Server W eb Link Web Link Health Monitor HTTP client PPP PAP CHAP M LP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAMS Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels Table 5 PathBuilder S400 Series Switches Software Features continued Softw are Package Feature XW XL XE XS MW ML ME MS M PPE RC4 X X IP IPX RAS Radius traps X X X X X X X X IKE IPsec KEK ISAKM P Tunnel X X X X X Mode Fast Tunnel Policy Ul Policy Manager IPPCP MS CHAP X X X X X EAP Authentication X X X X X VPN PPTP L2TP L2TP FP Tunnel X X X X X X X X Switch PPTP L2TP R2R VLL IP Routing FireWall NAT Proxy X X X X X X ARP DHCP DHCP Proxy Traffic Director Internal IP Ports IPQoS IP OSPF X X X X X X X X IPX NLSP Virtual Ports 256 256 256 256 256 256 256 256 M ax Physical Voice Ports 12 12 12 12 12 12 12 12 Memory Requirements DRAM 32MB 32MB 32MB 32MB 64 MB 64 MB 64 MB 64 MB Flash memory Minimum required 16MB 16MB 16MB 16MB 16 MB 16 MB 16 MB 16 MB for Enterprise OS 11 4 Flash memory Minimum required 16MB 16MB 16MB 16MB 16 MB 16 MB 16 MB 16 MB for Dual Images Core Features include Bridging M LN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPv2 NTP FTP TFTP HTTP Server W eb Link W eb Link Health M o
8. ftp 3com com from the World Wide Web access through http infodeli 3com com or from the 3Com bulletin board service BBS under Software Downloads System Software The Upgrade M anagement Utilities are UNIX files compressed with the UNIX compression utility To use the downloaded files you must first expand the files using the UNIX expansion utility For instructions on how to download and expand the utilities see the ruu114 txt file The UNIX files are as follows ruusol114 7 Contains the UNIX compressed Upgrade Management Utilities for the Solaris 2 5 platforms ruuhp114 Z Contains the UNIX compressed Upgrade Management Utilities for the HP UX 10 x platforms ruuaixl14 Z Contains the UNIX compressed Upgrade Management Utilities for the IBM AIX 4 1 1 through 4 2 X platforms ruul14 txt Contains the instructions for downloading and expanding the Upgrade M anagement Utilities and Upgrade Link This file also contains instructions on how to integrate the utilities into the Transcend Network Control Services application The Upgrade M anagement Utilities are Windows files compressed with a compression utility To use the downloaded files you must first expand them using the decompress utility PKUNZip PKUNZip can be downloaded from the following URLs http www pkware com or http infodeli 3com com infodeli swlib For instructions on how to decompress and install the utilities see the ruu114 tx file Executing pro
9. 50 50 Addresses M ax Physical Voice Ports M ax Physical Data Ports Memory Requirements DRAM 16 MB 16 MB 16 MB Flash memory Minimum required 4MB 4MB 4MB for Enterprise OS 11 4 Flash memory Minimum required 8MB 8 MB 8MB for Dual Images Core Features include Bridging M LN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPv2 NTP FTP TFTP HTTP Server W eb Link W eb Link Health M onitor HTTP client PPP PAP CHAP M LP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAM S Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels SuperStack II NETBuilder SuperStack Il Token Ring bridge routers support the following packages for the Token Ring specified models a CF Multiprotocol Router a TE Multiprotocol Router with 56 bit encryption Table 8 lists software features for each package for the SuperStack Il Token Ring bridge routers Table 8 SuperStack Il NETBuilder Token Ring Software Features Software Package CF for TE for CF for TE for Feature model 327 model 327 model 527 model 527 Voice Support Analog FXO FXS Voice FAX over IP Voice FAX over Frame Relay Core Features X X X X Boundary Routing central node X X X X Boundary Routing leaf node 40 Bit Encryption IPSec X X 56 Bit Encryption IP Sec X X 128 Bit Encryption IP Sec IPCP X X X X IPv6 BGP
10. Bisync BSC Conversion QLLC LLC2 Conversion Frame Relay SM DS X 25 Switching Tunneling WANExtender M P6E Module Core Features include Bridging MLN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPV2 NTP FTP TFTP HTTP Server W eb Link Web Link Health M onitor HTTP client PPP PAP CHAP M LP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAM S Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels 11 4 Software Packages 39 Table 7 OfficeConnect NETBuilder 10 ST Bridge Router Software Features continued Software Packages Feature RW RE RS Fast Ethernet 100Base ATM Module LANE PPPOE M POA Server Client ZM ODEM Support in Software X X X Flash Load X X X LDAP Policy Engine Client Auto Startup X X X IKE IPsec KEK ISAKM P Tunnel X M ode Fast Tunnel Policy Ul Policy Manager IPPCP DES Crypto 3DES 3DES 3 KEY RC5 Crypto M PPE RC4 X IP IPX RAS Radius traps X M S CHAP X X EAP Authentication X X VPN PPTP L2TP L2TP FP Tunnel X X X Switch PPTP L2TP R2R VLL IP Routing FireWall NAT Proxy X X X ARP DHCP DHCP Proxy Traffic Director Internal IP Ports IPQoS IP OSPF IPX NLSP Virtual Ports 5 5 5 Restricted Number of DHCP 50
11. M POA Server Client ZMODEM Support in Software Flash Load LDAP Policy Engine Client Auto Startup DES Crypto 3DES 3DES 3 KEY RC5 Crypto M PPE RC4 IKE IPsec KEK ISAKMP Tunnel M ode Fast Tunnel Policy Ul Policy Manager IPPCP IP IPX RAS Radius traps M S CHAP EAP Authentication VPN PPTP L2TP L2TP FP Tunnel Switch PPTP L2TP R2R VLL X X X X Core Features include Bridging M LN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPv2 NTP FTP TFTP HTTP Server W eb Link Web Link Health M onitor HTTP client PPP PAP CHAP MLP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAM S Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels Table 8 SuperStack II NETBuilder Token Ring Software Features continued Software Package CF for TE for CF for TE for Feature model 327 model 327 model 527 model 527 IP Routing FireWall NAT Proxy X X X X ARP DHCP DHCP Proxy Traffic Director Internal IP Ports IPQos IP OSPF X X X X IPX NLSP X X X X Virtual Ports 28 28 28 28 M ax Physical Voice Ports M ax Physical Data Ports 18 18 18 18 Memory Requirements DRAM 12 MB 12 MB 12 MB 12 MB Flash memory Minimum 4MB 4MB 4MB 4MB required for Enterprise OS 11 4 Flash memory Minimum 8MB 8 MB 8 MB 8 MB required for Dual Images Core Features include Bridgi
12. MLP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAMS Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels Table 5 PathBuilder S400 Series Switches Software Features continued 11 4 Software Packages 33 Software Package Feature XW XL XE XS MW BRITSS X APPN LNM LAA Token Ring in Fast Ethernet IOS not supported ISDN BRI ISDN PRI ISDN T1 E1 ISDN CT1 CE1 ISDN T3 E3 ISDN CT3 CE3 Data over Analog Call Originate only CSU DSU Loopback SDLC SHDLC Polled Async Bisync BSC Conversion QLLC LLC2 Conversion Frame Relay SMDS X 25 Switching Tunneling gt lt gt lt gt lt x x x ox gt lt gt lt gt lt x x x x lt gt lt x gt lt x x x x lt gt lt x x x x x Xx WANExtender M P6E M odule Fast Ethernet 100Base ATM Module LANE PPPOE M POA Server Client ZMODEM Support in Software Flash Load LDAP Policy Engine Client Auto Startup gt lt x gt lt gt lt x x x gt lt gt lt x gt lt Xx DES Crypto gt lt x x x gt lt gt lt x x x gt lt gt lt x x x gt lt 3DES 3DES 3 KEY gt lt x gt lt x x Xx gt lt x x x x Xx RC5 Crypto X X Core Features include Bridging
13. Modem Setup 60 Web Link Documentation Path 60 Web Link Login Support 60 Zmodem Time Out 60 VPN Protocols and Services Notes 60 ACE Security Server 60 Total Control Security and Accounting Server Availability 60 Microsoft M PPE Patches and Updates 61 PKI Entrust CA Installation Notes 61 PPTP Tunnel Security Validation 62 RSA Signature for Phase 1 Authentication 62 Windows NT MS CHAP Authentication 62 Platform Notes 63 OfficeConnect NETBuilder and SuperStack Il NETBuilder SI Additional Memory Requirements 63 Approved DRAM SIMMs 63 Supported PC Flash Memory Cards 64 Line Error Reporting on PathBuilder S5xx Series Switch Statistics Display 64 T3 Bandwidth Limitation 64 M BRI Ownership During Board Swapping 64 M ultiport M BRI Module SNMP Management 64 Token Ring Modules 64 Token Ring Auto Start up 64 ENTERPRISE OS SOFTWARE VERSION 11 4 RELEASE NOTES These release notes provide information on the following topics for Enterprise OS software version 11 4 m Encryption Packages Notice m Supported Platforms m Platforms Not Supported m New Features and Feature Enhancements m 11 4 Software Packages a Upgrade Management Utilities Upgrade Management Notes wm BM Protocols and Services Notes m ATM Services Notes m WAN Protocols and Services Notes wm Routing Protocols and Services Notes m Network Management System and Services Notes m VPN Protocols and Services Notes m Platform Notes If you have questions abo
14. New Features and Feature Enhancements 21 message identifier s and or SYSLOG server The action to send all messages to the SYSLOG server is still the default when auditing is enabled a The audit log messages can also be sent out through an SNMP trap to be received by the configured SNMP trap manager s Domain Name Use in FTP and TFTP Commands Starting with 11 4 a domain name can be used in the FTP commands of GET and PUT as well as the TFTP command of COpy to specify the name of the FTP or TFTP server Previously only the IP address of the FTP or TFTP server could be used for these commands This function assumes that there is a Domain Name server on the network with the name address mapping configured the Enterprise OS device continues to act only as a FTP TFTP client With more VPN management applications available and planned for the future Secure VPN M anager and the new PKI Manager tools have been bundled together one part number to use for ordering one CD ROM to use for installation The new package will be called Transcend VPN Application Suite Secure VPN Manager version 2 2 Secure VPN Manager is a graphical web based network management tool that presents key information about your virtual private network VPN Secure VPN M anager provides the assistance necessary to monitor the VPN tunnels terminated by the NETBuilder bridge router or the PathBuilder S5xx series of devices These analyses are possible through the monito
15. SLAM Autotargeting Domain Name Support NHRP for IP tunnels 11 4 Software Packages 31 Table 4 PathBuilder S5xx Series Switches Software Features continued Softw are Package Feature PW PL PE PS EAP Authentication X X X X VPN PPTP L2TP L2TP FP Tunnel X X X X Switch PPTP L2TP R2R VLL IP Routing FireWall NAT Proxy X X X X ARP DHCP DHCP Proxy Traffic Director Internal IP Ports IPQoS IP OSPF X X X X IPX NLSP X X X X Virtual Ports 2048 2048 2048 2048 M ax Physical Voice Ports M ax Physical Data Ports 18 18 18 18 Memory Requirements DRAM 160 MB 160 MB 160 MB 160 MB Flash memory M inimum 16 MB 16 MB 16 MB 16 MB required for Enterprise OS 11 4 Flash memory M inimum 16 MB 16 MB 16 MB 16 MB required for Dual Images Core Features include Bridging M LN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPv2 NTP FTP TFTP HTTP Server W eb Link W eb Link Health M onitor HTTP client PPP PAP CHAP MLP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAM S Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels PathBuilder S400 Series The PathBuilder S400 series switches support the following software packages Switches xW IP IPX AT Data Voice Router m XE IP IPX AT Data Voice Router with 56 bit Encryption m XL IP IPX AT Data Voice Router with 40 bit Encryption m XS IP IPX AT Data Voice Router with 12
16. VRRP Ethernet FDDI Token Ring X X X X VRRP for DLSW VRRP over VLAN RSVP RSVP Proxy Multicast IP PIM IGMP MBR X X X X IP OSI Connection Services IPX X X X X XNS OSI X X X X Appletalk X X X X VINES DECnet Ph IV Ph IVV GW X X X X DLSW X X X X NetView Service Point BRITSS X X X X APPN LNM LAA X X X X Core Features include Bridging MLN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPv2 NTP FTP TFTP HTTP Server W eb Link W eb Link Health M onitor HTTP client PPP PAP CHAP MLP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAM S Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels 11 4 Software Packages 41 Table 8 SuperStack Il NETBuilder Token Ring Software Features continued Softw are Package Feature CF for TE for CF for model 327 model 327 model 527 TE for model 527 Token Ring in Fast Ethernet IOS not supported ISDN BRI ISDN PRI ISDN T1 E1 ISDN CT1 CE1 ISDN T3 E3 ISDN CT3 CE3 Data over Analog Call Originate only CSU DSU Loopback SDLC SHDLC Polled Async Bisync BSC Conversion QLLC LLC2 Conversion Frame Relay SMDS X 25 Switching Tunneling x x x gt lt gt lt x x gt lt gt lt x x gt lt gt lt x x gt lt WANExtender M P6E M odule Fast Ethernet 100Base ATM Module LANE PPPOE
17. Value Compression Requirements Automatic detection of the line type LineType Auto and link protocol OW Ner Auto do not include recognition of Async PPP and AT dial For Async PPP and AT dial which must be used together the following parameters must be explicitly configured PATH LineType Dialup PATH DialMode ATdial PATH ExDevType Async PORT OWNer PPP The PATH service parameter TransferM ode should not be changed from its default value of AUto Other settings of this parameter are reserved for future extensions Two PORT Service parameters are used to configure bandwidth on demand ports The DialldleTime parameter sets the time in seconds before all dialup lines in a port are disconnected if the port is not in use The DialSamplPeriod parameter sets the time in seconds to sample before taking an action to bring additional paths up or down based on traffic load for bandwidth on demand The value specified for the DialldleTime parameter takes precedence over the value specified for the DialSamplPeriod parameter The following baud rates are supported in DCE mode synchronous internal clocking a 1200 a 112K a 1800 a 128K a 2400 m 256K a 3600 m 384K a 7200 a 448K m 9600 a 768K a 19K a 1344K a 38K m 1536K m 56K m 1580K m 64K m 2048K If you configure a baud rate that is different from those listed the system will fall back to the nearest lower supported rate The data communication equipment DCE cable
18. are not constrained by their physical location and can communicate as if they were on a common LAN With VRRP for VLAN network operation is ensured since dynamic responsibility for a virtual router is transmitted to one of the VRRP routers on a VLAN When VRRP is used over a physical LAN an owner of the Virtual Router ID VRID may change the MAC address to the Virtual MAC VMAC address without transitioning to promiscuous mode For the VLAN implementation when a VRRP router becomes the master the router that is forwarding the virtual IP packets the VLAN interface will always be in promiscuous mode Many to One NAT Enhancement When executing large file transfers with a block size that is greater than the underlying media can handle IP will fragment the UDP packet Since only the first fragment contains the UDP header which indicates the source and destination port required by NAT to map to a NAT IP address the subsequent fragmented packets do not contain the UDP header This results in NAT not having the UDP ports to map to the NAT IP address In previous releases this condition would 14 ENTERPRISE OS SOFTWARE VERSION 11 4 RELEASE NOTES Traffic Shaping amp QoS Features occur during for example TFTP file transfers using Large Blocksize Negotiation RFC 1783 Each fragmented packet contains an IP Identification ID number that is used for re assembly When the first fragment arrives the ID is stored in the NAT session tha
19. as well as through a terminal attached to the local console port Administrators will be able to view all important status messages from the Telnet session improving manageability Audit Log Messaging Enhancements Many enhancements are added in the 11 4 release regarding the logging of events These include In previous releases only one SYSLOG server on the network could be sent the audit log messages from an Enterprise OS device With 11 4 the administrator can configure each Enterprise OS device to send it s audit log messages to up to six SYSLOG servers In previous releases only one SYSLOG server on the network could be sent the audit log messages from an Enterprise OS device With 11 4 the administrator can configure each Enterprise OS device to send it s audit log messages to up to six SYSLOG servers Persistent logging of events across reboots now available across all platforms Previously this feature was available only for NETBuilder Il and PathBuilder S5xx devices those devices which could support the partial dump feature With 11 4 the partial dump feature is extended to the stackable devices OfficeConnect NETBuilder SuperStack Il NETBuilder SI and PathBuilder S400 devices so reasons for spontaneous failures will be logged both on the device and within audit log messages sent to the SYSLOG server s To provides a clearer understanding of audit log messages the format of the messages has been changed There is a dif
20. bcm intro html If SuperStack II NETBuilder systems that are running software version 8 3 have a boot image named bundle 68K the SuperStack Il NETBuilder Token Ring system is not upgradeable to software version 11 4 unless the sys file is present on the flash drive To work around this either rename the image to boot 68k or copy the 8 3 sys file to the primary boot directory on the NETBuilder bridge router If you are using HP UX and have difficulties passing the tftp portion of bcmdiagnose you may need to modify the etc passwd file Follow the instructions printed during bcmsetup You may need to add the following line to the etc passwd file tftp 510 200 tftpboot bin false See the HP UX tftpd man page for more information Read the following warning regarding the bcmfdinteg utility WARNING Do not use the bcmfdinteg utility The bcmfdinteg utility is used internally by the bcminstall utility The bcmfdinteg utility should not be used by itself because by default it removes all files from the current directory File Conversion Considerations UNIX Platform Symbolic Links Upgrading From Release 8 3 or Earlier Upgrade Link and Netscape Browser Scroll Bars This section describes file conversion considerations for APPN bridge static routes DLSw the PROfile service and X 25 SVCs APPN APPN file conversion is supported in software version 8 2 and later Upgrading from software versions prior to 8 2 requ
21. cannot coexist with DECnet LAA OSI or IPv6 Network Management System and Services Notes ASCII Boot Boot Cycle Continuous Loop BootP Server and Autostartup Bootptab File This section describes notes cautions and other considerations to be aware of when using the Enterprise OS software when working with network management System services The topics are presented in alphabetical order When using the ASCII Boot feature on a NETBuilder II bridge router with intelligent I O modules or a PathBuilder S5xx series switch configuration commands that apply to the physical ports on the intelligent I O modules or to the physical ports on the PathBuilder may not get configured correctly if they are the first commands executed in the boot cfg file There is a small timing window where the commands affecting the physical ports will not execute successfully because the software drivers have not finished initializing the ports This problem can be avoided by either including a PAuse command at the beginning of the boot cfg file to delay the execution of the first configuration command by a few seconds or by putting the configuration commands that do not apply to the physical ports at the beginning of the boot cfg file The intelligent I O modules on the NETBuilder Il bridge router are the HSS 4 Port WAN Module the MP ATM Link Module the MP Ethernet 6 Port 1OBASE FL M odule and the HSS 8 Port BRI M odule Support for the PAuse command by
22. cfg file causing these commands to be lost The options on the Change Configuration and Diagnostic menu do not apply to the model 1x1 OfficeConnect bridge router because ISDN ports are not present on this system For the NETBuilder Remote Office bridge routers the CPU utilization statistic indicates a high percentage of utilization regardless of actual use CPU utilization is displayed on the first line of the response to the SHow STATistics command This incorrect display statistic will be fixed in a future release of the Enterprise OS bridge router software Occasionally a false file system error message telling you to format and restore configuration files will appear on the console These false errors appear when the background processing in the NETBuilder bridge router is performing file operations and you attempt a write operation such as a SETDefault command DEFRag command and FORMAT command In these programmatic lockouts rather than media related error conditions the flash file system will NOT need to be reformatted Examining the results of the attempted command such as SHow to examine the results of the attempted SETDefault can indicate whether the file system error is a false indication or not To select BootP as your Address Discovery protocol you must set all five IP address options to None The bridge router updates firmware as part of its software boot process In some cases some text is displayed during the firmware u
23. for broadband access Ethernet is the most proven familiar and cost effective LAN technology that exists today PPP is the most popular dial up transport created to define negotiating connectivity parameters authenticate users dynamically assign IP addresses and support multiprotocol environments In a remote dial up environment besides the traditional analog and ISDN modems there are server other high speed broadband CPEs being rapidly deployed for example xDSL cable and wireless access devices All high speed broadband access equipment requires end users to be knowledgeable in their technologies connectivity and configuration characteristics With PPPoE much of the complexity of these broadband devices is hidden from the user In addition to ease of configuration and use for the end user PPPoE also simplifies provisioning installation and management for the service provider Advantages of PPPoE mw Supports multiple hosts and users across a dedicated broadband connection and a single ATM or Frame Relay PVC with the same Ethernet infrastructure New Features and Feature Enhancements 13 m Provides end users with ease of installation and configuration no special configuration of the PC or modem is needed m Provides services providers with ease of provisioning services and management m Operates independent of access device that is works for xDSL cable or wireless devices which shields end users from the need t
24. include the NETBuilder Il SuperStack Il NETBuilder OfficeConnect NETBuilder bridge router PathBuilder S5xx tunnel switch models S500 S580 S593 S590 594 S598 S599 and the PathBuilder S400 WAN convergence switch This section highlights the new features and enhancements contained within Enterprise OS software version 11 4 With 3Com Enterprise OS software version 11 4 in the tools jre subdirectory is the MS Windows 95 98 NT version of JRE Java Runtime Environment written by Sun Microsystems This JRE archive file is a self extracting executable that contains the Java virtual machine runtime class libraries and Java application launcher that are necessary to run programs written in the Java programming language The JRE is needed to run the following Enterprise OS applications m Voice Wizard in Web Link embedded web interface on the PathBuilder S400 devices a PKI Manager part of the Transcend VPN Application Suite For more information or to download the UNIX version see Sun s website http java sun com products jdk 1 2 runtime html VPN and Security features provide Public Key Infrastructure Non Broadcast M ulti Access NHRP for VPN Tunnels IP Payload Compression Protocol IPComp and Tunnel Switching Between Different Tunnel Types 10 ENTERPRISE OS SOFTWARE VERSION 11 4 RELEASE NOTES Public Key Infrastructure PKI Implementation Applications like IP Security IPsec and Internet Key Exchange IKE employ
25. occur when connecting a Windows 95 or NT client via a Total Control hub to a NETBuilder II bridge router where the Total Control hub is setting up a PPTP tunnel to the bridge router This problem is a combination of the security protocol between the client and the LS in this case the Total Control Hub and the time it takes to validate a Radius request on the Radius server In addition the setting of the DefaultAptCtl parameter needs to be considered because this determines which security protocol the NETBuilder bridge router will use If the client and the LS negotiate to use PAP the client will send PAP configure requests but at that time the LS is busy setting up the PPTP tunnel and will forward the PAP requests to the NETBuilder bridge router The bridge router by default sends CHAP challenge to the client and normally the client responds immediately Then the NETBuilder bridge router sends a request to the Radius server for validation If there is another PAP request from the client to the bridge router while the bridge router is waiting for validation from the Radius server the bridge router will send a PAP NAK to the client and the session is terminated If the CHAP success message is received before the next PAP message the PAP message is discarded and the connection is established Solutions include disabling CHAP on the NETBuilder DAC or disabling PAP between the client and the LS This situation does not arise when the NETBuild
26. pool Dynamic paths might not be released back into the dial pool from the port if an incoming call arrives during a disconnect state If the SHow POrt PAths command indicates that a path from the dial pool is attached to a port but is no longer in use it can be released by re enabling the port The current implementation of Frame Relay congestion control requires that you set the committed burst size Bc and the committed information rate cir to the same value so that the time interval Tc equals 1 second using the formula Tc lt Bc gt lt cir gt If Tc is not 1 second the Frame Relay frames may be erroneously dropped due to the incorrect calculation of the throughput rate threshold If you are using history based compression on a line with excessive errors and the negotiation attempts exceed the retry count the device must be rebooted to clear the condition and reset the retry count A port using Async PPP AT dial cannot be configured for history compression The user interface will not prevent you from configuring the port for history compression however if history compression is selected the path will not come up M ultilink PPP M LP is supported for multiple WAN links connected to the same port running PPP When configuring M LP For maximum performance on a NETBuilder II bridge router 3Com recommends that similar hardware interface types be configured for each M LP bundle For instance bundle HSS modules with H
27. public key technology for such security purposes as identifying oneself to remote entities verifying a remote entity s identity or initiating secure communications with remote peers Such applications require a public key infrastructure PKI to securely manage public keys for widely distributed users or systems The implementation of PKI is based on the X 509 standard New also is PKI M anager a graphical management application to aid Enterprise OS devices in obtaining PKI certificates and Certificate Revocation Lists CRLs from various Certificate Authorities CAs PKI Manager works as a proxy between the device and the CA It is responsible for collecting the certificate requests from the devices and generating the CA specific certificate request syntax CRS which in turn is sent to the CA After the CA issues the certificate PKI M anager retrieves it from the CA and send it to the Enterprise OS device The CAs that are supported with this first release are Verisign and Entrust The application is currently supported only on Windows NT See the Transcend VPN Application Suite section of this release note for more information Non Broadcast Multi Access NHRP for VPN Tunnels With the Non Broadcast M ulti Access NBM A characteristics of a Point To M ulti Point P2M P VPN tunnel also called IP Over IP tunnel an IP packet must be forwarded via a routed tunnel path These tunnel paths must be configured statically between each p
28. settings are shown in abbreviated form 3Com recommended configurations are shaded and shown in bold Table 11 BM Related Feature Settings for Token Ring Ports Port Source Route Transparen Route Configurat Bridging t Bridging Bridging Discovery LLC2 CONTrol Frame Copy Services ion SR SRB BR TB BR CONT SR RD LLC2 CONT Errors Bridging only SR SRB NTB B NoLLC2 Disable None Bridging only SRT SRB TB B NoLLC2 Disable Low Possible Bridging only T NSRB TB B NoLLC2 Disable Low Possible LNM SR SRB NTB B LLC2 Enable None DLSw SR SRB NTB NB B LLC2 Enable None DLSw SRT SRB TB NB B LLC2 Enable High Possible DLSw T NSRB TB NB B NoLLC2 Enable High Possible APPN SR SRB NTB NB B LLC2 Disable None APPN SRT SRB TB NB B LLC2 Disable None APPN T NSRB TB NB B LLC2 Disable None Default Setting SRT SRB TB NB NoLLC2 Disable None 3Com recommends that you disable global bridging for this configuration However with global bridging disabled the token ring hardware does not filter unwanted transparent packets The token ring hardware copies each transparent packet for processing by the Enterprise OS software This can generate many frame copy errors see Token Ring Frame Copy Errors below for more information If you are seeing many Frame Copy Errors consider setting global bridging on which allows the hardware to learn and filter unwanted transparent packets Since DLSw cannot block bridging loops you must insu
29. 0 module Table 17 3Com approved DRAM SIMMs Size Vendor and Description Part Number 32 MB NEC M C428000A32B 60 72 pin 8M x32 60 ns page mode Toshiba THM 328020S 60 Toshiba THM 328020B5 60 Supported PC Flash Memory Cards Line Error Reporting on PathBuilder S5xx Series Switch Statistics Display T3 Bandwidth Limitation MBRI Ownership During Board Swapping Multiport MBRI Module SNMP Management Token Ring Modules Token Ring Auto Start up Table 18 lists 3Com approved vendors of the PC flash memory card The 20 MB flash memory card has a formatted capacity of 19 86 MB For dual image and full dump capability 3Com recommends using a 20 MB card used in the NETBuilder II bridge router You can also purchase the blank flash memory card from 3Com wm DPE 20 MB card is 3C 6086 Table 18 3Com approved 20 MB Flash Memory Cards Vendor and Description Part Number Intel Series 2 iM CO20FLSA Intel Series 2 iM CO20FLSP AMD Series D AmCO20DFLKA The PathBuilder series switch reports FSI CRCs under the path statistics This entry reflects line errors after hardware error assisted recovery has taken place The number of actual line errors present before hardware error assisted recovery has taken place may be much higher Due to a driver limitation you cannot combine two T3 paths to double the bandwidth Port ownership and port path naming inconsistencies can occur as M BRI boards are swapped in and out of a NETBui
30. 74 through Token Ring 47 APPN CP CP Sessions and SNA Boundary Routing 47 APPN CP CP Sessions on Parallel TGs 47 APPN DLUr Connections to 3174 Systems 47 BSC and Leased Lines 47 Boundary Routing and NetView Service Point 48 Configuring BSC and NCPs_ 48 DLSw Circuit Balancing 48 DLSw and CONNectUsage Parameter Default Change 48 DLSw Prioritization 48 DLSw and IBM Boundary Routing in Large Networks 48 Front End Processor Frame Relay Access for LLC2 Traffic 49 HPR and ISR Configurations 49 IBM Boundary Routing Topology Disaster Recovery 49 IBM Related Services in Token Ring 50 LAN Network Manager with NETBuilder II Systems 51 LLC2 Frames and PPP 52 Maximum BSC Line Speed 52 SHDLC Half DuplexMode 52 SDLC 52 SDLC Adjacent Link Stations for APPN 52 Source Route Transparent Bridging Gateway SRTG Interoperability 52 SDLC Ports and NetView Service Point 52 UI Response Time With Large SDLC configuration 52 VTAM Program Temporary Fixes 52 ATM Services Notes 53 ATM Emulated LANs 53 ATM LAN Emulation Clients and Large 802 3 Frames 53 ATM Connection Table 53 Deleting ATM Neighbors 53 Source Route Transparent Gateway 53 WAN Protocols and Services Notes 53 ACCM Not Configurable 53 Asynch Tunnelling on Serial Ports 53 Automatic Line Detection 53 Auto Start up Does Not Include Async 54 Bandwidth on Demand Timer Precedence 54 Baud Rates for WAN Ports in DCE Mode 54 BSC Cabling and Clocking 54 Changing the Transfer Mode Parameter Def
31. 787 VTAM Version 4 3 requires PTF HUW 20788 Visible symptoms of this problem can be seen as a lack of network management data for PUs that are downstream of a NETBuilder II bridge router using APPN DLU services The NetView message AAU2511l AAUDRTIB 02 UNEXPECTED SENSE CODE X 1002 ENCOUNTERED FOR TARGET pu name is printed in the log file when this problem occurs This section describes notes cautions and other considerations to be aware of when using the Enterprise OS software with ATM services The topics are presented in alphabetical order Enterprise OS software supports a system maximum of 32 ATM emulated LANs This release of LAN emulation software does not support large 802 3 frame encapsulation as specified in the LANE standard 1 0 When IP routing is used from FDDI to an emulated LAN packets larger than 1500 are sent fragmented per IP fragmentation rules In a LAN Emulation environment with many LAN Emulation Servers LESs a performance drop may occur when the NETBuilder bridge router is able to connect to the LAN Emulation Configuration Server LECS but many of the LESs are down or unreachable Disabling the ETHATM virtual ports corresponding to the unreachable LESs will alleviate this situation Bridge ATM Neighbors must be deleted before the associated virtual ports can be deleted The source route transparent gateway is not currently supported on ATM LAN emulation ports WAN Protocols and Services Notes AC
32. 8 bit Encryption and 3DES a MW Multiprotocol Data Voice Router a ME Multiprotocol Router with 56 bit Encryption a ML Multiprotocol Router with 40 bit Encryption a MS Multiprotocol Router with 128 bit Encryption and 3DES Table 5 lists the software features in each package for the PathBuilder S400 series switches Table 5 PathBuilder S400 Series Switches Software Features Softw are Package Feature XW XL XE XS MW ML ME MS Voice Support Analog X X X X X X X X FXO X X X X X X X X FXS X X X X X X X X Voice FAX over IP X X X X X X X X Voice FAX over Frame Relay X X X X X X X X Core Features X X X X X X X X Boundary Routing central node X X X X Boundary Routing leaf node 40 Bit Encryption IPSec X X X 56 Bit Encryption IP Sec X X X 128 Bit Encryption IP Sec X X IPCP X X X X X X X X IPv6 BGP X X X X VRRP Ethernet FDDI Token Ring X X X X X X X X VRRP for DLSW X X X X VRRP over VLAN X X X X X X X X RSVP RSVP Proxy X X X X X X X X Multicast IP PIM IGM P M BR X X X X X X X X IP OSI Connection Services IPX X X X X X X X X XNS OSI X X X X Appletalk X X X X X X X X VINES DECnet Ph IV Ph IV V GW X X X X DLSW X X X X NetView Service Point X X X X Core Features include Bridging MLN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPv2 NTP FTP TFTP HTTP Server W eb Link W eb Link Health M onitor HTTP client PPP PAP CHAP
33. A or UpgradeLink NA Otherwise an error dialog box is returned with the message Could not verify user If you use tftp the Verify Upgrade Services step does not need the user or password to be verified so those entries as well as the FTP Client User Name and Password should be ignored Netscape version 4 05 with AWT patch 1 1 5 has the Java support required by Enterprise OS software version 11 4 Upgrade Link Certain problems have been found with this Netscape patch release such as sometimes the Netscape browser Upgrade Link Window Resizing IBM Protocols and IBM Protocols and Services Notes 47 fails to add scroll bars with text fields If you experience this or other problems you may want to use a later version of Netscape when it becomes available Since Enterprise OS software version 11 4 Upgrade Link cannot resize the browser window you should maximize the browser window so that all of the Upgrade Link dialog boxes are fully visible without scrolling This section describes notes cautions and other considerations to be aware of Services Notes APPN APPN Connections to 3174 through Token Ring APPN CP CP Sessions and SNA Boundary Routing APPN CP CP Sessions on Parallel TGs APPN DLUr Connections to 3174 Systems BSC and Leased Lines when using the Enterprise OS software when with IBM protocols and services The topics are presented in alphabetical order In software version 11 4 APPN does
34. Builder 10 ST bridge router Table 7 OfficeConnect NETBuilder 10 ST Bridge Router Software Features Software Packages Feature RW RE RS Voice Support Analog FXO FXS Voice FA X over IP Voice FAX over Frame Relay Core Features X X X Boundary Routing central node Boundary Routing leaf node 40 Bit Encryption IPSec X X 56 Bit Encryption IP Sec X X 128 Bit Encryption IP Sec X Core Features include Bridging M LN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPv2 NTP FTP TFTP HTTP Server W eb Link W eb Link Health M onitor HTTP client PPP PAP CHAP M LP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAM S Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels Table 7 OfficeConnect NETBuilder 10 ST Bridge Router Software Features continued Software Packages Feature RW RE RS IPCP X X X IPv6 BGP VRRP Ethernet FDDI Token Ring VRRP for DLSW VRRP over VLAN RSVP RSVP Proxy Multicast IP PIM IGMP MBR IP OSI Connection Services IPX X X X XNS OSI Appletalk VINES DECnet Ph IV Ph IV V GW DLSW NetView Service Point BRITSS APPN LNM LAA Token Ring in Fast Ethernet IOS X X X not supported ISDN BRI X X X ISDN PRI ISDN T1 E1 X X X ISDN CT1 CE1 ISDN T3 E3 ISDN CT3 CE3 Data over Analog Call Originate X X X only CSU DSU Loopback X X X SDLC SHDLC Polled Async
35. CM Not Configurable Asynch Tunnelling on Serial Ports Automatic Line Detection This section describes notes cautions and other considerations to be aware of when using the Enterprise OS software with WAN protocols and services The topics are presented in alphabetical order The ACCM Async Control Character M ap used for Async PPP cannot be configured During LCP negotiation the NETBuilder bridge router always proposes an ACCM of all zeros and agrees to whatever the peer negotiates For best results set the LineType parameter to Leased and set the SuperStack II NETBuilder bridge router model 32x connector type for the universal port to RS 232 Forthe path to come up the bridge router must see a DTR or DSR control signal from the device Or if the device does not generate a control signal a loopback connector should be used to supply the control signal When set to the value of Auto the PATH LineType parameter first attempts to bring up the path as a leased line by raising the data terminal ready DTR signal If the path comes up but a DTR base dial modem is attached to the path the modem does not hang up until brought down manually with the HangUp command To avoid this situation set the PATH LineType parameter to Dialup Auto Start up Does Not Include Async gt Bandwidth on Demand Timer Precedence Baud Rates for WAN Ports in DCE Mode BSC Cabling and Clocking Changing the Transfer Mode Parameter Default
36. E VERSION 11 4 RELEASE NOTES Features of PKI Manager version 1 0 M ulti Enterprise PKI Management Administrators can use the application to manage multiple enterprises or different business units of an enterprise separately Limited RA functionality The application uses a proprietary Enrollment key mechanism to authenticate Enterprise OS devices Certificate proxy To eliminate the need of each device talking to the CA PKI M anager negotiates the certificates from the CAs on behalf of the device PKI M anager will receive a generic PKCS 10 certificate request from the device and wrap it into a CA specific CRS for example Versign uses PKCS 7 The certificate request will be sent to the CA using the protocol supported by the CA for example Verisign uses HTTP Certificate Management The administrator can view the CRLs and certificate status for example valid about expire expired revoke requested revoked installed or not installed using the different views of the application System Requirements for Secure VPN Manager version 2 2 and PKI Manager 1 0 Computer Pentium Processor with 300 MHz minimum clock minimum 128 MB of RAM and minimum 4 GB hard disk space for initial installation amp database storage Operating System M icrosoft Windows NT server 4 0 with Service Pack 3 or later with the TCP IP stack enabled Microsoft Windows NT SNMP service loaded and active on the server Web Server for Secure VPN M anage
37. E module 32 512 2048 The CONNectionUsage parameter is set to High by the Boundary Router peripheral node software it cannot be changed The maximum number of FradM ap entries that may be defined for each Frame Relay port is 50 High Performance Routing HPR is enabled by default Therefore if you are configuring APPN Intermediate Session Routing ISR you must disable HPR on both the PortDef and the AdjLinkSta parameters by setting HPR No In an IBM Boundary Routing topology that uses disaster recovery through PPP when two paths are mapped to one port a disruption to existing SNA and NetBIOS sessions occurs if the primary link fails and the redundant link is activated If this happens end users need to log on and initiate another session IBM Related Services in IBM related services such as DLSw and APPN are affected by parameter settings in Token Ring the BRidge SR and LLC2 Services Table 11 shows the required settings in source route SR source route transparent SRT and transparent bridging environments for each of the IBM related services When a NETBuilder bridge router token ring port is configured for both an IBM service such as DLSw and transparent bridging or SRT bridging connectivity problems and frame copy errors can occur For this reason 3Com recommends configuring token ring ports for source route only when possible In Table 11 DLSw refers to data link switching and LNM refers to LAN Net M anager The
38. Encrypted packets authenticated packets encrypted authenticated packets and discarded packets Voice Performance m Total Successful Calls Total Packets Total Bytes Autotargeting for SLA Monitoring Remote Polling In 11 2 Remote Polling was introduced which provided a mechanism to periodically poll a list of up to 100 target devices By pinging a target list of devices for connectivity logs could be generated and statistics gathered to measure latency between devices and to determine service levels Statistics could also be gathered using the 3Com remote polling MIB 3com0019 mib which can give the statistical result of each poll The MIB variables can be used with 3rd party applications like InfoVista to provide service level monitoring analysis and reporting A maximum of 100 target devices can be polled In 11 4 the requirement to manually configure up to 100 target devices that the administrator remotely polls has been eliminated Four predefined target groups will be used m RAStargets are automatically added when a RAS user session is established m VLL targets are automatically added when a virtual leased line is configured wm Tunnel Peers including PPTP L2TP IPIP DNL are automatically added m Static targets can still be manually configured if desired 20 ENTERPRISE OS SOFTWARE VERSION 11 4 RELEASE NOTES Console Output in Telnet Sessions With 11 4 all system messages can be displayed to a Telnet session
39. PN LinkStaCONTrol command the link reactivates within 30 seconds To activate the link immediately you must enable the APPN port using the SET APPN PortControl Enable command The NETBuilder II bridge router cannot interoperate with Cisco or IBM routers if the NETBuilder bridge router is configured using Source Route Transparent Gateway SRTG with Source Route bridging on the token ring LAN port and Transparent Bridging on the PPP or Frame Relay WAN ports In this configuration the NETBuilder Il bridge router is sending using PPP bridge encapsulation 802 5 token ring format while the IBM 6611 and the Cisco 400 router are using PPP bridge encapsulation 802 3 Ethernet format An SDLC port defined for NetView Service Point cannot be used for SDLC to LLC2 When NETBuilder bridge router is configured with many SDLC PUs SETDefault commands may take a long time to complete Using the Defrag command to streamline the flash that contains the configuration files can fix the problem VTAM Program Temporary Fixes PTFs are required on a mainframe when APPN DLU services are used Mainframe network management NetView services will not function for downstream physical units PUs if the PTFs are not installed ATM Services Notes ATM Emulated LANs ATM LAN Emulation Clients and Large 802 3 Frames ATM Connection Table Deleting ATM Neighbors Source Route Transparent Gateway ATM Services Notes 53 VTAM Version 4 2 requires PTF UW 20
40. R makes it easier to have a unified forwarding table for multicast data traffic The multicast routing protocols will maintain protocol specific routing states and create forwarding entries in the unified forwarding table for multicast traffic IGMPv2 Enhancements Adding to the IGM Pv1 support 11 4 will be adding support for IGM Pv2 RFC 2236 Feature enhancements include the following wm Allowing a host to inform a multicast router when it no longer wants to receive traffic for a given multicast group a Defines a new procedure for electing the multicast querier on a LAN the multicast router with the lowest IP address is always chosen as the querier a Defines a new type of Query message called the Group Specific Query This type of message allows a router to transmit a query to a specific multicast group rather than all groups that reside on a directly attached subnet PPP over Ethernet PPPoE With 11 4 PPP over Ethernet PPPoE is available to offer a seamless integration of broadband access technology into the existing infrastructure and operational model of remote access As specified in the informational RFC 2516 PPPoE encapsulates PPP packets over Ethernet It is intended for use by a host PC to interact with a broadband modem e g xDSL cable and wireless access devices to achieve access to high speed data networks The PPPoE offering is targeted at Carriers ISPs and NSPs with an ATM backbone for use in a VPN environment
41. SS modules and bundle HSS 3 port module links with HSS 3 port module links m Forthe best performance use MLP on interfaces with matched line speeds Avoid mismatched baud rates of ratios greater than 10 to 1 for bundled links m f your baud rate ratios on two links are greater than 4 to 1 the M LP feature automatically turns off fragmentation For baud ratios of less than 4 to 1 you may choose to turn off fragmentation for performance considerations Turn off fragmentation using the M IpCONTrol parameter in the PPP Service m MLP does not support the HSSI module m Before you re enable a port running M LP disable the port and allow the remote port to go down This action prevents loss of packet sequence numbers SPID Wizard Detection Errors STP AutoMode Does Not Select the Right Mode Supported Modems synchronization which causes packets to be dropped when the MLP port is enabled If the two routers are connected to a single NT 1 SPID Wizard cannot detect the correct switch type and corresponding SPIDs To work around the problem disconnect one of the routers from the NT 1 before running SPID Wizard Reconnect the router after SPID Wizard completes the detection process When a NETBuilder II TI is connected over X 25 to a NETBuilder Il bridge router that has Ethernet or token ring and the Ethernet is transparent bridging to other routers over X 25 and the token ring interface requires source route bridging to the NETBuilde
42. US Authentication IP RIP IP RIPv2 NTP FTP TFTP HTTP Server W eb Link Web Link Health M onitor HTTP client PPP PAP C HAP MLP CCP X 25 Dial ASCII Boot and ASCII Capture Log in Banner SLAMS Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels NETBuilder Il Firmware Requirements The NETBuilder II O modules require firmware upgrades to support the Enterprise OS software version 11 4 see Table 2 for firmware requirements You can determine your I O module firmware entering SHow SYS IOI Table 2 NETBuilder Il Firmware Requirements Module version through the software by 11 4 Firmware Version Strings DPE FW DPE BOOT1 1 7 FW DPE BOOT2 1 7 FW 6ETH FW 1 4 0 70 FW ETH100 FW 1 9 FW 8BRI FW 1 5 FW ATM FW 1 1 0 70 FW HSS3 V35 1 1 11 FW HSS3 449 1 1 11 FW HSS3 232 1 1 11 FW 4PORTWAN FW 1 5 MP Ethernet 6 port Fast Ethernet 100Base 8 port HSS BRI MP ATM Link HSS 3 port V 35 HSS 3 port RS 449 HSS 3 port RS 232 HSS 4 port SuperStack Ill SuperStack Il NETBuilder SI bridge routers are supported with the following NETBuilder SI packages a BF Boundary Router m NW IP IPX AT Router m NE IP IPX AT Router with 56 bit Encryption NS IP IPX AT Router with 128 bit Encryption and 3DES a CF Multiprotocol Router a CL Multiprotocol Router with 40 bit Encryption a CE Multiprotocol Router with 56 bit Encryption a CS Multiprotocol Router with 128 bit Enc
43. ada You agree that you will not export reexport either physically or electronically the encryption software or accompanying documentation or copies thereof or any products utilizing the encryption software or such documentation without obtaining written authorization from the U S Department of Commerce Unless otherwise indicated 3Com registered trademarks are registered in the United States and may or may not be registered in other countries 3Com AccessBuilder Boundary Routing NETBuilder NETBuilder Il OfficeConnect SuperStack and Transcend are registered trademarks and Edge Server PathBuilder and Total Control are trademarks of 3Com Corporation IBM AS 400 SNA and LAN Net Manager are registered trademarks of International Business M achines Corporation Advanced Peer to Peer Networking and APPN are trademarks of International Business Machines Corporation DECnet is a registered trademark of Digital Equipment Corporation AppleTalk is a registered trademark of Apple Computer Inc NetWare is a registered trademark of Novell Inc RealPlayer is a trademark of Real Networks UNIX is a registered trademark in the United States and other countries licensed exclusively through X Open Company Ltd VINES is a registered trademark of Banyan Systems SunOS is a trademark of Sun Microsystems Inc XNS is a trademark of Xerox Corporation Other brand and product names may be registered trademarks or trademarks of their respective holders
44. address as before in order to utilize the redundancy feature of the sysip In addition the voice call will also have an option to use a different source destination pair for those calls that need to be tunneled via VPN After the source address is defined it is linked to the virtual port that represents the VPN tunnel allowing the voice call to get tunneled across the VPN Network management features include Upgrade Utilities and Upgrade Link Web Link Enhancements Autotargeting for SLA M onitoring Remote Polling Console Output in Telnet Sessions Multiple SYSLOG Server Support Audit Log M essaging Enhancements and Domain Name Use in FTP and TFTP Commands Upgrade Utilities amp Upgrade Link With the upgrade utilities you will be able to perform upgrades of all your Enterprise OS devices NETBuilder PathBuilder S5xx and PathBuilder S400 devices from an older version of software to a newer version The version you can upgrade to will match your version of the upgrade utilities for example with the Upgrade M anagement Utilities version 11 4 you will be able to upgrade a device running 8 x 9 x 10 x 11 0 11 1 or 11 2 to any version 9 x 10 x 11 0 11 1 11 2 11 3 or 11 4 Engineered to be reliable and simple to use the utilities can be executed via command line via the GUl interface in Transcend Upgrade Manager or the GUl interface in Upgrade Link or via user defined scripts Enhancements to Upgrades Utilities version 11 4
45. air of neighbors All VPN traffic is allowed to flow only through the configured neighboring paths This makes routing inefficient since data forwarding may not always be using the best route with the shortest hops To solve this the user would have to go to the trouble of configuring a fully meshed VPN so packets could be forwarded with one hop With the Next Hop Resolution Protocol NHRP implemented in 11 4 tunnels are now established dynamically NHRP enhances the Point To M ulti Point P2M P VPN tunnel by eliminating the need to statically configure each and every end point virtual port on the device NHRP resolves the next hop when forwarding data through tunnels The Enterprise OS device will automatically discover its short cut path for routing without having to manually configure every neighboring path IP Payload Compression Protocol IPComp or IPPCP Enterprise OS software supports data compression to ease bandwidth problems However in previous software releases the compression mechanism was not effective when a data stream was encrypted at layer 3 With 11 4 by using IP Payload Compression Protocol IPComp RFC 2393 to first reduce the size of the IP datagram by compressing the data then performing encryption the size of IP datagrams has been reduced This is extremely useful when IPsec encryption is applied to IP datagrams since compression of outbound IP datagrams is done before any IP security processing and the deco
46. and ST variants and 10 ST OfficeConnect NETBuilder and SuperStack II NETBuilder SI Release m PathBuilder S5xx series switch models S500 S580 S593 S594 S598 and S599 m PathBuilder S400 Due to increased memory requirements the OfficeConnect NETBuilder and SuperStack Il NETBuilder SI will be released after the general release of Enterprise OS Software version 11 4 The general release will include support for the following platforms NETBuilder Il SuperStack Il NETBuilder Token Ring PathBuilder S50x S58x S59x and PathBuilder S400 devices Watch for special release announcements for the OfficeConnect NETBuilder and SuperStack II NETBuilder SI devices See OfficeConnect NETBuilder and SuperStack II NETBuilder SI Additional M emory Requirements on page 63 for details about memory requirements for the OfficeConnect NETBuilder and SuperStack Il NETBuilder SI devices Platforms Not Supported The Enterprise OS software version 11 4 does not support the following bridge routers a Model 227 SuperStack Il NETBuilder Router Ethernet a Model 427 SuperStack Il NETBuilder Router Ethernet ISDN m Model 120 OfficeConnect NETBuilder FRAD a ModelS574 and S578 PathBuilder Switch New Features and Feature Enhancements JAVA Runtime Environment VPN and Security Features Enterprise OS is the system software that operates within the NETBuilder and PathBuilder WAN products Enterprise OS devices supported by this release
47. ault the directory records for certificates and CRLs will be stored internally in an ASCII format The directory records should be stored in a binary format To change the format edit the Entrust ENTM GR INI file and Bridge Router PKI Configuration search for the line serverType Entrustslapd Change this line to read serverType External See Appendix D of the Entrust PKI 4 0 Administration Guide for more information After editing this file run the M aster Control application and invoke the Restore to PPTP Tunnel Security Validation pb RSA Signature for Phase 1 Authentication Windows NT MS CHAP Authentication Directory operation to reinitialize the directory in binary mode See Chapter 2 of the Entrust PKI 4 0 Administration Guide a The following are guidelines for installing the Entrust PKI 4 0 VPN Connector product n The Entrust installation guide provides instructions for installing the Entrust PKI 4 0 VPN Connector product The installation guide specifies the exact system requirements It is strongly recommended that the installation guide be reviewed carefully before attempting the installation n The installation provides various worksheets and the information requested in these must be determined prior to the installation m The CEP features of VPN Connector are not required in a 3Com bridge router PKI environment Skip those steps relating to the CEP installation and configuration Authentication problems may
48. ault Value 54 Compression Requirements 54 Dial Idle Timer 55 Disaster Recovery on Ports Without Leased Lines 55 DTRModems 55 Dynamic Paths 55 Frame Relay Congestion Control 55 History Based Compression Negotiation Failure 55 History Compression Not Allowed With Async PPP 55 Multilink PPP Configurations 55 SPID Wizard Detection Errors 56 STP AutoM ode Does Not Select the Right Mode 56 Supported Modems 56 Routing Protocols and Services Notes 56 BGP Configuration Files 56 CPU Utilization with XNS Protocol 57 IPX to Non IPX Configuration Error 57 IPX Routing Route Receive and Route Advertisement Policies 57 Managing IP Address Assignment 57 NAT Service Many to One Outbound Translation 57 NAT Service TCP UDP Port Mappings 57 OSPF Route Advertisement 57 PIM Sparse Mode 57 PIM SM Enterprise OS Cisco Incompatibility 57 PIM SM Register Checksum Formats 57 PM SM Not Supported Over NBMA Media 58 RouteDiscovery 58 VRRP Configuration 58 Network Management System and Services Notes 58 ASCII Boot 58 Boot Cycle Continuous Loop 58 BootP Server and Autostartup 58 Bootptab File 58 Capturing Commands to boot cfg File 59 Change Configuration and Diagnostic Menu 59 CPU Utilization Statistic 59 File System Error 59 Firmware Configuration 59 Firmware Update 59 IP Quality of Service Bandwidth 59 IP Quality of Service Configuration 59 Multiple Paths to BootP Server 59 Remote Access Default Change 60 Scheduler RunOnBootFail Completion 60 V 25bis
49. circuit When connecting a NETBuilder bridge router to an Network Control Program NCP for a BSC configuration be careful when disabling the 3780 2780 EP lines If you try to pull the cable out the NCP may go into a state that will require the NCP to be rebooted Check with your IBM service representative for additional details Circuit balancing does not work properly if WAN links are set to different speeds For circuit balancing to work properly you must have WAN links of the same speed If the WAN links are different speeds for example T1 and 64 K the bridge router with circuit balancing learns the route from the T1 link before learning the route from the 64 K link All circuits are directed to the DLSw tunnel on the T1 link instead of being distributed on both 64 K and T1 DLSw tunnels Only after alternate routes are in the circuit balancing router cache will subsequent session establishment be balanced The default value of the SYS CONNectUsage parameter is High for NETBuilder bridge routers with a DPE module The default value of CONNectUsage for all other platforms is Low This difference simplifies DLSw configurations When the DPE module is used in a non DLSw configuration a small amount of memory is allocated 226 K of approximately 12 M B Non DLSw configurations in very large networks running OSPF and BGP may require that the CONNectUsage parameter be changed to Low to recapture this 226 K of memory For all other configurat
50. der bridge routers with encryption technology unless you set the EncryptionLicenseRead environment variable to 1 Setting this variable implies that you have read and agree to the export regulations enforced by the US Department of Commerce This environment variable can be set by executing or adding the following line to the autoexec bat or login file set EncryptionLicenseRead 1 Upgrade Management Notes bcmdiagnose Error Message SuperStack Il NETBuilder Token Ring Upgrades bcmdiagnose and HP UX bcmfdinteg A This section contains known upgrade management issues When you execute bcmdiagnose on HP UX and the TFTP server is configured to use the Safe Directory method the error message No TFTP user found in etc passwd You must add an entry can be ignored Installation of a new version of the Remote Upgrade Utilities onto a UNIX NMS saves an existing usr 3Com bcmutil conf into etc 3Com bcmutil conf backup This file is used by the Transcend Enterprise M anager for UNIX TEM U If a user has made modifications to this file they must either restore their original file or add the changes to the new file If you are using the Remote Upgrade Utilities in stand alone mode or with the Transcend Enterprise M anager for UNIX TEM U you can specify SNM P community strings of different devices in etc snmp cfg file M ore information about the snmp cfg file can be found in the help pages file usr 3Com bcm gui hlp
51. e Copy Errors For transparent bridge or source route transparent configurations token ring end systems may generate a small number of MAC frame copy error reports when the NETBuilder II bridge router token ring interface is initializing or when the bridge router ages out a MAC address from its bridge table For the bridge router to learn the MAC addresses of transparent end systems on the token ring it copies a packet with an unknown source address and sets the address recognized A and frame copied C bits in the Frame Status FS field A problem occurs when the FS A and C bits have been set and the destination of the frame is an end system on the local ring The destination end system expects the A and C bits to be zeros When it receives a frame with these values already set it reports an error The end system counts these errors and accumulates them until the MAC layer Soft Error Report Timer period is reached the default is two seconds A MAC Report Error packet is then sent to the Ring Error M onitor REM Network Management entity A source route only configuration eliminates frame copy errors Frame copy errors do not occur in source route only environments when the NETBuilder bridge routers are configured properly This is because the NETBuilder bridge router hardware filters source routed packets based on the route information field not the MAC adaress If the bridge router is configured for source route only it never copi
52. e Enhancements 15 Given the scalability problems associated with RSVP the emerging IETF standard for scalable end to end QoS IP Differentiated Service is supported Incoming traffic flows can be classified into service classes for each defined QoS policy with the routers providing the service level that corresponds to the Differentiated Services Code Point DSCP bits 0 5 in the TOS byte via the Class Based Queue CBQ packet scheduler and Random Early Detection RED congestion avoidance mechanisms These queue management policies will only be supported over the slower FR and PPP WAN links Brief descriptions of additional QoS features are listed below For further information on IPQoS consult RFC 2474 Definition of Differentiated Service Field in IP Headers and RFC 2309 Recommendations on Queue Management amp Congestion Avoidance in the Internet Policy based QoS Management Flexible QoS control is configured via the IPQoS Service as port specific policies QoS policies can be applied to the inbound traffic at the ingress port and or the outbound traffic at the egress port QoS policies are associated with flows Policies are stored in the user defined precedence order in the QoS policy database The policy action associated with the first matching policy found for the packet will be applied Flow can be defined as either an aggregated flow or a specific application flow between two end systems Flows are classified via the generic pac
53. e boot strap router BSR message packets without modifying the source IP address field This implementation is incompatible with 3Com Enterprise OS and there is no workaround when a PIM SM domain contains both Cisco IOS and 3Com Enterprise OS devices Cisco IOS currently sends register packets with register checksum on the entire IP payload and IOS rendezvous points RPs also expect register checksums done on the entire IP payload However 3Com Enterprise OS devices generate register PM SM Not Supported Over NBMA Media RouteDiscovery VRRP Configuration checksums on the PIM headers only Enterprise OS devices when acting as RPs are capable of accepting register checksums in both formats In the scenario where Cisco IOS devices are the RPs and Enterprise OS devices act as sender designated routers DRs a super user command SU PIM RegCksum FullPayload is required on the Enterprise OS devices Currently PIM SM is not supported over non broadcast multiaccess NBM A datalink media Such media include IP IP Point to M ultipoint P2M P tunnels and Frame Relay configured on parent ports If RouteDiscovery is enabled on all protocols SR RouteDiscovery All in the maximum packet forwarding rate drops significantly during route discovery 3Com recommends that you enable RouteDiscovery only for the protocols you use Increasing the value of the SR HoldTime parameter minimizes the drop in forwarding rate for these protocols VRRP
54. eature JW JE JS BF NW NE NS AF OF OL OE os ISDN CT3 CE3 Data over Analog Call Originate X X X X X X X X X X X X only CSU DSU Loopback X X X X X X X X X X X X SDLC SHDLC Polled Async Bisync X X X X X X BSC Conversion X X X X QLLC LLC2 Conversion X X X X X Frame Relay X X X X X X X X X SM DS X X X X X X X X X 25 Switching Tunneling X X X X X X X X WANExtender M P6E Module Fast Ethernet 100Base ATM Module LANE PPPOE M POA Server Client ZM ODEM Support in Software X X X X X X X X X X X X Flash Load X X X X X X X X X X X X LDAP Policy Engine Client X X X X X X X X Auto Startup X X X X X X X X X X X X IKE IPsec KEK ISAKM P Tunnel X X X X X X Mode Fast Tunnel Policy Ul Policy Manager IPPCP DES Crypto X X X X X X 3DES 3DES 3 KEY X X X X RC5 Crypto X X X X X M PPE RC4 X X X X X X X IP IPX RAS Radius traps X X X X X X X X MS CHAP X X X X X X X EAP Authentication X X X X X X X X X VPN PPTP L2TP L2TP FP Tunnel X X X X X X X X X X X Switch PPTP L2TP R2R VLL IP Routing FireWall NAT Proxy X X X X X X X X X X X ARP DHCP DHCP Proxy Traffic Director Internal IP Ports IPQoS IP OSPF X X X X X X X X IPX NLSP X X X X X X X X Virtual Ports 10 10 10 28 28 28 28 28 28 28 28 28 Restricted Number of DHCP 256 256 256 Addresses Core Features include Bridging MLN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPv2 NTP FTP TFTP
55. er bridge router is using internal security because it is fast enough to check the CHAP response before the next PAP message is generated When using RSA Signature for phase 1 authentication and an IP address is used for Distinguished Name Common Name or Subject Alternate Name the only port on the device that will perform IPSec is the one that corresponds to that IP address Using a domain name for the Distinguished Name Common Name or Subject Alternate Name does not impose this limitation Although the 11 4 RAS service supports 64 character user names and passwords any Windows NT user with a password greater than 14 characters long will fail M S CHAP authentication Per the IETF M S CHAP v2 draft current versions of Windows NT limit passwords to 14 characters Platform Notes 63 Platform Notes OfficeConnect NETBuilder and SuperStack II NETBuilder SI Additional Memory Requirements This section describes the supported PC flash memory cards approved DRAM SIM M S notes cautions and other considerations to be aware of when using the Enterprise OS software on the various NETBuilder bridge router and PathBuilder platforms The topics are presented in alphabetical order In order for OfficeConnect NETBuilder and SuperStack Il SI NETBuilder bridge routers to support selected Enterprise OS software version 11 4 packages the minimum memory requirements must be met for DRAM and FLASH These requirements are mentioned in Table 15 and i
56. es frames destined for a station on the local ring Frame copy errors can be eliminated by running in source route only mode Table 12 shows the features supported on the NETBuilder Il and NETBuilder SuperStack Il token ring bridge routers Table 12 3Com Bridge Routers and Supported Features Source Route Source Route Transparent Transparent Platform Bridging Routing Gateway Source Routing NETBuilder Il Yes Yes Yes Yes SuperStack II NETBuilder No Yes No Yes Token Ring Frame Copy Errors under LAN Net Manager Whenever LAN Net M anager is enabled the token ring driver is set to N way bridging mode which means the bridge router copies all frames that match the bridge number specified on the receiving port If two NETBuilder bridge routers are connected to the same ring with the same bridge number frame copy errors will occur To prevent this problem do not configure two NETBuilder bridge routers with the same bridge number on the same ring If you have previously configured your LAN Network M anager to use the NETBuilder ll system as a virtual ring and you want to use it as a physical ring you must set your virtual ring number back to None LLC2 Frames and PPP Maximum BSC Line Speed SHDLC Half Duplex Mode SDLC SDLC Adjacent Link Stations for APPN Source Route Transparent Bridging Gateway SRTG Interoperability SDLC Ports and NetView Service Point UI Response Time With Large SDLC configuration VTAM Pro
57. ferent format for those messages sent to a SYSLOG server vs those saved on the device s local audit log buffer Redundant information was removed and comprehensive definitions are provided A field was added to indicate message severity 0 7 indicating Emergency Alert Critical Error Warning Notice Info and Debug Changes to audit log messages sent to SYSLOG server s Forthe SYSLOG messages a unique message identifier starting with 100 has been added Specific services have been assigned a range of identifying numbers For example 100 199 identifies audit log file access status messages dial history messages are 400 499 IPsec messages are 600 649 and Web Link messages are 1400 1499 A new message format will have identifying labels The new syntax is as follows priority Seq SeqNumber Sev Severity From Entity Source Msg Text Changes to audit log messages saved on the device s local audit log buffer The new message format will have identifying labels The new syntax is as follows priority Seq SeqNumber Date Time Sev Severity From Entity Source Msg Text Audit Log M essage Filters are now supported In previous releases all audit log messages were sent to the designated SYSLOG server With 11 4 the administrator can set a LogFilter whereby specific messages can be sent to specific SY SLOG servers M essages can be filtered based on service priority Transcend VPN Application Suite
58. ffic load CPU and memory usage by other services Table 9 DLSw Circuit M aximums with CONNectionUsage Parameter Settings Maximum Number of DLSw Circuits System Low Medium High OfficeConnect and SuperStack II 190 390 790 NETBuilder bridge routers Boundary router peripheral node n a n a 790t NETBuilder Il bridge router DPE modules 390 790 7990 The CONNectionUsage parameter is set to High by the Boundary Router Peripheral node software it cannot be changes t The IBM Boundary Router peripheral node uses two LLC2 circuits to support one LLC2 end system Therefore the maximum number of LLC2 end systems supported by an IBM Boundary Router peripheral node is 395 Number of TCP Connections 3Com LLC2 tunneling uses one TCP connection for each LLC2 session DLSw scales to large networks better than LLC2 tunneling because it multiplexes all LLC2 sessions over one TCP connection per tunnel Each Telnet session also uses one TCP connection Table 10 shows the maximum number of TCP connections possible with the different CONNectionUsage parameter settings The practical limit may be lower and depends on the traffic load CPU and memory usage by other services Table 10 TCP Circuit M aximums with CONNectionUsage Parameter Settings Maximum Number of TCP Circuits System Low Medium High OfficeConnect and SuperStack II 32 256 512 NETBuilder bridge routers Boundary router peripheral node n a n a 790 NETBuilder Il bridge router DP
59. fficeConnect NETBuilder and SuperStack II NETBuilder SI and PathBuilder S400 devices OSPF External Route Aggregation With OSPF the user can import routes from external routing sources for example BGP RIP static routes and directly connected networks These imported routes become OSPF external routes In some networks the number of external routes to be advertised can cause traffic congestion on the backbone and subsequently to all areas Because version 11 4 aggregates the type5 external routes the user can define external route ranges With user defined external route ranges if the external route is within the defined range only then will the network be advertised This reduces the number of external routes advertised in the backbone and regular areas Protocol Independent Multicast Sparse Mode PIM SM The periodic broadcasting of information by DVM RP and M OSPF to identify the location of interested receivers for a specific multicast session is only useful in networks where bandwidth is plentiful or when there is a large number of senders and receivers for a multicast session When senders and receivers to multicast sessions are distributed sparsely across a wide area such schemes are not efficient They waste bandwidth on expensive WAN links and require the maintenance of routing state on routers that are not on the forwarding tree for the multicast session Protocol Independent M ulticast Sparse M ode PIM SM implemented i
60. file bat Version 11 4 Upgrade Management Utilities Upgrading to 11 4 Utilities with Transcend Upgrade Manager Transcend Enterprise Manager The Windows files are as follows ruull4 zip Contains the compressed Upgrade M anagement Utilities for Windows95 98 and Windows NT platforms ruull4 txt Contains the instructions for downloading and expanding the Upgrade M anagement Utilities and Upgrade Link This file also contains instructions on how to integrate the utilities into the Transcend Network Control Services M anager application When using the Upgrade M anagement Utilities from a Windows command line you must execute the profile bat user 3com common data profile bat file This file sets up the path to usr 3com common bin where the utilities reside Alternatively you can reboot your system so that the changed in the a autoexec bat file can take effect The upgrade utilities can be integrated into Transcend Network Control Services Manager for Windows 95 version 6 1 and Transcend Network Control Services M anager for Windows NT are available for use on Windows 95 and Windows NT platforms These utilities can also be integrated into Transcend Enterprise M anager for UNIX version 4 2 1 and 4 2 2 and are shipped preinstalled in Transcend Network Control Services for UNIX 5 0 The utilities are pre shipped with Transcend Network Control Services for Windows version 6 2 and Windows NT 1 1 The Upgrade M anagement Utilities are des
61. for SuperStack Il bridge routers should be 07 264 000 01 rev 1 to work in BSC internal clocking mode The PATH service parameter TransferM ode should not be changed from its default value of AUto Other settings of this parameter are reserved for future extensions Compression must use the same configuration at both ends of the connection If one side of a connection is configured as per packet and the other is configured as history the PPP link does not come up Dial Idle Timer Disaster Recovery on Ports Without Leased Lines DTR Modems Dynamic Paths Frame Relay Congestion Control History Based Compression Negotiation Failure History Compression Not Allowed With Async PPP Multilink PPP Configurations WAN Protocols and Services Notes 55 The dial idle timer is not accurate and it will take a client longer to idle out than is configured For a 180 second dial idle time it takes approximately 8 5 minutes for the client to idle out if no traffic is ever sent To workaround this problem disable bootp on 0 by entering the following command Setd 0 bootp control disable The Port Service DialControl parameter controls port attributes for a dial up port in the event the bandwidth set for a leased line drops below what has been set as the normal bandwidth Setting this parameter to DisasterRecovery for a port without leased lines prevents port idle out DTR modems should not be configured as a dynamic path and a dial
62. gned to support dynamic fragmentation control to turn on and off fragmentation at each communicating endpoint 3Com proprietary VoFR signaling based on Q 931allows dynamic call connection and teardown VOFR recovery is built into VoFR signaling to handle system or network outage m Voice call establishment is regulated by bandwidth requirements of voice compression between two communicating DSP peers as well as by the available bandwidth CIR of the VC at each end a Voice calls between remote offices can be switched through central site VoFR 18 ENTERPRISE OS SOFTWARE VERSION 11 4 RELEASE NOTES Network Management Features Up to 250 calls can be supported within each VC subject to available bandwidth a Support for FXS and FXO voice ports a Support for FAX data over the voice call Voice Over VPN VoVPN Due to the interaction between VPN L2TP or PPTP and VoIP when they are sharing the same system IP sysip address voice calls do not get tunneled over L2TP or PPTP The reason for this is when a VPN tunnel is established with the sysip address the endpoint s sysip address is in each endpoints routing table If an application subsequently uses the same address that is used by the tunnel the routing table would force the packet out on the interface and not through the tunnel The packet would leave the device unencapsulated To overcome this voice calls originating from the system will continue to use the Sysip
63. gram Temporary Fixes LLC2 frames are not sent or received over PPP unless global bridging is enabled using the SETDefault BRidge CONTrol Enabled command You must enable LLC2 on the port using SETDefault lt port gt LLC2 CONTrol Enabled If bridging is enabled and you do not want bridging either set the BRidge CONTrol parameter to NoForward or disable bridging on individual ports by setting the following command SETDefault BRidge TransparentBridge NoTransparentBridge For V 35 and RS 232 links the maximum baud rate supported for BSC traffic is 38 4 If the baud rate is higher BSC traffic suffers errors and retransmissions SHDLC does not support physical half duplex mode SDLC requires the following XID spoofing must be turned on if the IBM Communication M anager is used for 3270 communications and is defined as a PU type 2 0 Use the following syntax SETDefault lt PU name SDLC CUXId value 8 Hexadecimal digits SETDefault lt PU name gt SDLC CUXidDefined Yes m SDLC end to end through local switching conversion to a single LLC2 LAN connection between two NETBuilder bridge routers requires different virtual ring numbers in the LLC2 Service When you configure SDLC adjacent link stations for APPN if an active link becomes inactive and you change the port definition using the PortDef parameter the link remains inactive If you try to reactivate the link using the SET AP
64. igned to work with or without Transcend Network Control Services M anager Network Admin Tools See Upgrading Enterprise OS Software for details about integrating the Upgrade M anagement Utilities into the Transcend Network Control Services M anager The proper installation order for integrating the Upgrade M anagement Utilities into Transcend is 1 Stop Transcend 2 Install the Upgrade Management Utilities using bcmsetup Do this if Transcend does not have the Upgrade M anagement Utilities bundled or if you want to install a newer version of the Upgrade M anagement Utilities Start Transcend The Transcend Upgrade M anager Baseline M anager and Alarm M anager will then support the latest Enterprise OS software version The following notes apply to users of the Transcend network management application BCM USETFTP Environment Variable Transcend Enterprise M anager for Windows and Transcend Enterprise M anager for UNIX 4 x users should set the BCM USETFTP environment variable to 1 to force the Upgrade M anagement Utilities to use TFTP file transfer during upgrading The environment variable can be set by executing or adding the following line to the autoexec bat or login file set BCMUSETFTP 1 Upgrade Management Notes 45 EncryptionLicenseRead Environment Variable Transcend Enterprise M anager for Windows Upgrade M anager and Transcend Enterprise M anager for UNXI Upgrade M anager 4 2 x will not allow you to upgrade 3Com NETBuil
65. ions this additional small memory allocation should have no effect The FLush SYS STATistics command does not flush DLSw priority statistics You must use the FLush DLSw PRioritySTATistics command The following considerations are related to DLSw in large networks Leaf Node Sessions Support When a leaf node has more than 50 end stations use the following tuning parameters SETDefault lt port gt LLC2 TransmitWindow 1 SETDefault lt port gt LLC2 RetryCount 20 SETDefault lt port gt LLC2 TImerReply 10000 Use these parameters for the leaf node and central node WAN ports Number of DLSw Circuits The SYS CONNectionUsage parameter controls the maximum number of DLSw circuits The default value of the CONNectionUsage parameter is High for NETBuilder bridge router with a DPE module and for the boundary router peripheral node but the default value is low for all other NETBuilder bridge router platforms Change this value using SETDefault SYS CONNectionUsage Low Medium High Front End Processor Frame Relay Access for LLC2 Traffic HPR and ISR Configurations IBM Boundary Routing Topology Disaster Recovery IBM Protocols and Services Notes 49 You must reboot the bridge router before this change takes effect Table 9 shows the maximum number of circuits possible with the different CONNectionUsage parameter settings The practical limit may be lower and depends on the tra
66. ires manual configuration High Performance Routing HPR is a new feature for the NETBuilder bridge router after software version 8 3 If you use the Upgrade M anagement Utilities to convert your APPN data file from version 8 3 or later to 11 4 be sure to turn on HPR if HPR is desired using SETDefault lt port gt APPN PortDef lt DLC type HPR yes Bridge Static Routes A static bridge route configured with the off option does not convert properly You must manually reconfigure this route DLSw Initial Bandwidth for Peer is a new parameter for software version 8 3 and later The default for version 11 0 is 8000 If you use the Upgrade M anagement Utilities to convert your DLSw data files from version 8 3 or later to 11 4 be sure to set the value of the parameter to the desired value using SETDefault tunnel id Dlsw PEER IP address lt PrioMode gt 8000 other value When installing Enterprise OS software version 11 4 from a UNIX platform do not follow symbolic links to reach a particular file image or tar file when using the Browse option Double clicking a directory name that is a symbolic link will not connect to the directory To open a directory type the directory name and press Enter If you are upgrading a bridge router from software version 8 3 or earlier you must disable user verification by specifying the NA flag on bcmnbrus or Upgrade Link For example bemnbrus N
67. is product provides a front end to the Entrust CA server for enrolling VPN devices such as routers with the Entrust CA in order to obtain certificates for those devices This product must be installed after the Entrust PKI 4 0 Authority Admin Directory product is installed The following are some guidelines for installing the Entrust PKI 4 0 Authority Admin Directory product The Entrust installation guide gives instructions for installing the Entrust PKI 4 0 Authority Admin Directory product It is recommended that the Entrust directory be installed with the CA server The installation guide specifies the exact system requirements It is strongly recommended that the installation guide be reviewed carefully before attempting the installation The Entrust CA environment assumes a hierarchy of security personnel that manage various aspects of operation of the CA although all of the various management roles can be assumed by a single person It is recommended that the various passwords for the various personnel be carefully recorded and the records placed in a secure location The installation provides various worksheets and the information requested in these must be determined prior to the installation A Windows NT server administrator password must be set prior to the installation Do not use an empty password consisting only of a carriage return After installation if the Entrust directory was installed with the Entrust CA software by def
68. k Health Monitor HTTP client PPP PAP CHAP MLP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAMS Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels Table 3 SuperStack Il NETBuilder SI Software Features continued Software Packages Feature BF NW NE NS CF CL CE CS AX IP IPX RAS Radius traps X X X X X MS CHAP X X X X X EAP Authentication X X X X X X VPN PPTP L2TP L2TP FP Tunnel X X X X X X X X Switch PPTP L2TP R2R VLL IP Routing FireWall NAT Proxy X X X X X X X X ARP DHCP DHCP Proxy Traffic Director Internal IP Ports IPQoS IP OSPF X X X X X X X X IPX NLSP X X X X X X X X Virtual Ports 48 48 48 48 48 48 48 48 48 Restricted Number of DHCP Addresses M ax Physical Voice Ports Memory Requirements DRAM 16 MB 16MB 16MB 16MB 24MB 24 MB 24 MB 24 MB 16 MB Flash memory Minimum required 8MB 8 MB 8 MB 8 MB 12 MB 12 MB 12 MB 12 MB 12 MB for Enterprise OS 11 4 Flash memory Minimum required 8MB 8 MB 8 MB 8 MB 12MB 12MB 12MB 12MB 12MB for Dual Images Core Features include Bridging M LN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPv2 NTP FTP TFTP HTTP Server W eb Link W eb Link Health M onitor HTTP client PPP PAP CHAP MLP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAM S Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels
69. ket classification service provided by IP A network manager can define the following types of QoS policy Bandwidth control If rate limiting is specified in a QoS policy the associated traffic flow will be metered and policed Rate limiting can be applied to traffic transmitted or received on an interface User may also define actions such as forward discard remark TOS byte to handle traffic that conforms to or exceeds the rate limit a TOS control TOS can be set to a specified TOS value This allows incoming packets to be classified into a small number of DSCP based classes TOS byte can also be remarked for forwarding to another administration domain with a different IP TOS convention Service class control A specific service class can be assigned to a flow independent of the DSCP value in the TOS byte By default the 6 bit DSCP value is mapped into a CBQ service class at the outgoing WAN port Traffic redirect traffic can be redirected at the ingress port IEEE 802 1P Prioritization When the ingress port is connected to a VLAN aware switch that does the layer 2 packet classification and 802 1P user priority support is enabled on the ingress VLAN port the 802 1P user priority of the incoming IP packet will determine the IP TOS value based on the default or user configured mapping When the egress port is connected to a layer 2 VLAN aware switch that does not support packet classification and 802 1P support is enabled on
70. l IGP routes except OSPF External routes were imported into the BGP routing table by default Beginning with software version 10 1 the import of IBP routes into BGP is controlled by the BGP IntPolDefault parameter CPU Utilization with XNS Protocol IPX to Non IPX Configuration Error IPX Routing Route Receive and Route Advertisement Policies Managing IP Address Assignment NAT Service Many to One Outbound Translation NAT Service TCP UDP Port Mappings OSPF Route Advertisement PIM Sparse Mode PIM SM Enterprise OS Cisco Incompatibility PIM SM Register Checksum Formats Routing Protocols and Services Notes 57 When the PathBuilder S5xx switch is configured for 2048 tunnels and XNS protocol very high CPU utilization will occur A mechanism does not exist to prevent adding a path from a non IPX routing port to an IPX routing port If this situation occurs the router stops routing IPX traffic even though the primary port has been up the whole time To restart IPX routing re enable the port When you route IPX over a Frame Relay meshed topology and configure the SAP Route Receive and Route Advertisement policies on the Frame Relay port these policies do not take effect until the SAP table is flushed When assigning IP address to virtual ports of directly connected networks it is important to ensure that the assigned address is valid As LCP supports multiple Network Control Protocols NCPs IP does n
71. lder Il bridge router chassis Replacing an M BRI board with a non M BRI board in the same slot requires that the NETBuilder Il bridge router be rebooted After the bridge router is rebooted there are no port path naming problems The Multiport M BRI module cannot be configured using SNM P The maximum physical frame size that can be forwarded by the Token Ring modules with Enterprise OS software is 4 500 bytes This software limitation affects routing source route bridging and transparent bridging The Token Ring and Token Ring modules may enter the ring at the wrong speed with certain M AU or station configurations You can manually configure the PATH BAud value to 16 000 or 4 000 to avoid this situation
72. ll other platforms with FlexWAN interfaces This includes the NETBuilder Il with the 4 port HSS module SuperStack Il NETBuilder SI PathBuilder S5xx and PathBuilder S400 devices Voice and multiservice features include voice over Frame Relay and voice over VPN These features are currently available on the PathBuilder S400 platform only Voice Over Frame Relay VoFR With Frame Relay already providing a flexible and efficient means of transferring data Voice Over Frame Relay VoFR consolidates voice and voice band data for example analog modems and fax messages with data services VoFR lowers the cost of calls while increasing the utilization of network resources and maintaining the reliability of an existing Frame Relay network With 11 4 VoFR is available in the PathBuilder S400 WAN convergence switch The VoFR capabilities will handle peer to peer end user to end user VoFR voice call signaling across the network providing real time delivery of voice signals without excessive delay Features of the 3Com implementation of VoFR m All voice payloads are encapsulated in the FRF 11 formats Voice and data share the same virtual circuit VC based on the FRE11 Annex The Use of Reserved Subchannels capabilities as authored by 3Com m Fragmentation can consume CPU processing power resulting in degraded system performance Unlike other vendors implementation of VoFR 3Com s proprietary Fragmentation Control Protocol FCP is desi
73. lue for the NetAccess parameter in the SYS Service is set to NoRemote This means that by default no remote connection attempts will be accepted by the bridge router If you are accustomed to or want to use remote access you must specifically set the value of the NetAccess parameter to Remote When RunOnBootFail is specified event based macro execution EBM E is enabled when the primary connections fail to establish within 5 minutes after the switch boots After the initial 5 minutes PortDown event processing happens at the rate of approximately one port per second When the PathBuilder S5xx series switch is configured for 2048 virtual ports it takes about 45 minutes after the system initializes for the RunOnBootFail processing to be completed on all ports If you are using a V 25bis modem with a NETBuilder boundary routing leaf node and you configure the line type explicitly as dial rather than auto be certain to also set the DialM ode to V 25bis rather than use the default of DTR When you set the DocumentPath parameter in the WebLink service to a local file drive C for example file c the Web Link assumes that access to the NETBuilder bridge router takes place only from the computer to which the file is local If Web Link is used from any other computer the browser looks on its local C drive for the help pages If the computer is a UNIX machine and these files are not present as expected unpredictable browser behavior will
74. ly Discard W RED implements an additional drop precedence based preferential discard mechanism The drop precedence value is used to determine the minimum and maximum thresholds such that packets tagged with a higher drop precedence value has a higher drop probability The drop precedence value is determined by the amount of traffic in excess of the rate limit RED congestion avoidance scheme actively manages the queue length to efficiently reduce both packet drops and queue latency resulting in lower delay and better service The random packet drop also effectively breaks up the traffic synchronization due to TCP s slow start than speed up behavior which Dial Service Features Voice amp Multiservice Features New Features and Feature Enhancements 17 may cause some flows to be locked out of bandwidth if a simple tail drop is employed when the queue becomes full However RED works well only with compliant TCP implementations that backs off when network congestion is detected It has no effect on non IP or UDP traffic RED is supported on CBQ class queues only Dial service features include increased asynchronous baud rate for the all Enterprise OS platforms In releases prior to 11 3 the maximum baud rate for asynchronous ports was 57 6 kbps With the 11 3 release the maximum baud rate has been increased to 115 2 kbps only for the OfficeConnect NETBuilder platform With the 11 4 release this feature is expanded to support a
75. mentation at any time UNITED STATES GOVERNMENT LEGENDS If you are a United States government agency then this documentation and the software described herein are provided to you subject to the following restricted rights For units of the Department of Defense Restricted Rights Legend Use duplication or disclosure by the Government is subject to restrictions as set forth in subparagraph c 1 ii for Restricted Rights in Technical Data and Computer Software Clause at 48 C FR 52 227 7013 3Com Corporation 5400 Bayfront Plaza Santa Clara California 95052 8145 For civilian agencies Restricted Rights Legend Use reproduction or disclosure is subject to restrictions set forth in subparagraph a through d of the Commercial Computer Software Restricted Rights Clause at 48 C F R 52 227 19 and the limitations set forth in 3Com Corporation s standard commercial agreement for the software Unpublished rights reserved under the copyright laws of the United States If there is any software on removable media described in this documentation it is furnished under a license agreement included with the product as a separate document in the hard copy documentation or on the removable media in a directory file named LICENSE TXT If you are unable to locate a copy please contact 3Com and a copy will be provided to you The software you have received may contain strong data encryption code that cannot be exported outside of the U S or Can
76. mpression of inbound IP datagrams is applied after the completion of all IP security processing Only dynamic negotiations of the IPComp Association IPCA via IKE and one compression algorithm LZS is supported for 11 4 Any negotiation of IPComp is always combined with a negotiation of ESP AH or both Routing Support Features New Features and Feature Enhancements 11 Tunnel Switching Between Different Tunnel Types So that tunnel switching between two sessions of different tunnel types can be easily implemented and maintained Enterprise OS software version 11 4 has been re structured to support tunnel switching from PPP over Ethernet PPPoE to PPTP and from PPPoE to L2TP Users can now dial in through a PPPoE tunnel and switch out through a PPTP or L2TP tunnel This enables the Enterprise OS device to have the flexibility of switching between tunnels of different tunnel types Routing support features include OSPF External Route Aggregation Protocol Independent M ulticast Sparse M ode PIM SM Multicast Border Router M BR IGM Pv2 Enhancements PPP over Ethernet PPPoE Virtual Router Redundancy Protocol VRRP for ATM Ethernet LAN Emulation Virtual Router Redundancy Protocol VRRP for Virtual LAN VLAN Many to One NAT Enhancement BGP 4 amp IPv6 added to multiprotocol packages for OfficeConnect NETBuilder and SuperStack Il NETBuilder SI PathBuilder S400 devices and RSVP and RSVP Proxy added to software packages for O
77. n 11 4 is an intra domain multicast routing protocol designed to resolve some of the inadequacies with these other multicast protocols PIM SM is protocol independent in that it can work with any unicast routing protocol It builds a per group or per multicast session shared multicast distribution tree centered at a rendezvous point and requires receivers to explicitly join to this shared distribution tree prior to receiving data traffic Since a shared tree mechanism could result in suboptimal paths for data traffic from a source to the receivers of a multicast session PIM SM also supports the ability to switch to a source specific distribution tree if the data traffic warrants it The implementation of PIM SM supports IPv4 in this release IPv6 is not supported in this release ENTERPRISE OS SOFTWARE VERSION 11 4 RELEASE NOTES Multicast Border Router M BR To allow sources and receivers inside multiple autonomous multicast routing domains each running a different multicast routing protocol DVM RP M OSPF or PIM SM to communicate the regions must be connected by multicast border routers M BRs The primary role of the MBR is to pull down the traffic from one domain to the another domain This M BR functionality is implemented in the Enterprise OS device to allow the efficient interoperation among independent multicast routing protocols A common forwarding cache to forward the multicast data packets has been implemented M B
78. n the Software Features table for the specific platform in 11 4 Software Packages on page 23 The upgrade kits that available to meet these memory requirements are listed in Table 16 New equipment shipped pre loaded with Enterprise OS software version 11 4 has adequate DRAM and Flash memory installed prior to shipment Table 15 Memory Requirements for OfficeConnect NETBuilder and SuperStack Il NETBuilder SI 11 4 Dual 11 4 DRAM 11 4 FLASH Image FLASH Platform Description Package ID Requirements Requirements Requirements OfficeConnect NETBuilder 10 IP IPX Router RW RE RS 16MB 4MB 8MB OfficeConnect NETBuilder IP IPX Router JW JE JS 16MB 4MB 8MB IP IPX AT Router NW NE NS 16MB 8MB 12MB M ultiprotocol Router OF OL OE OS 16MB 8MB 12MB Boundary Router BF 16MB 4MB 8MB APPN Connection AF 16MB 8MB 12MB Services Router SuperStack Il NETBuilder SI IP IPX AT Router NW NE NS 16MB 8MB 8MB M ultiprotocol Router CF CL CE CS 24MB 12MB 12MB Boundary Router BF 16MB 8MB 12MB APPN Connection AX 16MB 12MB 12MB Approved DRAM SIMMs Services Router Table 16 Order Numbers for M emory Upgrade Kits 3C of Kit Description 3C8104 4M B FLASH for OfficeConnect NETBuilder amp SuperStack Il NETBuilder SI 3C8108 8M B FLASH for OfficeConnect NETBuilder 3C8080 8M B DRAM for OfficeConnect NETBuilder 3C8105 16M B DRAM for SuperStack II NETBuilder SI Table 17 lists 3Com approved vendors of the 32 MB DRAM SIMM for upgrading the NETBuilder II DPE 4
79. nd ASCII Capture Login Banner SLAM S Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels Table 4 PathBuilder S5xx Series Switches Software Features continued Software Package Feature PW PL PE PS LNM LAA X X X X Token Ring in Fast Ethernet IOS X X X X not supported ISDN BRI ISDN PRI X X X X ISDN T1 E1 X X X X ISDN CT1 CE1 ISDN T3 E3 X X X X ISDN CT3 CE3 Data over Analog Call Originate only CSU DSU Loopback SDLC SHDLC Polled Async Bisync X X X X BSC Conversion X X X X QLLC LLC2 Conversion X X X X Frame Relay X X X X SM DS X X X X X 25 Switching Tunneling X X X X WANExtender M P6E Module Fast Ethernet 100Base X X X X ATM Module LANE PPPOE X X X X M POA Server Client ZM ODEM Support in Software Flash Load X X X LDAP Policy Engine Client X X X Auto Startup DES Crypto X X 3DES 3DES 3 KEY X RC5 Crypto X X M PPE RC4 X X X IKE IPsec KEK ISAKM P Tunnel X X Mode Fast Tunnel Policy Ul Policy Manager IPPCP IP IPX RAS Radius traps X X X X MS CHAP X X X Core Features include Bridging MLN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPv2 NTP FTP TFTP HTTP Server W eb Link W eb Link Health Monitor HTTP client PPP PAP CHAP MLP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAMS Bandwidth on Demand incoming
80. ng M LN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPv2 NTP FTP TFTP HTTP Server W eb Link W eb Link Health M onitor HTTP client PPP PAP CHAP MLP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAM S Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels Upgrade Management Utilities 43 Upgrade Management Utilities Downloading Upgrade Management Utilities UNIX Files Windows Files This section includes information about Enterprise OS software version 11 4 Upgrade Management Utilities The Upgrade Management Utilities can be executed using the command line via the GUl interface in Transcend Upgrade M anager the GUl interface in Upgrade Link or via user defined scripts The Enterprise OS software version 11 4 Upgrade Management Utilities support upgrades from NETBuilder bridge routers running version 8 x through 11 4 If you need to upgrade from version 7 x to 11 4 you need to perform the upgrade in two steps The first step requires upgrading from 7 x to 9 3 1 After the NETBuilder bridge router configuration files have been converted to 9 3 1 they can then be further upgraded to support the 11 4 release The 9 3 1 Upgrade Utilities and manual are available on the 3Com InfoDeli website The Upgrade Management Utilities are shipped on the CD ROM with every Enterprise OS software release In addition these utilities can be downloaded from the FTP site
81. nitor HTTP client PPP PAP CHAP MLP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAM S Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels OfficeConnect NETBuilder Bridge Routers The OfficeConnect NETBuilder bridge routers support the following software packages for the specified models JW IP IPX Router JE IP IPX Router with 56 bit encryption JS IP IPX Router with 128 bit encryption and 3DES BF Boundary Routing NW IP IPX AT Router NE IP IPX AT Router with 56 bit Encryption NS IP IPX AT Router with 128 bit Encryption and 3DES AF APPN Router OF M ultiprotocol Router OE Multiprotocol Router with 56 bit Encryption OL M ultiprotocol Router with 40 bit Encryption OS M ultiprotocol Router with 128 bit Encryption and 3DES 11 4 Software Packages 35 Table 6 lists the software features in each package for the OfficeConnect NETBuilder bridge routers Table 6 OfficeConnect NETBuilder Bridge Router Software Features Software Packages Feature JW JE JS BF NW NE NS AF OF OL OE OS Voice Support Analog FXO FXS Voice FAX over IP Voice FAX over Frame Relay Core Features X X X X X X X X X X X Boundary Routing central node Boundary Routing leaf node X 40 Bit Encryption IPSec X 56 Bit Encryption IP Sec X 128 Bit Encryption IP Sec gt lt x x gt lt gt lt x x gt lt IPCP X X IP
82. nks the link is still up the second network node does not allow CP CP sessions to start on the second TG After five attempts at bringing up CP CP sessions on the second TG the second TG will be flagged as not supporting CP CP sessions preventing CP CP sessions from coming up on that second TG To prevent this situation manually stop the first TG by entering the SET APPN LinkStaCONTrol LinkName Deactivate command before disabling the port path By doing this both network nodes will learn that the link has gone down at the same time and CP CP session can be activated on the second TG When you configure an APPN dependent LU requestor DLUr connection from a NETBuilder II bridge router to a 3174 cluster controller the NETBuilder Il network node and the 3174 must be on the same ring In this configuration the NETBuilder Il token ring port must be set to transparent bridging only The BSC pass through feature is limited to leased lines and cannot use dialup links Boundary Routing and NetView Service Point Configuring BSC and NCPs DLSw Circuit Balancing DLSw and CONNectUsage Parameter Default Change DLSw Prioritization DLSw and IBM Boundary Routing in Large Networks When configuring NetView Service Point in a Boundary Routing environment note that the SSCP PU session actually flows over LLC2 rather than DLSw even though the SNA PortDef parameter is defined as DLSw Asa result the session does not show up as a DLSw
83. not support SM DS When you connect to a 3174 on a token ring you may need to enable transparent bridging on the bridge router The 3174 may send exchange identification XID as a non source routed frame If you set up APPN routing in an SNA Boundary Routing configuration from a NETBuilder II bridge router to a leaf node bridge router CP CP sessions between the remote site PC and the NETBuilder II bridge router are established before you can configure the Boundary Routing configuration on the NETBuilder II bridge router However after you set the BCN CONTrol parameter for IBM traffic and enable the BCN Service the NETBuilder Il bridge router no longer receives the CP CP sessions To work around this problem first turn off BOOTP on the NETBuilder Il port at the central site An alternative work around is to configure APPN with DLSw at the central site and to use the CEC s MAC address at the remote site When parallel transmission groups TGs are configured between 3Com network nodes and both TGs support CP CP sessions a CP CP session on one TG does not switch to the other TG if the user disables the port or path This happens because both sides learn about the link failure at different times The network node with the disabled port or path learns about the link failure right away and tries to bring CP CP sessions up on the second TG However the second network node does not learn about the link failure until LLC2 times out because it thi
84. o learn complicated technologies for example ATM m Preserves the applications that have been built around Microsoft Windows Dial Up Networking DUN A simple PPPoE client driver is used with an interface and functionality familiar to the user Virtual Router Redundancy Protocol VRRP for ATM Ethernet LAN Emulation In addition to supporting Virtual Router Redundancy Protocol VRRP on Enterprise OS platforms with Ethernet Fiber Distributed Data Interface FDDI and Token Ring interfaces 11 4 now supports ATM Ethernet LAN Emulation ATM LANE LANE operates by maintaining a set of mappings from MAC addresses to ATM addresses When running VRRP on a LANE network the LANE protocol must be notified when a new master router is elected so that it can update the MAC address to ATM address mapping within the ELAN for the virtual router s MAC address In essence while running VRRP over LANE a virtual MAC address may change location from one LEC to another For more information regarding VRRP consult the Internet Drafts for VRRP draft ietf vrrp spec v2 03 txt and VRRP Operation over ATM LAN Emulation draft ietf vrrp lane 01 txt Virtual Router Redundancy Protocol VRRP for Virtual LAN VLAN In addition to supporting Virtual Router Redundancy Protocol VRRP over a physical LAN with 11 4 comes support for VRRP for the Virtual LAN VLAN A VLAN can be seen as a group of end stations perhaps on multiple physical LAN segments that
85. ot verify that the address is valid before bringing the port state up or down as there may be other protocols which are utilizing that port It is possible to have an UP port state yet have a lack of IP connectivity NAT Many to One Outbound does not translate properly when multiple addresses on LHS are specified using comma notation But NAT Many to One Outbound translates properly when multiple addresses on LHS are specified in 10 3 1 0 24 notation When the NETBuilder bridge router is configured to use TCP UDP Port M apping from port 23 Telnet to any other port number the first command executed over the session will fail due to extra characters inserted into the command string All subsequent commands issued for that session will succeed If you encounter this problem execute the command again If your network is expecting more than 4000 OSPF routes you need to set the ospfholdtime variable to 30 In Release 11 4 PIM SparseM ode does not look into the BGP routing table for RPF reverse path forwarding lookups RPF lookups for IP addresses reachable only via BGP will result in RPF failures This has the following implications m A PIM SM router will drop multicast data packets sent from a source reachable only via BGP m PIM SM Rendezvous Points which are reachable only via BGP will not get added to the local RendezvousPoint set the set of routers capable of functioning as PIM SM RPs Cisco IOS currently forwards th
86. pgrade process which appears similar to the following gt gt gt gt updating firmware boot bank A gt gt gt gt famd_blk_erase block addr less than 512K 0x10000 gt gt gt gt famd_blk_erase block addr less than 512K 0x20000 gt gt gt gt Firmware boot bank update is complete These messages do not indicate a problem and can be ignored There is a bug in the software that exhibits itself when setting the bandwidth of a QoS Policy to be 8k or lower The workaround is to assign a bandwidth greater than 8k to the policy When using the IP Quality of Service IP QoS features there are two methods for configure priority queueing The older method uses the IP Filter Service and the new method uses the IPQoS Service Assigning a priority to IP packets in IP QOS does not work For the 11 4 release if you wish to create a policy to configure priority queueing use the IP Filter Service Policy command to establish filtering policies M ultiple paths to a BootP server may cause a BootP reply to fail If a BootP reply is transmitted by a BootP server and not received by the router flush the IP Routing Remote Access Default Change Scheduler RunOnBootFail Completion V 25bis Modem Setup Web Link Documentation Path Web Link Login Support Zmodem Time Out table and re enable BootP on the port waiting for the IP address BootP must be re enabled before route update are received To increase network security the default va
87. r Netscape s FastTrack Web Server version 3 x or Microsoft s Internet Information Server IIS version 3 0 wm Client for Secure VPN Manager Web browsers that supports Java applets a Netscape Navigator 4 08 or later a Netscape Communicator 4 5 1 or later a Microsoft Internet Explorer 4 01 or later 11 4 Software Packages 23 11 4 Software The tables in this section list the features in the packages available in software Packages version 11 4 for the NETBuilder and PathBuilder platforms NETBuilder II The NETBuilder Il bridge routers are supported with the following packages Bridge Router m AC APPN Connection Services Router a DW Multiprotocol Router a DL Multiprotocol Router with 40 bit Encryption a DE Multiprotocol Router with 56 bit Encryption m DS Multiprotocol Router with 128 bit Encryption and 3DES Table 1 lists the software features of each package for NETBuilder Il bridge routers Table 1 NETBuilder Il Software Features Softw are Packages Feature AC DW DL DE DS Voice Support Analog FXO FXS Voice FAX over IP Voice FAX over Frame Relay Core Features X X X X X Boundary Routing central node X X X X X Boundary Routing leaf node 40 Bit Encryption IPSec X X X 56 Bit Encryption IP Sec 128 Bit Encryption IP Sec X IPCP IPv6 BGP X X X X VRRP Ethernet FDDI Token Ring X X X X X VRRP for DLSW X X X X X VRRP over VLAN X X X X X RSVP RSVP Proxy X X X X X Mul
88. r II M ultiprotocol Router with 40 bit Encryption DL M ultiprotocol Router with 56 bit Encryption DE M ultiprotocol Router with 128 bit Encryption with 3DES DS m SuperStack Il NETBuilder SI IP IPX AT Router with 40 and 56 bit Encryption NE SI model IP IPX AT Router with 128 bit Encryption with 3DES NS SI model M ultiprotocol Router with 40 bit Encryption CL SI model M ultiprotocol Router with 56 bit Encryption CE SI model M ultiprotocol Router with 128 bit Encryption with 3DES CS SI model m SuperStack Il NETBuilder M ultiprotocol Router with 56 bit Encryption TE Token Ring models 327 and 527 m OfficeConnect NETBuilder IP IPX Router JW IP IPX Router with 56 bit Encryption JE IP IPX Router with 128 bit Encryption with 3DES JS IP IPX AT Router with 40 and 56 bit Encryption NE IP IPX AT Router with 128 bit Encryption with 3DES NS M ultiprotocol Router with 56 bit Encryption OE M ultiprotocol Router with 128 bit Encryption with 3DES OS m OfficeConnect 10 NETBuilder Router RW Router with 56 bit Encryption RE Router with 128 bit Encryption with 3DES RS Supported Platforms Enterprise OS software version 11 4 is available for the following platforms a NETBuilder Il m SuperStack Il NETBuilder models 327 and 527 m SuperStack Il NETBuilder SI models 43x 44x 45x 46x 53x 54x 55x and 56x m OfficeConnect NETBuilder models 11x 12x K and T variants 13x 14x U
89. r II Tl STP does not select the right mode when the default value is AutoM ode Set the STP value to SRTM ode Table 13 lists asynchronous and Table 14 list synchronous modems supported by 3Com Table 13 Supported Asynchronous M odems Modems Hayes Accura 33 6 Motorola M odemSURFR 33 600 3Com USR Courier Sportster Multitech M T1932Z2DX 3Com USR Impact IQ Table 14 Supported Synchronous Modem Modem 3Com USR Courier Routing Protocols and Services Notes BGP Configuration Files This section describes notes cautions and other considerations to be aware of when using the Enterprise OS software and routing protocols and services The topics are presented in alphabetical order Prior to software version 10 1 BGP configuration files were written to flash memory every 10 SETDs ADDs or Deletes Beginning with version 10 1 BGP configurations are saved to flash memory immediately after each change which practically eliminates the need for the SAVEbgp command 3Com recommends that you pay special attention to bridge router platforms running software version 10 1 and greater with pre 10 1 releases in the same network Always enter the SAVEbgp command on any bridge router running software previous to version 10 1 to make sure that all the BGP configurations are written to flash memory Failure to do so may result in all the BGP configurations being lost after the next reboot Prior to software version 10 1 al
90. re that none exist As an alternative you can prevent the bridge from forwarding by entering the following command SETDefault BRidge CONTrol NoForward The NoForward parameter allows the hardware to filter unwanted transparent packets allows DLSw to send and receive LLC2 SNA and NetBIOS packets but prevents these and other packets from bridging The row in Table 11 labeled DLSw with port configuration SR represents DLSw ina source route only port configuration The entries in this row expand to the following Enterprise OS software configuration syntax SETDefault BRidge CONTrol Bridge NoBridge ETDefault port SR SrcRouBridge SrcRouBridge ETDefault lt port gt BRidge TransparentBridge NoTransparentBridge ETDefault lt port gt SR RingNumber number 1 4095 Ox lt number gt 1 FFF ETDefault port SR BridgeNumber number 0 15 Ox lt number gt 0 F ETDefault port SR RouteDiscovery LLC2 ETDefault port LLC2 CONTrol Enable NnNANAN NH In this configuration global bridging BRidge CONTrol can be set to either Bridge or NoBridge Transparent bridging is disabled on token ring ports source routing LAN Network Manager with NETBuilder Il Systems IBM Protocols and Services Notes 51 and route discovery are configured bridge numbers must be unique for each bridge router on the same ring and LLC2 is enabled on token ring ports Token Ring Fram
91. result When you access the Web Link application for the first time you are prompted to enter a username and password This username and password remains valid on the NETBuilder bridge router for two hours Because most browsers cache user login information it is recommended that you log out of Web Link by selecting the Logout icon on the home page A Zmodem file transfer from a PC to a SuperStack II or OfficeConnect bridge router can take a long time To minimize the possibility that the PC Zmodem software will time out during the download run the DEFRag command on the SuperStack II bridge router before beginning the file transfer The DEFRag command reclaims dirty space in flash memory Dirty space is memory that has been written on and cannot be used again until it has been erased VPN Protocols and Services Notes ACE Security Server Total Control Security and Accounting Server Availability This section describes notes cautions and other considerations to be aware of when using the Enterprise OS software with VPN protocols and services The topics are presented in alphabetical order When interoperating with the ACE Security Server for Token based login support you may need to change the RAS Retransmit Timer value to a higher value for example 7 to prevent access request time outs The Total Control Security and Accounting Server provides call authentication authorization and accounting for your Enterprise OS device
92. ring of the VPN tunnel established for remote access client to LAN connections and site to site LAN to LAN connections The application is supported only on the Windows NT Server platform currently Secure VPN Manager supports the following M icrosoft devices as tunnel initiators a Window 95 with Microsoft Windows 95 Dial Up Networking 1 3 Upgrade or later wm Window NT with Service Pack 3 and above Secure VPN M anager supportsthe following 3Com devices as tunnel initiators and tunnel terminators m PathBuilder S5xx series devices running software version 11 3 or later a NETBuilder bridge routers running software version 11 3 or later m PathBuilder S400 series devices software version 11 4 or later PKI Manager version 1 0 PKI Manager is a graphical management application to aid Enterprise OS devices in obtaining PKI certificates and Certificate Revocation Lists CRLs from various Certificate Authorities CAs PKI M anager works as a proxy between the device and the CA It is responsible for collecting the certificate requests from the devices and generating the CA specific certificate request syntax CRS which in turn is sent to the CA Once the CA issues the certificate PKI M anager will retrieve it from the CA and send it to the Enterprise OS device The CAs that are supported with this first release are Verisign and Entrust The application is supported only on the Windows NT Server platform currently ENTERPRISE OS SOFTWAR
93. ryption and 3DES m AX APPN Connection Services Table 3 lists the software features of each package for SuperStack II SI bridge routers Table 3 SuperStack Il NETBuilder SI Software Features Software Packages Feature BF NW NE NS CF CL CE CS AX Voice Support Analog FXO FXS Voice FAX over IP Voice FAX over Frame Relay Core Features X X X X X X X X Boundary Routing central node X X X Boundary Routing leaf node X 40 Bit Encryption IPSec X X X X X 56 Bit Encryption IP Sec X X X 128 Bit Encryption IP Sec X X IPCP X X X X X X X X IPv6 BGP X X X X VRRP Ethernet FDDI Token Ring X X X X X X X X VRRP for DLSW X X X X X VRRP over VLAN X X X X X X X RSVP RSVP Proxy X X X X X X X X Multicast IP PIM IGMP M BR X X X X X X X X IP OSI Connection Services IPX X X X X X X X X XNS OSI X X X X X Appletalk X X X X X X X X VINES DECnet Ph IV Ph IV V GW X X X X Core Features include Bridging M LN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPv2 NTP FTP TFTP HTTP Server W eb Link W eb Link Health M onitor HTTP client PPP PAP CHAP MLP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAM S Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels Table 3 SuperStack Il NETBuilder SI Software Features continued 11 4 Software Packages 27 Software Packages
94. s At the time of publication of these release notes the required version number of the SAS server Microsoft MPPE Patches and Updates PKI Entrust CA Installation Notes VPN Protocols and Services Notes 61 was unavailable To determine the required version refer to the online version of these release notes available on the 3Com website http infodeli 3com com infodeli tools bridrout index htm M icrosoft has acknowledged performance problems with their original implementation of M PPE You should use M SDUNI1 2c or later for Windows 95 and apply Hot Fixes in article Q162230 for Windows NT Contact your M icrosoft service provider for additional information and updates when they become available A Certificate Authority CA product can be purchased separately from Entrust This packaged CA server must be installed and configured on a Windows NT 4 0 system This package actually consists of two Entrust products Entrust PKI 4 0 Authority Admin Directory is installed on a Windows NT 4 0 server This product provides the CA server a facility to administer the CA and an optional local LDAP compliant directory that can serve as a repository for certificates and CRLs This product should be installed first Entrust PKI 4 0 VPN Connector can be installed with Entrust PKI 4 0 Authority Admin Directory on a Windows NT 4 0 server or installed separately on a Windows NT 4 0 workstation with network connectivity to the Entrust CA server Th
95. so be optionally enabled on a CBQ class queue CBQ also supports traffic prioritization Higher priority classes are serviced first classes with the same priority are then serviced based on weighted round robin Borrowing is allowed only if a class is configured to allow borrowing from its parents The network manager may define any number of CBQ classes Policies can be defined that map the DSCP in the TOS byte to a specific service class to provide the desired QoS Initial RSVP support will restrict RSVP flows to the well known RSVP service class Given the significant per packet overhead CBQ does not scale well with multi level class hierarchies and would perform best with a small number of classes in a shallow tree structure on lower speed WAN links CBQ will be supported on PPP FR ports only RED Congestion Avoidance Random Early Discard RED actively manages the queue size by dropping arriving packets using probability as follows The probability of packet drops increases as the estimated average queue size grows The average queue size is computed using a simple exponentially weighted moving average estimator RED starts dropping arriving packets when the queue size exceeds the defined minimum threshold in number of packets and the drop probability increases linearly with the queue size until the defined maximum threshold in number of packets is reached at which point all arriving packets are dropped Weighted Random Ear
96. t has already been setup for the TFTP file transfer so when subsequent fragment s arrive with no UDP header a search is made for the session by ID and the relevant IP address After the session is found the destination and source ports are known and NAT can translate BGP 4 amp IPv6 added to Multiprotocol Packages for OfficeConnect NETBuilder amp SuperStack Il NETBuilder SI amp PathBuilder S400 devices Previously BGP 4 amp IPv6 was available only on the NETBuilder Il and PathBuilder S5xx devices Starting with 11 4 BGP 4 and IPv6 are supported on the OfficeConnect NETBuilder and SuperStack II NETBuilder SI Ethernet only bridge routers as well as on the PathBuilder S400 WAN convergence switch BGP 4 and IPv6 will be available only on the multiprotocol packages for these platforms RSVP amp RSVP Proxy added to Software Packages for OfficeConnect NETBuilder amp SuperStack Il NETBuilder SI amp PathBuilder S400 devices Previously RSVP was available only on the NETBuilder Il and PathBuilder S5xx devices Starting with 11 4 RSVP and RSVP Proxy are supported on the OfficeConnect NETBuilder and SuperStack II NETBuilder SI Ethernet only bridge routers as well as on the PathBuilder S400 wAN convergence Switch Traffic shaping and Quality of Service QoS features include Bandwidth on Demand with Incoming Traffic and IP Quality of Service IPQoS Bandwidth on Demand with Incoming Traffic Bandwidth on Demand is a facility tha
97. t provides supplementary bandwidth above the normal bandwidth levels specified by the user whenever traffic congestion is detected In previous releases only the transmitted traffic load was used to control this feature with the 11 4 release incoming traffic is also monitored The need to monitor incoming traffic for Bandwidth on Demand appears in such situations as when a router that is connected to an ISP downloads a web page The incoming traffic bandwidth consumption would be high it would be desirable at this point to add more bandwidth to accommodate the desired burst in traffic IP Quality of Service IPQoS With the enormous growth in network traffic robust QoS is required to ensure mission critical and real time application traffic will get adequate network resources to traverse the network regardless of the competing demands for bandwidth by other applications Policy based QoS management will enable network managers to control bandwidth allocation and service levels on IP traffic flows Traffic flows can be metered and policed on a per policy base to ensure its bandwidth consumption does not exceed the defined rate limits When multiple flows are aggregated into a service class rate limiting protects conforming flows from the aggressive flows hogging network resources that may lead to a denial of service Flows can also be policed to ensure correct marking of the IP TOS byte in the IP header as per policy New Features and Featur
98. the ASCII Boot feature and LoadConfigs is new with the Enterprise OS software version 11 4 If the OfficeConnect bridge router fails to complete the boot cycle and enters a boot cycle loop for example if the boot image is corrupted press the ESC key to interrupt the boot cycle and enter monitor mode To use the Enterprise OS software version 11 4 Autostartup feature you must upgrade the remote node the central site and if you are using the 3Com BootP server you must upgrade that as well Autostartup supports a non 3Com BootP server if the remote node is identified by its MAC address The 3Com BOOTP Server for Windows does not read the bootptab file for any date greater than 2000 The problem resides in Microsoft s system libraries A patch can be downloaded from M icrosoft This patch can be found at the following URL Capturing Commands to boot cfg File Change Configuration and Diagnostic Menu CPU Utilization Statistic File System Error Firmware Configuration Firmware Update IP Quality of Service Bandwidth IP Quality of Service Configuration Multiple Paths to BootP Server Network Management System and Services Notes 59 http w ww microsoft com windows95 downloads default asp When using Capture to save commands to the boot cfg the commands are not immediately written to the boot cfg file A system crash or reboot may occur at a time when commands that have been executed have not been written to the boot
99. the egress VLAN port the IP TOS value will determine the 802 1P priority of the outgoing packet based on the default or user configured mapping IP traffic can also be classified via a QoS policy to be tagged with a specific 802 1P priority 16 ENTERPRISE OS SOFTWARE VERSION 11 4 RELEASE NOTES wm Class Based Queuing CBQ Management Class Based Queuing CBQ is a link sharing packet scheduler which is an enhanced version of the existing Protocol Reservation queuing policy It performs priority scheduling and supports specific traffic class characteristics such as the average transfer rate It supports a hierarchy of service classes each associated with a set of QoS attributes such as average rate priority and max delay and a packet queue to hold packets marked for the service class CBQ provides weighted based on the allocated bandwidth round robin scheduling when the class is not congested but switches to the link sharing mode during periods of congestion It regulates each class queue to its allocated bandwidth but allows a congested class to borrow bandwidth from its under utilized parent class When a class queue builds up due to packet arriving at higher rate than the class s allocated bandwidth CBQ employs a packet drop policy to manage the queue length latency By default the simple tail drop is invoked to discard the most recently arrived packet for the congested queue class The more effective RED dropper can al
100. ticast IP PIM IGMP MBR X X X X X IP OSI Connection Services X IPX X X X X X XNS OSI X X X X X Appletalk X X X X X VINES DECnet Ph IV Ph IV V GW X X X X DLSW X X X X X NetView Service Point X X X X Core Features include Bridging M LN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPv2 NTP FTP TFTP HTTP Server W eb Link Web Link Health Monitor HTTP client PPP PAP CHAP MLP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAM S Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels Table 1 NETBuilder II Software Features continued Software Packages Feature AC DW DL DE DS BRITSS X X X X APPN X LNM X X X X X LAA X X X X X Token Ring in Fast Ethernet IOS X X X X X not supported ISDN BRI X X X X X ISDN PRI X X X X X ISDN T1 E1 ISDN CT1 CE1 ISDN T3 E3 ISDN CT3 CE3 Data over Analog Call Originate only CSU DSU Loopback SDLC SHDLC Polled Async Bisync X X X X X BSC Conversion X X X X QLLC LLC2 Conversion X X X X Frame Relay X X X X X SM DS X X X X X X 25 Switching Tunneling X X X X X WANExtender X X X X X MP6E Module X X X X X Fast Ethernet 100Base X X X X X ATM M odule LANE X X X X X PPPOE X X X X X M POA Server Client X X X X X ZM ODEM Support in Software X X X X X Flash Load LDAP Policy Engine Client X X X X X Auto Star
101. tup DES Crypto X X 3DES 3DES 3 KEY X RC5 Crypto X X M PPE RC4 X X X IKE IPsec KEK ISAKM P Tunnel X X Mode Fast Tunnel Policy Ul Policy Manager IPPCP IP IPX RAS Radius traps X X X X Core Features include Bridging M LN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPv2 NTP FTP TFTP HTTP Server Web Link Web Link Health M onitor HTTP client PPP PA P CHAP MLP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAM S Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels 11 4 Software Packages 25 Table 1 NETBuilder Il Software Features continued Softw are Packages Feature AC DW DL DE DS M S CHAP X X X EAP Authentication X X X X VPN PPTP L2TP L2TP FP Tunnel X X X X X Switch PPTP L2TP R2R VLL IP Routing FireWall NAT Proxy X X X X X ARP DHCP DHCP Proxy Traffic Director Internal IP Ports IPQoS IP OSPF X X X X X IPX NLSP X X X X X Virtual Ports 512 512 512 512 512 Restricted Number of DHCP Addresses M ax Physical Voice Ports M ax Physical Data Ports 128 128 128 128 128 Memory Requirements DRAM 40 80 MB 40 80MB 40 80MB 40 80MB 40 80 MB Flash memory Minimum required 10 MB 10MB 10MB 10MB 10 MB for Enterprise OS 11 4 Flash memory Minimum required 20MB 20MB 20 MB 20 MB 20 MB for Dual Images Core Features include Bridging MLN amp SRTG in NBIl Te net RADI
102. ut the software the guides or these release notes contact 3Com or your network supplier For information on the command syntax used in these release notes see About This Guide in Using Enterprise OS Software Encryption Packages Notice b Part No 86 0621 000 Published January 2000 The Enterprise OS software version 11 4 may contain strong data encryption that cannot be exported outside the United States or Canada It is unlawful to export re export or transfer either physically or electronically the encryption software or accompanying documentation or copies thereof or any product s utilizing the encryption software or such documentation without obtaining written authorization from the US Department of Commerce Do not place Enterprise OS version 11 4 packages with encryption on networks or servers that are accessible to users outside of the U S and Canada Software packages with encryption include the following m PathBuilder S5xx series switch M ultiprotocol Router with 40 bit Encryption PL M ultiprotocol Router with 56 bit Encryption PE M ultiprotocol Router with 128 bit Encryption with 3DES PS m PathBuilder S400 switch M ultiprotocol Router with 40 bit Encryption ML M ultiprotocol Router with 56 bit Encryption M E M ultiprotocol Router with 128 bit Encryption with 3DES M S IP IPX AT Router with 40 and 56 bit Encryption XE IP IPX AT Router with 128 bit Encryption with 3DES XS a NETBuilde
103. v6 BGP VRRP Ethernet FDDI Token Ring X X X VRRP for DLSW VRRP over VLAN X X X RSVP RSVP Proxy X X X X X X gt lt gt lt gt lt x gt lt gt lt gt lt gt lt x x x gt lt gt lt gt lt gt lt x x x x lt gt lt x x x x x x lt gt lt x x x x x x x x Xx M ulticast IP PIM IGMP M BR X X X IP OSI Connection Services IPX X X X X X X X X XNS OSI Appletalk X X X X VINES DECnet Ph IV Ph IV V GW DLSW X X NetView Service Point gt lt x gt lt x x x x lt gt lt x x x x x x lt gt lt x gt lt x x x x lt gt lt x x x x x x lt BRITSS X APPN X LNM LAA X X X X Token Ring in Fast Ethernet IOS X X X X X X X X X X X X not supported ISDN BRI X X X X X X X X X X X X ISDN PRI ISDN T1 E1 X X X X X X X X X X X X ISDN CT1 CE1 ISDN T3 E3 Core Features include Bridging MLN amp SRTG in NBII Telnet RADIUS Authentication IP RIP IP RIPV2 NTP FTP TFTP HTTP Server W eb Link W eb Link Health Monitor HTTP client PPP PAP CHAP M LP CCP X 25 Dial ASCII Boot and ASCII Capture Login Banner SLAMS Bandwidth on Demand incoming SLAM Autotargeting Domain Name Support NHRP for IP tunnels Table 6 OfficeConnect NETBuilder Bridge Router Software Features continued Softw are Packages F
Download Pdf Manuals
Related Search