Device Level Security | Enterasys Networks CSX7000, CSX5500, CSX6000

CONFIGURING SECURITY LEVEL

Device Level Security

DEVICE LEVEL SECURITY

CONFIGURING DEVICE LEVEL SECURITY

USING CFGEDIT

1.Select Device Level Security from the Security Level Menu. If you need guidance to find this menu, refer to the instructions provided in the No Security configuration section.

2.Refer to the chapter Configuring Device Level Databases in order to select and configure the device level database.

USING MANAGE MODE

seclevel

Displays the current security level configuration data.

DEVICE LEVEL SECURITY BACKGROUND INFORMATION

Device level security is an authentication process between internetworking devices, in which authentication takes place automatically. Both bridges and routers support this form of security.Device level security is available to the network locally through the On-node Device Database or remotely through CSM or RADIUS Server.

Device level security is the default configuration. Through device level security, you have several options for validating remote devices and providing security for the network. The security options available are dependent on the remote device type and the line protocol in use.

The following tables summarize information needed for different device types:

Interface Type	Associated Remote		Security
	Device Type		Required?
WAN		IP Host	optional
		PPP
WAN (Direct Host)		IP Host	optional
		PPP
WAN (RLAN)	HDLC Bridge		REQUIRED
		PPP
WAN		PPP	REQUIRED
(UnNumbered)

Device Type		Security Options
PPP		CLID, CHAP, PAP
HDLC Bridge		CLID, MAC Address Security
IP Host		CLID, IP Host ID

Note: For further information regarding network interfaces and their corresponding configuration elements, refer to the network interface information refer to the network interface information in the Configuring Basic IP Routing Options chapter.

Central Site Remote Access Switch 167

Image 167

Enterasys Networks CSX7000, CSX5500, CSX6000 manual Configuring Device Level Security Using Cfgedit

Contents

USER’S Guide Virus Disclaimer Trademarks DOC Notice Contents Software Overview Hardware Installation Cfgedit Configuration Tools Security Overview Configuring System Options and Information Configuring Off-node Server Information Configuring Encryption Configuring Advanced Bridging Configuring IPX Central Site Remote Access Switch Configuring Snmp Configuring Other Advanced Options Verifying the Base System Verifying Routing Protocols LCD Messages System Commands System Statistics Routine Maintenance Cfgedit Map Using this Guide Cfgedit MAP Documentation SET Cfgedit Screens Guide Conventions User’s Guide System Overview CyberSWITCH Cyberswitch Hours of Usage Unique System Features USER’S Guide Central Site Remote Access Switch Interoperability Protocols Interoperability OverviewRadius Interoperability Devices Link Layer Encryption OverviewNetwork Layer Network Interface Overview Security Overview System Components Isdn Remote Isdn Devices Switches Supported Platform Number Main Speed Slots Hardware OverviewSystem Platforms CSX5500 System Platforms EMI To reduce the risk of electrical shock or energy hazards CSX6000 Cleaning the CSX6000 AIR Filter To reduce the risk of electrical shock or energy hazards CSX7000 Disk Drives Number of 1/3 height IDE disk drives supported Front View NE 2000-II a Network Express Platform Platform Characteristics NE 4000 a Network Express Platform USER’S Guide NE 5000 Platform a Network Express Platform Cleaning the NE 5000 AIR Filter EMI Mtbf Hardware CharacteristicsSystem Adapters Ethernet Adapters Basic Rate Adapters 75000hrs PRI-23 Primary Rate AdaptersPRI-8 Jumper Usage PRI-23/30 Expander Adapter PRI-8, PRI-23, and PRI-23/30 Connection Adapter 35 Pin Receive Data No Connect Data Set Ready No Connect Gnd Signal ReturnNo Connect Ring Indicator Transmit Clock With data compression With error controlWith error control and data compression Digital Modems DM-24 DM-8LSI Logic LR33000RISC Mvip Encryption Adapter System Software Administration SoftwareSoftware Overview Overview System Files Configuration Files Operational Files User Level Security Files Accessing the CyberSWITCH System Installation Ordering BRI Isdn Lines Using Provisioning Settings Ordering Isdn Service US onlyOrdering NI-1 Lines Using EZ-ISDN Codes Ordering NI-1 Lines Using NI-1 Isdn Ordering Codes NI-1 AT&T Custom Point-to-Point Provisioning Settings for AT&T 5ESS Switches CSD limit CSD NB limit AT&T 5ESS NI-1 ServiceUnrestricted CSV limit CSV NB limit CSD limit Provision Settings for Northern Telecom DMS-100 SwitchesCSV limit Any PVC Basic Information for Ordering PRI Isdn Lines Number of call AppearancesVersion Functional Yes US Only Sprint Type of SwitchDisabled Option Local Bell Operating Company Verify system power requirements Hardware InstallationPRE-INSTALLATION Requirements Choose a suitable setup location If you are installing WAN adapters and DM adapters Verify administration console requirementsProvide a diskette for configuration backup If you are installing only WAN adapters If you are installing WAN adapters and an Encryption adapter Adapter Settings Configured Slot Interrupt Jumper Address Switch Setting SW1 Adapter Interrupt and I/O Address Settings DM-24 Adapter Interrupt and I/O Address Settings SW3 SW2 OFF Encryption Adapter SettingsMvip Settings DES/RSA Adapter Top Left Top Pair Right Pair Additional Adapter SettingsLine Type Settings J10 J11 J12 J13 J14 PRI-23 Clock SettingsJumper Jumper Setting North American JP9 Mvip JP1JP3 JP6 Inserting the Adapters Into the Cyberswitch Connecting Multiple Adapters Connecting Adapter INTER-BOARD Cables Flat Bus Ribbon Cable Connecting a WAN Adapter to the LCD Summary of Guidelines Direct Connection Accessing the CyberswitchMaking Connections NULL-MODEM Connection to a PC DCD DTR DSR RCV Xmit GND RTS CTS Remote Connection Using Telnet COM1 On the CyberSWITCH sideOn the remote administration console side Remote Connections Modem to Modem From Cfgedit Options, select Default Async Protocol Establishing AN Administration Session Accessing the Release Notes Upgrading System Software Installing Software Couldn’t open the file C\SYSTEM\PLATFORM.NEI Upgrading System Software Local Upgrade Remote Upgrade Accessing the Release Notes Configuring Basic Bridging Basic Configuration Cfgedit Configuration Tools Executing Dynamic Management Dynamic ManagementExecuting Cfgedit Saving Cfgedit Changes Saving Dynamic Management Changes Utility Dynamic Management Commands Using the Configuration Chapters Using the Network Worksheets Resources Configuring Resources and LinesConfiguring Resources Using Cfgedit Resource Configuration Elements Resource Background Information PPP Lines Configuring Lines Using Cfgedit CommonChannel Characteristic PRI/T1 lines E1 lineMultiframe CRC Select Change from the Data Lines menu of Physical Resources Auto TEI Line Configuration Elements DMS100 custom NI-1 Switch Type Number of Data Number of SPIDsDirectory Numbers Directory Numbers Line Encoding Line Background Information Commport Information Subaddresses Background Information Configuring a Subaddress Using CfgeditSubaddress Configuration Elements Subaddresses MAC Layer Bridging Configuration Elements Configuring Basic BridgingENABLING/DISABLING Bridging Using Cfgedit Select Enable/Disable Bridging MAC Layer Bridging Background Information Internet Protocol IP Option Configuring Basic IP RoutingEnabling IP Using Cfgedit IP Background Information IP Operating ModeIP Option Configuration Elements Configuring the IP Operating Mode Using Cfgedit IP Operating Mode Background Information IP Operating Mode Configuration Elements IP Network Interfaces Configuring Interfaces Using Cfgedit USER’S Guide Network Interface Configuration Elements MTU Transmit Broadcast IP Address Default switch for numbered WAN interfaces IP RIP Receive Control IP Network Interface Background Information Hdlc Bridge IP Network Interface Type Associated Remote DeviceIP Host RFC1294 WAN Direct Host IP Host RFC1294 USER’S Guide Example 1 LAN, WAN and WAN Direct Host Interfaces Example 2 LAN, WAN UnNumbered, WAN Remote LAN Interfaces IP RIP and the IP Network Interfaces Isdn Isdn IP RIP Over Dedicated Connections Isdn Proxy ARP Redundant Configurations for BackupNetwork Flattening Example IP Host Communications in Flattened Networks Secondary IP Addressing Static Routes Configuring Static Routes IP address for the destination network or host Static Route Configuration Elements Central Site Remote Access Switch Static Route Background Information Isdn Default Route Configuration Elements Default RoutesConfiguring Default Routes Routing Information Protocol RIP Option ENABLING/DISABLING IP RIP Using Cfgedit LAN IP RIP Configuration ElementsIP RIP Status IP RIP Background Information Security and Encryption Options Configuring Security Level Security Level Security Overview Device Level Databases System Options and Information OFF-NODE Server Information Network Login InformationUser Level Databases Configuring Security Level On-Node Yes Database Device Level User Level Administration Security No Security Configuring no Security Using Cfgedit Device Level Security Background Information Configuring Device Level Security Using CfgeditDevice Level Security User Level Security Background Information Configuring User Level Security Using CfgeditUser Level Security User Level Security Isdn Making a Telnet Connection Responding to Login Prompts ACE Configuring Device and User Level Security Using CfgeditDevice and User Level Security Tacacs Device and User Level Background Information System Options Configuring System Options and InformationConfiguring System Options Using Cfgedit System Options System Options Configuration Elements PAP Chap Bridge MAC Calling Line Id Authentication Address PAP Chap System Options Background Information Optional Calling Line Id Configuring System Information Using CfgeditSystem Information Configuration Elements System Information System Information Background Information Administrative SessionConfiguring Administrative Sessions Using Cfgedit Administrative Session Configuration Elements Administrative Session Background Information Emergency Telnet Server Port Number Background Information ON-NODE Device Database Configuring Device Level DatabasesConfiguring AN ON-NODE Device Database ON-NODE Device Entries Configuring ON-NODE Device Entries On-node Device Entries No pvc configured for Device DAN SVC None 0.0 IP SubNetwork number ON-NODE Device Database Configuration Elements Base Data Rate Frame Relay Access Configuration Elements Chap Secret Outbound Authentication RIP/SAP Appletalk Information Configuration Elements Bridge Information Configuration Elements Bridging with Hdlc Bridge Devices ON-NODE Device Database Background Information Line Id Security Mode On-node Device Table Configuration DataIP Routing with Hdlc Bridge Devices PAP or Chap IP Routing with PPP IP Devices Using IpcpIP Routing with IP Host Devices RFC1294 IP Routing with PPP Bridge Devices Using BCP Bridging with PPP Bridge Devices Using BCPPAP Password or OFF-NODE Device Database Location Configuring OFF-NODE Device Database Location Using Cfgedit OFF-NODE Device Database Location Background Information OFF-NODE Device Database Location Configuration Elements Configuring Authentication Database Location Using Cfgedit Configuring User Level DatabasesUser Level Authentication Database Location Database Telnet Port Number Type communications server Configuring OFF-NODE Server InformationMultiple Administration Login Names Name John Doe Name mynode1 Address Remote Office1 Configuring CSM Authentication Server CSM Authentication Server Configuring a Radius Authentication Server CSM Authentication Server Configuration ElementsCSM Authentication Server Background Information Is SHAREDSECRET1234 Radius Authentication Server Background Information Radius Authentication Server Configuration Elements Select 5 Off-node Server Information Configuring a Radius Accounting Server Return to the Off-node Server Information Menu Radius Accounting Server Background Information Radius Accounting Server Configuration Elements Radius RFC2138 Enabling Radius Type Using Cfgedit Radius Type Radius Type Configuration ElementsConfiguring the Dynamic Device Option Using Cfgedit Dynamic Device Option Dynamic Device Configuration Elements Configuring a Tacacs Authentication Server Tacacs Authentication Server Tacacs Authentication Server Background Information Tacacs Authentication Server Configuration Elements Configuring AN ACE Authentication Server ACE Authentication Server ACE Authentication Server Configuration Elements ACE Authentication Server Background Information Configuring General Network Login Information Using Cfgedit Configuring Network Login InformationNetwork Login General Configuration Select the type of authentication desired Configuring Network Login Banners Using Cfgedit Network Login BannersNetwork Login General Configuration Background Information Configuring Radius Server Login Information Using Cfgedit Login Configuration Specific to Radius ServerNetwork Login Banners Background Information Login Configuration Specific to Radius Server Configuring Tacacs Server Login Information Using Cfgedit Login Configuration Specific to Tacacs Server Login Configuration Specific to Tacacs Server USER’S Guide Select Add a Resource Configuring EncryptionConfiguration Configuring AN Encryption Adapter Using Cfgedit Select Add. Respond to the following series of questions Select IP Security Associations Select Device Level Databases Select On-node device entries Configuring Link Layer Encryption PPP Encryption only Encryption Configuration Elements Final Destination IP Address IP Network Layer Encryption Encryption Background Information 8888CCCC 12345678 12345678 8888CCCC Isdn Link Layer Encryption Interaction with Other Features For Link Layer encryption For IP Layer encryption Configuring Alternate Accesses Advanced Configuration Configuring a Dedicated Access Using Cfgedit Configuring Alternate AccessesDedicated Accesses Dedicated Access Background Information Dedicated Access Configuration Elements Configuring AN X.25 Access Accesses Accesses USER’S Guide Configuration Elements Lapb Configuration Elements Timers Maximum Window Size Nonstandard Default Transmit Window Size PVC Configuration Elements Access Background Information B1 B2 Select Access Information Frame Relay AccessesConfiguring a Frame Relay Access Select Add a PVC Frame Relay General Configuration Elements Dlci Value Frame Relay PVC Configuration ElementsLMI LMI Format PVC Name Frame Relay Access Background Information Local Management Interface Overview Allowed Not Allowed Bridge Dial OUT Configuring Advanced Bridging Under ISDN, select Dial Out Phone Number Spanning Tree Protocol Configuring Spanning Tree Protocol Using Cfgedit Spanning Tree Protocol Background Information Spanning Tree Protocol Configuration Elements Bridge Mode of Operation Background Information Bridge Mode of OperationConfiguring the Bridge Mode of Operation Using Cfgedit Bridge Mode of Operation Configuration Elements Bridge Filters Configuring Bridge Filters Using Cfgedit Source MAC Filter Commands Protocol Definition Commands Packet Data Filter Commands Destination MAC Filter CommandsProtocol Filter Commands Lsap in HEX Bridge Filter Configuration Elements Filter Destination MAC Bridge Filters Background InformationFilter Type Maximum Number of Each Source Discard Connect Destination Protocol Packet Unrestricted Mode Bridge Filters Central Site Remote Access Switch Sites connected over the WAN according to Filter Action Distribution Result ListPacket matching this filter will not be forwarded On any LAN port. The packet will be sent to remote On LAN port 2. The packet will be sent to remote On LAN port 1. The packet will be sent to remoteSites connected over the WAN and to LAN port According to the normal learning bridge methods Restricted Mode Forwarding Action Restricted Mode Bridge Filters Central Site Remote Access Switch Any remote sites connected over the WAN Filter Distribution Result Action ListPacket matching this filter will only be forward Ed on the LAN ports. The packet will not be sent to Ed on LAN port 2. The packet will not be sent to re Ed on LAN port 1. The packet will not be sent to reMote sites connected over the WAN or to LAN Port Remote sites connected on the WAN. The packet Packet matching this filter will be discarded onLAN ports. The packet will be sent to all Packet matching this filter will be discarded to Preliminaries Configuring a Destination MAC Address Filter Discard Connect Known Connect List Configuring the Known Connect List Known Connect List Background Information Known Connect List Configuration Elements Static ARP Table Entries Configuring Advanced IP Routing Select Static ARP Table Entries from the IP menu Configuring Static ARP Table Entries Using CfgeditStatic ARP Table Entries Configuration Elements Static ARP Table Entries Static Route Lookup VIA Radius Isolated Mode IP Address Pool Static Route VIA Radius Configuration ElementsConfiguring AN IP Address Pool Using Cfgedit IP Address Pool Configuration Elements IP Address Pool Background Information IP Filters Configuring Packet Types Using Cfgedit Initiating the IP Filter Configuration Using Cfgedit TCP UDP Icpm Specify a control value any, established, or not established Select Icmp Type Select Add a Forwarding Filter Configuring Forwarding Filters Configuring Connection Filters Configuring Exception Filter Select Apply Global Forwarding Filter Applying FiltersSelect IP Interfaces TCP and UDP Ports IP Filters Configuration Elements IP Filters Background Information NEQRange Forwarding Filters Packet Types Exception Filters Connection Filters Application to Network Interfaces Limitations Common Portion FTP WWW Sfvra Example of AN IP Filter Configuration Forward Dhcp Relay Agent Configuring a Dhcp Relay Agent Using Cfgedit Dhcp Background Information Dhcp Configuration Elements Router to Bridge Environment Bridge to Bridge Environment IP Router to IP Router with Relay Agents on both USER’S Guide Remote Bridge to IP Router w/Relay Agent = WAN Rlan Select Dhcp Proxy Client Configuring the Dhcp Proxy ClientDhcp Proxy Client Dhcp Proxy Client ENABLE/DISABLE Flag Sample Configuration IP Router with Dhcp Proxy Client Security Associations Configuration for IP Router ChloeConfiguring Security Associations Using Cfgedit Configuring DNS and Netbios Addresses Using Cfgedit DNS and Netbios Addresses DNS/NBNS Background Information DNS/NBNS Configuration Elements Configuring IPX Configuring IPX Information IPX Routing Option ENABLING/DISABLING IPX Using CfgeditIPX Option Configuration Element IPX Option Background Information Configuring the IPX Internal Network Number Using CfgeditIPX Internal Network Number Configuration Element IPX Internal Network Number IPX Network Number Background Information Configuring IPX Network Interfaces Using CfgeditIPX Network Interfaces Displays the current IPX network interface data IPX Network Interface Configuration Elements SAP IPX Network Interface Configuration Elements IPX Network Interface Background Information IPX Routing Protocols Configuring IPX Routing Protocols Using CfgeditIPX Routing Protocol Configuration Elements SAP IPX Routing Protocol Background Information Special Considerations Remote LAN Interface IPX Static Routes Configuring IPX Static Routes Using Cfgedit IPX Static Routes Background Information IPX Static Routes Configuration Elements Configuring IPX Netware Static Services Using Cfgedit IPX Netware Static Services IPX Netware Static Services Configuration Elements IPX Spoofing IPX Netware Static Services Background InformationConfiguring IPX Spoofing Using Cfgedit IPX Spoofing Background Information IPX Spoofing Configuration Elements Watchdog Protocol IPX Type 20 Packet Handling Configuring IPX Type 20 Packet Handling Using CfgeditIPX Type 20 Packet Handling Configuration Elements IPX Isolated Mode Background Information IPX Isolated ModeConfiguring IPX Isolated Mode Using Cfgedit IPX Isolated Mode Configuration Elements Displaying WAN Peer List Configuring Triggered RIP/SAP Global Timers Using Cfgedit Triggered RIP/SAP Background Information IPX-SPECIFIC Information for Devices Configuring IPX Devices IPX-Specific Information for Devices Remote LAN Devices IPX Configuration Elements for Devices Enable Bridging and disable Make calls for bridge data None IPX Background Information for Devices Configuring Snmp Configuring Snmp Configuring Snmp Snmp Configuration Elements Snmp Background Information WAN Central Site Remote Access Switch CT-CONTAINER-MIB CT-WAN-MIB CTMIB2-EXT-MIB Using Cabletron NMS Systems Appletalk Routing Option Configuring Appletalk RoutingEnabling Appletalk Routing Using Cfgedit Appletalk Routing Background Information Appletalk Routing Option Configuration ElementConfiguring Appletalk Ports Using Cfgedit Appletalk Ports Appletalk Ports Configuration Elements Appletalk Ports Background Information Overview Considerations ConfigurationConfiguring Appletalk Static Routes Using Cfgedit Appletalk Static Routes Appletalk Capacities Appletalk Routing Static Routes Configuration ElementsConfiguring Appletalk Capacities Using Cfgedit Appletalk Capacities Configuration Elements Appletalk Capacities Background Information Appletalk Isolated ModeConfiguring the Appletalk Isolated Mode Using Cfgedit Appletalk Isolated Mode Configuration Elements Call Control Menu Configuring Call Control Throughput Monitor Configuring the Throughput Monitor Throughput Monitor Background Information Throughput Monitor Configuration Elements 90% Condition Trigger Number Window Size Utilization Underload Condition Monitoring USER’S Guide Monthly Call Charge Call Interval Parameters Monthly Call Charge Background Information Monthly Call Charge Configuration ElementsConfiguring Call Restrictions Using Cfgedit Call Restrictions Call Restriction Configuration Elements Maximum Calls PER DAY Maximum Call Minutes PER Month Call Restrictions Background Information Configuring Bandwidth ReservationBandwidth Reservation Bandwidth Reservation Select Bandwidth Reservation Bandwidth Reservation Configuration Elements Bandwidth Reservation Background Information Configuring Semipermanent Connections Using CfgeditSemipermanent Connections Semiperm Semipermanent Connections Background Information Semipermanent Connections Configuration ElementsCall Device Commands Throughput Monitor Call Restrictions CSM AS a Call Control Manager Configuring CSM for Call Control Using Cfgedit Call Control Management Select D Channel Callback Configuring D Channel Callback Using CfgeditChannel Callback Channel Callback Background Information Channel Callback Configuration Elements Modem Inactivity Timeout Configuration Elements Digital Modem Inactivity Timeout Modem Inactivity Timeout Background Information For IP routing Configuring Other Advanced OptionsConfiguring for a Digital Modem Using Cfgedit Digital Modem Digital Modem Background Information For IPX routingFor AppleTalk routing Digital Modem PPP Mode Using Cfgedit Default Async Protocol Default Async Protocol Configuration Elements Terminal Mode Using CfgeditCall Disconnect Using Cfgedit Data Timeout Value Autosense Feature PPP Configuration Elements PPP ConfigurationConfiguring PPP PPP Configuration PPP Background Information Configuring Default Line Protocol Using Cfgedit Default Line Protocol LOG Options Default Line Protocol Configuration ElementsDefault Line Protocol Background Information Configuring LOG Options Using Cfgedit From Log Options, select Call Detail Recording From Log Options, select Authentication Message DA logLOG Options Configuration Elements Select Add a Syslog Server LOG Options Background Information UDP Port Central Site Remote Access Switch System Messages CDR Log Report Call Detail Recording Events Event Report Contents Record Disconnect/Term Disconnect Event Report Contents Connect/Term Connect Event Report Contents System Up Event Report Contents Reject Event Report ContentsTerm Succ Event Report Contents Term Fail Event Report Contents Compression Options Verify Event Report ContentsConfiguring Compression Options Using Cfgedit Compression Options Configuration Elements Compression Options Background Information Central Site Remote Access Switch Tftp Background Information Configuring TftpTftp Configuration Elements File Attributes Configuring File AttributesFile Attributes Configuration Elements File Attributes Background Information ARP Verification and Diagnosis WAN Adapter INITIALIZED? Verifying the Base SystemHardware Resources OPERATIONAL? LAN Adapter INITIALIZED? To correct the problem, try the following Verifying WAN Line Availability WAN Lines Available for USE? Dedicated Serial Connections LAN Connection OPERATIONAL? IP Router INITIALIZED? Try the following to correct the problemBridge INITIALIZED? Set-up Remote Device Connectivity Security Rejection-Invalid Calling Line Id # To verify multi-level security MULTI-LEVEL Security IP Host INITIALIZED? IP Host ModeDisabled IP Host Mode OPERATIONAL? Try the following Dedicated Connections Alternate Accesses Frame Relay Connections Connections A Terminal Server Menu IP Routing Over a LAN Interface Verifying Routing ProtocolsIP Routing OPERATIONAL? IP Routing Over a WAN Interface Ping 192.100.1.1 return IP Routing Over a WAN Direct Host Interface 100.0.0.1 100.0.0.0 Host B 100.0.0.3 Host a 100.0.0.2 IP Routing Over a WAN Remote LAN Interface IP Routing Over a WAN Unnumbered Interface Ip filter trace discard return IP Filters IP RIP INITIALIZED? If you are still experiencing problemsIp filter trace off return IP RIP Output Processing on a LAN Interface IP RIP Input Processing on a LAN Interface IP RIP Output Processing on a WAN Interface IP RIP Input Processing Operational on a WAN Interface IPX Router INITIALIZED? IPX IPX Routing Over a LAN Connection IPX Routing OPERATIONAL? IPX Remote LAN Connection Xxxx Triggered RIP/SAP IPX Routing Over a WAN Connection Ipx trigreq device Appletalk Routing OPERATIONAL? Appletalk RoutingAppletalk Routing INITIALIZED? Appletalk Routing Over the LAN Connection Atalk port Appletalk Routing Over a WAN Connection USER’S Guide Snmp Verifying System Options USER’S Guide Dial OUT Set Up Call Detail Recording Compression Peer Protocol-Rejects CCP CyberSWITCH does not have Compression EnabledReserved Bandwidth Verifying Dhcp Relay Agent Initialization Verifying the Relay Agent is Enabled Verifying the Relay Agent is Operational USER’S Guide Verifying Dhcp Proxy Client Initialization Verifying the Proxy Client is Enabled Verifying the Proxy Client is Operational Ip addrpool return Modem Callback Verifying a Semipermanent Connection Proxy ARP Proxy ARP LCD Messages Troubleshooting Normal Operation LCD Messages LCD MessagesLCD Message Groups Initialization LCD Message Error LCD Messages LCD Message Groups Auto Over Max Charge System Messages Normal Operation Messages Error MessagesInformational Messages Initialization Messages System Message Summary Port LAN Adapter, operating in remote mode onlyPort LAN Adapter, operating in local and remote mode Call has exceeded the configured maximum duration Adapter does not respond adapter #’x’ Acct Warning code TimeoutAdapter #’x’ failed to respond from bootstrap Activation Failure- Session not active Auth ACE Could not write service file Attempting to load FileName for UpgradeAttempt to initialize unconfigured DM card in slot slot # Auth ACE Could not create service file Auth Radius Chap rejected for device device name Auth ACE Error receiving server log message acknowledgmentAuth ACE Login rejected user user name Auth ACE Node verification received Client initialized Auth Radius PAP rejected device device name Auth Radius Login rejected device device nameAuth Radius IP Host rejected IP Host id IP host Id Auth Radius IP Resolve rejected IP Address IP address Auth Warning code 0007 Authentication mode mismatch Auth Tacacs Login rejected user user nameAuth Warning code 0001 Timeout Auth Warning code 0004 No authentication node available Bad auth result in smgrauthaanotify for device device name Booting System SoftwareBootstrap came alive on DM card in slot slot # Bootstrap came alive on WAN card in slot slot # CallID in use in Hostcallrequest Call Restrictions have been disabled by user commandCalculating CRC’s Callback type call back type ID is not currently supported Call Restrictions will allow calls to be made this hour Call Restrictions have been enabled by user commandCall Restriction statistics reset for new day Call Restriction statistics reset for new month Central Site Remote Access Switch CCP Option Negotiation Failure, Non-Convergence detected Cause cause code received for Dlci dlci indexCause Code Event CCP Internal Decompression Failure CNTR-TMRTimed out waiting for TMR number interrupt Chap Authentication Failure remote device not respondingChannel in use in Hostcallrequest Connection disconnected for license violation Configured adapter # ’x’ type does not existCouldn’t find speech service slot #, port # Current monthly charges reset for new month DHCP-P Failed to close UDP port x, erc = y Data link test successful DSL port # , CESDCE Data Rate is invalid on FrStartPVC Dedicated connection down slot #, port # DHCP-P UDP port 67 closed DHCP-P Proxy Client disabledDHCP-P Proxy Client enabled DHCP-P Proxy Client initialization failed DHCP-R Failed to open UDP port 67, erc = DHCP-R Relay Agent disabledDHCP-R Relay Agent enabled DHCP-R Failed to close UDP port 67, erc = DM card failed Flash download bad xx Srec DM card in slot slot # is not usable, could not upgradeDM card in slot slot # signals it is operational DM card type configured in slot slot # does not exist Downloading Bootstrap to DM card in slot slot # DM card in slot slot # will not come out of resetDM upgrade started. Board=board #, Modem=modem # DM upgrade success. Board=board #, Modem=modem # Error downloading operational software to adapter ’x’ Edrv transmit error error codeError closing file ’s’ Error downloading bootstrap program to adapter #’x’ Error initializing WAN card WAN card Id Error during channel initialization Access access indexError during port initialization Access access index Error during PVC initialization Access access index Error reading sdconf.rec file Error opening file \system\ethernt2.binError programming adapter #’x’ hardware Error reading file file name, section = section name Failed to obtain Terminal info in smgrprocterminalauthsess Failed to get a tone signaling sessionFacility not subscribed Slot=slot # Port=port # Failed to allocate enough memory for Xilinx load file Failure to allocate enough memory for Xilinx load file Failure during read of file ’s’Failure during Static RAM test on adapter # ’x’ Central Site Remote Access Switch Frame Relay event queue full File Access ErrFormatting Flash Memory Frietf detected PPP protocol from NAME, shutting down PVC Invalid Password password given Installing File Set into Flash MemoryInterrupt fault on WAN Adapter in Slot slot # Invalid Cllm received on Access access index Invalid serial number in SERIAL.001, file is ignored IP Error from ESP datagram discardedIP x.x.x.x not added to the pool Unknown error y Invalid SERIAL.001 file present, file is ignored IP Failed to de-register with IP Address Pool Manager erc=x IP Default Route not added, invalid next hop IP address #IP Invalid configuration for Network Interface dd IP Cannot stop Proxy Arp for IP address #, no cmd buf avail IP Network initialized successfully on ddd.ddd.ddd.ddd IP Invalid Peer IP Address IP address, WAN IP Stream ClosedIP IP host is initialized successfully IP IP router is initialized successfully IP Host Call Dropped XID was not received from remote Ipcp IP Address Pool Out of IP addressesIpcp Option Negotiation Failure, Non-Convergence detected Ipcp Remote device does not negotiate IP address IP RIP Send queue full IP RIP All network interfaces usedIP RIP Buffers allocated IP RIP Initialization failed, unable to allocate buffers IPX IPX router initialized successfully IPX Invalid Ipxwc passedIPX Network initialized successfully on IPX Network Interface on LAN port port # not initialized IPX SAP Buffers allocated IPX SAP Space available in service tableIPX SAP Unable to add service, service table full Ipxwan IPX Internal Network Number must be configured LAN Adapter HW upgrade may be required LAN Adapter Command TimeoutLAN Adapter configuration conflict LAN Adapter Fatal Error Reported LAN Init Error LAN Adapter ResetLAN Adapter Response Timeout LAN Adapter System resource error Manage Mode updates have been successfully committed LAN Xmit ErrorLMI alarm on Access access index LMI alarm reset Access access index Max ATI3 retries exceeded on modem modem # of slot slot # Memory Access TimeoutMismatch of configured and installed DM card in slot slot # Manual restart initiated on DM board in slot slot # Network loop between site1 and site Modem modem # of DM card in slot slot # is unusableModem revision on modem modem # of slot slot # failed Negotiation Failure with Semipermanent device No Active List entry available in INM Network sent Cause Spid not supported slot #, port #Network sent Status with state = 0, tear down call No Active Calls Active Sites Offnode server lookup of Dial Out User failed Out of LAN Adapter transmit command descriptorsNo Sites Connected Not enough memory for Security module Out Svc # slot # , port # Auto For over 5 minutes Report problem to Phone companyPAP Identification timeout on remote device PAP Invalid password for name given by remote device Post number, Hdlc #number Internal Loopback Test Failed PAP Remote device rejected System Information error messagePAP Unknown name name given by remote device Post number, Hdlc #number External Loopback Test Failed R2 not capable of Multichannel or Non-circuit calls PVC for Dlci dlci index not ActivePVC not allocated for dlci index PVC rcv wait q already full Rebooting RBS LIFAddTimer failureRBSoutSMchannel # Timeout waiting for Wink Reattempting to Install File Set into Flash Memory Remote peer ID discrepancy Replace Lithium Battery Contact your RepresentativeReserved signal Received charge amount charge amount Security Rejection Caller did not negotiate security Security Rejection Invalid Password password givenSecurity Rejection No Password given by caller Security Rejection Timeout on Startup Complete Slot #, port # Cfg Error Semipermanent. Device x disconnected by adminSemipermanent. Device x reconnected by admin Signal for unknown CallCmd task task Id Snmp Unable to obtain an Snmp Trap queue entry buffer Snmp Authentication failure, unknown community nameSnmp Snmp initialization failure unable to open UDP port Snmp Snmp initialized successfully SSB Post 24 i960iointreg Failure SSB Post 27 i960timer82c54FAILURESSB i960 Post number not equal to i386’s SSB Post 23 i960hostintreg Failure SSB Post 35 i960hdlc4 Failure SSB Post 32 i960hdlc1 FailureSSB Post 33 i960hdlc2 Failure SSB Post 34 i960hdlc3 Failure TCP Connection to CSM at IP address is UP Successfully Loaded Release X.Y Issue ZSwitch could not recognize phone number nnnnnnn System Clock Fault on Wan Adapter in Slot slot # Tftp Local error #5 UDP open failed Tftp Local error #2 Feature not initializedTftp Local error #3 Server not initialized Tftp Local error #4 UDP rejected packet filename Tftp Local error #19 Disk full filename Tftp Local error #14 Bad file nameTftp Local error #15 Bad mode string Tftp Local error #18 Unable to open file filename Tftp Remote error # 4 Text from Remote Host Tftp Remote error # 1 Text from Remote HostTftp Remote error # 2 Text from Remote Host Tftp Remote error # 3 Text from Remote Host Timeout on Startup Complete This card does not support R2 SignalingTimeout detected on connection establishment Timeout detected on receiving caller’s number Unable to Decrypt Datagram Type mismatch of configured & installed adapter # ’x’Too many digits in TN in Hostcallrequest Tried to free unallocated buffer sub name, size=size Unable to get Digital Modem resource to place call Unable to open \config\devdb.nei fileUnable to open Modem Upgrade file Unable to restore original ISRs for Interrupt interrupt # Unknown Calling Bridge MAC address Unexpected error during transmission of LMI frameUnmatched Login Task Updating CyberSWITCH from FileName X25 facilities error, facilities not allowed in PVC WAN card in slot slot # signals it is operationalWatchdog timeout detected on DM board in slot slot # Watchdog timeout detected on WAN board ’x’ X25 facilities error, facility not allowed X25 facilities error, bad facility lengthX25 facilities error, invalid facilities length X25 facilities error, invalid DTE address X25 facilities error, Rpoa not available X25 facilities error, facility not availableX25 facilities error, packet length negotiation not allowed X25 facilities error, window size negotiation not available Zone allocation failed, maximum capacity already configured Trace Messages Location Causes Call Trace Messages Call Trace Message Summary -BRD CFG ACK Slot=slot # Configure ack slot #Inband treatment has been applied Init data link slot #, port #, ces Origination call address is non-ISDN Out configure port #Interworking unspecified cause Off-hook warning tone on Received unknown progress value Received unknown signal valueOut init data link slot #, port # , ces Recall dial tone on IP Filters Trace Messages PPP Packet Trace Messages Configure Reject Configure RequestConfigure ACK Configure NAK Trace Message Summary Trace MessagesEcho Reply Discard Request X25 DCE RR LCN logical channel number, number of bytes bytes X25 Data LCN logical channel number, number of bytes bytes System is sending a call request to the network Lapb Trace Message Summary Lapb Trace Messages Out Lapb DM Lapb SabmeLapb UA Out Lapb Disc Remote Management System Maintenance Remote Management SITE.HQ Usage Instructions Installation and Configuration Isdn Telnet Earlier Releases Central Site Remote Access Switch General tab Setting UP a NEW NumberSetting UP Server Type WIN95 DIAL-UP Networking Dialing OUT Site HQ Isdn Users Report Files Statistics Files Config files Other Files Carbon Copy Changing Carbon Copy Configuration Parameters COM1 Modem Type Baud Rate Performing a File Transfer Using Carbon Copy Running Without Carbon Copy Copy LCNETWORK.NEI HC\CONFIG\NETWORK.NEI Removing Carbon Copy Accessing Administration Services System Commands Accessing Dynamic Management Setting the IP Address Viewing Operational Information Neif Connected Second column is the potential number of connections Viewing Throughput Information Throughput Monitor Contents Clearing Operational Information Saving Operational Information CONFIGURATION-RELATED Commands Terminating and Restarting the Cyberswitch Login-Id Setting the Date and TimeTerminating Administration Sessions Appletalk Routing Commands State Type Physical address Default zoneNetwork range Flags Zones valid Distance Zone Bridge Commands Call Control Commands Indicates that a call request process has been initiated Call peer phone number data rate device bearer Calling phone number at data rate, device PPP Call Restriction Commands Call Detail Recording Commands Dhcp Commands Compression Information CommandsCSM Commands Digital Modem Commands Frame Relay Commands Clears all statistics associated with the fr stat command IP Routing Commands Disables the trace Mask used for the destination Time since the last update was received IPX Routing Commands Ipx diag host ipx address timeout Isdn Usage Commands LOG Commands LAN Commands Packet Capture Commands Pkt display Banyan Vines Packet Detail Screen Bridged Packet Radius Commands Radius ipres Spanning Tree Port Information Serial Interface CommandsSnmp Commands Spanning Tree Commands Spanning Tree Bridge Information Bridge priority of the root bridge TCP Commands Telnet Commands Possible send parameters are defined as follows Terminal Commands Tftp GET Tftp Commands Tftp PUT Trace Commands User Level Security Commands UDP Commands WAN Commands Commands Clears the statistics for the default VC Connectivity Statistics System Statistics Throughput Monitoring Statistics Call Restriction StatisticsCall Statistics Appletalk Protocol Statistics Appletalk Statistics Number of AppleTalk Echo requests received Count of AppleTalk Echo replies received Number of NBP LookUp Requests received Appletalk Port Statistics Call Detail Recording Statistics Bridge Statistics Decompression Related Statistics Compression StatisticsCompression Related Statistics Common Dhcp Statistics Dhcp StatisticsDhcp Relay Agent statistics and Dhcp Proxy Agent statistics Dhcp Relay Agent Statistics Dhcp Proxy Client Statistics Frame Relay Statistics Access Related StatisticsDigital Modem Statistics Init PVC Related Statistics LAN Statistics IP Group Statistics IP Statistics Number of IP datagrams successfully reassembled Icmp Group Statistics IPX General Statistics IPX Statistics Network number portion of the IPX address of this system IPX RIP Statistics IPX Route Statistics IPX Triggered RIP Statistics IPX Triggered SAP Statistics IPX SAP Statistics RIP Interface Statistics IPX Service StatisticsRIP Statistics RIP Global Statistics Snmp Statistics Serial Interface Statistics SnmpInBadVersions SnmpInGetNexts TCP Statistics Statistics for Local or Client Initiated Tftp Activity Tftp StatisticsStatistics for Server or Remote Initiated Tftp Activity Statistics for ALL Tftp Activity UDP Statistics WAN Frietf Statistics WAN L1P Statistics Layer 1 PRI Error Statistics Layer 1 General Statistics WAN Statistics Statistics Maximum number of active VCs allowed at any time Virtual Circuit VC Related Statistics USER’S Guide Making Changes Using Cfgedit Routine MaintenanceINSTALLING/UPGRADING System Software Executing Configuration Changes Obtaining System Custom Information Configuration Backup and RestoreMaking Changes Using Manage Mode System Worksheets Appendices System Adapters Ethernet Adapter Ethernet Adapter Side View Basic Rate Adapter BRI-4 Adapter Side View Primary Rate Adapters PRI-8 Front View PRI-8 Adapter Side View PRI-23 Adapter PRI-23/30 Adapter Front View PRI-8 Expander Adapter Side View Front View Adapter Side View Front View RS232 Adapter Side View Digital Modems DM-8 DM-8 Adapter DM-24 Adapter OFF DM-24+/DM-30+ DM-24+ Adapter DM-24+ Adapter Back view USA System Worksheets Network Topology Lines System DetailsResources Over Isdn Accesses Device Information Authentication Information Frame Relay Information IP Routing Bridging and Routing Information IPX Routing IP Routing AppleTalk Routing/Port Information Appletalk Routing FR DBU Main MenuIPX Snmp PPP Physical Resources Menu SPI Options MenuWAN Rlan Dhcp Snmp FR DBU SVC, PVC Security MenuCSM Radius Tacacs ACE CSM PPP STAC-L25CSM Radius TCP port Contacting Cabletron Systems Reporting ProblemsGetting Assistance Number of Pages Including this To Customer Service FromPhone FAX Cabletron Systems System Problem Report Administrative Console Commands Table Displays authentication messages Command Use Cdr verifyVerifies call detail recording servers are configured Clears administration screen Administrative Console Commands Table Local log file only erases the call detail recording log Generates a triggered RIP/SAP update request toLocal log file only displays the call detail recording log Log cdr erase Changes password for current access level Displays the current Tftp statistics Displays system errors and system messages Specified X.25 access Writes current authentication messages to diskAccess or the specified access Sets LCN index default value to m Manage Mode Commands Table Address pool Adds/changes/deletes an IPX address from the IPX Ipxsvc add/change/delete Adds/changes/deletes an IPX service Central Site Remote Access Switch Cause Codes Table Cause Codes Table USER’S Guide Central Site Remote Access Switch USER’S Guide Central Site Remote Access Switch Unknown Dec Value Hex Value Cause Br stat IndexAtalk Clid 195 Date Cr stats 596 crossover cable Ip addrpool Help 113 Ipcp Isdn usage commands 607 isolated mode Netstat -r 443 network flattening Modem devices STAC-LZS Offnode 213, 216 Restart 585 restore Radius Server configuring Srcfilt 270 startne Snmp 352 snmp stats 614 socket number 336 software Trace lapb Terminal mode 33, 102, 392, 393 Wan Wr 72, 584 ws 72