Manuals / Enterasys Networks / Computer Equipment / Network Router

Enterasys Networks CSX5500, CSX6000, CSX7000 Example of AN IP Filter Configuration, FTP WWW Sfvra

Models: CSX7000 CSX6000 CSX5500

1 729

Download 729 pages 41.51 Kb

Page 306

USER’S GUIDE

EXAMPLE OF AN IP FILTER CONFIGURATION

This example provides a simple filtering scenario in which a corporate LAN utilizes a CyberSWITCH to provide WAN access to both dial-in devices as well as the global Internet. A Netserver resides on the LAN to provide configuration support for the CyberSWITCH. Also on the LAN are an anonymous FTP server and a WWW server.

		FTP			WWW			SFVRA
Host	Host	Server			Server			Manager

Internet

128.131.25.10 128.131.25.12 128.131.25.11

128.131.25.15

193.57.50.1

Host Host

CSX5500

ISDN

Remote User

Remote User

Remote User

The following are the requirements/restrictions to be addressed by IP filters:

•No outside access allowed to the Netserver or the CyberSWITCH.

•The FTP and WWW servers must be accessible from anywhere.

•Corporate hosts (including dial-in devices) may initiate TCP-based sessions with the Internet, but not vice-versa. This covers the main IP applications such as TELNET, FTP, SMTP server and HTTP. An assumption for FTP is that the client program supports the “PASV” option, in which the data-transfer TCP connection is initiated by the client.

•No UDP traffic.

The interface to the Internet is via a numbered IP interface, which has the following filter applied to its Input stage. Using a final action of DISCARD, the strategy for the filter is to restrict everything but an explicitly permitted set of traffic.

306 CyberSWITCH

Image 306

Enterasys Networks CSX5500, CSX6000, CSX7000 manual Example of AN IP Filter Configuration, FTP WWW Sfvra

Contents

USER’S Guide Virus Disclaimer Trademarks DOC Notice Contents Software Overview Hardware Installation Configuration Tools CfgeditSecurity Overview Configuring System Options and Information Configuring Off-node Server Information Configuring Encryption Configuring Advanced Bridging Configuring IPX Central Site Remote Access Switch Configuring Snmp Configuring Other Advanced Options Verifying the Base System Verifying Routing Protocols LCD Messages System Commands System Statistics Routine Maintenance Cfgedit Map Using this Guide Documentation SET Cfgedit MAPGuide Conventions Cfgedit ScreensUser’s Guide CyberSWITCH System OverviewCyberswitch Unique System Features Hours of UsageUSER’S Guide Central Site Remote Access Switch Interoperability Overview RadiusInteroperability Protocols Interoperability Devices Encryption Overview Network LayerLink Layer Security Overview Network Interface OverviewIsdn System ComponentsRemote Isdn Devices Switches Supported Hardware Overview System PlatformsPlatform Number Main Speed Slots CSX5500 System Platforms EMI To reduce the risk of electrical shock or energy hazards CSX6000 Cleaning the CSX6000 AIR Filter To reduce the risk of electrical shock or energy hazards CSX7000 Disk Drives Number of 1/3 height IDE disk drives supported NE 2000-II a Network Express Platform Front ViewPlatform Characteristics NE 4000 a Network Express Platform USER’S Guide NE 5000 Platform a Network Express Platform Cleaning the NE 5000 AIR Filter EMI Ethernet Adapters Hardware CharacteristicsSystem Adapters MtbfBasic Rate Adapters 75000hrs Primary Rate Adapters PRI-8PRI-23 PRI-23/30 Jumper UsagePRI-8, PRI-23, and PRI-23/30 Connection Expander AdapterAdapter 35 Pin Transmit Clock Data Set Ready No Connect Gnd Signal ReturnNo Connect Ring Indicator Receive Data No ConnectDigital Modems With error controlWith error control and data compression With data compressionMvip DM-8LSI Logic LR33000RISC DM-24Encryption Adapter Overview Administration SoftwareSoftware Overview System SoftwareConfiguration Files System FilesOperational Files User Level Security Files System Installation Accessing the CyberSWITCHOrdering NI-1 Lines Using NI-1 Isdn Ordering Codes Ordering Isdn Service US onlyOrdering NI-1 Lines Using EZ-ISDN Codes Ordering BRI Isdn Lines Using Provisioning SettingsProvisioning Settings for AT&T 5ESS Switches NI-1 AT&T Custom Point-to-PointCSV limit CSV NB limit AT&T 5ESS NI-1 ServiceUnrestricted CSD limit CSD NB limitAny Provision Settings for Northern Telecom DMS-100 SwitchesCSV limit CSD limitPVC Number of call Appearances Version Functional YesBasic Information for Ordering PRI Isdn Lines US Only Option Local Bell Operating Company Type of SwitchDisabled SprintChoose a suitable setup location Hardware InstallationPRE-INSTALLATION Requirements Verify system power requirementsIf you are installing only WAN adapters Verify administration console requirementsProvide a diskette for configuration backup If you are installing WAN adapters and DM adaptersAdapter Settings If you are installing WAN adapters and an Encryption adapterAdapter Interrupt and I/O Address Settings Configured Slot Interrupt Jumper Address Switch Setting SW1DM-24 Adapter Interrupt and I/O Address Settings SW2 SW3DES/RSA Adapter Encryption Adapter SettingsMvip Settings OFFAdditional Adapter Settings Line Type SettingsTop Left Top Pair Right Pair PRI-23 Clock Settings Jumper Jumper Setting North AmericanJ10 J11 J12 J13 J14 JP6 JP1JP3 JP9 MvipInserting the Adapters Into the Cyberswitch Connecting Adapter INTER-BOARD Cables Connecting Multiple AdaptersFlat Bus Ribbon Cable Connecting a WAN Adapter to the LCD Summary of Guidelines Accessing the Cyberswitch Making ConnectionsDirect Connection DCD DTR DSR RCV Xmit GND RTS CTS NULL-MODEM Connection to a PCRemote Connection Using Telnet Remote Connections Modem to Modem On the CyberSWITCH sideOn the remote administration console side COM1From Cfgedit Options, select Default Async Protocol Establishing AN Administration Session Accessing the Release Notes Installing Software Upgrading System SoftwareCouldn’t open the file C\SYSTEM\PLATFORM.NEI Local Upgrade Upgrading System SoftwareRemote Upgrade Accessing the Release Notes Basic Configuration Configuring Basic BridgingConfiguration Tools CfgeditSaving Cfgedit Changes Dynamic ManagementExecuting Cfgedit Executing Dynamic ManagementUtility Dynamic Management Commands Saving Dynamic Management ChangesUsing the Network Worksheets Using the Configuration ChaptersConfiguring Resources and Lines Configuring Resources Using CfgeditResources Resource Configuration Elements Resource Background Information PPP Configuring Lines Using Cfgedit LinesCharacteristic PRI/T1 lines E1 line Multiframe CRCCommonChannel Select Change from the Data Lines menu of Physical Resources Line Configuration Elements Auto TEISwitch Type Number of Data Number of SPIDs Directory NumbersDMS100 custom NI-1 Directory Numbers Line Encoding Commport Information Line Background InformationSubaddresses Configuring a Subaddress Using CfgeditSubaddress Configuration Elements Subaddresses Background InformationSelect Enable/Disable Bridging Configuring Basic BridgingENABLING/DISABLING Bridging Using Cfgedit MAC Layer Bridging Configuration ElementsMAC Layer Bridging Background Information Configuring Basic IP Routing Enabling IP Using CfgeditInternet Protocol IP Option Configuring the IP Operating Mode Using Cfgedit IP Operating ModeIP Option Configuration Elements IP Background InformationIP Operating Mode Configuration Elements IP Operating Mode Background InformationConfiguring Interfaces Using Cfgedit IP Network InterfacesUSER’S Guide Network Interface Configuration Elements MTU Transmit Broadcast IP Address Default switch for numbered WAN interfaces IP RIP Receive Control IP Network Interface Background Information WAN Direct Host IP Host RFC1294 IP Network Interface Type Associated Remote DeviceIP Host RFC1294 Hdlc BridgeUSER’S Guide Example 1 LAN, WAN and WAN Direct Host Interfaces Example 2 LAN, WAN UnNumbered, WAN Remote LAN Interfaces IP RIP and the IP Network Interfaces Isdn Isdn IP RIP Over Dedicated Connections Isdn Redundant Configurations for Backup Network FlatteningProxy ARP Secondary IP Addressing Example IP Host Communications in Flattened NetworksConfiguring Static Routes Static RoutesIP address for the destination network or host Static Route Configuration Elements Central Site Remote Access Switch Isdn Static Route Background InformationDefault Routes Configuring Default RoutesDefault Route Configuration Elements ENABLING/DISABLING IP RIP Using Cfgedit Routing Information Protocol RIP OptionIP RIP Background Information IP RIP Configuration ElementsIP RIP Status LANConfiguring Security Level Security and Encryption OptionsSecurity Overview Security LevelSystem Options and Information Device Level DatabasesNetwork Login Information User Level DatabasesOFF-NODE Server Information Configuring Security Level Database Device Level User Level Administration Security On-Node YesConfiguring no Security Using Cfgedit No SecurityConfiguring Device Level Security Using Cfgedit Device Level SecurityDevice Level Security Background Information Configuring User Level Security Using Cfgedit User Level SecurityUser Level Security Background Information User Level Security Isdn Responding to Login Prompts Making a Telnet ConnectionTacacs Configuring Device and User Level Security Using CfgeditDevice and User Level Security ACEDevice and User Level Background Information Configuring System Options and Information Configuring System Options Using CfgeditSystem Options System Options Configuration Elements System OptionsBridge MAC Calling Line Id Authentication Address PAP ChapSystem Options Background Information PAP ChapSystem Information Configuring System Information Using CfgeditSystem Information Configuration Elements Optional Calling Line IdAdministrative Session Configuring Administrative Sessions Using CfgeditSystem Information Background Information Administrative Session Configuration Elements Administrative Session Background Information Emergency Telnet Server Port Number Background Information Configuring Device Level Databases Configuring AN ON-NODE Device DatabaseON-NODE Device Database Configuring ON-NODE Device Entries ON-NODE Device EntriesOn-node Device Entries No pvc configured for Device DAN SVC None 0.0 IP SubNetwork number ON-NODE Device Database Configuration Elements Base Data Rate Frame Relay Access Configuration Elements Chap Secret Outbound Authentication RIP/SAP Appletalk Information Configuration Elements Bridge Information Configuration Elements ON-NODE Device Database Background Information Bridging with Hdlc Bridge DevicesSecurity Mode On-node Device Table Configuration Data IP Routing with Hdlc Bridge DevicesLine Id IP Routing with PPP IP Devices Using Ipcp IP Routing with IP Host Devices RFC1294PAP or Chap Bridging with PPP Bridge Devices Using BCP PAP Password orIP Routing with PPP Bridge Devices Using BCP Configuring OFF-NODE Device Database Location Using Cfgedit OFF-NODE Device Database LocationOFF-NODE Device Database Location Configuration Elements OFF-NODE Device Database Location Background InformationConfiguring User Level Databases User Level Authentication Database LocationConfiguring Authentication Database Location Using Cfgedit Database Telnet Port Number Name John Doe Name mynode1 Address Remote Office1 Configuring OFF-NODE Server InformationMultiple Administration Login Names Type communications serverCSM Authentication Server Configuring CSM Authentication ServerCSM Authentication Server Configuration Elements CSM Authentication Server Background InformationConfiguring a Radius Authentication Server Is SHAREDSECRET1234 Radius Authentication Server Configuration Elements Radius Authentication Server Background InformationConfiguring a Radius Accounting Server Select 5 Off-node Server InformationReturn to the Off-node Server Information Menu Radius Accounting Server Configuration Elements Radius Accounting Server Background InformationEnabling Radius Type Using Cfgedit Radius RFC2138Dynamic Device Option Radius Type Configuration ElementsConfiguring the Dynamic Device Option Using Cfgedit Radius TypeDynamic Device Configuration Elements Tacacs Authentication Server Configuring a Tacacs Authentication ServerTacacs Authentication Server Configuration Elements Tacacs Authentication Server Background InformationACE Authentication Server Configuring AN ACE Authentication ServerACE Authentication Server Configuration Elements ACE Authentication Server Background Information Configuring Network Login Information Network Login General ConfigurationConfiguring General Network Login Information Using Cfgedit Select the type of authentication desired Network Login Banners Network Login General Configuration Background InformationConfiguring Network Login Banners Using Cfgedit Login Configuration Specific to Radius Server Network Login Banners Background InformationConfiguring Radius Server Login Information Using Cfgedit Login Configuration Specific to Radius Server Login Configuration Specific to Tacacs Server Configuring Tacacs Server Login Information Using CfgeditLogin Configuration Specific to Tacacs Server USER’S Guide Configuring AN Encryption Adapter Using Cfgedit Configuring EncryptionConfiguration Select Add a ResourceSelect IP Security Associations Select Add. Respond to the following series of questionsConfiguring Link Layer Encryption PPP Encryption only Select Device Level Databases Select On-node device entriesEncryption Configuration Elements Final Destination IP Address Encryption Background Information IP Network Layer Encryption12345678 8888CCCC 8888CCCC 12345678Link Layer Encryption IsdnInteraction with Other Features For IP Layer encryption For Link Layer encryptionAdvanced Configuration Configuring Alternate AccessesConfiguring Alternate Accesses Dedicated AccessesConfiguring a Dedicated Access Using Cfgedit Dedicated Access Configuration Elements Dedicated Access Background InformationAccesses Configuring AN X.25 AccessAccesses USER’S Guide Configuration Elements Lapb Configuration Elements Timers Maximum Window Size Nonstandard Default Transmit Window Size PVC Configuration Elements Access Background Information B1 B2 Frame Relay Accesses Configuring a Frame Relay AccessSelect Access Information Select Add a PVC Frame Relay General Configuration Elements LMI Format Frame Relay PVC Configuration ElementsLMI Dlci ValuePVC Name Frame Relay Access Background Information Local Management Interface Overview Allowed Not Allowed Configuring Advanced Bridging Bridge Dial OUTUnder ISDN, select Dial Out Phone Number Configuring Spanning Tree Protocol Using Cfgedit Spanning Tree ProtocolSpanning Tree Protocol Configuration Elements Spanning Tree Protocol Background InformationBridge Mode of Operation Configuration Elements Bridge Mode of OperationConfiguring the Bridge Mode of Operation Using Cfgedit Bridge Mode of Operation Background InformationConfiguring Bridge Filters Using Cfgedit Bridge FiltersProtocol Definition Commands Source MAC Filter CommandsDestination MAC Filter Commands Protocol Filter CommandsPacket Data Filter Commands Bridge Filter Configuration Elements Lsap in HEXBridge Filters Background Information Filter Type Maximum Number of EachFilter Destination MAC Unrestricted Mode Bridge Filters Source Discard Connect Destination Protocol PacketCentral Site Remote Access Switch On any LAN port. The packet will be sent to remote Filter Action Distribution Result ListPacket matching this filter will not be forwarded Sites connected over the WAN according toAccording to the normal learning bridge methods On LAN port 1. The packet will be sent to remoteSites connected over the WAN and to LAN port On LAN port 2. The packet will be sent to remoteRestricted Mode Bridge Filters Restricted Mode Forwarding ActionCentral Site Remote Access Switch Ed on the LAN ports. The packet will not be sent to Filter Distribution Result Action ListPacket matching this filter will only be forward Any remote sites connected over the WANPort Ed on LAN port 1. The packet will not be sent to reMote sites connected over the WAN or to LAN Ed on LAN port 2. The packet will not be sent to rePacket matching this filter will be discarded to Packet matching this filter will be discarded onLAN ports. The packet will be sent to all Remote sites connected on the WAN. The packetConfiguring a Destination MAC Address Filter PreliminariesDiscard Connect Configuring the Known Connect List Known Connect ListKnown Connect List Configuration Elements Known Connect List Background InformationConfiguring Advanced IP Routing Static ARP Table EntriesStatic ARP Table Entries Configuring Static ARP Table Entries Using CfgeditStatic ARP Table Entries Configuration Elements Select Static ARP Table Entries from the IP menuIsolated Mode Static Route Lookup VIA RadiusIP Address Pool Configuration Elements Static Route VIA Radius Configuration ElementsConfiguring AN IP Address Pool Using Cfgedit IP Address PoolIP Filters IP Address Pool Background InformationInitiating the IP Filter Configuration Using Cfgedit Configuring Packet Types Using CfgeditTCP UDP Icpm Specify a control value any, established, or not established Select Icmp Type Configuring Forwarding Filters Select Add a Forwarding FilterConfiguring Connection Filters Configuring Exception Filter Applying Filters Select IP InterfacesSelect Apply Global Forwarding Filter IP Filters Configuration Elements TCP and UDP PortsNEQ RangeIP Filters Background Information Packet Types Forwarding FiltersConnection Filters Exception FiltersApplication to Network Interfaces Common Portion LimitationsExample of AN IP Filter Configuration FTP WWW SfvraForward Configuring a Dhcp Relay Agent Using Cfgedit Dhcp Relay AgentDhcp Configuration Elements Dhcp Background InformationBridge to Bridge Environment Router to Bridge EnvironmentIP Router to IP Router with Relay Agents on both USER’S Guide Remote Bridge to IP Router w/Relay Agent = WAN Rlan Configuring the Dhcp Proxy Client Dhcp Proxy ClientSelect Dhcp Proxy Client Dhcp Proxy Client ENABLE/DISABLE Flag Sample Configuration IP Router with Dhcp Proxy Client Configuration for IP Router Chloe Configuring Security Associations Using CfgeditSecurity Associations DNS and Netbios Addresses Configuring DNS and Netbios Addresses Using CfgeditDNS/NBNS Configuration Elements DNS/NBNS Background InformationConfiguring IPX Configuring IPX Information ENABLING/DISABLING IPX Using Cfgedit IPX Option Configuration ElementIPX Routing Option IPX Internal Network Number Configuring the IPX Internal Network Number Using CfgeditIPX Internal Network Number Configuration Element IPX Option Background InformationConfiguring IPX Network Interfaces Using Cfgedit IPX Network InterfacesIPX Network Number Background Information Displays the current IPX network interface data IPX Network Interface Configuration Elements SAP IPX Network Interface Configuration Elements IPX Network Interface Background Information Configuring IPX Routing Protocols Using Cfgedit IPX Routing Protocol Configuration ElementsIPX Routing Protocols IPX Routing Protocol Background Information SAPSpecial Considerations Remote LAN Interface Configuring IPX Static Routes Using Cfgedit IPX Static RoutesIPX Static Routes Configuration Elements IPX Static Routes Background InformationIPX Netware Static Services Configuring IPX Netware Static Services Using CfgeditIPX Netware Static Services Configuration Elements IPX Netware Static Services Background Information Configuring IPX Spoofing Using CfgeditIPX Spoofing IPX Spoofing Configuration Elements IPX Spoofing Background InformationWatchdog Protocol Configuring IPX Type 20 Packet Handling Using Cfgedit IPX Type 20 Packet Handling Configuration ElementsIPX Type 20 Packet Handling IPX Isolated Mode Configuration Elements IPX Isolated ModeConfiguring IPX Isolated Mode Using Cfgedit IPX Isolated Mode Background InformationConfiguring Triggered RIP/SAP Global Timers Using Cfgedit Displaying WAN Peer ListTriggered RIP/SAP Background Information Configuring IPX Devices IPX-SPECIFIC Information for DevicesIPX-Specific Information for Devices Remote LAN Devices Enable Bridging and disable Make calls for bridge data IPX Configuration Elements for DevicesNone IPX Background Information for Devices Configuring Snmp Configuring SnmpConfiguring Snmp Snmp Configuration Elements Snmp Background Information WAN Central Site Remote Access Switch Using Cabletron NMS Systems CT-CONTAINER-MIB CT-WAN-MIB CTMIB2-EXT-MIBConfiguring Appletalk Routing Enabling Appletalk Routing Using CfgeditAppletalk Routing Option Appletalk Ports Appletalk Routing Option Configuration ElementConfiguring Appletalk Ports Using Cfgedit Appletalk Routing Background InformationAppletalk Ports Configuration Elements Appletalk Ports Background Information Overview Appletalk Static Routes ConfigurationConfiguring Appletalk Static Routes Using Cfgedit ConsiderationsAppletalk Capacities Configuration Elements Appletalk Routing Static Routes Configuration ElementsConfiguring Appletalk Capacities Using Cfgedit Appletalk CapacitiesAppletalk Isolated Mode Configuration Elements Appletalk Isolated ModeConfiguring the Appletalk Isolated Mode Using Cfgedit Appletalk Capacities Background InformationConfiguring Call Control Call Control MenuConfiguring the Throughput Monitor Throughput MonitorThroughput Monitor Configuration Elements Throughput Monitor Background InformationCondition Trigger Number Window Size Utilization 90%Underload Condition Monitoring USER’S Guide Call Interval Parameters Monthly Call ChargeCall Restrictions Monthly Call Charge Configuration ElementsConfiguring Call Restrictions Using Cfgedit Monthly Call Charge Background InformationCall Restriction Configuration Elements Maximum Calls PER DAY Maximum Call Minutes PER Month Configuring Bandwidth Reservation Bandwidth ReservationCall Restrictions Background Information Bandwidth Reservation Bandwidth Reservation Configuration Elements Select Bandwidth ReservationConfiguring Semipermanent Connections Using Cfgedit Semipermanent ConnectionsBandwidth Reservation Background Information Semiperm Semipermanent Connections Configuration Elements Call Device CommandsSemipermanent Connections Background Information Call Restrictions Throughput MonitorConfiguring CSM for Call Control Using Cfgedit CSM AS a Call Control ManagerCall Control Management Configuring D Channel Callback Using Cfgedit Channel CallbackSelect D Channel Callback Channel Callback Configuration Elements Channel Callback Background InformationDigital Modem Inactivity Timeout Modem Inactivity Timeout Configuration ElementsModem Inactivity Timeout Background Information Digital Modem Configuring Other Advanced OptionsConfiguring for a Digital Modem Using Cfgedit For IP routingFor IPX routing For AppleTalk routingDigital Modem Background Information Digital Modem Default Async Protocol PPP Mode Using CfgeditTerminal Mode Using Cfgedit Call Disconnect Using CfgeditDefault Async Protocol Configuration Elements Data Timeout Value Autosense Feature PPP Configuration Configuring PPPPPP Configuration Elements PPP Configuration PPP Background Information Default Line Protocol Configuring Default Line Protocol Using CfgeditConfiguring LOG Options Using Cfgedit Default Line Protocol Configuration ElementsDefault Line Protocol Background Information LOG OptionsSelect Add a Syslog Server From Log Options, select Authentication Message DA logLOG Options Configuration Elements From Log Options, select Call Detail RecordingUDP Port LOG Options Background InformationCentral Site Remote Access Switch System Messages CDR Log Report Event Report Contents Call Detail Recording EventsRecord Connect/Term Connect Event Report Contents Disconnect/Term Disconnect Event Report ContentsTerm Fail Event Report Contents Reject Event Report ContentsTerm Succ Event Report Contents System Up Event Report ContentsVerify Event Report Contents Configuring Compression Options Using CfgeditCompression Options Compression Options Configuration Elements Compression Options Background Information Central Site Remote Access Switch Configuring Tftp Tftp Configuration ElementsTftp Background Information Configuring File Attributes File Attributes Configuration ElementsFile Attributes File Attributes Background Information Verification and Diagnosis ARPVerifying the Base System Hardware Resources OPERATIONAL?WAN Adapter INITIALIZED? To correct the problem, try the following LAN Adapter INITIALIZED?WAN Lines Available for USE? Verifying WAN Line AvailabilityDedicated Serial Connections LAN Connection OPERATIONAL? Try the following to correct the problem Bridge INITIALIZED?IP Router INITIALIZED? Remote Device Connectivity Set-upSecurity Rejection-Invalid Calling Line Id # MULTI-LEVEL Security To verify multi-level securityIP Host Mode OPERATIONAL? IP Host ModeDisabled IP Host INITIALIZED?Try the following Alternate Accesses Dedicated ConnectionsFrame Relay Connections Connections A Terminal Server Menu Verifying Routing Protocols IP Routing OPERATIONAL?IP Routing Over a LAN Interface IP Routing Over a WAN Interface Ping 192.100.1.1 return IP Routing Over a WAN Direct Host Interface 100.0.0.1 100.0.0.0 Host B 100.0.0.3 Host a 100.0.0.2 IP Routing Over a WAN Remote LAN Interface IP Routing Over a WAN Unnumbered Interface IP Filters Ip filter trace discard returnIf you are still experiencing problems Ip filter trace off returnIP RIP INITIALIZED? IP RIP Output Processing on a LAN Interface IP RIP Input Processing on a LAN Interface IP RIP Output Processing on a WAN Interface IP RIP Input Processing Operational on a WAN Interface IPX IPX Router INITIALIZED?IPX Routing OPERATIONAL? IPX Routing Over a LAN ConnectionIPX Remote LAN Connection Xxxx IPX Routing Over a WAN Connection Triggered RIP/SAPIpx trigreq device Appletalk Routing Appletalk Routing INITIALIZED?Appletalk Routing OPERATIONAL? Appletalk Routing Over the LAN Connection Atalk port Appletalk Routing Over a WAN Connection USER’S Guide Verifying System Options SnmpUSER’S Guide Dial OUT Set Up Call Detail Recording Compression CyberSWITCH does not have Compression Enabled Reserved BandwidthPeer Protocol-Rejects CCP Verifying the Relay Agent is Enabled Verifying Dhcp Relay Agent InitializationVerifying the Relay Agent is Operational USER’S Guide Verifying the Proxy Client is Enabled Verifying Dhcp Proxy Client InitializationVerifying the Proxy Client is Operational Ip addrpool return Modem Callback Verifying a Semipermanent Connection Proxy ARP Proxy ARP Troubleshooting LCD MessagesInitialization LCD Message LCD MessagesLCD Message Groups Normal Operation LCD MessagesError LCD Messages LCD Message Groups Auto Over Max Charge System Messages Initialization Messages Error MessagesInformational Messages Normal Operation MessagesCall has exceeded the configured maximum duration Port LAN Adapter, operating in remote mode onlyPort LAN Adapter, operating in local and remote mode System Message SummaryActivation Failure- Session not active Acct Warning code TimeoutAdapter #’x’ failed to respond from bootstrap Adapter does not respond adapter #’x’Auth ACE Could not create service file Attempting to load FileName for UpgradeAttempt to initialize unconfigured DM card in slot slot # Auth ACE Could not write service fileAuth ACE Node verification received Client initialized Auth ACE Error receiving server log message acknowledgmentAuth ACE Login rejected user user name Auth Radius Chap rejected for device device nameAuth Radius IP Resolve rejected IP Address IP address Auth Radius Login rejected device device nameAuth Radius IP Host rejected IP Host id IP host Id Auth Radius PAP rejected device device nameAuth Warning code 0004 No authentication node available Auth Tacacs Login rejected user user nameAuth Warning code 0001 Timeout Auth Warning code 0007 Authentication mode mismatchBootstrap came alive on WAN card in slot slot # Booting System SoftwareBootstrap came alive on DM card in slot slot # Bad auth result in smgrauthaanotify for device device nameCallback type call back type ID is not currently supported Call Restrictions have been disabled by user commandCalculating CRC’s CallID in use in HostcallrequestCall Restriction statistics reset for new month Call Restrictions have been enabled by user commandCall Restriction statistics reset for new day Call Restrictions will allow calls to be made this hourCentral Site Remote Access Switch CCP Internal Decompression Failure Cause cause code received for Dlci dlci indexCause Code Event CCP Option Negotiation Failure, Non-Convergence detectedChap Authentication Failure remote device not responding Channel in use in HostcallrequestCNTR-TMRTimed out waiting for TMR number interrupt Current monthly charges reset for new month Configured adapter # ’x’ type does not existCouldn’t find speech service slot #, port # Connection disconnected for license violationDedicated connection down slot #, port # Data link test successful DSL port # , CESDCE Data Rate is invalid on FrStartPVC DHCP-P Failed to close UDP port x, erc = yDHCP-P Proxy Client initialization failed DHCP-P Proxy Client disabledDHCP-P Proxy Client enabled DHCP-P UDP port 67 closedDHCP-R Failed to close UDP port 67, erc = DHCP-R Relay Agent disabledDHCP-R Relay Agent enabled DHCP-R Failed to open UDP port 67, erc =DM card type configured in slot slot # does not exist DM card in slot slot # is not usable, could not upgradeDM card in slot slot # signals it is operational DM card failed Flash download bad xx SrecDM upgrade success. Board=board #, Modem=modem # DM card in slot slot # will not come out of resetDM upgrade started. Board=board #, Modem=modem # Downloading Bootstrap to DM card in slot slot #Error downloading bootstrap program to adapter #’x’ Edrv transmit error error codeError closing file ’s’ Error downloading operational software to adapter ’x’Error during PVC initialization Access access index Error during channel initialization Access access indexError during port initialization Access access index Error initializing WAN card WAN card IdError reading file file name, section = section name Error opening file \system\ethernt2.binError programming adapter #’x’ hardware Error reading sdconf.rec fileFailed to allocate enough memory for Xilinx load file Failed to get a tone signaling sessionFacility not subscribed Slot=slot # Port=port # Failed to obtain Terminal info in smgrprocterminalauthsessFailure during read of file ’s’ Failure during Static RAM test on adapter # ’x’Failure to allocate enough memory for Xilinx load file Central Site Remote Access Switch Frietf detected PPP protocol from NAME, shutting down PVC File Access ErrFormatting Flash Memory Frame Relay event queue fullInvalid Cllm received on Access access index Installing File Set into Flash MemoryInterrupt fault on WAN Adapter in Slot slot # Invalid Password password givenInvalid SERIAL.001 file present, file is ignored IP Error from ESP datagram discardedIP x.x.x.x not added to the pool Unknown error y Invalid serial number in SERIAL.001, file is ignoredIP Cannot stop Proxy Arp for IP address #, no cmd buf avail IP Default Route not added, invalid next hop IP address #IP Invalid configuration for Network Interface dd IP Failed to de-register with IP Address Pool Manager erc=xIP IP router is initialized successfully IP Invalid Peer IP Address IP address, WAN IP Stream ClosedIP IP host is initialized successfully IP Network initialized successfully on ddd.ddd.ddd.dddIpcp Remote device does not negotiate IP address Ipcp IP Address Pool Out of IP addressesIpcp Option Negotiation Failure, Non-Convergence detected IP Host Call Dropped XID was not received from remoteIP RIP Initialization failed, unable to allocate buffers IP RIP All network interfaces usedIP RIP Buffers allocated IP RIP Send queue fullIPX Network Interface on LAN port port # not initialized IPX Invalid Ipxwc passedIPX Network initialized successfully on IPX IPX router initialized successfullyIpxwan IPX Internal Network Number must be configured IPX SAP Space available in service tableIPX SAP Unable to add service, service table full IPX SAP Buffers allocatedLAN Adapter Fatal Error Reported LAN Adapter Command TimeoutLAN Adapter configuration conflict LAN Adapter HW upgrade may be requiredLAN Adapter System resource error LAN Adapter ResetLAN Adapter Response Timeout LAN Init ErrorLMI alarm reset Access access index LAN Xmit ErrorLMI alarm on Access access index Manage Mode updates have been successfully committedManual restart initiated on DM board in slot slot # Memory Access TimeoutMismatch of configured and installed DM card in slot slot # Max ATI3 retries exceeded on modem modem # of slot slot #Negotiation Failure with Semipermanent device Modem modem # of DM card in slot slot # is unusableModem revision on modem modem # of slot slot # failed Network loop between site1 and siteNo Active Calls Active Sites Network sent Cause Spid not supported slot #, port #Network sent Status with state = 0, tear down call No Active List entry available in INMNot enough memory for Security module Out of LAN Adapter transmit command descriptorsNo Sites Connected Offnode server lookup of Dial Out User failedPAP Invalid password for name given by remote device Auto For over 5 minutes Report problem to Phone companyPAP Identification timeout on remote device Out Svc # slot # , port #Post number, Hdlc #number External Loopback Test Failed PAP Remote device rejected System Information error messagePAP Unknown name name given by remote device Post number, Hdlc #number Internal Loopback Test FailedPVC rcv wait q already full PVC for Dlci dlci index not ActivePVC not allocated for dlci index R2 not capable of Multichannel or Non-circuit callsReattempting to Install File Set into Flash Memory RBS LIFAddTimer failureRBSoutSMchannel # Timeout waiting for Wink RebootingReceived charge amount charge amount Replace Lithium Battery Contact your RepresentativeReserved signal Remote peer ID discrepancySecurity Rejection Timeout on Startup Complete Security Rejection Invalid Password password givenSecurity Rejection No Password given by caller Security Rejection Caller did not negotiate securitySignal for unknown CallCmd task task Id Semipermanent. Device x disconnected by adminSemipermanent. Device x reconnected by admin Slot #, port # Cfg ErrorSnmp Snmp initialized successfully Snmp Authentication failure, unknown community nameSnmp Snmp initialization failure unable to open UDP port Snmp Unable to obtain an Snmp Trap queue entry bufferSSB Post 23 i960hostintreg Failure SSB Post 27 i960timer82c54FAILURESSB i960 Post number not equal to i386’s SSB Post 24 i960iointreg FailureSSB Post 34 i960hdlc3 Failure SSB Post 32 i960hdlc1 FailureSSB Post 33 i960hdlc2 Failure SSB Post 35 i960hdlc4 FailureSystem Clock Fault on Wan Adapter in Slot slot # Successfully Loaded Release X.Y Issue ZSwitch could not recognize phone number nnnnnnn TCP Connection to CSM at IP address is UPTftp Local error #4 UDP rejected packet filename Tftp Local error #2 Feature not initializedTftp Local error #3 Server not initialized Tftp Local error #5 UDP open failedTftp Local error #18 Unable to open file filename Tftp Local error #14 Bad file nameTftp Local error #15 Bad mode string Tftp Local error #19 Disk full filenameTftp Remote error # 3 Text from Remote Host Tftp Remote error # 1 Text from Remote HostTftp Remote error # 2 Text from Remote Host Tftp Remote error # 4 Text from Remote HostTimeout detected on receiving caller’s number This card does not support R2 SignalingTimeout detected on connection establishment Timeout on Startup CompleteTried to free unallocated buffer sub name, size=size Type mismatch of configured & installed adapter # ’x’Too many digits in TN in Hostcallrequest Unable to Decrypt DatagramUnable to restore original ISRs for Interrupt interrupt # Unable to open \config\devdb.nei fileUnable to open Modem Upgrade file Unable to get Digital Modem resource to place callUpdating CyberSWITCH from FileName Unexpected error during transmission of LMI frameUnmatched Login Task Unknown Calling Bridge MAC addressWatchdog timeout detected on WAN board ’x’ WAN card in slot slot # signals it is operationalWatchdog timeout detected on DM board in slot slot # X25 facilities error, facilities not allowed in PVCX25 facilities error, invalid DTE address X25 facilities error, bad facility lengthX25 facilities error, invalid facilities length X25 facilities error, facility not allowedX25 facilities error, window size negotiation not available X25 facilities error, facility not availableX25 facilities error, packet length negotiation not allowed X25 facilities error, Rpoa not availableZone allocation failed, maximum capacity already configured Trace Messages Call Trace Messages Location CausesCall Trace Message Summary Configure ack slot # Inband treatment has been applied-BRD CFG ACK Slot=slot # Init data link slot #, port #, ces Off-hook warning tone on Out configure port #Interworking unspecified cause Origination call address is non-ISDNRecall dial tone on Received unknown signal valueOut init data link slot #, port # , ces Received unknown progress valueIP Filters Trace Messages PPP Packet Trace Messages Configure NAK Configure RequestConfigure ACK Configure RejectDiscard Request Trace MessagesEcho Reply Trace Message SummaryX25 Data LCN logical channel number, number of bytes bytes X25 DCE RR LCN logical channel number, number of bytes bytesSystem is sending a call request to the network Lapb Trace Messages Lapb Trace Message SummaryOut Lapb Disc Lapb SabmeLapb UA Out Lapb DMSystem Maintenance Remote ManagementRemote Management SITE.HQ Installation and Configuration Usage InstructionsTelnet IsdnEarlier Releases Central Site Remote Access Switch WIN95 DIAL-UP Networking Setting UP a NEW NumberSetting UP Server Type General tabDialing OUT Site HQ Isdn Users Report Files Statistics Files Config files Other Files Changing Carbon Copy Configuration Parameters Carbon CopyModem Type COM1Baud Rate Performing a File Transfer Using Carbon Copy Copy LCNETWORK.NEI HC\CONFIG\NETWORK.NEI Running Without Carbon CopyRemoving Carbon Copy System Commands Accessing Administration ServicesSetting the IP Address Accessing Dynamic ManagementViewing Operational Information Neif Connected Second column is the potential number of connections Viewing Throughput Information Throughput Monitor Contents Saving Operational Information Clearing Operational InformationTerminating and Restarting the Cyberswitch CONFIGURATION-RELATED CommandsSetting the Date and Time Terminating Administration SessionsLogin-Id Appletalk Routing Commands Type StateFlags Default zoneNetwork range Physical addressDistance Zones validBridge Commands ZoneCall Control Commands Indicates that a call request process has been initiated Call peer phone number data rate device bearer Calling phone number at data rate, device PPP Call Detail Recording Commands Call Restriction CommandsCompression Information Commands CSM CommandsDhcp Commands Digital Modem Commands Frame Relay Commands Clears all statistics associated with the fr stat command IP Routing Commands Disables the trace Mask used for the destination Time since the last update was received IPX Routing Commands Ipx diag host ipx address timeout Isdn Usage Commands LAN Commands LOG CommandsPacket Capture Commands Pkt display Banyan Vines Packet Detail Screen Bridged Packet Radius Commands Radius ipres Spanning Tree Commands Serial Interface CommandsSnmp Commands Spanning Tree Port InformationSpanning Tree Bridge Information Bridge priority of the root bridge TCP Commands Telnet Commands Possible send parameters are defined as follows Terminal Commands Tftp Commands Tftp GETTrace Commands Tftp PUTUDP Commands User Level Security CommandsWAN Commands Commands Clears the statistics for the default VC System Statistics Connectivity StatisticsCall Restriction Statistics Call StatisticsThroughput Monitoring Statistics Appletalk Statistics Appletalk Protocol StatisticsNumber of AppleTalk Echo requests received Count of AppleTalk Echo replies received Number of NBP LookUp Requests received Appletalk Port Statistics Bridge Statistics Call Detail Recording StatisticsCompression Statistics Compression Related StatisticsDecompression Related Statistics Dhcp Statistics Dhcp Relay Agent statistics and Dhcp Proxy Agent statisticsCommon Dhcp Statistics Dhcp Relay Agent Statistics Dhcp Proxy Client Statistics Access Related Statistics Digital Modem StatisticsFrame Relay Statistics Init PVC Related Statistics LAN Statistics IP Statistics IP Group StatisticsNumber of IP datagrams successfully reassembled Icmp Group Statistics IPX Statistics IPX General StatisticsNetwork number portion of the IPX address of this system IPX RIP Statistics IPX Triggered RIP Statistics IPX Route StatisticsIPX SAP Statistics IPX Triggered SAP StatisticsRIP Global Statistics IPX Service StatisticsRIP Statistics RIP Interface StatisticsSerial Interface Statistics Snmp StatisticsSnmpInBadVersions SnmpInGetNexts TCP Statistics Tftp Statistics Statistics for Server or Remote Initiated Tftp ActivityStatistics for Local or Client Initiated Tftp Activity Statistics for ALL Tftp Activity WAN Frietf Statistics UDP StatisticsLayer 1 PRI Error Statistics WAN L1P StatisticsWAN Statistics Layer 1 General StatisticsStatistics Maximum number of active VCs allowed at any time Virtual Circuit VC Related Statistics USER’S Guide Executing Configuration Changes Routine MaintenanceINSTALLING/UPGRADING System Software Making Changes Using CfgeditConfiguration Backup and Restore Making Changes Using Manage ModeObtaining System Custom Information Appendices System WorksheetsSystem Adapters Ethernet Adapter Side View Ethernet AdapterBRI-4 Adapter Side View Basic Rate AdapterFront View PRI-8 Adapter Side View Primary Rate Adapters PRI-8PRI-23 Adapter PRI-23/30 Adapter Front View PRI-8 Expander Adapter Side View Front View Adapter Side View Front View RS232 Adapter Side View DM-8 Adapter Digital Modems DM-8DM-24 Adapter OFF DM-24+ Adapter DM-24+/DM-30+DM-24+ Adapter Back view USA System Worksheets Network Topology System Details ResourcesLines Accesses Over IsdnAuthentication Information Frame Relay Information Device InformationBridging and Routing Information IP RoutingIP Routing IPX RoutingAppletalk Routing AppleTalk Routing/Port InformationSnmp PPP Main MenuIPX FR DBUPhysical Resources Menu Dhcp Options MenuWAN Rlan SPISnmp FR DBU Security Menu CSM Radius Tacacs ACESVC, PVC PPP STAC-L25 CSM RadiusCSM TCP port Reporting Problems Getting AssistanceContacting Cabletron Systems To Customer Service From Phone FAX Cabletron Systems System Problem ReportNumber of Pages Including this Administrative Console Commands Table Clears administration screen Command Use Cdr verifyVerifies call detail recording servers are configured Displays authentication messagesAdministrative Console Commands Table Log cdr erase Generates a triggered RIP/SAP update request toLocal log file only displays the call detail recording log Local log file only erases the call detail recording logChanges password for current access level Displays system errors and system messages Displays the current Tftp statisticsSets LCN index default value to m Writes current authentication messages to diskAccess or the specified access Specified X.25 accessManage Mode Commands Table Adds/changes/deletes an IPX address from the IPX Address poolIpxsvc add/change/delete Adds/changes/deletes an IPX service Central Site Remote Access Switch Cause Codes Table Cause Codes Table USER’S Guide Central Site Remote Access Switch USER’S Guide Central Site Remote Access Switch Dec Value Hex Value Cause UnknownIndex AtalkBr stat Clid 195 Cr stats 596 crossover cable DateHelp 113 Ip addrpoolIsdn usage commands 607 isolated mode IpcpModem devices Netstat -r 443 network flatteningOffnode 213, 216 STAC-LZSRadius Server configuring Restart 585 restoreSnmp 352 snmp stats 614 socket number 336 software Srcfilt 270 startneTerminal mode 33, 102, 392, 393 Trace lapbWr 72, 584 ws 72 Wan