12345678 8888CCCC, 8888CCCC 12345678 | Enterasys Networks CSX5500

CONFIGURING ENCRYPTION

Encryption Background Information

The peer must also have corresponding Security Associations. (Note that the gateway address and the source/destination subnet addresses are switched to reflect the peer subnet.)

Security Associations between peer CyberSWITCH nodes are identified by a Security Parameter Index (SPI). The SPI is transmitted in the ESP header and is used by the peer node to identify the necessary information to decrypt the ESP payload.

IP ENCRYPTION EXAMPLE

"SITE A"	Untrusted Media		"SITE B"
			CSX5500
CSX5500		197.1.1.1
	197.4.1.1

INTERNET

Trusted

Subnet

197.4.2.2

Trusted

Subnet

197.1.2.2

Site “A”	Security Associations
	Outgoing:	Incoming:
Final Destination:	197.1.2.2	197.4.2.2

Mask:	16 bits	16 bits
Destination gateway:	197.1.1.1	197.1.1.1

Shared Secret Key:	AAABBB1234567890	9876543210ABCDEF
SPI:	12345678	8888CCCC


Site “B”	Security Associations

	Outgoing:	Incoming:
Final Destination:	197.4.2.2	197.1.2.2

Mask:	16 bits	16 bits
Destination gateway:	197.4.1.1	197.4.1.1

Shared Secret Key:	9876543210ABCDEF	AAABBB1234567890
SPI:	8888CCCC	12345678

AUTHENTICATION HEADERS

Authentication Header (AH) protocol provides integrity and authentication for IP datagrams by assuring that a received packet originated from the destination it claims. Packets originating from the CyberSWITCH may be authenticated with AH protocol, as long as AH is enabled and properly configured.

Central Site Remote Access Switch 237

Image 237

Enterasys Networks CSX5500, CSX6000, CSX7000 manual 12345678 8888CCCC, 8888CCCC 12345678

Contents

USER’S Guide Virus Disclaimer Trademarks DOC Notice Contents Software Overview Hardware Installation Cfgedit Configuration Tools Security Overview Configuring System Options and Information Configuring Off-node Server Information Configuring Encryption Configuring Advanced Bridging Configuring IPX Central Site Remote Access Switch Configuring Snmp Configuring Other Advanced Options Verifying the Base System Verifying Routing Protocols LCD Messages System Commands System Statistics Routine Maintenance Cfgedit Map Using this Guide Cfgedit MAP Documentation SET Cfgedit Screens Guide Conventions User’s Guide System Overview CyberSWITCH Cyberswitch Hours of Usage Unique System Features USER’S Guide Central Site Remote Access Switch Interoperability Overview RadiusInteroperability Protocols Interoperability Devices Encryption Overview Network LayerLink Layer Network Interface Overview Security Overview System Components Isdn Remote Isdn Devices Switches Supported Hardware Overview System PlatformsPlatform Number Main Speed Slots CSX5500 System Platforms EMI To reduce the risk of electrical shock or energy hazards CSX6000 Cleaning the CSX6000 AIR Filter To reduce the risk of electrical shock or energy hazards CSX7000 Disk Drives Number of 1/3 height IDE disk drives supported Front View NE 2000-II a Network Express Platform Platform Characteristics NE 4000 a Network Express Platform USER’S Guide NE 5000 Platform a Network Express Platform Cleaning the NE 5000 AIR Filter EMI System Adapters Hardware CharacteristicsEthernet Adapters Mtbf Basic Rate Adapters 75000hrs Primary Rate Adapters PRI-8PRI-23 Jumper Usage PRI-23/30 Expander Adapter PRI-8, PRI-23, and PRI-23/30 Connection Adapter 35 Pin No Connect Ring Indicator Data Set Ready No Connect Gnd Signal ReturnTransmit Clock Receive Data No Connect With error control and data compression With error controlDigital Modems With data compression LSI Logic LR33000RISC DM-8Mvip DM-24 Encryption Adapter Software Overview Administration SoftwareOverview System Software System Files Configuration Files Operational Files User Level Security Files Accessing the CyberSWITCH System Installation Ordering NI-1 Lines Using EZ-ISDN Codes Ordering Isdn Service US onlyOrdering NI-1 Lines Using NI-1 Isdn Ordering Codes Ordering BRI Isdn Lines Using Provisioning Settings NI-1 AT&T Custom Point-to-Point Provisioning Settings for AT&T 5ESS Switches Unrestricted AT&T 5ESS NI-1 ServiceCSV limit CSV NB limit CSD limit CSD NB limit CSV limit Provision Settings for Northern Telecom DMS-100 SwitchesAny CSD limit PVC Number of call Appearances Version Functional YesBasic Information for Ordering PRI Isdn Lines US Only Disabled Type of SwitchOption Local Bell Operating Company Sprint PRE-INSTALLATION Requirements Hardware InstallationChoose a suitable setup location Verify system power requirements Provide a diskette for configuration backup Verify administration console requirementsIf you are installing only WAN adapters If you are installing WAN adapters and DM adapters If you are installing WAN adapters and an Encryption adapter Adapter Settings Configured Slot Interrupt Jumper Address Switch Setting SW1 Adapter Interrupt and I/O Address Settings DM-24 Adapter Interrupt and I/O Address Settings SW3 SW2 Mvip Settings Encryption Adapter SettingsDES/RSA Adapter OFF Additional Adapter Settings Line Type SettingsTop Left Top Pair Right Pair PRI-23 Clock Settings Jumper Jumper Setting North AmericanJ10 J11 J12 J13 J14 JP3 JP1JP6 JP9 Mvip Inserting the Adapters Into the Cyberswitch Connecting Multiple Adapters Connecting Adapter INTER-BOARD Cables Flat Bus Ribbon Cable Connecting a WAN Adapter to the LCD Summary of Guidelines Accessing the Cyberswitch Making ConnectionsDirect Connection NULL-MODEM Connection to a PC DCD DTR DSR RCV Xmit GND RTS CTS Remote Connection Using Telnet On the remote administration console side On the CyberSWITCH sideRemote Connections Modem to Modem COM1 From Cfgedit Options, select Default Async Protocol Establishing AN Administration Session Accessing the Release Notes Upgrading System Software Installing Software Couldn’t open the file C\SYSTEM\PLATFORM.NEI Upgrading System Software Local Upgrade Remote Upgrade Accessing the Release Notes Configuring Basic Bridging Basic Configuration Cfgedit Configuration Tools Executing Cfgedit Dynamic ManagementSaving Cfgedit Changes Executing Dynamic Management Saving Dynamic Management Changes Utility Dynamic Management Commands Using the Configuration Chapters Using the Network Worksheets Configuring Resources and Lines Configuring Resources Using CfgeditResources Resource Configuration Elements Resource Background Information PPP Lines Configuring Lines Using Cfgedit Characteristic PRI/T1 lines E1 line Multiframe CRCCommonChannel Select Change from the Data Lines menu of Physical Resources Auto TEI Line Configuration Elements Switch Type Number of Data Number of SPIDs Directory NumbersDMS100 custom NI-1 Directory Numbers Line Encoding Line Background Information Commport Information Subaddress Configuration Elements Configuring a Subaddress Using CfgeditSubaddresses Subaddresses Background Information ENABLING/DISABLING Bridging Using Cfgedit Configuring Basic BridgingSelect Enable/Disable Bridging MAC Layer Bridging Configuration Elements MAC Layer Bridging Background Information Configuring Basic IP Routing Enabling IP Using CfgeditInternet Protocol IP Option IP Option Configuration Elements IP Operating ModeConfiguring the IP Operating Mode Using Cfgedit IP Background Information IP Operating Mode Background Information IP Operating Mode Configuration Elements IP Network Interfaces Configuring Interfaces Using Cfgedit USER’S Guide Network Interface Configuration Elements MTU Transmit Broadcast IP Address Default switch for numbered WAN interfaces IP RIP Receive Control IP Network Interface Background Information IP Host RFC1294 IP Network Interface Type Associated Remote DeviceWAN Direct Host IP Host RFC1294 Hdlc Bridge USER’S Guide Example 1 LAN, WAN and WAN Direct Host Interfaces Example 2 LAN, WAN UnNumbered, WAN Remote LAN Interfaces IP RIP and the IP Network Interfaces Isdn Isdn IP RIP Over Dedicated Connections Isdn Redundant Configurations for Backup Network FlatteningProxy ARP Example IP Host Communications in Flattened Networks Secondary IP Addressing Static Routes Configuring Static Routes IP address for the destination network or host Static Route Configuration Elements Central Site Remote Access Switch Static Route Background Information Isdn Default Routes Configuring Default RoutesDefault Route Configuration Elements Routing Information Protocol RIP Option ENABLING/DISABLING IP RIP Using Cfgedit IP RIP Status IP RIP Configuration ElementsIP RIP Background Information LAN Security and Encryption Options Configuring Security Level Security Level Security Overview Device Level Databases System Options and Information Network Login Information User Level DatabasesOFF-NODE Server Information Configuring Security Level On-Node Yes Database Device Level User Level Administration Security No Security Configuring no Security Using Cfgedit Configuring Device Level Security Using Cfgedit Device Level SecurityDevice Level Security Background Information Configuring User Level Security Using Cfgedit User Level SecurityUser Level Security Background Information User Level Security Isdn Making a Telnet Connection Responding to Login Prompts Device and User Level Security Configuring Device and User Level Security Using CfgeditTacacs ACE Device and User Level Background Information Configuring System Options and Information Configuring System Options Using CfgeditSystem Options System Options System Options Configuration Elements PAP Chap Bridge MAC Calling Line Id Authentication Address PAP Chap System Options Background Information System Information Configuration Elements Configuring System Information Using CfgeditSystem Information Optional Calling Line Id Administrative Session Configuring Administrative Sessions Using CfgeditSystem Information Background Information Administrative Session Configuration Elements Administrative Session Background Information Emergency Telnet Server Port Number Background Information Configuring Device Level Databases Configuring AN ON-NODE Device DatabaseON-NODE Device Database ON-NODE Device Entries Configuring ON-NODE Device Entries On-node Device Entries No pvc configured for Device DAN SVC None 0.0 IP SubNetwork number ON-NODE Device Database Configuration Elements Base Data Rate Frame Relay Access Configuration Elements Chap Secret Outbound Authentication RIP/SAP Appletalk Information Configuration Elements Bridge Information Configuration Elements Bridging with Hdlc Bridge Devices ON-NODE Device Database Background Information Security Mode On-node Device Table Configuration Data IP Routing with Hdlc Bridge DevicesLine Id IP Routing with PPP IP Devices Using Ipcp IP Routing with IP Host Devices RFC1294PAP or Chap Bridging with PPP Bridge Devices Using BCP PAP Password orIP Routing with PPP Bridge Devices Using BCP OFF-NODE Device Database Location Configuring OFF-NODE Device Database Location Using Cfgedit OFF-NODE Device Database Location Background Information OFF-NODE Device Database Location Configuration Elements Configuring User Level Databases User Level Authentication Database LocationConfiguring Authentication Database Location Using Cfgedit Database Telnet Port Number Multiple Administration Login Names Configuring OFF-NODE Server InformationName John Doe Name mynode1 Address Remote Office1 Type communications server Configuring CSM Authentication Server CSM Authentication Server CSM Authentication Server Configuration Elements CSM Authentication Server Background InformationConfiguring a Radius Authentication Server Is SHAREDSECRET1234 Radius Authentication Server Background Information Radius Authentication Server Configuration Elements Select 5 Off-node Server Information Configuring a Radius Accounting Server Return to the Off-node Server Information Menu Radius Accounting Server Background Information Radius Accounting Server Configuration Elements Radius RFC2138 Enabling Radius Type Using Cfgedit Configuring the Dynamic Device Option Using Cfgedit Radius Type Configuration ElementsDynamic Device Option Radius Type Dynamic Device Configuration Elements Configuring a Tacacs Authentication Server Tacacs Authentication Server Tacacs Authentication Server Background Information Tacacs Authentication Server Configuration Elements Configuring AN ACE Authentication Server ACE Authentication Server ACE Authentication Server Configuration Elements ACE Authentication Server Background Information Configuring Network Login Information Network Login General ConfigurationConfiguring General Network Login Information Using Cfgedit Select the type of authentication desired Network Login Banners Network Login General Configuration Background InformationConfiguring Network Login Banners Using Cfgedit Login Configuration Specific to Radius Server Network Login Banners Background InformationConfiguring Radius Server Login Information Using Cfgedit Login Configuration Specific to Radius Server Configuring Tacacs Server Login Information Using Cfgedit Login Configuration Specific to Tacacs Server Login Configuration Specific to Tacacs Server USER’S Guide Configuration Configuring EncryptionConfiguring AN Encryption Adapter Using Cfgedit Select Add a Resource Select Add. Respond to the following series of questions Select IP Security Associations Select Device Level Databases Select On-node device entries Configuring Link Layer Encryption PPP Encryption only Encryption Configuration Elements Final Destination IP Address IP Network Layer Encryption Encryption Background Information 8888CCCC 12345678 12345678 8888CCCC Isdn Link Layer Encryption Interaction with Other Features For Link Layer encryption For IP Layer encryption Configuring Alternate Accesses Advanced Configuration Configuring Alternate Accesses Dedicated AccessesConfiguring a Dedicated Access Using Cfgedit Dedicated Access Background Information Dedicated Access Configuration Elements Configuring AN X.25 Access Accesses Accesses USER’S Guide Configuration Elements Lapb Configuration Elements Timers Maximum Window Size Nonstandard Default Transmit Window Size PVC Configuration Elements Access Background Information B1 B2 Frame Relay Accesses Configuring a Frame Relay AccessSelect Access Information Select Add a PVC Frame Relay General Configuration Elements LMI Frame Relay PVC Configuration ElementsLMI Format Dlci Value PVC Name Frame Relay Access Background Information Local Management Interface Overview Allowed Not Allowed Bridge Dial OUT Configuring Advanced Bridging Under ISDN, select Dial Out Phone Number Spanning Tree Protocol Configuring Spanning Tree Protocol Using Cfgedit Spanning Tree Protocol Background Information Spanning Tree Protocol Configuration Elements Configuring the Bridge Mode of Operation Using Cfgedit Bridge Mode of OperationBridge Mode of Operation Configuration Elements Bridge Mode of Operation Background Information Bridge Filters Configuring Bridge Filters Using Cfgedit Source MAC Filter Commands Protocol Definition Commands Destination MAC Filter Commands Protocol Filter CommandsPacket Data Filter Commands Lsap in HEX Bridge Filter Configuration Elements Bridge Filters Background Information Filter Type Maximum Number of EachFilter Destination MAC Source Discard Connect Destination Protocol Packet Unrestricted Mode Bridge Filters Central Site Remote Access Switch Packet matching this filter will not be forwarded Filter Action Distribution Result ListOn any LAN port. The packet will be sent to remote Sites connected over the WAN according to Sites connected over the WAN and to LAN port On LAN port 1. The packet will be sent to remoteAccording to the normal learning bridge methods On LAN port 2. The packet will be sent to remote Restricted Mode Forwarding Action Restricted Mode Bridge Filters Central Site Remote Access Switch Packet matching this filter will only be forward Filter Distribution Result Action ListEd on the LAN ports. The packet will not be sent to Any remote sites connected over the WAN Mote sites connected over the WAN or to LAN Ed on LAN port 1. The packet will not be sent to rePort Ed on LAN port 2. The packet will not be sent to re LAN ports. The packet will be sent to all Packet matching this filter will be discarded onPacket matching this filter will be discarded to Remote sites connected on the WAN. The packet Preliminaries Configuring a Destination MAC Address Filter Discard Connect Known Connect List Configuring the Known Connect List Known Connect List Background Information Known Connect List Configuration Elements Static ARP Table Entries Configuring Advanced IP Routing Static ARP Table Entries Configuration Elements Configuring Static ARP Table Entries Using CfgeditStatic ARP Table Entries Select Static ARP Table Entries from the IP menu Static Route Lookup VIA Radius Isolated Mode Configuring AN IP Address Pool Using Cfgedit Static Route VIA Radius Configuration ElementsIP Address Pool Configuration Elements IP Address Pool IP Address Pool Background Information IP Filters Configuring Packet Types Using Cfgedit Initiating the IP Filter Configuration Using Cfgedit TCP UDP Icpm Specify a control value any, established, or not established Select Icmp Type Select Add a Forwarding Filter Configuring Forwarding Filters Configuring Connection Filters Configuring Exception Filter Applying Filters Select IP InterfacesSelect Apply Global Forwarding Filter TCP and UDP Ports IP Filters Configuration Elements NEQ RangeIP Filters Background Information Forwarding Filters Packet Types Exception Filters Connection Filters Application to Network Interfaces Limitations Common Portion FTP WWW Sfvra Example of AN IP Filter Configuration Forward Dhcp Relay Agent Configuring a Dhcp Relay Agent Using Cfgedit Dhcp Background Information Dhcp Configuration Elements Router to Bridge Environment Bridge to Bridge Environment IP Router to IP Router with Relay Agents on both USER’S Guide Remote Bridge to IP Router w/Relay Agent = WAN Rlan Configuring the Dhcp Proxy Client Dhcp Proxy ClientSelect Dhcp Proxy Client Dhcp Proxy Client ENABLE/DISABLE Flag Sample Configuration IP Router with Dhcp Proxy Client Configuration for IP Router Chloe Configuring Security Associations Using CfgeditSecurity Associations Configuring DNS and Netbios Addresses Using Cfgedit DNS and Netbios Addresses DNS/NBNS Background Information DNS/NBNS Configuration Elements Configuring IPX Configuring IPX Information ENABLING/DISABLING IPX Using Cfgedit IPX Option Configuration ElementIPX Routing Option IPX Internal Network Number Configuration Element Configuring the IPX Internal Network Number Using CfgeditIPX Internal Network Number IPX Option Background Information Configuring IPX Network Interfaces Using Cfgedit IPX Network InterfacesIPX Network Number Background Information Displays the current IPX network interface data IPX Network Interface Configuration Elements SAP IPX Network Interface Configuration Elements IPX Network Interface Background Information Configuring IPX Routing Protocols Using Cfgedit IPX Routing Protocol Configuration ElementsIPX Routing Protocols SAP IPX Routing Protocol Background Information Special Considerations Remote LAN Interface IPX Static Routes Configuring IPX Static Routes Using Cfgedit IPX Static Routes Background Information IPX Static Routes Configuration Elements Configuring IPX Netware Static Services Using Cfgedit IPX Netware Static Services IPX Netware Static Services Configuration Elements IPX Netware Static Services Background Information Configuring IPX Spoofing Using CfgeditIPX Spoofing IPX Spoofing Background Information IPX Spoofing Configuration Elements Watchdog Protocol Configuring IPX Type 20 Packet Handling Using Cfgedit IPX Type 20 Packet Handling Configuration ElementsIPX Type 20 Packet Handling Configuring IPX Isolated Mode Using Cfgedit IPX Isolated ModeIPX Isolated Mode Configuration Elements IPX Isolated Mode Background Information Displaying WAN Peer List Configuring Triggered RIP/SAP Global Timers Using Cfgedit Triggered RIP/SAP Background Information IPX-SPECIFIC Information for Devices Configuring IPX Devices IPX-Specific Information for Devices Remote LAN Devices IPX Configuration Elements for Devices Enable Bridging and disable Make calls for bridge data None IPX Background Information for Devices Configuring Snmp Configuring Snmp Configuring Snmp Snmp Configuration Elements Snmp Background Information WAN Central Site Remote Access Switch CT-CONTAINER-MIB CT-WAN-MIB CTMIB2-EXT-MIB Using Cabletron NMS Systems Configuring Appletalk Routing Enabling Appletalk Routing Using CfgeditAppletalk Routing Option Configuring Appletalk Ports Using Cfgedit Appletalk Routing Option Configuration ElementAppletalk Ports Appletalk Routing Background Information Appletalk Ports Configuration Elements Appletalk Ports Background Information Overview Configuring Appletalk Static Routes Using Cfgedit ConfigurationAppletalk Static Routes Considerations Configuring Appletalk Capacities Using Cfgedit Appletalk Routing Static Routes Configuration ElementsAppletalk Capacities Configuration Elements Appletalk Capacities Configuring the Appletalk Isolated Mode Using Cfgedit Appletalk Isolated ModeAppletalk Isolated Mode Configuration Elements Appletalk Capacities Background Information Call Control Menu Configuring Call Control Throughput Monitor Configuring the Throughput Monitor Throughput Monitor Background Information Throughput Monitor Configuration Elements 90% Condition Trigger Number Window Size Utilization Underload Condition Monitoring USER’S Guide Monthly Call Charge Call Interval Parameters Configuring Call Restrictions Using Cfgedit Monthly Call Charge Configuration ElementsCall Restrictions Monthly Call Charge Background Information Call Restriction Configuration Elements Maximum Calls PER DAY Maximum Call Minutes PER Month Configuring Bandwidth Reservation Bandwidth ReservationCall Restrictions Background Information Bandwidth Reservation Select Bandwidth Reservation Bandwidth Reservation Configuration Elements Configuring Semipermanent Connections Using Cfgedit Semipermanent ConnectionsBandwidth Reservation Background Information Semiperm Semipermanent Connections Configuration Elements Call Device CommandsSemipermanent Connections Background Information Throughput Monitor Call Restrictions CSM AS a Call Control Manager Configuring CSM for Call Control Using Cfgedit Call Control Management Configuring D Channel Callback Using Cfgedit Channel CallbackSelect D Channel Callback Channel Callback Background Information Channel Callback Configuration Elements Modem Inactivity Timeout Configuration Elements Digital Modem Inactivity Timeout Modem Inactivity Timeout Background Information Configuring for a Digital Modem Using Cfgedit Configuring Other Advanced OptionsDigital Modem For IP routing For IPX routing For AppleTalk routingDigital Modem Background Information Digital Modem PPP Mode Using Cfgedit Default Async Protocol Terminal Mode Using Cfgedit Call Disconnect Using CfgeditDefault Async Protocol Configuration Elements Data Timeout Value Autosense Feature PPP Configuration Configuring PPPPPP Configuration Elements PPP Configuration PPP Background Information Configuring Default Line Protocol Using Cfgedit Default Line Protocol Default Line Protocol Background Information Default Line Protocol Configuration ElementsConfiguring LOG Options Using Cfgedit LOG Options LOG Options Configuration Elements From Log Options, select Authentication Message DA logSelect Add a Syslog Server From Log Options, select Call Detail Recording LOG Options Background Information UDP Port Central Site Remote Access Switch System Messages CDR Log Report Call Detail Recording Events Event Report Contents Record Disconnect/Term Disconnect Event Report Contents Connect/Term Connect Event Report Contents Term Succ Event Report Contents Reject Event Report ContentsTerm Fail Event Report Contents System Up Event Report Contents Verify Event Report Contents Configuring Compression Options Using CfgeditCompression Options Compression Options Configuration Elements Compression Options Background Information Central Site Remote Access Switch Configuring Tftp Tftp Configuration ElementsTftp Background Information Configuring File Attributes File Attributes Configuration ElementsFile Attributes File Attributes Background Information ARP Verification and Diagnosis Verifying the Base System Hardware Resources OPERATIONAL?WAN Adapter INITIALIZED? LAN Adapter INITIALIZED? To correct the problem, try the following Verifying WAN Line Availability WAN Lines Available for USE? Dedicated Serial Connections LAN Connection OPERATIONAL? Try the following to correct the problem Bridge INITIALIZED?IP Router INITIALIZED? Set-up Remote Device Connectivity Security Rejection-Invalid Calling Line Id # To verify multi-level security MULTI-LEVEL Security Disabled IP Host ModeIP Host Mode OPERATIONAL? IP Host INITIALIZED? Try the following Dedicated Connections Alternate Accesses Frame Relay Connections Connections A Terminal Server Menu Verifying Routing Protocols IP Routing OPERATIONAL?IP Routing Over a LAN Interface IP Routing Over a WAN Interface Ping 192.100.1.1 return IP Routing Over a WAN Direct Host Interface 100.0.0.1 100.0.0.0 Host B 100.0.0.3 Host a 100.0.0.2 IP Routing Over a WAN Remote LAN Interface IP Routing Over a WAN Unnumbered Interface Ip filter trace discard return IP Filters If you are still experiencing problems Ip filter trace off returnIP RIP INITIALIZED? IP RIP Output Processing on a LAN Interface IP RIP Input Processing on a LAN Interface IP RIP Output Processing on a WAN Interface IP RIP Input Processing Operational on a WAN Interface IPX Router INITIALIZED? IPX IPX Routing Over a LAN Connection IPX Routing OPERATIONAL? IPX Remote LAN Connection Xxxx Triggered RIP/SAP IPX Routing Over a WAN Connection Ipx trigreq device Appletalk Routing Appletalk Routing INITIALIZED?Appletalk Routing OPERATIONAL? Appletalk Routing Over the LAN Connection Atalk port Appletalk Routing Over a WAN Connection USER’S Guide Snmp Verifying System Options USER’S Guide Dial OUT Set Up Call Detail Recording Compression CyberSWITCH does not have Compression Enabled Reserved BandwidthPeer Protocol-Rejects CCP Verifying Dhcp Relay Agent Initialization Verifying the Relay Agent is Enabled Verifying the Relay Agent is Operational USER’S Guide Verifying Dhcp Proxy Client Initialization Verifying the Proxy Client is Enabled Verifying the Proxy Client is Operational Ip addrpool return Modem Callback Verifying a Semipermanent Connection Proxy ARP Proxy ARP LCD Messages Troubleshooting LCD Message Groups LCD MessagesInitialization LCD Message Normal Operation LCD Messages Error LCD Messages LCD Message Groups Auto Over Max Charge System Messages Informational Messages Error MessagesInitialization Messages Normal Operation Messages Port LAN Adapter, operating in local and remote mode Port LAN Adapter, operating in remote mode onlyCall has exceeded the configured maximum duration System Message Summary Adapter #’x’ failed to respond from bootstrap Acct Warning code TimeoutActivation Failure- Session not active Adapter does not respond adapter #’x’ Attempt to initialize unconfigured DM card in slot slot # Attempting to load FileName for UpgradeAuth ACE Could not create service file Auth ACE Could not write service file Auth ACE Login rejected user user name Auth ACE Error receiving server log message acknowledgmentAuth ACE Node verification received Client initialized Auth Radius Chap rejected for device device name Auth Radius IP Host rejected IP Host id IP host Id Auth Radius Login rejected device device nameAuth Radius IP Resolve rejected IP Address IP address Auth Radius PAP rejected device device name Auth Warning code 0001 Timeout Auth Tacacs Login rejected user user nameAuth Warning code 0004 No authentication node available Auth Warning code 0007 Authentication mode mismatch Bootstrap came alive on DM card in slot slot # Booting System SoftwareBootstrap came alive on WAN card in slot slot # Bad auth result in smgrauthaanotify for device device name Calculating CRC’s Call Restrictions have been disabled by user commandCallback type call back type ID is not currently supported CallID in use in Hostcallrequest Call Restriction statistics reset for new day Call Restrictions have been enabled by user commandCall Restriction statistics reset for new month Call Restrictions will allow calls to be made this hour Central Site Remote Access Switch Cause Code Event Cause cause code received for Dlci dlci indexCCP Internal Decompression Failure CCP Option Negotiation Failure, Non-Convergence detected Chap Authentication Failure remote device not responding Channel in use in HostcallrequestCNTR-TMRTimed out waiting for TMR number interrupt Couldn’t find speech service slot #, port # Configured adapter # ’x’ type does not existCurrent monthly charges reset for new month Connection disconnected for license violation DCE Data Rate is invalid on FrStartPVC Data link test successful DSL port # , CESDedicated connection down slot #, port # DHCP-P Failed to close UDP port x, erc = y DHCP-P Proxy Client enabled DHCP-P Proxy Client disabledDHCP-P Proxy Client initialization failed DHCP-P UDP port 67 closed DHCP-R Relay Agent enabled DHCP-R Relay Agent disabledDHCP-R Failed to close UDP port 67, erc = DHCP-R Failed to open UDP port 67, erc = DM card in slot slot # signals it is operational DM card in slot slot # is not usable, could not upgradeDM card type configured in slot slot # does not exist DM card failed Flash download bad xx Srec DM upgrade started. Board=board #, Modem=modem # DM card in slot slot # will not come out of resetDM upgrade success. Board=board #, Modem=modem # Downloading Bootstrap to DM card in slot slot # Error closing file ’s’ Edrv transmit error error codeError downloading bootstrap program to adapter #’x’ Error downloading operational software to adapter ’x’ Error during port initialization Access access index Error during channel initialization Access access indexError during PVC initialization Access access index Error initializing WAN card WAN card Id Error programming adapter #’x’ hardware Error opening file \system\ethernt2.binError reading file file name, section = section name Error reading sdconf.rec file Facility not subscribed Slot=slot # Port=port # Failed to get a tone signaling sessionFailed to allocate enough memory for Xilinx load file Failed to obtain Terminal info in smgrprocterminalauthsess Failure during read of file ’s’ Failure during Static RAM test on adapter # ’x’Failure to allocate enough memory for Xilinx load file Central Site Remote Access Switch Formatting Flash Memory File Access ErrFrietf detected PPP protocol from NAME, shutting down PVC Frame Relay event queue full Interrupt fault on WAN Adapter in Slot slot # Installing File Set into Flash MemoryInvalid Cllm received on Access access index Invalid Password password given IP x.x.x.x not added to the pool Unknown error y IP Error from ESP datagram discardedInvalid SERIAL.001 file present, file is ignored Invalid serial number in SERIAL.001, file is ignored IP Invalid configuration for Network Interface dd IP Default Route not added, invalid next hop IP address #IP Cannot stop Proxy Arp for IP address #, no cmd buf avail IP Failed to de-register with IP Address Pool Manager erc=x IP IP host is initialized successfully IP Invalid Peer IP Address IP address, WAN IP Stream ClosedIP IP router is initialized successfully IP Network initialized successfully on ddd.ddd.ddd.ddd Ipcp Option Negotiation Failure, Non-Convergence detected Ipcp IP Address Pool Out of IP addressesIpcp Remote device does not negotiate IP address IP Host Call Dropped XID was not received from remote IP RIP Buffers allocated IP RIP All network interfaces usedIP RIP Initialization failed, unable to allocate buffers IP RIP Send queue full IPX Network initialized successfully on IPX Invalid Ipxwc passedIPX Network Interface on LAN port port # not initialized IPX IPX router initialized successfully IPX SAP Unable to add service, service table full IPX SAP Space available in service tableIpxwan IPX Internal Network Number must be configured IPX SAP Buffers allocated LAN Adapter configuration conflict LAN Adapter Command TimeoutLAN Adapter Fatal Error Reported LAN Adapter HW upgrade may be required LAN Adapter Response Timeout LAN Adapter ResetLAN Adapter System resource error LAN Init Error LMI alarm on Access access index LAN Xmit ErrorLMI alarm reset Access access index Manage Mode updates have been successfully committed Mismatch of configured and installed DM card in slot slot # Memory Access TimeoutManual restart initiated on DM board in slot slot # Max ATI3 retries exceeded on modem modem # of slot slot # Modem revision on modem modem # of slot slot # failed Modem modem # of DM card in slot slot # is unusableNegotiation Failure with Semipermanent device Network loop between site1 and site Network sent Status with state = 0, tear down call Network sent Cause Spid not supported slot #, port #No Active Calls Active Sites No Active List entry available in INM No Sites Connected Out of LAN Adapter transmit command descriptorsNot enough memory for Security module Offnode server lookup of Dial Out User failed PAP Identification timeout on remote device Auto For over 5 minutes Report problem to Phone companyPAP Invalid password for name given by remote device Out Svc # slot # , port # PAP Unknown name name given by remote device PAP Remote device rejected System Information error messagePost number, Hdlc #number External Loopback Test Failed Post number, Hdlc #number Internal Loopback Test Failed PVC not allocated for dlci index PVC for Dlci dlci index not ActivePVC rcv wait q already full R2 not capable of Multichannel or Non-circuit calls RBSoutSMchannel # Timeout waiting for Wink RBS LIFAddTimer failureReattempting to Install File Set into Flash Memory Rebooting Reserved signal Replace Lithium Battery Contact your RepresentativeReceived charge amount charge amount Remote peer ID discrepancy Security Rejection No Password given by caller Security Rejection Invalid Password password givenSecurity Rejection Timeout on Startup Complete Security Rejection Caller did not negotiate security Semipermanent. Device x reconnected by admin Semipermanent. Device x disconnected by adminSignal for unknown CallCmd task task Id Slot #, port # Cfg Error Snmp Snmp initialization failure unable to open UDP port Snmp Authentication failure, unknown community nameSnmp Snmp initialized successfully Snmp Unable to obtain an Snmp Trap queue entry buffer SSB i960 Post number not equal to i386’s SSB Post 27 i960timer82c54FAILURESSB Post 23 i960hostintreg Failure SSB Post 24 i960iointreg Failure SSB Post 33 i960hdlc2 Failure SSB Post 32 i960hdlc1 FailureSSB Post 34 i960hdlc3 Failure SSB Post 35 i960hdlc4 Failure Switch could not recognize phone number nnnnnnn Successfully Loaded Release X.Y Issue ZSystem Clock Fault on Wan Adapter in Slot slot # TCP Connection to CSM at IP address is UP Tftp Local error #3 Server not initialized Tftp Local error #2 Feature not initializedTftp Local error #4 UDP rejected packet filename Tftp Local error #5 UDP open failed Tftp Local error #15 Bad mode string Tftp Local error #14 Bad file nameTftp Local error #18 Unable to open file filename Tftp Local error #19 Disk full filename Tftp Remote error # 2 Text from Remote Host Tftp Remote error # 1 Text from Remote HostTftp Remote error # 3 Text from Remote Host Tftp Remote error # 4 Text from Remote Host Timeout detected on connection establishment This card does not support R2 SignalingTimeout detected on receiving caller’s number Timeout on Startup Complete Too many digits in TN in Hostcallrequest Type mismatch of configured & installed adapter # ’x’Tried to free unallocated buffer sub name, size=size Unable to Decrypt Datagram Unable to open Modem Upgrade file Unable to open \config\devdb.nei fileUnable to restore original ISRs for Interrupt interrupt # Unable to get Digital Modem resource to place call Unmatched Login Task Unexpected error during transmission of LMI frameUpdating CyberSWITCH from FileName Unknown Calling Bridge MAC address Watchdog timeout detected on DM board in slot slot # WAN card in slot slot # signals it is operationalWatchdog timeout detected on WAN board ’x’ X25 facilities error, facilities not allowed in PVC X25 facilities error, invalid facilities length X25 facilities error, bad facility lengthX25 facilities error, invalid DTE address X25 facilities error, facility not allowed X25 facilities error, packet length negotiation not allowed X25 facilities error, facility not availableX25 facilities error, window size negotiation not available X25 facilities error, Rpoa not available Zone allocation failed, maximum capacity already configured Trace Messages Location Causes Call Trace Messages Call Trace Message Summary Configure ack slot # Inband treatment has been applied-BRD CFG ACK Slot=slot # Init data link slot #, port #, ces Interworking unspecified cause Out configure port #Off-hook warning tone on Origination call address is non-ISDN Out init data link slot #, port # , ces Received unknown signal valueRecall dial tone on Received unknown progress value IP Filters Trace Messages PPP Packet Trace Messages Configure ACK Configure RequestConfigure NAK Configure Reject Echo Reply Trace MessagesDiscard Request Trace Message Summary X25 DCE RR LCN logical channel number, number of bytes bytes X25 Data LCN logical channel number, number of bytes bytes System is sending a call request to the network Lapb Trace Message Summary Lapb Trace Messages Lapb UA Lapb SabmeOut Lapb Disc Out Lapb DM Remote Management System Maintenance Remote Management SITE.HQ Usage Instructions Installation and Configuration Isdn Telnet Earlier Releases Central Site Remote Access Switch Setting UP Server Type Setting UP a NEW NumberWIN95 DIAL-UP Networking General tab Dialing OUT Site HQ Isdn Users Report Files Statistics Files Config files Other Files Carbon Copy Changing Carbon Copy Configuration Parameters COM1 Modem Type Baud Rate Performing a File Transfer Using Carbon Copy Running Without Carbon Copy Copy LCNETWORK.NEI HC\CONFIG\NETWORK.NEI Removing Carbon Copy Accessing Administration Services System Commands Accessing Dynamic Management Setting the IP Address Viewing Operational Information Neif Connected Second column is the potential number of connections Viewing Throughput Information Throughput Monitor Contents Clearing Operational Information Saving Operational Information CONFIGURATION-RELATED Commands Terminating and Restarting the Cyberswitch Setting the Date and Time Terminating Administration SessionsLogin-Id Appletalk Routing Commands State Type Network range Default zoneFlags Physical address Zones valid Distance Zone Bridge Commands Call Control Commands Indicates that a call request process has been initiated Call peer phone number data rate device bearer Calling phone number at data rate, device PPP Call Restriction Commands Call Detail Recording Commands Compression Information Commands CSM CommandsDhcp Commands Digital Modem Commands Frame Relay Commands Clears all statistics associated with the fr stat command IP Routing Commands Disables the trace Mask used for the destination Time since the last update was received IPX Routing Commands Ipx diag host ipx address timeout Isdn Usage Commands LOG Commands LAN Commands Packet Capture Commands Pkt display Banyan Vines Packet Detail Screen Bridged Packet Radius Commands Radius ipres Snmp Commands Serial Interface CommandsSpanning Tree Commands Spanning Tree Port Information Spanning Tree Bridge Information Bridge priority of the root bridge TCP Commands Telnet Commands Possible send parameters are defined as follows Terminal Commands Tftp GET Tftp Commands Tftp PUT Trace Commands User Level Security Commands UDP Commands WAN Commands Commands Clears the statistics for the default VC Connectivity Statistics System Statistics Call Restriction Statistics Call StatisticsThroughput Monitoring Statistics Appletalk Protocol Statistics Appletalk Statistics Number of AppleTalk Echo requests received Count of AppleTalk Echo replies received Number of NBP LookUp Requests received Appletalk Port Statistics Call Detail Recording Statistics Bridge Statistics Compression Statistics Compression Related StatisticsDecompression Related Statistics Dhcp Statistics Dhcp Relay Agent statistics and Dhcp Proxy Agent statisticsCommon Dhcp Statistics Dhcp Relay Agent Statistics Dhcp Proxy Client Statistics Access Related Statistics Digital Modem StatisticsFrame Relay Statistics Init PVC Related Statistics LAN Statistics IP Group Statistics IP Statistics Number of IP datagrams successfully reassembled Icmp Group Statistics IPX General Statistics IPX Statistics Network number portion of the IPX address of this system IPX RIP Statistics IPX Route Statistics IPX Triggered RIP Statistics IPX Triggered SAP Statistics IPX SAP Statistics RIP Statistics IPX Service StatisticsRIP Global Statistics RIP Interface Statistics Snmp Statistics Serial Interface Statistics SnmpInBadVersions SnmpInGetNexts TCP Statistics Tftp Statistics Statistics for Server or Remote Initiated Tftp ActivityStatistics for Local or Client Initiated Tftp Activity Statistics for ALL Tftp Activity UDP Statistics WAN Frietf Statistics WAN L1P Statistics Layer 1 PRI Error Statistics Layer 1 General Statistics WAN Statistics Statistics Maximum number of active VCs allowed at any time Virtual Circuit VC Related Statistics USER’S Guide INSTALLING/UPGRADING System Software Routine MaintenanceExecuting Configuration Changes Making Changes Using Cfgedit Configuration Backup and Restore Making Changes Using Manage ModeObtaining System Custom Information System Worksheets Appendices System Adapters Ethernet Adapter Ethernet Adapter Side View Basic Rate Adapter BRI-4 Adapter Side View Primary Rate Adapters PRI-8 Front View PRI-8 Adapter Side View PRI-23 Adapter PRI-23/30 Adapter Front View PRI-8 Expander Adapter Side View Front View Adapter Side View Front View RS232 Adapter Side View Digital Modems DM-8 DM-8 Adapter DM-24 Adapter OFF DM-24+/DM-30+ DM-24+ Adapter DM-24+ Adapter Back view USA System Worksheets Network Topology System Details ResourcesLines Over Isdn Accesses Device Information Authentication Information Frame Relay Information IP Routing Bridging and Routing Information IPX Routing IP Routing AppleTalk Routing/Port Information Appletalk Routing IPX Main MenuSnmp PPP FR DBU Physical Resources Menu WAN Rlan Options MenuDhcp SPI Snmp FR DBU Security Menu CSM Radius Tacacs ACESVC, PVC PPP STAC-L25 CSM RadiusCSM TCP port Reporting Problems Getting AssistanceContacting Cabletron Systems To Customer Service From Phone FAX Cabletron Systems System Problem ReportNumber of Pages Including this Administrative Console Commands Table Verifies call detail recording servers are configured Command Use Cdr verifyClears administration screen Displays authentication messages Administrative Console Commands Table Local log file only displays the call detail recording log Generates a triggered RIP/SAP update request toLog cdr erase Local log file only erases the call detail recording log Changes password for current access level Displays the current Tftp statistics Displays system errors and system messages Access or the specified access Writes current authentication messages to diskSets LCN index default value to m Specified X.25 access Manage Mode Commands Table Address pool Adds/changes/deletes an IPX address from the IPX Ipxsvc add/change/delete Adds/changes/deletes an IPX service Central Site Remote Access Switch Cause Codes Table Cause Codes Table USER’S Guide Central Site Remote Access Switch USER’S Guide Central Site Remote Access Switch Unknown Dec Value Hex Value Cause Index AtalkBr stat Clid 195 Date Cr stats 596 crossover cable Ip addrpool Help 113 Ipcp Isdn usage commands 607 isolated mode Netstat -r 443 network flattening Modem devices STAC-LZS Offnode 213, 216 Restart 585 restore Radius Server configuring Srcfilt 270 startne Snmp 352 snmp stats 614 socket number 336 software Trace lapb Terminal mode 33, 102, 392, 393 Wan Wr 72, 584 ws 72