Configuring Security Level, Overview | Enterasys Networks CSX7000

CONFIGURING SECURITY LEVEL

OVERVIEW

The CyberSWITCH offers the following levels of network security: no security, device level security, user level security, or device and user level security. The network security level determines the type of security you want activated on your network. As the name implies, no security is used if you configure your network security level as “no security.” Device level security and user level security provide a flexible amount of security, but each secure a different entity:

•Device level security is an authentication process between internetworking devices. The authen- tication happens automatically without any human intervention.

•User level security is an authentication process between a specific user and a device. In contrast to the device level security, this authentication process is performed interactively.

The combination of both device and user level security supports user authentication on top of device level authentication. Often referred to as multilevel security, this option increases the security on your network. First, authentication takes place at the device level. If the system meets these requirements, then user level security begins by telneting to the appropriate authentication server.

Note: The default value on your initial configuration is device level security, with all security options enabled.

The following picture illustrates two different levels of security. The picture on the left represents User Level Security. The users, not the devices, are authorized before they are allowed access. This would be advantageous, for example, for a user traveling to different areas, using different devices, but still needing access. No matter what device the user is on, the user can be authenticated.The picture on the right represents device level security. The devices are authenticated before access is allowed, no matter who the specific user may be. The device level authentication process is transparent to the user.

Image 164

Enterasys Networks CSX7000, CSX5500, CSX6000 manual Configuring Security Level, Overview

Contents

USER’S Guide Virus Disclaimer Trademarks DOC Notice Contents Software Overview Hardware Installation Configuration Tools Cfgedit Security Overview Configuring System Options and Information Configuring Off-node Server Information Configuring Encryption Configuring Advanced Bridging Configuring IPX Central Site Remote Access Switch Configuring Snmp Configuring Other Advanced Options Verifying the Base System Verifying Routing Protocols LCD Messages System Commands System Statistics Routine Maintenance Cfgedit Map Using this Guide Documentation SET Cfgedit MAP Guide Conventions Cfgedit Screens User’s Guide CyberSWITCH System Overview Cyberswitch Unique System Features Hours of Usage USER’S Guide Central Site Remote Access Switch Interoperability Protocols Interoperability OverviewRadius Interoperability Devices Link Layer Encryption OverviewNetwork Layer Security Overview Network Interface Overview Isdn System Components Remote Isdn Devices Switches Supported Platform Number Main Speed Slots Hardware OverviewSystem Platforms CSX5500 System Platforms EMI To reduce the risk of electrical shock or energy hazards CSX6000 Cleaning the CSX6000 AIR Filter To reduce the risk of electrical shock or energy hazards CSX7000 Disk Drives Number of 1/3 height IDE disk drives supported NE 2000-II a Network Express Platform Front View Platform Characteristics NE 4000 a Network Express Platform USER’S Guide NE 5000 Platform a Network Express Platform Cleaning the NE 5000 AIR Filter EMI Hardware Characteristics System AdaptersEthernet Adapters Mtbf Basic Rate Adapters 75000hrs PRI-23 Primary Rate AdaptersPRI-8 PRI-23/30 Jumper Usage PRI-8, PRI-23, and PRI-23/30 Connection Expander Adapter Adapter 35 Pin Data Set Ready No Connect Gnd Signal Return No Connect Ring IndicatorTransmit Clock Receive Data No Connect With error control With error control and data compressionDigital Modems With data compression DM-8 LSI Logic LR33000RISCMvip DM-24 Encryption Adapter Administration Software Software OverviewOverview System Software Configuration Files System Files Operational Files User Level Security Files System Installation Accessing the CyberSWITCH Ordering Isdn Service US only Ordering NI-1 Lines Using EZ-ISDN CodesOrdering NI-1 Lines Using NI-1 Isdn Ordering Codes Ordering BRI Isdn Lines Using Provisioning Settings Provisioning Settings for AT&T 5ESS Switches NI-1 AT&T Custom Point-to-Point AT&T 5ESS NI-1 Service UnrestrictedCSV limit CSV NB limit CSD limit CSD NB limit Provision Settings for Northern Telecom DMS-100 Switches CSV limitAny CSD limit PVC Basic Information for Ordering PRI Isdn Lines Number of call AppearancesVersion Functional Yes US Only Type of Switch DisabledOption Local Bell Operating Company Sprint Hardware Installation PRE-INSTALLATION RequirementsChoose a suitable setup location Verify system power requirements Verify administration console requirements Provide a diskette for configuration backupIf you are installing only WAN adapters If you are installing WAN adapters and DM adapters Adapter Settings If you are installing WAN adapters and an Encryption adapter Adapter Interrupt and I/O Address Settings Configured Slot Interrupt Jumper Address Switch Setting SW1 DM-24 Adapter Interrupt and I/O Address Settings SW2 SW3 Encryption Adapter Settings Mvip SettingsDES/RSA Adapter OFF Top Left Top Pair Right Pair Additional Adapter SettingsLine Type Settings J10 J11 J12 J13 J14 PRI-23 Clock SettingsJumper Jumper Setting North American JP1 JP3JP6 JP9 Mvip Inserting the Adapters Into the Cyberswitch Connecting Adapter INTER-BOARD Cables Connecting Multiple Adapters Flat Bus Ribbon Cable Connecting a WAN Adapter to the LCD Summary of Guidelines Direct Connection Accessing the CyberswitchMaking Connections DCD DTR DSR RCV Xmit GND RTS CTS NULL-MODEM Connection to a PC Remote Connection Using Telnet On the CyberSWITCH side On the remote administration console sideRemote Connections Modem to Modem COM1 From Cfgedit Options, select Default Async Protocol Establishing AN Administration Session Accessing the Release Notes Installing Software Upgrading System Software Couldn’t open the file C\SYSTEM\PLATFORM.NEI Local Upgrade Upgrading System Software Remote Upgrade Accessing the Release Notes Basic Configuration Configuring Basic Bridging Configuration Tools Cfgedit Dynamic Management Executing CfgeditSaving Cfgedit Changes Executing Dynamic Management Utility Dynamic Management Commands Saving Dynamic Management Changes Using the Network Worksheets Using the Configuration Chapters Resources Configuring Resources and LinesConfiguring Resources Using Cfgedit Resource Configuration Elements Resource Background Information PPP Configuring Lines Using Cfgedit Lines CommonChannel Characteristic PRI/T1 lines E1 lineMultiframe CRC Select Change from the Data Lines menu of Physical Resources Line Configuration Elements Auto TEI DMS100 custom NI-1 Switch Type Number of Data Number of SPIDsDirectory Numbers Directory Numbers Line Encoding Commport Information Line Background Information Configuring a Subaddress Using Cfgedit Subaddress Configuration ElementsSubaddresses Subaddresses Background Information Configuring Basic Bridging ENABLING/DISABLING Bridging Using CfgeditSelect Enable/Disable Bridging MAC Layer Bridging Configuration Elements MAC Layer Bridging Background Information Internet Protocol IP Option Configuring Basic IP RoutingEnabling IP Using Cfgedit IP Operating Mode IP Option Configuration ElementsConfiguring the IP Operating Mode Using Cfgedit IP Background Information IP Operating Mode Configuration Elements IP Operating Mode Background Information Configuring Interfaces Using Cfgedit IP Network Interfaces USER’S Guide Network Interface Configuration Elements MTU Transmit Broadcast IP Address Default switch for numbered WAN interfaces IP RIP Receive Control IP Network Interface Background Information IP Network Interface Type Associated Remote Device IP Host RFC1294WAN Direct Host IP Host RFC1294 Hdlc Bridge USER’S Guide Example 1 LAN, WAN and WAN Direct Host Interfaces Example 2 LAN, WAN UnNumbered, WAN Remote LAN Interfaces IP RIP and the IP Network Interfaces Isdn Isdn IP RIP Over Dedicated Connections Isdn Proxy ARP Redundant Configurations for BackupNetwork Flattening Secondary IP Addressing Example IP Host Communications in Flattened Networks Configuring Static Routes Static Routes IP address for the destination network or host Static Route Configuration Elements Central Site Remote Access Switch Isdn Static Route Background Information Default Route Configuration Elements Default RoutesConfiguring Default Routes ENABLING/DISABLING IP RIP Using Cfgedit Routing Information Protocol RIP Option IP RIP Configuration Elements IP RIP StatusIP RIP Background Information LAN Configuring Security Level Security and Encryption Options Security Overview Security Level System Options and Information Device Level Databases OFF-NODE Server Information Network Login InformationUser Level Databases Configuring Security Level Database Device Level User Level Administration Security On-Node Yes Configuring no Security Using Cfgedit No Security Device Level Security Background Information Configuring Device Level Security Using CfgeditDevice Level Security User Level Security Background Information Configuring User Level Security Using CfgeditUser Level Security User Level Security Isdn Responding to Login Prompts Making a Telnet Connection Configuring Device and User Level Security Using Cfgedit Device and User Level SecurityTacacs ACE Device and User Level Background Information System Options Configuring System Options and InformationConfiguring System Options Using Cfgedit System Options Configuration Elements System Options Bridge MAC Calling Line Id Authentication Address PAP Chap System Options Background Information PAP Chap Configuring System Information Using Cfgedit System Information Configuration ElementsSystem Information Optional Calling Line Id System Information Background Information Administrative SessionConfiguring Administrative Sessions Using Cfgedit Administrative Session Configuration Elements Administrative Session Background Information Emergency Telnet Server Port Number Background Information ON-NODE Device Database Configuring Device Level DatabasesConfiguring AN ON-NODE Device Database Configuring ON-NODE Device Entries ON-NODE Device Entries On-node Device Entries No pvc configured for Device DAN SVC None 0.0 IP SubNetwork number ON-NODE Device Database Configuration Elements Base Data Rate Frame Relay Access Configuration Elements Chap Secret Outbound Authentication RIP/SAP Appletalk Information Configuration Elements Bridge Information Configuration Elements ON-NODE Device Database Background Information Bridging with Hdlc Bridge Devices Line Id Security Mode On-node Device Table Configuration DataIP Routing with Hdlc Bridge Devices PAP or Chap IP Routing with PPP IP Devices Using IpcpIP Routing with IP Host Devices RFC1294 IP Routing with PPP Bridge Devices Using BCP Bridging with PPP Bridge Devices Using BCPPAP Password or Configuring OFF-NODE Device Database Location Using Cfgedit OFF-NODE Device Database Location OFF-NODE Device Database Location Configuration Elements OFF-NODE Device Database Location Background Information Configuring Authentication Database Location Using Cfgedit Configuring User Level DatabasesUser Level Authentication Database Location Database Telnet Port Number Configuring OFF-NODE Server Information Multiple Administration Login NamesName John Doe Name mynode1 Address Remote Office1 Type communications server CSM Authentication Server Configuring CSM Authentication Server Configuring a Radius Authentication Server CSM Authentication Server Configuration ElementsCSM Authentication Server Background Information Is SHAREDSECRET1234 Radius Authentication Server Configuration Elements Radius Authentication Server Background Information Configuring a Radius Accounting Server Select 5 Off-node Server Information Return to the Off-node Server Information Menu Radius Accounting Server Configuration Elements Radius Accounting Server Background Information Enabling Radius Type Using Cfgedit Radius RFC2138 Radius Type Configuration Elements Configuring the Dynamic Device Option Using CfgeditDynamic Device Option Radius Type Dynamic Device Configuration Elements Tacacs Authentication Server Configuring a Tacacs Authentication Server Tacacs Authentication Server Configuration Elements Tacacs Authentication Server Background Information ACE Authentication Server Configuring AN ACE Authentication Server ACE Authentication Server Configuration Elements ACE Authentication Server Background Information Configuring General Network Login Information Using Cfgedit Configuring Network Login InformationNetwork Login General Configuration Select the type of authentication desired Configuring Network Login Banners Using Cfgedit Network Login BannersNetwork Login General Configuration Background Information Configuring Radius Server Login Information Using Cfgedit Login Configuration Specific to Radius ServerNetwork Login Banners Background Information Login Configuration Specific to Radius Server Login Configuration Specific to Tacacs Server Configuring Tacacs Server Login Information Using Cfgedit Login Configuration Specific to Tacacs Server USER’S Guide Configuring Encryption ConfigurationConfiguring AN Encryption Adapter Using Cfgedit Select Add a Resource Select IP Security Associations Select Add. Respond to the following series of questions Configuring Link Layer Encryption PPP Encryption only Select Device Level Databases Select On-node device entries Encryption Configuration Elements Final Destination IP Address Encryption Background Information IP Network Layer Encryption 12345678 8888CCCC 8888CCCC 12345678 Link Layer Encryption Isdn Interaction with Other Features For IP Layer encryption For Link Layer encryption Advanced Configuration Configuring Alternate Accesses Configuring a Dedicated Access Using Cfgedit Configuring Alternate AccessesDedicated Accesses Dedicated Access Configuration Elements Dedicated Access Background Information Accesses Configuring AN X.25 Access Accesses USER’S Guide Configuration Elements Lapb Configuration Elements Timers Maximum Window Size Nonstandard Default Transmit Window Size PVC Configuration Elements Access Background Information B1 B2 Select Access Information Frame Relay AccessesConfiguring a Frame Relay Access Select Add a PVC Frame Relay General Configuration Elements Frame Relay PVC Configuration Elements LMILMI Format Dlci Value PVC Name Frame Relay Access Background Information Local Management Interface Overview Allowed Not Allowed Configuring Advanced Bridging Bridge Dial OUT Under ISDN, select Dial Out Phone Number Configuring Spanning Tree Protocol Using Cfgedit Spanning Tree Protocol Spanning Tree Protocol Configuration Elements Spanning Tree Protocol Background Information Bridge Mode of Operation Configuring the Bridge Mode of Operation Using CfgeditBridge Mode of Operation Configuration Elements Bridge Mode of Operation Background Information Configuring Bridge Filters Using Cfgedit Bridge Filters Protocol Definition Commands Source MAC Filter Commands Packet Data Filter Commands Destination MAC Filter CommandsProtocol Filter Commands Bridge Filter Configuration Elements Lsap in HEX Filter Destination MAC Bridge Filters Background InformationFilter Type Maximum Number of Each Unrestricted Mode Bridge Filters Source Discard Connect Destination Protocol Packet Central Site Remote Access Switch Filter Action Distribution Result List Packet matching this filter will not be forwardedOn any LAN port. The packet will be sent to remote Sites connected over the WAN according to On LAN port 1. The packet will be sent to remote Sites connected over the WAN and to LAN portAccording to the normal learning bridge methods On LAN port 2. The packet will be sent to remote Restricted Mode Bridge Filters Restricted Mode Forwarding Action Central Site Remote Access Switch Filter Distribution Result Action List Packet matching this filter will only be forwardEd on the LAN ports. The packet will not be sent to Any remote sites connected over the WAN Ed on LAN port 1. The packet will not be sent to re Mote sites connected over the WAN or to LANPort Ed on LAN port 2. The packet will not be sent to re Packet matching this filter will be discarded on LAN ports. The packet will be sent to allPacket matching this filter will be discarded to Remote sites connected on the WAN. The packet Configuring a Destination MAC Address Filter Preliminaries Discard Connect Configuring the Known Connect List Known Connect List Known Connect List Configuration Elements Known Connect List Background Information Configuring Advanced IP Routing Static ARP Table Entries Configuring Static ARP Table Entries Using Cfgedit Static ARP Table Entries Configuration ElementsStatic ARP Table Entries Select Static ARP Table Entries from the IP menu Isolated Mode Static Route Lookup VIA Radius Static Route VIA Radius Configuration Elements Configuring AN IP Address Pool Using CfgeditIP Address Pool Configuration Elements IP Address Pool IP Filters IP Address Pool Background Information Initiating the IP Filter Configuration Using Cfgedit Configuring Packet Types Using Cfgedit TCP UDP Icpm Specify a control value any, established, or not established Select Icmp Type Configuring Forwarding Filters Select Add a Forwarding Filter Configuring Connection Filters Configuring Exception Filter Select Apply Global Forwarding Filter Applying FiltersSelect IP Interfaces IP Filters Configuration Elements TCP and UDP Ports IP Filters Background Information NEQRange Packet Types Forwarding Filters Connection Filters Exception Filters Application to Network Interfaces Common Portion Limitations Example of AN IP Filter Configuration FTP WWW Sfvra Forward Configuring a Dhcp Relay Agent Using Cfgedit Dhcp Relay Agent Dhcp Configuration Elements Dhcp Background Information Bridge to Bridge Environment Router to Bridge Environment IP Router to IP Router with Relay Agents on both USER’S Guide Remote Bridge to IP Router w/Relay Agent = WAN Rlan Select Dhcp Proxy Client Configuring the Dhcp Proxy ClientDhcp Proxy Client Dhcp Proxy Client ENABLE/DISABLE Flag Sample Configuration IP Router with Dhcp Proxy Client Security Associations Configuration for IP Router ChloeConfiguring Security Associations Using Cfgedit DNS and Netbios Addresses Configuring DNS and Netbios Addresses Using Cfgedit DNS/NBNS Configuration Elements DNS/NBNS Background Information Configuring IPX Configuring IPX Information IPX Routing Option ENABLING/DISABLING IPX Using CfgeditIPX Option Configuration Element Configuring the IPX Internal Network Number Using Cfgedit IPX Internal Network Number Configuration ElementIPX Internal Network Number IPX Option Background Information IPX Network Number Background Information Configuring IPX Network Interfaces Using CfgeditIPX Network Interfaces Displays the current IPX network interface data IPX Network Interface Configuration Elements SAP IPX Network Interface Configuration Elements IPX Network Interface Background Information IPX Routing Protocols Configuring IPX Routing Protocols Using CfgeditIPX Routing Protocol Configuration Elements IPX Routing Protocol Background Information SAP Special Considerations Remote LAN Interface Configuring IPX Static Routes Using Cfgedit IPX Static Routes IPX Static Routes Configuration Elements IPX Static Routes Background Information IPX Netware Static Services Configuring IPX Netware Static Services Using Cfgedit IPX Netware Static Services Configuration Elements IPX Spoofing IPX Netware Static Services Background InformationConfiguring IPX Spoofing Using Cfgedit IPX Spoofing Configuration Elements IPX Spoofing Background Information Watchdog Protocol IPX Type 20 Packet Handling Configuring IPX Type 20 Packet Handling Using CfgeditIPX Type 20 Packet Handling Configuration Elements IPX Isolated Mode Configuring IPX Isolated Mode Using CfgeditIPX Isolated Mode Configuration Elements IPX Isolated Mode Background Information Configuring Triggered RIP/SAP Global Timers Using Cfgedit Displaying WAN Peer List Triggered RIP/SAP Background Information Configuring IPX Devices IPX-SPECIFIC Information for Devices IPX-Specific Information for Devices Remote LAN Devices Enable Bridging and disable Make calls for bridge data IPX Configuration Elements for Devices None IPX Background Information for Devices Configuring Snmp Configuring Snmp Configuring Snmp Snmp Configuration Elements Snmp Background Information WAN Central Site Remote Access Switch Using Cabletron NMS Systems CT-CONTAINER-MIB CT-WAN-MIB CTMIB2-EXT-MIB Appletalk Routing Option Configuring Appletalk RoutingEnabling Appletalk Routing Using Cfgedit Appletalk Routing Option Configuration Element Configuring Appletalk Ports Using CfgeditAppletalk Ports Appletalk Routing Background Information Appletalk Ports Configuration Elements Appletalk Ports Background Information Overview Configuration Configuring Appletalk Static Routes Using CfgeditAppletalk Static Routes Considerations Appletalk Routing Static Routes Configuration Elements Configuring Appletalk Capacities Using CfgeditAppletalk Capacities Configuration Elements Appletalk Capacities Appletalk Isolated Mode Configuring the Appletalk Isolated Mode Using CfgeditAppletalk Isolated Mode Configuration Elements Appletalk Capacities Background Information Configuring Call Control Call Control Menu Configuring the Throughput Monitor Throughput Monitor Throughput Monitor Configuration Elements Throughput Monitor Background Information Condition Trigger Number Window Size Utilization 90% Underload Condition Monitoring USER’S Guide Call Interval Parameters Monthly Call Charge Monthly Call Charge Configuration Elements Configuring Call Restrictions Using CfgeditCall Restrictions Monthly Call Charge Background Information Call Restriction Configuration Elements Maximum Calls PER DAY Maximum Call Minutes PER Month Call Restrictions Background Information Configuring Bandwidth ReservationBandwidth Reservation Bandwidth Reservation Bandwidth Reservation Configuration Elements Select Bandwidth Reservation Bandwidth Reservation Background Information Configuring Semipermanent Connections Using CfgeditSemipermanent Connections Semiperm Semipermanent Connections Background Information Semipermanent Connections Configuration ElementsCall Device Commands Call Restrictions Throughput Monitor Configuring CSM for Call Control Using Cfgedit CSM AS a Call Control Manager Call Control Management Select D Channel Callback Configuring D Channel Callback Using CfgeditChannel Callback Channel Callback Configuration Elements Channel Callback Background Information Digital Modem Inactivity Timeout Modem Inactivity Timeout Configuration Elements Modem Inactivity Timeout Background Information Configuring Other Advanced Options Configuring for a Digital Modem Using CfgeditDigital Modem For IP routing Digital Modem Background Information For IPX routingFor AppleTalk routing Digital Modem Default Async Protocol PPP Mode Using Cfgedit Default Async Protocol Configuration Elements Terminal Mode Using CfgeditCall Disconnect Using Cfgedit Data Timeout Value Autosense Feature PPP Configuration Elements PPP ConfigurationConfiguring PPP PPP Configuration PPP Background Information Default Line Protocol Configuring Default Line Protocol Using Cfgedit Default Line Protocol Configuration Elements Default Line Protocol Background InformationConfiguring LOG Options Using Cfgedit LOG Options From Log Options, select Authentication Message DA log LOG Options Configuration ElementsSelect Add a Syslog Server From Log Options, select Call Detail Recording UDP Port LOG Options Background Information Central Site Remote Access Switch System Messages CDR Log Report Event Report Contents Call Detail Recording Events Record Connect/Term Connect Event Report Contents Disconnect/Term Disconnect Event Report Contents Reject Event Report Contents Term Succ Event Report ContentsTerm Fail Event Report Contents System Up Event Report Contents Compression Options Verify Event Report ContentsConfiguring Compression Options Using Cfgedit Compression Options Configuration Elements Compression Options Background Information Central Site Remote Access Switch Tftp Background Information Configuring TftpTftp Configuration Elements File Attributes Configuring File AttributesFile Attributes Configuration Elements File Attributes Background Information Verification and Diagnosis ARP WAN Adapter INITIALIZED? Verifying the Base SystemHardware Resources OPERATIONAL? To correct the problem, try the following LAN Adapter INITIALIZED? WAN Lines Available for USE? Verifying WAN Line Availability Dedicated Serial Connections LAN Connection OPERATIONAL? IP Router INITIALIZED? Try the following to correct the problemBridge INITIALIZED? Remote Device Connectivity Set-up Security Rejection-Invalid Calling Line Id # MULTI-LEVEL Security To verify multi-level security IP Host Mode DisabledIP Host Mode OPERATIONAL? IP Host INITIALIZED? Try the following Alternate Accesses Dedicated Connections Frame Relay Connections Connections A Terminal Server Menu IP Routing Over a LAN Interface Verifying Routing ProtocolsIP Routing OPERATIONAL? IP Routing Over a WAN Interface Ping 192.100.1.1 return IP Routing Over a WAN Direct Host Interface 100.0.0.1 100.0.0.0 Host B 100.0.0.3 Host a 100.0.0.2 IP Routing Over a WAN Remote LAN Interface IP Routing Over a WAN Unnumbered Interface IP Filters Ip filter trace discard return IP RIP INITIALIZED? If you are still experiencing problemsIp filter trace off return IP RIP Output Processing on a LAN Interface IP RIP Input Processing on a LAN Interface IP RIP Output Processing on a WAN Interface IP RIP Input Processing Operational on a WAN Interface IPX IPX Router INITIALIZED? IPX Routing OPERATIONAL? IPX Routing Over a LAN Connection IPX Remote LAN Connection Xxxx IPX Routing Over a WAN Connection Triggered RIP/SAP Ipx trigreq device Appletalk Routing OPERATIONAL? Appletalk RoutingAppletalk Routing INITIALIZED? Appletalk Routing Over the LAN Connection Atalk port Appletalk Routing Over a WAN Connection USER’S Guide Verifying System Options Snmp USER’S Guide Dial OUT Set Up Call Detail Recording Compression Peer Protocol-Rejects CCP CyberSWITCH does not have Compression EnabledReserved Bandwidth Verifying the Relay Agent is Enabled Verifying Dhcp Relay Agent Initialization Verifying the Relay Agent is Operational USER’S Guide Verifying the Proxy Client is Enabled Verifying Dhcp Proxy Client Initialization Verifying the Proxy Client is Operational Ip addrpool return Modem Callback Verifying a Semipermanent Connection Proxy ARP Proxy ARP Troubleshooting LCD Messages LCD Messages LCD Message GroupsInitialization LCD Message Normal Operation LCD Messages Error LCD Messages LCD Message Groups Auto Over Max Charge System Messages Error Messages Informational MessagesInitialization Messages Normal Operation Messages Port LAN Adapter, operating in remote mode only Port LAN Adapter, operating in local and remote modeCall has exceeded the configured maximum duration System Message Summary Acct Warning code Timeout Adapter #’x’ failed to respond from bootstrapActivation Failure- Session not active Adapter does not respond adapter #’x’ Attempting to load FileName for Upgrade Attempt to initialize unconfigured DM card in slot slot #Auth ACE Could not create service file Auth ACE Could not write service file Auth ACE Error receiving server log message acknowledgment Auth ACE Login rejected user user nameAuth ACE Node verification received Client initialized Auth Radius Chap rejected for device device name Auth Radius Login rejected device device name Auth Radius IP Host rejected IP Host id IP host IdAuth Radius IP Resolve rejected IP Address IP address Auth Radius PAP rejected device device name Auth Tacacs Login rejected user user name Auth Warning code 0001 TimeoutAuth Warning code 0004 No authentication node available Auth Warning code 0007 Authentication mode mismatch Booting System Software Bootstrap came alive on DM card in slot slot #Bootstrap came alive on WAN card in slot slot # Bad auth result in smgrauthaanotify for device device name Call Restrictions have been disabled by user command Calculating CRC’sCallback type call back type ID is not currently supported CallID in use in Hostcallrequest Call Restrictions have been enabled by user command Call Restriction statistics reset for new dayCall Restriction statistics reset for new month Call Restrictions will allow calls to be made this hour Central Site Remote Access Switch Cause cause code received for Dlci dlci index Cause Code EventCCP Internal Decompression Failure CCP Option Negotiation Failure, Non-Convergence detected CNTR-TMRTimed out waiting for TMR number interrupt Chap Authentication Failure remote device not respondingChannel in use in Hostcallrequest Configured adapter # ’x’ type does not exist Couldn’t find speech service slot #, port #Current monthly charges reset for new month Connection disconnected for license violation Data link test successful DSL port # , CES DCE Data Rate is invalid on FrStartPVCDedicated connection down slot #, port # DHCP-P Failed to close UDP port x, erc = y DHCP-P Proxy Client disabled DHCP-P Proxy Client enabledDHCP-P Proxy Client initialization failed DHCP-P UDP port 67 closed DHCP-R Relay Agent disabled DHCP-R Relay Agent enabledDHCP-R Failed to close UDP port 67, erc = DHCP-R Failed to open UDP port 67, erc = DM card in slot slot # is not usable, could not upgrade DM card in slot slot # signals it is operationalDM card type configured in slot slot # does not exist DM card failed Flash download bad xx Srec DM card in slot slot # will not come out of reset DM upgrade started. Board=board #, Modem=modem #DM upgrade success. Board=board #, Modem=modem # Downloading Bootstrap to DM card in slot slot # Edrv transmit error error code Error closing file ’s’Error downloading bootstrap program to adapter #’x’ Error downloading operational software to adapter ’x’ Error during channel initialization Access access index Error during port initialization Access access indexError during PVC initialization Access access index Error initializing WAN card WAN card Id Error opening file \system\ethernt2.bin Error programming adapter #’x’ hardwareError reading file file name, section = section name Error reading sdconf.rec file Failed to get a tone signaling session Facility not subscribed Slot=slot # Port=port #Failed to allocate enough memory for Xilinx load file Failed to obtain Terminal info in smgrprocterminalauthsess Failure to allocate enough memory for Xilinx load file Failure during read of file ’s’Failure during Static RAM test on adapter # ’x’ Central Site Remote Access Switch File Access Err Formatting Flash MemoryFrietf detected PPP protocol from NAME, shutting down PVC Frame Relay event queue full Installing File Set into Flash Memory Interrupt fault on WAN Adapter in Slot slot #Invalid Cllm received on Access access index Invalid Password password given IP Error from ESP datagram discarded IP x.x.x.x not added to the pool Unknown error yInvalid SERIAL.001 file present, file is ignored Invalid serial number in SERIAL.001, file is ignored IP Default Route not added, invalid next hop IP address # IP Invalid configuration for Network Interface ddIP Cannot stop Proxy Arp for IP address #, no cmd buf avail IP Failed to de-register with IP Address Pool Manager erc=x IP Invalid Peer IP Address IP address, WAN IP Stream Closed IP IP host is initialized successfullyIP IP router is initialized successfully IP Network initialized successfully on ddd.ddd.ddd.ddd Ipcp IP Address Pool Out of IP addresses Ipcp Option Negotiation Failure, Non-Convergence detectedIpcp Remote device does not negotiate IP address IP Host Call Dropped XID was not received from remote IP RIP All network interfaces used IP RIP Buffers allocatedIP RIP Initialization failed, unable to allocate buffers IP RIP Send queue full IPX Invalid Ipxwc passed IPX Network initialized successfully onIPX Network Interface on LAN port port # not initialized IPX IPX router initialized successfully IPX SAP Space available in service table IPX SAP Unable to add service, service table fullIpxwan IPX Internal Network Number must be configured IPX SAP Buffers allocated LAN Adapter Command Timeout LAN Adapter configuration conflictLAN Adapter Fatal Error Reported LAN Adapter HW upgrade may be required LAN Adapter Reset LAN Adapter Response TimeoutLAN Adapter System resource error LAN Init Error LAN Xmit Error LMI alarm on Access access indexLMI alarm reset Access access index Manage Mode updates have been successfully committed Memory Access Timeout Mismatch of configured and installed DM card in slot slot #Manual restart initiated on DM board in slot slot # Max ATI3 retries exceeded on modem modem # of slot slot # Modem modem # of DM card in slot slot # is unusable Modem revision on modem modem # of slot slot # failedNegotiation Failure with Semipermanent device Network loop between site1 and site Network sent Cause Spid not supported slot #, port # Network sent Status with state = 0, tear down callNo Active Calls Active Sites No Active List entry available in INM Out of LAN Adapter transmit command descriptors No Sites ConnectedNot enough memory for Security module Offnode server lookup of Dial Out User failed Auto For over 5 minutes Report problem to Phone company PAP Identification timeout on remote devicePAP Invalid password for name given by remote device Out Svc # slot # , port # PAP Remote device rejected System Information error message PAP Unknown name name given by remote devicePost number, Hdlc #number External Loopback Test Failed Post number, Hdlc #number Internal Loopback Test Failed PVC for Dlci dlci index not Active PVC not allocated for dlci indexPVC rcv wait q already full R2 not capable of Multichannel or Non-circuit calls RBS LIFAddTimer failure RBSoutSMchannel # Timeout waiting for WinkReattempting to Install File Set into Flash Memory Rebooting Replace Lithium Battery Contact your Representative Reserved signalReceived charge amount charge amount Remote peer ID discrepancy Security Rejection Invalid Password password given Security Rejection No Password given by callerSecurity Rejection Timeout on Startup Complete Security Rejection Caller did not negotiate security Semipermanent. Device x disconnected by admin Semipermanent. Device x reconnected by adminSignal for unknown CallCmd task task Id Slot #, port # Cfg Error Snmp Authentication failure, unknown community name Snmp Snmp initialization failure unable to open UDP portSnmp Snmp initialized successfully Snmp Unable to obtain an Snmp Trap queue entry buffer SSB Post 27 i960timer82c54FAILURE SSB i960 Post number not equal to i386’sSSB Post 23 i960hostintreg Failure SSB Post 24 i960iointreg Failure SSB Post 32 i960hdlc1 Failure SSB Post 33 i960hdlc2 FailureSSB Post 34 i960hdlc3 Failure SSB Post 35 i960hdlc4 Failure Successfully Loaded Release X.Y Issue Z Switch could not recognize phone number nnnnnnnSystem Clock Fault on Wan Adapter in Slot slot # TCP Connection to CSM at IP address is UP Tftp Local error #2 Feature not initialized Tftp Local error #3 Server not initializedTftp Local error #4 UDP rejected packet filename Tftp Local error #5 UDP open failed Tftp Local error #14 Bad file name Tftp Local error #15 Bad mode stringTftp Local error #18 Unable to open file filename Tftp Local error #19 Disk full filename Tftp Remote error # 1 Text from Remote Host Tftp Remote error # 2 Text from Remote HostTftp Remote error # 3 Text from Remote Host Tftp Remote error # 4 Text from Remote Host This card does not support R2 Signaling Timeout detected on connection establishmentTimeout detected on receiving caller’s number Timeout on Startup Complete Type mismatch of configured & installed adapter # ’x’ Too many digits in TN in HostcallrequestTried to free unallocated buffer sub name, size=size Unable to Decrypt Datagram Unable to open \config\devdb.nei file Unable to open Modem Upgrade fileUnable to restore original ISRs for Interrupt interrupt # Unable to get Digital Modem resource to place call Unexpected error during transmission of LMI frame Unmatched Login TaskUpdating CyberSWITCH from FileName Unknown Calling Bridge MAC address WAN card in slot slot # signals it is operational Watchdog timeout detected on DM board in slot slot #Watchdog timeout detected on WAN board ’x’ X25 facilities error, facilities not allowed in PVC X25 facilities error, bad facility length X25 facilities error, invalid facilities lengthX25 facilities error, invalid DTE address X25 facilities error, facility not allowed X25 facilities error, facility not available X25 facilities error, packet length negotiation not allowedX25 facilities error, window size negotiation not available X25 facilities error, Rpoa not available Zone allocation failed, maximum capacity already configured Trace Messages Call Trace Messages Location Causes Call Trace Message Summary -BRD CFG ACK Slot=slot # Configure ack slot #Inband treatment has been applied Init data link slot #, port #, ces Out configure port # Interworking unspecified causeOff-hook warning tone on Origination call address is non-ISDN Received unknown signal value Out init data link slot #, port # , cesRecall dial tone on Received unknown progress value IP Filters Trace Messages PPP Packet Trace Messages Configure Request Configure ACKConfigure NAK Configure Reject Trace Messages Echo ReplyDiscard Request Trace Message Summary X25 Data LCN logical channel number, number of bytes bytes X25 DCE RR LCN logical channel number, number of bytes bytes System is sending a call request to the network Lapb Trace Messages Lapb Trace Message Summary Lapb Sabme Lapb UAOut Lapb Disc Out Lapb DM System Maintenance Remote Management Remote Management SITE.HQ Installation and Configuration Usage Instructions Telnet Isdn Earlier Releases Central Site Remote Access Switch Setting UP a NEW Number Setting UP Server TypeWIN95 DIAL-UP Networking General tab Dialing OUT Site HQ Isdn Users Report Files Statistics Files Config files Other Files Changing Carbon Copy Configuration Parameters Carbon Copy Modem Type COM1 Baud Rate Performing a File Transfer Using Carbon Copy Copy LCNETWORK.NEI HC\CONFIG\NETWORK.NEI Running Without Carbon Copy Removing Carbon Copy System Commands Accessing Administration Services Setting the IP Address Accessing Dynamic Management Viewing Operational Information Neif Connected Second column is the potential number of connections Viewing Throughput Information Throughput Monitor Contents Saving Operational Information Clearing Operational Information Terminating and Restarting the Cyberswitch CONFIGURATION-RELATED Commands Login-Id Setting the Date and TimeTerminating Administration Sessions Appletalk Routing Commands Type State Default zone Network rangeFlags Physical address Distance Zones valid Bridge Commands Zone Call Control Commands Indicates that a call request process has been initiated Call peer phone number data rate device bearer Calling phone number at data rate, device PPP Call Detail Recording Commands Call Restriction Commands Dhcp Commands Compression Information CommandsCSM Commands Digital Modem Commands Frame Relay Commands Clears all statistics associated with the fr stat command IP Routing Commands Disables the trace Mask used for the destination Time since the last update was received IPX Routing Commands Ipx diag host ipx address timeout Isdn Usage Commands LAN Commands LOG Commands Packet Capture Commands Pkt display Banyan Vines Packet Detail Screen Bridged Packet Radius Commands Radius ipres Serial Interface Commands Snmp CommandsSpanning Tree Commands Spanning Tree Port Information Spanning Tree Bridge Information Bridge priority of the root bridge TCP Commands Telnet Commands Possible send parameters are defined as follows Terminal Commands Tftp Commands Tftp GET Trace Commands Tftp PUT UDP Commands User Level Security Commands WAN Commands Commands Clears the statistics for the default VC System Statistics Connectivity Statistics Throughput Monitoring Statistics Call Restriction StatisticsCall Statistics Appletalk Statistics Appletalk Protocol Statistics Number of AppleTalk Echo requests received Count of AppleTalk Echo replies received Number of NBP LookUp Requests received Appletalk Port Statistics Bridge Statistics Call Detail Recording Statistics Decompression Related Statistics Compression StatisticsCompression Related Statistics Common Dhcp Statistics Dhcp StatisticsDhcp Relay Agent statistics and Dhcp Proxy Agent statistics Dhcp Relay Agent Statistics Dhcp Proxy Client Statistics Frame Relay Statistics Access Related StatisticsDigital Modem Statistics Init PVC Related Statistics LAN Statistics IP Statistics IP Group Statistics Number of IP datagrams successfully reassembled Icmp Group Statistics IPX Statistics IPX General Statistics Network number portion of the IPX address of this system IPX RIP Statistics IPX Triggered RIP Statistics IPX Route Statistics IPX SAP Statistics IPX Triggered SAP Statistics IPX Service Statistics RIP StatisticsRIP Global Statistics RIP Interface Statistics Serial Interface Statistics Snmp Statistics SnmpInBadVersions SnmpInGetNexts TCP Statistics Statistics for Local or Client Initiated Tftp Activity Tftp StatisticsStatistics for Server or Remote Initiated Tftp Activity Statistics for ALL Tftp Activity WAN Frietf Statistics UDP Statistics Layer 1 PRI Error Statistics WAN L1P Statistics WAN Statistics Layer 1 General Statistics Statistics Maximum number of active VCs allowed at any time Virtual Circuit VC Related Statistics USER’S Guide Routine Maintenance INSTALLING/UPGRADING System SoftwareExecuting Configuration Changes Making Changes Using Cfgedit Obtaining System Custom Information Configuration Backup and RestoreMaking Changes Using Manage Mode Appendices System Worksheets System Adapters Ethernet Adapter Side View Ethernet Adapter BRI-4 Adapter Side View Basic Rate Adapter Front View PRI-8 Adapter Side View Primary Rate Adapters PRI-8 PRI-23 Adapter PRI-23/30 Adapter Front View PRI-8 Expander Adapter Side View Front View Adapter Side View Front View RS232 Adapter Side View DM-8 Adapter Digital Modems DM-8 DM-24 Adapter OFF DM-24+ Adapter DM-24+/DM-30+ DM-24+ Adapter Back view USA System Worksheets Network Topology Lines System DetailsResources Accesses Over Isdn Authentication Information Frame Relay Information Device Information Bridging and Routing Information IP Routing IP Routing IPX Routing Appletalk Routing AppleTalk Routing/Port Information Main Menu IPXSnmp PPP FR DBU Physical Resources Menu Options Menu WAN RlanDhcp SPI Snmp FR DBU SVC, PVC Security MenuCSM Radius Tacacs ACE CSM PPP STAC-L25CSM Radius TCP port Contacting Cabletron Systems Reporting ProblemsGetting Assistance Number of Pages Including this To Customer Service FromPhone FAX Cabletron Systems System Problem Report Administrative Console Commands Table Command Use Cdr verify Verifies call detail recording servers are configuredClears administration screen Displays authentication messages Administrative Console Commands Table Generates a triggered RIP/SAP update request to Local log file only displays the call detail recording logLog cdr erase Local log file only erases the call detail recording log Changes password for current access level Displays system errors and system messages Displays the current Tftp statistics Writes current authentication messages to disk Access or the specified accessSets LCN index default value to m Specified X.25 access Manage Mode Commands Table Adds/changes/deletes an IPX address from the IPX Address pool Ipxsvc add/change/delete Adds/changes/deletes an IPX service Central Site Remote Access Switch Cause Codes Table Cause Codes Table USER’S Guide Central Site Remote Access Switch USER’S Guide Central Site Remote Access Switch Dec Value Hex Value Cause Unknown Br stat IndexAtalk Clid 195 Cr stats 596 crossover cable Date Help 113 Ip addrpool Isdn usage commands 607 isolated mode Ipcp Modem devices Netstat -r 443 network flattening Offnode 213, 216 STAC-LZS Radius Server configuring Restart 585 restore Snmp 352 snmp stats 614 socket number 336 software Srcfilt 270 startne Terminal mode 33, 102, 392, 393 Trace lapb Wr 72, 584 ws 72 Wan