Cyclades Corporation
Document Sample
CyROS
Reference Guide
Cyclades Corporation
CyROS Reference Guide
Version 2.2 – March 2001
Copyright (C) Cyclades Corporation, 1998 - 2001
We believe the information in this manual is accurate and reliable. However, we assume no responsibility, financial
or otherwise, for any consequences of the use of this Reference Guide.
All brands, trademarks, and trade names mentioned in this publication belong to their respective owners.
This Reference Guide refers to version 1.9.5 of CyROS.
CyROS Reference Guide
Table of Contents
CHAPTER 1 HOW TO USE THIS REFERENCE GUIDE .................................................................................. 14
Cyclades Technical Support And Contact Information..................................................................................... 17
CHAPTER 2 USING CYROS MENUS ............................................................................................................... 19
Special Keys ................................................................................................................................................. 20
CHAPTER 3 MAIN MENUS ................................................................................................................................ 21
Super-User Main Menu................................................................................................................................................................ 21
User Main Menu .......................................................................................................................................................................... 22
CHAPTER 4 THE CONFIG MENU ..................................................................................................................... 23
Config Menu CONFIG ................................................................................................................................................................ 24
Section 4.1 Static Routes ................................................................................................................................ 25
Add Static Route Menu CONFIG =>STATIC ROUTES =>IP =>ADD ROUTE............................................................................ 28
Section 4.2 System Configuration ................................................................................................................... 28
System Configuration Menu CONFIG=>SYSTEM ..................................................................................................................... 31
Syslog Menu CONFIG=>SYSTEM =>SYSLOG ......................................................................................................................... 32
Syslog Menu CONFIG=>SYSTEM =>SYSLOG (continued) ..................................................................................................... 33
Firmware Boot Menu CONFIG =>SYSTEM =>FIRMWARE BOOT ........................................................................................... 34
Router Description Menu CONFIG=>SYSTEM=>ROUTER DESCRIPTION ............................................................................ 34
Router Description Menu CONFIG=>SYSTEM=>ROUTER DESCRIPTION (continued) ......................................................... 35
Hosts Menu CONFIG=>SYSTEM=>HOSTS .............................................................................................................................. 35
Dial-Out Table Menu CONFIG=>SYSTEM=>MODEMS=>DIAL OUT TABLE=>ADD ............................................................... 36
Modem Strings Table Menu CONFIG=>SYSTEM=>MODEMS=>MODEM STRINGS TABLE ................................................. 37
UDP Commands Menu CONFIG=>SYSTEM=>UDP COMMANDS .......................................................................................... 38
UDP Clear All Sessions Menu CONFIG =>SYSTEM =>UDP COMMANDS =>CLEAR ALL SESSIONS ................................ 39
SNMP (Simple Network Management Protocol) .......................................................................................... 39
SNMP Management Menu CONFIG =>SYSTEM =>SNMP/RMON MANAGEMENT ............................................................... 41
Add Community Menu CONFIG =>SYSTEM =>SNMP/RMON MANAGEMENT =>COMMUNITY TABLE
=> ADD COMMUNITY ................................................................................................................................................................. 43
Add Trap Menu CONFIG=>SYSTEM=>SNMP/RMON MANAGEMENT=>TRAPS =>ADD TRAP ........................................... 44
Add Alarm Menu CONFIG=>SYSTEM=>SNMP/RMON MANAGEMENT=>RMON=>ALARM=>ADD ALARM ....................... 46
Add Event Menu CONFIG=>SYSTEM=>SNMP/RMON MANAGEMENT=>RMON=>EVENT=>ADD EVENT ........................ 48
Table of Contents 3
CyROS Reference Guide
Remote Network Monitoring (RMON) .......................................................................................................... 48
RMON Statistics Menu CONFIG=>SYSTEM=>SNMP/RMON MANAGEMENT =>RMON=>RMON STATISTICS .................. 50
RMON Add History Menu CONFIG=>SYSTEM=>SNMP/RMON MANAGEMENT=>RMON=>RMON HISTORY
=> ADD HISTORY CONTROL .................................................................................................................................................... 50
Section 4.3 Security Configuration .................................................................................................................. 50
Security Menu CONFIG=>SECURITY ....................................................................................................................................... 54
NAT (Network Address Translation) ............................................................................................................................................ 55
Types of Address Translation ....................................................................................................................... 57
NAT Menu CONFIG =>SECURITY =>NAT ................................................................................................................................ 58
NAT Menu CONFIG =>SECURITY =>NAT ................................................................................................................................ 59
Timeout Menu CONFIG =>SECURITY =>NAT =>TIMEOUT .................................................................................................... 59
..................................................................................................................................................................................................... 59
Add Radius Server Menu CONFIG=>SECURITY=>RADIUS=>RADIUS STATUS=>ADD ....................................................... 60
Add Tacacs Server Menu CONFIG=>SECURITY=>TACACS=>TACACS STATUS=>ADD ...................................................... 62
Virtual Private Networks ............................................................................................................................... 62
VPN Add Remote Gateway Menu CONFIG =>SECURITY =>VPN =>REMOTE GATEWAYS =>ADD GATEWAY ................. 63
VPN Add Local Network Menu CONFIG =>SECURITY =>VPN =>LOCAL IP NETWORK =>ADD NETWORK ...................... 63
VPN Add Remote Network Menu CONFIG =>SECURITY =>VPN =>REMOTE IP NETWORK =>ADD NETWORK .............. 63
VPN Options Menu CONFIG =>SECURITY =>VPN =>OPTIONS ............................................................................................ 64
Section 4.4 Multilink ........................................................................................................................................ 65
Add Interface Menu CONFIG =>MULTILINK =>MULTILINK CIRCUIT NUMBER =>ADD/MODIFY INTERFACE ................... 68
Circuit Attributes Menu CONFIG =>MULTILINK =>MULTILINK CIRCUIT NUMBER =>CIRCUIT ATTRIBUTES .................... 69
Section 4.5 IP Configuration ........................................................................................................................... 72
IP Menu CONFIG=>IP ................................................................................................................................................................ 77
OSPF Menu CONFIG=>IP=>OSPF ........................................................................................................................................... 79
OSPF Global Commands Menu CONFIG =>IP =>OSPF =>GLOBAL ...................................................................................... 80
OSPF Global Commands (continued) ......................................................................................................................................... 81
Area Menu CONFIG =>IP =>OSPF =>AREA ............................................................................................................................ 82
Neighbors Menu CONFIG=>IP =>OSPF =>NEIGHBORS ........................................................................................................ 83
Virtual Links Menu CONFIG =>IP =>OSPF =>VIRTUAL LINKS ............................................................................................... 84
Multichassis, Multilink PPP (MCPPP) .......................................................................................................... 84
Table of Contents 4
CyROS Reference Guide
BGP4 ............................................................................................................................................................ 88
CONFIG=>IP=>BGP4=>GLOBAL ............................................................................................................................................... 89
CONFIG=>IP=>BGP4=>NEIGHBOR=>ADD .............................................................................................................................. 90
CONFIG=>IP=>BGP4=>NEIGHBOR=>ADD (continued) ........................................................................................................... 91
CONFIG=>IP=>BGP4=>ROUTE MAP=>ADD ............................................................................................................................ 92
CONFIG=>IP=>BGP4=>AGGREGATE ADDRESSES=>ADD ................................................................................................... 92
CONFIG=>IP=>BGP4=>BGP NETWORK=>ADD ...................................................................................................................... 93
CONFIG=>IP=>BGP4=>ACCESS LIST=>ADD .......................................................................................................................... 93
CONFIG=>IP=>BGP4=>ACCESS LIST=>CONFIGURE RULES=><ACCESS LIST NAME>=>ADD ....................................... 93
CONFIG=>IP=>BGP4=>ACCESS LIST=>CONFIGURE RULES=><ACCESS LIST NAME>=>ADD (continued) .................... 94
Section 4.6 Transparent Bridge ...................................................................................................................... 94
Transparent Bridge General Menu CONFIG =>TRANSPARENT BRIDGE =>GENERAL ......................................................... 95
Spanning Tree Menu CONFIG=>TRANSPARENT BRIDGE =>SPANNING TREE .................................................................. 97
Section 4.7 Rules List Configuration ............................................................................................................... 97
Radius Rule Lists ........................................................................................................................................ 106
Traffic Rule Lists ......................................................................................................................................... 108
Add Rule List Menu CONFIG =>RULES LIST =>IP =>ADD RULE LIST ................................................................................ 114
IP Add Rule Menu CONFIG =>RULES LIST =>IP =>CONFIGURE RULES =>ADD RULE ................................................... 115
IP Add Rule Menu CONFIG =>RULES LIST =>IP =>CONFIGURE RULES =>ADD RULE -- Continued .............................. 116
CHAPTER 5 THE ETHERNET INTERFACE MENU ......................................................................................... 117
Ethernet Interface Menu CONFIG=>INTERFACE=>ETHERNET............................................................................................. 119
Network Protocol Menu CONFIG =>INTERFACE =>ETHERNET =>NETWORK PROTOCOL =>IP ..................................... 120
Network Protocol Menu (continued) CONFIG =>INTERFACE =>ETHERNET =>NETWORK PROTOCOL =>IP ................... 121
IP Bridge ..................................................................................................................................................... 121
Network Protocol Menu (Cont.) CONFIG =>INTERFACE =>ETHERNET =>NETWORK PROTOCOL =>IP (IP Bridge) ...... 123
IP Accounting ............................................................................................................................................. 123
Transparent Bridge Menu CONFIG =>INTERFACE =>ETHERNET =>NETWORK PROTOCOL
=>TRANSPARENT BRIDGE ..................................................................................................................................................... 125
Types of RIP ............................................................................................................................................... 126
RIP Menu CONFIG =>INTERFACE =>ETHERNET =>ROUTING PROTOCOL =>RIP .......................................................... 126
The OSPF Routing Protocol ....................................................................................................................... 126
OSPF Menu CONFIG =>INTERFACE =>ETHERNET =>ROUTING PROTOCOL =>OSPF ................................................... 127
OSPF Menu CONFIG (continued) =>INTERFACE =>ETHERNET =>ROUTING PROTOCOL =>OSPF ............................... 128
Table of Contents 5
CyROS Reference Guide
CHAPTER 6 THE SWAN INTERFACE ............................................................................................................ 129
SWAN Interface Menu CONFIG=>INTERFACE=>SWAN ....................................................................................................... 130
Encapsulation Menu CONFIG=>INTERFACE =>SWAN =>ENCAPSULATION ...................................................................... 131
Frame Relay ............................................................................................................................................... 132
Sub-Network Access Protocol (SNAP) ...................................................................................................... 134
Frame Relay Menu CONFIG=>INTERFACE=>SWAN=>ENCAPSULATION =>FRAME RELAY ........................................... 136
DLCI Frame Relay Menu CONFIG=>INTERFACE=>SWAN=>ENCAPSULATION =>FRAME RELAY=><ESC> .................. 137
Traffic Control based on Data Link Connection.......................................................................................... 137
Add DLCI Frame Relay Menu CONFIG=>INTERFACE=>SWAN=>ENCAPSULATION=>FRAME RELAY=><ESC>
=>ADD DLCI .............................................................................................................................................................................. 137
Add DLCI Frame Relay Menu (continued) ................................................................................................................................ 138
PPP ............................................................................................................................................................. 139
PPP Menu CONFIG =>INTERFACE =>SWAN =>ENCAPSULATION =>PPP ........................................................................ 141
PPP Menu (Continued) .............................................................................................................................................................. 142
X.25 ............................................................................................................................................................ 143
X.25 Menu CONFIG=>INTERFACE=>SWAN=>ENCAPSULATION =>X.25 .......................................................................... 147
X.25 Menu (continued) .............................................................................................................................................................. 148
X.25 Add DTE Menu CONFIG=>INTERFACE=>SWAN=>ENCAPSULATION =>X.25=><ESC>=>Add DTE ........................ 149
PAD (Packet Assembler/Disassembler) ..................................................................................................... 150
X.25 PAD PPP CONFIG=>INTERFACE=>SWAN=>ENCAPS=>X.25=><ESC> =><ESC> =>ENCAPS =>PPP .................... 152
X.25 PAD PPPCHAR Menu CONFIG=>INTERFACE=>SWAN=>ENCAPS=>X.25=><ESC> =><ESC> =>ENCAPS
=>PPPCHAR ............................................................................................................................................................................. 153
X.25 PAD CHAR Menu CONFIG=>INTERFACE=>SWAN=>ENCAPS=>X.25=><ESC>=><ESC>=>ENCAPS=>CHAR ...... 153
X.25 PAD Network Protocol Menu CONFIG =>INTERFACE =>SWAN =>ENCAPS =>X.25=><ESC>=><ESC>
=>NETWORK PROTOCOL ....................................................................................................................................................... 155
X.25 PAD Network Protocol Menu (continued) ......................................................................................................................... 156
X.25 PAD Physical Menu CONFIG=>INTERFACE=>SWAN=>ENCAPS =>X.25=><ESC>=><ESC> =>PHYSICAL ............ 158
X.25 Authentication Menu CONFIG=>INTERFACE=>SWAN=>ENCAPS=>X.25=><ESC>=><ESC>
=>AUTHENTICATION ............................................................................................................................................................... 160
Network Protocol (IP) Menu CONFIG=>INTERFACE=>SWAN=>NETWORK PROTOCOL=>IP ........................................... 161
Network Protocol (IP) Menu (continued) .................................................................................................................................. 162
Transparent Bridge Menu CONFIG=>INTERFACE=>SWAN=>NETWORK PROTOCOL=>TRANSPARENT BRIDGE ........ 162
Routing Protocol Menu CONFIG=>INTERFACE=>SWAN=>ROUTING PROTOCOL =>RIP ................................................. 164
OSPF Protocol Menu CONFIG=>INTERFACE=>SWAN=>ROUTING PROTOCOL=>OSPF ................................................. 164
Table of Contents 6
CyROS Reference Guide
OSPF Protocol Menu (continued) .............................................................................................................................................. 165
Physical Menu CONFIG=>INTERFACE=>SWAN=>PHYSICAL ............................................................................................. 166
Authentication Menu CONFIG=>INTERFACE=>SWAN=>AUTHENTICATION ...................................................................... 166
Bibliography ................................................................................................................................................ 167
CHAPTER 7 THE Z-BUS INTERFACE ............................................................................................................ 168
CONFIG=>INTERFACE=>Z-BUS ............................................................................................................................................. 170
Asynchronous Port Menus ............................................................................................................................. 170
Asynchronous Port Physical Menu CONFIG=>INTERFACE=>Z-BUS=><PORT>=>PHYSICAL ........................................... 171
Asynchronous Port Encapsulation Menu CONFIG =>INTERFACE =>Z-BUS =><PORT> =>ENCAPSULATION ................. 172
CHAR Encapsulation Menu CONFIG =>INTERFACE =>Z-BUS =><PORT> =>ENCAPSULATION =>CHAR ...................... 175
Synchronous Port Menus ............................................................................................................................... 176
Synchronous Port Physical Menu CONFIG =>INTERFACE =>Z-BUS =><PORT> =>PHYSICAL ......................................... 176
Synchronous Port Encapsulation Menu CONFIG =>INTERFACE =>Z-BUS =><PORT> =>ENCAPSULATION ................... 177
Frame Relay ............................................................................................................................................... 178
Sub-Network Access Protocol (SNAP) ...................................................................................................... 180
Frame Relay Menu CONFIG=>INTERFACE=>Z-BUS=><PORT>=>ENCAPSULATION =>FRAME RELAY ........................ 182
DLCI Frame Relay Menu CONFIG=>INTERFACE=>Z-BUS=><PORT>=>ENCAPSULATION=>FRAME RELAY=><ESC>. 183
Traffic Control based on Data Link Connection.......................................................................................... 183
Add DLCI Frame Relay Menu CONFIG=>INTERF=>Z-BUS=><PORT>=>ENCAPS=>FRAME RELAY=><ESC>
=>ADD DLCI .............................................................................................................................................................................. 183
Add DLCI Frame Relay Menu (continued) ................................................................................................................................ 184
X.25 ............................................................................................................................................................ 185
X.25 Menu CONFIG=>INTERFACE=>Z-BUS=><PORT>=>ENCAPSULATION =>X.25 ........................................................ 189
X.25 Menu (continued) .............................................................................................................................................................. 190
X.25 Add DTE Menu CONFIG=>INTERFACE=>Z-BUS=><PORT>=>ENCAPSULATION =>X.25=><ESC>=>Add DTE ..... 191
PAD (Packet Assembler/Disassembler) ..................................................................................................... 192
X.25 PAD PPP Menu CONFIG=>INTERF=>Z-BUS=><PORT>=>ENCAPS=>X.25=><ESC>=><ESC>=>ENCAPS=>PPP..195
X.25 PAD PPPCHAR Menu CONFIG=>INTERF =>Z-BUS =><PORT> =>ENCAPS =>X.25 =><ESC> =><ESC>
=>ENCAPS =>PPPCHAR ......................................................................................................................................................... 196
X.25 PAD CHAR Menu CONFIG=>INTERF=>Z-BUS=><PORT>=>ENCAPS=>X.25=><ESC>=><ESC>=>ENCAPS
=>CHAR ..................................................................................................................................................................................... 197
X.25 PAD Network Protocol Menu CONFIG=>INTERF=>Z-BUS =><PORT> =>ENCAPS =>X.25 =><ESC> =><ESC>
=>NW PROTOCOL.................................................................................................................................................................... 199
Table of Contents 7
CyROS Reference Guide
X.25 PAD Network Protocol Menu (continued) ......................................................................................................................... 200
X.25 PAD Physical Menu CONFIG=>INTERF=>Z-BUS=><PORT>=>ENCAPS=>X.25=><ESC>=><ESC>=>PHYSICAL... 202
X.25 PAD Authentication Menu CONFIG=>INTERF=>Z-BUS =><PORT>=>ENCAPS=>X.25 =><ESC>=><ESC>
=>AUTHENT. ............................................................................................................................................................................. 204
Mode-Independent Menus ............................................................................................................................. 204
PPP ............................................................................................................................................................. 204
PPP Menu CONFIG =>INTERFACE =>Z-BUS =><PORT> =>ENCAPSULATION =>PPP .................................................... 207
PPP Menu (continued).............................................................................................................................................................. 208
Network Protocol Menu CONFIG=>INTERFACE =>Z-BUS =><PORT> =>NETWORK PROTOCOL =>IP ........................... 210
Network Protocol Menu (continued) .......................................................................................................................................... 211
Transparent Bridge Menu CONFIG=>INTERFACE =>Z-BUS =><PORT> =>NETWORK PROTOCOL
=>TRANSPARENT BRIDGE ..................................................................................................................................................... 211
Routing Protocol Menu CONFIG =>INTERFACE =>Z-BUS =><PORT> =>ROUTING PROTOCOL =>RIP .......................... 213
OSPF Protocol Menu CONFIG =>INTERFACE =>Z-BUS =><PORT> =>ROUTING PROTOCOL =>OSPF ......................... 213
OSPF Protocol Menu (continued) ............................................................................................................................................. 214
Authentication Menu CONFIG =>INTERFACE =>Z-BUS =><PORT> =>AUTHENTICATION ................................................ 215
Wizards Menu CONFIG=>INTERFACE=>Z-BUS=><PORT>=>WIZARDS ............................................................................ 226
CHAPTER 8 THE E1 AND T1 INTERFACES, WITHOUT SIGNALING ........................................................... 227
Controller Menu CONFIG=>CONTROLLER=>T1/E1 .............................................................................................................. 229
Add Channel Group Menu CONFIG =>CONTROLLER =>T1/E1 =>CHANNEL GROUPS =>ADD GROUP ......................... 230
E1/T1 Interface Menu CONFIG=>INTERFACE=>T1/E1=><CHANNEL>................................................................................ 232
Encapsulation Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPSULATION ........................................... 233
Frame Relay ............................................................................................................................................... 233
Sub-Network Access Protocol (SNAP) ...................................................................................................... 236
Frame Relay Menu CONFIG=>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPSULATION =>FRAME RELAY ............... 238
DLCI Frame Relay Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPSULATION =>FRAME RELAY
=><ESC> ................................................................................................................................................................................... 239
Traffic Control based on Data Link Connection.......................................................................................... 239
Add DLCI Frame Relay Menu CONFIG=>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPS =>FRAME RELAY =><ESC>
=>ADD DLCI .............................................................................................................................................................................. 239
Add DLCI Frame Relay Menu (Continued) .............................................................................................................................. 240
Table of Contents 8
CyROS Reference Guide
PPP ............................................................................................................................................................. 241
PPP Menu CONFIG=>INTERFACE=>T1/E1=><CHANNEL> =>ENCAPSULATION =>PPP ................................................. 242
PPP Menu (continued) ............................................................................................................................................................... 243
PPP Menu (continued) ............................................................................................................................................................... 244
X.25 ............................................................................................................................................................ 245
X.25 Menu CONFIG=>INTERFACE=>T1/E1 =><CHANNEL> =>ENCAPSULATION =>X.25................................................ 248
X.25 Menu (continued) .............................................................................................................................................................. 249
X.25 Add DTE Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPS =>X.25 =><ESC> =>Add DTE ........ 251
PAD (Packet Assembler/Disassembler) ..................................................................................................... 252
X.25 PAD PPP Menu CONFIG =>INTERF =>T1/E1 =><CHANNEL> =>ENCAPS =>X.25 =><ESC> =><ESC> =>ENCAPS
=>PPP ........................................................................................................................................................................................ 255
X.25 PAD PPPCHAR Menu CONFIG=>INTERF=>T1/E1=><CHANNEL>=>ENCAPS=>X.25 =><ESC>=><ESC>=>ENCAPS
=>PPPCHAR ............................................................................................................................................................................. 256
X.25 PAD CHAR Menu CONFIG=>INTERF=>T1/E1=><CHANNEL> =>ENCAPS=>X.25=><ESC> =><ESC>=>ENCAPS
=>CHAR ..................................................................................................................................................................................... 256
X.25 PAD Network Protocol Menu CONFIG=>INTERF=>T1/E1=><CHANNEL> =>ENCAPS=>X.25=><ESC> =><ESC>
=>NW PRTCL ............................................................................................................................................................................ 258
X.25 PAD Network Protocol Menu (Continued) ......................................................................................................................... 259
X.25 PAD Physical Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPS =>X.25 =><ESC> =><ESC>
=>PHYSICAL ............................................................................................................................................................................. 261
X.25 Authentication Menu CONFIG =>INTERF =>T1/E1 =><CHANNEL> =>ENCAPS=>X.25 =><ESC> =><ESC>
=>AUTHENTICATION ............................................................................................................................................................... 263
Network Protocol (IP) Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>NETWORK PROTOCOL =>IP ............. 265
Network Protocol (IP) Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>NETWORK PROTOCOL
=>IP (continued) ........................................................................................................................................................................ 266
Transparent Bridge Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>NETWORK PROTOCOL
=>TRANSPARENT BRIDGE ..................................................................................................................................................... 266
Routing Protocol Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>ROUTING PROTOCOL =>RIP .................... 268
OSPF Protocol Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>ROUTING PROTOCOL =>OSPF ................... 268
OSPF Protocol Menu (continued) .............................................................................................................................................. 269
Authentication Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>AUTHENTICATION ......................................... 270
Bibliography ................................................................................................................................................ 270
Table of Contents 9
CyROS Reference Guide
CHAPTER 9 THE E1 AND T1 INTERFACES, WITH SIGNALING .................................................................. 271
Controller Menu CONFIG=>CONTROLLER=>T1/E1 .............................................................................................................. 272
The CCS Signaling Mode (ISDN-PRI) ........................................................................................................... 273
ISDN General Menu CONFIG=>INTERFACE=>T1/E1(ISDN-PRI)=>ISDN ............................................................................ 275
Add Entry Menu CONFIG =>INTERFACE =>T1/E1(ISDN-PRI)= >ISDN =><ESC> =>ADD ENTRY ..................................... 276
The CAS Signaling Mode ............................................................................................................................... 276
Parameters Independent of Signaling Mode ................................................................................................. 278
Channel Menu CONFIG=>INTERFACE=>T1/E1=><CHANNEL> ........................................................................................... 278
Encapsulation Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPSULATION ........................................... 279
PPP Menu CONFIG=>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPSULATION =>PPP ............................................... 282
PPP Menu (Continued) ............................................................................................................................................................. 283
CHAR Encapsulation Menu CONFIG=>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPSULATION =>CHAR ................. 286
Network Protocol Menu CONFIG=>INTERFACE =>T1/E1 =><CHANNEL> =>NETWORK PROTOCOL =>IP ..................... 288
Network Protocol Menu (Continued) ........................................................................................................................................ 289
Network Protocol Menu CONFIG=>INTERFACE =>T1/E1 =><CHANNEL> =>ROUTING PROTOCOL =>RIP .................... 290
Channel ISDN Menu CONFIG=>INTERFACE=>T1/E1(ISDN-PRI)=><CHANNEL>=>ISDN .................................................. 291
Channel Signaling Menu CONFIG=>INTERFACE=>T1/E1(CAS)=><CHANNEL>=>SIGNALING .......................................... 291
Authentication Menu CONFIG =>INTERFACE =>T1/E1=><CHANNEL> =>AUTHENTICATION .......................................... 294
Wizards Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>WIZARDS .................................................................. 296
CHAPTER 10 THE ISDN-BRI INTERFACE ..................................................................................................... 299
ISDN-BRI Interface Menu CONFIG=>INTERFACE=>ISDN-BRI ............................................................................................. 300
Encapsulation Menu CONFIG =>INTERFACE =>ISDN-BRI =>ENCAPSULATION =><CHANNEL> ..................................... 300
Frame Relay ............................................................................................................................................... 301
Sub-Network Access Protocol (SNAP) ...................................................................................................... 303
Frame Relay Menu CONFIG =>INTERFACE =>ISDN-BRI =>ENCAPSULATION =><CHANNEL> =>FRAME RELAY ........ 305
DLCI Frame Relay Menu CONFIG=>INTERFACE=>ISDN-BRI=>ENCAPS=><CHANNEL>=>FRAME RELAY=><ESC> ... 306
Traffic Control based on Data Link Connection.......................................................................................... 306
Add DLCI Frame Relay Menu CONFIG=>INTERFACE=>ISDN-BRI=>ENCAPS =><CHANNEL> =>FRAME RELAY =><ESC>
=>ADD DLCI .............................................................................................................................................................................. 306
Add DLCI Frame Relay Menu (continued) ............................................................................................................................... 307
PPP ............................................................................................................................................................. 308
PPP Menu CONFIG=>INTERFACE=>SWAN=>ENCAPSULATION=>PPP ............................................................................ 309
X.25 ............................................................................................................................................................ 310
Table of Contents 10
CyROS Reference Guide
X.25 Menu CONFIG =>INTERFACE =>ISDN-BRI =>ENCAPS =><CHANNEL> =>X.25 ....................................................... 315
X.25 Menu (Continued).............................................................................................................................................................. 316
X.25 Add DTE Menu CONFIG =>INTERFACE =>ISDN-BRI =>ENCAPS =><CHANNEL> =>X.25 =><ESC> =>Add DTE .. 317
PAD (Packet Assembler/Disassembler) ..................................................................................................... 318
X.25 PAD PPP Menu CONFIG=>INTERFACE=>ISDN-BRI =>ENCAPS =><CHANNEL> =>X.25 =><ESC> =><ESC> =>ENCAPS
=>PPP ........................................................................................................................................................................................ 321
X.25 PAD PPPCHAR Menu CONFIG=>INTERF=>ISDN-BRI=>ENCAPS =><CHANNEL>=>X.25 =><ESC> ><ESC> =>ENCAPS
=>PPPCHAR ............................................................................................................................................................................. 322
X.25 PAD CHAR Menu CONFIG=>INTERF=>ISDN-BRI=>ENCAPS =><CHANNEL> =>X.25=><ESC> =><ESC> =>ENCAPS
=>CHAR ..................................................................................................................................................................................... 322
X.25 PAD Network Protocol Menu CONFIG=>INTERF=>ISDN-BRI=>ENCAPS =><CHANNEL> =>X.25 =><ESC> =><ESC>
=>NW PROTOCOL.................................................................................................................................................................... 324
X.25 PAD Network Protocol Menu (continued) ........................................................................................................................ 325
X.25 Physical Menu CONFIG=>INTERF=>ISDN-BRI=>ENCAPS=><CHANNEL>=>X.25=><ESC>=><ESC>
=>PHYSICAL ............................................................................................................................................................................. 327
X.25 Authentication Menu CONFIG=>INTERFACE=>ISDN-BRI=>ENCAPS=><CHANNEL> =>X.25 =><ESC> =><ESC>
=>AUTHENTICATION ............................................................................................................................................................... 329
Network Protocol (IP) Menu CONFIG =>INTERFACE =>ISDN-BRI =>NETWORK PROTOCOL =><CHANNEL> =>IP ....... 331
Network Protocol (IP) Menu (Continued) ................................................................................................................................. 332
Transparent Bridge Menu CONFIG=>INTERFACE=>ISDN-BRI=>NETWORK PROTOCOL =><CHANNEL> =>TRANSPARENT
BRIDGE.................................................................................................................................................................................... 332
Routing Protocol Menu CONFIG =>INTERFACE =>ISDN-BRI =>ROUTING PROTOCOL =><CHANNEL> =>RIP .............. 334
OSPF Protocol Menu CONFIG =>INTERFACE =>ISDN-BRI =>ROUTING PROTOCOL =><CHANNEL> =>OSPF ............ 334
OSPF Protocol Menu (continued)............................................................................................................................................. 335
ISDN Menu CONFIG =>INTERFACE =>ISDN-BRI =>ISDN ................................................................................................... 337
Authentication Menu CONFIG =>INTERFACE =>ISDN-BRI =>AUTHENTICATION =><CHANNEL> ................................... 338
Bibliography ................................................................................................................................................ 338
CHAPTER 11 APPLICATION MENU ................................................................................................................ 339
Application Menu ....................................................................................................................................................................... 339
Telnet Menu APPLICATIONS=>TELNET ................................................................................................................................. 340
IP Ping Menu APPLICATIONS=>PING=>IP ........................................................................................................................... 340
Traceroute APPLICATIONS=>TRACEROUTE ........................................................................................................................ 341
Table of Contents 11
CyROS Reference Guide
CHAPTER 12 DEBUG MENU .......................................................................................................................... 342
DEBUG=>TRACE ...................................................................................................................................................................... 342
DEBUG=>EVENT LOGS=>DISPLAY ....................................................................................................................................... 342
DEBUG=>BUFFER REPORT=>GENERAL BUFFERS ............................................................................................................ 342
DEBUG=>HARDWARE TESTS ................................................................................................................................................ 342
DEBUG=>MESSAGE TRACE ................................................................................................................................................... 342
CHAPTER 13 INFO MENU ............................................................................................................................. 343
Info Menu INFO ........................................................................................................................................................................ 345
................................................................................................................................................................................................... 345
Info Menu INFO (continued) ..................................................................................................................................................... 346
CHAPTER 14 ADMIN MENU ........................................................................................................................... 347
Administration Menu ADMIN .................................................................................................................................................... 350
Administration Menu ADMIN (continued) ................................................................................................................................. 351
Load Configuration Menu ADMIN=>LOAD CONFIGURATION ............................................................................................... 352
Write to TFTP Server Menu ADMIN=>WRITE CONFIGURATION=>TO TFTP SERVER ....................................................... 352
Write to FTP Server Menu ADMIN=>WRITE CONFIGURATION=>TO FTP SERVER ........................................................... 353
Clear Menu ADMIN=>CLEAR .................................................................................................................................................. 353
Clear Menu ADMIN=>CLEAR (continued) ............................................................................................................................... 354
Download / Upload CyROS Menus ADMIN=>DOWNLOAD CyROS / UPLOAD CyROS ....................................................... 354
Kill session ADMIN=>KILL SESSION ...................................................................................................................................... 354
Kill Session Menu 1 ADMIN=>KILL SESSION=>RTELNET/SSH-1 OR CONSOLE ............................................................... 355
Kill Session Menu 2 ADMIN=>KILL SESSION=>SLOT N (ZBUS/T1/E1) OR X.25/PAD ........................................................ 355
EVENT PROGRAMMING MENU ADMIN=> EVENT PROGRAMMING=>PROGRAM ............................................................ 356
APPENDIX A APPLICATION PROGRAMMING INTERFACE (API) FOR X.25 WITH TCP SOCKETS .......... 357
Automatic mode ............................................................................................................................................. 358
Manual Mode (mode 3) .................................................................................................................................. 359
Outgoing Calls ................................................................................................................................................ 363
Incoming Calls ................................................................................................................................................ 365
Status Messages ............................................................................................................................................ 367
Details of the implementation of the TCP Port / DTE table in CyROS .......................................................... 368
Table of Contents 12
CyROS Reference Guide
APPENDICE B IPX ........................................................................................................................................... 369
Enabling IPX................................................................................................................................................... 370
Configuring the Ethernet Interface ................................................................................................................. 370
Configuring Other Interfaces .......................................................................................................................... 370
PPP ............................................................................................................................................................. 371
Frame Relay ............................................................................................................................................... 371
X.25 ............................................................................................................................................................ 371
Routing ........................................................................................................................................................... 371
The SAP (Service Advertisement Protocol) Table ......................................................................................... 373
INDEX ................................................................................................................................................................ 374
Table of Contents 13
CyROS Reference Guide
CHAPTER 1 HOW TO USE THIS REFERENCE GUIDE
CyROS stands for the Cyclades Routing Operating System. It is the operating system for all Cyclades Power
Routers (PR1000, PR2000, PR3000, and PR4000).
CyROS incorporates all the internetworking expertise and experience accumulated by Cyclades through the
years. It is a proven software platform that allows us to introduce new features and products without compromising
stability, reliability and robustness. It also allows us to provide interoperability, connectivity, security, and consistent
interfaces across the product line.
This manual describes CyROS commands and options. It is intended as a companion guide to the router installation
manual. CyROS commands are displayed in structured menus that are accessed by local sessions through:
• a console terminal (a PC with a terminal emulator or a VT100 terminal),
• a Telnet session from the network, or
• an HTTP session through a web browser.
This manual describes all the features available in CyROS. However, some features depend on the router model
or the CyROS profile installed.
CyROS is constantly evolving, and the menus in this manual might be slightly different from the menus in the
router. The latest version of this manual (and the latest version of CyROS) can be downloaded from the Cyclades
ftp site, ftp://ftp.cyclades.com.
For users new to CyROS, these chapters are recommended:
Chapter 2 – Using CyROS menus - explains how the menus are organized.
Chapter 3 – Main menu - describes the main menu for each type of user.
Chapter 1 - How to Use This Reference Guide 14
CyROS Reference Guide
Chapter 4 – Configuration menus - describes the menus used to configure the router and its interfaces.
Chapter 11 – Application menu - explains how to use the applications available in CyROS.
Chapter 13 – Info menu - describes how to display the router configuration, statistics and the status of the router
and its interfaces.
Chapter 14 – Admin menu - describes CyROS’ administration tools.
For details of configuration of a particular board, read the specific chapter dedicated to it (chapters 5 through 10).
Installation Assumptions
This Reference Guide assumes that the reader understands networking basics and is familiar with the terms and
concepts used in Local Area and Wide Area Networking.
Text Conventions
Common text conventions are used. A summary is presented below:
Convention Description
CONFIG=>INTERFACE=>L A combination of menu items, with the last being either a menu item, a
parameter, or a command. In this example, L lists the interface configuration.
<INTERFACE> A variable menu item that depends on hardware options or a choice of
hardware or software options.
IP Address A parameter or menu item referenced in text, without path prepended.
Screen Text Screen Text
<ESC>, <Enter> Simbols representing special keyboard keys.
Chapter 1 - How to Use This Reference Guide 15
CyROS Reference Guide
Icons
Icons are used to draw attention to important text.
Icon Meaning Why
What is Wrong? When an error is common, text with this icon will mention the symptoms and how to
resolve the problem.
Where Can I Find CyROS is complicated, and related material must be broken up into digestible pieces.
More Information? Text with this icon will indicate the relevant section.
Caution! Not following instructions can result in damage to the hardware. Text with this icon
will warn when damage is possible.
Reminder. Certain instructions must be followed in order. Text with this icon will explain the
proper steps.
Where Can I See Configuration information is provided in many locations throughout the CyROS
What I Configured? menus. Text with this icon will demonstrate how to display this data.
Chapter 1 - How to Use This Reference Guide 16
CyROS Reference Guide
Cyclades Technical Support And Contact Information
All Cyclades products include free and unlimited technical support, and software and manual updates.
These updates and the latest product information are available at:
http://www.cyclades.com
ftp://ftp.cyclades.com/pub/cyclades
Before contacting us for technical support on a configuration problem, please collect the information
listed below.
• The Cyclades product name and model.
• Applicable hardware and software options and versions.
• Information about the environment (network, carrier, etc).
• The product configuration. Print out a copy of the listing obtained by selecting INFO=>SHOW
CONFIGURATION=>ALL.
• A detailed description of the problem.
• The exact error or log messages printed by the router or by any other system.
• The Installation Guide for your product.
• Contact information in case we need to contact you at a later time.
In the United States and Canada, contact technical support by phone or e-mail:
Phone: (510) 770-9727 (9:00AM to 5:00PM PST)
Fax: (510) 770-0355
E-mail: support@cyclades.com
Outside North America, please contact us through e-mail or contact your local Cyclades distributor or representative.
Chapter 1 - How to Use This Reference Guide 17
CyROS Reference Guide
The mailing address and general phone numbers for Cyclades Corporation are:
Cyclades Corporation
Phone: + 01 (510) 770-9727
Fax: + 01 (510) 770-0355
41829 Albrae Street
Fremont, CA 94538
USA
Chapter 1 - How to Use This Reference Guide 18
CyROS Reference Guide
CHAPTER 2 USING CYROS MENUS
This chapter explains CyROS menu navigation and special keys. The Main Menu is shown in the figure.
Cyclades Router (Router Name) – Main Menu
1 – Config 2 – Applications 3 – Logout
4 – Debug 5 – Info 6 – Admin
Select Option ==>
All menus have the following elements:
• Title – In the above example: “Main Menu”
• Prompt – The text: “Select Option ==>”
• Options –The menu options, which are selected by number.
• Router Name – The default is the name of the product. Each router can be renamed for easier
identification.
Menus can also be navigated using a short-cut method. 4+1+1, for example, jumps to the driver trace
configuration menu. This option must be activated first by choosing the shortcut chacter in the
CONFIG=>SYSTEM=>ROUTER DESCRIPTION menu. In addition to the menus, some screens have
questions with letter choices. In the following example, several elements may be identified:
lmi-type((A)NSI, (G)roup of four, (N)one )[ANSI]:
• Parameter description – The name of the parameter to be configured, in this case “lmi-type”
• Options – Legal choices. The letter in parentheses is the letter that selects the corresponding option:
• Current value – The option in square brackets is the current value.
Pressing <Enter> without typing a new value leaves the item unchanged.
Chapter 2 - Using CyROS Menus 19
CyROS Reference Guide
Special Keys
<Enter> or These keys are used to end the input of a value.
<Ctrl+M>
<ESC> or These keys are used to cancel a selection or return to the previous menu. In some isolated
<Ctrl+I> cases, this key forwards you to the next menu in a series of menus at the same level.
<Backspace> These keys have the expected effect of erasing previously typed characters.
or <Ctrl+H>
L When available, this option displays the current configuration. For example, in the Ethernet
Interface Menu, “L” displays the Ethernet configurations.
On leaving a menu where a change in configuration was made, CyROS will ask whether the change is to be
saved:
(D)iscard, save to (F)lash, or save to (R)un configuration:
Selecting Discard will eliminate all changes made since the last time the question was asked. Saving to Flash
memory makes all changes permanent. The changes are immediately effective and are saved to the
configuration vector in flash memory. In this case, the configuration is maintained even after a router reboot.
Saving only to the Run configuration makes all changes effective immediately, but nothing is saved
permanently until explicitly saved to flash. This can be done through the menu options ADMIN =>WRITE
CONFIGURATION=>TO FLASH.
The menus and parameter lists are represented in this manual by tables. The first column contains the menu
item or the parameter, and the second column contains its description.
Example:
Parameter Description
Ethernet Enables/Disables the Ethernet interface
Chapter 2 - Using CyROS Menus 20
CyROS Reference Guide
CHAPTER 3 MAIN MENUS
The main menu depends on the user type. The super-user has access to all menu commands, while the regu-
lar user has access to a restricted subset of commands. The super-user main menu is structured as shown in
the following diagram:
Config Interface Ethernet [chapter 5]
SWAN [chapter 6]
Applications [chapter 11] Z-Bus [chapter 7]
ISDN-BRI [chapter 10]
Logout T1/E1 [chapters 8 and 9]
Debug [chapter 12] (other config sub-menus in chapter 4)
Info [chapter 13]
Admin [chapter 14]
FIGURE 3.1 SUPER-USER MAIN MENU TREE
Super-User Main Menu
Menu Option Description
Config Contains all of the menus related to configuration of the router. Each interface is covered
in a separate chapter. Please see chapters 4 - 9.
Applications Runs the applications Telnet, Ping and Traceroute. Please see chapter 10.
Logout Closes the super-user session.
Debug Provides tests and diagnostic tools. Please see chapter 11.
Info Displays the configurations set in the Config menu. Shows the status of each interface and
statistics related to the throughput. Please see chapter 12.
Admin Provides administration tools, including event programming, reboot, and date/time settings.
It also contains options to save operating system and configuration vector files on another
computer for backup or upgrading. Please see chapter 13.
Chapter 3 - Main Menus 21
CyROS Reference Guide
The default main menu for regular users is shown in Figure 3.2.
Applications Telnet
Ping
Traceroute
PPP
Logout
FIGURE 3.2 USER MAIN MENU TREE
User Main Menu
Menu Option Description
Applications Accesses the applications Telnet, Ping, Traceroute and PPP. The PPP application is
available only for dial-up connections or a direct connection using network serial cables.
Logout Closes the user session.
This user menu can be customized for each user. See the description of the menus CONFIG
=>SECURITY =>USERS (for users stored in the local database) and CONFIG =>SECURITY
=>DEFAULT USR MENU (for users authenticated by RADIUS or TACACS servers), in chapter 4.
Chapter 3 - Main Menus 22
CyROS Reference Guide
CHAPTER 4 THE CONFIG MENU
The Config Menu is very complex. Due to this fact, its description will be broken into several chapters. A guide
is given in Figure 4.1, and a brief description of each principal item is given in the following table.
Config Interface Ethernet [chapter 5]
SWAN [chapter 6]
Z-Bus [chapter 7]
T1/E1 [chapters 8 and 9]
ISDN-BRI [chapter 10]
Static Routes [section 4.1]
System [section 4.2]
Security [section 4.3]
Multilink [section 4.4]
IP [section 4.5]
Transparent Bridge [section 4.6]
Rules List [section 4.7]
Voice [separate manual provided with voice card]
Controller [chapters 8 and 9]
IPX
FIG 4.1 CONFIG MENU TREE
Chapter 4 - The Config Menu 23
CyROS Reference Guide
Config Menu CONFIG
Menu Option Description
Interface Contains menu trees for Ethernet and each of the three slots.
Static Routes Creates static routes to non-local hosts and other routers.
System Contains menu trees for control of the system log and SNMP management. Allows
configuration of modems, the console, the router description and hardware.
Security Contains submenus for user authentication and authorization, backup servers, and virtual
private network parameters.
Multilink Creates groups of circuits for load balancing, load backup, or link backup.
IP Contains submenus for DNS, TCP, DHCP, BGP and OSPF protocols.
Transparent Allows interconnection of remotely connected LANs through MAC-level bridges.
Bridge
Rules List Creates rules for IP filtering and traffic control.
Controller Configures T1/E1 interface channels.
The interface menu has one sub-menu for each slot. The configuration options are very different for each type
of board, and are treated separately. Chapter 5 covers the Ethernet interface, chapter 6 the SWAN interface,
chapter 7 the Z-Bus interface, chapter 8 the T1/E1 interface without signalling, chapter 9 the T1/E1 interface
with signalling, and chapter 10 the ISDN BRI interface.
Chapter 4 - The Config Menu 24
CyROS Reference Guide
Section 4.1 Static Routes
The menu tree for configuration of static routes is given in Figure 4.2.
Config Static Routes IP Add Route Destination IP Address
Subnet Mask
Gateway or Interface
Gateway IP Address
Metric
Interface
Is this a Backup Route?
OSPF Advertises This Static Route
External Metric
External MetricType
Delete Route
Edit Route
Clear Static Routes
FIG 4.2 STATIC ROUTES MENU TREE
Routers used in very small or simple networks may use static routes as the primary routing method. When RIP
or OSPF are used, some static routes may still be needed. Configuration of static routes will be explained
using two examples.
Chapter 4 - The Config Menu 25
CyROS Reference Guide
Network 2
142.10.0.0
Mask: 255.255.0.0
142.10.0.3
D
142.10.0.4
142.10.0.2 192.168.100.0
C 192.168.100.1 Mask: 255.255.255.0
Router 2
142.10.0.1 Router 1
F 192.168.100.3
10.0.0.3
E 192.168.100.2
Network 3
10.0.0.0
Mask: 255.0.0.0
B 10.0.0.2
A 10.0.0.1
Network 1
FIGURE 4.3 STATIC ROUTING EXAMPLE 1
In the first example, three networks are connected by 2 routers. The routing table for router 1 will automatically
include servers A,B,C, and D, as they are direct links. A static route must be created for access to Network 3.
This type of route, a Gateway route, tells the router that any message not intended for hosts A, B, C or D
should be sent to Router 2. Details are given in the parameter table that follows.
Chapter 4 - The Config Menu 26
CyROS Reference Guide
Router 2
Unnumbered 192.168.100.1
Interfaces Slot 3
on ETH0
cti
Conne
int
t-to-Po
Poin
Slot 1
Router 1 10.0.0.3 F
ETH0
E Network 3
B
A Network 1
FIGURE 4.4 STATIC ROUTING EXAMPLE 2
Figure 4.4 shows another static routing example to explain the Gateway or Interface parameter. Between the
two routers is a point-to-point connection. Another network could be created, but is not necessary. Both
routers can be assigned unnumbered interfaces, because everything that leaves one router is sent to the other.
The configuration for Router 1 is given in the table that follows.
Chapter 4 - The Config Menu 27
CyROS Reference Guide
Add Static Route Menu CONFIG =>STATIC ROUTES =>IP =>ADD ROUTE
Parameter Description
Destination IP Address that route will lead to. To configure a default route, type "default" or 0.0.0.0
Address for this parameter. Both Examples -- for the static route between Router 1 and
Network 3, the IP address is 192.168.100.0.
Subnet Mask Both Examples -- To access all hosts in Network 3, its mask, 255.255.255.0, is used.
Gateway or Example 1 -- the route is to a gateway.
Interface Example 2 -- the route is to an interface since unnumbered interfaces are being used.
Gateway IP Applies only when previous parameter is Gateway. It must be an address visible to the
Address router. In Example 1, it is 142.10.0.4.
Interface Applies only when previous parameter is Interface. Select the port (Ethernet or slot N)
that will be unnumbered. In Example 2, it is Slot 1.
Metric Relative cost of this link. Generally measured in number of routers between two IP
addresses. Both Examples -- 1.
Is This a Backup Indicates that this route is used as a backup in a multilink circuit. See section 4.4 for
Route? more information about multilink circuits.
OSPF Advertises Static routes defined in the router can be advertised by OSPF. Both this parameter
This Static Route and the parameter CONFIG=>IP=>OSPF=>GLOBAL=>ADVERTISE STATIC
ROUTES must be set to Yes for the route to be advertised.
External Metric Applies when OSPF Advertises This Static Route is set to Yes. Defines the metric that
will be advertised by OSPF.
External Metric-Type Applies when OSPF Advertises This Static Route is set to Yes. For Type 1, the total
metric of this route is composed of the internal metric (inside the autonomous system)
and the external metric (provided in the previous parameter). For Type 2, the total
metric of this route is the value provided in the previous parameter.
Section 4.2 System Configuration
This menu contains a mixture of configuration menus that do not fall into some other category. The menu tree
shown does not include the SNMP and RMON Management menus, as they are given in detail later in this
section.
Chapter 4 - The Config Menu 28
CyROS Reference Guide
Config System Syslog Console
Log Level
Filter Syslog Messages by Their Types
Show all Line Condition/Protocol Messages
Show Debug Information Messages
Show all User Authentication/Accounting Messages
Show all System Messages
Show all Routing Messages
Show all TCP/IP Messages
Show all Filter Messages
Show all SNA Messages
Show all Modem Messages
Server
Repeated
IP Server
Local Server
Time
Message Identification
Firmware Boot Boot From
Boot Protocol
Boot Filename
Boot Server IP Address
Hardware Watch Dog Timer Active or Inactive
Startup Tests Flash Skip or Perform
RAM Skip, Quick or Full
Console Current Console Speed
FIGURE 4.5 SYSTEM CONFIGURATION MENU TREE
Chapter 4 - The Config Menu 29
CyROS Reference Guide
Router Description Prompt String
Router Name
Router Location
Router Contact
Banner Terminating Character
Banner string
Login String
Password String
Escape Char
Shortcut Char Select host Number
Host Name
IP Address
Hosts TCP Port ID
Modems Dial Out Table Add Protocol
IP Adress
Init String
Dial String
Authentication Method
Login Name
Edit Password
Select Dial-Out Number TX00 String
Rest same as Add RX01 String
Delete Select Dial-Out TX01 String
Number to Delete RX02 String to TX08 String
Modem String Table Modem strings Index
Modem Initialization String
Modem Ring String
Modem Hang-up String
FIGURE 4.5 SYSTEM CONFIGURATION MENU TREE, CONTINUED
Chapter 4 - The Config Menu 30
CyROS Reference Guide
A summary of the options in this menu is given in the table that follows.
System Configuration Menu CONFIG=>SYSTEM
Menu Option Description
Syslog Sends warning messages to a remote server or displays them on the console screen.
Firmware Boot Enables booting of the router with a copy of CyROS other than that stored in flash memory.
Hardware Enables the Watch-Dog Timer, a feature which automatically restarts the router in case of
an unexpected software error. Enables flash and RAM start-up tests. The RAM test has
three options: disabled, enabled, and quick test, the last being less conclusive.
Console Sets the speed for the connection between the router and the computer used as a console.
The default is 9.6k, but other speeds are available. This number must match that used by
the console's terminal emulator.
Router Personalizes the operating system, including some strings which are displayed to the user.
Description The most useful parameters are the router name (which appears in the menu header and
allows you to tell two routers apart), and the banner string, which is sent to remote users on
connection.
Hosts Assigns aliases for up to 32 hosts.
Modems Associates IP addresses with telephone numbers for the dial-out table and defines modem
strings for up to 16 different types of modems in the modem strings table.
UDP Commands Allows communication with the router via messages sent by an external program using the
UDP protocol. The router interprets the message and performs an action that is configured
in this menu. The only option currently available is to clear all TCP sessions.
SNMP/RMON SNMP (Simple Network Management Protocol) and RMON (Remote Network Monitoring)
Mngmt are used for network management. Hosts and community tables, along with traps, alarms,
events, and RMON histories and statistics are configured in this menu.
CPU Utilization Available when SNMP is enabled. Makes CPU utilization statistics available to SNMP
Clients.
Accounting Enables recording of IP packets, by service.
The Syslog menu is described in the following table.
Chapter 4 - The Config Menu 31
CyROS Reference Guide
Syslog Menu CONFIG=>SYSTEM =>SYSLOG
Parameter Description
Console Displays Syslog messages on the console screen, whether or not someone is
logged in.
Server Sends Syslog messages to a server.
The next parameters apply when Console = Yes and/or when Server = Yes. If both Console and Server
Syslog messages are requested, the parameters will appear twice so that the two Syslog displays can be
configured separately
Log Level Applies to Syslog messages appearing on the console. The levels are defined
in the next table. Each level contains the messages of the previous level.
Filter Syslog Messages by Allows the selection of which Syslog messages will be displayed.
Their Types
The parameters that follow (up to Show All Modem Messages) appear only if the previous parameter is Yes.
Show All Line Condition/ Displays line condition and protocol Syslog messages.
Protocol Messages
Show All Debug Information Displays debug messages, usually needed only by software engineers working
Messages on CyROS.
Show All User Displays authentication and accounting messages for both local authentication
Authentication/ Accounting and Radius/TACACS authentication.
Messages
Show All System Messages Displays system messages, like problems with hardware or in writing to flash.
Show All Routing Messages Displays messages when the routing table is modified.
Show All TCP/IP Messages Displays TCP/IP connection messages and indicates when socket connections
are established and closed.
Show All Filter Messages Displays messages regarding IP packet filtering.
Show All SNA Messages Displays SNA debug messages, usually needed only by software engineers
working on CyROS.
Show All Modem Messages Applies only to the PR4000. Displays messages related to incoming calls.
This table is continued
Chapter 4 - The Config Menu 32
CyROS Reference Guide
Syslog Menu CONFIG=>SYSTEM =>SYSLOG (continued)
Parameter Description
Commands for Server = Yes
IP Server Remote server IP address where the messages should be sent.
Local Level Number used by the Syslog program on the server to determine where to save the
messages. On some UNIX systems, the /etc/syslog.conf file contains the
association between the name "local<Local Level>.*" and the file where the
messages should be stored. See man syslog.conf in the server's operating system
for more information.
Time Applies to Syslog messages sent to the server. Puts a timestamp on all messages.
Message Identification Applies to Syslog messages sent to the server or displayed on the console. Allows
the inclusion of an identifying string in each message.
Definition of the Syslog Messages:
Syslog Level Messages Displayed
0 System Unusable
1 Alert / Security
2 Initialization Error
3 Recoverable Error
4 Minor Problems
5 Significant Conditions
6 Information
7 Debug Only
Chapter 4 - The Config Menu 33
CyROS Reference Guide
Details of the Firmware Boot Menu are presented in the following table.
Firmware Boot Menu CONFIG =>SYSTEM =>FIRMWARE BOOT
Parameter Description
Boot From Determines which copy of CyROS will be used to boot the system. Flash loads CyROS
from the flash memory. Network loads CyROS from a server in the network. This
simplifies upgrades for a system with many routers.
Parameters Applying only to Boot From Network
Boot Protocol Protocol used for the network boot: Bootp, TFTP, or Both.
Boot Filename Locates file containing CyROS. Not used for Bootp.
Boot Server IP Locates server where file is located.
Address
Specific router parameters that must be defined are shown in the following table.
Router Description Menu CONFIG=>SYSTEM=>ROUTER DESCRIPTION
Parameter Description
Prompt String String used instead of Select option ==>.
Router Name Name used to differentiate between two or more routers of the same model. The default is
the model name.
Router Location Used to indicate the location.
Router Contact Used to identify the person who maintains the router.
Banner Character that will be used to indicate the end of the banner string in the next parameter.
Terminating
Character
Banner String String that will be sent to a remote user when a modem connection is established
(maximum of 255 characters). After typing the banner, press the character chosen in the
previous command (Banner Terminating Character) to end the banner string.
This table is continued.
Chapter 4 - The Config Menu 34
CyROS Reference Guide
Router Description Menu CONFIG=>SYSTEM=>ROUTER DESCRIPTION (continued)
Parameter Description
Login String String used instead of Username: Maximum of 16 characters.
Password String String used instead of Password: Maximum of 16 characters.
Escape Char ASCII character that will be used to return to the previous menu. The default is <ESC>.
Shortcut Char ASCII character used to enter router commands quickly. Usually + is used, but other
characters are available. A description of this method is given in chapter 2. A character
must be chosen here before the shortcut method will work.
Assignment of host names is explained in the following table.
Hosts Menu CONFIG=>SYSTEM=>HOSTS
Parameter Description
Host Number Sequential number (1 to 32) used to identify the host in the list.
Host Name String (maximum 8 characters) used as an alias by the router. This name can be used in
Telnet, Ping and Traceroute applications.
IP Address IP address to be associated with the host name.
TCP Port ID Number specifying the port for TCP Port ID sessions to the host. The preset value is 23.
The modem parameters are described in two separate tables.
Chapter 4 - The Config Menu 35
CyROS Reference Guide
Dial-Out Table Menu CONFIG=>SYSTEM=>MODEMS=>DIAL OUT TABLE=>ADD
Parameter Description
IP Address IP address of the host that will answer the connection.
Init String Commands to be sent to the modem during initialization. (See the modem's manual for
appropriate strings.)
Dial String Dial commands to be sent to the modem.
Authentication Method to be used for authentication when connecting to this IP address:
Method Direct – direct authentication, where the username and password are sent using strings.
None – no authentication is used.
PAP (Password Authentication Protocol) – the string “login name, password” is transmitted
in plain text.
CHAP (Challenge Handshake Authentication Protocol) – this method is based on the
existence of a shared secret (between the sender and the receiver). The authenticator
sends a unique number (challenge) plus the “login name”. The authenticatee should
answer with an MD5 encrypted password based on the challenge and the shared secret.
The authenticator allows the PPP connection if the received password is valid.
Both – [PAP or CHAP] The two sides of the PPP connection negotiate the authentication
method at the time of connection.
Login Name Login name expected by the remote host.
Password Password expected by the remote host.
Parameters used only with the Direct Authentication Method.
TX00 String Message to be sent to the remote authenticator as soon as the modem connects.
RX01 String String to be expected from the authenticator.
TX01 String String to be sent to the remote authenticator in reply.
RX02 String to More strings (if necessary), up to 8 pairs of questions and answers.
TX08 String
Chapter 4 - The Config Menu 36
CyROS Reference Guide
Modem Strings Table Menu CONFIG=>SYSTEM=>MODEMS=>MODEM STRINGS TABLE
Parameter Description
Modem Strings Identifies a set of modem commands, or a type of modem. This number will be used to
Index describe the modem in the CONFIG=>INTERFACE=><INTERFACE>=>PHYSICAL
=>MODEM STRING INDEX parameter.
Modem Set of initialization commands to be sent to the modem.
Initialization
String
Modem Ring Sent to the modem in response to a RING command.
String
Modem Hang-up Sent to the modem when the line goes down.
String
Chapter 4 - The Config Menu 37
CyROS Reference Guide
UDP Commands Menu CONFIG=>SYSTEM=>UDP COMMANDS
The only UDP command currently available is Clear All Sessions. Figure 4.6 shows an example of the use of
this feature.
Terminal Using
a Socket Application
Terminal
UsingTelnet
Dial-In Lines
Cyclades ......
......
....
PR3000
......
......
......
Host 1
Backup
Host 2 for Host 1
Running UDP
Switch-over Program
FIGURE 4.6 UDP COMMAND EXAMPLE
A network has a critical host (host 1) and a secondary host for backup. When the primary host goes down, its
funcionality is switched to the backup host via instructions received from Host 2. TCP dial-up connections
cannot be transferred, so all sessions should be dropped to enable the users to call in again and reach the
backup host. The port on which the router will receive this request and the string contained in the request are
defined in this menu.
Chapter 4 - The Config Menu 38
CyROS Reference Guide
UDP Clear All Sessions Menu CONFIG =>SYSTEM =>UDP COMMANDS =>CLEAR ALL SESSIONS
Parameter Description
Clear All Router UDP port (1025-65535) to which remote host will send the Clear All Sessions
Sessions UDP Request String.
Port
Clear All When the router receives this string, it confirms the message received (by sending a
Sessions message with the Clear All Sessions Acknowledgement String to the sender), and clears all
Request String active sessions.
Clear All String to be sent to remote host to confirm receipt of the Clear All Sessions Request String
Sessions Ack message.
String
To see the port and string information registered in CONFIG=> SYSTEM=>UDP
COMMANDS=>CLEAR ALL SESSIONS, use the list command: CONFIG=> SYSTEM=>UDP
COMMANDS=>L.
SNMP (Simple Network Management Protocol)
SNMP is used for network management. A network management system based on this protocol consists of:
• a management station,
• management agents,
• and a management information base (MIB) for each station/agent.
The management station provides an interface to the management system and maintains the Central MIB.
Management agents are all hosts, routers, bridges, and hubs that are managed by the management station.
Each one maintains a local MIB. The MIB is a collection of objects, standardized across a network. The
management station monitors the agents by collecting the values of local MIB objects. The SNMP Menu Tree
is shown in Figure 4.7.
Chapter 4 - The Config Menu 39
CyROS Reference Guide
Config System SNMP/RMON Host Table Add Host IP Address
MNGMNT Subnet Mask
Delete Host IP Address
Clear Host Table
Community Add Community Community Name
Table Type
Status
Delete Community Community Name
Edit Community Community Name
New Name
Type
Status
Clear Community Table
Traps Add Trap Options
Trap Status
Delete Trap Community
IP Adress
RMON [next figure]
FIGURE 4.7 SNMP MENU TREE
Chapter 4 - The Config Menu 40
CyROS Reference Guide
A brief clarification of these options is given in the following table:
SNMP Management Menu CONFIG =>SYSTEM =>SNMP/RMON MANAGEMENT
Menu Option Description
Host Table SNMP management stations that manage this router. Up to 32 IP-address/mask pairs can
be entered. The host table for the example is given in the figure.
Community Table The SNMP community is better understood as a general password used in combination
with the IP addresses stored in the host table. The simplest case would be to have one
read/write community for management stations controlling the router and one read only
community for other management stations. For convenience in the grouping of stations, up
to 5 communities can be defined.
Traps The router can send messages to the management stations when certain conditions (traps)
are met. Up to 72 traps can be defined. See the section on traps in this chapter for more
information.
RMON RMON statistics and history configurations, along with alarm and event sub-menus.
A typical example with one router, two LANs, and two management stations is shown in Figure 4.8.
Management station 1 monitors hosts 1 and 2 and the router. Management station 2 monitors hosts 3 and 4
and the same router.
Chapter 4 - The Config Menu 41
CyROS Reference Guide
Management Station 1
Host Table
IPCommunity
200.0.0.55 Get:Manag1 Management
Set:Manag1 Station 2
Trap:T Manag1 IP: 70.0.0.23
200.0.0.1 All:LAN 1
200.0.0.2 All:LAN 1 Host 4
Management LAN 2 IP: 70.0.0.4
Station 1
IP: 200.0.0.7 Router
IP: 200.0.0.55 IP: 70.0.0.11
Host 3
IP: 70.0.0.3
LAN 1 Router Host Table
IPMask
Host 2 70.0.0.23 255.255.255.255
Host 1 200.0.0.7 255.255.255.255
IP: 200.0.0.2
IP: 200.0.0.1 Router Community Table
Public : Read
Manag1 : Read/Write
Manag2 : Read/Write
FIGURE 4.8 SNMP EXAMPLE
Chapter 4 - The Config Menu 42
CyROS Reference Guide
In this example, the router has 3 passwords (communities). Management station 1 can access the router using
any of the three. Which one it uses determines whether it has read/write or read only access. The host table of
the management station stores the IP address/community pair needed to access each agent in the system. In
this example, it stores the router’s IP address together with the community manag1. This gives it read/write
access to the router. Further explanations are given in the following tables.
Add Community Menu CONFIG =>SYSTEM =>SNMP/RMON MANAGEMENT =>COMMUNITY TABLE =>
ADD COMMUNITY
Parameter Description
Community Name that will be used by the management stations as a password to access the router.
Name The maximum length is 7 characters. In the example there are four communities: Public,
Manag1, Manage2 and TManag1.
Type Type of access allowed for this community.
Read – management stations can read MIB variables.
Read/Write – management stations can read and modify MIB variables.
Status Enabling or disabling of this community.
When the network contains many agents, the management station can opt to receive MIB information from
agents only when certain conditions are met. Traps are set on each agent, with information as to which
management station should receive the information. This reduces network traffic and simplifies the processing
of the incoming messages.
As an extension of the previous example, the router will set three traps. As a preview, output from
CONFIG=>SYSTEM=>SNMP/RMON MANAGEMENT=>TRAPS=>L will look like this after configuration:
# Type Status Community Destination
1 Link 2-Up/Down Enabled tmanag2 70.0.0.23
2 Rising Enabled 200.0.0.7
3 Falling Enabled 200.0.0.7
Chapter 4 - The Config Menu 43
CyROS Reference Guide
Management station 2 will receive a message from the router whenever link 2 (slot 1) changes status. The
only parameters that need to be set are in Add Trap.
Add Trap Menu CONFIG=>SYSTEM=>SNMP/RMON MANAGEMENT=>TRAPS =>ADD TRAP
Parameters Description
Options Currently, 5 types of traps are provided in CyROS.
Cold start: whenever the router is rebooted.
Link up/down: when the link status changes (for a given slot). Trap 1 is of this type.
Authorization failure: When a management station attempts to perform an action with an
inappropriate community.
Rising alarm/Falling alarm: See section on alarms in this chapter for more information.
Traps 2 and 3 are of this type.
Trap Status Enabling or disabling of this trap.
Community Community that is defined in management station's host table for router's IP address. For
management station 1 in the example, it would be Tmanag1, and for management station
2, Tmanag2.
IP Address Address of the management station that is to receive the message. For management
station 1 in the example, it is 200.0.0.7.
Rising and Falling Traps are especially complicated. Management station 1 is interested in the messages
arriving over the internet. Two traps will be set for ifInOctets (MIB: 1.3.6.1.2.1.2.2.1.10.1) for maximum and
minimum values of interest. This involves traps, alarms, and events.
Chapter 4 - The Config Menu 44
CyROS Reference Guide
Where Parameters are Trap #2 - Rising Alarm 1
Defined Rising Event: Event 1 -> Event 1
Falling Event: Event 2 -> Event 2
Trap #3 - Falling Alarm 2
Rising Event: Event 3 -> Event 3
Falling Event: Event 4 -> Event 4
What is defined Destination of Trap MIB Object, Conditions for Alarm Community
Message
What is NOT defined Alarm Number, Destination
Event Number
An alarm can evoke only 2 events -- one for rising and one for falling. An event can be called by any number of
alarms. Trap 2, a rising trap, will send messages to the configured destination IP address for ALL rising events
(bold in above table). This is irrespective of the communities defined in the related events.
The configuration of alarms will now be described. The output of CONFIG=>SYSTEM=>SNMP/RMON
MANAGEMENT =>RMON=>ALARM=>L, showing a new alarm configured to fire when ifInOctets passes
700 or goes below 200, is displayed next.
Alarm Group Entries
Alarm Index : 1
Mib Object : 1.3.6.1.2.1.2.2.1.10.1
Sample Interval : 60
Sample Type : Delta
Startup Alarm : Rising
Rising Threshold : 700
Event to Fire on Rising Threshold Crossing : 1
Falling Threshold : 200
Event to Fire on Falling Threshold Crossing : 2
Owner : naomi
Chapter 4 - The Config Menu 45
CyROS Reference Guide
Explanations of the Alarm parameters appear in the table below.
Add Alarm Menu CONFIG=>SYSTEM=>SNMP/RMON MANAGEMENT=>RMON=>ALARM=>ADD ALARM
Parameter Description
Alarm Index Non-consecutive number used to identify the alarm.
MIB Object The number of the object in MIB format, e.g. 1.3.6.1.2.1.5.1.0
Sample Interval How often the value should be sampled, in seconds.
Sample Type Absolute or delta, delta being the current value less the previous sample value. Check the
MIB documentation for more information about the particular MIB object.
Start-up Alarm This determines which alarm will be triggered first. In the example output, this parameter
is rising. If the first value sampled is 400, and the next is 150, the falling threshold is
breached but the alarm will not fire until the rising threshold is crossed at least once.
Rising Threshold Value to trigger alarm when MIB object value is increasing. In Alarm 1, it is 700 octets per
second, because the sample interval is 1 second.
Event to Fire on Number of event -- must be configured separately, see the following paragraphs. For Alarm
Crossing Rising 1, it is Event 1
Threshold
Falling Threshold Value to trigger alarm when MIB object value is decreasing. In Alarm 1, it is 200 octets per
second.
Event to Fire on Number of event -- must be configured separately, see the following paragraphs. For
Crossing Falling Alarm 1, it is Event 2.
Threshold
Owner Name of person setting up this alarm, for later reference.
Chapter 4 - The Config Menu 46
CyROS Reference Guide
Since this alarm is linked to two events (one for rising, one for falling), these events must be created. After
creation, the output of CONFIG=>SYSTEM=>SNMP/RMON MANAGEMENT=>RMON=>EVENT=>L will be:
Event Group Entries
Event Index : 1
Description : on octets rising
Event Type : Trap
Community Name : tmanag1
Owner : naomi
Event Index : 2
Description : on octets falling
Event Type : Trap
Community Name : tmanag1
Owner : naomi
The last step in this example is the creation of two traps, one for rising and one for falling. These can be seen
in the previous traps display. Note that the community does not appear in the CONFIG=>SYSTEM=>SNMP/
RMON MANAGEMENT=>TRAPS=>L display. This is because the community is defined in the event and all
rising events will be associated with a rising trap. A curiosity of SNMP is that all rising events will be sent due
to the rising trap. The combination of IP address and community will determine if the message is used by the
receiving management station.
Chapter 4 - The Config Menu 47
CyROS Reference Guide
Details of event definition are shown in the next table.
Add Event Menu CONFIG=>SYSTEM=>SNMP/RMON MANAGEMENT=>RMON=>EVENT=>ADD EVENT
Parameter Description
Event Index Non-consecutive number used to identify the event.
Description A string describing the event, used to distinguish different events for ease of administration.
Event Type Trap: sends a message to the management station.
Log: stores the information in the RMON event group log table. This is only accessible
through SNMP. The administrator of the router cannot see this information by logging into
the router.
Community Community that is set up in the management station's host table for the router's IP address.
For management station 1 in the example, it would be Tmanag1.
Owner Name of person setting up this alarm, for later reference.
Remote Network Monitoring (RMON)
The RMON sub-menu tree is shown in Figure 4.9. Parameters related to RMON are explained in the following
tables.
Chapter 4 - The Config Menu 48
CyROS Reference Guide
Config
Statistics Statistics Status
Promiscuous Mode
System
History Add History Control Enter History Table Index
Number of Discrete
SNMP RMON Delete History Control Sampling Intervals
Management Edit History Control Interval
Clear All Owner Name
Alarm Add Alarm Alarm Index
MIB Object
Delete Alarm Sample Interval
Edit Alarm Sample Type
Clear All Startup Alarm
Rising Threshold
Event to Fire on Rising
Threshold Crossing
Falling Threshold
Event to Fire on Falling
Threshold Crossing
Owner name
Event Add Event Event Index
Description
Delete Event Event Type
Edit Event Community
Clear All Owner Name
FIGURE 4.9 RMON MENU TREE
Chapter 4 - The Config Menu 49
CyROS Reference Guide
RMON Statistics Menu CONFIG=>SYSTEM=>SNMP/RMON MANAGEMENT =>RMON=>RMON STATISTICS
Parameter Description
Statistics Status Enables/disables collection of low-level utilization and error statistics. These statistics are
available only through SNMP.
Promiscuous Causes the router to collect information on all network traffic on the LAN. When disabled,
Mode only traffic passing through the router will be analyzed.
RMON Add History Menu CONFIG=>SYSTEM=>SNMP/RMON MANAGEMENT=>RMON=>RMON
HISTORY=> ADD HISTORY CONTROL
Parameter Description
History Table Number that uniquely identifies a row in the history table (the historyControlIndex). CyROS
Index is limited to 3 history table entries.
Number of Number of back samples stored at any given time.
Discrete
Sampling
Intervals
Interval The sampling interval, in seconds. Valid values are 1 to 3600 (1 hour).
Owner Name Name of person setting up this request, for later reference.
Section 4.3 Security Configuration
The Security Configuration Menu contains various access and validation topics. IP filtering is covered
separately in section 4.7. The Security Configuration menu tree is shown in Figure 4.10.
Chapter 4 - The Config Menu 50
CyROS Reference Guide
Config
Users Add User Name
New User Name
Delete Password
Security Confirm New Password
Modify User Type
User Status
Start Telnet Session Mode
Host N
Host N Automatic Login User Name
Main Menu Items for User
Disable Login on Console
Disable Login on Terminal
Disable Login on PPP
Disable Login on Telnet
Disable Login on PAD Terminal
NAT General Status
Mode
Disable port translation
Global Add Range First IP Address
Address Last IP Address
Delete Range
Local Add Range Net IP Address
Address Netmask
First IP Address
Last IP Address
Shold Rande be Translated
Delete Range
FIGURE 4.10 SECURITY CONFIGURATION MENU TREE
Chapter 4 - The Config Menu 51
CyROS Reference Guide
Static Add Entry Global IP Address
Translation Delete Entry Protocol
Global Port
Timeouts UDP Timeout Local IP Address
DNS Timeout Local Port
TCP Timeout
TCP Flags Timeout
Radius Radius Status Disabled Port Translation
Add Radius Server IP Address
Radius Server Type
Radius Server Retries
Radius Server Timeout
Radius Server Encryption Key
Radius Server Authentication Port
Radius Server Send Start Accounting
Edit Same as Add
Delete
Move to Top
Tacacs Add Tacacs Server IP Address
Tacacs Server Type
Tacacs Server Retries
Tacacs Server Timeout
Edit Same as Add
Delete
Move to Top
FIGURE 4.10 (PART 2) SECURITY CONFIGURATION MENU TREE
Chapter 4 - The Config Menu 52
CyROS Reference Guide
Default User Menu Enable Telnet
Enable Ping
Enable Traceroute
LAN IP Add Backup Primary IP Address Enable PPP
Backup Delete Backup Backup IP Address Enable Slip
Edit Backup
Clear Backup Entries
VPN Remote Gateways Add Gateway Remote Security
Delete Gateway Gateway IP Address
Edit Gateway Secret
Local IP Networks Add Network Local Network Address
Delete Network Local Network Netmask
Edit Network
Clear Local Network
Remote IP Networks Add Network Remote Network IP Address
Delete Network Remote Network Netmask
Edit Network Remote Security Gateway
Clear Remote Networks IP Address
Options Cyclades VPN Status
Tunnel Keepalive Timeout
Tunnel Keepalive Retries
Tunnel Inactivity Timeout
Time Interval for VPN Retries
SSH General SSH Active
Negotiation Timeout
Generate Keys Number of Retries
FIGURE 4.10 (PART 3) SECURITY CONFIGURATION MENU TREE
Chapter 4 - The Config Menu 53
CyROS Reference Guide
A summary of the Security Menu options is given next.
Security Menu CONFIG=>SECURITY
Menu Option Description
Users Management of local user accounts, including user type, password, access, main menu
options. The super user has access to all menus. The usr user is shown a menu, upon
sucessful login, with the items chosen in the user’s profile. The pppauto user is connected
directly to the user via PPP. No menu appears. The auto user is connected via telnet
directly to the host specified as host 1 in the user profile. His user name on the host can be
defined in the CONFIG=>SECURITY=>USERS=>ADD menu, which means he will only
need to supply his password during login.
NAT Network Address Translation sub-menus.
Radius Adds Radius servers and determines in which order they are contacted. Move to Top
causes the server selected to be contacted first.
Tacacs Adds Tacacs servers and determines in which order they are contacted. Move to Top
causes the server selected to be contacted first.
Default Usr Menu Menu items for the user main menu when Radius or Tacacs server authentication is used.
LAN IP Backup When packet delivery to a critical application must be guaranteed, a backup LAN IP
address can be chosen for a critical host. CyROS monitors the critical host, and if it goes
down all messages are passed to the backup host transparently. Up to 4 server pairs can
be entered.
VPN Creates Virtual Private Networks where authentication, criptography and authenticity
garantee protocols are applied when packets are sent.
SSH Secure shell parameters. SSH Active activates the SSH server, Negotiation Timeout
determines the time allowed for a SSH connection to be established by the SSH client
(values 0-600sec, with 0=no timeout), Number of Retries (values 0-999) is the number of
retries permitted by the same remote SSH client, and Generate Keys allows the alteration
of the pair of RSA keys.
Chapter 4 - The Config Menu 54
CyROS Reference Guide
The menu items configured in the Default Usr Menu option above are only for Radius or Tacacs
authenticated users. The menu items for local users are chosen individually when the user is
created, in CONFIG=>SECURITY=>USERS=>ADD.
NAT (Network Address Translation)
NAT exists to convert local IP addresses into Internet “global” IP addresses. Internet IP addresses are
assigned by Internet providers. Due to the explosion of the internet, these numbers are scarce. Certain ranges
of IP addresses are reserved for internal use only — they may not have a direct connection to the Internet (for
reference, they are 10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.31.255.255, and 192.168.0.0 -
192.168.255.255). These are used as local IP addresses. Figure 4.11 shows an example of the utility of NAT:
Global Address Range ftp Networks
- Network: 200.240.230.224 Server 192.168.0.0 &
- Mask: 255.255.255.240 192.168.0.30 200.200.200.0
Host
Host
200.240.230.2 PC
PR1000 With 200.200.200.11 WWW
Expanded NAT Server
200.200.200.10
192.168.0.31
192.168.0.5
Router Ethernet Port
Primary IP Address: 192.168.0.1
Secondary IP Address: 200.200.200.1
FIGURE 4.11 NAT EXAMPLE
Chapter 4 - The Config Menu 55
CyROS Reference Guide
In this example, the company has:
• 14 global IP addresses available for NAT, 200.240.230.225 to 200.240.230.238,
• Two networks connected to the router via the Ethernet Interface, one of which will be translated,
• Two servers that are accessed via the same global IP address, assigned statically.
After configuring the router as shown in the example, CONFIG =>SECURITY =>NAT =>L will display:
NAT Enabled
NAT mode Expanded
Port map translation Enabled
UDP Timeout (min) 5
DNS Timeout (min) 1
TCP Timeout (min) 1440
TCP flags Timeout (min) 1
NAT Global Addresses
# address range
1 200.240.230.225 to 200.240.230.238
NAT Local Addresses
# address range
1 192.168.0.0 255.255.255.0 translated
Chapter 4 - The Config Menu 56
CyROS Reference Guide
NAT Static Translation Table
# Global address / port local address / Port Protocol
1 200.240.230.225 / 20 192.168.0.30 / 20 TPC
2 200.240.230.225 / 21 192.168.0.30 / 21 TPC
3 200.240.230.225 / 80 192.168.0.31 / 80 TPC
Types of Address Translation
In dynamic address translation, a pool of global IP addresses is loosely related to a pool of local IP
addresses. Mapping of one onto the other is done dynamically whenever a computer on the local network
requests a connection to the external network. When the connection is broken, the global IP address is
returned to the pool. Hosts connected via dynamic address translation must initiate all connections with the
external network.
In static address translation, one global IP address (or global IP address / port pair) is permanently associ-
ated with one local IP address (or global IP address / port pair). In the example, the web server is connected to
one of the global IP addresses for services on port 80, reducing the IP address pool to 13. Static address
translation is used when the connection with the external network is to be initiated from either side — external
or internal.
Translation may be done in two ways:
1 Address translation only – each global address is assigned to a single local address when necessary. In
the example, there are only 13 global addresses available and more than 13 hosts . With this type of
translation, only 13 servers can connect to the Internet at any given time.
2 Port and address translation — the UDP/TCP port and local IP address are translated as a pair. With this
type of translation, only ONE global address is needed. All hosts can be mapped to the same global IP
address. This can be used in our example to allow all hosts in the 192.168.0.0 network access to the
Internet at the same time.
Chapter 4 - The Config Menu 57
CyROS Reference Guide
Some services are not supported by NAT (SNMP, NetBios, routing protocols) and others are limited by NAT
(ICMP, DNS). CyROS NAT supports FTP, DNS, Telnet, Traceroute, SMTP, HTTP, ICMP, ntalk, and talk. The
NAT translation table supports up to 2048 simultaneous entries. When NAT and IP filtering are used together
(see section 4.7), filter rules are applied to incoming packets before NAT is applied. The inverse is true for
outgoing packets -- NAT is applied before IP filtering.
NAT Menu CONFIG =>SECURITY =>NAT
Menu Option Description
General Parameters for enabling NAT and choosing the NAT Mode (Normal or Expanded). Also
includes the port translation option.
Global Address The first and last IP addresses in the range. In the example, these numbers are
200.240.230.225 and 200.240.230.238.
Local Address For Expanded NAT, the local network IP address and network mask, and whether or not
the network should be translated. In the example, these numbers are 192.168.0.0 and
255.255.255.0. For Normal Mode NAT, the first IP address in the range to be translated
and the number of IP addresses in the range.
Static Translation Defines a static translation between a global IP address/port pair and a local IP
address/port pair. In the example, three such pairs are defined.
Timeout Definition of inactivity timeouts for UDP, DNS, and TCP dynamic NAT translations.
What is the difference between Expanded and Normal Mode NAT? The Normal Mode is a previous
implementation of NAT used in the Power Router line. It has been maintained for backward
~ compatibility. Expanded NAT provides static translation not only from one IP address to another, but
from one IP address/port pair to another IP address/port pair.
Chapter 4 - The Config Menu 58
CyROS Reference Guide
NAT Menu CONFIG =>SECURITY =>NAT
Menu Option Description
NAT Status Enables NAT.
NAT Mode Provides a choice between the previous and still existing NAT version (the Normal Mode)
and the new Expanded NAT version. Note that if this parameter is changed, all NAT
parameters will be reset to the preset values.
Disable Port Disables/enables NAT with port translation. If this parameter is changed while the router
Translation is in use, all the active translations are destroyed, and their entries are removed from the
translation table.
Timeout Menu CONFIG =>SECURITY =>NAT =>TIMEOUT
Parameter Description
UDP Timeout Inactivity time required before a UDP translation is removed from the translation table.
An entry is created in the translation table the first time a UDP packet passes through the
interface. Five minutes is a reasonable time.
DNS Timeout Inactivity time required before a DNS translation is removed from the translation table.
TCP Timeout Inactivity time required before a TCP translation is removed from the translation table.
This time should be relatively long, because under normal conditions TCP connections
are formally disconnected with FIN (No more data from sender) or RST (Reset
Connection) flags.
TCP Flags Timeout Inactivity time required, after the receipt of a FIN, RST, or SYN (Synchronize sequence
numbers) flag, before a TCP translation is removed from the translation table. This time
can be relatively short, because after the TCP connection has been closed, there is no
further need for its address translation.
Chapter 4 - The Config Menu 59
CyROS Reference Guide
Add Radius Server Menu CONFIG=>SECURITY=>RADIUS=>RADIUS STATUS=>ADD
Parameter Description
Radius Server IP RADIUS (Remote Authentication Dial-In User Service) requires a server providing user
Address authentication and accounting. More than one can be configured, and each one is tried, in
order, if the previous one fails to respond.
Radius Server Authentication: Determines if user can access the network.
Type Accounting: Monitors user's network activity.
Both: Authentication and Accounting.
Radius Server Number of times router will resend request if RADIUS server does not answer.
Retries
Radius Server Waiting time between RADIUS server retries, in seconds.
Timeout
Radius Server Encryption Key used in communications between the router and the Radius server. The
Encryption Key string can have a maximum of 16 characters and is case-sensitive.
Radius Server 1812: – UDP ports 1812 and 1813 are used for Radius, according to RFCs 2138 and 2139;
Authentication 1645: – UDP ports 1645 and 1646 are used for Radius, according to RFCs 2058 and 2059
Port (now obsolete, but still common).
Radius Server No: Economizes messages between the router and Radius server. Instead of sending the
Send Start Accounting Request Start message, the Access Accept message is interpreted as the
Accounting beginning of the session.
Yes: Both the Access Accept and Accounting Request Start messages are sent.
Callback is available in combination with Radius Server authentication. When a registered user calls the router,
the router will disconnect the user, then call the user back. The following three parameters must be configured
in the Radius Server: attribute Service_type(6) : Callback Framed; attribute Framed_Protocol(7): PPP; at-
tribute Callback_Number(19): the dial string (example: atdt50903300).
General Radius server information is set here. Each interface must then be configured to use
server authorization: CONFIG =>INTERFACE =><SLOT N> =>AUTHENTICATION
=>AUTHENTICATION TYPE =SERVER AND AUTHENTICATION SERVER =RADIUS or
TACACS.
Chapter 4 - The Config Menu 60
CyROS Reference Guide
The following is a list of supported RADIUS Authorization and Accounting Attributes:
# Attribute Implemented in CyROS # Attribute Implemented in CyROS
1 User-Name Yes 30 Called-Station-Id No
2 User-Password Yes 31 Calling-Station-Id Yes for the PR4000
3 CHAP-Password Yes 32 NAS-Identifier No
4 NAS-IP-Address Yes 33 Proxy-State No
5 NAS-Port Yes 34 Login-LAT-Service No
6 Service-Type Login, Framed, or NAS 35 Login-LAT-Node No
Prompt
7 Framed-Protocol PPP or SLIP 36 Login-LAT-Group No
8 Framed-IP-Address Yes 37 Framed-AppleTalk-Link No
9 Framed-IP-Netmask Yes 38 Framed-AppleTalk-Network No
10 Framed-Routing No 39 Framed-AppleTalk-Zone No
11 Filter-Id Yes 60 CHAP-Challenge No
12 Framed-MTU Yes 61 NAS-Port-Type Yes
13 Framed-Compression Yes 62 Port-Limit No
14 Login-IP-Host Yes 63 Login-LAT-Port No
15 Login-Service Telnet 77 Connect Info Yes for the PR4000
16 Login-TCP-Port Yes 40 Acct-Status-Type Yes
18 Reply-Message Yes, on challenge 41 Acct-Delay-Time Yes
19 Callback-Number Yes 42 Acct-Input-Octets Yes
20 Callback-Id No 43 Acct-Output-Octets Yes
22 Framed-Route Yes 44 Acct-Session-Id Yes
23 Framed-IPX-Network No 45 Acct-Authentic Yes
24 State Yes, on challenge 46 Acct-Session-Time Yes
25 Class Yes 47 Acct-Input-Packets Yes
26 Vendor-Specific No 48 Acct-Output-Packets Yes
27 Session-Timeout Yes 49 Acct-Terminate-Cause Yes
28 Idle-Timeout Yes 50 Acct-Multi-Session-Id No
29 Termination-Action Yes 51 Acct-Link-Count No
Chapter 4 - The Config Menu 61
CyROS Reference Guide
Another authentication protocol option is TACACS. Its menu is similar to that for Radius.
Add Tacacs Server Menu CONFIG=>SECURITY=>TACACS=>TACACS STATUS=>ADD
Parameter Description
Tacacs Server IP TACACS (Terminal Access Controller Access Control System) requires a server providing
Address user authentication and accounting. More than one can be configured, and each one is
tried, in order, if the first one fails to respond.
Tacacs Server Simple: only “login” and “logout” information are controlled.
Type Extended: parameters such as “Telnet=CONNECT” and “PPP switching” can be used.
Tacacs Server Number of times router will resend request if TACACS server does not answer.
Retries
Tacacs Server Waiting time between TACACS server retries.
Timeout
Virtual Private Networks
The Virtual Private Network utility can be used on any link using IP routing. It is used to provide greater
security between two or more networks connected through a public communications network. The Virtual
Private Network Utility must be Enabled in the ADMIN =>ENABLE FEATURES =>VPN menu before it can be
used. Additionally, the router should be fully configured and operational before beginning the VPN
configuration. Each router has a Router IP Address which is one of the interface IP addresses. This router IP
address is used whenever a single IP address is needed to identify the router. It is critical that each router
being used as a remote security gateway have this parameter defined. It is NOT defined automatically.
Navigate to CONFIG =>IP =>ROUTER IP and confirm that this parameter has been defined and is set to the
value desired. An address that can be routed on the internet is generally used.
Chapter 4 - The Config Menu 62
CyROS Reference Guide
VPN Add Remote Gateway Menu CONFIG =>SECURITY =>VPN =>REMOTE GATEWAYS =>ADD
GATEWAY
Parameter Description
Remote Security The "Router IP Address" (not necessarily the interface IP address) for the router(s) on
Gateway Address the other end of the VPN connection.
Secret The secret for the connection, which is different for each remote gateway.
VPN Add Local Network Menu CONFIG =>SECURITY =>VPN =>LOCAL IP NETWORK =>ADD NETWORK
Parameter Description
Local Network IP Addresses of local networks that should be included in the VPN. Messages from
Address other local networks will still be routed, but will not receive special treatment.
Local Network Netmask for the Network address entered in the previous parameter.
Netmask
VPN Add Remote Network Menu CONFIG =>SECURITY =>VPN =>REMOTE IP NETWORK =>ADD
NETWORK
Parameter Description
Remote Network IP Addresses of remote networks that should be included in the VPN. Messages to
Address other remote networks connected locally to the remote gateway router will still be
routed, but will not receive special treatment.
Remote Network Netmask for the Network address entered in the previous parameter.
Netmask
Remote Security The "Router IP Address" (not necessarily the interface IP address) for the router
Gateway Address connected to the Remote Network entered above. This should be one of those entered
in the CONFIG =>SECURITY =>VPN =>REMOTE GATEWAYS =>ADD GATEWAY
menu.
Chapter 4 - The Config Menu 63
CyROS Reference Guide
VPN Options Menu CONFIG =>SECURITY =>VPN =>OPTIONS
Parameter Description
Cyclades VPN Status Activates the Virtual Private Network. Warning: until VPN is activated on both ends of
a given tunnel, all traffic will halt.
Tunnel Keepalive Keepalive messages are sent across each tunnel with this frequency, to make sure
Timeout that the router on the other end of the connection is operating.
Tunnel Keepalive If a keepalive message reply is not received, the router sends the request again this
Retries number of times.
Tunnel Inactivity If no messages are passed for this time period (keepalive messages not included), the
Timeout tunnel will be disconnected.
Time Interval for VPN This is the time between retries (for either tunnel creation or keepalive requests that
Retries are not acknowledged).
Chapter 4 - The Config Menu 64
CyROS Reference Guide
Section 4.4 Multilink
The Multilink Menu tree is shown in Figure 4.12.
Config Multilink Multilink Circuit Number Slot N
Add/Modify Interface Type of Interface
Time to Active Backup
After This Link Goes Down
Time to Deactivate Backup
After this Link Returns
Cost
Delete Interface Slot N
Circuit Attributes Criterion For
Traffic Distribution
Includes TCP Packets
Bandwidth Upper Limit
Time to Activate Backup
if Above Limit
Bandwidth Lower Limit
Time to Deactivate Backup
if Below Limit
FIGURE 4.12 MULTILINK MENU TREE
Multilink circuits are used for three purposes:
1 Load Balancing: When two links (interfaces) can be used unconditionally to send packets, the load can be
balanced between them so that neither is overloaded. In this case, both links are main links.
2 Link Backup: When guaranteed delivery is necessary, a backup link can be activated if the main link is
unavailable. In this case, the primary link is a main link and the secondary link is a backup link.
3 Load Backup: This is similar to link backup, but activates a backup link if the traffic on the main link surpasses
a given level.
Chapter 4 - The Config Menu 65
CyROS Reference Guide
Combination: The three types, load balancing, link backup, and load backup can be combined in a single multi-link.
200.240.240.1 130.30.30.1
Slot 2 - 64K
Slot 1 - 2M 130.30.30.2 Network
200.240.240.2 Router 10.0.0.0
10.0.0.1 Server 2
10.0.0.3
Server 1
10.0.0.2
FIGURE 4.13 LOAD BALANCING EXAMPLE
An example is given in Figure 4.13. A router has two dedicated connections to an Internet provider. Either load
balancing, link backup, or load backup can be performed by a multilink involving these two circuits. Details are given
in the parameter tables. Note that a multilink circuit can contain more than one main link and more than one backup
link simultaneously — up to a maximum of 8 links per multilink. Thirty-two multilinks can be configured in CyROS.
Each link can be the main link of only one multilink circuit.
Chapter 4 - The Config Menu 66
CyROS Reference Guide
The multilink circuit configuration is not confined to the multilink menu. The bandwidth of each
interface must be set and static routes must be configured. Please follow the steps given below in
order to achieve the desired results.
The following steps are necessary to create a multilink circuit:
1 Set the bandwidth in the CONFIG =>INTERFACE =><INTERFACE> =>TRAFFIC CONTROL =>GENERAL
menu for each interface to be included.
2 Add static routes CONFIG =>STATIC ROUTES =>IP =>ADD ROUTE for all backup links. Unnumbered links
also require static routes. For the example shown in the figure, with slot 1 as the main link and slot 2 as the
backup link, two static routes are needed. After configuration, the menu option CONFIG =>STATIC ROUTES
=>IP =>L displays:
Static Routes
Destination Gateway/ Interface Metric/ Backup
Default Gateway 200.240.240.1 1/no
Default Gateway 130.30.30.1 1/yes
3 Add links to a multilink using CONFIG =>MULTILINK =>MULTILINK CIRCUIT NUMBER =>ADD/MODIFY
INTERFACE.
4 Configure the multilink for load balancing or load backup using CONFIG =>MULTILINK =>MULTILINK
CIRCUIT NUMBER =>CIRCUIT ATTRIBUTES
Chapter 4 - The Config Menu 67
CyROS Reference Guide
Add Interface Menu CONFIG =>MULTILINK =>MULTILINK CIRCUIT NUMBER =>ADD/MODIFY INTERFACE
Parameter Description
Slot N Includes a link in the multilink. In channelized T1/E1 interfaces, the channel group must
be specified.
Type of Interface Load Balancing: If more than one main link is chosen, load balancing will occur.
Link Backup and Load Backup: One link is chosen as the main link and one or more as
the backup link.
Time to Activate Link Backup Time until first backup is activated after main link goes down (if this link is
Backup After This the main link) or time until next backup is activated (if this link is a backup link).
Link Goes Down Load Balancing and Load Backup: This value has no effect.
Time to Deactivate Link Backup Time until first backup is deactivated after main link returns (if this link is the
Backup After This main link) or time until next backup is deactivated (if this link is a backup link).
Link Returns Load Balancing and Load Backup: This value has no effect.
Cost Applies to backup links. Indicates the relative priority of each backup link, with links with
lower costs being activated before links with higher costs. Ranges from 1 to 100.
Chapter 4 - The Config Menu 68
CyROS Reference Guide
Circuit Attributes Menu CONFIG =>MULTILINK =>MULTILINK CIRCUIT NUMBER =>CIRCUIT ATTRIBUTES
Parameter Description
Criterion for Load Balancing and Load Backup: Determines how traffic will be distributed between
Traffic links. Optimal distribution is performed randomly, and the packet is forwarded to the
Distribution interface with the lesser load. Address Based distribution is used when the receiver cannot
reorder packets, and all packets to a certain IP address must be sent through the same
interface. Selecting Address Based here, all UDP packets are sent through the same
interface. TCP packets can be included via the next parameter
Note: If no packet for a particular destination arrives at the interface for 50 seconds, the
communication is considered complete and any new packet is passed based on optimal
distribution considerations.
Link Backup: This parameter has no effect.
Include TCP Applies if Criterion for Traffic Distribution is Address Based. Uses address based criterion
Packets for distribution of TCP packets in addition to UDP packets.
Bandwidth Upper Load Backup: Defines when load backup should activate the backup link. It is measured
Limit as a percentage of the bandwidth set for this link in CONFIG =>INTERFACE
=><SLOT N =>TRAFFIC CONTROL =>GENERAL =>BANDWIDTH.
Load Balancing and Link Backup: This parameter has no effect.
Time to Activate Applies to Bandwidth Upper Limit. Time until first backup is activated after main link
Backup if Above bandwidth exceeds limit defined in last parameter (if this link is the main link) or time until
Limit next backup is activated (if this link is a backup link).
Bandwidth Lower Load Backup: Defines when load backup should deactivate the backup link. It is
Limit measured as a percentage of the bandwidth set for this link in CONFIG=>INTERFACE
=><SLOT N> =>TRAFFIC CONTROL =>GENERAL =>BANDWIDTH.
Load Balancing and Link Backup: This parameter has no effect.
Time to Applies to Bandwidth Lower Limit. Time until first backup is deactivated after main link
Deactivate bandwidth passes lower limit defined in last parameter (if this link is the main link) or time
Backup if Below until next backup is deactivated (if this link is a backup link).
Limit
Chapter 4 - The Config Menu 69
CyROS Reference Guide
Is the multilink circuit working? There are various ways to see if the multilink circuit is set up
correctly. Examples of representative output for load balancing and link backup are given below.
To see if load balancing is correctly configured select INFO =>TRAFFIC CONTROL. The output shown is for the
example and displays the percentage of the total bandwidth being used on each link. The numbers may not always
be identical due to random fluctuations in message forwarding.
Protocol Traffic Control
Slot #1 Port #1
Proto Band traffic (%) Exceeded Discards
IP 25 False 0
Slot #2 Port #1
Proto Band traffic (%) Exceeded Discards
IP 27 False 0
To see if link backup is correctly configured, look at the routing table using INFO =>SHOW ROUTING TABLE. The
output for the example is:
IP Routing Table
Destination Gateway Interface Metric Ct Typ
10.0.0.0 direct Eth 0 C
200.240.240.0 direct slt1 lnk1 0 1 C
130.30.0.0 direct slt2 lnk1 0 C
Default Gateway 200.240.240.1 slt1 lnk1 1 1 S
Codes: C - connected, S - static
Chapter 4 - The Config Menu 70
CyROS Reference Guide
The default gateway forms part of multilink circuit 1 (shown in the Ct column). To break the main link, use the utility
ADMIN =>START/STOP INTERFACE to put the main link administratively down. Then, view the routing table again.
IP Routing Table
Destination Gateway Interface Metric Ct Typ
10.0.0.0 direct Eth 0 C
130.30.0.0 direct slt2 lnk1 0 C
Default Gateway multi-circuit 1 S
130.30.30.1 slt2 lnk1 0 1 S
Codes: C - connected, S - static
All references to slot 1 have disappeared and slot 2 has taken over in the multilink circuit.
Chapter 4 - The Config Menu 71
CyROS Reference Guide
Section 4.5 IP Configuration
The IP Configuration Menu Tree is shown in Figure 4.14.
Config IP DNS Client DNS Client Status
Primary DNS Server IP Address
Secondary DNS Server IP Address
Router Domain
Primary NBNS Server IP Address
Secondary NBNS Server IP Address
TCP X25 Socket Start Port Range
X25 Socket End Port Range
TCP Keepalive Timer for X.25 Socket
Terminal Socket Start Port Range
Terminal Socket End Port Range
Remote Telnet Start Port Range
Remote Telnet End Port Range
Printer Start Port Range
Printer End Port Range
Terminal SSH Start Port Range
Terminal SSH End Port Range
DHCP Relay Agent Delay Time to Route DHCP Messages
DHCP Server n IP Address
Router IP Default Router IP Address for Applications
FIGURE 4.14 IP CONFIGURATION MENU TREE
Chapter 4 - The Config Menu 72
CyROS Reference Guide
OSPF Global Enable OSPF Protocol
Router ID
This is an AS Boundary Router
Originate Default Gateway Advertisement
Default Gateway External Metric
Default Gateway External Metric Type
Advertise RIP Routes
RIP External Metric
RIP External Metric Type
Advertise Non-OSPF Interfaces
Advertise Static Routes
Advertise Dial-up Routes
Dial-up External Metric
Dial-up External Metric Type
Area Area ID
Authentication Type
Neighbors Interface Area Range N Status
Neighbor's IP Area Range N Net address
Neighbor's Status Area Range N Mask
Neighbor's Priority
Virtual Links Transit Area ID
Neighbor's ID
Virtual Link Status
Transit Delay
Retransmit Interval
Hello Interval
MCPPP End Point Discriminator Dead Interval
MCPPP IP Address Password
FIGURE 4.14 (CONTINUED) IP CONFIGURATION MENU TREE
Chapter 4 - The Config Menu 73
CyROS Reference Guide
BGP4 Global BGP4 Protocol
Local AS Number
Neighbor Add Name Router Identifier
Neighbor IP Address Cluster Identifier
Description Default Local Preference
AS Number Accept Connection From all Peers
Source IP Address Advertise Direct Routes
Passive Advertise Static Routes
Transparent-AS Advertise Rip Routes
Transparent-Next Hop Advertise DSPF Routes
Next Hop Self
Router Reflector Client
Weight
Maximum-Prefix
Holdtime
Keepalive
Connection Retry Time
Start Time
Incoming Distribute Access List Name
Outgoing Distribute Access List Name
Incoming Filter Access List Name
Outgoing Filter Access List Name
Incoming Community Access List Name
Outgoing Community Access List Name
Incoming Route Map Number
Incoming Route Map Number
Neighbor Alias Address
Delete Neighbor Neighbor Name
Edit Neighbor Neighbor Name
FIGURE 4.14 (CONTINUED) IP CONFIGURATION MENU TREE
Chapter 4 - The Config Menu 74
CyROS Reference Guide
Route Map Add Route Map Route Map Number
(BGP4) Sequence Number
Match List Name
Route Map Weight
Route Map Origin
Route Map Set Nexthop
Route Map Set Metric
Route Map Set Local Reference
Route Map Set Atomic Aggregate
Route Map Set Aggregate AS Number
AS Path Prepend
AS Path AS-SET Add Community Community
Delete Community
Clear All Communities
Delete Route Map Route Map Number
Edit Route Map Route Map Number
Aggregate Add Address Number
Address Address
Mask (bitlen)
AS Set
Summary Only
Delete Address Aggregate Number
Edit Address Aggregate Number
FIGURE 4.14 (CONTINUED) IP CONFIGURATION MENU TREE
Chapter 4 - The Config Menu 75
CyROS Reference Guide
BGP Network Add Network BGP Network Address
(BGP4) BGP Network Mask (bitlen)
Delete Network
Edit Network
Access List Add Access List Access List Name
Access List Type
Edit Access List Rule Status
Default Scope
Delete Access List
Configure Rules Add
Rule Status
Scope
Rule AS Position
Rule AS Number
Rule Distr. Search Type
Rule Distr. Address
Rule Distr. Mask Bitlen
Community
FIGURE 4.14 (CONTINUED) IP CONFIGURATION MENU TREE
Chapter 4 - The Config Menu 76
CyROS Reference Guide
A summary of the menu items is given in the following table.
IP Menu CONFIG=>IP
Menu Option Description
DNS Client Allows access to a DNS Server. The DNS server provides domain name resolution.
Names like www.cyclades.com are translated to the equivalent IP address by the DNS
Server and sent back to the router. Two DNS server IP addresses can be stored, along
with the domain name where the router is located.
TCP Port Ranges Configures TCP port ranges for which the router will wait for client connections. Ranges
are chosen for X25 sockets, terminal sockets, SSH, remote Telnets, and printers.
DHCP Relay Stores the addresses of DHCP (Dynamic Host Configuration Protocol) servers so the router
Agent can send on client requests. Also determines the delay before a DHCP client request will
be routed.
Router IP Assigns a default router IP to be used by applications. If the router sends a request over
an interface with an internal IP address, and the message then travels outside of the
internal network, the return address will no longer be valid. This Router IP must be an
address of one of the interfaces.
OSPF Enables the OSPF protocol for all interfaces and defines areas and virtual links for the
interfaces.
MCPPP Multichassis, multilink PPP parameters.
BGP4 Enables the BGP4 routing protocol, usually used for routers connected to the Internet.
Chapter 4 - The Config Menu 77
CyROS Reference Guide
The OSPF (Open Shortest Path First) routing protocol is significantly more complicated than RIP. The
determination of which protocol is better suited to a given network is beyond the scope of this manual. An example
network using OSPF is given in Figure 4.15.
AREA 1
Router 2 AREA 0
(Backbone)
Router 0
To Another
Autonomous System
Router 1
Link 1 Router 5
Router 3
Router 4 Router 6
AREA 2
AN AUTONOMOUS SYSTEM
Area Border Virtual
Routers: Router 7
R3, R6, R8 Link
AREA 3
AS Boundary
Router: R5 Router 8
Router 9
FIGURE 4.15 OSPF EXAMPLE
Chapter 4 - The Config Menu 78
CyROS Reference Guide
First, some definitions:
• An Autonomous System (AS) is a portion of the network that will use a single routing strategy. It is made up
of a backbone area and optionally of non-backbone areas.
• OSPF Areas are sub-systems that have identical routing databases. An area generally has no knowledge of
the routing databases of other areas.
• The Backbone connects areas and contains any routers not contained in another area.
• An Area Border Router connects areas and contains a separate database for each area it is contained in.
• An Autonomous System Boundary Router (ASBR) connects Autonomous Systems. The other
Autonomous System does not necessarily need to use OSPF.
OSPF Menu CONFIG=>IP=>OSPF
Menu Option Description
Global Enables OSPF, assigns an OSPF Router ID, and allows configuration of Autonomous
System Boundary Router parameters.
Area Sets area-specific parameters, including password and network range condensation.
Areas must first be referenced in the CONFIG=>INTERFACE=><INTERFACE>
=>ROUTING PROTOCOL=>OSPF=>AREA ID parameter. Only then can they be
manipulated in the CONFIG=>IP=>OSPF=>AREA menu.
Neighbors Required if OSPF is being used over an NBMA (non-broadcast multi-access) network.
Defines neighboring routers.
Virtual Links Necessary when an OSPF Area is not directly connected to the backbone.
Contrary to most other protocols in CyROS, OSPF must first be configured on each interface (see CONFIG =>IN-
TERFACE =><INTERFACE> =>ROUTING PROTOCOL =>OSPF), then configured in the CONFIG =>IP =>OSPF
menu.
Chapter 4 - The Config Menu 79
CyROS Reference Guide
OSPF Global Commands Menu CONFIG =>IP =>OSPF =>GLOBAL
Parameter Description
Enable OSPF Protocol Enables OSPF on all interfaces.
Router ID Assigns a unique ID to the router for use by the OSPF protocol. It must be one of the
router's IP addresses.
This is na AS An Autonomous System Boundary Router (ASBR) can convert external routes into
Boundary Router OSPF routes. Which external routes is determined through the following parameters.
In the figure, only Router 5 is an ASBR.
The following parameters apply only to Autonomous System Boundary Routers.
Originate Default Router will advertise itself as the Default Gateway (DG).
Gateway
Advertisement
Default Gateway Applies when Originate Default Gateway Advertisement is set to Yes. Defines the
External Metric metric that will be advertised by OSPF.
Default Gateway Applies when Originate Default Gateway Advertisement is set to Yes. For Type 1, the
External Metric-Type total metric of this route is composed of the internal metric (inside the autonomous
system) and the external metric (provided in the previous parameter). For Type 2, the
total metric of this route is the value provided in the previous parameter.
Advertise RIP Routes Routes learned through the RIP protocol will be converted to OSPF as external
routes.
RIP External Metric Applies when Advertise RIP routes is set to Yes. Defines the metric that will be
advertised by OSPF.
RIP External Metric- Applies when Advertise RIP routes is set to Yes. For Type 1, the total metric of this
Type route is composed of the internal metric (inside the autonomous system) and the
external metric (provided in the previous parameter). For Type 2, the total metric of
this route is the value provided in the previous parameter.
This table is continued
Chapter 4 - The Config Menu 80
CyROS Reference Guide
OSPF Global Commands (continued)
Parameter Description
Advertise Non-OSPF A router can have both OSPF and non-OSPF interfaces. This option causes the
interfaces router to advertise when these non-OSPF interfaces are up or down. When OSPF is
disabled on an interface, the parameter CONFIG =>INTERFACE =><INTERFACE>
=>ROUTING PROTOCOL =>OSPF =>ADVERTISE THIS NON-OSPF INTERFACE
must also be set to Yes for the interface to be advertised.
Advertise Static Static routes defined in the router will be converted to OSPF. Note that static routes
Routes can be configured individually as advertised or not in the parameter CONFIG
=>STATIC ROUTES =>IP =>ADD ROUTE =>OSPF ADVERTISES THIS STATIC
ROUTE. Both parameters must be Yes for the route to be advertised.
Advertise Dial-up Dial-up routes dynamically created by dial-up connections will be converted to OSPF
Routes as external routes.
Dial-up External Metric Applies when Advertise Dial-up Routes is Yes. Defines the metric that will be
advertised by OSPF.
Dial-up External Metric Applies when Advertise Dial-up Routes is Yes. For type 1, the total metric of this
Type route is the sum of the internal metric (within the autonomous system) and the
external metric (the previous parameter). For type 2, the total metric of this route is
the value set in the previous parameter.
Note: CyROS OSPF does not support TOS (Type of Service) routing. All routes are computed for the default TOS
of 0.
Chapter 4 - The Config Menu 81
CyROS Reference Guide
Area Menu CONFIG =>IP =>OSPF =>AREA
Parameter Description
Area ID Has the format of an IP address, but is not linked to any IP address in the system. Use the
CONFIG=>IP=>OSPF=>L option to see which areas have been defined, and use the area
ID here.
Authentication Simple password authentication can be used in OSPF. The authentication type should be
Type the same for all routers in an OSPF Area. If used, the password for each interface is set in
CONFIG=>INTERFACE=><INTERFACE>=>ROUTING
PROTOCOL=>OSPF=>PASSWORD.
Area Range N An Area Border Router (ABR) advertises link states for all networks within the area. The
Status number of such advertisements can potentially be reduced by condensing different IP
networks into a single range.
Area Range N Applies when Area Range N Status is Active.
Net Address Sets the network IP address for the range.
Area Range N Applies when Area Range N Status is Active.
Mask Sets the network IP mask for the range.
The CONFIG =>IP =>OSPF =>NEIGHBORS menu is required if the router uses OSPF over non-broadcast multi-
access interfaces such as X.25 and Frame Relay.
Chapter 4 - The Config Menu 82
CyROS Reference Guide
Neighbors Menu CONFIG=>IP =>OSPF =>NEIGHBORS
Parameter Description
Interface Link for which neighbors will be defined. In the OSPF example, consider link 1 of Router 3.
Neighbor's IP The router ID of the neighboring router. For Router 3, link 1, use the router ID of router 1.
Neighbor's Enable includes link in OSPF database.
Status Enable Inactive leaves link in OSPF database, but router at end of link (Router 1 in this
case) no longer passes OSPF information.
Disable deactivates neighbor link and erases Neighbor’s IP.
Neighbor's Priority used by OSPF in multicast networks to elect the designated router. A priority of 1
Priority will make this router the most likely to be chosen. A priority of 2 will make it second most
likely. Set it to 0 (zero) if this router should never be the designated router. An example
can be seen in Area 1 in the figure -- Router 1 should never be the Designated Router
because it does not have a direct link to Router 2. Either Router 0 or Router 3 should be
chosen.
It is not always possible to connect all areas directly to the backbone. When an area is connected to the backbone
only through another area, two virtual links must be created. One from the backbone to the unattached area and
one from the unattached area to the backbone. The link between Area 3 (router 8) and the backbone will be used
as an example.
Chapter 4 - The Config Menu 83
CyROS Reference Guide
Virtual Links Menu CONFIG =>IP =>OSPF =>VIRTUAL LINKS
Parameter Description
Transit Area ID ID of the OSPF Area sandwiched between this router and the backbone. In the figure, area
2 is the area used to link Router 8 with the Backbone. This ID has the form of an IP
address.
Neighbor's ID Router ID of router at end of virtual link. In the example, this will be Router 6.
Virtual Link Activates the virtual link.
Status
Parameters available only when Virtual Link Status is Active.
Transit Delay Estimated transit time in seconds to route a packet from Router 8 to Router 6. Use the
preset value (1) or increase the number for slow links.
Retransmit Time in seconds between link-state advertisement retransmissions for adjacencies
Interval* belonging to this interface.
Hello Interval* Time in seconds between the hello packets on this interface.
Dead interval* Inactivity time (seconds) before a neighbor router is considered down.
Password* String of up to 8 characters used to authenticate OSPF packages. The use of this password
is enabled in CONFIG
=>IP=>OSPF=>AREA=>AUTHENTICATION TYPE.
* Inside a given area, these 4 parameters should be the same for all routers. In the example virtual link, they
should be the same as those used for the backbone.
Multichassis, Multilink PPP (MCPPP)
Multichassis PPP is a feature that allows two or more connections to different PR4000s/PR3000s on the same
LAN act as one logical connection. The Cyclades Multichassis PPP implementation is compatible with the Lucent
Portmaster 3 (either PR4000s/PR3000s or Portmaster 3s can be used to form the multichassis circuit). The
multichassis PPP functionality is demonstrated in Figures 4.16 and 4.17.
Chapter 4 - The Config Menu 84
CyROS Reference Guide
Figure 4.16 shows a RAS bank in an Internet Service Provider. The RAS that receives the first connection
becomes the master and the connection becomes the primary link. The information sent on link 1 passes through
the RAS and continues on to its destination (in this example, a server on the LAN). The information sent on link 1
passes through the RAS and continues on to its destination (in this example, a server on the LAN). At the same
time, the RAS (IP 200.200.200.1 in the example) sends a broadcast message to all other RASs in the same group
letting them know that it has the primary link for this PPP connection.
Internet Service Provider
ISDN
LAN Server
Modem
Packet
Link 1 Packet
PR4000
Primary Link Master
MC PPP End Point Discriminator 11:22:33:44:55:66
MC PPP IP Address (Ethernet IP Address): 200.200.200.1 BC
PR4000 BC
MC PPP End Point Discriminator 11:22:33:44:55:66
MC PPP IP Address (Ethernet IP Address): 200.200.200.2
PR4000
BC
MC PPP End Point Discriminator 11:22:33:44:55:66
MC PPP IP Address (Ethernet IP Address): 200.200.200.3
FIGURE 4.16 FIRST INCOMING CONNECTION OF A MULTICHASSIS PPP CIRCUIT
Chapter 4 - The Config Menu 85
CyROS Reference Guide
The RAS that receives the second connection from the same ISDN modem (shown in Figure 4.17), has already
been informed by the broadcast message that the first RAS has the primary link. The connection is set up as a
secondary link with this RAS (IP 200.200.200.3 in the example) as the slave. The information is not sent directly to
its final destination. Rather, the packets are sent to the master RAS where they are joined with packets sent
through other physical links before being forwarded to their final destination.
The info menu items INFO=> SHOW MCPPP LINKS and INFO=> SHOW MCPPP NEIGHBORS provide
information about the PPP connections and the other RASs forming the circuit. The tool DEBUG=> MESSAGE
TRACE=> MCPPP may be useful in discovering MCPPP problems. Another tool exists which must be used in the
RAS containing the primary link for a given PPP connection.
The menu option ADMIN=> KILL VIRTUAL SESSION will show all active secondary links. Selecting one of them
will cause the master RAS to send a message to the slave RAS holding that secondary link, ordering it to drop its
connection.
Chapter 4 - The Config Menu 86
CyROS Reference Guide
Internet Service Provider
ISDN
LAN Server
Modem
Link 1 Packet
PR4000
Link 2 Master
Primary Link
IP Address 200.200.200.1
PR4000
IP Address 200.200.200.2
Secondary Link
PR4000
Packet Slave
IP Address 200.200.200.3
FIGURE 4.17 SECOND INCOMING CONNECTION OF A MULTICHASSIS PPP CIRCUIT
Chapter 4 - The Config Menu 87
CyROS Reference Guide
The MCPPP parameters must be set for all the RASs that will participate in the circuit.
CONFIG =>IP =>MCPPP
Parameter Description
MCPPP End Point Discriminator Must be the same for all RASs that will participate in
the Multichassis Multilink PPP Circuit. The value of
the number is immaterial, but it must have the form of
a MAC number, as shown in the example.
MCPPP IP Address must be the same as the Ethernet IP address for the
LAN where the other RASs are located.
BGP4
The BGP-4 routing protocol is used for routing on the Internet, performed between Autonomous Systems (ASs).
An autonomous system is defined as:
· A set of routers and networks under the same administration.
· An interconnected network, where no router is reachable solely through a path exterior to the AS
Each AS is identified by a 16-bit AS number. This number is supplied by the service provider.
Chapter 4 - The Config Menu 88
CyROS Reference Guide
CONFIG=>IP=>BGP4=>GLOBAL
Parameter Description
BGP4 Protocol Activates the protocol.
Local AS Number This number is assigned by the service provider.
Router Identifier Usually the same as the Router ID, one of the interface IP addresses
Cluster Identifier Only used when this router is used as a router reflector.
Default Local Value of the attribute "local pref" used by IBGP.
Preference
Accept Connections Allows BGP connections from neighbors that have not been specified in the Neighbors
From All Peers Menu.
Advertise Direct Allows the removal of the interface routes from the list of routes to be advertised. In
Routes the example these would be 100.100.100.1, 200.200.200.1 and the LAN interface IP
address.
Advertise Static Allows the removal of static routes from the list of routes to be advertised.
Routes
Advertise RIP Routes Allows the removal of routes learned via RIP from the list of routes to be advertised.
Advertise OSPF Allows the removal of routes learned via OSPF from the list of routes to be advertised.
Routes
Chapter 4 - The Config Menu 89
CyROS Reference Guide
CONFIG=>IP=>BGP4=>NEIGHBOR=>ADD
Parameter Description
Name A string to facilitate identification of the Neighbor. In the example above, the names
Popeye and Brutus could be used.
IP Address The IP address at the other end of the connection. For AS 747, the value is
100.100.100.2.
Description Another string to identify the Neighbor.
AS Number The AS number assigned to the neighbor.
Source IP Address When this number is set, the protocol accepts TCP/BGP connections only when the
destination IP is this value. For Popeye, the value would be 100.100.100.1.
Passive Causes the router to not initiate BGP connections with this neighbor.
Transparent-AS Yes causes the router to NOT include its own AS number in the "AS Path" path
attribute for update messages sent to this neighbor.
Transparent-NextHop Yes causes the router to NOT alter the "NextHop" path attribute for update messages
sent to this neighbor.
NextHop Self Yes causes the router to change the NextHop path attribute for update messages sent
to this neighbor. The value is replaced by the Source IP Address set above.
Route Reflector Client Indicates that this router is a route reflector and the neighbor is a route reflector client.
Weight Indicates the relative importance of the routes received from this neighbor. Routes
with greater weights are chosen over routes with lesser weights.
Maximum-Prefix When set, indicates the maximum number of routes that the router will accept in a
single update message from this router.
Holdtime When a message is not received from this neighbor for the holdtime, the neighbor is
considered inactive.
This table is continued.
Chapter 4 - The Config Menu 90
CyROS Reference Guide
CONFIG=>IP=>BGP4=>NEIGHBOR=>ADD (continued)
Keepalive Interval between keepalive messages sent to this neighbor.
Connection Retry When a connection with this neighbor is broken, the router try to reconnect with
Time frequency 1 divided by the Connection Retry Time.
Start Time Time delay before router tries to connect
Incoming Distribute Applies a distribution access list to update messages received from this neighbor.
Access List Name
Outgoing Distribute Applies a distribution access list to update messages sent to this neighbor.
Access List Name
Incoming Filter Applies a filter access list to update messages received from this neighbor.
Access List Name
Outgoing Filter Applies a filter access list to update messages sent to this neighbor.
Access List Name
Incoming Community Applies a filter access list to update messages received from this neighbor.
Access List Name
Outgoing Community Applies a filter access list to update messages sent to this neighbor.
Access List Name
Incoming Route Map Applies a route map to update messages received from this neighbor.
Number
Outgoing Route Map Applies a route map to update messages sent to this neighbor.
Number
Neighbor Alias Additional address used by the other router.
Address
Chapter 4 - The Config Menu 91
CyROS Reference Guide
CONFIG=>IP=>BGP4=>ROUTE MAP=>ADD
Parameter Description
Route Map Number Identifies the route map
Sequence Number Identifies the sequence within the route map. The numbers need not be consecutive.
Match List Name Associates an access list with this sequence, as shown in the figure above.
Weight Alters the weight used to determine the best path. This value replaces the importance
assigned to the route by the weight parameter in the neighbor configuration.
Origin, Set Nexthop, These parameters modify the path attributes with the same name in the update
Set Metric, Set Local message.
Preference, Set
Atomic Aggregate,
Set Aggregate AS
number, Set AS Path,
AS Path Prepend,
AS Path AS-SET
CONFIG=>IP=>BGP4=>AGGREGATE ADDRESSES=>ADD
Parameter Description
Number An ID for reference.
Address The aggregated address. In the example, 200.50.50.0.
Mask (bitlen) The mask for the aggregated address. In the example, 23.
AS Set Yes causes the route to be tagged with the AS Set path attribute. Otherwise, the AS
Sequence path attribute is assigned.
Summary Only Yes removes all more specific routes, leaving only the aggregated form. No maintains
both the individual and aggregated routes.
Chapter 4 - The Config Menu 92
CyROS Reference Guide
CONFIG=>IP=>BGP4=>BGP NETWORK=>ADD
Parameter Description
Network Address Network IP address of network to be added.
Network Mask (bitlen) Mask in CIDR format.
CONFIG=>IP=>BGP4=>ACCESS LIST=>ADD
Parameter Description
Access List Name Name assigned to list, to indicate which interface and direction it applies to.
Access List Type The AS Path type allows filtering by AS number; the Dist BGP type allows filtering by
IP address and the Community BGP type allows filtering by community. In the figure,
the filtering can be done based either on AS 5 or the address 100.10.0.0/16
Rule Status Enables the rule.
Default Scope If the default of the list is permit, the default of each rule must be deny and the
corresponding rule must define which routes must be discarded. If the default of the
list is deny, the default of each rule must be permit and the corresponding rule must
define which routes will be accepted (with all others being discarded).
CONFIG=>IP=>BGP4=>ACCESS LIST=>CONFIGURE RULES=><ACCESS LIST NAME>=>ADD
Parameter Description
Rule Status Enables the rule.
Scope See explanation of this parameter in step 3.
Rule AS Position Applies only for Access List Type equal to AS Path. Limits the search on AS number to
a particular position in the route. For the example in Figure 12.5, Any would be the
correct choice because AS 5 will appear in the middle or the beginning of the route.
Rule AS Number Applies only for Access List Type equal to AS Path. Applies the rule to routes
containing this AS number, with the restriction given in the preceding parameter.
This table is continued.
Chapter 4 - The Config Menu 93
CyROS Reference Guide
CONFIG=>IP=>BGP4=>ACCESS LIST=>CONFIGURE RULES=><ACCESS LIST NAME>=>ADD (continued)
Rule Distr. Search Applies only for Access List Type equal to Dist BGP. Exact filters rules that match the
Type IP Address/Mask pair exactly. Refine matches more specific routes.
Rule Distr. Address Applies only for Access List Type equal to Dist BGP. Applies the rule to routes with
this IP number and the mask defined in the next parameter.
Rule Distr. Mask Applies only for Access List Type equal to Dist BGP. The shortened mask that is used
Bitlen with the IP address defined in the previous parameter.
Community Applies only for Access List Type equal to Community BGP. Applies this rule to the
community number entered or to well-known communities defined in RFC 1997, BGP
Communities.
Section 4.6 Transparent Bridge
The Transparent Bridge menu tree is shown in Figure 4.18.
Config Transparent Bridge General Transparent Bridge Status
MAC Address Cache Size
Time to Live
Spanning Tree Spanning Tree Status
Priority
Max Age
Hello Time
Forward Delay
FIGURE 4.18 TRANSPARENT BRIDGE MENU TREE
MAC Transparent Bridges are used as an alternative to IP routing. When two hosts are on the same network, they
communicate by sending messages directly to their respective MAC addresses. When two hosts are on networks
connected by routers, this is no longer possible.
Chapter 4 - The Config Menu 94
CyROS Reference Guide
The objective of a Transparent Bridge is to make it appear as if two separate networks are really one — and all
hosts are local to each other. Figure 4.18 shows an example.
Network 1 Network 2
Host 1 Host 2
Transparent Bridge
Link 2 Link 1
Router 1 Router 2
Link 3
FIGURE 4.18 TRANSPARENT BRIDGE EXAMPLE
Both routers have the Transparent Bridge feature activated. Imagine host 2 wants to talk directly with host 1, and
knows its MAC address. The router will not know what to do with the message unless it has a table. This table, the
Transparent Bridge ARP table, contains a list of MAC addresses on other networks, and which link must be used
for the message to reach the correct network. Given the MAC address of host 1, router 2 will find it associated with
link 2. If the destination MAC address is not in the table, the router will copy the message and send it through ALL
its interfaces. After the destination computer receives the message and replies to the sender, the router, listening
for this response, enters the MAC address in its table.
Transparent Bridge General Menu CONFIG =>TRANSPARENT BRIDGE =>GENERAL
Parameter Description
Transparent Activates the Transparent Bridge feature in general. For this feature to work on a given
Bridge Status interface, the parameter CONFIG =>INTERFACE=><INTERFACE>=>NETWORK
PROTOCOL=>INTERFACE TRANSPARENT BRIDGE STATUS must be Active.
MAC Address Number of MAC/Interface entries allowed in the router's Transparent Bridge ARP table. This
Cache Size is separate from the ARP Cache table normally used for locating addresses on the LAN.
Time to Live Defines how long a MAC/Interface entry will remain in the Transparent Bridge ARP table.
Chapter 4 - The Config Menu 95
CyROS Reference Guide
When a network has more than two routers, a loop can form as shown in Figure 4.19. The spanning tree algorithm
was developed to avoid looping of the update messages between the routers and duplication of information. The
router with the lowest priority number is the designated router and the others send all requests to it. In the example,
both router 1 and router 2 will send MAC requests to router 3. This avoids router 3 receiving a request from router
2 both directly and through router 1.
Router 1 Router 2
Priority 10 RING Priority 3
Blocking State Blocking State
Router 3
Priority 1
Forwarding State
FIGURE 4.19 SPANNING TREE ALGORITHM EXAMPLE
Chapter 4 - The Config Menu 96
CyROS Reference Guide
Spanning Tree Menu CONFIG=>TRANSPARENT BRIDGE =>SPANNING TREE
Parameter Description
Spanning Tree Activates an algorithm used to avoid looping of MAC/Interface information between routers
Status when the network has a ring form.
Priority A priority is given to each router in the network. The router with the lowest priority value is
the designated router and communicates with the rest. When this router goes down, the
router with the second highest priority is elected to take its place.
Max Age Indicates how long the transparent bridge messages passed between routers should last.
The message time starts at zero, and is incremented by each router that sends it on. When
this Max Age is met, the message is discarded.
Hello Time Determines the time between Hello messages between routers. Hello messages are used
to learn the status of each router and determine if the designated router must be changed.
Forward Delay When a Transparent Bridge system is restarted (either because the routers are turned on
or because the designated router goes down), all routers begin in the listening state. After
one Forward Delay time period, the router with the highest priority transfers to the learning
state where it stores information from the messages passing through it. After an additional
Forward Delay time period, this router passes to the forwarding state. This ends the warm-
up period.
Router 3 will be in the forwarding state and routers 1 and 2 will move to the blocking state under normal operation.
Note that when the designated router fails, the time until the system stabilizes itself will be a portion of the Hello
Time, plus 2 times the Forward Delay time, plus any time lost in retransmission of messages during this period.
Relationships between these parameters are given in Annex B, section 4.6, of the IEEE Standard 802.1D.
Section 4.7 Rules List Configuration
The Rules List Menu Tree is presented in Figure 4.20.
Chapter 4 - The Config Menu 97
CyROS Reference Guide
Config IP Add Rule List Rule List Name
Rule Status
Edit Rule List Same as Add Rule List Rule List Type
Rules List Default Scope
Configure Rule List Name Incoming Rule List Name
Rules Outgoing Rule List Name
Linked Rule List Name N
Add Rule Insert as Rule Number
Rule Status
Scope
Flow Priority Level
Reserved Bandwidth
Bandwidth Priority Level
Protocol
Source IP Operator
IP Address Start Mask
IP Address Start
IP Address End
Destination IP Operator
IP Address Start Mask
IP Address Start
IP Address End
Source Port Operator
Source Port Start
Source Port End
Delete Rule Rule to delete Destination Port Operator
Destination Port Start
Edit Rule Same Parameters Destination Port End
as Add Rule Allow TCP connections
Clear Rule List
Allow Account Process
Syslog Status
Syslog Level
FIGURE 4.20 THE RULES LIST MENU TREE
Chapter 4 - The Config Menu 98
CyROS Reference Guide
Transparent Add Rule List Rule List Name
Bridge Rule Status
Default Scope
Edit Rule List Rule List Name
Rule Status
Default Scope
Configure Rules Rule List Name Insert as Rule Number
Add Rule Rule status
Scope
Source MAC Address
Source MAC Mask
Destination MAC Address
Destinations MAC Mask
Type
Syslog Status
Syslog Level
Delete Rule Rule to Delete
Edit Rule Same Parameters
Clear Rule List as Add Rule
FIGURE 4.20 (CONTINUED) THE RULES LIST MENU TREE
Three types of rules for IP can be configured in CyROS:
1 IP filter rules,
2 Radius filter rules (actually a combination of previously defined IP filter rules), and
3 Traffic rules.
Chapter 4 - The Config Menu 99
CyROS Reference Guide
Exterior Router Perimeter Network
Slot 1
192.168.0.0
ETH0
192.168.0.2 192.168.0.1
Router 172.16.0.0
Slot 1 Interior Router
192.168.0.3
ETH0
Bastion
Host
10.0.0.0
Extension to Network
FIGURE 4.21 FIREWALL EXAMPLE
IP Filter rules are a very important part of a network’s firewall. They permit packets into or out of the network
depending on the source and destination IP addresses, the source and destination ports, the protocol used, and
the ACK bit for TCP packets. The Syslog can be used to monitor the packets that meet the rules applied in this
menu. Figure 4.21 will be used to show how both an exterior router and an interior router would be configured
using the filters available in CyROS.
Chapter 4 - The Config Menu 100
CyROS Reference Guide
Exterior Router
The exterior router is the network’s first defense against attacks. For this reason, it is reasonable to prohibit all
packets except for those explicitly allowed. This is done by choosing the Default Scope to be Deny. Thus, ALL
desired traffic must be expressly allowed by the rules in the rule list.
World
of Po
ss
ib
le
P
DENY
ac k
Let
ets
e-mail in
Let
e-mail out DENY
DENY Let Telnet
Connections Out
FIGURE 4.22 DENY AS DEFAULT SCOPE
In Figure 4.22, a conceptual equivalent of the interface is shown. All packets except those which fall into the holes
in the ball will be denied entry in to or out of the network.
Chapter 4 - The Config Menu 101
CyROS Reference Guide
Steps necessary to activate filtering on the exterior router in the example:
1 There are two interfaces with two directions each. Filtering on link 1 requires the creation of two rule lists,
called exterior_in and exterior_out. Create them using CONFIG =>RULES LIST =>IP =>ADD RULE
LIST.
2 Create the rules for each rule list in the order in which they should be evaluated. The order is important and
mis-ordering the rules can cause unexpected results. This is done in the menu CONFIG =>RULES LIST =>IP
=>CONFIGURE RULES.
3 Link the rule lists to the respective interface parameters in the menu CONFIG =>INTERFACE
=><INTERFACE> =>NETWORK PROTOCOL =>INCOMING/ OUTGOING RULE LIST NAME
The configuration for “Let e-mail in” is shown in the following figure (obtained by selecting CONFIG =>RULES LIST
=>IP =>L in the menus):
Rules Lists
Rule List Rule Default List Linked
Name
Status Scope Type Rule
List
exterior_in Enabled Deny Filter
exterior_out Enabled Deny Filter
Filter_list Name exterior_in
Rule 0
Status Enabled
Scope Permit
Protocol TCP
Source IP Operator None
Destination IP Operator Equal
Chapter 4 - The Config Menu 102
CyROS Reference Guide
Destination IP start 192.168.0.3
Destination IP Mask 255.255.255.255
Source Port Operator Greater than
Source Port Start 1023
Destination Port Equal
Operator
Destination Port Start SMTP
TCP connections allowed Y
Account Process allowed N
Filter_list Name exterior_out
Rule 0
Status Enabled
Scope Permit
Protocol TCP
Source IP Operator Equal
Source IP start 192.168.0.3
Source IP Mask 255.255.255.255
Destination IP Operator None
Source Port Operator Equal
Source Port Start SMTP
Destination Port Greater than
Operator
Destination Port Start 1023
TCP connections allowed N
Account Process allowed N
Exterior_in, rule 0, allows a remote computer to connect to the bastion host using the TCP protocol on its
SMTP port. Exterior_out, rule 0, allows the Bastion Server to RESPOND to the connection started by the
remote computer. To send e-mail out, two more rules would be needed. If all the router needs to do is receive e-
mail, the configuration is done. If not, other “holes” must be created in the deny ball.
Chapter 4 - The Config Menu 103
CyROS Reference Guide
Interior Router
If an interior router exists in the network, the administrator may decide to use a Default Scope of Permit. In this
case, all undesired traffic must be excluded by a rule in the rule list. In Figure 4.23, a conceptual equivalent of the
interface is shown.
All packets except those which fall into the holes in the ball will be allowed entry in to or out of the network.
World
of Po
s si
b le
Stop
Pa
Forged Packets
cke
PERMIT
ts
Don’t Allow PERM
IT
Access to News
Stop Telnets
From the Outside
(Except Bastion Host)
PERMIT
FIGURE 4.23 PERMIT DEFAULT SCOPE
Chapter 4 - The Config Menu 104
CyROS Reference Guide
The configuration for “Stop forged packets” is shown in the following listing:
Rules Lists
Rule List Rule Default List Linked
Name
Status Scope Type Rule
List
slot1_in Enabled Permit Filter
Filter_list Name slot1_in
Rule 0
Status Enabled
Scope Deny
Protocol 0
Source IP Operator Equal
Source IP start 10.0.0.0
Source IP Mask 255.0.0.0
Destination IP Operator None
Source Port Operator None
Destination Port None
Operator
TCP connections allowed Y
Account Process allowed N
Slot1_in, rule 0, prohibits any incoming packets with source IP addresses of the internal network. Since the
addresses used for internal networks cannot be routed on the Internet, they cannot be valid unless there is a leak
of traffic through another router to the perimeter network.
Imagine that, as shown in the figure, the network is expanded and another range of IP addresses is used (not a
sub-network). Rule 0 in the list Slot1_in will not protect this network. Either another rule can be added to this
list, or the new router can filter packets into its area (or both).
Chapter 4 - The Config Menu 105
CyROS Reference Guide
Radius Rule Lists
A Radius Server and the Radius services in CyROS must be configured first. See section 4.3, where Radius is
discussed. A simple example will be given here.
PR4000
Send
Radius
Server Receive
Telephone
Connection
Modem
User List
User Passwd Filter -ID
Denise *** mail_access
Wanda *** full_access
Naomi *** HTTP_access
FIGURE 4.24 RADIUS RULE LIST EXAMPLE
In Figure 4.24, a PR4000 provides remote access via modems to many users. The users and the permissions
granted to each are stored in the Radius Server on the network. When a user dials in and requests a connection,
the user name and password are verified by the Radius server. The Radius server, in the message to the router
granting access, can specify which Radius filter should be applied to the interface providing the connection. These
filters take the place of the filters normally active on the interface.
Chapter 4 - The Config Menu 106
CyROS Reference Guide
Suppose Naomi dials in to the PR4000, requesting a connection. The IP filters defined in the HTTP_access
Radius filter are applied to the interface for the duration of the connection. The configuration of this Radius filter
will appear as shown in the following output.
Rules Lists
Rule List Rule Default List Linked
Name Status Scope Type Rule List
http_access Enabled Deny Radius send_http
receive_http
receive_http Enabled Permit Filter
send_http Enabled Permit Filter
Filter_list Name http_access
No rules configured
Filter_list Name receive_http
Rule 0
Status Enabled
Scope Permit
Protocol TCP
Source IP Operator None
Destination IP Operator None
Destination IP start
Destination IP Mask
Source Port Operator Equal
Source Port Start 80
Destination Port Operator Greater than
Destination Port Start 1023
TCP connections allowed N
Account Process allowed N
Chapter 4 - The Config Menu 107
CyROS Reference Guide
Filter_list Name send_http
Rule 0
Status Enabled
Scope Permit
Protocol TCP
Source IP Operator None
Source IP start
Source IP Mask
Destination IP Operator None
Source Port Operator Greater than
Source Port Start 1023
Destination Port Operator Equal
Destination Port Start 80
TCP connections allowed Y
Account Process allowed N
Note particularly the directions assigned to incoming (send) and outgoing (receive) filters.
Traffic Rule Lists
There are three kinds of traffic rules that can be configured in CyROS.
The first two determine a division of bandwidth for traffic flowing out of the router:
1 Traffic Shaping (the division of bandwidth is strictly adhered to),
2 Bandwidth Reservation (the division with the larger priority can steal bandwidth from the others),
The third determines which services have priority flowing through the router:
3 Service Prioritization.
Chapter 4 - The Config Menu 108
CyROS Reference Guide
An example showing the first two types is given in figure 4.25.
Network of
Client A
50% or more
of total bandwidth
INTERNET
Link 3
Link 0
11.11.11.1
Link 2
33.33.33.1 25% or less
Link 1
22.22.22.1 of total bandwidth
25% or less
of total bandwidth
Client C
Client B
FIGURE 4.25 TRAFFIC RULE EXAMPLE 1
An Internet provider has three clients connected to the same router. Client A is larger and without traffic control
would overwhelm the router to the exclusion of Clients B and C. The administrator decides to divide the flow out of
the router (to the Internet) into three portions: 50% guaranteed for Client A, and the rest divided equally between
Clients B and C. Since he does not want to limit Client A needlessly, the bandwidth Client A uses can be increased
on demand if the total bandwidth is not being used up by the other two clients. This is Bandwidth Reservation.
Chapter 4 - The Config Menu 109
CyROS Reference Guide
The two clients with 25% bandwidth each are given lesser, but equal priorities. They can not share bandwidth or
steal it from Client A. However, each has the right to 25% of the total bandwidth on link 3 if it is needed. This is
Traffic Shaping.
Note that this rule list is applied to link 3, and not separately on links 0-2.
Steps for this configuration.
1 Create a Traffic Rule list traffic_1.
2 Create rules for each of the three source IP addresses.
3 Enter into the configuration for link 3 and change the parameter CONFIG =>INTERFACE =><INTERFACE>
=>TRAFFIC CONTROL =>GENERAL =>IP TRAFFIC CONTROL LIST = traffic_1.
Note that the bandwidth used for the percentage calculation is that set in CONFIG =>INTERFACE
=><INTERFACE> =>TRAFFIC CONTROL =>GENERAL =>BANDWIDTH, and not the actual bandwidth available
in the link. The configuration will look like this:
Rules Lists
Rule List Name Rule Default List Linked
Status Scope Type Rule
List
traffic_1 Enabled Traffic
Filter_list Name traffic_1
Rule 0
Status Enabled
Flow priority 0
Rule bandwidth 50%
Bandwidth priority 1
Chapter 4 - The Config Menu 110
CyROS Reference Guide
Protocol 0
Source IP Operator Equal
Source IP start 11.11.11.0
Source IP Mask 255.255.255.0
Destination IP Operator None
Source Port Operator None
Destination Port Operator None
Rule 1
Status Enabled
Flow Priority 0
Rule bandwidth 25%
Bandwidth priority 2
Protocol 0
Source IP Operator Equal
Source IP start 22.22.22.0
Source IP Mask 255.255.255.0
Destination IP Operator None
Source Port Operator None
Destination Port Operator None
Rule 2
Status Enabled
Flow Priority 0
Rule bandwidth 25%
Bandwidth priority 2
Protocol 0
Source IP Operator Equal
Source IP start 33.33.33.0
Source IP Mask 255.255.255.0
Destination IP Operator None
Source Port Operator None
Destination Port Operator None
Chapter 4 - The Config Menu 111
CyROS Reference Guide
Of the traffic parameters, only the Reserved Bandwidth and Bandwidth Priority parameters are important in this
example. Flow Priority is not used.
An example showing the third type of traffic control is given in Figure 4.26. The network administrator wants to
prioritize the access to his web server. He also wants to prioritize e-mail sent by his SMTP server, but the priority
should be lower. All other traffic should have the lowest priority. For web server access, the important flow
direction is not the user requests, but rather the data requested. The traffic control rule must be placed on link 2. In
the case of e-mail, the important flow is the data leaving the e-mail server, and not the acknowledgements back.
This is also governed by link 2. (Note: flow control could be placed on the data request packets and the SMTP
acknowledgements by associating rules to link 1.)
E-mail Server
Port: Any
Web Server
Back il out
A CKs E -ma
ue sts
Req Link 2 PR1000
Port: 80
uested Link 1
a Req
Dat INTERNET
Port: 25 (SMTP)
Port: Any
E-mail Server
Web Client
FIGURE 4.26 TRAFFIC RULE EXAMPLE 2
Chapter 4 - The Config Menu 112
CyROS Reference Guide
The configured rules will appear as shown in the following listing.
Rules Lists
Rule List Name Rule Default List Linked
Status Scope Type Rule
List
web_access Enabled Traffic
Filter_list Name web_access
Rule 0
Status Enabled
Flow priority 1
Rule bandwidth 0%
Bandwidth priority 0
Protocol TCP
Source IP Operator None
Destination IP Operator None
Source Port Operator Equal
Source Port Start 80
Destination Port Operator None
Rule 1
Status Enabled
Flow Priority 2
Rule bandwidth 0%
Bandwidth priority 0
Protocol TCP
Source IP Operator None
Destination IP Operator None
Source Port Operator None
Destination Port Operator Equal
Destination Port Start SMTP
Chapter 4 - The Config Menu 113
CyROS Reference Guide
Note that for this type of traffic control, of the traffic-specific parameters only Flow Priority is used. The Reserved
Bandwidth and Bandwidth Priority parameters are not important. A system needing all three is conceivable, but
much too complicated to show in this manual.
Add Rule List Menu CONFIG =>RULES LIST =>IP =>ADD RULE LIST
Parameter Description
Rule List Name Name given to remember which rules are contained in the list. In the examples above,
exterior_in, exterior_out, and slot1_in were used.
Rule Status
Rule List Type Filter lists apply IP filtering to messages passing into or out of an interface.
Radius lists are not associated to an interface. A Radius list is a group of filter lists used
by the Radius server for a class of user.
Traffic lists apply IP filtering when packets are placed in queues within the router.
Default Scope Defines what the router will do with packets that do not match any of the rules in this Rule
List.
Linked Rule List Applies to Filter Lists. A list can be made up of other lists for easier management. For
Name 1-4 example, if the router has three incoming links and one outgoing link, the incoming links
may have rules in common. A rule list called common can be created and included with
this parameter in the rule lists for the three separate links. An important note: The default
scope of the linked rule will be ignored. It is important that all rule lists linked together
have the same default scope so that the logic is consistent.
Incoming / Applies to Radius lists. These filter lists are associated to an interface when a user is
Outgoing Rule List authenticated via the Radius server.
Name
Chapter 4 - The Config Menu 114
CyROS Reference Guide
IP Add Rule Menu CONFIG =>RULES LIST =>IP =>CONFIGURE RULES =>ADD RULE
Parameter Description
Insert as Rule Shown for all but the first rule. The rules are applied in the order entered. To circumvent
Number this order, choose the number of an existing rule here. This new rule will be placed before
the existing rule.
Rule Status Enables the rule.
Scope This scope is usually the opposite of the default scope chosen for the Rule list (or for the
parent rule list if this rule will be part of a linked list -- see explanation in CONFIG=>RULES
LIST=>IP=>ADD RULE LIST=>LINKED RULE LIST NAME). An extended discussion of
scope is given in the beginning of this section.
Flow Priority Applies to Traffic Rule Lists. Indicates the relative priority of the packet for insertion into
Level queues in the router. A packet with priority 1 will enter the queue if there is any space
available. A packet with priority 2 will enter the queue if at least 20% of the space is
available, and so on (40% free for priority 3, 60% free for priority 4, and 80% free for priority
5). All packets that do not enter the queue are DISCARDED. Priority 0 is similar to Priority
5, but these packets always enter the queue. Use this feature with caution!
Reserved Applies to Traffic Rule Lists. Defines what percentage of the total bandwidth on an interface
Bandwidth will be set aside for this kind of traffic.
Bandwidth Applies to Traffic Rule Lists. When two traffic rules have the same priority, they cannot
Priority Level share bandwidth when one kind of traffic does not need its entire allotment. When two
traffic rules have different priorities, the traffic with the higher priority can steal bandwidth
from the other when it is not in use. Priority is relative -- two rules with priorities 1 and 5 are
the same as two rules with priorities 3 and 4 (if there are no other rules).
Chapter 4 - The Config Menu 115
CyROS Reference Guide
IP Add Rule Menu CONFIG =>RULES LIST =>IP =>CONFIGURE RULES =>ADD RULE -- Continued
Parameter Description
Protocol The protocol field in the packet.
TCP, UDP, ICMP – these protocols;
Others – the number of the protocol must be given;
None – any protocol.
Source/Destination IP Defines the filtering scheme for source/destination IP-address filtering.
Operator (two Equal/Not Equal is used to match a particular IP address or IP network.
separate fields) Less Than/Greater Than/Less or Equal/Greater or Equal – is used to define a range of
IP addresses bounded on one side.
Range/Outside Range – is used to define a range for inclusion or exclusion.
None – all source IP addresses.
IP Address Start & Used with Source/Destination IP Operator, when needed.
IP Address End (two Note: For the Range operator, the addresses are inclusive. For the Outside Range
separate fields) operator, the addresses are exclusive.
IP Address Start Applies when IP Address Start is defined, to determine the range of IP Addresses
Mask included.
Source/Destination Defines the filtering scheme for source/destination UDP/TCP packet filtering. See
Port Operator (two Source/Destination IP Operator above for options.
separate fields)
Source/Destination Used with Source/Destination Port Operator, when needed. Enter the port number or
Port Start & type “?” to choose from a list of common applications: Ftp, Telnet, mail, SMTP, etc.
Source/Destination
Port End (four
separate fields)
Allow TCP Allows TCP packets without the ACK bit set. This means that a TCP connection can
Connections be initiated in this direction.
Allow Account Applies to Filter Rule Lists. All packets that match this rule are logged.
Process
Chapter 4 - The Config Menu 116
CyROS Reference Guide
CHAPTER 5 THE ETHERNET INTERFACE MENU
The Ethernet Interface Menu is the simplest of the interface menus. In this chapter, IP Bridges and IP Accounting
are also described. The Ethernet Interface Menu tree is given in Figure 5.1.
Config Interface Ethernet Encapsulation Ethernet
MAC Address
Network IP Active or Inactive
Protocol Interface Unnumbered/
Numbered
Assign IP From Interface
Primary IP Address
Subnet Mask
Secondary IP Address
Subnet Mask
IP MTU
NAT
ICMP Port
Incoming Rule List Name
Detailed Incoming IP Accounting
Outgoing Rule List Name
Detailed Outgoing IP Accounting
Proxy ARP
IP Bridge
Initial IP Address to be Bridged
Ending IP Address to be Bridged
Broadcast Over the Link
Bridge Over Link
Transparent Status
Bridge Port Priority
Incoming Rule List Name
Outgoing Rule List Name
FIGURE 5.1 ETHERNET INTERFACE MENU TREE
Chapter 5 - The Ethernet Interface Menu 117
CyROS Reference Guide
Routing Protocol RIP Send RIP
Listen RIP
RIP2 Authentication
Rip2 Authentication Password
OSPF OSPF on This Interface
Advertise This Non-OSPF Interface
External Metric
External Metric Type
Area ID
Network Type
Router Priority
Transit Delay
Retransmit Interval
Hello Interval
Dead Interval
Poll Interval
Password
Metric
Advertise Secondary IP Address
Traffic Control General Bandwidth
IP Traffic Control List
FIGURE 5.1 (CONTINUED) ETHERNET INTERFACE MENU TREE
Chapter 5 - The Ethernet Interface Menu 118
CyROS Reference Guide
A brief description of each principal item is given in the following table:
Ethernet Interface Menu CONFIG=>INTERFACE=>ETHERNET
Menu Option Description
Encapsulation Activates the Ethernet interface. Allows change in MAC address when a router
configuration file is copied from one router to another (no longer necessary for CyROS
1.9.5 or higher). Note: the router's correct MAC address is pre-set at the factory, and the
value is indicated on the underside of the router case.
Network Protocol Provides menus for the IP and Transparent Bridge parameters, including rules to be
applied to this interface.
Routing Protocol Submenus for RIP and OSPF configuration.
Traffic Control Sets the bandwidth of the connection for use with traffic control rules and associates a
traffic control rule list to this interface. See section 4.7 for more information on traffic
control rules.
The Network Protocol menu has sub-menus for IP and Transparent Bridge. IP Bridging is configured in the IP
sub-menu.
Chapter 5 - The Ethernet Interface Menu 119
CyROS Reference Guide
Network Protocol Menu CONFIG =>INTERFACE =>ETHERNET =>NETWORK PROTOCOL =>IP
Parameter Description
Active or Inactive Activates this interface.
Interface Unnumbered interfaces can be used for point-to-point connections.
Unnumbered
Assign IP From Applies to Unnumbered interfaces. Applies the IP address of another router interface
Interface to this one.
Primary IP Address Applies to Numbered interfaces. Address assigned to this interface.
Subnet Mask Applies to Numbered interfaces. Subnet mask of the network.
Secondary IP Applies to Numbered interfaces. Indicates a second (or third, etc. up to eight) IP
Address address that can be used to refer to this interface. This parameter and the next are
repeated until no value is entered.
Subnet Mask Applies to Numbered interfaces. Subnet mask of Secondary IP Address.
IP MTU Assigns the size of the Maximum Transmission Unit for the interface. This determines
whether or not a given IP datagram is fragmented.
IP Fragmentation - When this parameter is set to No, the DF (Do Not Fragment) bit in the IP header
Ignore Bit DF causes IP to reject a packet that is oversized: the router sends an ICMP message
back to the sender. When this parameter is Yes, the DF bit is ignored, the packet is
fragmented, and no message is sent back to the sender.
NAT Does not apply to Extended NAT. Determines the type of IP address if NAT is being
used. Use Global otherwise. See section 4.3 for details on how to configure NAT.
ICMP Port Active causes the router to send ICMP Port Unreachable messages when it receives
UDP or TCP messages for ports that are not recognized. This type of message is
used by some traceroute applications, and if disabled, the router might not be identified
in the traceroute output. However, there are security and performance reasons to
leave this option Inactive.
Incoming Rule List Filter rule list for incoming packets. See section 4.7 for instructions on how this
Name parameter should be set.
This table is continued.
Chapter 5 - The Ethernet Interface Menu 120
CyROS Reference Guide
Network Protocol Menu (continued) CONFIG =>INTERFACE =>ETHERNET =>NETWORK PROTOCOL =>IP
Parameter Description
Detailed Incoming IP Applies when a list is selected in the previous parameter. See explanation of IP
Accounting Accounting later in this chapter. IP Accounting for a rule requires that the parameter
CONFIG =>RULES LIST=>IP=>CONFIGURE RULES=>ADD RULE=>ALLOW
ACCOUNT PROCESS also be set to Yes.
Outgoing Rule List Filter rule list for outgoing packets. See section 4.7 for instructions on how this
Name parameter should be set.
Detailed Outgoing IP Applies when a list is selected in the previous parameter. See explanation of Detailed
Accounting Incoming IP Accounting.
Routing of Broadcast Activating this parameter causes the router to route broadcast messages from the
Messages LAN to the WAN and vice-versa. An individual interface can be excluded by setting
this parameter to Inactive, without effecting the broadcast of messages on the other
interfaces. This is necessary with applications that use Netbios.
Proxy ARP Causes the router to answer ARP requests with its own MAC address for IP addresses
reachable on another interface.
IP Bridge
An IP Bridge is used to divide a network without subnetting. The advantage is that whenever a subnetwork is
created, two IP numbers are lost — one describing the network and the other reserved for broadcast. This does
not occur with an IP Bridge.
Chapter 5 - The Ethernet Interface Menu 121
CyROS Reference Guide
200.240.240.9
200.240.240.3
...
200.240.240.2
200.240.240.1
ETH0
PR4000
Link 1
PR3000
ETH0
....
......
......
......
......
......
...
200.240.240.8
200.240.240.4
FIGURE 5.2 IP BRIDGE EXAMPLE
In Figure 5.2, an example of the use of an IP Bridge is given. From the available IP addresses, the range
200.240.240.4 to 200.240.240.8 is bridged to another physical location. The following parameters apply only for
IP Bridge.
Chapter 5 - The Ethernet Interface Menu 122
CyROS Reference Guide
Network Protocol Menu (Cont.) CONFIG =>INTERFACE =>ETHERNET =>NETWORK PROTOCOL =>IP (IP
Bridge)
Parameter Description
IP Bridge Activates the IP Bridge functionality. Active for both the PR3000 and the PR4000 in the
example.
The following parameters apply only if IP Bridge is Active.
Initial IP Address to Indicates the start of the range of IP addresses to be transferred to another physical
be Bridged location. This and the next three parameters are repeated in case the bridge is to be
broken up into various sections. Up to 8 sections can be defined. For the PR3000 in
the example, this value is 200.240.240.4. For the PR4000, the first range begins at
200.240.240.1 and the second range begins at 200.240.240.9.
Ending IP Address to Indicates the end of the range of IP addresses to be transferred to another physical
be Bridged location. For the PR3000 in the example, this value is 200.240.240.8. For the
PR4000, the first range ends at 200.240.240.3 and the second range ends at
200.240.240.255.
Broadcast Over the Allows propagation of broadcast IP packets over this bridge.
Link
Bridge Over Link Indicates which link forms the other half of the bridge. In the example, link 1 is used
for both the PR3000 and the PR4000.
IP Accounting
IP Accounting is used to count the total number of packets allowed (or not) to pass through an interface. Statistics
are given for packets that meet the criterions defined in a rule. (Traffic Rules are not supported). To see all
packets, a special rule list permitting everything can be defined.
Two versions of the IP account table are available for viewing. The result of INFO =>SHOW ACCOUNT TABLE
=>SUMMARY is shown below for four filter rules.
Chapter 5 - The Ethernet Interface Menu 123
CyROS Reference Guide
IP Accounting Table
Interface Direction Filter Rule Bytes Packets
List
Ethernet Outgoing generic 0 24876 3072
Ethernet Incoming generic 0 49254 3358
slot 3 Outgoing swan3out 17 21362 3223
slot 3 Incoming swan3in 15 32563 3131
Detailed information can be accessed via SNMP. The objects for the detailed table and the IP-based table are
shown in the following figures. The base SNMP number is: 1.3.6.1.4.1.2925.3.3.12
Base + SNMP Object
.2.1 cyFullDetAcct: reg point
.2.1.1 cyFullDetAcctTable: SEQUENCE OF CyFullDetAcctEntry
.2.1.1.1 cyFullDetAcctEntry: SEQUENCE CyFullDetAcctEntry
.2.1.1.1.1 cyFullDetAcctIndex: INTEGER
.2.1.1.1.2 cyFullDetAcctInterface: INTEGER
.2.1.1.1.3 cyFullDetAcctDirection: Enum
.2.1.1.1.4 cyFullDetAcctFilterList: DisplayString
.2.1.1.1.5 cyFullDetAcctRule: INTEGER
.2.1.1.1.6 cyFullDetAcctSrcAddress: IpAddress
.2.1.1.1.7 cyFullDetAcctDstAddress: IpAddress
.2.1.1.1.8 cyFullDetAcctProtocol: INTEGER
.2.1.1.1.9 cyFullDetAcctSrcPort: INTEGER
.2.1.1.1.10 cyFullDetAcctDstPort: INTEGER
.2.1.1.1.11 cyFullDetAcctPackets: Counter
.2.1.1.1.12 cyFullDetAcctOctets: Counter
.2.1.1.1.13 cyFullDetAcctId: INTEGER
FIGURE 5.3 DETAILED IP ACCOUNTING TABLE SNMP OBJECTS
Chapter 5 - The Ethernet Interface Menu 124
CyROS Reference Guide
Base + SNMP Object
.2.2 cyIpBasedDetAcct: reg point
.2.2.1 cyIpBasedDetAcctTable: SEQUENCE OF CyIpBasedDetAcctEntry
.2.2.1.1 cyIpBasedDetAcctEntry: SEQUENCE CyIpBasedDetAcctEntry
.2.2.1.1.1 cyIpBasedDetAcctSrcAddress: IpAddress
.2.2.1.1.2 cyIpBasedDetAcctDstAddress: IpAddress
.2.2.1.1.3 cyIpBasedDetAcctPackets: Counter
.2.2.1.1.4 cyIpBasedDetAcctOctets: Counter
.2.2.1.1.5 cyIpBasedDetAcctId: INTEGER
FIGURE 5.4 DETAILED IP ACCOUNTING TABLE SNMP OBJECTS
Transparent Bridge Menu CONFIG =>INTERFACE =>ETHERNET =>NETWORK PROTOCOL
=>TRANSPARENT BRIDGE
Parameter Description
Status Activates the Transparent Bridge on this interface.
Port Priority For the Spanning Tree Algorithm, a priority is given to each link in the router and to each
router in the transparent bridge. See CONFIG=>TRANSPARENT BRIDGE =>SPANNING
TREE for more information.
Incoming Rule Transparent Bridge rule list name for incoming packets. Note: Rule lists for Transparent
List Name Bridge and IP are created separately. See section 4.7 for instructions on how this rule list
is created.
Outgoing Rule Filter rule list name for outgoing packets. See section 4.7 for instructions on how this rule
List Name list is created.
Chapter 5 - The Ethernet Interface Menu 125
CyROS Reference Guide
Types of RIP
CyROS supports three basic types of RIP:
1 RIP1 [RFC 1058]
2 RIP2 with broadcast (compatible with RIP1) [RFC 1723]
3 RIP2 with multicast [RFC 1723]
The primary difference between RIP1 and RIP2 is that only RIP2 advertises subnet masks and next hops. If the
network contains equipment that understands only RIP1 packets, then RIP1 or RIP2 with broadcast should be
used. See RFC 1723, item 3.3 for more details. If only RIP2 is used, RIP2 with multicast is recommended.
RIP Menu CONFIG =>INTERFACE =>ETHERNET =>ROUTING PROTOCOL =>RIP
Parameter Description
Send RIP Sets the type of RIP messages to be sent.
Listen RIP Indicates which types of RIP messages should be accepted.
RIP2 Applies if RIP2 was chosen in one of the first two options. Activates RIP2 message
Authentication authentication with a password.
RIP2 Applies if RIP2 Authentication is Active. Password used for both received and transmitted
Authentication RIP2 messages.
Password
The OSPF Routing Protocol
Details of the OSPF configuration, with examples, are given in section 4.5. Contrary to most other protocols in
CyROS, OSPF must first be configured on each interface, then configured in the CONFIG =>IP =>OSPF menu.
Despite this, if you intend to use OSPF in CyROS, you should read section 4.5 FIRST, before setting the parameters
for the interfaces.
Chapter 5 - The Ethernet Interface Menu 126
CyROS Reference Guide
OSPF Menu CONFIG =>INTERFACE =>ETHERNET =>ROUTING PROTOCOL =>OSPF
Parameter Description
OSPF on This Activates OSPF. Enable Inactive is used to temporarily disable the OSPF protocol without
Interface erasing the parameters set below. This is useful when OSPF is first configured, as the
general parameters must be set afterwards in CONFIG=>IP =>OSPF and OSPF cannot
function without them.
Parameters that apply only when OSPF on This Interface is Disabled.
Advertise This Causes the router to include this interface in its advertisements through other interfaces (as
Non-OSPF an external route).
Interface
External Metric Defines the metric that will be advertised by OSPF.
External Metric For Type 1, the total metric of this route is composed of the internal metric (inside the
Type autonomous system) and the external metric (provided in the previous parameter). For
Type 2, the total metric of this route is the value provided in the previous parameter.
Parameters that apply only when OSPF on This Interface is Enable or Enable Inactive.
Area ID Identifies the area to which the interface belongs. Areas are created here, then later
defined in CONFIG=>IP=>OSPF =>AREA. Has the format of an IP address, but is not
linked to any IP address in the system. Small OSPF networks will typically have only one
area (the backbone area represented by 0.0.0.0).
Network Type
Router Priority Priority used by OSPF in multicast networks to elect the designated router. A priority of 1
will make this router the most likely to be chosen. A priority of 2 will make it second most
likely. Set it to 0 (zero) if this router should never be the designated router.
Transit Delay Estimated transit time in seconds to route a packet through this interface. Use the preset
value (1) or increase the number for slow links
This table is continued.
Chapter 5 - The Ethernet Interface Menu 127
CyROS Reference Guide
OSPF Menu CONFIG (continued) =>INTERFACE =>ETHERNET =>ROUTING PROTOCOL =>OSPF
Parameter Description
Retransmit Time in seconds between link-state advertisement retransmissions for adjacencies
Interval* belonging to this interface.
Hello Interval* Time in seconds between the hello packets on this interface.
Dead Interval* Inactivity time (seconds) before a neighbor router is considered down.
Poll Interval Time in seconds between the hello packets sent to an inactive, non-broadcast, multi-
access neighbor.
Password* String of up to 8 characters used to authenticate OSPF packages. The use of this
password is enabled in CONFIG
=>IP=>OSPF=>AREA=>AUTHENTICATION TYPE
Metric Defines the cost for normal service. For consistent routing, this parameter should be
determined in the same manner for all routers in the OSPF Area. Normally, metric cost is
defined as an inverse function of interface throughput (e.g. 1 for 100Mbps, 10 for 10Mbps,
65 for T1, 1785 for 56kbps, etc).
Advertise Causes the router to advertise additional addresses assigned to this interface. These are
Secondary IP configured in CONFIG=> INTERFACE=>ETHERNET=>NETWORK PROTOCOL =>IP.
Address
* Inside a given area, these 4 parameters should be the same for all routers.
Chapter 5 - The Ethernet Interface Menu 128
CyROS Reference Guide
CHAPTER 6 THE SWAN INTERFACE
The menus relating to the SWAN interface are given in this chapter. A summary menu tree is given in Figure 6.1.
Config
Interface
SWAN Encapsulation Frame Relay [menu shown in a later figure]
PPP [menu shown in a later figure]
X.25 [menu shown in a later figure]
HDLC Keep Alive Interval
Inactive
Network Protocol [menu shown in a later figure]
Routing Protocol [menu shown in a later figure]
Physical Mode
Clock Source
Receive Clock
Speed
Media for SWAN Cable
Traffic Control General Bandwidth
IP Traffic Control List
Authentication Authentication Type
Username
Password
Authentication Server
Authentication Protocol
FIGURE 6.1 SWAN INTERFACE CONFIGURATION MENU TREE
Chapter 6 - The SWAN Interface 129
CyROS Reference Guide
A brief description of each principal item appears in the following table.
SWAN Interface Menu CONFIG=>INTERFACE=>SWAN
Menu Item Description
Encapsulation Determines the data-link layer protocol to be used for this communication link.
Network Protocol Provides menus for the IP and Transparent Bridge parameters, including rules to be
applied to this interface.
Routing Protocol Submenus for RIP and OSPF configuration.
Physical Determines the media, type and speed of the connection.
Traffic Control Sets the bandwidth of the connection for use with traffic control rules and associates a
traffic control rule list to this interface. See section 4.7 for more information on traffic
control rules.
Authentication Determines the method used for authentication for connections on this line.
There are many encapsulation options on this interface.
For synchronous communication:
Frame Relay,
X.25, and
HDLC.
For asynchronous or synchronous communication:
PPP
Chapter 6 - The SWAN Interface 130
CyROS Reference Guide
Encapsulation Menu CONFIG=>INTERFACE =>SWAN =>ENCAPSULATION
Menu Option Description
Frame Relay The Frame Relay Protocol can be used only on synchronous lines. It is based on frame
switching and constructs a permanent virtual circuit (PVC) between two points.
PPP The PPP (Point-to-Point) protocol can be used on either synchronous or asynchronous
lines. Multilink PPP is also provided.
X.25 The X.25 Protocol is generally used to connect to a public network. The router can act
either as a DTE or a DCE.
HDLC This protocol has only one parameter: HDLC Keepalive Interval. This is the time interval
between transmission of Keepalive messages. The receiver of these messages must send
keepalive messages with the same frequency or will be considered inoperative.
Inactive This menu option must be chosen whenever the encapsulation is changed from one type to
another. One must be deactivated before another can be activated.
Chapter 6 - The SWAN Interface 131
CyROS Reference Guide
Frame Relay
FR supports multiple connections over a single link. Each data link connection (DLC) has a unique DLCI (data link
connection identifier). This allows multiple logical connections to be multiplexed over a single channel. These are
called Permanent Virtual Circuits (PVCs). The DLCI has only local significance and each end of the logical connection
assigns its own DLCI from the available local numbers.
A public Frame Relay network connecting offices in São Paulo, Rio de Janeiro, Salvador, and Recife is shown in
Figures 6.2 and 6.3.
São Paulo Rio de Janeiro
Network: 192.168.200.0 Network: 192.168.201.0
Router Router
200.1.1.1 200.1.1.4
FR Network
200.1.1.2 200.1.1.3
Router Router
Salvador Recife
Network: 192.168.203.0 Network: 192.168.202.0
FIGURE 6.2 PUBLIC FRAME RELAY NETWORK EXAMPLE
Chapter 6 - The SWAN Interface 132
CyROS Reference Guide
Each router will have a routing table pairing destination network with router interface and gateway. A Frame Relay
Address Map is also created (either statically or dynamically) to associate each DLCI with the destination router IP.
São Paulo Rio de Janeiro
Network: 192.168.200.0 Network: 192.168.201.0
Router Router
200.1.1.1 200.1.1.4
21
11
81
200.1.1.2 200.1.1.3
Router Router
Salvador Recife
Network: 192.168.203.0 Network: 192.168.202.0
FIGURE 6.3 PERMANENT VIRTUAL CIRCUITS BETWEEN OFFICES
For the router in Salvador, the Frame Relay address map will look like this:
DLCI IP
11 200.1.1.1
21 200.1.1.4
81 200.1.1.3
Chapter 6 - The SWAN Interface 133
CyROS Reference Guide
These values are entered in the Add DLCI menu.
The Local Management Interface (LMI) Protocol provides services not available in simple Frame Relay. It is used for
controlling the connection between the user and the network. It monitors this link, maintains the list of DLCs, and sends
status messages about the PVCs. A separate virtual circuit is created to pass this information (DLCI 0).
Sub-Network Access Protocol (SNAP)
A normal Frame Relay Network header contains the NLPID (Network Level Protocol ID) field to identify which protocol
provided the information encapsulated in the data field.
flag address - control optional NLPID data FCS flag
including pad
DLCI
FIGURE 6.4 NORMAL HEADER USING NLPID
For those protocols which do not have an NLPID defined, the SNAP header must be used. The NLPID field remains,
but contains a value (0x80) that indicates that the SNAP information follows.
flag address - control optional NLPID OUI PID data FCS flag
including pad = 0x80
DLCI
FIGURE 6.5 HEADER USING SNAP
The three-octet Organizationally Unique Identifier (OUI) and the two-octet Protocol Identifier (PID) which follow define
a distinct protocol. See RFC 1490 for details.
Chapter 6 - The SWAN Interface 134
CyROS Reference Guide
The Frame Relay Encapsulation Menu tree is shown in Figure 6.6.
Config
Interface
SWAN Encapsulation Frame Relay Encapsulation Type
SNAP IP
LMI
T391
N391
N392
N393
CIR
Bandwidth Reservation
Add DLCI DLCI Number
Frame Relay
Address Map
IP Address
Enable Predictor
Compression
Number of Bits for
Compression
DLCI priority level
Reserved Bandwidth
Bandwidth Priority Level
Delete DLCI Map Entry Number
Edit DLCI Table Entry
FIGURE 6.6 FRAME RELAY ENCAPSULATION MENU TREE
Chapter 6 - The SWAN Interface 135
CyROS Reference Guide
A detailed explanation of the Frame Relay parameters is given in the following tables.
Frame Relay Menu CONFIG=>INTERFACE=>SWAN=>ENCAPSULATION =>FRAME RELAY
Parameter Description
Encapsulation RFC1490 - IETF is the standard used by most equipment. The Cisco option should be used
Type when the PR is communicating with a router configured to use the default Cisco standard.
SNAP IP Applies when Encapsulation Type is RFC1490 - IETF above. Indicates that the Sub-
Network Access Protocol should be used. See description above. From a network
administrator's point of view, the router on the sending end must be using the same header
type (NLPID or SNAP) as the router on the receiving end.
LMI Selects the Local Management Interface specification to be used. ANSI, Group of Four
(defined by the vendors that first implemented Frame Relay), Q933a (defined by ITU-T), and
None (used for a dedicated FR connection without a network).
T391 Interval between the LMI Status Enquiry messages.
N391 Full Status Polling Counter. Full Status Enquiry messages are sent every N391-th LMI
Status Enquiry message.
N392 Error Threshold. The network counts how many events occur within a given period and
considers an interface inactive when the number of events exceeds a threshold. N393 is the
number of events to be considered and N392 the number of errors within this period. If
N392 of the last N393 events are errors, the interface is deemed inactive. A successful
event is the receipt of a valid Status Enquiry message
N393 Monitored Events Count. See the description of N392. This value must be larger than N392.
CIR Committed Information Rate, in percentage of total bandwidth (given in
CONFIG=>INTERFACE=>SWAN =>TRAFFIC CONTROL=>GENERAL=>BANDWIDTH).
Traffic above this rate may be discarded if the network is congested.
Bandwidth Enables traffic control per DLCI. See the Add DLCI menu for more details.
Reservation
The following menu appears at the end of the Frame Relay parameter list. It can be reached by passing through all
parameters or by using the <ESC> key at any point in the parameter list.
Chapter 6 - The SWAN Interface 136
CyROS Reference Guide
DLCI Frame Relay Menu CONFIG=>INTERFACE=>SWAN=>ENCAPSULATION =>FRAME RELAY=><ESC>
Menu Option Description
Add DLCI Adds a DLC for this interface to the DLCI table.
Delete DLCI CyROS puts all DLCIs in a table. The list command (L) must be used to discover this
number in order to delete the DLCI.
Edit DLCI CyROS puts all DLCIs in a table. The list command (L) must be used to discover this
number in order to edit the DLCI.
Traffic Control based on Data Link Connection
Traffic Control as described in section 4.7 can also be performed on a Frame Relay interface for each permanent
virtual connection. The parameters in the Add DLCI menu are used in the same manner as those described in section
4.7.
Add DLCI Frame Relay Menu CONFIG=>INTERFACE =>SWAN =>ENCAPSULATION =>FRAME RELAY
=><ESC> =>ADD DLCI
Parameter Description
DLCI Number Used to identify the DLC. This number is supplied by the Public Frame Relay network
provider. The DLCIs are stored in a table which can be seen with the L command.
Frame Relay Determines the method used for mapping the remote IP address to the Permanent Virtual
Address Map Circuit. Static maps one IP address to this DLCI. Inverse ARP maps the IP address
dynamically, in a manner similar to the ARP table.
IP Address Applies when Frame Relay Address Map is Static. Provides the IP address to be used for
static address mapping.
Enable Predictor Enables data compression using the Predictor algorithm. This feature should be enabled
Compression only if Cyclades' equipment is being used on both ends of the connection because there is
no established standard for data compression interoperability. Data compression is very
CPU-intensive, making this feature effective only for links running at speeds under 1Mbps.
At higher speeds, the time necessary to compress data offsets the gains in throughput
achieved by data compression.
This table is continued.
Chapter 6 - The SWAN Interface 137
CyROS Reference Guide
Add DLCI Frame Relay Menu (continued)
Parameter Description
Number of Bits Applies when Predictor Compression Enabled. Sixteen is fastest, but 10 must be used if
for Compression the router on the other end is a PathRouter, for compatibility.
DLCI Priority This is the equivalent of CONFIG=>RULES LIST=>IP =>CONFIGURE RULES=>ADD
Level RULE=>FLOW PRIORITY LEVEL. Indicates the relative priority of the frame for insertion
into queues in the router. A frame with priority 1 will enter the queue if there is any space
available. A frame with priority 2 will enter the queue if at least 20% of the space is
available, and so on (40% free for priority 3, 60% free for priority 4, and 80% free for priority
5). Frames with priority x + 1 will always enter after frames with priority x, x-1, etc. Priority
0 is similar to Priority 5, but these packets always enter the queue. All frames that do not
enter the queue are DISCARDED. Use this feature with caution!
Reserved This is the equivalent of CONFIG=>RULES LIST=>IP =>CONFIGURE RULES=>ADD
Bandwidth RULE=>RESERVED BANDWIDTH. Defines what percentage of the total bandwidth on an
interface will be set aside for this DLC.
Bandwidth This is the equivalent of CONFIG=>RULES LIST=>IP =>CONFIGURE RULES=>ADD
Priority Level RULE=>BANDWIDTH PRIORITY LEVEL. Two DLCs with the same priority cannot share
bandwidth when one DLC does not need its entire allotment. For two DLCs with different
priorities, the DLC with the higher priority can steal bandwidth from the other when it is not
in use. Priority is relative -- two DLCs with priorities 1 and 5 are the same as two DLCs
with priorities 3 and 4 (if there are no other DLCs).
Chapter 6 - The SWAN Interface 138
CyROS Reference Guide
PPP
PPP is the only encapsulation option for the SWAN interface than can be either Synchronous or Asynchronous. It is
important to choose between them in CONFIG =>INTERFACE =>SWAN =>PHYSICAL before entering the Encapsulation
menu. The menu options depend on this choice.
Multilink PPP (MLPPP) is similar in functionality to the Multilink feature described in section 4.4, but it is implemented
at the data-link level instead of the network-protocol level. When compared to Multilink, MLPPP is slightly more efficient
and less generic (because it applies only to PPP encapsulation).
Router A
Modem
Modem Modem
Modem Link 2 (Bundle 6)
Link 1
(Bundle 6)
Router B
FIGURE 6.7 MULTILINK PPP EXAMPLE
In Figure 6.7, Router B connects to Router A via two modem connections to achieve a larger bandwidth. Router A
accepts the two physical connections, but treats them as one logical connection (one “bundle”). MLPPP must be
enabled on all interfaces that will form this bundle, (and on both sides of the connection), with the same bundle iden-
tifier specified for each.
Chapter 6 - The SWAN Interface 139
CyROS Reference Guide
The PPP Encapsulation Menu tree is shown in Figure 6.8. A description of the parameters with values given for the
example is presented in the table.
Config
Interface
SWAN Encapsulation PPP MLPPP Active
Connection Type
Identification for This Bundle
Total Number of Lines for This Bundle
PPP Inactivity Timeout
Enable Van Jacobson IP Header Compression
Transmit Compressed Packets
Disable LCP ECHO Requests
Time Interval to Send Config Requests
Edit ACCM
Enable Predictor Compression
Number of Bits for Compression
Connection Type
FIGURE 6.8 PPP ENCAPSULATION MENU TREE
Chapter 6 - The SWAN Interface 140
CyROS Reference Guide
PPP Menu CONFIG =>INTERFACE =>SWAN =>ENCAPSULATION =>PPP
Parameter Description
MLPPP Active Enables Multilink PPP on this interface.
Connection Type Applies for MLPPP = Yes. Type of line used on this link.
Identification for Applies for MLPPP = Yes and Dial-out or Leased. In the example, this value is 6.
This Bundle
Total Number of Applies for MLPPP = Yes. Maximum number of links allowed in the bundle. In the
lines for This example, this number is 2 or larger.
Bundle
PPP Inactivity Applies to asynchronous connections only. The connection is closed when data does not
Timeout pass through the line for this period of time.
Enable Van Allows the link to receive compressed packets. This type of compression is useful for
Jacobson IP low-speed links and/or small packets. It is not recommended for fast links, as it requires
Header CPU time.
Compression
Transmit Applies when Enable Van Jacobson IP Header Compression is Yes. This parameter
Compressed causes the link to send compressed packets.
Packets
Disable LCP Echo LCP (Link Control Protocol) messages are normally exchanged to monitor the status of
Requests the link. Disabling these messages reduces traffic, but the link then has no way of
knowing if the other end is still connected.
Time Interval to Config Request messages are used to negotiate the parameters at the start of a PPP
Send Config connection. For a slow line, this time should be increased to allow the reply to return to
Requests the sender. If not, the sender will assume it was lost and send another.
This table is continued.
Chapter 6 - The SWAN Interface 141
CyROS Reference Guide
PPP Menu (Continued)
Parameter Description
Edit ACCM Applies to asynchronous connections only. Permits control character mapping negotiation
on asynchronous links. This is useful when you need to send a control character as data
(e.g. XON/XOFF, Crtl A, etc.) over an asynchronous link and do not want it interpreted by
the modem or other device in the middle. The map is built up with the following commands.
Clear – Resets the ACCM table toggle;
Toggle XON/XOFF – Add XON/XOFF control characters to the ACCM table;
Toggle Char – Add other control characters to the ACCM table, using their ASCII value.
Typing the option once (for example, X), includes it in the table. Typing it again excludes it
from the table. See note after table.
Enable Predictor Enables data compression using the Predictor algorithm. This feature should be enabled
Compression only if Cyclades' equipment is being used on both ends of the connection because there is
no established standard for data compression interoperability. Data compression is very
CPU-intensive, making this feature effective only for links running at speeds under 1Mbps.
At higher speeds, the time necessary to compress data offsets the gains in throughput
achieved by data compression.
Number of Bits Applies when Predictor Compression Enabled. Sixteen is fastest, but 10 must be used if
for Compression the router on the other end is a PathRouter, for compatibility.
Connection Type Applies to asynchronous connections only. NT-Serial Cable is a direct connection to a
Windows NT computer. This is necessary because NT requires a negotiation before the
beginning of the PPP negotiation. Direct is used for other connections using cables or
leased lines.
Note: Asynchronous Control Character Map (ACCM) mapping is done by codifying one control character as two
special characters. This permits transparent transmission of control characters as data. Thirty-two bits are encoded
in such a way that each bit indicates if the corresponding control character should or should not be mapped to the two
character sequence. If the bit is set to 1, the character will be mapped. For example, if bit 17 and 19 are set to 1, the
corresponding characters in the ASCII table (DC1 or XON and DC3 or XOFF) will be encoded, and the corresponding
ACCM will be: 00 0A 00 00 (hex), (binary: 00000000 00001010 00000000 00000000), the bits set to 1 are the 17th and
19th, if counting from right to left, starting from 0.
Chapter 6 - The SWAN Interface 142
CyROS Reference Guide
X.25
A Cyclades Router can act either as a DTE (Data-terminal Equipment) connected to a public X.25 network or as a DTE
or DCE (Data circuit-terminating Equipment) as part of a private X.25 network. As seen in Figures 6.9 and 6.10, the
determination of DTE or DCE depends on the position and use of the router within the network.
Both Permanent Virtual Circuits (PVCs) and Switched Virtual Circuits (SVCs) can be defined. A PVC requires that two
DTEs be permanently connected.
Modem or
DSU/CSU
Router / DTE Router / DTE
Switch / DCE Switch / DCE
X.25
FIGURE 6.9 PUBLIC X.25 NETWORK EXAMPLE
Chapter 6 - The SWAN Interface 143
CyROS Reference Guide
Router A
DTE Router B
Link 3 Link 1
DTE
DCE
DCE
Router C Link 2
DCE
DTE
Router D
FIGURE 6.10 PRIVATE WAN
In the Private WAN network example, the central router acts as a switch connecting the other three. A type of bridge
must be configured to allow switched virtual connections passing through the router. The “switch” must be configured
on both of the interfaces involved in the bridge. The X.25 parameters Packet Size and Window Sizes should be the
same on both interfaces to prevent bottlenecks.
Chapter 6 - The SWAN Interface 144
CyROS Reference Guide
The first X.25 menu tree is shown in Figure 6.11
Config
Interface SWAN Encapsulation X.25 X.121 (Local DTE) Address
Switch Mode Active
Incoming Calls...Forwarded
Destination DTE Can be Forwarded
Through This Link
Suppress Calling Address
Inactivity Timeout
Configure as DTE or DCE
Number of Virtual Circuits
Number of Permanent Virtual Circuits
PVCs Must Wait for Reset Packet
Layer 3 Window Size
Layer 2 Window Size
Packet Size
Number of Retries N2
TL
T2
T21
T23
Negotiable Facilities
Send Facility
Add DTE [shown in DTE Menu Diagram]
Delete DTE [shown in DTE Menu Diagram]
Edit DTE [shown in DTE Menu Diagram]
Terminal PAD for X.25
Encapsulation [shown in a later figure]
Network Protocol [shown in a later figure]
Physical [shown in a later figure]
Authentication [shown in a later figure]
FIGURE 6.11 X.25 MENU TREE
Chapter 6 - The SWAN Interface 145
CyROS Reference Guide
Config
Interface SWAN Encapsulation X.25 Add DTE Type of Logical Address
IP Address
X.25 Socket Port
X.121 (DTE) Address
VC Number
Packet Transaction
Automatic Mode
User Data Len
User Data
Enable Predictor Compression
Number of Bits for Compression
Delete DTE Host Number to Delete
Edit DTE Host Number to Change
FIGURE 6.12 X.25 DTE MENU TREE
Chapter 6 - The SWAN Interface 146
CyROS Reference Guide
A detailed description of the X.25 parameters for the two examples given above is provided in the table below.
X.25 Menu CONFIG=>INTERFACE=>SWAN=>ENCAPSULATION =>X.25
Parameter Description
X.121 (Local DTE) Address assigned to this interface (provided by the public X.25 Network Provider).
Address Can be up to 15 digits.
Switch Mode Active Private WAN: In the example, Router C is used to connect three internal X.25
networks. To allow bridging from Router B to Router D across Router C, this
parameter must be Yes on both link 1 and link 2 .
Incoming Calls Applies when Switch Mode is Active. Private WAN: When Router C receives a
Received Over the packet from Router B with an unknown address, it can take two actions: if this
Other X.25 Links With parameter is No on both link 2 and link 3, the packet is discarded. If either link 2 or link
Unknown 3 has this parameter set to Yes, the packet is sent through that link. (If both are Yes,
Destination DTE Can the link with the lowest link number is chosen -- in this case link 2).
be Forwarded
Through This Link
Suppress Calling Public X.25 Network: This parameter must be chosen according to the guidelines
Address given by the Public X.25 Network provider. When activated, the sender's Local DTE
address is not included in the Call Request Message. Private WAN: This parameter
will be No as the network will not keep track of the sender of each packet.
Inactivity Timeout Time until connection is automatically terminated by the router if there is no traffic.
Configure as DTE or As mentioned above, the router can act either as the recipient of information (DTE), or
DCE as the passer-on of information (DCE). Public X.25 Network: Both routers are DTEs.
Private WAN: Routers A,B, and D are DTEs and Router C is a DCE.
Number of Virtual Indicates the maximum number of virtual circuits (total of PVCs and SVCs) allowed on
Circuits this interface. The maximum number for all X.25 interfaces combined is 128.
Number of Permanent Indicates the number of permanent virtual circuits that will be connected through this
Virtual Circuits interface. This maximum is 128.
PVCs must wait for Applies for PVCs. Should be set when line provider (or DCE) sends reset to initialize
reset packet the PVC.
This table is continued
Chapter 6 - The SWAN Interface 147
CyROS Reference Guide
X.25 Menu (continued)
Parameter Description
Layer 3 Window Size The layer 3 (packet) level window represents the number of sequentially numbered
packets that can be sent before an acknowledgement must be received. This number
may be negotiated if the Window Size Facility is utilized (see last parameter in this
table).
Layer 2 Window Size The layer 2 (frame) level window represents the number of sequentially numbered
frames that can be sent before an acknowledgement must be received. The frame
numbers are independent of the packet numbers.
Packet Size The packet size to be sent across the interface. This number may be negotiated if the
Packet Size Facility is utilized (see last parameter in this table).
Number of Retries N2 Number of times an information frame can be resent, without response, before the link
is considered down.
TL Time the frame level waits for an acknowledgement for a given frame before re-
sending it.
T2 Time that can elapse, after receiving a frame, until the router must send an
acknowledgement.
T21 Call Request response Timer. After this time has elapsed, the DTE sends a Clear
message.
T23 Clear Request response Timer. After this time has elapsed, the DTE retransmits the
Clear message.
Negotiable Facilities Initiates facility negotiation during virtual circuit creation.
Send Facility Determines which facilities are negotiated during virtual circuit creation: Packet size is
part of the flow control parameters negotiation, Throughput is part of the throughput
class negotiation, and N3 Window (Level 3 Window Size, above) is part of the flow
control parameters negotiation.
The following menu appears at the end of the X.25 parameter list. It can be reached by passing through all parameters
or by using the <ESC> key at any point in the parameter list. This menu creates a static routing table associating a
remote X.121 address to an IP address or a TCP Socket location.
Chapter 6 - The SWAN Interface 148
CyROS Reference Guide
X.25 Add DTE Menu CONFIG=>INTERFACE=>SWAN=>ENCAPSULATION =>X.25=><ESC>=>Add DTE
Parameter Description
Type of Logical IP Address or TCP Socket. Users that intend to use the TCP Socket option should see
Address Appendix A.
IP Address Applies for IP Address Type. IP Address of remote DTE device.
X.25 Socket Port Applies for Socket Address Type. Must be a number in the interval defined by the
parameters CONFIG=>IP=>TCP=>X25 SOCKET START/END PORT RANGE.
X.121 (DTE) Address of remote DTE device.
Address
VC Number Number assigned to this circuit, if it is a PVC. For SVCs, the value should be zero.
Packet Applies for Socket Address Type. See Appendix A.
Transaction
Automatic Mode Applies for Packet Transaction = Yes. See Appendix A.
User Data Len Applies for Socket Address Type. Length of next parameter in bytes. The maximum is
32. See Appendix A.
User Data Applies for Socket Address Type. The value in the user data field of the Call Request
packet which determines which service on the remote host is being requested. 0xCC is
used for IP. See Appendix A.
Enable Predictor Applies for IP Address Type. Enables data compression using the Predictor algorithm.
Compression This feature should be enabled only if Cyclades' equipment is being used on both ends of
the connection because there is no established standard for data compression
interoperability. Data compression is very CPU-intensive, making this feature effective
only for links running at speeds under 1Mbps. At higher speeds, the time necessary to
compress data offsets the gains in throughput achieved by data compression.
Number of Bits Applies when Predictor Compression Enabled. Sixteen is fastest, but 10 must be used if
for Compression the router on the other end is a Cyclades PathRouter, for compatibility.
Chapter 6 - The SWAN Interface 149
CyROS Reference Guide
PAD (Packet Assembler/Disassembler)
PAD acts as a protocol converter, allowing a user to access the packet-switched network via a serial terminal. This
asynchronous connection is then converted into synchronous communication with the router and the network beyond
(using the telnet application available in the router). Any user listed in the local user table can be connected this way,
and the menu options available to him are configured in the CONFIG =>SECURITY =>USERS =>ADD menu.
PC Asynchronous
Connection
Modem
X.28
Parameters PAD Public X.25 Synchronous
Connection
Network
PR3000
Link 1
X.3
Parameters ETH0
....
......
......
......
......
......
Server
FIGURE 6.13 PAD EXAMPLE
CyROS provides for configuration of the X.3 parameters that define the connection between the PAD and the router.
When the PAD sends a connection request to the router, the router replies with the profile (the X.3 parameters) to be
used for the connection. The X.28 parameters that define the connection between the remote terminal and the PAD
are not considered. Link 1 of the Router in the PAD example must be configured for this type of access.
Chapter 6 - The SWAN Interface 150
CyROS Reference Guide
With encapsulation type CHAR, pure X.25 is used. Optionally, PPP or PPPCHAR can run on top of X.25. These
protocols must be configured in the encapsulation menu, and related parameters are set in the Network Protocol,
Physical, and Authentication menus.
The PAD Encapsulation menu tree is shown in Figure 6.14.
Config PPP PPP Inactivity Timeout
Enable Van Jacobson
IP Header Compression
Interface Transmit Compressed Packets
Disable LCP ECHO Requests
Time interval to Send
Config Requests
SWAN Edit ACCM
PPPChar PPP Inactivity Timeout
Encapsulation Enable Van Jacobson
IP header Compression
Transmit Compressed Packets
Terminal PAD Encapsulation Disable LCP ECHO Requests
X.25 for X.25 Time Interval to Send
Config Requests
Edit ACCM
Switch Session Character Code
Escape Session Character Code
Char Switch Session Character Code
Escape Session Character Code
Inactive Username
FIGURE 6.14 X.25 PAD ENCAPSULATION MENU TREE
Chapter 6 - The SWAN Interface 151
CyROS Reference Guide
Details on the configuration of each parameter are given in the following table.
X.25 PAD PPP CONFIG=>INTERFACE=>SWAN=>ENCAPS=>X.25=><ESC> =><ESC> =>ENCAPS =>PPP
Parameter Description
PPP Inactivity The connection is closed when data does not pass through the line for this period of time.
Timeout
Enable Van Allows the link to receive compressed packets. This type of compression is useful for low-
Jacobson IP speed links and/or small packets. It is not recommended for fast links, as it requires CPU
Header time.
Compression
Transmit Applies when Enable Van Jacobson IP Header Compression is Yes. This parameter
Compressed causes the link to send compressed packets.
Packets
Disable LCP LCP (Link Control Protocol) messages are normally exchanged to monitor the status of the
Echo Requests link. Disabling these messages reduces traffic, but the link then has no way of knowing if
the other end is still connected.
Time Interval to Config Request messages are used to negotiate the parameters at the start of a PPP
Send Config connection. For a slow line, this time should be increased to allow the reply to return to the
Requests sender. If not, the sender will assume it was lost and send another.
Edit ACCM Applies to asynchronous connections only. Permits control character mapping negotiation
on asynchronous links. This is useful when you need to send a control character as data
(e.g. XON/XOFF, Crtl A, etc.) over an asynchronous link and do not want it interpreted by
the modem or other device in the middle. The map is built up with the following commands.
Clear – Resets the ACCM table toggle;
Toggle XON/XOFF – Add XON/XOFF control characters to the ACCM table;
Toggle Char – Add other control characters to the ACCM table, using their ASCII value.
Typing the option once (for example, X), includes it in the table. Typing it again excludes it
from the table. See note after CONFIG=>INTERFACE=>SWAN =>ENCAPSULATION
=>PPP table.
Chapter 6 - The SWAN Interface 152
CyROS Reference Guide
X.25 PAD PPPCHAR Menu CONFIG=>INTERFACE=>SWAN=>ENCAPS=>X.25=> <ESC> =><ESC>
=>ENCAPS =>PPPCHAR
Parameter Description
PPP Inactivity The connection is closed when data does not pass through the line for this period of
Timeout time.
Enable Van Allows the link to receive compressed packets. This type of compression is useful for
Jacobson IP Header low-speed links and/or small packets. It is not recommended for fast links, as it requires
Compression CPU time.
Transmit Applies when Enable Van Jacobson IP Header Compression is Yes. This parameter
Compressed causes the link to send compressed packets.
packets
Disable LCP Echo LCP (Link Control Protocol) messages are normally exchanged to monitor the status of
Requests the link. Disabling these messages reduces traffic, but the link then has no way of
knowing if the other end is still connected.
Time Interval to Config Request messages are used to negotiate the parameters at the start of a PPP
Send Config connection. For a slow line, this time should be increased to allow the reply to return to
Requests the sender. If not, the sender will assume it was lost and send another.
Edit ACCM Please see explanation in previous table.
Switch Session Control character used to switch sessions. 1 is Ctrl-A, 2 is Ctrl-B, etc. The value 254
Character Code disables this option.
Escape Session Control character used while in a telnet session, to return to the router menu without
Character Code closing the session.
X.25 PAD CHAR Menu CONFIG=>INTERFACE =>SWAN =>ENCAPS =>X.25 =><ESC> =><ESC> =>ENCAPS
=>CHAR
Parameter Description
Switch Session Control character used to switch sessions. 1 is Ctrl-A, 2 is Ctrl-B, etc. The value 254
Character Code disables this option.
Escape Session Control character used while in a telnet session, to return to the router menu without
Character Code closing the session.
Username Must be entered into the local user table first. See section 4.3.
Chapter 6 - The SWAN Interface 153
CyROS Reference Guide
The X.25 PAD Network Protocol menu applies to PPP or PPPCHAR Encapsulation only.
The PAD Network Protocol menu tree is shown in Figure 6.15.
Config
Interface
SWAN
Encapsulation Terminal PAD Network
X.25 Interface Unnumbered
for X.25 Protocol
Assign IP From Interface
Primary IP Address
Subnet Mask
Secondary IP Address
Enable Dynamic Local IP Address
Remote IP Address Type
Remote IP Address
IP MTU
IP Fragmentation
NAT
ICMP Port
Incoming Rule List Name
Detailed Incoming IP Accounting
Outgoing Rule List Name
Detailed Outgoing IP Accounting
Routing of Broadcast Messages
FIGURE 6.15 X.25 PAD NETWORK PROTOCOL MENU TREE
Chapter 6 - The SWAN Interface 154
CyROS Reference Guide
X.25 PAD Network Protocol Menu CONFIG =>INTERFACE =>SWAN =>ENCAPS =>X.25=><ESC>=><ESC>
=>NETWORK PROTOCOL
Parameter Description
Interface Unnumbered interfaces can be used for point-to-point connections.
Unnumbered
Assign IP From Applies to Unnumbered interfaces. Applies the IP address of another router interface to
Interface this one.
Primary IP Applies to Numbered interfaces. Address assigned to this interface.
Address
Subnet Mask Applies to Numbered interfaces. Subnet mask of the network.
Secondary IP Applies to Numbered interfaces. Indicates a second (or third, etc.) IP address that can be
Address used to refer to this interface. This parameter and the next are repeated until no value is
entered.
Subnet Mask Applies to Numbered interfaces. Subnet mask of Secondary IP Address.
Enable Dynamic The terminal connected through PAD assigns an IP address to the router for purposes of
Local IP Address their connection.
Remote IP The terminal connected through PAD sends its IP address in the negotiation package.
Address Type Fixed: The IP address sent must match the number set in the next parameter.
Same Net: The IP address sent must be an address in the network set in the next
parameter.
Any: The IP address can be any number that does not conflict with any local IP address.
None: Any IP address is accepted. This is not recommended.
Remote IP If Remote IP Address Type not None. Used in conjunction with the previous parameter.
Address
IP MTU Assigns the size of the Maximum Transmission Unit for the interface. This determines
whether or not a given IP datagram is fragmented.
This table is continued
Chapter 6 - The SWAN Interface 155
CyROS Reference Guide
X.25 PAD Network Protocol Menu (continued)
Parameter Description
IP Fragmentation When this parameter is set to No, the DF (Do Not Fragment) bit in the IP header causes IP
- Ignore Bit DF to reject a packet that is oversized: the router sends an ICMP message back to the sender.
When this parameter is Yes, the DF bit is ignored, the packet is fragmented, and no
message is sent back to the sender.
NAT Does not apply to Expanded NAT. Determines the type of IP address if NAT is being used.
Use Global otherwise. See section 4.3 for details on how to configure NAT.
ICMP Port Active causes the router to send ICMP Port Unreachable messages when it receives UDP
or TCP messages for ports that are not recognized. This type of message is used by some
traceroute applications, and if disabled, the router might not be identified in the traceroute
output. However, there are security and performance reasons to leave this option Inactive.
Incoming Rule Filter rule list for incoming packets. See section 4.7 for instructions on how this parameter
List Name should be set.
Detailed Applies when a list is selected in the previous parameter. See explanation of IP Accounting
Incoming IP later in this chapter. IP Accounting for a rule requires that the parameter CONFIG
Accounting =>RULES LIST=>IP=>CONFIGURE RULES=>ADD RULE=>ALLOW ACCOUNT
PROCESS also be Yes.
Outgoing Rule Filter rule list for outgoing packets. See section 4.7 for instructions on how this parameter
List Name should be set.
Detailed Applies when a list is selected in the previous parameter. See explanation of Detailed
Outgoing IP Incoming IP Accounting.
Accounting
Routing of Activating this parameter causes the router to route broadcast messages from the LAN to
Broadcast the WAN and vice-versa. An individual interface can be excluded by setting this parameter
Messages to Inactive, without effecting the broadcast of messages on the other interfaces. This is
necessary with applications that use Netbios.
Chapter 6 - The SWAN Interface 156
CyROS Reference Guide
The PAD Physical and Authentication menu trees are shown in Figure 6.16.
Config
Interface
SWAN
Encapsulation X.25 Terminal PAD
for X.25 Physical Number of PADs
Send Profile
Set X3 Parameters
Select Reference Number
Set Related Parameter
Parameter Sent
Authentication Authentication Type
Authentication Server
Authentication Protocol
FIGURE 6.16 X.25 PAD PHYSICAL AND AUTHENTICATION MENU TREES
Chapter 6 - The SWAN Interface 157
CyROS Reference Guide
X.25 PAD Physical Menu CONFIG=>INTERFACE=>SWAN=>ENCAPS =>X.25=><ESC>=><ESC> =>PHYSICAL
Parameter Description
Number of PADs Number of PAD connections that the router will accept simultaneously.
Send Profile When the router receives a Connection Request from a PAD, the X.3 parameters can be
sent. Yes causes these parameters to be sent.
Set X3 Default parameters are shown in Figure 6.17. The PPP Profile parameters are usually
Parameters used with PPP & PPPCHAR Encapsulation. Customize is used to set all/some X3
parameters individually.
Select Reference Applies for Customized X3 Parameters. To change the value of an X3 parameter, select its
Number number from the table shown in Figure 6.17.
Set Related Applies for Customized X3 Parameters. The new value.
Parameter
Parameter Sent Applies for Customized X3 Parameters. Change whether or not this parameter is sent
during connection negotiation.
Chapter 6 - The SWAN Interface 158
CyROS Reference Guide
Reference Number Default Value Send Profile Description
1 3 Y PAD recall using a character
2 0 Y Echo
3 0 Y Selection of "data forwarding" characters
4 1 Y Selection of idle timer delay
5 0 Y Flow control of the terminal
6 5 Y Control of PAD service/command signals
7 21 Y Operation of the PAD on reception of break signal
8 0 Y Discard Output
9 0 Y Padding
10 0 Y Line Folding
11 3 Y Binary Speed of Start/Stop mode
12 0 Y Flow control of the PAD
13 0 Y LF insertion after CR
14 0 Y Padding after LF
15 0 Y Editing
16 8 Y Character Delete
17 24 Y Line Delete
18 42 Y Line Display
19 0 N Editing PAD service signals
20 0 N Echo mask
21 0 N Parity treatment
22 0 N Page wait
23 0 N Size of input field
24 0 N End of frame signals
25 0 N Extended data forwarding signals
26 0 N Display interrupt
27 0 N Display interrupt confirm
28 0 N Diacritic character coding
29 0 N Extended echo mask
FIGURE 6.17 PAD X3 PARAMETER LIST
Chapter 6 - The SWAN Interface 159
CyROS Reference Guide
X.25 Authentication Menu CONFIG=>INTERFACE=>SWAN=>ENCAPS =>X.25=><ESC> =><ESC>
=>AUTHENTICATION
Parameter Description
Authentication Local uses the list of users defined in CONFIG=> SECURITY=>USERS=>ADD.
Type Server uses either Radius or Tacacs to authenticate the user.
Authentication Applies when Authentication Type is Server. Indicates that either a Radius or Tacacs
Server server is used for validation. The location and other parameters of the server must be
configured in CONFIG=> SECURITY. See section 4.3.
Authentication Applies when Authentication Type is Local or Server. Either PAP or CHAP or both can be
Protocol used for authentication.
Returning to the SWAN Interface Configuration, the Network Protocol Menu tree is shown in Figure 6.18.
Config Network IP Active or Inactive
Interface SWAN
Protocol Interface Unnumbered/Numbered
Assign IP from Interface
Primary IP address
Subnet Mask
Secondary IP Address
Subnet Mask
IP MTU
IP Fragmentation
NAT
ICMP Port
Incoming Rule List Name
Detailed Incoming IP Accounting
Outgoing Rule List Name
Detailed Outgoing IP Accounting
Routing of Broadcast Messages
Transparent Status
Bridge Port Priority
Incoming Rule List Name
Outgoing Rule List Name
FIGURE 6.18 NETWORK PROTOCOL MENU TREE
Chapter 6 - The SWAN Interface 160
CyROS Reference Guide
The Network Protocol parameters are explained in more detail in the following tables.
Network Protocol (IP) Menu CONFIG=>INTERFACE=>SWAN=>NETWORK PROTOCOL=>IP
Parameter Description
Active or Inactive Activates this interface.
Interface Unnumbered interfaces can be used for point-to-point connections.
Unnumbered
Assign IP From Applies to Unnumbered interfaces. Applies the IP address of another router interface to
Interface this one.
Primary IP Applies to Numbered interfaces. Address assigned to this interface.
Address
Subnet Mask Applies to Numbered interfaces. Subnet mask of the network.
Secondary IP Applies to Numbered interfaces. Indicates a second (or third, etc. up to eight) IP address
Address that can be used to refer to this interface. This parameter and the next are repeated until
no value is entered.
Subnet Mask Applies to Numbered interfaces. Subnet mask of Secondary IP Address.
IP MTU Assigns the size of the Maximum Transmission Unit for the interface. This determines
whether or not a given IP datagram is fragmented.
IP Fragmentation When this parameter is set to No, the DF (Do Not Fragment) bit in the IP header causes IP
- Ignore Bit DF to reject a packet that is oversized: the router sends an ICMP message back to the sender.
When this parameter is Yes, the DF bit is ignored, the packet is fragmented, and no
message is sent back to the sender.
NAT Does not apply to Expanded NAT. Determines the type of IP address if NAT is being used.
Use Global otherwise. See section 4.3 for details on how to configure NAT.
ICMP Port Active causes the router to send ICMP Port Unreachable messages when it receives UDP
or TCP messages for ports that are not recognized. This type of message is used by some
traceroute applications, and if disabled, the router might not be identified in the traceroute
output. However, there are security and performance reasons to leave this option Inactive.
Chapter 6 - The SWAN Interface 161
CyROS Reference Guide
Network Protocol (IP) Menu (continued)
Parameter Description
Incoming Rule Filter rule list for incoming packets. See section 4.7 for instructions on how this parameter
List Name should be set.
Detailed Applies when a list is selected in the previous parameter. See explanation of IP Accounting
Incoming IP later in this chapter. IP Accounting for a rule requires that the parameter CONFIG
Accounting =>RULES LIST=>IP=>CONFIGURE RULES=>ADD RULE=>ALLOW ACCOUNT
PROCESS also be Yes.
Outgoing Rule Filter rule list for outgoing packets. See section 4.7 for instructions on how this parameter
List Name should be set.
Detailed Applies when a list is selected in the previous parameter. See explanation of Detailed
Outgoing IP Incoming IP Accounting.
Accounting
Routing of Activating this parameter causes the router to route broadcast messages from the
Broadcast LAN to the WAN and vice-versa. An individual interface can be excluded by setting
Messages this parameter to Inactive, without effecting the broadcast of messages on the other
interfaces. This is necessary with applications that use Netbios.
Transparent Bridge Menu CONFIG=>INTERFACE=>SWAN=>NETWORK PROTOCOL=>TRANSPARENT
BRIDGE
Parameter Description
Status Activates the Transparent Bridge on this interface.
Port Priority For the Spanning Tree Algorithm, a priority is given to each link in the router and to each
router in the network. See CONFIG=>TRANSPARENT BRIDGE =>SPANNING TREE for
more information.
Incoming Rule Transparent Bridge rule list name for incoming packets. Note: Rule lists for Transparent
List Name Bridge and IP are created separately. See section 4.7 for instructions on how this rule list
is created.
Outgoing Rule Filter rule list name for outgoing packets. See section 4.7 for instructions on how this rule
List Name list is created.
Chapter 6 - The SWAN Interface 162
CyROS Reference Guide
The Routing Protocol Menu tree is shown in Figure 6.19.
Config Routing
Interface SWAN RIP Send RIP
Protocol
Listen RIP
RIP2 Authentication
Rip2 Authentication Password
OSPF OSPF on This Interface
Advertise This Non-OSPF Interface
External Metric
External Metric Type
Area ID
Network Type
Router Priority
Transit Delay
Retransmit Interval
Hello Interval
Dead Interval
Poll Interval
Password
Metric
Advertise Secondary IP Address
FIGURE 6.19 ROUTING PROTOCOL MENU TREE
Chapter 6 - The SWAN Interface 163
CyROS Reference Guide
The Routing Protocol parameters are explained in more detail in the following tables.
Routing Protocol Menu CONFIG=>INTERFACE=>SWAN=>ROUTING PROTOCOL =>RIP
Parameter Description
Send RIP Sets the type of RIP messages to be sent.
Listen RIP Indicates which types of RIP messages are accepted.
RIP2 Applies if RIP2 was chosen in one of the first two options. Activates RIP2 message
Authentication authentication with a password.
RIP2 Applies if RIP2 Authentication is Active. Password used for both received and transmitted
Authentication RIP2 messages.
Password
OSPF Protocol Menu CONFIG=>INTERFACE=>SWAN=>ROUTING PROTOCOL=>OSPF
Parameter Description
OSPF on This Activates OSPF. Enable Inactive is used to temporarily disable the OSPF protocol without
Interface erasing the parameters set below. This is useful when OSPF is first configured, as the
general parameters must be set afterwards in CONFIG=>IP =>OSPF and OSPF cannot
function without them.
Parameters that apply only when OSPF on This Interface is Disabled.
Advertise This Causes the router to include this interface in its advertisements through other interfaces (as
Non-OSPF an external route).
Interface
External Metric Defines the metric that will be advertised by OSPF.
External Metric For Type 1, the total metric of this route is composed of the internal metric (inside the
Type autonomous system) and the external metric (provided in the previous parameter). For
Type 2, the total metric of this route is the value provided in the previous parameter.
Parameters that apply only when OSPF on This Interface is Enable or Enable Inactive.
this table continued
Chapter 6 - The SWAN Interface 164
CyROS Reference Guide
OSPF Protocol Menu (continued)
Parameter Description
Area ID Identifies the area to which the interface belongs. Areas are created here, then later
defined in CONFIG=>IP=>OSPF =>AREA. Has the format of an IP address, but is not
linked to any IP address in the system. Small OSPF networks will typically have only one
area (the backbone area represented by 0.0.0.0).
Router Priority Priority used by OSPF in multicast networks to elect the designated router. A priority of 1
will make this router the most likely to be chosen. A priority of 2 will make it second most
likely. Set it to 0 (zero) if this router should never be the designated router.
Transit Delay Estimated transit time in seconds to route a packet through this interface. Use the preset
value (1) or increase the number for slow links
Retransmit Time in seconds between link-state advertisement retransmissions for adjacencies
Interval* belonging to this interface.
Hello Interval* Time in seconds between the hello packets on this interface.
Dead Interval* Inactivity time (seconds) before a neighbor router is considered down.
Poll Interval Time in seconds between the hello packets sent to an inactive, non-broadcast, multi-
access neighbor.
Password* String of up to 8 characters used to authenticate OSPF packages. The use of this
password is enabled in CONFIG
=>IP=>OSPF=>AREA=>AUTHENTICATION TYPE
Metric Defines the cost for normal service. For consistent routing, this parameter should be
determined in the same manner for all routers in the OSPF Area. Normally, metric cost is
defined as an inverse function of interface throughput (e.g. 1 for 100Mbps, 10 for 10Mbps,
65 for T1, 1785 for 56kbps, etc).
Advertise Causes the router to advertise additional addresses assigned to this interface. These are
Secondary IP configured in CONFIG=> INTERFACE=>SWAN=>NETWORK PROTOCOL =>IP.
Address
* Inside a given area, these 4 parameters should be the same for all routers.
Chapter 6 - The SWAN Interface 165
CyROS Reference Guide
Physical Menu CONFIG=>INTERFACE=>SWAN=>PHYSICAL
Parameter Description
Mode Asynchronous or Synchronous
Clock Source Applies for Synchronous Mode. Whether this interface provides clock for the device at the
other end of the cable or vice-versa.
Receive Clock Applies for Internal Clock Source. When this interface provides clock, it can either compare
incoming messages with the clock it is generating (Internal) or with the clock it receives
from the sender along with the message (External).
Speed Applies for Internal Clock Source. Determines at which speed the data will be sent across
the line.
Media for SWAN Type of cable -- RS-232 or V.35.
Cable
The following menu is only relevant when PPP Encapsulation is used.
Authentication Menu CONFIG=>INTERFACE=>SWAN=>AUTHENTICATION
Parameter Description
Authentication Local uses the list of users defined in CONFIG=> SECURITY=>USERS=>ADD.
Type Server uses either Radius or Tacacs to authenticate the user.
Remote is when this interface is considered to be the user and the other end of the
connection performs the authentication.
Username Applies when Authentication Type is Remote. The username the remote device expects to
receive.
Password Applies when Authentication Type is Remote. The password the remote device expects to
receive.
Authentication Applies when Authentication Type is Server. Indicates that either a Radius or Tacacs
Server server is used for validation. The location and other parameters of the server must be
configured in CONFIG=> SECURITY. See section 4.3.
Authentication Applies when Authentication Type is Local or Server. Either PAP or CHAP or both can be
Protocol used for authentication.
Chapter 6 - The SWAN Interface 166
CyROS Reference Guide
Bibliography
PPP:
STD0051 and RFCs 1661 and 1662
Frame Relay:
Smith, Philip, Frame Relay Principles and Applications, Addison-Wesley, 1993
RFC 1490, Multiprotocol Interconnect over Frame Relay (explains NLP ID and SNAP)
X.25:
Thorpe, Nicolas and Derek Ross, X.25 Made Easy, Prentice Hall, 1992.
Chapter 6 - The SWAN Interface 167
CyROS Reference Guide
CHAPTER 7 THE Z-BUS INTERFACE
The Z-Bus Card is used in conjunction with either the Cyclades-Synchronous Serial Expander (8 ports) or the
Cyclades-Serial Expander 16. The SSE8 can be used for either synchronous or asynchronous communication,
on a port by port basis, while the SE16 is only for asynchronous communication. The asynchronous menu
options will be discussed first. The Z-Bus Interface Menu tree is given in Figure 7.1.
Config
Interface Zbus Zbus Card Number of Serial Expanders
First Logical Link
One Port Zbus Port
Encapsulation
Network Protocol
Routing Protocol
Physical
Traffic Control General Bandwidth
IP Traffic Control List
Authentication Authentication Type
Username
Password
Authentication Server
Authentication Protocol
Wizards
Range Zbus Port Range Begin
Zbus Port Range End
Same Parameters as One Port
All Ports Same Parameters as One Port
FIGURE 7.1 Z-BUS INTERFACE MENU TREE
Chapter 7 - The Z-Bus Interface 168
CyROS Reference Guide
Cyclades-PR3000
Slot 2 Slot 1
PR3000
Z-Bus Z-Bus
Cable Cable
Serial
Expander 1
Logical Links 17 - 32 SE16 Logical Links 1 - 8 SSE8
Cable
Serial
Expander 2
Logical Links 33 - 48 SE16
FIGURE 7.2 PR3000 WITH Z-BUS CARDS AND SERIAL EXPANDERS
More than one Z-Bus card can be installed in the PR3000 and more than one SE16 can be attached to a Z-
Bus. Even with two separate Z-Bus cards, the Z-Bus Ports are numbered consecutively. The example in
Figure 7.2 shows one SSE8 with ports numbered 1 through 8 and two SE16s with ports numbered 17-48. The
starting port number in configured with the CONFIG =>INTERFACE =>Z-BUS =>Z-BUS CARD =>FIRST
LOGICAL LINK parameter.
Chapter 7 - The Z-Bus Interface 169
CyROS Reference Guide
CONFIG=>INTERFACE=>Z-BUS
Menu Option Description
Z-Bus Card This menu contains two parameters: the Number of Serial Expanders (when more than
one SE16 is used), and the First Logical Link, explained in the example.
One Port Allows configuration of all the parameters that apply to a single port. If more than one port
will have the same or a similar configuration, the menus Range and All Ports will be faster.
Range Allows configuration of all port parameters for a range of ports.
All Ports Allows configuration of all port parameters at once. If a typical configuration is planned
(Terminal Server, Remote Access Server, or Lan-to-Lan), see CONFIG=>INTERFACE=>Z-
BUS=><PORT>=>WIZARDS for automated definition of parameters.
NOTE: In this chapter, the expression <PORT> refers to One Port, Range, or All Ports in the menu above,
whichever is applicable.
Asynchronous Port Menus
This section applies to the SE16 and any SSE8 port used for asynchronous communication. The
Encapsulation and Physical menus are very different for the asynchronous and synchronous modes. All mode-
independent menus will be described later in this chapter.
The Physical Menu tree for asynchronous ports is shown in Figure 7.3.
Config Interface Z-Bus <Port> Physical Speed
Flow Control
Modem Connection
Modem String Index
RTS Mode
Input Signal DCD On
Input Signal DSR On
Input Signal CTS On
FIGURE 7.3 ASYNCHRONOUS PORT PHYSICAL MENU TREE
Chapter 7 - The Z-Bus Interface 170
CyROS Reference Guide
Asynchronous Port Physical Menu CONFIG=>INTERFACE=>Z-BUS=><PORT>=>PHYSICAL
Parameter Description
Speed Valid options can be seen using the ? command.
Parity Applies for Char Encapsulation.
Character Size Applies for Char Encapsulation.
Stop Bits Applies for Char Encapsulation.
Flow Control Hardware or Software Flow Control, or None.
Modem Connection Determines whether or not a modem is connected to this port.
Modem String Index Applies when Modem Connection = Yes. Selects the modem profile as defined in the
modem strings table, (CONFIG=>SYSTEM=>MODEMS=>TABLE).
RTS Mode Applies for Flow Control not Hardware. Determines how the Request to Send (RTS)
signal is interpreted. For Normal Flow Control, the RTS signal is always 1, and for
Legacy Half Duplex, it is 1 only when data is being transmitted, indicating that the
receiving end must wait.
Input Signal DCD On Defines line as operational if the Data Carrier Detected signal is received.
Input Signal DSR On Defines line as operational if the Data Set Ready signal is received.
Input Signal CTS On Defines line as operational if the Clear to Send signal is received. Hardware flow
control cannot be used with this option.
If more than one input signal is chosen, all those chosen must be received for the line to be
considered operational.
The encapsulation options are shown in the following table. A menu tree will be given for each item.
Chapter 7 - The Z-Bus Interface 171
CyROS Reference Guide
Asynchronous Port Encapsulation Menu CONFIG =>INTERFACE =>Z-BUS =><PORT> =>ENCAPSULATION
Menu Options Description
PPP The PPP (Point-to-Point) protocol can be used on either synchronous or asynchronous
lines. Multilink PPP is also provided.
PPPCHAR Sends a character login prompt, but automatically switches to PPP if requested. Please
see the description of the PPP and CHAR protocols for more information.
CHAR Sends a login prompt and accepts only character-mode connections.
Slip Provides a Slip connection. This encapsulation option has no parameters.
SlipCHAR Sends a character login prompt, but automatically switches to Slip if a Slip frame is
received. This encapsulation option has no parameters.
Inactive This menu option must be chosen whenever the encapsulation is changed from one type to
another. One must be deactivated before another can be activated.
Chapter 7 - The Z-Bus Interface 172
CyROS Reference Guide
PPP is used for both synchronous and asynchronous connections, and will be described in the mode-independent
menus section. The parameters for PPPCHAR are a combination of those for PPP and CHAR. The PPPCHAR
Menu tree is shown in Figure 7.4.
Config
Interface
Z- Bus <Port> Encapsulation PPPCHAR MLPPP Active
Connection Type
Identification for This Bundle
Total Number of Lines for This Bundle
PPP Inactivity Timeout
Enable Van Jacobson IP Header Compression
Transmit Compressed Packets
Disable LCP ECHO Requests
Time Interval to Send Config Requests
Edit ACCM
Enable Predictor Compression
Number of Bits for Compression
Switch Session Character Code
Escape Session Character Code
FIGURE 7.4 PPPCHAR ENCAPSULATION MENU TREE
Chapter 7 - The Z-Bus Interface 173
CyROS Reference Guide
The CHAR Encapsulation Menu tree is shown in Figure 7.5, and the table that follows gives a brief description
of the related parameters.
Config
Interface Z-Bus <Port> Encapsulation CHAR Device Type
TCP Keep Alive Timer
Terminal Type
Switch Session Character Code
Escape Session Character Code
Username
Wait For or Start a Connection
Destination Hostname
Filter Null Char After CR Char
Idle Timeout
DTR On
Device Will Send Echo
FIGURE 7.5 CHAR ENCAPSULATION MENU TREE
Chapter 7 - The Z-Bus Interface 174
CyROS Reference Guide
CHAR Encapsulation Menu CONFIG =>INTERFACE =>Z-BUS =><PORT> =>ENCAPSULATION =>CHAR
Parameter Description
Device Type Determines whether a Terminal, Printer, or Socket device will be connected to this port.
TCP Keep Alive The delay between Keep Alive messages sent by TCP.
Timer
Terminal Type For a terminal, ANSI is generally used. For a printer, dumblp is generally used.
Switch Session Applies for Terminal Device Type. Control character used to switch sessions. 1 is Ctrl-A, 2
Character Code is Ctrl-B, etc. The value 254 disables this option.
Escape Session Applies for Terminal Device Type. Control character used while in a telnet session, to
Character Code return to the router menu without closing the session.
Username Applies for Terminal Device Type. Must be entered into the local user table first. See
section 4.3. If this parameter is left blank, the user will have to enter a username.
Wait for or Start a Applies for Socket Device Type. Wait is used when the remote application will start the
Connection communication. When Start is used, a connection is attempted as soon as the line is
considered operational.
Destination Applies for Socket Device Type. The remote hostname to which the socket will be
Hostname connected, if the previous parameter was start. This name must have been defined in the
host table. See section 4.2, menu CONFIG=>SYSTEM=>HOSTS.
Filter Null Char Applies for Socket Device Type. Interprets a CR NULL sequence, received on a TCP
after CR Char connection, as CR (only).
Idle Timeout in Applies for Socket Device Type. The connection is broken if this time passes with no
Minutes traffic.
DTR ON Only if Applies for Socket Device Type. If False, the Data Terminal Ready line is switched on
Socket when the router is booted.
Connection
Established
Device Attached Applies for Socket Device Type. Yes if the device attached to the socket will echo the
to This Port Will characters sent to it.
Send ECHO
Chapter 7 - The Z-Bus Interface 175
CyROS Reference Guide
Synchronous Port Menus
This section applies only to SSE8 ports used for synchronous communication. The Encapsulation and Physical
menus are presented, along with the encapsulation options which are only available in synchronous mode.
The Physical Menu tree for synchronous ports is shown in Figure 7.6.
Config Interface Z-Bus <Port> Physical Mode
Clock Source
Speed
Media for Z-Bus Cable
FIGURE 7.6 SYNCHRONOUS PORT PHYSICAL MENU TREE
Synchronous Port Physical Menu CONFIG =>INTERFACE =>Z-BUS =><PORT> =>PHYSICAL
Parameter Description
Mode Asynchronous or Synchronous
Clock Source Whether this interface provides clock for the device at the other end of the cable or vice-
versa.
Speed Applies for Internal Clock Source. Determines at which speed the data will be sent across
the line.
Media for Z-Bus Type of cable -- RS-232 or V.35.
Cable
The encapsulation options are shown in the following table. A menu tree will be given for each item. PPP is
used for both synchronous and asynchronous connections, and will be described in the mode-independent
menus section.
Chapter 7 - The Z-Bus Interface 176
CyROS Reference Guide
Synchronous Port Encapsulation Menu CONFIG =>INTERFACE =>Z-BUS =><PORT> =>ENCAPSULATION
Menu Option Description
Frame Relay The Frame Relay Protocol is based on frame switching and constructs a permanent virtual
circuit (PVC) between two points.
PPP The PPP (Point-to-Point) protocol can be used on either synchronous or asynchronous
lines. Multilink PPP is also provided.
X.25 The X.25 Protocol is generally used to connect to a public X.25 network. The router can
act either as a DTE or a DCE.
HDLC This protocol has only one parameter: HDLC Keepalive Interval. This is the time interval
between transmission of Keepalive messages. The receiver of these messages must send
keepalive messages with the same frequency or will be considered inoperative.
Inactive This menu option must be chosen whenever the encapsulation is changed from one type to
another. One must be deactivated before another can be activated.
Chapter 7 - The Z-Bus Interface 177
CyROS Reference Guide
Frame Relay
FR supports multiple connections over a single link. Each data link connection (DLC) has a unique DLCI (data
link connection identifier). This allows multiple logical connections to be multiplexed over a single channel.
These are called Permanent Virtual Circuits (PVCs). The DLCI has only local significance and each end of the
logical connection assigns its own DLCI from the available local numbers. A public Frame Relay network
connecting offices in Rome, Milan, Palermo, and Florence is shown in Figures 7.7 and 7.8.
Rome Florence
Network: 192.168.200.0 Network: 192.168.201.0
Router Router
200.1.1.1 200.1.1.4
FR Network
200.1.1.2 200.1.1.3
Router Router
Palermo Milan
Network: 192.168.203.0 Network: 192.168.202.0
FIGURE 7.7 PUBLIC FRAME RELAY NETWORK EXAMPLE
Chapter 7 - The Z-Bus Interface 178
CyROS Reference Guide
Each router will have a routing table pairing destination network with router interface and gateway. A Frame Relay
Address Map is also created (either statically or dynamically) to associate each DLCI with the destination router IP.
Rome Florence
Network: 192.168.200.0 Network: 192.168.201.0
Router Router
200.1.1.1 200.1.1.4
21
11
81
200.1.1.2 200.1.1.3
Router Router
Palermo Milan
Network: 192.168.203.0 Network: 192.168.202.0
FIGURE 7.8 PERMANENT VIRTUAL CIRCUITS BETWEEN OFFICES
For the router in Palermo, the Frame Relay address map will look like this:
DLCI IP
11 200.1.1.1
21 200.1.1.4
81 200.1.1.3
Chapter 7 - The Z-Bus Interface 179
CyROS Reference Guide
These values are entered in the Add DLCI menu.
The Local Management Interface (LMI) Protocol provides services not available in simple Frame Relay. It is used
for controlling the connection between the user and the network. It monitors this link, maintains the list of DLCs,
and sends status messages about the PVCs. A separate virtual circuit is created to pass this information (DLCI
0).
Sub-Network Access Protocol (SNAP)
A normal Frame Relay Network header contains the NLPID (Network Level Protocol ID) field to identify which
protocol provided the information encapsulated in the data field.
flag address - control optional NLPID data FCS flag
including pad
DLCI
FIGURE 7.9 NORMAL HEADER USING NLPID
For those protocols which do not have an NLPID defined, the SNAP header must be used. The NLPID field
remains, but contains a value (0x80) that indicates that the SNAP information follows.
flag address - control optional NLPID OUI PID data FCS flag
including pad = 0x80
DLCI
FIGURE 7.10 HEADER USING SNAP
The three-octet Organizationally Unique Identifier (OUI) and the two-octet Protocol Identifier (PID) which follow
define a distinct protocol. See RFC 1490 for details.
Chapter 7 - The Z-Bus Interface 180
CyROS Reference Guide
The Frame Relay Encapsulation Menu tree is shown in Figure 7.11.
Config
Interface
Frame
Z-Bus <Port> Encapsulation Encapsulation Type
Relay
SNAP IP
LMI
T391
N391
N392
N393
CIR
Bandwidth Reservation
Add DLCI DLCI Number
Frame Relay
Address Map
IP Address
Enable Predictor
Compression
Number of Bits for
Compression
DLCI priority level
Reserved Bandwidth
Bandwidth Priority Level
Delete DLCI Map Entry Number
Edit DLCI Table Entry
Rest same as Add DLCI
FIGURE 7.11 FRAME RELAY ENCAPSULATION MENU TREE
Chapter 7 - The Z-Bus Interface 181
CyROS Reference Guide
A detailed explanation of the Frame Relay parameters is given in the following tables.
Frame Relay Menu CONFIG=>INTERFACE=>Z-BUS=><PORT>=>ENCAPSULATION =>FRAME RELAY
Parameter Description
Encapsulation RFC1490 - IETF is the standard used by most equipment. The Cisco option should be used
Type when the PR is communicating with a router configured to use the default Cisco standard.
SNAP IP Applies when Encapsulation Type is RFC1490 - IETF above. Indicates that the Sub-
Network Access Protocol should be used. See description above. From a network
administrator's point of view, the router on the sending end must be using the same header
type (NLPID or SNAP) as the router on the receiving end.
LMI Selects the Local Management Interface specification to be used. ANSI, Group of Four
(defined by the vendors that first implemented Frame Relay), Q933a (defined by ITU-T),
and None (used for a dedicated FR connection without a network).
T391 Interval between the LMI Status Enquiry messages.
N391 Full Status Polling Counter. Full Status Enquiry messages are sent every N391-th LMI
Status Enquiry message.
N392 Error Threshold. The network counts how many events occur within a given period and
considers an interface inactive when the number of events exceeds a threshold. N393 is
the number of events to be considered and N392 the number of errors within this period. If
N392 of the last N393 events are errors, the interface is deemed inactive. A successful
event is the receipt of a valid Status Enquiry message
N393 Monitored Events Count. See the description of N392. This value must be larger than
N392.
CIR Committed Information Rate, in percentage of total bandwidth (given in
CONFIG=>INTERFACE=>Z-BUS=><PORT> =>TRAFFIC CONTROL =>GENERAL
=>BANDWIDTH). Traffic above this rate may be discarded if the network is congested.
Bandwidth Enables traffic control per DLCI. See the Add DLCI menu for more details.
Reservation
Chapter 7 - The Z-Bus Interface 182
CyROS Reference Guide
The following menu appears at the end of the Frame Relay parameter list. It can be reached by passing through all
parameters or by using the <ESC> key at any point in the parameter list.
DLCI Frame Relay Menu CONFIG=>INTERFACE=>Z-BUS=><PORT>=>ENCAPSULATION =>FRAME
RELAY=><ESC>
Menu Option Description
Add DLCI Adds a DLC for this interface to the DLCI table.
Delete DLCI CyROS puts all DLCIs in a table. The list command (L) must be used to discover this
number in order to delete the DLCI.
Edit DLCI CyROS puts all DLCIs in a table. The list command (L) must be used to discover this
number in order to edit the DLCI.
Traffic Control based on Data Link Connection
Traffic Control as described in section 4.7 can also be performed on a Frame Relay interface for each
permanent virtual connection. The parameters in the Add DLCI menu are used in the same manner as those
described in section 4.7.
Add DLCI Frame Relay Menu CONFIG=>INTERF=>Z-BUS=><PORT> =>ENCAPS=>FRAME RELAY
=><ESC> =>ADD DLCI
Parameter Description
DLCI Number Used to identify the DLC. This number is supplied by the Public Frame Relay network
provider. The DLCIs are stored in a table which can be seen with the L command.
Frame Relay Determines the method used for mapping the remote IP address to the Permanent Virtual
Address Map Circuit. Static maps one IP address to this DLCI. Inverse ARP maps the IP address
dynamically, in a manner similar to the ARP table.
IP Address Applies when Frame Relay Address Map is Static. Provides the IP address to be used for
static address mapping.
This table is continued.
Chapter 7 - The Z-Bus Interface 183
CyROS Reference Guide
Add DLCI Frame Relay Menu (continued)
Enable Predictor Enables data compression using the Predictor algorithm. This feature should be enabled
Compression only if Cyclades' equipment is being used on both ends of the connection because there is
no established standard for data compression interoperability. Data compression is very
CPU-intensive, making this feature effective only for links running at speeds under 1Mbps.
At higher speeds, the time necessary to compress data offsets the gains in throughput
achieved by data compression.
Number of Bits Applies when Predictor Compression Enabled. Sixteen is fastest, but 10 must be used if
for Compression the router on the other end is a PathRouter, for compatibility.
DLCI Priority This is the equivalent of CONFIG=>RULES LIST=>IP =>CONFIGURE RULES=>ADD
Level RULE=>FLOW PRIORITY LEVEL. Indicates the relative priority of the frame for insertion
into queues in the router. A frame with priority 1 will enter the queue if there is any space
available. A frame with priority 2 will enter the queue if at least 20% of the space is
available, and so on (40% free for priority 3, 60% free for priority 4, and 80% free for priority
5). Frames with priority x + 1 will always enter after frames with priority x, x-1, etc. Priority
0 is similar to Priority 5, but these packets always enter the queue. All frames that do not
enter the queue are DISCARDED. Use this feature with caution!
Reserved This is the equivalent of CONFIG=>RULES LIST=>IP =>CONFIGURE RULES=>ADD
Bandwidth RULE=>RESERVED BANDWIDTH. Defines what percentage of the total bandwidth on an
interface will be set aside for this DLC.
Bandwidth This is the equivalent of CONFIG=>RULES LIST=>IP =>CONFIGURE RULES=>ADD
Priority Level RULE=>BANDWIDTH PRIORITY LEVEL. Two DLCs with the same priority cannot share
bandwidth when one DLC does not need its entire allotment. For two DLCs with different
priorities, the DLC with the higher priority can steal bandwidth from the other when it is not
in use. Priority is relative -- two DLCs with priorities 1 and 5 are the same as two DLCs
with priorities 3 and 4 (if there are no other DLCs).
Chapter 7 - The Z-Bus Interface 184
CyROS Reference Guide
X.25
A Cyclades Router can act either as a DTE (Data-terminal Equipment) connected to a public X.25 network or
as a DTE or DCE (Data circuit-terminating Equipment) as part of a private X.25 network. As seen in Figures
7.12 and 7.13, the determination of DTE or DCE depends on the position and use of the router within the
network.
Both Permanent Virtual Circuits (PVCs) and Switched Virtual Circuits (SVCs) can be defined. A PVC requires
that two DTEs be permanently connected.
Modem or
DSU/CSU
Router / DTE Router / DTE
Switch / DCE Switch / DCE
X.25
FIGURE 7.12 PUBLIC X.25 NETWORK EXAMPLE
Chapter 7 - The Z-Bus Interface 185
CyROS Reference Guide
Router A
Router B
DTE
Link 3 Link 1
DTE
DCE
DCE
Router C
Link 2
DCE
DTE
Router D
FIGURE 7.13 PRIVATE WAN
In the Private WAN network example, the central router acts as a switch connecting the other three. A type of brid-
ge must be configured to allow switched virtual connections passing through the router. The “switch” must be
configured on both of the interfaces involved in the bridge. The X.25 parameters Packet Size and Window Sizes
should be the same on both interfaces to prevent bottlenecks.
Chapter 7 - The Z-Bus Interface 186
CyROS Reference Guide
The first X.25 menu tree is shown in Figure 7.14
Config
Interface
Z-Bus <Port> Encapsulation X.25 X.121 (Local DTE) Address
Switch Mode Active
Incoming Calls...Forwarded
Suppress Calling Address
Inactivity Timeout
Configure as DTE or DCE
Number of Virtual Circuits
Number of Permanent Virtual Circuits
PVCs Must Wait for Reset Packet
Layer 3 Window Size
Layer 2 Window Size
Packet Size
Number of Retries N2
TL
T2
T21
T23
Negotiable Facilities
Send Facility
Add DTE [shown in DTE Menu Diagram]
Delete DTE [shown in DTE Menu Diagram]
Edit DTE [shown in DTE Menu Diagram]
Terminal PAD for X.25
Encapsulation [shown in a later figure]
Network Protocol [shown in a later figure]
Physical [shown in a later figure]
Authentication [shown in a later figure]
FIGURE 7.14 X.25 MENU TREE
Chapter 7 - The Z-Bus Interface 187
CyROS Reference Guide
Config
Interface
Z-Bus <Port> Encapsulation X.25 Add DTE Type of Logical Address
IP Address
X25 Socket Port
X.121 (DTE) Address
VC Number
Packet Transaction
Automatic Mode
User Data Len
User Data
Enable Predictor Compression
Number of Bits for Compression
Delete DTE Host Number to Delete
Edit DTE Host Number to Change
FIGURE 7.15 X.25 DTE MENU TREE
Chapter 7 - The Z-Bus Interface 188
CyROS Reference Guide
A detailed description of the X.25 parameters for the two examples given above is provided in the table below.
X.25 Menu CONFIG=>INTERFACE=>Z-BUS=><PORT>=>ENCAPSULATION =>X.25
Parameter Description
X.121 (Local Address assigned to this interface (provided by the public X.25 Network Provider). Can be
DTE) Address up to 15 digits.
Switch Mode Private WAN: In the example, Router C is used to connect three internal X.25 networks.
Active To allow bridging from Router B to Router D across Router C, this parameter must be Yes
on both link 1 and link 2 .
Incoming Calls Applies when Switch Mode is Active. Private WAN: When Router C receives a packet
Received Over from Router B with an unknown address, it can take two actions: if this parameter is No on
the Other X.25 both link 2 and link 3, the packet is discarded. If either link 2 or link 3 has this parameter
Links With set to Yes, the packet is sent through that link. (If both are Yes, the link with the lowest link
Unknown number is chosen -- in this case link 2).
Destination DTE
Can be
Forwarded
Through This
Link
Suppress Calling Public X.25 Network: This parameter must be chosen according to the guidelines given
Address by the Public X.25 Network provider. When activated, the sender's Local DTE address is
not included in the Call Request Message. Private WAN: This parameter will be No as
the network will not keep track of the sender of each packet.
Inactivity Timeout Time until connection is automatically terminated by the router if there is no traffic.
Configure as As mentioned above, the router can act either as the recipient of information (DTE), or as
DTE or DCE the passer-on of information (DCE). Public X.25 Network: Both routers are DTEs .
Private WAN: Routers A,B, and D are DTEs and Router C is a DCE.
Number of Virtual Indicates the maximum number of virtual circuits (total of PVCs and SVCs) allowed on this
Circuits interface. The maximum number for all X.25 interfaces combined is 128.
this table continued
Chapter 7 - The Z-Bus Interface 189
CyROS Reference Guide
X.25 Menu (continued)
Parameter Description
Number of Indicates the number of permanent virtual circuits that will be connected through this
Permanent interface. This maximum is also 128.
Virtual Circuits
PVCs must wait Applies for PVCs. Should be set when line provider (or DCE) sends reset to initialize the
for reset packet PVC.
Layer 3 Window The layer 3 (packet) level window represents the number of sequentially numbered packets
Size that can be sent before an acknowledgement must be received. This number may be
negotiated if the Window Size Facility is utilized (see last parameter in this table).
Layer 2 Window The layer 2 (frame) level window represents the number of sequentially numbered frames
Size that can be sent before an acknowledgement must be received. The frame numbers are
independent of the packet numbers.
Packet Size The packet size to be sent across the interface. This number may be negotiated if the
Packet Size Facility is utilized (see last parameter in this table).
Number of Number of times an information frame can be resent, without response, before the link is
Retries N2 considered down.
TL Time the frame level waits for an acknowledgement for a given frame before re-sending it.
T2 Time that can elapse, after receiving a frame, until the router must send an
acknowledgement.
T21 Call Request response Timer. After this time has elapsed, the DTE sends a Clear
message.
T23 Clear Request response Timer. After this time has elapsed, the DTE retransmits the Clear
message.
Negotiable Applies when the total number of virtual circuits is greater than the number of permanent
Facilities virtual circuits. Initiates facility negotiation during virtual circuit creation.
Send Facility Applies when the total number of VCs is greater than the number of PVCs. Determines
which facilities are negotiated during virtual circuit creation: Packet size is part
of the flow control parameters negotiation, Throughput is part of the throughput class
negotiation, and N3 Window (Level 3 Window Size, above) is part of the flow control
parameters negotiation.
Chapter 7 - The Z-Bus Interface 190
CyROS Reference Guide
The following menu appears at the end of the X.25 parameter list. It can be reached by passing through all
parameters or by using the <ESC> key at any point in the parameter list. This menu creates a static routing table
associating a remote X.121 address to an IP address or a TCP Socket location.
X.25 Add DTE Menu CONFIG=>INTERFACE=>Z-BUS=><PORT>=>ENCAPSULATION
=>X.25=><ESC>=>Add DTE
Parameter Description
Type of Logical IP Address or TCP Socket. Users that intend to use the TCP Socket option should see
Address Appendix A.
IP Address Applies for IP Address Type. IP Address of remote DTE device.
X.25 Socket Port Applies for Socket Address Type. Must be a number in the interval defined by the
parameters CONFIG=>IP=>TCP =>X25 SOCKET START/END PORT RANGE.
X.121(DTE) Address of remote DTE device.
Address
VC Number Number assigned to this circuit, if it is a PVC. For SVCs, the value should be zero.
Packet Applies for Socket Address Type. See Appendix A.
Transaction
Automatic Mode Applies for Packet Transaction = Yes. See Appendix A.
User Data Len Applies for Socket Address Type. Length of next parameter in bytes. The maximum is 32.
See Appendix A.
User Data Applies for Socket Address Type. The value in the user data field of the Call Request
packet which determines which service on the remote host is being requested. 0xCC is
used for IP. See Appendix A.
Enable Predictor Applies for IP Address Type. Enables data compression using the Predictor algorithm.
Compression This feature should be enabled only if Cyclades' equipment is being used on both ends of
the connection because there is no established standard for data compression
interoperability. Data compression is very CPU-intensive, making this feature effective only
for links running at speeds under 1Mbps. At higher speeds, the time necessary to
compress data offsets the gains in throughput achieved by data compression.
Number of Bits Applies when Predictor Compression Enabled. Sixteen is fastest, but 10 must be used if
for Compression the router on the other end is a Cyclades PathRouter, for compatibility.
Chapter 7 - The Z-Bus Interface 191
CyROS Reference Guide
PAD (Packet Assembler/Disassembler)
PAD acts as a protocol converter, allowing a user to access the packet-switched network via a serial terminal. This
asynchronous connection is then converted into synchronous communication with the router and the network
beyond (using the telnet application available in the router). Any user listed in the local user table can be connected
this way, and the menu options available to him are configured in the CONFIG=>SECURITY =>USERS=>ADD
menu.
PC Asynchronous
Connection
Modem
X.28
Parameters PAD Public X.25 Synchronous
Connection
Network
PR3000
Link 1
X.3
Parameters ETH0
....
......
......
......
......
......
Server
FIGURE 7.16 PAD EXAMPLE
Chapter 7 - The Z-Bus Interface 192
CyROS Reference Guide
CyROS provides for configuration of the X.3 parameters that define the connection between the PAD and the
router. When the PAD sends a connection request to the router, the router replies with the profile (the X.3
parameters) to be used for the connection. The X.28 parameters that define the connection between the remote
terminal and the PAD are not considered. Link 1 of the Router in the PAD example must be configured for this type
of access.
With encapsulation type CHAR, pure X.25 is used. Optionally, PPP or PPPCHAR can run on top of X.25.
These protocols must be configured in the encapsulation menu, and related parameters are set in the Network
Protocol, Physical, and Authentication menus.
Chapter 7 - The Z-Bus Interface 193
CyROS Reference Guide
The PAD Encapsulation menu tree is shown in Figure 7.17.
Config
Interface
Z-Bus
<Port> PPP PPP Inactivity Timeout
Enable Van Jacobson
Encapsulation IP Header Compression
Transmit Compressed Packets
Terminal PAD Disable LCP ECHO Requests
X.25 Encapsulation
for X.25 Time interval to Send
Config Requests
Edit ACCM
PPPChar PPP Inactivity Timeout
Enable Van Jacobson
IP header Compression
Transmit Compressed Packets
Disable LCP ECHO Requests
Time Interval to Send
Config Requests
Edit ACCM
Switch Session Character Code
Escape Session Character Code
Char Switch Session Character Code
Escape Session Character Code
Username
Inactive
FIGURE 7.17 X.25 PAD ENCAPSULATION MENU TREE
Chapter 7 - The Z-Bus Interface 194
CyROS Reference Guide
Details on the configuration of each parameter are given in the following table.
X.25 PAD PPP Menu CONFIG=>INTERF=>Z-BUS=><PORT>=>ENCAPS =>X.25 => <ESC> =><ESC>
=>ENCAPS =>PPP
Parameter Description
PPP Inactivity The connection is closed when data does not pass through the line for this period of time.
Timeout
Enable Van Allows the link to receive compressed packets. This type of compression is useful for low-
Jacobson IP speed links and/or small packets. It is not recommended for fast links, as it requires CPU
Header time.
Compression
Transmit Applies when Enable Van Jacobson IP Header Compression is Yes. This parameter
Compressed causes the link to send compressed packets.
Packets
Disable LCP LCP (Link Control Protocol) messages are normally exchanged to monitor the status of the
Echo Requests link. Disabling these messages reduces traffic, but the link then has no way of knowing if
the other end is still connected.
Time Interval to Config Request messages are used to negotiate the parameters at the start of a PPP
Send Config connection. For a slow line, this time should be increased to allow the reply to return to the
Requests sender. If not, the sender will assume it was lost and send another.
Edit ACCM Applies to asynchronous connections only. Permits control character mapping negotiation
on asynchronous links. This is useful when you need to send a control character as data
(e.g. XON/XOFF, Crtl A, etc.) over an asynchronous link and do not want it interpreted by
the modem or other device in the middle. The map is built up with the following commands.
Clear – Resets the ACCM table toggle;
Toggle XON/XOFF – Add XON/XOFF control characters to the ACCM table;
Toggle Char – Add other control characters to the ACCM table, using their ASCII value.
Typing the option once (for example, X), includes it in the table. Typing it again excludes it
from the table. See note after CONFIG=>INTERFACE=>Z-BUS=><PORT>
=>ENCAPSULATION =>PPP table.
Chapter 7 - The Z-Bus Interface 195
CyROS Reference Guide
X.25 PAD PPPCHAR Menu CONFIG=>INTERF =>Z-BUS =><PORT> =>ENCAPS =>X.25 =><ESC> =><ESC>
=>ENCAPS =>PPPCHAR
Parameter Description
PPP Inactivity The connection is closed when data does not pass through the line for this period of time.
Timeout
Enable Van Allows the link to receive compressed packets. This type of compression is useful for low-
Jacobson IP speed links and/or small packets. It is not recommended for fast links, as it requires CPU
Header time.
Compression
Transmit Applies when Enable Van Jacobson IP Header Compression is Yes. This parameter
Compressed causes the link to send compressed packets.
Packets
Disable LCP LCP (Link Control Protocol) messages are normally exchanged to monitor the status of the
Echo Requests link. Disabling these messages reduces traffic, but the link then has no way of knowing if
the other end is still connected.
Time Interval to Config Request messages are used to negotiate the parameters at the start of a PPP
Send Config connection. For a slow line, this time should be increased to allow the reply to return to the
Requests sender. If not, the sender will assume it was lost and send another.
Edit ACCM Please see explanation in previous table.
Switch Session Control character used to switch sessions. 1 is Ctrl-A, 2 is Ctrl-B, etc. The value 254
Character Code disables this option.
Escape Session Control character used while in a telnet session, to return to the router menu without
Character Code closing the session.
Chapter 7 - The Z-Bus Interface 196
CyROS Reference Guide
X.25 PAD CHAR Menu CONFIG=>INTERF =>Z-BUS=><PORT> =>ENCAPS =>X.25 =><ESC> =><ESC>
=>ENCAPS=>CHAR
Parameter Description
Switch Session Control character used to switch sessions. 1 is Ctrl-A, 2 is Ctrl-B, etc. The value 254
Character Code disables this option.
Escape Session Control character used while in a telnet session, to return to the router menu without
Character Code closing the session.
Username Must be entered into the local user table first. See section 4.3. If this parameter is left
blank, the user will have to enter a username.
Chapter 7 - The Z-Bus Interface 197
CyROS Reference Guide
The X.25 PAD Network Protocol menu, which applies to PPP or PPPCHAR Encapsulation only, is shown in Figure
7.18.
Config
Interface
Z-Bus
<Port>
Encapsulation X.25 Terminal PAD Network Interface
for X.25 Protocol Assign IP From Interface
Primary IP Address
Subnet Mask
Secondary IP Address
Enable Dynamic Local IP Address
Remote IP Address Type
Remote IP Address
IP MTU
IP Fragmentation Ignore bit DF
NAT
ICMP Port
Incoming Rule List Name
Detailed Incoming IP Accounting Process
Outgoing Rule List Name
Detailed Outgoing IP Accounting Process
Routing of Broadcast Messages
FIGURE 7.18 X.25 PAD NETWORK PROTOCOL MENU TREE
Chapter 7 - The Z-Bus Interface 198
CyROS Reference Guide
X.25 PAD Network Protocol Menu CONFIG=>INTERF=>Z-BUS =><PORT> =>ENCAPS =>X.25 =><ESC>
=><ESC> =>NW PROTOCOL
Parameter Description
Interface Unnumbered interfaces can be used for point-to-point connections.
Unnumbered
Assign IP From Applies to Unnumbered interfaces. Applies the IP address of another router interface to
Interface this one.
Primary IP Applies to Numbered interfaces. Address assigned to this interface.
Address
Subnet Mask Applies to Numbered interfaces. Subnet mask of the network.
Secondary IP Applies to Numbered interfaces. Indicates a second (or third, etc.) IP address that can be
Address used to refer to this interface. This parameter and the next are repeated until no value is
entered.
Subnet Mask Applies to Numbered interfaces. Subnet mask of Secondary IP Address.
Enable Dynamic The terminal connected through PAD assigns an IP address to the router for purposes of
Local IP Address their connection.
Remote IP The terminal connected through PAD sends its IP address in the negotiation package.
Address Type Fixed: The IP address sent must match the number set in the next parameter.
Same Net: The IP address sent must be an address in the network set in the next
parameter.
Any: The IP address can be any number that does not conflict with any local IP address.
None: Any IP address is accepted. This is not recommended.
Remote IP If Remote IP Address Type not None. Used in conjunction with the previous parameter.
Address
IP MTU Assigns the size of the Maximum Transmission Unit for the interface. This determines
whether or not a given IP datagram is fragmented.
This table is continued
Chapter 7 - The Z-Bus Interface 199
CyROS Reference Guide
X.25 PAD Network Protocol Menu (continued)
Parameter Description
IP Fragmentation When this parameter is set to No, the DF (Do Not Fragment) bit in the IP header causes IP
- Ignore Bit DF to reject a packet that is oversized: the router sends an ICMP message back to the sender.
When this parameter is Yes, the DF bit is ignored, the packet is fragmented, and no
message is sent back to the sender.
NAT Does not apply to Expanded NAT. Determines the type of IP address if NAT is being used.
Use Global otherwise. See section 4.3 for details on how to configure NAT.
ICMP Port Active causes the router to send ICMP Port Unreachable messages when it receives UDP
or TCP messages for ports that are not recognized. This type of message is used by some
traceroute applications, and if disabled, the router might not be identified in the traceroute
output. However, there are security and performance reasons to leave this option Inactive.
Incoming Rule Filter rule list for incoming packets. See section 4.7 for instructions on how this parameter
List should be set.
Detailed Applies when a list is selected in the previous parameter. See explanation of IP Accounting
Incoming IP later in this chapter. IP Accounting for a rule requires that the parameter CONFIG
Accounting =>RULES LIST=>IP=>CONFIGURE RULES=>ADD RULE=>ALLOW ACCOUNT
PROCESS also be Yes.
Outgoing Rule Filter rule list for outgoing packets. See section 4.7 for instructions on how this parameter
List Name should be set.
Detailed Applies when a list is selected in the previous parameter. See explanation of Detailed
Outgoing IP Incoming IP Accounting.
Accounting
Routing of Activating this parameter causes the router to route broadcast messages from the
Broadcast LAN to the WAN and vice-versa. An individual interface can be excluded by setting
Messages this parameter to Inactive, without effecting the broadcast of messages on the other
interfaces. This is necessary with applications that use Netbios.
Chapter 7 - The Z-Bus Interface 200
CyROS Reference Guide
The PAD Physical and Authentication menu trees are shown in Figure 7.19.
Config
Interface
Z-Bus
<Port>
Encapsulation Terminal PAD Physical Number of PADs
X.25
for X.25 Send Profile
Set X3 Parameters
Select Reference Number
Set Related Parameter
Parameter Sent
Authentication Authentication Type
Authentication Server
Authentication Protocol
FIGURE 7.19 X.25 PAD PHYSICAL AND AUTHENTICATION MENU TREES
Chapter 7 - The Z-Bus Interface 201
CyROS Reference Guide
X.25 PAD Physical Menu CONFIG=>INTERF=>Z-BUS =><PORT> =>ENCAPS =>X.25 =><ESC> =><ESC>
=>PHYSICAL
Parameter Description
Number of PADs Number of PAD connections that the router will accept simultaneously.
Send Profile When the router receives a Connection Request from a PAD, the X.3 parameters can be
sent. Yes causes these parameters to be sent.
Set X3 Default parameters are shown in Figure 7.20. The PPP Profile parameters are usually
Parameters used with PPP & PPPCHAR Encapsulation. Customize is used to set all/some X3
parameters individually.
Select Reference Applies for Customized X3 Parameters. To change the value of an X3 parameter, select its
Number number from the table shown in Figure 7.20.
Set Related Applies for Customized X3 Parameters. The new value.
Parameter
Parameter Sent Applies for Customized X3 Parameters. Change whether or not this parameter is sent
during connection negotiation.
Reference Default Send Description
Number Value Profile
1 3 Y PAD recall using a character
2 0 Y Echo
3 0 Y Selection of "data forwarding" characters
4 1 Y Selection of idle timer delay
5 0 Y Flow control of the terminal
6 5 Y Control of PAD service/command signals
7 21 Y Operation of the PAD on reception of break signal
8 0 Y Discard Output
This table is continued.
FIGURE 7.20 PAD X3 PARAMETER LIST
Chapter 7 - The Z-Bus Interface 202
CyROS Reference Guide
9 0 Y Padding
10 0 Y Line Folding
11 3 Y Binary Speed of Start/Stop mode
12 0 Y Flow control of the PAD
13 0 Y LF insertion after CR
14 0 Y Padding after LF
15 0 Y Editing
16 8 Y Character Delete
17 24 Y Line Delete
18 42 Y Line Display
19 0 N Editing PAD service signals
20 0 N Echo mask
21 0 N Parity treatment
22 0 N Page wait
23 0 N Size of input field
24 0 N End of frame signals
25 0 N Extended data forwarding signals
26 0 N Display interrupt
27 0 N Display interrupt confirm
28 0 N Diacritic character coding
29 0 N Extended echo mask
FIGURE 7.20 PAD X3 PARAMETER LIST
Chapter 7 - The Z-Bus Interface 203
CyROS Reference Guide
X.25 PAD Authentication Menu CONFIG=>INTERF=>Z-BUS =><PORT>=>ENCAPS=>X.25
=><ESC>=><ESC>=>AUTHENT.
Parameter Description
Authentication Local uses the list of users defined in CONFIG=> SECURITY=>USERS=>ADD.
Type Server uses either Radius or Tacacs to authenticate the user.
Authentication Applies when Authentication Type is Server. Indicates that either a Radius or Tacacs
Server server is used for validation. The location and other parameters of the server must be
configured in CONFIG=> SECURITY. See section 4.3.
Authentication Applies when Authentication Type is Local or Server. Either PAP or CHAP or both can be
Protocol used for authentication.
Mode-Independent Menus
PPP
PPP is the only encapsulation option for the Z-Bus interface than can be either Synchronous or Asynchronous.
It is important to choose between them in CONFIG =>INTERFACE =>Z-Bus =><PORT> =>PHYSICAL before
entering the Encapsulation menu. The menu options depend on this choice.
Multilink PPP (MLPPP) is similar in functionality to the Multilink feature described in section 4.4, but it is
implemented at the data-link level instead of the network-protocol level. When compared to Multilink, MLPPP is
slightly more efficient and less generic (because it applies only to PPP encapsulation).
Chapter 7 - The Z-Bus Interface 204
CyROS Reference Guide
Server
(MLPPP Active) PR2000
(MLPPP Active)
Modem
Modem
Modem
Telephone
Network Modem
Bundle 6
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Connected to
a PR3000
FIGURE 7.21 MULTILINK PPP EXAMPLE
In the example in Figure 7.21, ports 1 through 5 are connected through modems to 5 phone lines which use the
same trunk number. The remote user has two modems which are configured to dial out using MLPPP. When the
remote user dials in to the PR3000 using the trunk number, two of the five ports will accept the connections. Be-
cause of MLPPP, the two ports will be considered to be one link (logical connection). Looking at the same figure,
ports 15 and 16 are dial-out ports which connect to two interfaces on the router via modems. In this situation, a
bundle must be defined for these ports.
Chapter 7 - The Z-Bus Interface 205
CyROS Reference Guide
The PPP Encapsulation Menu tree is shown in Figure 7.22
Config
Interface
Z-Bus <Port> Encapsulation PPP MLPPP Active
Connection Type
Identification for This Bundle
Total Number of Lines for This Bundle
PPP Inactivity Timeout
Enable Van Jacobson IP Header Compression
Transmit Compressed Packets
Disable LCP ECHO Requests
Time Interval to Send Config Requests
Edit ACCM
Enable Predictor Compression
Number of Bits for Compression
FIGURE 7.22 PPP ENCAPSULATION MENU TREE
Chapter 7 - The Z-Bus Interface 206
CyROS Reference Guide
A description of the parameters with values given for the example is presented in the table.
PPP Menu CONFIG =>INTERFACE =>Z-BUS =><PORT> =>ENCAPSULATION =>PPP
Parameter Description
MLPPP Enables Multilink PPP on this interface.
Connection Type Applies for MLPPP = Yes. Type of line used on this link. Leased indicates that there is no
modem between the links. Dial-in means the link will only receive calls and there is no
need to specify the bundle, which is defined by the dial-out side. Dial-out means the link
will place calls.
Identification for Applies for MLPPP = Yes and Dial-out or Leased. In the example, this value is 6.
This Bundle
Total Number of Applies for MLPPP = Yes. Maximum number of links allowed in the bundle. In the
lines for This example, this number is 2 or larger.
Bundle
PPP Inactivity Applies to asynchronous connections only. The connection is closed when data does not
Timeout pass through the line for this period of time. The value 0 deactivates the timer.
Enable Van Allows the link to receive compressed packets. This type of compression is useful for low-
Jacobson IP speed links and/or small packets. It is not recommended for fast links, as it requires CPU
Header time.
Compression
Transmit Applies when Enable Van Jacobson IP Header Compression is Yes. This parameter
Compressed causes the link to send compressed packets.
Packets
Disable LCP LCP (Link Control Protocol) messages are normally exchanged to monitor the status of the
Echo Requests link. Disabling these messages reduces traffic, but the link then has no way of knowing if
the other end is still connected.
Time Interval to Config Request messages are used to negotiate the parameters at the start of a PPP
Send Config connection. For a slow line, this time should be increased to allow the reply to return to the
Requests sender. If not, the sender will assume it was lost and send another.
this table continued
Chapter 7 - The Z-Bus Interface 207
CyROS Reference Guide
PPP Menu (continued)
Parameter Description
Edit ACCM Applies to asynchronous connections only. Permits control character mapping negotiation
on asynchronous links. This is useful when you need to send a control character as data
(e.g. XON/XOFF, Crtl A, etc.) over an asynchronous link and do not want it interpreted by
the modem or other device in the middle. The map is built up with the following commands.
Clear – Resets the ACCM table toggle;
Toggle XON/XOFF – Add XON/XOFF control characters to the ACCM table;
Toggle Char – Add other control characters to the ACCM table, using their ASCII value.
Typing the option once (for example, X), includes it in the table. Typing it again excludes it
from the table. See note after table.
Enable Predictor Enables data compression using the Predictor algorithm. This feature should be enabled
Compression only if Cyclades' equipment is being used on both ends of the connection because there is
no established standard for data compression interoperability. Data compression is very
CPU-intensive, making this feature effective only for links running at speeds under 1Mbps.
At higher speeds, the time necessary to compress data offsets the gains in throughput
achieved by data compression.
Number of Bits Applies when Predictor Compression Enabled. Sixteen is fastest, but 10 must be used if
for Compression the router on the other end is a PathRouter, for compatibility.
Note: Asynchronous Control Character Map (ACCM) mapping is done by codifying one control character as two
special characters. This permits transparent transmission of control characters as data. Thirty-two bits are
encoded in such a way that each bit indicates if the corresponding control character should or should not be
mapped to the two character sequence. If the bit is set to 1, the character will be mapped. For example, if bit 17
and 19 are set to 1, the corresponding characters in the ASCII table (DC1 or XON and DC3 or XOFF) will be
encoded, and the corresponding ACCM will be: 00 0A 00 00 (hex), (binary: 00000000 00001010 00000000
00000000), the bits set to 1 are the 17th and 19th, if counting from right to left, starting from 0.
Chapter 7 - The Z-Bus Interface 208
CyROS Reference Guide
Returning to the Z-Bus Interface Configuration, the Network Protocol Menu tree is shown in Figure 7.23.
Config
Interface
Z-Bus <Port> Network Protocol IP Interface Unnumbered/Numbered
Assign IP from Interface
Primary IP address
Subnet Mask
Secondary IP Address
Subnet Mask
IP MTU
IP Fragmentation Ignore bit DF
NAT
ICMP Port
Incoming Rule List Name
Detailed Incoming IP Accounting
Outgoing Rule List Name
Detailed Outgoing IP Accounting
Routing of Broadcast Messages
Transparent Status
Bridge Port Priority
Incoming Rule List Name
Outgoing Rule List Name
FIGURE 7.23 NETWORK PROTOCOL MENU TREE
Chapter 7 - The Z-Bus Interface 209
CyROS Reference Guide
The Network Protocol parameters are explained in more detail in the following tables.
Network Protocol Menu CONFIG=>INTERFACE =>Z-BUS =><PORT> =>NETWORK PROTOCOL =>IP
Parameter Description
Interface Unnumbered interfaces can be used for point-to-point connections.
Unnumbered
Assign IP From Applies to Unnumbered interfaces. Applies the IP address of another router interface to
Interface this one.
Primary IP Applies to Numbered interfaces. Address assigned to this interface.
Address
Subnet Mask Applies to Numbered interfaces. Subnet mask of the network.
Secondary IP Applies to Numbered interfaces. Indicates a second (or third, etc. up to eight) IP address
Address that can be used to refer to this interface. This parameter and the next are repeated until
no value is entered.
Subnet Mask Applies to Numbered interfaces. Subnet mask of Secondary IP Address.
IP MTU Assigns the size of the Maximum Transmission Unit for the interface. This determines
whether or not a given IP datagram is fragmented.
IP Fragmentation When this parameter is set to No, the DF (Do Not Fragment) bit in the IP header causes IP
- Ignore Bit DF to reject a packet that is oversized: the router sends an ICMP message back to the sender.
When this parameter is Yes, the DF bit is ignored, the packet is fragmented, and no
message is sent back to the sender.
NAT Does not apply to Expanded NAT. Determines the type of IP address if NAT is being used.
Use Global otherwise. See section 4.3 for details on how to configure NAT.
ICMP Port Active causes the router to send ICMP Port Unreachable messages when it receives UDP
or TCP messages for ports that are not recognized. This type of message is used by some
traceroute applications, and if disabled, the router might not be identified in the traceroute
output. However, there are security and performance reasons to leave this option Inactive.
Incoming Rule Filter rule list for incoming packets. See section 4.7 for instructions on how this parameter
List should be set.
this table continued
Chapter 7 - The Z-Bus Interface 210
CyROS Reference Guide
Network Protocol Menu (continued)
Parameter Description
Detailed Applies when a list is selected in the previous parameter. See explanation of IP Accounting
Incoming IP later in this chapter. IP Accounting for a rule requires that the parameter CONFIG
Accounting =>RULES LIST=>IP=>CONFIGURE RULES=>ADD RULE=>ALLOW ACCOUNT
PROCESS also be Yes.
Outgoing Rule Filter rule list for outgoing packets. See section 4.7 for instructions on how this parameter
List Name should be set.
Detailed Applies when a list is selected in the previous parameter. See explanation of Detailed
Outgoing IP Incoming IP Accounting.
Accounting
Routing of Activating this parameter causes the router to route broadcast messages from the
Broadcast LAN to the WAN and vice-versa. An individual interface can be excluded by setting
Messages this parameter to Inactive, without effecting the broadcast of messages on the other
interfaces. This is necessary with applications that use Netbios.
Transparent Bridge Menu CONFIG=>INTERFACE =>Z-BUS =><PORT> =>NETWORK PROTOCOL
=>TRANSPARENT BRIDGE
Parameter Description
Status Activates the Transparent Bridge on this interface.
Port Priority For the Spanning Tree Algorithm, a priority is given to each link in the router and to each
router in the network. See CONFIG=>TRANSPARENT BRIDGE =>SPANNING TREE for
more information.
Incoming Rule Transparent Bridge rule list name for incoming packets. Note: Rule lists for Transparent
List Name Bridge and IP are created separately. See section 4.7 for instructions on how this rule list
is created.
Outgoing Rule Filter rule list name for outgoing packets. See section 4.7 for instructions on how this rule
List Name list is created.
Chapter 7 - The Z-Bus Interface 211
CyROS Reference Guide
The Routing Protocol Menu tree is shown in Figure 7.24.
Config
Routing
Interface Z-Bus <Port> RIP Send RIP
Protocol
Listen RIP
RIP2 Authentication
Rip2 Authentication Password
OSPF OSPF on This Interface
Advertise This Non-OSPF Interface
External Metric
External Metric Type
Area ID
Network Type
Router Priority
Transit Delay
Retransmit Interval
Hello Interval
Dead Interval
Poll Interval
Password
Metric
Advertise Secondary IP Address
FIGURE 7.24 ROUTING PROTOCOL MENU TREE
Chapter 7 - The Z-Bus Interface 212
CyROS Reference Guide
The Routing Protocol parameters are explained in more detail in the following tables.
Routing Protocol Menu CONFIG =>INTERFACE =>Z-BUS =><PORT> =>ROUTING PROTOCOL =>RIP
Parameter Description
Send RIP Sets the type of RIP messages to be sent.
Listen RIP Indicates which types of RIP messages are accepted.
RIP2 Applies if RIP2 was chosen in one of the first two options. Activates RIP2 message
Authentication authentication with a password.
RIP2 Applies if RIP2 Authentication is Active. Password used for both received and transmitted
Authentication RIP2 messages.
Password
OSPF Protocol Menu CONFIG =>INTERFACE =>Z-BUS =><PORT> =>ROUTING PROTOCOL =>OSPF
Parameter Description
OSPF on This Activates OSPF. Enable Inactive is used to temporarily disable the OSPF protocol without
Interface erasing the parameters set below. This is useful when OSPF is first configured, as the
general parameters must be set afterwards in CONFIG=>IP =>OSPF and OSPF cannot
function without them.
Parameters that apply only when OSPF on This Interface is Disabled.
Advertise This Causes the router to include this interface in its advertisements through other interfaces (as
Non-OSPF an external route).
Interface
External Metric Defines the metric that will be advertised by OSPF.
External Metric For Type 1, the total metric of this route is composed of the internal metric (inside the
Type autonomous system) and the external metric (provided in the previous parameter). For
Type 2, the total metric of this route is the value provided in the previous parameter.
this table continued
Chapter 7 - The Z-Bus Interface 213
CyROS Reference Guide
OSPF Protocol Menu (continued)
Parameter Description
Parameters that apply only when OSPF on This Interface is Enable or Enable Inactive.
Area ID Identifies the area to which the interface belongs. Areas are created here, then later
defined in CONFIG=>IP=>OSPF =>AREA. Has the format of an IP address, but is not
linked to any IP address in the system. Small OSPF networks will typically have only one
area (the backbone area represented by 0.0.0.0).
Router Priority Priority used by OSPF in multicast networks to elect the designated router. A priority of 1
will make this router the most likely to be chosen. A priority of 2 will make it second most
likely. Set it to 0 (zero) if this router should never be the designated router.
Transit Delay in Estimated transit time in seconds to route a packet through this interface. Use the preset
Seconds value (1) or increase the number for slow links
Retransmit Time in seconds between link-state advertisement retransmissions for adjacencies
Interval in belonging to this interface.
Seconds*
Hello Interval in Time in seconds between the hello packets on this interface.
Seconds*
Dead Interval in Inactivity time (seconds) before a neighbor router is considered down.
Seconds*
Poll Interval in Time in seconds between the hello packets sent to an inactive, non-broadcast, multi-
Seconds access neighbor.
Password* String of up to 8 characters used to authenticate OSPF packages. The use of this
password is enabled in CONFIG=>IP=>OSPF=>AREA=>AUTHENTICATION TYPE
Metric Defines the cost for normal service. For consistent routing, this parameter should be
determined in the same manner for all routers in the OSPF Area. Normally, metric cost is
defined as an inverse function of interface throughput (e.g. 1 for 100Mbps, 10 for 10Mbps,
65 for T1, 1785 for 56kbps, etc).
Advertise Causes the router to advertise additional addresses assigned to this interface. These are
Secondary IP configured in CONFIG=> INTERFACE=>Z-BUS=><PORT>=>NETWORK PROTOCOL
Address =>IP.
Chapter 7 - The Z-Bus Interface 214
CyROS Reference Guide
The following menu is only relevant when Char (terminal or socket option) or PPP encapsulation is used.
Authentication Menu CONFIG =>INTERFACE =>Z-BUS =><PORT> =>AUTHENTICATION
Parameter Description
Authentication Local uses the list of users defined in CONFIG=> SECURITY=>USERS=>ADD.
Type Server uses either Radius or Tacacs to authenticate the user.
Remote is when this interface is considered to be the user and the other end of the
connection performs the authentication
Username Applies when Authentication Type is Remote. The username the remote device expects to
receive.
Password Applies when Authentication Type is Remote. The password the remote device expects to
receive.
Authentication Applies when Authentication Type is Server. Indicates that either a Radius or Tacacs
Server server is used for validation. The location and other parameters of the server must be
configured in CONFIG=> SECURITY. See section 4.3.
Authentication Applies when Authentication Type is Local or Server and Encapsulation is PPP or
Protocol PPPCHAR. Either PAP or CHAP or both can be used for authentication.
Wizards were created to simplify the Z-Bus configuration for popular uses of the PR3000. Wizards are
available for configuration of a Terminal Server, a Remote Access Server, and a Lan-to-Lan Router. A utility
that copies a configuration from one port to another is also provided in the Wizard Menu.
Which parameters are set automatically by the Wizards? These are given in the following tables for
each Wizard option. After the Wizard sets the options as shown, the port configuration can be
changed further if a variation is desired. Study the tables below before using a Wizard.
Chapter 7 - The Z-Bus Interface 215
CyROS Reference Guide
A typical application of the Terminal Server Wizard is shown in Figure 7.25. The parameters that are automatically
set by the wizard are given in the table following the figure.
Server
Server
Terminal
Ethernet Server
TCP/IP
....
......
......
......
......
......
Telnet
Terminals
FIGURE 7.25 APPLICATION THAT CAN TAKE ADVANTAGE OF THE TERMINAL SERVER WIZARD
Chapter 7 - The Z-Bus Interface 216
CyROS Reference Guide
Encapsulation: CHAR Device Type Terminal
TCP KeepAlive Timer Inactive
Terminal Type ANSI
Switch Session Character Code 11
Escape Session Character Code 1
*Username
Network Protocol: Inactive
Routing Protocol: None
Physical Mode Async
*Speed
Parity None
Character Size 8 bits
Stop Bits 1
Flow Control Software
Modem Connection None
RTS Mode Normal Flow
Control
Input Signal DCD No
Input Signal DSR Yes
Input Signal CTS No
Traffic Control: No
parameters set
Authentication Authentication Type Local
FIGURE 7.26 PARAMETERS SET AUTOMATICALLY BY THE TERMINAL SERVER WIZARD
Chapter 7 - The Z-Bus Interface 217
CyROS Reference Guide
A typical application of the RAS Wizard is shown in Figure 7.27. The parameters that are automatically set by the
wizard are given in the table following the figure.
Authentication
Server
Server Router
Remote
....
Access
Server
......
......
......
......
......
Modem n
Modem 01
PCs Using Telephone Lines
FIGURE 7.27 APPLICATION THAT CAN TAKE ADVANTAGE OF THE RAS WIZARD
Chapter 7 - The Z-Bus Interface 218
CyROS Reference Guide
Encapsulation: PPPCHAR PPP Inactivity Timeout None
Van Jacobson IP Header Disabled
Compression
LCP Echo Requests Enabled
Time Interval to send Config 1
Requests
ACCM 000A0000
Predictor Compression Disabled
Switch Session Character Code 11
Escape Session Character Code 1
Network Protocol: IP Active Unnumbered / Numbered Unnumbered
Assign IP from Interface 1
Enable Dynamic Local IP Address N
Remote IP Address Type Fixed
*Remote IP Address
IP MTU 1500
NAT Global
ICMP Port Inactive
Incoming Rule List Name None
Outgoing Rule List Name None
FIGURE 7.28 PARAMETERS SET AUTOMATICALLY BY THE RAS WIZARD
Chapter 7 - The Z-Bus Interface 219
CyROS Reference Guide
Network Protocol: TB
Inactive
Routing Protocol: None
Physical Mode Async
*Speed
Flow Control Hardware
Modem Connection Connected
*Modem String Index
RTS Mode Normal Flow
Control
Input Signal DCD Y
Input Signal DSR N
Input Signal CTS N
Traffic Control: No
parameters set
Authentication Authentication Type Server
Authentication Server Tacacs
Authentication Protocol PAP
FIGURE 7.28 PARAMETERS SET AUTOMATICALLY BY THE RAS WIZARD (CONTINUED)
Chapter 7 - The Z-Bus Interface 220
CyROS Reference Guide
A typical application of the Lan-to-Lan Wizard is shown in Figure 7.29. The parameters that are automatically set
by the wizard are given in the two tables that follow the figure.
Windows 95
Server
LAN 2
Ethernet TCP/IP
PR3000
Remote
Access
....
......
......
Server
......
......
......
Windows 95 Server
Server
Router
PPP
PPP
LAN 1 LAN 3
Ethernet TCP/IP Router Ethernet TCP/IP
FIGURE 7.29 APPLICATION THAT CAN TAKE ADVANTAGE OF THE LAN-TO-LAN WIZARD
Chapter 7 - The Z-Bus Interface 221
CyROS Reference Guide
Encapsulation: PPP MLPPP Active N
PPP Inactivity Timeout None
Van Jacobson IP Header Disabled
Compression
LCP Echo Requests Enabled
Time Interval to send Config 1
Requests
ACCM 00000000
Predictor Compression Disabled
Network Protocol: IP Active Unnumbered / Numbered Numbered
*Primary IP Address
*Subnet Mask
*Secondary IP Address
*Remote IP Address Type
*Remote IP Address
IP MTU 1500
NAT Global
ICMP Port Inactive
Incoming Rule List Name None
Outgoing Rule List Name None
Network Protocol: TB
Inactive
Routing Protocol: None
this table continued
FIGURE 7.31 PARAMETERS SET AUTOMATICALLY BY THE LAN-TO-LAN WIZARD FOR THE SE16
Chapter 7 - The Z-Bus Interface 222
CyROS Reference Guide
Physical Mode Async
*Speed
Flow Control Hardware
Modem Connection No
RTS Mode Normal Flow
Control
Input Signal DCD Y
Input Signal DSR N
Input Signal CTS N
Traffic Control: No
parameters set
Authentication Authentication Type None
FIGURE 7.31 PARAMETERS SET AUTOMATICALLY BY THE LAN-TO-LAN WIZARD FOR THE SE16
(CONTINUED)
Chapter 7 - The Z-Bus Interface 223
CyROS Reference Guide
Encapsulation: PPP MLPPP Active N
Van Jacobson IP Header Disabled
Compression
LCP Echo Requests Enabled
Time Interval to send Config 1
Requests
Predictor Compression Disabled
Network Protocol: IP Active Unnumbered / Numbered Numbered
*Primary IP Address
*Subnet Mask
*Secondary IP Address
*Remote IP Address Type
*Remote IP Address
IP MTU 1500
NAT Global
ICMP Port Inactive
Incoming Rule List Name None
Outgoing Rule List Name None
Network Protocol: TB
Inactive
Routing Protocol: None
Physical Mode Synch
Clock Source External
Media for Z-Bus Cable V.35
Traffic Control: No
parameters set
Authentication Authentication Type None
FIGURE 7.32 PARAMETERS SET AUTOMATICALLY BY THE LAN-TO-LAN WIZARD FOR THE SSE8
Chapter 7 - The Z-Bus Interface 224
CyROS Reference Guide
The Wizard Menu tree is shown in Figure 7.33 and its parameters are explained in the table that follows.
Config
Interface Zbus One Port Wizards TS Profile Speed
Username
RAS Profile Speed
Modem String Index
Remote IP Address
LAN-to-LAN Profile Speed
Primary IP Address
Subnet Mask
Secondary IP Address
Remote IP Address Type
Remote IP Address
Copy From Port Copy From Slot
Copy From Port
FIGURE 7.33 WIZARD MENU TREE
Chapter 7 - The Z-Bus Interface 225
CyROS Reference Guide
Wizards Menu CONFIG=>INTERFACE=>Z-BUS=><PORT>=>WIZARDS
Menu Items Description
TS Profile Used to create a local host Terminal Server. The only parameters are the Username and
Speed. The automatically set parameters are given in a table below. Note: this wizard
defines all communication to be asynchronous.
RAS Profile Used to set up a PPP Remote Access Server using modems and dial-up lines. The
Modem String Index, Speed, and Remote IP Address of the first port are the only
parameters. If the Wizard is used for a range or all ports, the following ports will be
numbered consecutively. The automatically set parameters are given in a table below.
Note: this wizard defines all communication to be asynchronous.
Lan-to-Lan Used to connect two LANs. The only parameters are the Primary IP Address, the Subnet
Profile Mask, any Secondary IP Addresses and Subnet Masks, the Remote IP Address Type and
Address, and the Speed (for asynchronous). The automatically set parameters are given in
a table below. Note: this wizard defines all communication to be synchronous for the
SSE8 and asynchronous for the SS16.
Copy From Port Used to copy an entire configuration from one port to another, while changing the IP
address so that the ports are numbered consecutively.
Bibliography
PPP:
STD0051 and RFCs 1661 and 1662
Frame Relay:
Smith, Philip, Frame Relay Principles and Applications, Addison-Wesley, 1993
RFC 1490, Multiprotocol Interconnect over Frame Relay (explains NLP ID and SNAP)
X.25:
Thorpe, Nicolas and Derek Ross, X.25 Made Easy, Prentice Hall, 1992.
Chapter 7 - The Z-Bus Interface 226
CyROS Reference Guide
CHAPTER 8 THE E1 AND T1 INTERFACES, WITHOUT SIGNALING
The menus relating to configuration of the E1 and T1 interfaces without signaling are given in this chapter. T1 is a
standard used in the United States, Canada, and Japan. It has a clock speed of 1.5MHz and has 24 channels of 64K
each. One of the channels is reserved for signaling when ISDN/PRI is used. E1 is a standard used in Europe and
many other countries. It has a clock speed of 2MHz and has 32 channels with two reserved for signaling. Aside from
this, there are few differences between the two standards in terms of configuration.
There are, however, differences between the PR4000, which supports signaling, and the PR3000 which does not.
These differences are confined to the CONFIG =>CONTROLLER menu, which is the first step in the configuration of
a T1/E1 line. The Controller menu tree for the PR3000 is shown in figure 8.1.
Config Controller T1/E1 Global Parameters Frame Mode
Line Code
Clock Mode
Line Build Out
Receiver Sensitivity
Channel Groups Add Group Timeslot
Timeslot Allocation
Timeslot Start
Timeslot End
Timeslot N
Delete Group Channel Group Number
Edit Group Channel Group Number
Clear All Groups
FIGURE 8.1 PR3000 CONTROLLER MENU TREE
Chapter 8 The E1 and T1 Interfaces, Without Signaling 227
CyROS Reference Guide
The Controller menu tree for the PR4000 (except for Signaling Mode = ISDN/PRI which is covered in chapter 9) is
shown in figure 8.2
Config Controller T1/E1 Frame Mode
Line Code
Signaling Mode
Clock Mode
Receiver Sensitivity
Companding Mode
Tone Signaling
Country Signaling
Switch Type
Add Group Timeslot
Timeslot Allocation
Timeslot Start
Timeslot End
Timeslot N
Delete Group Channel Group Number
Edit Group Channel Group Number
Clear All Groups
FIGURE 8.2 PR4000 CONTROLLER MENU TREE
Chapter 8 The E1 and T1 Interfaces, Without Signaling 228
CyROS Reference Guide
The controller parameters are explained in the table that follows.
Controller Menu CONFIG=>CONTROLLER=>T1/E1
Parameter Description
Frame Mode T1: ESF (Extended Super Frame, the most common) and D4 are the options.
E1: CRC4 (the most common) and Non-CRC4 are the options.
Line Code T1: B8ZS (Bipolar 8 Zero Substitution, the most common) and AMI (Alternate Mark
Inversion). E1: HDB3 (High-Density Bipolar) and AMI.
Signaling Mode Only appears for the PR4000. None for channelized lines without signaling,
otherwise, see chapter 9.
Clock Mode Selects the clock mode: Master or Slave.
Line Build Out Applies only to T1. Sets the attenuation on the TX line. The T1 service provider
should supply this parameter.
Receiver Sensitivity Short haul is usually used. Long haul is necessary if attenuation prevents reception of
data, usually when the router is installed more than 2000 feet from the cable
termination.
For the CCS Signaling Mode (ISDN-PRI) and the CAS Signaling Mode, read chapter 9 INSTEAD of
this chapter.
The T1/E1 interface can be broken up into channels, defined by timeslots. Each timeslot is a slice of time allotted to
throughput from a particular source. The configuration can be done in three ways:
1 Full T1/E1: Only one channel group is defined and no others are allowed. All timeslots are allocated automatically
to this channel.
2 Fractional T1/E1: Only one channel group is defined. One or more timeslots are allocated to this channel. The
number of timeslots can be increased at a later time.
3 Channelized T1/E1: Many channels are defined, with one or more timeslots allocated to each channel.
Chapter 8 The E1 and T1 Interfaces, Without Signaling 229
CyROS Reference Guide
This assigning of channel groups is done in the channel groups menu, shown in Figures 8.1 and 8.2. Note that the path
leading to this menu is slightly different for the PR3000 and the PR4000.
Add Channel Group Menu CONFIG =>CONTROLLER =>T1/E1 =>CHANNEL GROUPS =>ADD GROUP
Parameter Description
Timeslot Full is used for Full T1/E1 as described above. Fractional is for Fractional or
Channelized T1/E1 as described above.
Timeslot Allocation Contiguous allows configuration of a range of timeslots while Manual presents each
available timeslot one by one.
Timeslot Start Applies for Contiguous Timeslot Allocation. Defines the beginning of the range.
Timeslot End Applies for Contiguous Timeslot Allocation. Defines the end of the range.
Timeslot N Applies for Manual Timeslot Allocation. Allows inclusion of this timeslot in the channel.
Chapter 8 The E1 and T1 Interfaces, Without Signaling 230
CyROS Reference Guide
Each E1/T1 channel is configured in the CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> menu. A summary menu
tree is given in Figure 8.3.
Config
Interface T1/E1 Channel Encapsulation Frame Relay [menu shown in a later figure]
(if Channelized) PPP [menu shown in a later figure]
X.25 [menu shown in a later figure]
HDLC Keep Alive Interval
Inactive
Network Protocol [menu shown in a later figure]
Routing Protocol [menu shown in a later figure]
Traffic Control General Bandwidth
IP Traffic Control List
Authentication Authentication Type
Username
Password
Authentication Server
Authentication Protocol
FIGURE 8.3 E1/T1 INTERFACE CONFIGURATION MENU TREE
Chapter 8 The E1 and T1 Interfaces, Without Signaling 231
CyROS Reference Guide
A brief description of each principal item appears in the following table.
E1/T1 Interface Menu CONFIG=>INTERFACE=>T1/E1=><CHANNEL>
Menu Item Description
Encapsulation Determines the data-link layer protocol to be used for this communication link.
Network Protocol Provides menus for the IP and Transparent Bridge parameters, including rules to be
applied to this interface.
Routing Protocol Submenus for RIP and OSPF configuration.
Traffic Control Sets the bandwidth of the connection for use with traffic control rules and associates a
traffic control rule list to this interface. See section 4.7 for more information on traffic
control rules.
Authentication Determines the method used for authentication for connections on this line.
There are many encapsulation options on this interface.
For full and fractionalT1/E1:
• Frame Relay,
• PPP,
• X.25, and
• HDLC.
For channelized T1/E1:
• PPP and HDLC.
Chapter 8 The E1 and T1 Interfaces, Without Signaling 232
CyROS Reference Guide
Encapsulation Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPSULATION
Menu Option Description
Frame Relay The Frame Relay Protocol is based on frame switching and constructs a permanent
virtual circuit (PVC) between two points.
PPP The PPP (Point-to-Point) protocol and Multilink PPP are provided.
X.25 The X.25 Protocol is generally used to connect to a public X.25 network. The router
can act either as a DTE or a DCE.
HDLC This protocol has only one parameter: HDLC Keepalive Interval. This is the time
interval between transmission of Keepalive messages. The receiver of these
messages must send keepalive messages with the same frequency or will be
considered inoperative.
Inactive This menu option must be chosen whenever the encapsulation is changed from one
type to another. One must be deactivated before another can be activated.
Frame Relay
FR supports multiple connections over a single link. Each data link connection (DLC) has a unique DLCI (data link
connection identifier). This allows multiple logical connections to be multiplexed over a single channel. These are
called Permanent Virtual Circuits (PVCs). The DLCI has only local significance and each end of the logical connection
assigns its own DLCI from the available local numbers.
Chapter 8 The E1 and T1 Interfaces, Without Signaling 233
CyROS Reference Guide
A public Frame Relay network connecting offices in London, Glasgow, Manchester, and Nottingham is shown in
Figures 8.4 and 8.5.
London Glasgow
Network: 192.168.200.0 Network: 192.168.201.0
Router Router
200.1.1.1 200.1.1.4
FR Network
200.1.1.2 200.1.1.3
Router Router
Manchester Nottingham
Network: 192.168.203.0 . Network: 192.168.202.0
FIGURE 8.4 PUBLIC FRAME RELAY NETWORK EXAMPLE
Chapter 8 The E1 and T1 Interfaces, Without Signaling 234
CyROS Reference Guide
Each router will have a routing table pairing destination network with router interface and gateway. A Frame Relay
Address Map is also created (either statically or dynamically) to associate each DLCI with the destination router IP.
London Glasgow
Network: 192.168.200.0 Network: 192.168.201.0
Router Router
200.1.1.1 200.1.1.4
21
11
81
200.1.1.2 200.1.1.3
Router Router
Manchester Nottingham
Network: 192.168.203.0 Network: 192.168.202.0
FIGURE 8.5 PERMANENT VIRTUAL CIRCUITS BETWEEN OFFICES
For the router in Manchester, the Frame Relay address map will look like this:
DLCI IP
11 200.1.1.1
21 200.1.1.4
81 200.1.1.3
Chapter 8 The E1 and T1 Interfaces, Without Signaling 235
CyROS Reference Guide
These values are entered in the Add DLCI menu.
The Local Management Interface (LMI) Protocol provides services not available in simple Frame Relay. It is used for
controlling the connection between the user and the network. It monitors this link, maintains the list of DLCs, and sends
status messages about the PVCs. A separate virtual circuit is created to pass this information (DLCI 0).
Sub-Network Access Protocol (SNAP)
A normal Frame Relay Network header contains the NLPID (Network Level Protocol ID) field to identify which protocol
provided the information encapsulated in the data field.
flag address - control optional NLPID data FCS flag
including pad
DLCI
FIGURE 8.6 NORMAL HEADER USING NLPID
For those protocols which do not have an NLPID defined, the SNAP header must be used. The NLPID field remains,
but contains a value (0x80) that indicates that the SNAP information follows. The three-octet Organizationally Unique
Identifier (OUI) and the two-octet Protocol Identifier (PID) which follow define a distinct protocol. See RFC 1490 for
details.
flag address - control optional NLPID OUI PID data FCS flag
including pad = 0x80
DLCI
FIGURE 8.7 HEADER USING SNAP
Chapter 8 The E1 and T1 Interfaces, Without Signaling 236
CyROS Reference Guide
The Frame Relay Encapsulation Menu tree is shown in Figure 8.8.
Config
Interface T1/E1 Encapsulation Frame Relay Encapsulation Type
SNAP IP
LMI
T391
N391
N392
N393
CIR
Bandwidth Reservation
Add DLCI DLCI Number
Frame Relay
Address Map
IP Address
Enable Predictor
Compression
Number of Bits for
Compression
DLCI priority level
Reserved Bandwidth
Bandwidth Priority Level
Delete DLCI Map Entry Number
Edit DLCI Table Entry
FIGURE 8.8 FRAME RELAY ENCAPSULATION MENU TREE
Chapter 8 The E1 and T1 Interfaces, Without Signaling 237
CyROS Reference Guide
A detailed explanation of the Frame Relay parameters is given in the following tables.
Frame Relay Menu CONFIG=>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPSULATION =>FRAME RELAY
Parameter Description
Encapsulation RFC1490 - IETF is the standard used by most equipment. The Cisco option should be used
Type when the PR is communicating with a router configured to use the default Cisco standard.
SNAP IP Applies when Encapsulation type is RFC1490 - IETF above. Indicates that the Sub-
Network Access Protocol should be used. See description above. From a network
administrator's point of view, the router on the sending end must be using the same header
type (NLPID or SNAP) as the router on the receiving end.
LMI Selects the Local Management Interface specification to be used. ANSI, Group of Four
(defined by the vendors that first implemented Frame Relay), Q933a (defined by ITU-T),
and None (used for a dedicated FR connection without a network).
T391 Interval between the LMI Status Enquiry messages.
N391 Full Status Polling Counter. Full Status Enquiry messages are sent every N391-th LMI
Status Enquiry message.
N392 Error Threshold. The network counts how many events occur within a given period and
considers an interface inactive when the number of events exceeds a threshold. N393 is
the number of events to be considered and N392 the number of errors within this period. If
N392 of the last N393 events are errors, the interface is deemed inactive. A successful
event is the receipt of a valid Status Enquiry message
N393 Monitored Events Count. See the description of N392. This value must be larger than
N392.
CIR Committed Information Rate, in percentage of total bandwidth (given in
CONFIG=>INTERFACE=>E1/T1 =>TRAFFIC CONTROL=>GENERAL=>BANDWIDTH).
Traffic above this rate may be discarded if the network is congested.
Bandwidth Enables traffic control per DLCI. See the Add DLCI menu for more details.
Reservation
Chapter 8 The E1 and T1 Interfaces, Without Signaling 238
CyROS Reference Guide
The following menu appears at the end of the Frame Relay parameter list. It can be reached by passing through all
parameters or by using the <ESC> key at any point in the parameter list.
DLCI Frame Relay Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPSULATION =>FRAME
RELAY =><ESC>
Menu Option Description
Add DLCI Adds a DLC for this interface to the DLCI table.
Delete DLCI CyROS puts all DLCIs in a table. The list command (L) must be used to discover this
number in order to delete the DLCI.
Edit DLCI CyROS puts all DLCIs in a table. The list command (L) must be used to discover this
number in order to edit the DLCI.
Traffic Control based on Data Link Connection
Traffic Control as described in section 4.7 can also be performed on a Frame Relay interface for each permanent
virtual connection. The parameters in the Add DLCI menu are used in the same manner as those described in section
4.7.
Add DLCI Frame Relay Menu CONFIG=>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPS =>FRAME RELAY
=><ESC> =>ADD DLCI
Parameter Description
DLCI Number Used to identify the DLC. This number is supplied by the Public Frame Relay network
provider. The DLCIs are stored in a table which can be seen with the L command.
Frame Relay Determines the method used for mapping the remote IP address to the Permanent Virtual
Address Map Circuit. Static maps one IP address to this DLCI. Inverse ARP maps the IP address
dynamically, in a manner similar to the ARP table.
IP Address Applies when Frame Relay Address Map is Static. Provides the IP address to be used for
static address mapping.
this table is continued
Chapter 8 The E1 and T1 Interfaces, Without Signaling 239
CyROS Reference Guide
Add DLCI Frame Relay Menu (Continued)
Parameter Description
Enable Predictor Enables data compression using the Predictor algorithm. This feature should be enabled
Compression only if Cyclades' equipment is being used on both ends of the connection because there is
no established standard for data compression interoperability. Data compression is very
CPU-intensive, making this feature effective only for links running at speeds under 1Mbps.
At higher speeds, the time necessary to compress data offsets the gains in throughput
achieved by data compression.
Number of Bits Applies when Predictor Compression Enabled. Sixteen is fastest, but 10 must be used if
for Compression the router on the other end is a PathRouter, for compatibility.
DLCI Priority This is the equivalent of CONFIG=>RULES LIST=>IP =>CONFIGURE RULES=>ADD
Level RULE=>FLOW PRIORITY LEVEL. Indicates the relative priority of the frame for insertion
into queues in the router. A frame with priority 1 will enter the queue if there is any space
available. A frame with priority 2 will enter the queue if at least 20% of the space is
available, and so on (40% free for priority 3, 60% free for priority 4, and 80% free for priority
5). Frames with priority x + 1 will always enter after frames with priority x, x-1, etc. Priority
0 is similar to Priority 5, but these packets always enter the queue. All frames that do not
enter the queue are DISCARDED. Use this feature with caution!
Reserved This is the equivalent of CONFIG=>RULES LIST=>IP =>CONFIGURE RULES=>ADD
Bandwidth RULE=>RESERVED BANDWIDTH. Defines what percentage of the total bandwidth on an
interface will be set aside for this DLC.
Bandwidth This is the equivalent of CONFIG=>RULES LIST=>IP =>CONFIGURE RULES=>ADD
Priority Level RULE=>BANDWIDTH PRIORITY LEVEL. Two DLCs with the same priority cannot share
bandwidth when one DLC does not need its entire allotment. For two DLCs with different
priorities, the DLC with the higher priority can steal bandwidth from the other when it is not
in use. Priority is relative -- two DLCs with priorities 1 and 5 are the same as two DLCs
with priorities 3 and 4 (if there are no other DLCs).
Chapter 8 The E1 and T1 Interfaces, Without Signaling 240
CyROS Reference Guide
PPP
Multilink PPP (MLPPP) is similar in functionality to the Multilink feature described in section 4.4, but it is implemented
at the data-link level instead of the network-protocol level. When compared to Multilink, MLPPP is slightly more efficient
and less generic (because it applies only to PPP encapsulation).
Router A
Modem
Modem
Modem
Modem Link 2 (Bundle 6)
Link 1
(Bundle 6)
Router B
FIGURE 8.9 MULTILINK PPP EXAMPLE
In Figure 8.9, Router B connects to Router A via two modem connections to achieve a larger bandwidth. Router A
accepts the two physical connections, but treats them as one logical connection (one “bundle”). MLPPP must be
enabled on all interfaces that will form this bundle, (and on both sides of the connection), with the same bundle iden-
tifier specified for each. The PPP Encapsulation Menu tree is shown in Figure 8.10.
Chapter 8 The E1 and T1 Interfaces, Without Signaling 241
CyROS Reference Guide
Config
Interface T1/E1 Encapsulation PPP MLPPP Active
Identification for This Bundle
Total Number of Lines for This Bundle
Enable Van Jacobson IP Header Compression
Transmit Compressed Packets
Disable LCP ECHO Requests
Time Interval to Send Config Requests
Edit ACCM
Enable Predictor Compression
Number of Bits for Compression
FIGURE 8.10 PPP ENCAPSULATION MENU TREE
A description of the parameters with values given for the example is presented in the table.
PPP Menu CONFIG=>INTERFACE=>T1/E1=><CHANNEL> =>ENCAPSULATION =>PPP
Parameter Description
MLPPP Enables Multilink PPP on this interface.
Identification for Applies for MLPPP = Yes and Dial-out or Leased. In the example, this value is 6.
This Bundle
Total Number of Applies for MLPPP = Yes. Maximum number of links allowed in the bundle. In the
lines for This example, this number is 2 or larger.
Bundle
PPP Inactivity Applies to asynchronous connections only. The connection is closed when data does not
Timeout pass through the line for this period of time.
This table is continued
Chapter 8 The E1 and T1 Interfaces, Without Signaling 242
CyROS Reference Guide
PPP Menu (continued)
Parameter Description
Enable Van Allows the link to receive compressed packets. This type of compression is useful for low-
Jacobson IP speed links and/or small packets. It is not recommended for fast links, as it requires CPU
Header time.
Compression
Transmit Applies when Enable Van Jacobson IP Header Compression is Yes. This parameter
Compressed causes the link to send compressed packets.
Packets
Disable LCP LCP (Link Control Protocol) messages are normally exchanged to monitor the status of the
Echo Requests link. Disabling these messages reduces traffic, but the link then has no way of knowing if
the other end is still connected.
Time Interval to Config Request messages are used to negotiate the parameters at the start of a PPP
Send Config connection. For a slow line, this time should be increased to allow the reply to return to the
Requests sender. If not, the sender will assume it was lost and send another.
Edit ACCM Applies to asynchronous connections only. Permits control character mapping negotiation
on asynchronous links. This is useful when you need to send a control character as data
(e.g. XON/XOFF, Crtl A, etc.) over an asynchronous link and do not want it interpreted by
the modem or other device in the middle. The map is built up with the following commands.
Clear – Resets the ACCM table toggle;
Toggle XON/XOFF – Add XON/XOFF control characters to the ACCM table;
Toggle Char – Add other control characters to the ACCM table, using their ASCII value.
Typing the option once (for example, X), includes it in the table. Typing it again excludes it
from the table. See note after table.
Enable Predictor Enables data compression using the Predictor algorithm. This feature should be enabled
Compression only if Cyclades' equipment is being used on both ends of the connection because there is
no established standard for data compression interoperability. Data compression is very
CPU-intensive, making this feature effective only for links running at speeds under 1Mbps.
At higher speeds, the time necessary to compress data offsets the gains in throughput
achieved by data compression.
This table is continued
Chapter 8 The E1 and T1 Interfaces, Without Signaling 243
CyROS Reference Guide
PPP Menu (continued)
Parameter Description
Number of Bits Applies when Predictor Compression Enabled. Sixteen is fastest, but 10 must be used if
for Compression the router on the other end is a PathRouter, for compatibility.
Connection Type Applies to asynchronous connections only. NT-Serial Cable is a direct connection to a
Windows NT computer. This is necessary because NT requires a negotiation before the
beginning of the PPP negotiation. Direct is used for other connections using cables or
leased lines.
Note: Asynchronous Control Character Map (ACCM) mapping is done by codifying one control character as two
special characters. This permits transparent transmission of control characters as data. Thirty-two bits are encoded
in such a way that each bit indicates if the corresponding control character should or should not be mapped to the two
character sequence. If the bit is set to 1, the character will be mapped. For example, if bit 17 and 19 are set to 1, the
corresponding characters in the ASCII table (DC1 or XON and DC3 or XOFF) will be encoded, and the corresponding
ACCM will be: 00 0A 00 00 (hex), (binary: 00000000 00001010 00000000 00000000), the bits set to 1 are the 17th and
19th, if counting from right to left, starting from 0.
Chapter 8 The E1 and T1 Interfaces, Without Signaling 244
CyROS Reference Guide
X.25
A Cyclades Router can act either as a DTE (Data-terminal Equipment) connected to a public X.25 network or as a DTE
or DCE (Data circuit-terminating Equipment) as part of a private X.25 network. As seen in Figures 8.11 and 8.12, the
determination of DTE or DCE depends on the position and use of the router within the network.
Both Permanent Virtual Circuits (PVCs) and Switched Virtual Circuits (SVCs) can be defined. A PVC requires that two
DTEs be permanently connected.
Modem or
DSU/CSU
Router / DTE Router / DTE
Switch / DCE Switch / DCE
X.25
FIGURE 8.11 PUBLIC X.25 NETWORK EXAMPLE
Chapter 8 The E1 and T1 Interfaces, Without Signaling 245
CyROS Reference Guide
In the Private WAN network example, the central router acts as a switch connecting the other three. A type of bridge
must be configured to allow switched virtual connections passing through the router. The “switch” must be configured
on both of the interfaces involved in the bridge. The X.25 parameters Packet Size and Window Sizes should be the
same on both interfaces to prevent bottlenecks.
Router A
DTE Router B
Link 3 Link 1
DTE
DCE
DCE
Router C Link 2
DCE
DTE
Router D
FIGURE 8.12 PRIVATE WAN
Chapter 8 The E1 and T1 Interfaces, Without Signaling 246
CyROS Reference Guide
The first X.25 menu tree is shown in Figure 8.13
Config
Interface T1/E1 Encapsulation X.25 X.121 (Local DTE) Address
Switch Mode Active
Incoming Calls...Forwarded
Suppress Calling Address
Inactivity Timeout
Configure as DTE or DCE
Number of Virtual Circuits
Number of Permanent Virtual Circuits
PVCs Must Wait for Reset Packet
Layer 3 Window Size
Layer 2 Window Size
Packet Size
Number of Retries N2
TL
T2
T21
T23
Negotiable Facilities
Send Facility
Add DTE [shown in DTE Menu Diagram]
Delete DTE [shown in DTE Menu Diagram]
Edit DTE [shown in DTE Menu Diagram]
Terminal PAD for X.25
Encapsulation [shown in a later figure]
Network Protocol [shown in a later figure]
Physical [shown in a later figure]
Authentication [shown in a later figure]
FIGURE 8.13 X.25 MENU TREE
Chapter 8 The E1 and T1 Interfaces, Without Signaling 247
CyROS Reference Guide
A detailed description of the X.25 parameters for the two examples given above is provided in the table below.
X.25 Menu CONFIG=>INTERFACE=>T1/E1 =><CHANNEL> =>ENCAPSULATION =>X.25
Parameter Description
X.121 (Local DTE) Address assigned to this interface (provided by the public X.25 Network Provider).
Address Can be up to 15 digits.
Switch Mode Active Private WAN: In the example, Router C is used to connect three internal X.25
networks. To allow bridging from Router B to Router D across Router C, this
parameter must be Yes on both link 1 and link 2 .
Incoming Calls Received Applies when Switch Mode is Active. Private WAN: When Router C receives a
Over the Other X.25 Links packet from Router B with an unknown address, it can take two actions: if this
With Unknown parameter is No on both link 2 and link 3, the packet is discarded. If either link 2
Destination DTE Can be or link 3 has this parameter set to Yes, the packet is sent through that link. (If
Forwarded Through This both are Yes, the link with the lowest link number is chosen -- in this case link 2).
Link
Suppress Calling Address Public X.25 Network: This parameter must be chosen according to the
guidelines given by the Public X.25 Network provider. When activated, the
sender's Local DTE address is not included in the Call Request Message. Private
WAN: This parameter will be No as the network will not keep track of the sender
of each packet.
Inactivity Timeout Time until connection is automatically terminated by the router if there is no traffic.
Configure as DTE or DCE As mentioned above, the router can act either as the recipient of information
(DTE), or as the passer-on of information (DCE). Public X.25 Network: Both
routers are DTEs . Private WAN: Routers A,B, and D are DTEs and Router C is
a DCE.
Number of Virtual Circuits Indicates the maximum number of virtual circuits (total of PVCs and SVCs)
allowed on this interface. The maximum number for all X.25 interfaces is 128.
Number of Permanent Indicates the number of permanent virtual circuits that will be connected through
Virtual Circuits this interface. This maximum is also 128.
This table is continued
Chapter 8 The E1 and T1 Interfaces, Without Signaling 248
CyROS Reference Guide
X.25 Menu (continued)
PVCs Must Wait for Reset Only if the router is a DTE. PVCs become active only after a reset packet is
Packet received.
Layer 3 Window Size The layer 3 (packet) level window represents the number of sequentially
numbered packets that can be sent before an acknowledgement must be
received. This number may be negotiated if the Window Size Facility is utilized
(see last parameter in this table).
Layer 2 Window Size The layer 2 (frame) level window represents the number of sequentially numbered
frames that can be sent before an acknowledgement must be received. The
frame numbers are independent of the packet numbers.
Packet Size The packet size to be sent across the interface. This number may be negotiated if
the Packet Size Facility is utilized (see last parameter in this table).
Number of Retries N2 Number of times an information frame can be resent, without response, before the
link is considered down.
TL Time the frame level waits for an acknowledgement for a given frame before re-
sending it.
T2 Time that can elapse, after receiving a frame, until the router must send an
acknowledgement.
T21 Call Request response Timer. After this time has elapsed, the DTE sends a Clear
message.
T23 Clear Request response Timer. After this time has elapsed, the DTE retransmits
the Clear message.
Negotiable Facilities Initiates facility negotiation during virtual circuit creation.
Send Facility Determines which facilities are negotiated during virtual circuit creation: Packet
size is part of the flow control parameters negotiation, Throughput is part of the
throughput class negotiation, and N3 Window (Level 3 Window Size, above) is
part of the flow control parameters negotiation.
Chapter 8 The E1 and T1 Interfaces, Without Signaling 249
CyROS Reference Guide
The following menu appears at the end of the X.25 parameter list. It can be reached by passing through all parameters
or by using the <ESC> key at any point in the parameter list. This menu creates a static routing table associating a
remote X.121 address to an IP address or a TCP Socket location.
Config
Interface T1/E1 Encapsulation X.25 Add DTE Type of Logical Address
IP Address
X25 Socket Port
X.121 (DTE) Address
VC Number
Packet Transaction
Automatic Mode
User Data Len
User Data
Enable Predictor Compression
Number of Bits for Compression
Delete DTE Host Number to Delete
Edit DTE Host Number to Change
FIGURE 8.14 X.25 DTE MENU TREE
Chapter 8 The E1 and T1 Interfaces, Without Signaling 250
CyROS Reference Guide
X.25 Add DTE Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPS =>X.25 =><ESC> =>Add
DTE
Parameter Description
Type of Logical IP Address or TCP Socket. Users that intend to use the TCP Socket option should see
Address Appendix A.
IP Address Applies for IP Address Type. IP Address of remote DTE device.
X.25 Socket Port Applies for Socket Address Type. Must be a number in the interval defined by the
parameters CONFIG=>IP=>TCP=>X25 SOCKET START/END PORT RANGE.
X.121(DTE) Address Address of remote DTE device.
VC Number Number assigned to this circuit, if it is a PVC. For SVCs, the value should be zero.
Packet Transaction Applies for Socket Address Type. See Appendix A.
Automatic Mode Applies for Packet Transaction = Yes. See Appendix A.
User Data Len Applies for Socket Address Type. Length of next parameter in bytes. The maximum is
32. See Appendix A.
User Data Applies for Socket Address Type. The value in the user data field of the Connection
Request packet which determines which service on the remote host is being
requested. 0xCC is used for IP. See Appendix A.
Enable Predictor Applies for IP Address Type. Enables data compression using the Predictor algorithm.
Compression This feature should be enabled only if Cyclades' equipment is being used on both ends
of the connection because there is no established standard for data compression
interoperability. Data compression is very CPU-intensive, making this feature effective
only for links running at speeds under 1Mbps. At higher speeds, the time necessary to
compress data offsets the gains in throughput achieved by data compression.
Number of Bits for Applies when Predictor Compression Enabled. Sixteen is fastest, but 10 must be used
Compression if the router on the other end is a PathRouter, for compatibility.
Chapter 8 The E1 and T1 Interfaces, Without Signaling 251
CyROS Reference Guide
PAD (Packet Assembler/Disassembler)
PAD acts as a protocol converter, allowing a user to access the packet-switched network via a serial terminal. This
asynchronous connection is then converted into synchronous communication with the router and the network beyond
(using the telnet application available in the router). Any user listed in the local user table can be connected this way,
and the menu options available to him are configured in the CONFIG=>SECURITY =>USERS=>ADD menu.
Asynchronous
PC Connection
Modem
X.28 PAD Public X.25 Synchronous
Parameters Network Connection
PR3000
Link 1
X.3
Parameters ETH0
....
......
......
......
......
......
Server
FIGURE 8.15 PAD EXAMPLE
Chapter 8 The E1 and T1 Interfaces, Without Signaling 252
CyROS Reference Guide
The PAD Encapsulation menu tree is shown in Figure 8.16.
Config
Interface
T1/E1 PPP PPP Inactivity Timeout
Enable Van Jacobson
IP Header Compression
Encapsulation Transmit Compressed Packets
Disable LCP ECHO Requests
Terminal PAD Encapsulation Time interval to Send
X.25
for X.25 Config Requests
Edit ACCM
PPPChar PPP Inactivity Timeout
Enable Van Jacobson
IP header Compression
Transmit Compressed Packets
Disable LCP ECHO Requests
Time Interval to Send
Config Requests
Edit ACCM
Switch Session Character Code
Escape Session Character Code
Char Switch Session Character Code
Escape Session Character Code
Username
Inactive
FIGURE 8.16 X.25 PAD ENCAPSULATION MENU TREE
Chapter 8 The E1 and T1 Interfaces, Without Signaling 253
CyROS Reference Guide
CyROS provides for configuration of the X.3 parameters that define the connection between the PAD and the router.
When the PAD sends a connection request to the router, the router replies with the profile (the X.3 parameters) to be
used for the connection. The X.28 parameters that define the connection between the remote terminal and the PAD
are not considered. Link 1 of the Router in the PAD example must be configured for this type of access.
With encapsulation type CHAR, pure X.25 is used. Optionally, PPP or PPPCHAR can run on top of X.25. These
protocols must be configured in the encapsulation menu, and related parameters are set in the Network Protocol,
Physical and Authentication menus. Details on the configuration of each parameter are given in the following table.
Chapter 8 The E1 and T1 Interfaces, Without Signaling 254
CyROS Reference Guide
X.25 PAD PPP Menu CONFIG =>INTERF =>T1/E1 =><CHANNEL> =>ENCAPS =>X.25 =><ESC> =><ESC>
=>ENCAPS =>PPP
Parameter Description
PPP Inactivity The connection is closed when data does not pass through the line for this period of
Timeout time.
Enable Van Jacobson Allows the link to receive compressed packets. This type of compression is useful for
IP Header low-speed links and/or small packets. It is not recommended for fast links, as it
Compression requires CPU time.
Transmit Compressed Applies when Enable Van Jacobson IP Header Compression is Yes. This parameter
Packets causes the link to send compressed packets.
Disable LCP Echo LCP (Link Control Protocol) messages are normally exchanged to monitor the status of
Requests the link. Disabling these messages reduces traffic, but the link then has no way of
knowing if the other end is still connected.
Time Interval to Send Config Request messages are used to negotiate the parameters at the start of a PPP
Config Requests connection. For a slow line, this time should be increased to allow the reply to return
to the sender. If not, the sender will assume it was lost and send another.
Edit ACCM Applies to asynchronous connections only. Permits control character mapping
negotiation on asynchronous links. This is useful when you need to send a control
character as data (e.g. XON/XOFF, Crtl A, etc.) over an asynchronous link and do not
want it interpreted by the modem or other device in the middle. The map is built up
with the following commands.
Clear – Resets the ACCM table toggle;
Toggle XON/XOFF – Add XON/XOFF control characters to the ACCM table;
Toggle Char – Add other control characters to the ACCM table, using their ASCII
value.
Typing the option once (for example, X), includes it in the table. Typing it again
excludes it from the table. See note after CONFIG=>INTERFACE=>SWAN
=>ENCAPSULATION =>PPP table.
Chapter 8 The E1 and T1 Interfaces, Without Signaling 255
CyROS Reference Guide
X.25 PAD PPPCHAR Menu CONFIG=>INTERF=>T1/E1=><CHANNEL> =>ENCAPS=>X.25
=><ESC>=><ESC>=>ENCAPS=>PPPCHAR
Parameter Description
PPP Inactivity The connection is closed when data does not pass through the line for this period of
Timeout time.
Enable Van Jacobson Allows the link to receive compressed packets. This type of compression is useful for
IP Header low-speed links and/or small packets. It is not recommended for fast links, as it
Compression requires CPU time.
Transmit Compressed Applies when Enable Van Jacobson IP Header Compression is Yes. This parameter
Packets causes the link to send compressed packets.
Disable LCP Echo LCP (Link Control Protocol) messages are normally exchanged to monitor the status of
Requests the link. Disabling these messages reduces traffic, but the link then has no way of
knowing if the other end is still connected.
Time Interval to Send Config Request messages are used to negotiate the parameters at the start of a PPP
Config Requests connection. For a slow line, this time should be increased to allow the reply to return
to the sender. If not, the sender will assume it was lost and send another.
Edit ACCM Please see explanation in previous table.
Switch Session Control character used to switch sessions. 1 is Ctrl-A, 2 is Ctrl-B, etc. The value 254
Character Code disables this option.
Escape Session Control character used while in a telnet session, to return to the router menu without
Character Code closing the session.
X.25 PAD CHAR Menu CONFIG=>INTERF=>T1/E1=><CHANNEL> =>ENCAPS=>X.25=><ESC>
=><ESC>=>ENCAPS=>CHAR
Parameter Description
Switch Session Control character used to switch sessions. 1 is Ctrl-A, 2 is Ctrl-B, etc. The value 254
Character Code disables this option.
Escape Session Control character used while in a telnet session, to return to the router menu without
Character Code closing the session.
Username Must be entered into the local user table first. See section 4.3.
Chapter 8 The E1 and T1 Interfaces, Without Signaling 256
CyROS Reference Guide
The X.25 PAD Network Protocol menu applies to PPP or PPPCHAR Encapsulation only.
The PAD Network Protocol menu tree is shown in Figure 8.17.
Config
Interface
T1/E1
Encapsulation Terminal PAD Network
X.25 Interface
for X.25 Protocol
Assign IP From Interface
Primary IP Address
Subnet Mask
Secondary IP Address
Enable Dynamic Local IP Address
Remote IP Address Type
Remote IP Address
IP MTU
IP Fragmentation Ignore bit DF
NAT
ICMP Port
Incoming Rule List Name
Detailed Incoming IP Accounting Process
Outgoing Rule List Name
Detailed Outgoing IP Accounting Process
Routing of Broadcast Messages
FIGURE 8.17 X.25 PAD NETWORK PROTOCOL MENU TREE
Chapter 8 The E1 and T1 Interfaces, Without Signaling 257
CyROS Reference Guide
X.25 PAD Network Protocol Menu CONFIG=>INTERF=>T1/E1=><CHANNEL> =>ENCAPS=>X.25=><ESC>
=><ESC>=>NW PRTCL
Parameter Description
Interface Unnumbered interfaces can be used for point-to-point connections.
Unnumbered
Assign IP From Applies to Unnumbered interfaces. Applies the IP address of another router interface to
Interface this one.
Primary IP Applies to Numbered interfaces. Address assigned to this interface.
Address
Subnet Mask Applies to Numbered interfaces. Subnet mask of the network.
Secondary IP Applies to Numbered interfaces. Indicates a second (or third, etc.) IP address that can be
Address used to refer to this interface. This parameter and the next are repeated until no value is
entered.
Subnet Mask Applies to Numbered interfaces. Subnet mask of Secondary IP Address.
Enable Dynamic The terminal connected through PAD assigns an IP address to the router for purposes of
Local IP Address their connection.
Remote IP The terminal connected through PAD sends its IP address in the negotiation package.
Address Type Fixed: The IP address sent must match the number set in the next parameter.
Same Net: The IP address sent must be an address in the network set in the next
parameter.
Any: The IP address can be any number that does not conflict with any local IP address.
None: Any IP address is accepted. This is not recommended.
Remote IP If Remote IP Address Type not None. Used in conjunction with the previous parameter.
Address
IP MTU Assigns the size of the Maximum Transmission Unit for the interface. This determines
whether or not a given IP datagram is fragmented.
This table is continued
Chapter 8 The E1 and T1 Interfaces, Without Signaling 258
CyROS Reference Guide
X.25 PAD Network Protocol Menu (Continued)
ICMP Port Active causes the router to send ICMP Port Unreachable messages when it receives UDP
or TCP messages for ports that are not recognized. This type of message is used by
traceroute applications, and if disabled, the router will not be identified in the traceroute
output. However, there are security reasons to leave this option Inactive.
Incoming Rule Filter rule list for incoming packets. See section 4.7 for instructions on how this parameter
List should be set.
Detailed Applies when a list is selected in the previous parameter. See explanation of IP Accounting
Incoming IP later in this chapter. IP Accounting for a rule requires that the parameter CONFIG
Accounting =>RULES LIST=>IP=>CONFIGURE RULES=>ADD RULE=>ALLOW ACCOUNT
PROCESS also be set toYes.
Outgoing Rule Filter rule list for outgoing packets. See section 4.7 for instructions on how this parameter
List Name should be set.
Detailed Applies when a list is selected in the previous parameter. See explanation of Detailed
Outgoing IP Incoming IP Accounting.
Accounting
Routing of Activating this parameter causes the router to route broadcast messages from the LAN to
Broadcast the WAN and vice-versa. An individual interface can be excluded by setting this parameter
Messages to Inactive, without effecting the broadcast of messages on the other interfaces. This is
necessary with applications that use Netbios.
Chapter 8 The E1 and T1 Interfaces, Without Signaling 259
CyROS Reference Guide
The PAD Physical and Authentication menu trees are shown in Figure 8.18
Config
Interface
T1/E1
Encapsulation Terminal PAD
X.25 Physical Number of PADs
for X.25
Send Profile
Set X3 Parameters
Select Reference Number
Set Related Parameter
Parameter Sent
Authentication Authentication Type
Authentication Server
Authentication Protocol
FIGURE 8.18 X.25 PAD PHYSICAL AND AUTHENTICATION MENU TREES
Chapter 8 The E1 and T1 Interfaces, Without Signaling 260
CyROS Reference Guide
X.25 PAD Physical Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPS =>X.25 =><ESC>
=><ESC> =>PHYSICAL
Parameter Description
Number of PADs Number of PAD connections that the router will accept simultaneously.
Send Profile When the router receives a Connection Request from a PAD, the X.3 parameters can be
sent. Yes causes these parameters to be sent.
Set X3 Default parameters are shown in Figure 6.17. The PPP Profile parameters are usually
Parameters used with PPP & PPPCHAR Encapsulation. Customize is used to set all/some X3
parameters individually.
Select Reference Applies for Customized X3 Parameters. To change the value of an X3 parameter, select its
Number number from the table shown in Figure 6.17.
Set Related Applies for Customized X3 Parameters. The new value.
Parameter
Parameter Sent Applies for Customized X3 Parameters. Change whether or not this parameter is sent
during connection negotiation.
Chapter 8 The E1 and T1 Interfaces, Without Signaling 261
CyROS Reference Guide
Reference Number Default Value Send Profile Description
1 3 Y PAD recall using a character
2 0 Y Echo
3 0 Y Selection of "data forwarding" characters
4 1 Y Selection of idle timer delay
5 0 Y Flow control of the terminal
6 5 Y Control of PAD service/command signals
7 21 Y Operation of the PAD on reception of break signal
8 0 Y Discard Output
9 0 Y Padding
10 0 Y Line Folding
11 3 Y Binary Speed of Start/Stop mode
12 0 Y Flow control of the PAD
13 0 Y LF insertion after CR
14 0 Y Padding after LF
15 0 Y Editing
16 8 Y Character Delete
17 24 Y Line Delete
18 42 Y Line Display
19 0 N Editing PAD service signals
20 0 N Echo mask
21 0 N Parity treatment
22 0 N Page wait
23 0 N Size of input field
24 0 N End of frame signals
25 0 N Extended data forwarding signals
26 0 N Display interrupt
27 0 N Display interrupt confirm
28 0 N Diacritic character coding
29 0 N Extended echo mask
FIGURE 8.19 PAD X3 PARAMETER LIST
Chapter 8 The E1 and T1 Interfaces, Without Signaling 262
CyROS Reference Guide
X.25 Authentication Menu CONFIG =>INTERF =>T1/E1 =><CHANNEL> =>ENCAPS=>X.25 =><ESC> =><ESC>
=>AUTHENTICATION
Parameter Description
Authentication Type Local uses the list of users defined in CONFIG=> SECURITY=>USERS=>ADD.
Server uses either Radius or Tacacs to authenticate the user.
Authentication Server Applies when Authentication Type is Server. Indicates that either a Radius or Tacacs
server is used for validation. The location and other parameters of the server must be
configured in CONFIG=> SECURITY. See section 4.3.
Authentication Applies when Authentication Type is Local or Server. Either PAP or CHAP or both can
Protocol be used for authentication.
Returning to the E1/T1 Interface Configuration, the Network Protocol Menu tree is shown in Figure 8.20.
Chapter 8 The E1 and T1 Interfaces, Without Signaling 263
CyROS Reference Guide
Config Interface T1/E1 Network Protocol IP Active
Interface Unnumbered/Numbered
Assign IP from Interface
Primary IP address
Subnet Mask
Secondary IP Address
Subnet Mask
IP MTU
IP Fragmentation Ignore bit DF
NAT
ICMP Port
Incoming Rule List Name
Detailed Incoming IP Accounting
Outgoing Rule List Name
Detailed Outgoing IP Accounting
Routing of Broadcast Protocol
Transparent Status
Bridge Port Priority
Incoming Rule List Name
Outgoing Rule List Name
FIGURE 8.20 NETWORK PROTOCOL MENU TREE
Chapter 8 The E1 and T1 Interfaces, Without Signaling 264
CyROS Reference Guide
The Network Protocol parameters are explained in more detail in the following tables.
Network Protocol (IP) Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>NETWORK PROTOCOL =>IP
Parameter Description
Active or Inactive Activates this interface.
Interface Unnumbered interfaces can be used for point-to-point connections.
Unnumbered
Assign IP From Applies to Unnumbered interfaces. Applies the IP address of another router interface
Interface to this one.
Primary IP Address Applies to Numbered interfaces. Address assigned to this interface.
Subnet Mask Applies to Numbered interfaces. Subnet mask of the network.
Secondary IP Applies to Numbered interfaces. Indicates a second (or third, etc. up to eight) IP
Address address that can be used to refer to this interface. This parameter and the next are
repeated until no value is entered. Note: to remove a Secondary IP Address, type
0.0.0.0 instead of a space.
Subnet Mask Applies to Numbered interfaces. Subnet mask of Secondary IP Address.
IP MTU Assigns the size of the Maximum Transmission Unit for the interface. This determines
whether or not a given IP datagram is fragmented.
IP Fragmentation - When this parameter is set to No, the DF (Do Not Fragment) bit in the IP header
Ignore Bit DF causes IP to reject a packet that is oversized: the router sends an ICMP message
back to the sender. When this parameter is Yes, the DF bit is ignored, the packet is
fragmented, and no message is sent back to the sender.
NAT Does not apply to Expanded NAT. Determines the type of IP address if NAT is being
used. Use Global otherwise. See section 4.3 for details on how to configure NAT.
ICMP Port Active causes the router to send ICMP Port Unreachable messages when it receives
UDP or TCP messages for ports that are not recognized. This type of message is
used by some traceroute applications, and if disabled, the router might not be identified
in the traceroute output. However, there are security and performance reasons to
leave this option Inactive.
This table is continued
Chapter 8 The E1 and T1 Interfaces, Without Signaling 265
CyROS Reference Guide
Network Protocol (IP) Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>NETWORK PROTOCOL =>IP
(continued)
Parameter Description
Incoming Rule List Filter rule list for incoming packets. See section 4.7 for instructions on how this
parameter should be set.
Incoming IP Applies when a list is selected in the previous parameter. See explanation of IP
Accounting Accounting later in this chapter. IP Accounting for a rule requires that the parameter
CONFIG =>RULES LIST=>IP=>CONFIGURE RULES=>ADD RULE=>ALLOW
ACCOUNT PROCESS also be set toYes.
Outgoing Rule List Filter rule list for outgoing packets. See section 4.7 for instructions on how this
Name parameter should be set.
Detailed Outgoing IP Applies when a list is selected in the previous parameter. See explanation of Detailed
Accounting Incoming IP Accounting.
Routing of Broadcast Activating this parameter causes the router to route broadcast messages from the LAN
Messages to the WAN and vice-versa. An individual interface can be excluded by setting this
parameter to Inactive, without effecting the broadcast of messages on the other
interfaces. This is necessary with applications that use Netbios.
Transparent Bridge Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>NETWORK PROTOCOL
=>TRANSPARENT BRIDGE
Parameter Description
Status Activates the Transparent Bridge on this interface.
Port Priority For the Spanning Tree Algorithm, a priority is given to each link in the router and to
each router in the network. See CONFIG=>TRANSPARENT BRIDGE =>SPANNING
TREE for more information.
Incoming Rule List Transparent Bridge rule list name for incoming packets. Note: Rule lists for
Name Transparent Bridge and IP are created separately. See section 4.7 for instructions on
how this rule list is created.
Outgoing Rule List Filter rule list name for outgoing packets. See section 4.7 for instructions on how this
Name rule list is created.
Chapter 8 The E1 and T1 Interfaces, Without Signaling 266
CyROS Reference Guide
The Routing Protocol Menu tree is shown in Figure 8.21.
Config
Interface T1/E1 Routing Protocol RIP Send RIP
Listen RIP
RIP2 Authentication
Rip2 Authentication Password
OSPF OSPF on This Interface
Advertise This Non-OSPF Interface
External Metric
Area ID
External Metric Type
Network Type
Router Priority
Transit Delay
Retransmit Interval
Hello Interval
Dead Interval
Poll Interval
Password
Metric
Advertise Secondary IP Address
FIGURE 8.21 ROUTING PROTOCOL MENU TREE
Chapter 8 The E1 and T1 Interfaces, Without Signaling 267
CyROS Reference Guide
The Routing Protocol parameters are explained in more detail in the following tables.
Routing Protocol Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>ROUTING PROTOCOL =>RIP
Parameter Description
Send RIP Sets the type of RIP messages to be sent.
Listen RIP Indicates which types of RIP messages are accepted.
RIP2 Authentication Applies if RIP2 was chosen in one of the first two options. Activates RIP2 message
authentication with a password.
RIP2 Authentication Applies if RIP2 Authentication is Active. Password used for both received and
Password transmitted RIP2 messages.
OSPF Protocol Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>ROUTING PROTOCOL =>OSPF
Parameter Description
OSPF on This Activates OSPF. Enable Inactive is used to temporarily disable the OSPF protocol
Interface without erasing the parameters set below. This is useful when OSPF is first
configured, as the general parameters must be set afterwards in CONFIG=>IP
=>OSPF and OSPF cannot function without them.
Parameters that apply only when OSPF on This Interface is Disabled.
Advertise This Non- Causes the router to include this interface in its advertisements through other
OSPF Interface interfaces (as an external route).
External Metric Defines the metric that will be advertised by OSPF.
External Metric Type For Type 1, the total metric of this route is composed of the internal metric (inside the
autonomous system) and the external metric (provided in the previous parameter). For
Type 2, the total metric of this route is the value provided in the previous parameter.
Parameters that apply only when OSPF on This Interface is Enable or Enable Inactive.
Area ID Identifies the area to which the interface belongs. Areas are created here, then later
defined in CONFIG=>IP=>OSPF =>AREA. Has the format of an IP address, but is
not linked to any IP address in the system. Small OSPF networks will typically have
only one area (the backbone area represented by 0.0.0.0).
This table is continued
Chapter 8 The E1 and T1 Interfaces, Without Signaling 268
CyROS Reference Guide
OSPF Protocol Menu (continued)
Router Priority Priority used by OSPF in multicast networks to elect the designated router. A priority of
1 will make this router the most likely to be chosen. A priority of 2 will make it second
most likely. Set it to 0 (zero) if this router should never be the designated router.
Transit Delay in Estimated transit time in seconds to route a packet through this interface. Use the
Seconds preset value (1) or increase the number for slow links
Retransmit Interval in Time in seconds between link-state advertisement retransmissions for adjacencies
Seconds* belonging to this interface.
Hello Interval in Time in seconds between the hello packets on this interface.
Seconds*
Dead Interval in Inactivity time (seconds) before a neighbor router is considered down.
Seconds*
Poll Interval in Time in seconds between the hello packets sent to an inactive, non-broadcast, multi-
Seconds access neighbor.
Password* String of up to 8 characters used to authenticate OSPF packages. The use of this
password is enabled in CONFIG=>IP=>OSPF=>AREA=>AUTHENTICATION TYPE
Metric Defines the cost for normal service. For consistent routing, this parameter should be
determined in the same manner for all routers in the OSPF Area. Normally, metric cost
is defined as an inverse function of interface throughput (e.g. 1 for 100Mbps, 10 for
10Mbps, 65 for T1, 1785 for 56kbps, etc).
Advertise Secondary Causes the router to advertise additional addresses assigned to this interface. These
IP Address are configured in CONFIG=> INTERFACE=>T1/E1=><CHANNEL>=>NETWORK
PROTOCOL =>IP.
* Inside a given area, these 4 parameters should be the same for all routers.
Chapter 8 The E1 and T1 Interfaces, Without Signaling 269
CyROS Reference Guide
The following menu is only relevant when PPP Encapsulation is used.
Authentication Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>AUTHENTICATION
Parameter Description
Authentication Type Local uses the list of users defined in CONFIG=> SECURITY=>USERS=>ADD.
Server uses either Radius or Tacacs to authenticate the user.
Remote is when this interface is considered to be the user and the other end of the
connection performs the authentication
Username Applies when Authentication Type is Remote. The username the remote device
expects to receive.
Password Applies when Authentication Type is Remote. The password the remote device
expects to receive.
Authentication Server Applies when Authentication Type is Server. Indicates that either a Radius or Tacacs
server is used for validation. The location and other parameters of the server must be
configured in CONFIG=> SECURITY. See section 4.3.
Authentication Applies when Authentication Type is Local or Server. Either PAP or CHAP or both can
Protocol be used for authentication.
Bibliography
PPP:
STD0051 and RFCs 1661 and 1662
Frame Relay:
Smith, Philip, Frame Relay Principles and Applications, Addison-Wesley, 1993
RFC 1490, Multiprotocol Interconnect over Frame Relay (explains NLP ID and SNAP)
X.25:
Thorpe, Nicolas and Derek Ross, X.25 Made Easy, Prentice Hall, 1992.
E1 and T1 lines:
Tanenbaum, Andrew S., Computer Networks, Prentice-Hall, Inc.,1996.
Chapter 8 The E1 and T1 Interfaces, Without Signaling 270
CyROS Reference Guide
CHAPTER 9 THE E1 AND T1 INTERFACES, WITH SIGNALING
Two varieties of signaling are available. The older mode, called CAS, and the newer mode, called CCS (which is used
for ISDN-PRI). The first step in the configuration process is to configure the channels using the Controller menu. The
Controller Menu tree is shown in Figure 9.1. The parameters are described in the table that follows.
Config Controller E1/T1 Frame Mode
Line Code
Signaling Mode
Clock Mode
Receiver Sensitivity
Companding Mode
Signaling Type
Tone Signaling
Country Signaling
Block Collect Calls
Answer2 Timer
On-Hook Timer
Switch Type
FIGURE 9.1 THE CONTROLLER MENU TREE
Chapter 9 - The E1 and T1 Interfaces, With Signaling 271
CyROS Reference Guide
Controller Menu CONFIG=>CONTROLLER=>T1/E1
Parameter Description
Frame Mode T1: ESF (Extended Super Frame, the most common) and D4 are the options.
E1: CRC4 (the most common) and Non-CRC4 are the options.
Line Code T1: B8ZS (Bipolar 8 Zero Substitution, the most common) and AMI (Alternate Mark
Inversion). E1: HDB3 (High-Density Bipolar) and AMI.
Signaling Mode None for channelized lines without signaling (see chapter 8), CCS for ISDN-PRI and CAS
for analog, modem-based remote access (usually used with telephone networks that do not
support ISDN).
Clock Mode Selects the clock mode: Master or Slave.
Line Build Out Applies only to T1. Sets the attenuation on the TX line. The T1 service provider should
supply this parameter.
Receiver Short haul is usually used. Long haul is necessary if attenuation prevents reception of
Sensitivity data, usually when the router is installed more than 2000 feet from the cable termination.
Companding Defines the compression mode to be used. Depends on the telephone exchange and the
Mode E1/T1 provider should supply this parameter. A-law is usually used for E1 lines and u-law
is usually used for T1 lines.
Tone Signaling Applies when Signaling Mode is CAS. Will depend on what is expected by the line provider.
DTMF is the most common tone signaling for T1 and MFR2 Compelled is the most
common for E1.
Country Applies when Signaling Mode is CAS. Determines country-dependent signaling
Signaling parameters.
Block Collect Applies when Signaling Mode is CAS and Country is Brazil. Causes the PR4000 to block
Calls collect calls by keeping the line on-hook for a short period of time after answering the call.
Answer2 Timer Applies when previous parameter is Yes. Corresponds to the time the channel remains in
answer state before moving to the on-hook state after the line is answered.
On-Hook Timer Applies when Block Collect Calls is Yes. Corresponds to the time the channel remains in
the on-hook state before definitively answering the call. This time should be long enough to
reject collect calls, but not long enough to reject normal calls.
Switch Type Applies when Signaling Mode is CCS. Selects the signaling protocol. This should be
supplied by the service provider.
Chapter 9 - The E1 and T1 Interfaces, With Signaling 272
CyROS Reference Guide
The CCS Signaling Mode (ISDN-PRI)
ISDN, the Integrated Services Digital Network, was intended to be a digital upgrade to the current analog telephone
system. The ISDN discussed in this chapter is N-ISDN, where the N is for Narrow Band. A Broad Band ISDN also
exists. There are two ISDN interfaces:
• BRI — Basic Rate Interface — used for residential or small-business access.
• PRI — Primary Rate Interface — used to provide access or used by large businesses for access.
Two PRI interfaces are provided on the PR4000 via E1 or T1 ports with CCS Signaling. These connections can be
digital or analog (via a modem). The data layer protocols CHAR, PPPCHAR and Slip are used with a modem connection.
A typical application in an Internet Service Provider is shown in Figure 9.2.
Application Integrated
RAS ISDN Line
Server
Telephone/
ISDN Network
Analog Line
BRI Line
Router
PC
Remote Users
PC
FIGURE 9.2 ISDN-PRI APPLICATION EXAMPLE
Chapter 9 - The E1 and T1 Interfaces, With Signaling 273
CyROS Reference Guide
After the channel groups are defined, the ISDN line and channels must be configured. The ISDN-PRI Interface
Configuration Menu tree is shown in Figure 9.3.
Config Interface T1/E1 ISDN Main Phone
(ISDN-PRI) Idle Timeout
T200
N200
T203
Send Channel ID in the First Response
Store Channel ID in Outgoing Calls
Add Entry Destination IP Address
DestinationPhone #
Slot N Channel #
Delete Entry
Edit Entry Same as Add Entry
Clear All Entries
One Encapsulation
Channel Network Protocol
Routing Protocol
ISDN
Traffic Control Bandwidth
IP Traffic Control List
Authentication Authentication Type
Username
Password
Authentication Server
Wizards Authentication Protocol
Range Same Parameters as One Channel
All Channels Same Parameters as One Channel
FIGURE 9.3 ISDN-PRI INTERFACE CONFIGURATION MENU TREE
Chapter 9 - The E1 and T1 Interfaces, With Signaling 274
CyROS Reference Guide
The general ISDN options are explained first.
ISDN General Menu CONFIG=>INTERFACE=>T1/E1(ISDN-PRI)=>ISDN
Parameter Description
Main Phone # Principal phone number assigned to the ISDN trunk line. Leave this parameter blank if this
number should not be confirmed by the router. This is recommended when the provider
does not send the trunk line number in the incoming call message.
Idle Timeout Time, in minutes, for the connection to time out if there is no traffic. For this to work, any
status messages, like PPP's LCP Echo Requests, must be disabled. The value 0 disables
the timeout function.
Send Channel ID Some switches require that the terminal answers all incoming calls with the channel ID that
in the First will be used. This option causes the link to send the channel ID in the first response to a
Response connection request.
Store Channel ID This option causes the ISDN line to get a free B-channel, store it, and include the channel
in Outgoing Calls ID in the message when an outgoing call is requested. This may be necessary if the switch
considers the channel ID a mandatory information element in a connection request
message.
T200 Data-layer timer. When the router sends a command, this timer determines how long it
should wait for a response.
N200 Data-layer number of re-tries. When the T200 period passes without a response, the
command is re-sent up to N200 times.
T203 When no messages are received for T203 seconds, an enquiry (RR or RNR) is sent.
At the end of this parameter list appears the menu for the dial-out table. It can also be reached by using the <ESC> key
at any time during the parameter list. Each entry is an association between a channel and the IP Address and Phone
number at the other end of the connection. The router uses the IP information stored here in its routing table. When
a packet arrives at the router, and the IP is listed in the dial-out table, the router will attempt a connection on the slot
indicated using the associated phone number. The parameters for each entry are given next.
Chapter 9 - The E1 and T1 Interfaces, With Signaling 275
CyROS Reference Guide
Add Entry Menu CONFIG =>INTERFACE =>T1/E1(ISDN-PRI)= >ISDN =><ESC> =>ADD ENTRY
Parameter Description
Destination IP IP Address assigned to the remote connection.
Address
Destination Phone number assigned to the remote connection
Phone #
Slot N Channel # Channel used to reach this destination.
The CAS Signaling Mode
A typical application that uses CAS Signaling is shown in Figure 9.4.
Application Integrated CAS Line
Server RAS
Telephone
Network
Analog Line
Router Analog Line
PC
Remote Users
PC
FIGURE 9.4 CAS APPLICATION EXAMPLE
Chapter 9 - The E1 and T1 Interfaces, With Signaling 276
CyROS Reference Guide
The CAS Signaling Mode does not have a menu equivalent to the CONFIG =>INTERFACE =>T1/E1(ISDN-PRI)
=>ISDN menu described above. Both signaling modes have a mode-specific menu at the channel level, with different
names, but basically the same function. This menu, CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>SIGNALING,
will be described in the next section. The Interface Configuration tree for E1/T1 with CAS Signaling is shown in Figure
9.5
Config Interface E1/T1 (CAS) One Channel Encapsulation
Network Protocol
Routing Protocol
Signaling
Traffic Control Bandwidth
IP Traffic Control List
Authentication Authentication Type
Username
Password
Authentication Server
Wizards Authentication Protocol
Range Same Parameters as One Channel
All Channels Same Parameters as One Channel
FIGURE 9.5 CAS INTERFACE CONFIGURATION MENU TREE
Chapter 9 - The E1 and T1 Interfaces, With Signaling 277
CyROS Reference Guide
Parameters Independent of Signaling Mode
The channel specific parameters can be set for each channel individually, for a range of channels, or for all channels.
Wizards are available to automatically configure the channels for typical applications. The notation <CHANNEL> will
be used to represent One Channel, Range, or All Channels where appropriate. The following menu options are
available for each channel:
Channel Menu CONFIG=>INTERFACE=>T1/E1=><CHANNEL>
Menu Option Description
Encapsulation Determines the data-link layer protocol to be used for this communication link.
Network Protocol Provides menus for the IP and Transparent Bridge parameters, including rules to be
applied to this interface.
Routing Protocol Configures RIP parameters.
ISDN(CCS) / Sets parameters particular to the signaling mode, and determines the phone number
Signaling (CAS) and modem profile.
Traffic Control Sets the Bandwidth of the connection for use with traffic control rules and associates a
Traffic Control Rule List to this interface. See section 4.7 for more information on
traffic control rules.
Authentication Determines the method used for authentication for connections on this line.
Wizards Tools that aid in the configuration of the interface for common applications.
Chapter 9 - The E1 and T1 Interfaces, With Signaling 278
CyROS Reference Guide
The encapsulation options are shown in the following table.
Encapsulation Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPSULATION
Menu Options Description
PPP The PPP (Point-to-Point) protocol and Multilink PPP are provided.
PPPCHAR Sends a character login prompt, but automatically switches to PPP if requested.
Please see the description of the PPP and CHAR protocols for more information.
CHAR Sends a login prompt and accepts only character-mode connections.
Slip Provides a Slip connection. This encapsulation option has no parameters.
SlipCHAR Sends a character login prompt, but automatically switches to Slip if a Slip frame is
received. This encapsulation option has no parameters.
Inactive This menu option must be chosen whenever the encapsulation is changed from one
type to another. One must be deactivated before another can be activated.
Chapter 9 - The E1 and T1 Interfaces, With Signaling 279
CyROS Reference Guide
Multilink PPP (MLPPP) is similar in functionality to the Multilink feature described in section 4.4, but it is implemented
at the data-link level instead of the network-protocol level. When compared to Multilink, MLPPP is slightly more efficient
and less generic (because it applies only to PPP encapsulation).
Terminal
Terminal
(MLPPP ACTIVE)
Modem
ISDN-BRI Modem
Modem (MLPPP ACTIVE)
Telephone
Network
ISDN-PRI
T1/E1
PR4000
FIGURE 9.6 MULTILINK PPP EXAMPLE
The example in Figure 9.6 is the most common use for MLPPP. The T1/E1 line has 23/30 channels with the same
trunk phone number. Sometimes more than one T1/E1 line is included in a trunk. A terminal with an ISDN-BRI ter-
minal adapter or two modems, configured to connect using MLPPP, can connect to the PR4000 by calling the trunk
phone number. Any of the T1/E1 channels can receive the calls, but the RAS will consider these channels one logi-
cal link. The first channel called will be the primary link and only its configuration will be considered.
Chapter 9 - The E1 and T1 Interfaces, With Signaling 280
CyROS Reference Guide
When a trunk contains more than two T1/E1 lines, more than one PR4000 is required. One multilink connection is
made by one PR4000 while another is made by another PR4000, so they cannot function independently. In this
situation, Multichassis Multilink PPP (MCPPP) must be activated. See chapter 4 for more details.
The PPP Encapsulation Menu tree is shown in Figure 9.7
Config
Interface T1/E1 <Slot> Encapsulation PPP MLPPP Active
Connection Type
Identification for This Bundle
Total Number of Lines for This Bundle
PPP Inactivity Timeout
Enable Van Jacobson IP Header Compression
Transmit Compressed Packets
Disable LCP ECHO Requests
Time Interval to Send Config Requests
Edit ACCM
Enable Predictor Compression
Number of Bits for Compression
FIGURE 9.7 PPP ENCAPSULATION MENU TREE
A description of the parameters with values given for the example is presented in the table.
Chapter 9 - The E1 and T1 Interfaces, With Signaling 281
CyROS Reference Guide
PPP Menu CONFIG=>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPSULATION =>PPP
Parameter Description
MLPPP Enables Multilink PPP on this interface.
Connection Type Applies for MLPPP = Yes. Type of line used on this link.
Applies for MLPPP = Yes and Dial-out. In the example, this value is 6
Identification for This Bundle
Total Number of lines for Applies for MLPPP = Yes. Maximum number of links allowed in the bundle. In
This Bundle the example, this number is 2 or larger.
PPP Inactivity Timeout Applies to asynchronous connections only. The connection is closed when data
does not pass through the line for this period of time.
Enable Van Jacobson IP Allows the link to receive compressed packets. This type of compression is
Header Compression useful for low-speed links and/or small packets. It is not recommended for fast
links, as it requires CPU time.
Transmit Compressed Applies when Enable Van Jacobson IP Header Compression is Yes. This
Packets parameter causes the link to send compressed packets.
Disable LCP Echo Requests LCP (Link Control Protocol) messages are normally exchanged to monitor the
status of the link. Disabling these messages reduces traffic, but the link then
has no way of knowing if the other end is still connected.
Time Interval to Send Config Config Request messages are used to negotiate the parameters at the start of a
Requests PPP connection. For a slow line, this time should be increased to allow the
reply to return to the sender. If not, the sender will assume it was lost and send
another.
This table is continued.
Chapter 9 - The E1 and T1 Interfaces, With Signaling 282
CyROS Reference Guide
PPP Menu (Continued)
Parameter Description
Edit ACCM Applies to asynchronous connections only. Permits control character mapping
negotiation on asynchronous links. This is useful when you need to send a
control character as data (e.g. XON/XOFF, Crtl A, etc.) over an asynchronous
link and do not want it interpreted by the modem or other device in the middle.
The map is built up with the following commands.
Clear – Resets the ACCM table toggle;
Toggle XON/XOFF – Add XON/XOFF control characters to the ACCM table;
Toggle Char – Add other control characters to the ACCM table, using their
ASCII value.
Typing the option once (for example, X), includes it in the table. Typing it again
excludes it from the table. See note after table.
Enable Predictor Enables data compression using the Predictor algorithm. This feature should
Compression be enabled only if Cyclades' equipment is being used on both ends of the
connection because there is no established standard for data compression
interoperability. Data compression is very CPU-intensive, making this feature
effective only for links running at speeds under 1Mbps. At higher speeds, the
time necessary to compress data offsets the gains in throughput achieved by
data compression.
Number of Bits for Applies when Predictor Compression Enabled. Sixteen is fastest, but 10 must
Compression be used if the router on the other end is a PathRouter, for compatibility.
Note: Asynchronous Control Character Map (ACCM) mapping is done by codifying one control character as two
special characters. This permits transparent transmission of control characters as data. Thirty-two bits are encoded
in such a way that each bit indicates if the corresponding control character should or should not be mapped to the two
character sequence. If the bit is set to 1, the character will be mapped. For example, if bit 17 and 19 are set to 1, the
corresponding characters in the ASCII table (DC1 or XON and DC3 or XOFF) will be encoded, and the corresponding
ACCM will be: 00 0A 00 00 (hex), (binary: 00000000 00001010 00000000 00000000), the bits set to 1 are the 17th and
19th, if counting from right to left, starting from 0.
Chapter 9 - The E1 and T1 Interfaces, With Signaling 283
CyROS Reference Guide
The parameters for PPPCHAR are a combination of those for PPP and CHAR. The PPPCHAR Menu tree is shown
in Figure 9.8. See the tables for the PPP and CHAR options for descriptions of the PPPCHAR parameters.
Config
Interface E1/T1 <Channel> Encapsulation PPPCHAR MLPPP Active
Connection Type
Identification for This Bundle
Total Number of Lines for This Bundle
PPP Inactivity Timeout
Enable Van Jacobson IP Header
Compression
Transmit Compressed Packets
Disable LCP ECHO Requests
Time Interval to Send Config Requests
Edit ACCM
Enable Predictor Compression
Number of Bits for Compression
Switch Session Character Code
Escape Session Character Code
FIGURE 9.8 PPPCHAR ENCAPSULATION MENU TREE
Chapter 9 - The E1 and T1 Interfaces, With Signaling 284
CyROS Reference Guide
The CHAR Encapsulation Menu tree is shown in Figure 9.9, and the table that follows gives a brief description of the
related parameters.
Config
Interface T1/E1 <Channel> Encapsulation CHAR Device Type
Connection Type
Number of Rings
TCP Keep Alive Timer
Terminal Type
Switch Session Character Code
Escape Session Character Code
Username
Wait For or Start a Connection
Destination Hostname
Filter Null Char After CR Char
Idle Timeout In Minutes
DTR On
Device Will Send Echo
FIGURE 9.9 CHAR ENCAPSULATION MENU TREE.
Chapter 9 - The E1 and T1 Interfaces, With Signaling 285
CyROS Reference Guide
CHAR Encapsulation Menu CONFIG=>INTERFACE =>T1/E1 =><CHANNEL> =>ENCAPSULATION =>CHAR
Parameter Description
Device Type Determines whether a Terminal, Socket device, or Command Socket will be connected
to this port. Command Socket is used to send AT commands to control the
DSPs/modems. See table later in this chapter for acceptable AT commands.
Connection Type Applies only to CAS. Whether the line will be used to receive (dial-in) or send (dial-
out) messages, or both.
Number of rings on Applies only to CAS. Applies for Device Type Command Socket and Connection Type
which to answer Dial-in or Both. Number of rings after which the DSP/modem answers automatically.
TCP Keep Alive The delay between Keep Alive messages sent by TCP.
Timer
Terminal Type For a terminal, ANSI is generally used. For a printer, dumblp is generally used.
Switch Session Applies for Terminal Device Type. Control character used to switch sessions. 1 is
Character Code Ctrl-A, 2 is Ctrl-B, etc. The value 254 disables this option.
Escape Session Applies for Terminal Device Type. Control character used while in a telnet session, to
Character Code return to the router menu without closing the session.
Username Applies for Terminal Device Type. Must be entered into the local user table first. See
section 4.3. If this parameter is left blank, the user will have to enter a username.
Wait for or Start a Applies for Socket Device Type. Wait is used when the remote application will start
Connection the communication. When Start is used, a connection is attempted as soon as the line
is considered operational.
Destination Hostname Applies for Socket Device Type. The remote hostname to which the socket will be
connected, if the previous parameter was start. This name must have been defined in
the host table. See section 4.2, menu CONFIG=>SYSTEM=>HOSTS.
Filter Null Char after Applies for Socket Device Type. Interprets a CR NULL sequence, received on a TCP
CR Char connection, as CR (only).
This table is continued.
Chapter 9 - The E1 and T1 Interfaces, With Signaling 286
CyROS Reference Guide
Idle Timeout in Applies for Socket Device Type. The connection is broken if this time passes with no
Minutes traffic.
DTR ON Only if Applies for Socket Device Type. If False, the Data Terminal Ready line is switched on
Socket Connection when the router is booted.
Established
Device Attached to Applies for Socket Device Type. Yes if the device attached to the socket will echo the
This Port Will Send characters sent to it.
ECHO
The Network Protocol Menu tree is shown in figure 9.10, and its parameters are explained in the table that follows.
Config
Interface E1/T1 <Channel> Network Protocol IP Interface Unnumbered/Numbered
Assign IP from Interface
Primary IP address
Subnet Mask
Secondary IP Address
Subnet Mask
Enable Dynamic Local IP Address
Remote IP Address Type
Remote IP Address
IP MTU
IP Fragmentation Ignore Bit DF
NAT
ICMP Port
Incoming Rule List Name
Detailed Incoming IP Accounting
Outgoing Rule List Name
Detailed Outgoing IP Accounting
Routing of Broadcast Messages
FIGURE 9.10 NETWORK PROTOCOL MENU TREE
Chapter 9 - The E1 and T1 Interfaces, With Signaling 287
CyROS Reference Guide
Network Protocol Menu CONFIG=>INTERFACE =>T1/E1 =><CHANNEL> =>NETWORK PROTOCOL =>IP
Parameter Description
Interface Unnumbered interfaces can be used for point-to-point connections.
Unnumbered
Assign IP From Applies to Unnumbered interfaces. Applies the IP address of another router interface to
Interface this one.
Primary IP Address Applies to Numbered interfaces. Address assigned to this interface.
Subnet Mask Applies to Numbered interfaces. Subnet mask of the network.
Secondary IP Applies to Numbered interfaces. Indicates a second (or third, up to eight) IP address that
Address can be used to refer to this interface. This parameter and the next are repeated until no
value is entered. To remove an address that was entered here, type 0.0.0.0.
Subnet Mask Applies to Numbered interfaces. Subnet mask of Secondary IP Address.
Enable Dynamic The terminal assigns an IP address to the router for purposes of their connection.
Local IP Address
Remote IP Address The terminal sends its IP address in the negotiation package.
Type Fixed: The IP address sent must match the number set in the next parameter.
Same Net: The IP address sent must be an address in the network set in the next
parameter.
Any: The IP address can be any number that does not conflict with any local IP address.
None: Any IP address is accepted. This is not recommended.
Remote IP Address If Remote IP Address Type not None. Used in conjunction with the previous parameter.
IP MTU Assigns the size of the Maximum Transmission Unit for the interface. This determines
whether or not a given IP datagram is fragmented.
IP Fragmentation - When this parameter is set to No, the DF (Do Not Fragment) bit in the IP header causes
Ignore Bit DF IP to reject a packet that is oversized: the router sends an ICMP message back to the
sender. When this parameter is Yes, the DF bit is ignored, the packet is fragmented, and
no message is sent back to the sender.
NAT Does not apply for Expanded NAT. Determines the type of IP address if NAT is being
used. Use Global otherwise. See section 4.3 for details on how to configure NAT.
This table is continued
Chapter 9 - The E1 and T1 Interfaces, With Signaling 288
CyROS Reference Guide
Network Protocol Menu (Continued)
Parameter Description
ICMP Port Active causes the router to send ICMP Port Unreachable messages when it receives
UDP or TCP messages for ports that are not recognized. This type of message is used
by some traceroute applications, and if disabled, the router might not be identified in the
traceroute output. However, there are security and performance reasons to leave this
option Inactive.
Incoming Rule List Filter rule list for incoming packets. See section 4.7 for instructions on how this
parameter should be set.
Detailed Incoming Applies when a list is selected in the previous parameter. See explanation of IP
IP Accounting Accounting later in this chapter. IP Accounting for a rule requires that the parameter
CONFIG =>RULES LIST=>IP=>CONFIGURE RULES=>ADD RULE=>ALLOW
ACCOUNT PROCESS also be Yes.
Outgoing Rule List Filter rule list for outgoing packets. See section 4.7 for instructions on how this
Name parameter should be set.
Detailed Outgoing Applies when a list is selected in the previous parameter. See explanation of Detailed
IP Accounting Incoming IP Accounting.
Routing of Activating this parameter causes the router to route broadcast messages from the
Broadcast LAN to the WAN and vice-versa. An individual interface can be excluded by setting
Messages this parameter to Inactive, without effecting the broadcast of messages on the other
interfaces. This is necessary with applications that use Netbios.
The only Routing Protocol available is RIP. The RIP Menu tree is shown in Figure 9.11.
Config Interface T1/E1 <Channel> Routing RIP
Protocol Send RIP
Listen RIP
RIP2 Authentication
Rip2 Authentication Password
FIGURE 9.11 ROUTING PROTOCOL MENU TREE
Chapter 9 - The E1 and T1 Interfaces, With Signaling 289
CyROS Reference Guide
Network Protocol Menu CONFIG=>INTERFACE =>T1/E1 =><CHANNEL> =>ROUTING PROTOCOL =>RIP
Parameter Description
Send RIP Causes the router to transmit RIP messages.
Listen RIP Causes the router to accept RIP messages.
RIP2 Authentication Applies if RIP2 was chosen in the first two options. Activates RIP message
authentication with a password.
RIP2 Authentication Applies if RIP2 Authentication is Active. Password used for both received and
Password transmitted RIP messages.
For each channel, certain signaling parameters must be configured. This menu tree is shown in Figure 9.12.
Config Interface E1/T1 <Channel> ISDN/ Connection Type
SIgnaling Number of Rings
Phone #
Increment By
Digital Modem Profile ID
Automatic Dial Out
Use DSP to Dial-Out
FIGURE 9.12 CHANNEL ISDN (OR SIGNALING) MENU TREE
Chapter 9 - The E1 and T1 Interfaces, With Signaling 290
CyROS Reference Guide
Channel ISDN Menu CONFIG=>INTERFACE=>T1/E1(ISDN-PRI)=><CHANNEL>=>ISDN
Channel Signaling Menu CONFIG=>INTERFACE=>T1/E1(CAS)=><CHANNEL>=>SIGNALING
Parameter Description
Connection Type Applies only for ISDN. Whether the line will be used to receive (dial-in) or send (dial-out)
messages, or both.
Number of rings on Applies for Device Type Command Socket and Connection Type Dial-in or Both and for
which to answer ISDN. Number of rings after which the DSP/modem answers automatically.
Phone # for this Applies for Dial-in, or Both. If a specific phone number is assigned to each channel,
Channel enter it here. Usually this does not happen.
Increment By Applies when all channels or a group of channels is being configured. The phone
number above is applied to the first channel and the following channels will be assigned
phone numbers consecutively, with the Increment By value determining the value for
each following channel.
Digital Modem Applies for Dial-in, or Both. The modem profiles are defined in CONFIG =>SYSTEM
Profile ID =>MODEMS =>DIGITAL MODEM.
Automatic Dial Out Applies only for ISDN and Dial-out. If Yes, the router will try to connect with the first
destination listed in the dial-out table as soon as the ISDN line is up and synchronized. If
No, the connection will occur only on demand.
Use DSP to Dial Applies only for ISDN and Dial-out or Both. If Yes, the connection will be analog
Out (modem). If No, digital.
Below is a table of AT commands used to control the DSPs/modems for the Command Socket Device Type mentioned
above.
+++ Escapes to the on-line command mode
A/ Executes again the last command issued. Used primarily to redial.
AT Used alone to test for OK results. Also used as a command prefix.
A Manual answer : goes off hook in answer mode.
D# or DT# Dials the specified phone number.
This table is continued.
Chapter 9 - The E1 and T1 Interfaces, With Signaling 291
CyROS Reference Guide
C# Sets local echo. #=0 - echo OFF, #=1 - echo ON *
H# Control ON/OFF hook. #=0 - hangs up (goes on hook), #=1 - goes off
I0 Not defined.
I1 Displays current modem settings.
I2 Displays current P-register settings.
I3 Displays current status register settings.
O Returns on-line after escape sequence.
Pr=# Sets special P-register r to value . Accepts hexadecimal values when = is followed by x.
Ex : ATP1=1 P19=xEE3C means set the P-register 1 to value 1 and P-register 19 to
value 0xEE3C. The P-registers are defined in documentation on modem parameters.
Q# Displays/ suppresses result codes. #=0 - result codes displayed * , #=1 - result codes
hidden.
Sr? Displays decimal contents of S-register r
Sr=# Sets S-register r to value #. Accepts hexadecimal values when = is followed by x. Ex:
ATS1=1 S2=x2b means set S-register 1 to value 1 and S-register 2 to value 0x2b.
S0=# Sets the number of rings after which auto answer mode takes over. When set to 0, auto
answer is disabled. 0 is the default value.
S1=# Counts and stores the number of rings from a incoming call. (S0 must be greater than 0.)
0 is the default value.
S2=# Stores the ASCII decimal code for the escape code character. 43, representing "+", is the
default value.
S3=# Stores the ASCII decimal code for the Carriage Return character. 13 is the default value.
S4=# Stores the ASCII decimal code for the Line Feed character. 10 is the default value.
S5=# Stores the ASCII decimal code for the Backspace character. 8 is the default value.
S6=# Sets the duration, in units of 10 ms, of the guard time for the escape code sequence.
100 is the default value.
X# Sets result code displayed.
X0 "CONNECT"
X1 "CONNECT <speed>"
This table is continued.
Chapter 9 - The E1 and T1 Interfaces, With Signaling 292
CyROS Reference Guide
X2 "CONNECT <speed> CALLER_ID <number>"
X3 "CONNECT <speed> CALLER_ID <number>",
"NO CARRIER Cause 0xnn", "BUSY Cause 0xnn"
where <speed> = carrier family, connection speed Rx/Tx, compression protocol.
Z Resets the modem.
R# Reserve the channel for future use. In this state, the channel cannot accept incoming
calls. #=0 Releases the channel and #=1 reserves the channel.
&N# Sets the connection speed. If the connection cannot be established at this speed,
the modem will hang up.
&N0 Variable rate, which is the default.
&N1 300 bps
&N2 600 bps
&N3 1,200 bps
&N4 2,400 bps
&N5 4,800 bps
&N6 7,200 bps
&N7 9,600 bps
Chapter 9 - The E1 and T1 Interfaces, With Signaling 293
CyROS Reference Guide
The Authentication Menu Tree, which appears only for PPP and PPPCHAR encapsulation (and CHAR encaptulation
for terminal or socket), is shown in Figures 9.4 and 9.5.
Authentication Menu CONFIG =>INTERFACE =>T1/E1=><CHANNEL> =>AUTHENTICATION
Parameter Description
Authentication Type Local uses the list of users defined in CONFIG=> SECURITY=>USERS=>ADD.
Server uses either Radius or Tacacs to authenticate the user.
Remote is when this interface is considered to be the user and the other end of the
connection performs the authentication
Username Applies when Authentication Type is Remote. The username the remote device
expects to receive.
Password Applies when Authentication Type is Remote. The password the remote device
expects to receive.
Authentication Server Applies when Authentication Type is Server. Indicates that either a Radius or Tacacs
server is used for validation. The location and other parameters of the server must be
configured in CONFIG=> SECURITY. See section 4.3.
Authentication Applies when Authentication Type is Local or Server and PPP or PPPCHAR
Protocol encapsulation is used. Either PAP or CHAP or both can be used for authentication.
Chapter 9 - The E1 and T1 Interfaces, With Signaling 294
CyROS Reference Guide
Wizards were created to simplify the E1/T1 configuration for common applications. The Wizards Menu tree is shown
in Figure 9.13, and its parameters are explained in the next table. The parameters set automatically are given in the
tables that follow.
Config
Interface T1/E1 <Channel> Wizards TS Profile Phone #
Digital Modem Profile ID
Username
RAS Profile Phone #
Digital Modem Profile ID
Remote IP Address
LAN-to-LAN Profile Phone #
Digital Modem Profile ID
Primary IP Address
Subnet Mask
Secondary IP Address
Subnet Mask
Remote IP Address Type
Remote IP Address
Copy From Channel Channel
FIGURE 9.13 WIZARDS MENU TREE
Chapter 9 - The E1 and T1 Interfaces, With Signaling 295
CyROS Reference Guide
Wizards Menu CONFIG =>INTERFACE =>T1/E1 =><CHANNEL> =>WIZARDS
Menu Items Description
TS Profile Used to create a local host Terminal Server. For CCS, the only parameter is the
Username. For CAS, the parameters are the Username, the Phone Number for the
channel, and the Digital Modem Profile ID.
RAS Profile Used to set up a PPP Remote Access Server using modems and dial-up lines. The
Remote IP Address of the first port is the only parameter, for CCS. For CAS, the
parameters are Remote IP Address, the Phone Number for the channel, and the
Digital Modem Profile ID. If the Wizard is used for a range or all ports, the following
ports will be the numbered consecutively.
Lan-to-Lan Profile Used to connect two LANs. The only parameters are the Primary IP Address, the
Subnet Mask, any Secondary IP Addresses and Subnet Masks, the Remote IP
Address Type and the Address. For CAS, the parameters Phone Number and Digital
Modem Profile ID are also requested.
Copy From Channel Used to copy an entire configuration from one channel to another, while changing the
IP address so that the ports are numbered consecutively.
The parameters automatically configured by the terminal server wizard are shown in Figure 9.14.
Encapsulation CHAR
Device Type Terminal
TCP KeepAlive Inactive
Terminal Type ANSI
Escape Session Character Code 1
Switch Session Character Code 11
Direct Login User ***
Dial-Out Non-Automatic (CCS only)
Phone # *** for CAS
Digital Modem Profile ID # *** for CAS
FIGURE 9.14 PARAMETERS SET BY THE TS WIZARD
Chapter 9 - The E1 and T1 Interfaces, With Signaling 296
CyROS Reference Guide
The parameters automatically configured by the RAS wizard are shown in Figure 9.15.
Encapsulation PPPCHAR
IP Protocol Active
Interface Unnumbered
Primary IP Address ***
Subnet Mask *Depends on the IP
Remote IP Address Type Fixed
Remote IP Address ***
IP MTU 1500
NAT - Address Scope Global
ICMP Port Inactive
Incoming Filter List None
Outgoing Filter List None None
Interface Transparent Bridge Inactive
Bandwidth 0
IP Traffic Control List None
Van Jacobson IP Header Compression Disabled
LCP ECHO Requests Enabled
Time Interval to Send Config Requests: 1
ACCM for Reception: 000A0000
Escape Session Character Code 1
Switch Session Character Code 11
Predictor Compression Disabled
Inactivity Timeout None
Link Authentication Method PAP/CHAP Local Authenticator
Connection Dial-In
Phone # *** for CAS
Digital Modem Profile ID # *** for CAS
FIGURE 9.15 PARAMETERS SET BY THE RAS WIZARD
Chapter 9 - The E1 and T1 Interfaces, With Signaling 297
CyROS Reference Guide
The parameters automatically set by the Lan-to-Lan wizard are shown in Figure 9.16.
Encapsulation PPP
IP Protocol Active
Interface Numbered
Primary IP Address ***
Subnet Mask ***
Secondary IP Address ***
Secondary Subnet Mask ***
Remote IP Address Type ***
Remote IP Address ***
IP MTU 1500
NAT - Address Scope Global
ICMP Port Inactive
Incoming Filter List None
Outgoing Filter List None None
Interface Transparent Bridge Inactive
Bandwidth 0
IP Traffic Control List None
Van Jacobson IP Header Compression Disabled
LCP ECHO Requests Enabled
Time Interval to Send Config Requests: 1
ACCM for Reception: 00000000
Predictor Compression Disabled
Inactivity Timeout None
Link Authentication Method None
Connection Dial-In
Phone # *** for CAS
Digital Modem Profile ID # *** for CAS
FIGURE 9.16 PARAMETERS SET BY THE LAN-TO-LAN WIZARD
Chapter 9 - The E1 and T1 Interfaces, With Signaling 298
CyROS Reference Guide
CHAPTER 10 THE ISDN-BRI INTERFACE
Note: Please contact Cyclades directly for sales information about this product.
ISDN, the Integrated Services Digital Network, was intended to be a digital upgrade to the current analog telephone
system. The ISDN discussed in this chapter is N-ISDN, where the N is for Narrow Band. A Broad Band ISDN also
exists. There are two ISDN interfaces:
BRI — Basic Rate Interface — used for residential or small-business access.
PRI — Primary Rate Interface — used to provide access or used by large businesses for access.
The BRI interface is available on the PR3000. It accepts only digital connections. A summary menu tree for the
ISDN-BRI Interface is given in Figure 10.1.
Config
Interface ISDN-BRI Encapsulation <Channel> Frame Relay [menu shown in a later figure]
PPP [menu shown in a later figure]
X.25 [menu shown in a later figure]
HDLC Keep Alive Interval
Inactive
Network Protocol <Channel> [menu shown in a later figure]
Routing Protocol <Channel> [menu shown in a later figure]
ISDN [menu shown in a later figure] <Channel> General Bandwidth
IP Traffic Control List
Traffic Control <Channel> Authentication Type
Username
Password
Authentication Authentication Server
Authentication Protocol
FIGURE 10.1 ISDN-BRI INTERFACE CONFIGURATION MENU TREE
Chapter 10 - ISDN-BRI Interface 299
CyROS Reference Guide
A brief description of each principal item appears in the following table.
ISDN-BRI Interface Menu CONFIG=>INTERFACE=>ISDN-BRI
Menu Item Description
Encapsulation Determines the data-link layer protocol to be used for this communication link.
Network Protocol Provides menus for the IP and Transparent Bridge parameters, including rules to be
applied to this interface.
Routing Protocol Submenus for RIP and OSPF configuration.
ISDN Defines the ISDN-specific parameters for this interface.
Traffic Control Sets the bandwidth of the connection for use with traffic control rules and associates a
traffic control rule list to this interface. See section 4.7 for more information on traffic
control rules.
Authentication Determines the method used for authentication for connections on this line.
There are many synchronous encapsulation options on this interface: Frame Relay, PPP, X.25, and HDLC.
Encapsulation Menu CONFIG =>INTERFACE =>ISDN-BRI =>ENCAPSULATION =><CHANNEL>
Menu Option Description
Frame Relay The Frame Relay Protocol is based on frame switching and constructs a permanent
virtual circuit (PVC) between two or more points.
PPP The PPP (Point-to-Point) protocol and Multilink PPP are provided.
X.25 The X.25 Protocol is generally used to connect to a public network. The router can act
either as a DTE or a DCE.
HDLC This protocol has only one parameter: HDLC Keepalive Interval. This is the time
interval between transmission of Keepalive messages. The receiver of these
messages must send keepalive messages with the same frequency or will be
considered inoperative.
Inactive This menu option must be chosen whenever the encapsulation is changed from one
type to another. One must be deactivated before another can be activated.
Chapter 10 - ISDN-BRI Interface 300
CyROS Reference Guide
Frame Relay
FR supports multiple connections over a single link. Each data link connection (DLC) has a unique DLCI (data
link connection identifier). This allows multiple logical connections to be multiplexed over a single channel.
These are called Permanent Virtual Circuits (PVCs). The DLCI has only local significance and each end of the
logical connection assigns its own DLCI from the available local numbers.
A public Frame Relay network connecting offices in Ottawa, Montréal, Saskatoon, and Vancouver is shown in
Figures 10.2 and 10.3.
Ottawa Montréal
Network: 192.168.200.0 Network: 192.168.201.0
Router Router
200.1.1.1 200.1.1.4
FR Network
200.1.1.0
200.1.1.2 200.1.1.3
Router Router
Saskatoon Vancouver
Network: 192.168.203.0 Network: 192.168.202.0
FIGURE 10.2 PUBLIC FRAME RELAY NETWORK EXAMPLE
Chapter 10 - ISDN-BRI Interface 301
CyROS Reference Guide
Each router will have a routing table pairing destination network with router interface and gateway. A Frame Relay
Address Map is also created (either statically or dynamically) to associate each DLCI with the destination router
IP.
Ottawa Montréal
Network: 192.168.200.0 Network: 192.168.201.0
Router Router
200.1.1.1 200.1.1.4
21
11
81
200.1.1.2 200.1.1.3
Router Router
Saskatoon Vancouver
Network: 192.168.203.0 Network: 192.168.202.0
FIGURE 10.3 PERMANENT VIRTUAL CIRCUITS BETWEEN OFFICES
For the router in Saskatoon, the Frame Relay address map will look like this:
DLCI IP
11 200.1.1.1
21 200.1.1.4
81 200.1.1.3
Chapter 10 - ISDN-BRI Interface 302
CyROS Reference Guide
These values are entered in the Add DLCI menu.
The Local Management Interface (LMI) Protocol provides services not available in simple Frame Relay. It is used
for controlling the connection between the user and the network. It monitors this link, maintains the list of DLCs,
and sends status messages about the PVCs. A separate virtual circuit is created to pass this information (DLCI
0).
Sub-Network Access Protocol (SNAP)
A normal Frame Relay Network header contains the NLPID (Network Level Protocol ID) field to identify which
protocol provided the information encapsulated in the data field.
flag address - control optional NLPID data FCS flag
including pad
DLCI
FIGURE 10.4 NORMAL HEADER USING NLPID
For those protocols which do not have an NLPID defined, the SNAP header must be used. The NLPID field
remains, but contains a value (0x80) that indicates that the SNAP information follows.
flag address - control optional NLPID OUI PID data FCS flag
including pad = 0x80
DLCI
FIGURE 10.5 HEADER USING SNAP
The three-octet Organizationally Unique Identifier (OUI) and the two-octet Protocol Identifier (PID) which follow
define a distinct protocol. See RFC 1490 for details.
Chapter 10 - ISDN-BRI Interface 303
CyROS Reference Guide
The Frame Relay Encapsulation Menu tree is shown in Figure 10.6.
Config
Interface
ISDN-BRI Encapsulation <Channel> Frame Relay SNAP IP
LMI
T391
N391
N392
N393
CIR
Bandwidth Reservation
Add DLCI DLCI Number
Frame Relay
Address Map
IP Address
Enable Predictor
Compression
Number of Bits for
Compression
DLCI priority level
Reserved Bandwidth
Bandwidth Priority Level
Delete DLCI Map Entry Number
Edit DLCI Table Entry
FIGURE 10.6 FRAME RELAY ENCAPSULATION MENU TREE
Chapter 10 - ISDN-BRI Interface 304
CyROS Reference Guide
A detailed explanation of the Frame Relay parameters is given in the following tables.
Frame Relay Menu CONFIG =>INTERFACE =>ISDN-BRI =>ENCAPSULATION =><CHANNEL> =>FRAME
RELAY
Parameter Description
SNAP IP Indicates that the Sub-Network Access Protocol should be used. See description above.
From a network administrator's point of view, the router on the sending end must be using
the same header type (NLPID or SNAP) as the router on the receiving end.
LMI Selects the Local Management Interface specification to be used. ANSI, Group of Four
(defined by the vendors that first implemented Frame Relay), Q933a (defined by ITU-T),
and None (used for a dedicated FR connection without a network).
T391 Interval between the LMI Status Enquiry messages.
N391 Full Status Polling Counter. Full Status Enquiry messages are sent every N391-th LMI
Status Enquiry message.
N392 Error Threshold. The network counts how many events occur within a given period and
considers an interface inactive when the number of events exceeds a threshold. N393 is
the number of events to be considered and N392 the number of errors within this period. If
N392 of the last N393 events are errors, the interface is deemed inactive. A successful
event is the receipt of a valid Status Enquiry message
N393 Monitored Events Count. See the description of N392. This value must be larger than
N392.
CIR Committed Information Rate, in percentage of total bandwidth (given in CONFIG
=>INTERFACE =>ISDN-BRI =>TRAFFIC CONTROL=> <CHANNEL> =>GENERAL
=>BANDWIDTH). Traffic above this rate may be discarded if the network is congested.
Bandwidth Enables traffic control per DLCI. See the Add DLCI menu for more details.
Reservation
The following menu appears at the end of the Frame Relay parameter list. It can be reached by passing through
all parameters or by using the <ESC> key at any point in the parameter list.
Chapter 10 - ISDN-BRI Interface 305
CyROS Reference Guide
DLCI Frame Relay Menu CONFIG =>INTERFACE =>ISDN-BRI =>ENCAPS =><CHANNEL> =>FRAME
RELAY =><ESC>
Menu Option Description
Add DLCI Adds a DLC for this interface to the DLCI table.
Delete DLCI CyROS puts all DLCIs in a table. The list command (L) must be used to discover this
number in order to delete the DLCI.
Edit DLCI CyROS puts all DLCIs in a table. The list command (L) must be used to discover this
number in order to edit the DLCI.
Traffic Control based on Data Link Connection
Traffic Control as described in section 4.7 can also be performed on a Frame Relay interface for each permanent
virtual connection. The parameters in the Add DLCI menu are used in the same manner as those described in
section 4.7.
Add DLCI Frame Relay Menu CONFIG=>INTERFACE=>ISDN-BRI=>ENCAPS =><CHANNEL> =>FRAME
RELAY =><ESC> =>ADD DLCI
Parameter Description
DLCI Number Used to identify the DLC. This number is supplied by the Public Frame Relay network
provider. The DLCIs are stored in a table which can be seen with the L command.
Frame Relay Determines the method used for mapping the remote IP address to the Permanent Virtual
Address Map Circuit. Static maps one IP address to this DLCI. Inverse ARP maps the IP address
dynamically, in a manner similar to the ARP table.
IP Address Applies when Frame Relay Address Map is Static. Provides the IP address to be used for
static address mapping.
this table continued
Chapter 10 - ISDN-BRI Interface 306
CyROS Reference Guide
Add DLCI Frame Relay Menu (continued)
Enable Predictor Enables data compression using the Predictor algorithm. This feature should be enabled
Compression only if Cyclades' equipment is being used on both ends of the connection because there is
no established standard for data compression interoperability. Data compression is very
CPU-intensive, making this feature effective only for links running at speeds under 1Mbps.
At higher speeds, the time necessary to compress data offsets the gains in throughput
achieved by data compression.
Number of Bits Applies when Predictor Compression Enabled. Sixteen is fastest, but 10 must be used if
for Compression the router on the other end is a PathRouter, for compatibility.
DLCI Priority This is the equivalent of CONFIG=>RULES LIST=>IP =>CONFIGURE RULES=>ADD
Level RULE=>FLOW PRIORITY LEVEL. Indicates the relative priority of the frame for insertion
into queues in the router. A frame with priority 1 will enter the queue if there is any space
available. A frame with priority 2 will enter the queue if at least 20% of the space is
available, and so on (40% free for priority 3, 60% free for priority 4, and 80% free for priority
5). Frames with priority x + 1 will always enter after frames with priority x, x-1, etc. Priority
0 is similar to Priority 5, but these packets always enter the queue. All frames that do not
enter the queue are DISCARDED. Use this feature with caution!
Reserved This is the equivalent of CONFIG=>RULES LIST=>IP =>CONFIGURE RULES=>ADD
Bandwidth RULE=>RESERVED BANDWIDTH. Defines what percentage of the total bandwidth on an
interface will be set aside for this DLC.
Bandwidth This is the equivalent of CONFIG=>RULES LIST=>IP =>CONFIGURE RULES=>ADD
Priority Level RULE=>BANDWIDTH PRIORITY LEVEL. Two DLCs with the same priority cannot share
bandwidth when one DLC does not need its entire allotment. For two DLCs with different
priorities, the DLC with the higher priority can steal bandwidth from the other when it is not
in use. Priority is relative -- two DLCs with priorities 1 and 5 are the same as two DLCs
with priorities 3 and 4 (if there are no other DLCs).
Chapter 10 - ISDN-BRI Interface 307
CyROS Reference Guide
PPP
Multilink PPP (MLPPP) is similar in functionality to the Multilink feature described in section 4.4, but it is implemented
at the data-link level instead of the network-protocol level. When compared to Multilink, MLPPP is slightly more
efficient and less generic (because it applies only to PPP encapsulation).
Router A
Modem
Modem Modem
Modem Link 2 (Bundle 6)
Link 1
(Bundle 6)
Router B
FIGURE 10.7 MULTILINK PPP EXAMPLE
In figure 10.7, Router B connects to Router A via two modem connections to achieve a larger bandwidth. Router
A accepts the two physical connections, but treats them as one logical connection (one “bundle”). MLPPP must
be enabled on all interfaces that will form this bundle, (and on both sides of the connection), with the same bundle
identifier specified for each.
The PPP Encapsulation Menu tree is shown in Figure 10.8. A description of the parameters with values given for
the example is presented in the table.
Chapter 10 - ISDN-BRI Interface 308
CyROS Reference Guide
PPP Menu CONFIG=>INTERFACE=>SWAN=>ENCAPSULATION=>PPP
Parameter Description
MLPPP Enables Multilink PPP on this interface.
Dial-in, etc. Applies for MLPPP = Yes. Type of line used on this link.
Identification for This Applies for MLPPP = Yes and Dial-out or Leased. In the example, this value is 6.
Bundle
Total Number of lines Applies for MLPPP = Yes. Maximum number of links allowed in the bundle. In the
for This Bundle example, this number is 2 or larger.
Enable Van Jacobson Allows the link to receive compressed packets. This type of compression is useful for
IP Header low-speed links and/or small packets. It is not recommended for fast links, as it
Compression requires CPU time.
Transmit Compressed Applies when Enable Van Jacobson IP Header Compression is Yes. This parameter
Packets causes the link to send compressed packets.
Disable LCP Echo LCP (Link Control Protocol) messages are normally exchanged to monitor the status of
Requests the link. Disabling these messages reduces traffic, but the link then has no way of
knowing if the other end is still connected.
Time Interval to Send Config Request messages are used to negotiate the parameters at the start of a PPP
Config Requests connection. For a slow line, this time should be increased to allow the reply to return
to the sender. If not, the sender will assume it was lost and send another.
Enable Predictor Enables data compression using the Predictor algorithm. This feature should be
Compression enabled only if Cyclades' equipment is being used on both ends of the connection
because there is no established standard for data compression interoperability. Data
compression is very CPU-intensive, making this feature effective only for links running
at speeds under 1Mbps. At higher speeds, the time necessary to compress data
offsets the gains in throughput achieved by data compression.
Number of Bits for Applies when Predictor Compression Enabled. Sixteen is fastest, but 10 must be used
Compression if the router on the other end is a PathRouter, for compatibility.
Chapter 10 - ISDN-BRI Interface 309
CyROS Reference Guide
Note: Asynchronous Control Character Map (ACCM) mapping is done by codifying one control character as two
special characters. This permits transparent transmission of control characters as data. Thirty-two bits are
encoded in such a way that each bit indicates if the corresponding control character should or should not be
mapped to the two character sequence. If the bit is set to 1, the character will be mapped. For example, if bit 17
and 19 are set to 1, the corresponding characters in the ASCII table (DC1 or XON and DC3 or XOFF) will be
encoded, and the corresponding ACCM will be: 00 0A 00 00 (hex), (binary: 00000000 00001010 00000000
00000000), the bits set to 1 are the 17th and 19th, if counting from right to left, starting from 0.
Config
Interface
ISDN-BRI Encapsulation <Channel> PPP MLPPP Active
Dial-in, etc.
Identification for This Bundle
Total Number of Lines for This Bundle
Enable Van Jacobson IP Header Compression
Transmit Compressed Packets
Disable LCP ECHO Requests
Time Interval to Send Config Requests
Enable Predictor Compression
Number of Bits for Compression
FIGURE 10.8 PPP ENCAPSULATION MENU TREE
X.25
A Cyclades Router can act either as a DTE (Data-terminal Equipment) connected to a public X.25 network or as
a DTE or DCE (Data circuit-terminating Equipment) as part of a private X.25 network. As seen in Figures 10.9 and
10.10, the determination of DTE or DCE depends on the position and use of the router within the network.
Chapter 10 - ISDN-BRI Interface 310
CyROS Reference Guide
Both Permanent Virtual Circuits (PVCs) and Switched Virtual Circuits (SVCs) can be defined. A PVC requires that
two DTEs be permanently connected.
Modem or
DSU/CSU
Router / DTE Router / DTE
Switch / DCE Switch / DCE
X.25
FIGURE 10.9 PUBLIC X.25 NETWORK EXAMPLE
Chapter 10 - ISDN-BRI Interface 311
CyROS Reference Guide
Router A
DTE Router B
Link 3 Link 1
DTE
DCE
DCE
Router C Link 2
DCE
DTE
Router D
FIGURE 10.10 PRIVATE WAN
In the Private WAN network example, the central router acts as a switch connecting the other three. A type of
bridge must be configured to allow switched virtual connections passing through the router. The “switch” must be
configured on both of the interfaces involved in the bridge. The X.25 parameters Packet Size and Window Sizes
Chapter 10 - ISDN-BRI Interface 312
CyROS Reference Guide
should be the same on both interfaces to prevent bottlenecks.
The first X.25 menu tree is shown in Figure 10.11
Config
Interface ISDN-BRI Encapsulation <Channel> X.25 X.121 (Local DTE) Address
Switch Mode Active
Incoming Calls...Forwarded
Suppress Calling Address
Inactivity Timeout
Configure as DTE or DCE
Number of Virtual Circuits
Number of Permanent Virtual Circuits
Layer 3 Window Size
Layer 2 Window Size
Packet Size
Number of Retries N2
TL
T2
T21
T23
Negotiable Facilities
Send Facility
Add DTE [shown in DTE Menu Diagram]
Delete DTE [shown in DTE Menu Diagram]
Edit DTE [shown in DTE Menu Diagram]
Terminal PAD for X.25
Encapsulation [shown in a later figure]
Network Protocol [shown in a later figure]
Physical [shown in a later figure]
Authentication [shown in a later figure]
FIGURE 10.11 X.25 MENU TREE
Chapter 10 - ISDN-BRI Interface 313
CyROS Reference Guide
Config
Interface
ISDN-BRI Encapsulation <Channel> X.25 Add DTE Type of Logical Address
IP Address
X25 Socket Port
X.121 (DTE) Address
VC Number
Packet Transaction
Automatic Mode
User Data Len
User Data
Enable Predictor Compression
Number of Bits for Compression
Delete DTE Host Number to Delete
Edit DTE Host Number to Change
FIGURE 10.12 X.25 DTE MENU TREE
A detailed description of the X.25 parameters for the two examples given above is provided in the table below.
Chapter 10 - ISDN-BRI Interface 314
CyROS Reference Guide
X.25 Menu CONFIG =>INTERFACE =>ISDN-BRI =>ENCAPS =><CHANNEL> =>X.25
Parameter Description
X.121 (Local DTE) Address assigned to this interface (provided by the public X.25 Network Provider).
Address Can be up to 15 digits.
Switch Mode Active Private WAN: In the example, Router C is used to connect three internal X.25
networks. To allow bridging from Router B to Router D across Router C, this
parameter must be Yes on both link 1 and link 2 .
Incoming Calls Applies when Switch Mode is Active. Private WAN: When Router C receives a
Received Over the packet from Router B with an unknown address, it can take two actions: if this
Other X.25 Links With parameter is No on both link 2 and link 3, the packet is discarded. If either link 2 or link
Unknown 3 has this parameter set to Yes, the packet is sent through that link. (If both are Yes,
Destination DTE Can the link with the lowest link number is chosen -- in this case link 2).
be Forwarded
Through This Link
Suppress Calling Public X.25 Network: This parameter must be chosen according to the guidelines
Address given by the Public X.25 Network provider. When activated, the sender's Local DTE
address is not included in the Call Request Message. Private WAN: This parameter
will be No as the network will not keep track of the sender of each packet.
Inactivity Timeout Time until connection is automatically terminated by the router if there is no traffic.
Configure as DTE or As mentioned above, the router can act either as the recipient of information (DTE), or
DCE as the passer-on of information (DCE). Public X.25 Network: Both routers are DTEs
. Private WAN: Routers A,B, and D are DTEs and Router D is a DCE.
Number of Virtual Indicates the maximum number of virtual circuits (total of PVCs and SVCs) allowed on
Circuits this interface. The maximum is 64.
Number of Permanent Indicates the number of permanent virtual circuits that will be connected through this
Virtual Circuits interface. This maximum is also 64.
this table continued
Chapter 10 - ISDN-BRI Interface 315
CyROS Reference Guide
X.25 Menu (Continued)
Parameter Description
Layer 3 Window Size The layer 3 (packet) level window represents the number of sequentially numbered
packets that can be sent before an acknowledgement must be received. This number
may be negotiated if the Window Size Facility is utilized (see last parameter in this
table).
Layer 2 Window Size The layer 2 (frame) level window represents the number of sequentially numbered
frames that can be sent before an acknowledgement must be received. The frame
numbers are independent of the packet numbers.
Packet Size The packet size to be sent across the interface. This number may be negotiated if the
Packet Size Facility is utilized (see last parameter in this table).
Number of Retries N2 Number of times an information frame can be resent, without response, before the link
is considered down.
TL Time the frame level waits for an acknowledgement for a given frame before re-
sending it.
T2 Time that can elapse, after receiving a frame, until the router must send an
acknowledgement.
T21 Call Request response Timer. After this time has elapsed, the DTE sends a Clear
message.
T23 Clear Request response Timer. After this time has elapsed, the DTE retransmits the
Clear message.
Negotiable Facilities Initiates facility negotiation during virtual circuit creation.
Send Facility Determines which facilities are negotiated during virtual circuit creation: Packet size is
part of the flow control parameters negotiation, Throughput is part of the throughput
class negotiation, and N3 Window (Level 3 Window Size, above) is part of the flow
control parameters negotiation.
The following menu appears at the end of the X.25 parameter list. It can be reached by passing through all
parameters or by using the <ESC> key at any point in the parameter list. This menu creates a static routing table
associating a remote X.121 address to an IP address or a TCP Socket location.
Chapter 10 - ISDN-BRI Interface 316
CyROS Reference Guide
X.25 Add DTE Menu CONFIG =>INTERFACE =>ISDN-BRI =>ENCAPS =><CHANNEL> =>X.25 => <ESC>
=>Add DTE
Parameter Description
Type of Logical IP Address or TCP Socket. Users that intend to use the TCP Socket option should see
Address Appendix A.
IP Address Applies for IP Address Type. IP Address of remote DTE device.
X.25 Socket Port Applies for Socket Address Type. Must be a number in the interval defined by the
parameters CONFIG=>IP=>TCP PORT RANGES=>X25 SOCKET START/END PORT
RANGE.
X.121(DTE) Address Address of remote DTE device.
VC Number Number assigned to this circuit, if it is a PVC. For SVCs, the value should be zero.
Packet Transaction Applies for Socket Address Type. See Appendix A.
Automatic Mode Applies for Packet Transaction = Yes. See Appendix A.
User Data Len Applies for Socket Address Type. Length of next parameter in bytes. See Appendix
A.
User Data Applies for Socket Address Type. The value in the user data field of the Call Request
packet which determines which service on the remote host is being requested. 0xCC
is used for IP. See Appendix A.
Enable Predictor Applies for IP Address Type. Enables data compression using the Predictor algorithm.
Compression This feature should be enabled only if Cyclades' equipment is being used on both ends
of the connection because there is no established standard for data compression
interoperability. Data compression is very CPU-intensive, making this feature effective
only for links running at speeds under 1Mbps. At higher speeds, the time necessary to
compress data offsets the gains in throughput achieved by data compression.
Number of Bits for Applies when Predictor Compression Enabled. Sixteen is fastest, but 10 must be used
Compression if the router on the other end is a Cyclades PathRouter, for compatibility.
Chapter 10 - ISDN-BRI Interface 317
CyROS Reference Guide
PAD (Packet Assembler/Disassembler)
PAD acts as a protocol converter, allowing a user to access the packet-switched network via a serial terminal.
This asynchronous connection is then converted into synchronous communication with the router and the network
beyond (using the telnet application available in the router). Any user listed in the local user table can be connected
this way, and the menu options available to him are configured in the CONFIG=>SECURITY =>USERS=>ADD
menu.
CyROS provides for configuration of the X.3 parameters that define the connection between the PAD and the
router. When the PAD sends a connection request to the router, the router replies with the profile (the X.3 parameters)
to be used for the connection. The X.28 parameters that define the connection between the remote terminal and
the PAD are not considered. Link 1 of the Router in the PAD example must be configured for this type of access.
Chapter 10 - ISDN-BRI Interface 318
CyROS Reference Guide
With encapsulation type CHAR, pure X.25 is used. Optionally, PPP or PPPCHAR can run on top of X.25. These
protocols must be configured in the encapsulation menu, and related parameters are set in the Network Protocol,
Physical, and Authentication menus.
Asynchronous
PC Connection
Modem
X.28 PAD Public X.25 Synchronous
Parameters Network Connection
PR3000
Link 1
X.3
Parameters ETH0
....
......
......
......
......
......
Server
FIGURE 10.13 PAD EXAMPLE
Chapter 10 - ISDN-BRI Interface 319
CyROS Reference Guide
Config
Interface
PPP PPP Inactivity Timeout
Enable Van Jacobson
ISDN-BRI IP Header Compression
Transmit Compressed Packets
Disable LCP ECHO Requests
Encapsulation Time interval to Send
Config Requests
<Channel> X.25 Terminal PAD Encapsulation Edit ACCM
for X.25
PPPChar PPP Inactivity Timeout
Enable Van Jacobson
IP header Compression
Transmit Compressed Packets
Disable LCP ECHO Requests
Time Interval to Send
Config Requests
Edit ACCM
Switch Session Character Code
Escape Session Character Code
Char Switch Session Character Code
Escape Session Character Code
Username
Inactive
FIGURE 10.14 X.25 PAD ENCAPSULATION MENU TREE
Chapter 10 - ISDN-BRI Interface 320
CyROS Reference Guide
The PAD Encapsulation menu tree is shown in Figure 10.14. Details on the configuration of each parameter are
given in the following table.
X.25 PAD PPP Menu CONFIG=>INTERFACE=>ISDN-BRI =>ENCAPS =><CHANNEL> =>X.25 =><ESC>
=><ESC> =>ENCAPS =>PPP
Parameter Description
PPP Inactivity The connection is closed when data does not pass through the line for this period of
Timeout time.
Enable Van Jacobson Allows the link to receive compressed packets. This type of compression is useful for
IP Header low-speed links and/or small packets. It is not recommended for fast links, as it
Compression requires CPU time.
Transmit Compressed Applies when Enable Van Jacobson IP Header Compression is Yes. This parameter
Packets causes the link to send compressed packets.
Disable LCP Echo LCP (Link Control Protocol) messages are normally exchanged to monitor the status of
Requests the link. Disabling these messages reduces traffic, but the link then has no way of
knowing if the other end is still connected.
Time Interval to Send Config Request messages are used to negotiate the parameters at the start of a PPP
Config Requests connection. For a slow line, this time should be increased to allow the reply to return
to the sender. If not, the sender will assume it was lost and send another.
Edit ACCM Applies to asynchronous connections only. Permits control character mapping
negotiation on asynchronous links. This is useful when you need to send a control
character as data (e.g. XON/XOFF, Crtl A, etc.) over an asynchronous link and do not
want it interpreted by the modem or other device in the middle. The map is built up
with the following commands.
Clear – Resets the ACCM table toggle;
Toggle XON/XOFF – Add XON/XOFF control characters to the ACCM table;
Toggle Char – Add other control characters to the ACCM table, using their ASCII
value.
Typing the option once (for example, X), includes it in the table. Typing it again
excludes it from the table. See note after CONFIG=>INTERFACE=>SWAN
=>ENCAPSULATION =>PPP table.
Chapter 10 - ISDN-BRI Interface 321
CyROS Reference Guide
X.25 PAD PPPCHAR Menu CONFIG=>INTERF=>ISDN-BRI=>ENCAPS =><CHANNEL>=>X.25 => <ESC>
><ESC> =>ENCAPS =>PPPCHAR
Parameter Description
PPP Inactivity The connection is closed when data does not pass through the line for this period of
Timeout time.
Enable Van Jacobson Allows the link to receive compressed packets. This type of compression is useful for
IP Header low-speed links and/or small packets. It is not recommended for fast links, as it
Compression requires CPU time.
Transmit Compressed Applies when Enable Van Jacobson IP Header Compression is Yes. This parameter
Packets causes the link to send compressed packets.
Disable LCP Echo LCP (Link Control Protocol) messages are normally exchanged to monitor the status of
Requests the link. Disabling these messages reduces traffic, but the link then has no way of
knowing if the other end is still connected.
Time Interval to Send Config Request messages are used to negotiate the parameters at the start of a PPP
Config Requests connection. For a slow line, this time should be increased to allow the reply to return
to the sender. If not, the sender will assume it was lost and send another.
Edit ACCM Please see explanation in previous table.
Switch Session Control character used to switch sessions. 1 is Ctrl-A, 2 is Ctrl-B, etc. The value 254
Character Code disables this option.
Escape Session Control character used while in a telnet session, to return to the router menu without
Character Code closing the session.
X.25 PAD CHAR Menu CONFIG=>INTERF=>ISDN-BRI=>ENCAPS =><CHANNEL> =>X.25=> <ESC>
=><ESC> =>ENCAPS =>CHAR
Parameter Description
Switch Session Control character used to switch sessions. 1 is Ctrl-A, 2 is Ctrl-B, etc. The value 254
Character Code disables this option.
Escape Session Control character used while in a telnet session, to return to the router menu without
Character Code closing the session.
Username Must be entered into the local user table first. See section 4.3.
Chapter 10 - ISDN-BRI Interface 322
CyROS Reference Guide
The X.25 PAD Network Protocol menu applies to PPP or PPPCHAR Encapsulation only. The PAD Network
Protocol menu tree is shown in Figure 10.15.
Config
Interface
ISDN-BRI Interface
Assign IP From Interface
Encapsulation Primary IP Address
Subnet Mask
<Channel> X.25 Terminal PAD Network Secondary IP Address
for X.25 Protocol Enable Dynamic Local IP Address
Remote IP Address Type
Remote IP Address
IP MTU
NAT
ICMP Port
Incoming Rule List Name
Detailed Incoming IP Accounting Process
Outgoing Rule List Name
Detailed Outgoing IP Accounting Process
FIGURE 10.15 X.25 PAD NETWORK PROTOCOL MENU TREE
Chapter 10 - ISDN-BRI Interface 323
CyROS Reference Guide
X.25 PAD Network Protocol Menu CONFIG=>INTERF=>ISDN-BRI=>ENCAPS =><CHANNEL> =>X.25
=><ESC> =><ESC> =>NW PROTOCOL
Parameter Description
Interface Unnumbered interfaces can be used for point-to-point connections.
Unnumbered
Assign IP From Applies to Unnumbered interfaces. Applies the IP address of another router interface to
Interface this one.
Primary IP Address Applies to Numbered interfaces. Address assigned to this interface.
Subnet Mask Applies to Numbered interfaces. Subnet mask of the network.
Secondary IP Applies to Numbered interfaces. Indicates a second (or third, etc.) IP address that can
Address be used to refer to this interface. This parameter and the next are repeated until no
value is entered.
Subnet Mask Applies to Numbered interfaces. Subnet mask of Secondary IP Address.
Enable Dynamic The terminal connected through PAD assigns an IP address to the router for purposes of
Local IP Address their connection.
Remote IP Address The computer connected through PAD sends its IP address in the negotiation package.
Type Fixed: The IP address sent must match the number set in the next parameter.
Same Net: The IP address sent must be an address in the network set in the next
parameter.
Any: The IP address can be any number that does not conflict with any local IP address.
None: Any IP address is accepted. This is not recommended.
Remote IP Address If Remote IP Address Type not None. Used in conjunction with the previous parameter.
IP MTU Assigns the size of the Maximum Transmission Unit for the interface. This determines
whether or not a given IP datagram is fragmented.
NAT Determines the type of IP address if NAT is being used. Use Global otherwise. See
section 4.3 for details on how to configure NAT.
this table continued
Chapter 10 - ISDN-BRI Interface 324
CyROS Reference Guide
X.25 PAD Network Protocol Menu (continued)
ICMP Port Active causes the router to send ICMP Port Unreachable messages when it receives
UDP or TCP messages for ports that are not recognized. This type of message is used
by some traceroute applications, and if disabled, the router might not be identified in the
traceroute output. However, there are security and performance reasons to leave this
option Inactive.
Incoming Rule List Filter rule list for incoming packets. See section 4.7 for instructions on how this
parameter should be set.
Detailed Incoming Applies when a list is selected in the previous parameter. See explanation of IP
IP Accounting Accounting later in this chapter. IP Accounting for a rule requires that the parameter
CONFIG =>RULES LIST=>IP=>CONFIGURE RULES=>ADD RULE=>ALLOW
ACCOUNT PROCESS also be Yes.
Outgoing Rule List Filter rule list for outgoing packets. See section 4.7 for instructions on how this
Name parameter should be set.
Detailed Outgoing Applies when a list is selected in the previous parameter. See explanation of Detailed
IP Accounting Incoming IP Accounting.
Chapter 10 - ISDN-BRI Interface 325
CyROS Reference Guide
The PAD Physical and Authentication menu trees are shown in Figure 10.16.
Config
Interface
ISDN-BRI
Encapsulation
<Channel> X.25 Terminal PAD Physical Number of PADs
for X.25 Send Profile
Set X3 Parameters
Select Reference Number
Select Reference Number
Set Related Parameter
Parameter Sent
Authentication Authentication Type
Authentication Server
Authentication Protocol
FIGURE 10.16 X.25 PAD PHYSICAL AND AUTHENTICATION MENU TREES
Chapter 10 - ISDN-BRI Interface 326
CyROS Reference Guide
X.25 Physical Menu CONFIG=>INTERF=>ISDN-BRI =>ENCAPS=><CHANNEL>=>X.25=><ESC>=><ESC>
=>PHYSICAL
Parameter Description
Number of PADs Number of PAD connections that the router will accept simultaneously.
Send Profile When the router receives a Connection Request from a PAD, the X.3 parameters can be
negotiated. Yes allows this negotiation.
Set X3 Default parameters are shown in Figure 6.17. The PPP Profile parameters are usually
Parameters used with PPP & PPPCHAR Encapsulation. Customize is used to set all/some X3
parameters individually.
Select Reference Applies for Customized X3 Parameters. To change the value of an X3 parameter, select its
Number number from the table shown in Figure 6.17.
Set Related Applies for Customized X3 Parameters. The new value.
Parameter
Parameter Sent Applies for Customized X3 Parameters. Change whether or not this parameter is sent
during connection negotiation.
Chapter 10 - ISDN-BRI Interface 327
CyROS Reference Guide
Reference Number Default Value Send Profile Description
1 3 Y PAD recall using a character
2 0 Y Echo
3 0 Y Selection of "data forwarding" characters
4 1 Y Selection of idle timer delay
5 0 Y Flow control of the terminal
6 5 Y Control of PAD service/command signals
7 21 Y Operation of the PAD on reception of break signal
8 0 Y Discard Output
9 0 Y Padding
10 0 Y Line Folding
11 3 Y Binary Speed of Start/Stop mode
12 0 Y Flow control of the PAD
13 0 Y LF insertion after CR
14 0 Y Padding after LF
15 0 Y Editing
16 8 Y Character Delete
17 24 Y Line Delete
18 42 Y Line Display
19 0 N Editing PAD service signals
20 0 N Echo mask
21 0 N Parity treatment
22 0 N Page wait
23 0 N Size of input field
24 0 N End of frame signals
25 0 N Extended data forwarding signals
this table continued
FIGURE 10.17 PAD X3 PARAMETER LIST
Chapter 10 - ISDN-BRI Interface 328
CyROS Reference Guide
Reference Number Default Value Send Profile Description
26 0 N Display interrupt
27 0 N Display interrupt confirm
28 0 N Diacritic character coding
29 0 N Extended echo mask
FIGURE 10.17 PAD X3 PARAMETER LIST (CONTINUED)
X.25 Authentication Menu CONFIG=>INTERFACE=>ISDN-BRI=>ENCAPS=><CHANNEL> =>X.25 =><ESC>
=><ESC> =>AUTHENTICATION
Parameter Description
Authentication Type Local uses the list of users defined in CONFIG=> SECURITY=>USERS=>ADD.
Server uses either Radius or Tacacs to authenticate the user.
Authentication Server Applies when Authentication Type is Server. Indicates that either a Radius or Tacacs
server is used for validation. The location and other parameters of the server must be
configured in CONFIG=> SECURITY. See section 4.3.
Authentication Applies when Authentication Type is Local or Server. Either PAP or CHAP or both can
Protocol be used for authentication.
Returning to the ISDN-BRI Interface Configuration, the Network Protocol Menu tree is shown in Figure 10.18.
Chapter 10 - ISDN-BRI Interface 329
CyROS Reference Guide
Config Interface ISDN-BRI Network <Channel>
Protocol
IP Active
Interface Unnumbered/Numbered
Assign IP from Interface
Primary IP address
Subnet Mask
Secondary IP Address
Subnet Mask
IP MTU
NAT
Enable Dynamic Local IP Address
Remote IP Address Type
Remote IP Adress
ICMP Port
Incoming Rule List Name
Detailed Incoming IP Accounting
Outgoing Rule List Name
Detailed Outgoing IP Accounting
Transparent Status
Bridge Port Priority
Incoming Rule List Name
Outgoing Rule List Name
FIGURE 10.18 NETWORK PROTOCOL MENU TREE
The Network Protocol parameters are explained in more detail in the following tables.
Chapter 10 - ISDN-BRI Interface 330
CyROS Reference Guide
Network Protocol (IP) Menu CONFIG =>INTERFACE =>ISDN-BRI =>NETWORK PROTOCOL
=><CHANNEL> =>IP
Parameter Description
Active or Inactive Activates this interface.
Interface Unnumbered interfaces can be used for point-to-point connections.
Unnumbered
Assign IP From Applies to Unnumbered interfaces. Applies the IP address of another router interface
Interface to this one.
Primary IP Address Applies to Numbered interfaces. Address assigned to this interface.
Subnet Mask Applies to Numbered interfaces. Subnet mask of the network.
Secondary IP Applies to Numbered interfaces. Indicates a second (or third, etc. up to eight) IP
Address address that can be used to refer to this interface. This parameter and the next are
repeated until no value is entered.
Subnet Mask Applies to Numbered interfaces. Subnet mask of Secondary IP Address.
IP MTU Assigns the size of the Maximum Transmission Unit for the interface. This determines
whether or not a given IP datagram is fragmented.
NAT Determines the type of IP address if NAT is being used. Use Global otherwise. See
section 4.3 for details on how to configure NAT.
Enable Dynamic The remote terminal assigns an IP address to the router for purposes of their
Local IP Address connection.
Remote IP Address The remote computer sends its IP address in the negotiation package.
Type Fixed: The IP address sent must match the number set in the next parameter.
Same Net: The IP address sent must be an address in the network set in the next
parameter.
Any: The IP address can be any number that does not conflict with any local IP
address.
None: Any IP address is accepted. This is not recommended.
this table continued
Chapter 10 - ISDN-BRI Interface 331
CyROS Reference Guide
Network Protocol (IP) Menu (Continued)
Remote IP Address If Remote IP Address Type not None. Used in conjunction with the previous
parameter.
ICMP Port Active causes the router to send ICMP Port Unreachable messages when it receives
UDP or TCP messages for ports that are not recognized. This type of message is
used by some traceroute applications, and if disabled, the router might not be identified
in the traceroute output. However, there are security and performance reasons to
leave this option Inactive.
Incoming Rule List Filter rule list for incoming packets. See section 4.7 for instructions on how this
parameter should be set.
Detailed Incoming IP Applies when a list is selected in the previous parameter. See explanation of IP
Accounting Accounting later in this chapter. IP Accounting for a rule requires that the parameter
CONFIG =>RULES LIST=>IP=>CONFIGURE RULES=>ADD RULE=>ALLOW
ACCOUNT PROCESS also be Yes.
Outgoing Rule List Filter rule list for outgoing packets. See section 4.7 for instructions on how this
Name parameter should be set.
Detailed Outgoing IP Applies when a list is selected in the previous parameter. See explanation of Detailed
Accounting Incoming IP Accounting.
Transparent Bridge Menu CONFIG=>INTERFACE=>ISDN-BRI=>NETWORK PROTOCOL =><CHANNEL>
=>TRANSPARENT BRIDGE
Parameter Description
Status Activates the Transparent Bridge on this interface.
Port Priority For the Spanning Tree Algorithm, a priority is given to each link in the router and to
each router in the network. See CONFIG=>TRANSPARENT BRIDGE =>SPANNING
TREE for more information.
Incoming Rule List Transparent Bridge rule list name for incoming packets. Note: Rule lists for
Name Transparent Bridge and IP are created separately. See section 4.7 for instructions on
how this rule list is created.
Outgoing Rule List Filter rule list name for outgoing packets. See section 4.7 for instructions on how this
Name rule list is created.
Chapter 10 - ISDN-BRI Interface 332
CyROS Reference Guide
Config
Interface ISDN-BRI Routing <Channel> RIP Send RIP
Protocol Listen RIP
RIP2 Authentication
Rip2 Authentication Password
OSPF OSPF on This Interface
Advertise This Non-OSPF Interface
External Metric
External Metric Type
Area ID
Network Type
Router Priority
Transit Delay
Retransmit Interval
Hello Interval
Dead Interval
Poll Interval
Password
Metric
Advertise Secondary IP Address
FIGURE 10.19 ROUTING PROTOCOL MENU TREE
The Routing Protocol Menu tree is shown in Figure 10.19 and is explained in more detail in the following tables.
Chapter 10 - ISDN-BRI Interface 333
CyROS Reference Guide
Routing Protocol Menu CONFIG =>INTERFACE =>ISDN-BRI =>ROUTING PROTOCOL =><CHANNEL>
=>RIP
Parameter Description
Send RIP Causes the router to transmit RIP messages.
Listen RIP Causes the router to accept RIP messages.
RIP2 Authentication Applies if RIP2 was chosen in the first two options. Activates RIP message
authentication with a password.
RIP2 Authentication Applies if RIP2 Authentication is Active. Password used for both received and
Password transmitted RIP messages.
OSPF Protocol Menu CONFIG =>INTERFACE =>ISDN-BRI =>ROUTING PROTOCOL =><CHANNEL>
=>OSPF
Parameter Description
OSPF on This Activates OSPF. Enable Inactive is used to temporarily disable the OSPF protocol
Interface without erasing the parameters set below. This is useful when OSPF is first
configured, as the general parameters must be set afterwards in CONFIG=>IP
=>OSPF and OSPF cannot function without them.
Parameters that apply only when OSPF on This Interface is Disabled.
Advertise This Non- Causes the router to include this interface in its advertisements through other
OSPF Interface interfaces (as an external route).
External Metric Defines the metric that will be advertised by OSPF.
External Metric Type For Type 1, the total metric of this route is composed of the internal metric (inside the
autonomous system) and the external metric (provided in the previous parameter). For
Type 2, the total metric of this route is the value provided in the previous parameter.
this table continued
Chapter 10 - ISDN-BRI Interface 334
CyROS Reference Guide
OSPF Protocol Menu (continued)
Parameter Description
Parameters that apply only when OSPF on This Interface is Enable or Enable Inactive.
Area ID Identifies the area to which the interface belongs. Areas are created here, then later
defined in CONFIG=>IP=>OSPF =>AREA. Has the format of an IP address, but is
not linked to any IP address in the system. Small OSPF networks will typically have
only one area (the backbone area represented by 0.0.0.0).
Router Priority Priority used by OSPF in multicast networks to elect the designated router. A priority of
1 will make this router the most likely to be chosen. A priority of 2 will make it second
most likely. Set it to 0 (zero) if this router should never be the designated router.
Transit Delay in Estimated transit time in seconds to route a packet through this interface. Use the
Seconds preset value (1) or increase the number for slow links
Retransmit Interval in Time in seconds between link-state advertisement retransmissions for adjacencies
Seconds* belonging to this interface.
Hello Interval in Time in seconds between the hello packets on this interface.
Seconds*
Dead Interval in Inactivity time (seconds) before a neighbor router is considered down.
Seconds*
Poll Interval in Time in seconds between the hello packets sent to an inactive, non-broadcast, multi-
Seconds access neighbor.
Password* String of up to 8 characters used to authenticate OSPF packages. The use of this
password is enabled in CONFIG=>IP =>OSPF =>AREA=>AUTHENTICATION TYPE
Metric Defines the cost for normal service. For consistent routing, this parameter should be
determined in the same manner for all routers in the OSPF Area. Normally, metric cost
is defined as an inverse function of interface throughput (e.g. 1 for 100Mbps, 10 for
10Mbps, 65 for T1, 1785 for 56kbps, etc).
Advertise Secondary Causes the router to advertise additional addresses assigned to this interface. These
IP Address are configured in CONFIG=> INTERFACE=>ISDN-BRI=>NETWORK PROTOCOL
<CHANNEL> =>IP.
* Inside a given area, these 4 parameters should be the same for all routers.
Chapter 10 - ISDN-BRI Interface 335
CyROS Reference Guide
The ISDN-BRI interface has a special menu for configuration of signaling parameters. This menu is shown in
Figure 10.20. The parameters are explained in the table.
Config Interface ISDN-BRI ISDN My Phone Number 1
SPID 1
Circuit Type
Check Caller ID on Incomming Call
Switch Type
Idle Timeout to Hang Up
T200
N200
T203
List, Add, Delete or Modify
Logical Link
IP Address
Phone Number
FIGURE 10.20 ISDN PARAMETERS MENU
Chapter 10 - ISDN-BRI Interface 336
CyROS Reference Guide
ISDN Menu CONFIG =>INTERFACE =>ISDN-BRI =>ISDN
Parameter Description
My Phone # Principal phone number assigned to the ISDN trunk line.
SPID # The SPID is the link identifier. It is similar to the telefone number, with some extra
digits.
Circuit Type Multipoint is used when the PR3000 is connected to the ISDN line in parallel with other
devices.
Check Caller ID on The router verifies that the caller's phone number is in the dial-out table.
Incoming Call
Switch Type Defines which telephone service is being used. Type ? to see which options are
available for each country.
Idle Timeout Time, in minutes, for the connection to time out if there is no traffic. For this to work,
any status messages, like PPP's LCP Echo Requests, must be disabled. The value 0
disables the timeout function.
T200 Data-layer timer. When the router sends a command, this timer determines how long it
should wait for a response.
N200 Data-layer number of re-tries. When the T200 period passes without a response, the
command is re-sent up to N200 times.
T203 When no messages are received for T203 seconds, an enquiry (RR or RNR) is sent.
List, Add, Delete or Does not appear the first time through the menu -- Add is assumed in this case. Adds,
Modify modifies, etc. the dial-out table. This and the next three parameters are repeated until
<ESC> is used.
Logical Link Channel used to reach this destination.
IP Address IP Address assigned to the remote connection.
Phone Number Phone number assigned to the remote connection
The following menu is only relevant when PPP Encapsulation is used.
Chapter 10 - ISDN-BRI Interface 337
CyROS Reference Guide
Authentication Menu CONFIG =>INTERFACE =>ISDN-BRI =>AUTHENTICATION =><CHANNEL>
Parameter Description
Authentication Type Local uses the list of users defined in CONFIG=> SECURITY=>USERS=>ADD.
Server uses either Radius or Tacacs to authenticate the user.
Remote is when this interface is considered to be the user and the other end of the
connection performs the authentication
Username Applies when Authentication Type is Remote. The username the remote device
expects to receive.
Password Applies when Authentication Type is Remote. The password the remote device
expects to receive.
Authentication Server Applies when Authentication Type is Server. Indicates that either a Radius or Tacacs
server is used for validation. The location and other parameters of the server must be
configured in CONFIG=> SECURITY. See section 4.3.
Authentication Applies when Authentication Type is Local or Server. Either PAP or CHAP or both can
Protocol be used for authentication.
Bibliography
PPP:
STD0051 and RFCs 1661 and 1662
Frame Relay:
Smith, Philip, Frame Relay Principles and Applications, Addison-Wesley, 1993
RFC 1490, Multiprotocol Interconnect over Frame Relay (explains NLP ID and SNAP)
X.25:
Thorpe, Nicolas and Derek Ross, X.25 Made Easy, Prentice Hall, 1992.
Chapter 10 - ISDN-BRI Interface 338
CyROS Reference Guide
CHAPTER 11 APPLICATION MENU
The application menu is available from the main menu. It is structured as shown in the following diagram:
Applications Telnet Open Session
Close Session
Switch Session
Set Binary Mode
Set Text Mode
Set Text Line Mode
Ping IP Host
Packet Size
Count
Interval
Traceroute Host
FIGURE 11.1 APPLICATION MENU TREE
It contains three applications, available to both the super-user and regular users (at the discretion of the super-
user).
Application Menu
Menu Option Description
Telnet Establishes a Telnet session with a host connected to the IP network via the LAN or
the WAN
Ping Uses ICMP echo request and echo reply packets to validate the link. It checks if the
host specified in the ping command is reachable.
Traceroute Identifies most of the routers (hops) between the router and the destination host
Chapter 11 - Applications Menu 339
CyROS Reference Guide
Choosing Telnet leads to the following parameter list:
Telnet Menu APPLICATIONS=>TELNET
Menu Option Description
Open Session Specify either the host name or the IP address.
To return to the Telnet Menu without closing the session, press <Ctrl A>. Up to 4
Telnet sessions can be established simultaneously.
Close Session Closes the current telnet session.
Switch Session Switch between sessions. The sessions are identified by the numbers 1 through 4.
Set Binary Mode In this mode, control characters will not be interpreted. This option is used for file
transfers (when using zmodem, for example).
Set Text Mode In this mode, control characters (such as control keys) are interpreted. Use this mode
to emulate a telnet session.
Set Text Line Mode In this mode, all characters are stored by the router until a line feed is received. Upon
receiving a line feed, the characters are sent in a single packet.
Ping can be done on an IP network or on an IPX network. The IP Ping menu looks like this:
IP Ping Menu APPLICATIONS=>PING=>IP
Parameter Valid Values Description
Host The host name or its IP address.
Packet Size 32 to 1600 The size of the packets that will be sent, in bytes.
Count 0 if forever, or 5 to 30000 The number of packets that will be sent to the destination host.
Interval 20 to 60000 ms The time interval between two successive ICMP echo requests sent
to the destination host.
The range 20-99 results in a ping flush (an onslaught of ping
messages), whereas the range 100-60000 results in a normal ping.
Chapter 11 - Applications Menu 340
CyROS Reference Guide
Traceroute APPLICATIONS=>TRACEROUTE
The Traceroute utility requests only the destination host name or IP address. It prints out the following listing:
T R A C I N G I N P R O G R E S S
1 0 ms 0 ms 0 ms 200.246.93.2
2 180 ms 440 ms 300 ms 200.245.96.125
3 540 ms 430 ms 470 ms 200.230.17.25
4 440 ms 440 ms 930 ms 200.230.0.106
5 * 490 ms * 204.189.152.181
6 630 ms 870 ms 620 ms 204.70.2.1
The first column is the number of the “hop”. Three packets are sent to each intermediate computer, and the next
three columns display the time that each packet takes to return to the router. When an * appears instead of a
number, the attempt was unsucessful. The last column is the IP address of the intermediate computer. This utility
is useful when Ping is not able to reach another computer. The traceroute shows at which point along the way the
packet hung up.
If traceroute does not print out any information, make sure a default gateway is set up. See the
section on configuration of static routes in chapter 4.
Chapter 11 - Applications Menu 341
CyROS Reference Guide
CHAPTER 12 DEBUG MENU
The Debug Menu is intended for use by Cyclades’ Technical Support. Most of the listings will have no significance
to the user. Two menu items, however, can be interpreted before a call to Technical Support is made.
DEBUG=>TRACE
On occasion, Cyclades’ Technical Support will request an electronic copy of the output of this command to resolve
router problems.
DEBUG=>EVENT LOGS=>DISPLAY
These logs are for diagnostic use by Cyclades’ technicians. If there are messages here, they could indicate the
source of the problem.
DEBUG=>BUFFER REPORT=>GENERAL BUFFERS
This table shows the buffer usage and the state of the buffer. A failed buffer will be shown here.
DEBUG=>HARDWARE TESTS
Tests all router interfaces. When the test finishes, it will indicate any problems that were discovered.
DEBUG=>MESSAGE TRACE
Assists in diagnosis of specific problems for various protocols and services.
Chapter 12 - Debug Menu 342
CyROS Reference Guide
CHAPTER 13 INFO MENU
The Info Menu shows both static and dynamic information. The router configuration is contained in the Show
Configuration sub-menu. Statistical information is shown in the Show Statistics sub-menu and status information
is shown in most of the remaining menus. The Info Menu tree is shown in Figure 13.1.
Info Show Configuration All
Interface Ethernet
Slot 1
Slot 2
Static Routes Slot 3
System
Security All
Users
NAT Options and Timers
Radius Global Addresses
Tacacs Local Addresses
Default Usr Menu Static Translations
Multilink LAN IP Backup
IP VPN
Transparent Bridge
Rules List IP Rules List
Voice Rules
Link Rules
Show Statistics IP Flow Priorization
TCP
NAT Transparent Bridge Rules List
SNMP Rules
VPN
OSPF
Ethernet
Slot 1
Slot 2
Slot 3
FIGURE 13.1 INFO MENU TREE
Chapter 13 - The Info Menu 343
CyROS Reference Guide
Show Status Slot 1
Slot 2
Show ARP Cache Slot 3
Show Routing Table
Show System
Show Active Sessions
Authentication Servers Status Radius Servers Status
Tacacs Servers Status
Event Programming
Show CPU Utilization
LAN IP Backup
Show Account Table Summary
Detail
Traffic Control
Show OSPF
Show MCPPP Links
Show MCPPP Neighbors
Show BGP Show RIB
Show BGP Routes
Show Neighbor Status
Show Neighbor Routes
Show Neighbor Advertise
Show Voice VoFR/FRF.11
Jitter Buffer
CoFR Switch
Fragmentation
Application
FIGURE 13.1 INFO MENU TREE (CONTINUED)
Chapter 13 - The Info Menu 344
CyROS Reference Guide
The menu options are described in the following table.
Info Menu INFO
Menu Option Description
Show Lists all router parameters. After completing the configuration of your router, print out a
Configuration copy of this listing and save it for future reference. For most configuration menus, the L
command will list all parameters configured in that menu. The L command is usually more
convenient.
Show Statistics Shows statistics for IP, TCP, NAT, SNMP,VPN, OSPF, IPX, and the interfaces.
Show Status Lists the serial interface control signals: (DCD, DSR, CTS, RTS, DTR) and the logical
status for each slot.
Show ARP The ARP (Address resolution protocol) Cache contains the MAC addresses corresponding
Cache to IP address on the LAN.
Show Routing Shows the routing tables for IP, or other IP-level protocols.
Table
Show System Displays the router’s physical configuration, including RAM and FLASH memory firmware,
and the boot code version.
Show Active Indicates which users are logged in to the router, where they are logged in from, and what
Sessions kind of sessions they have open.
Auth. Servers Shows the status of the authentication servers (Radius and Tacacs).
Status
Event Lists events programmed into the router. The menu option ADMIN=>EVENT
Programming PROGRAMMING=>L gives more complete information and should be used instead.
Please see chapter 13 for more details.
Show CPU Calculates router CPU utilization rate.
Utilization
LAN IP Backup Indicates if backup is available and/or being used.
Show Account Displays summary or detailed accounting information.
Table
This table is continued
Chapter 13 - The Info Menu 345
CyROS Reference Guide
Info Menu INFO (continued)
Traffic Control Shows status of each traffic control rule.
Show OSPF Displays status of OSPF routing protocol.
Show MCPPP Shows status and statistics for MCPPP packets.
Links
Show MCPPP Displays the IP addresses of neighbor MCPPP devices.
Neighbors
Show BGP Displays the BGP routing table, along with neighbor statuses and statistics.
Show Voice Displays voice card and switch statistics and statuses.
Chapter 13 - The Info Menu 346
CyROS Reference Guide
CHAPTER 14 ADMIN MENU
The Administration Menu is used to perform various run-time tasks. Its menu tree is given in Figure 14.1.
Admin Reboot Reboot
Reboot and Save
Enable Features IPX
VPN
SNA
Disable Features IPX
VPN
SNA
Load Configuration Factory Defaults
Flash
TFTP Server
FTP Server
Write Configuration To Flash Configuration Filename
To TFTP Server Host
To FTP Server Description
FTP Server
Clear Arp Cache File Name
Statistics Directory
Start/Stop Interface Buffer Report User Name
TB Forward Table Passaword
Save Alt. Boot Code Radius Server Status Account
Tacacs Server Status
Port Conversation IP Account Table
Inverse ARP
FIGURE 14.1 ADMIN MENU TREE
Chapter 14 - Admin Menu 347
CyROS Reference Guide
Download CyROS FTP Server
File name
Directory
User name
Password
Account
Upload CyROS Same as Download CyROS
Kill Virtual Console
Rtelnet/SSH-1
Slot N
Logout All
Send Messages Console or Rtelnet/SSH-1
Slot N
Clear interface Config All Terminals Message
Event Programing Program Number of Event
Event First Date
Event First Time
Repetition Period
Shortcut String
Clear Number of Event
Date & Time Date
Time
Kill Virtual Session
FIGURE 14.1 ADMIN MENU TREE (CONTINUED)
Chapter 14 - Admin Menu 348
CyROS Reference Guide
Restart BGP Peer Neighbor Name
Start/Stop Dig. Modem Modem ID
Reboot Dig. Modem Modem ID
Block CAS Channels Slot
Link
Block/Unblock
FIGURE 14.1 ADMIN MENU TREE (CONTINUED)
A brief description of each item is given in the following table:
Chapter 14 - Admin Menu 349
CyROS Reference Guide
Administration Menu ADMIN
Menu Option Description
Reboot The first option, reboot, discards the run configuration vector and reboots, returning to
the configuration vector saved in flash memory. The second option, reboot and save,
differs from the first only when the router has been configured to boot from the
network--the firmware boot file is saved in flash memory. See the section in chapter 4
on CONFIG=>SYSTEM=>FIRMWARE BOOT=>BOOT FROM = N
Enable Features Enables the optional features available for the Power Router Line, including IPX, VPN
and SNA. Causes hidden menus to appear.
Disable Features Disables the optional features available for the Power Router Line. Causes hidden
menus to disappear.
Load Configuration Loads the router configuration (parameters) from flash memory, from another
computer, or resets all parameters to the factory pre-set values.
Write Configuration Writes the current run configuration to flash memory or to another computer using
TFTP or FTP.
Clear Erases specific router statistics and tables (ARP cache, logs, etc).
Start/Stop Interface Turns the interface off (administratively down) or on (administratively up). The state of
each interface appears in the output of INFO=>SHOW STATUS=>SLOT N.
Save Alt. Boot Code The Alternate Boot Code is downloaded together with CyROS when the router is
booted from the Network. It can be saved in flash memory for the next reboot using
this command.
Port Conversation Used to send commands to a modem. A virtual terminal (console, telnet) is connected
to the interface. "Esc" closes the session.
Download CyROS Replaces the current version of CyROS with a version stored in another location.
this table continued
Chapter 14 - Admin Menu 350
CyROS Reference Guide
Administration Menu ADMIN (continued)
Menu Option Description
Upload CyROS Saves the current version of CyROS in a separate location. This should be done
before downloading a different version of CyROS in case the change needs to be
undone.
Kill Session Kills sessions or logs users out of the router.
Send Messages Broadcasts messages to all or a subset of users. Could be used before rebooting to
advise users to log out.
Clear Interface Config Use this option to reset all parameters for a slot. The parameters are reset to the
factory defaults.
Event Programming Allows the creation of macros that can be programmed to run at a later time or
periodically.
Date & Time Sets the internal date (using the format mm/dd/aa) and time (using the format
hh:mm:ss).
Kill Virtual Session Applies only to the PR4000. Displays all MLPPP secondary links (virtual links) whose
primary link resides in this PR4000. If a valid virtual session number is entered, the
connection represented by that session number will be dropped.
Restart BGP Peer Restarts a BGP connection with the specified neighbor.
Start/Stop Dig Modem Used to activate/inactivate the modem selected. Sets it administratively down or up
Reboot Dig Modem Applies only to the PR4000. Resets and reinitializes the modem--usually used when a
modem locks up.
Block CAS Channels Applies only to the PR4000 used with an R2-digital E1 line. Blocking a channel causes
it to not receive calls. Either a slot or a link can be blocked. To block all links, set the
link value to 0.
All options in the ADMIN=>LOAD CONFIGURATION menu will result in the loss of the current run
configuration. You may want to make a back-up using ADMIN=>WRITE CONFIGURATION=>TO
FTP SERVER or ADMIN=>WRITE CONFIGURATION=>TO TFTP SERVER. See this chapter for
more information.
Chapter 14 - Admin Menu 351
CyROS Reference Guide
Load Configuration Menu ADMIN=>LOAD CONFIGURATION
Menu Option Description
Factory Defaults Resets the configuration to factory pre-set values.
Flash Copies the configuration saved in flash on top of the run configuration.
TFTP Server Copies a configuration saved on a remote server. After the file is retrieved, the
following information is displayed: date and time when saved, CyROS version, and a
file description.
Note: Press <esc> to stop searching for a file containing the router configuration.
FTP Server Copies a configuration from a remote server using FTP.
In all options except the second (Flash), you have the option of saving the new configuration as the run configuration,
as both the run and flash configurations, or canceling the request.
There are two configuration vectors at any given time. One, the boot configuration, is saved in flash memory. The
other configuration vector is the run configuration, which is stored in RAM in the router. Each time the router is
rebooted, any differences between this configuration vector and the boot vector are lost and the router returns to
the boot configuration unless the run configuration is explicitly saved before rebooting using ADMIN =>WRITE
CONFIGURATION =>TO FLASH. The run configuration vector can also be saved to a file anywhere on the
network for later use.
Write to TFTP Server Menu ADMIN=>WRITE CONFIGURATION=>TO TFTP SERVER
Parameter Description
Configuration The filename (including path) for the configuration file.
Filename
Host The remote host name or IP address where the configuration should be saved.
Chapter 14 - Admin Menu 352
CyROS Reference Guide
Write to FTP Server Menu ADMIN=>WRITE CONFIGURATION=>TO FTP SERVER
Parameter Description
Description Type a description (maximum 256 characters) to be associated with the configuration
file. This description will be shown when you download the file. Use the “|” (pipe)
character to insert a new line. Press <Enter> to finish the description.
FTP Server The remote host name or IP address where the configuration should be saved.
File Name The filename for the configuration file.
Directory Directory name, if necessary.
User Name User name to access the FTP server.
Password Password to access the FTP server, if necessary.
Account Account number to access the FTP server, if necessary.
Clear Menu ADMIN=>CLEAR
Menu Option Description
Arp Cache The ARP (Address resolution protocol) Cache contains the MAC address
corresponding to each IP address on the LAN, and is built up over time through normal
message passing. A refresh is done automatically by the operating system, so this
option is no longer necessary. When cleared, the table is gradually built up again.
Statistics Resets the type of statistic selected: Ethernet, IP, TCP, NAT, SNMP, VPN, OSPF, or
Slot(s) statistics.
Buffer Report Recalculates the Max Used and Fail columns in the Buffer Report. Please see the
section on DEBUG=>BUFFER REPORT in chapter 11.
TB Forward Table Clears the Transparent Bridge forwarding Table.
Radius Server Status Clears Radius Server statistics.
Tacacs Server Status Clears Tacacs Server statistics.
IP Account Table Erases all data in the IP accounting table. Please see section 4.7 for more information
on IP Accounting.
This table is continued.
Chapter 14 - Admin Menu 353
CyROS Reference Guide
Clear Menu ADMIN=>CLEAR (continued)
Menu Option Description
Inverse ARP Applies only when Frame Relay is configured for some interface. The inverse-ARP
Cache contains the DLCI (Data Link Connection Identifier) corresponding to each IP
address on the LAN, and is built up over time through normal message passing. When
cleared, the table is gradually built up again.
Download / Upload CyROS Menus ADMIN=>DOWNLOAD CyROS / UPLOAD CyROS
Parameter Description
FTP Server The remote host name or IP address where the firmware boot file should be saved.
File Name The filename for the firmware boot file.
Directory Directory name, if necessary.
User Name User name to access the FTP server.
Password Password to access the FTP server, if necessary.
Account Account number to access the FTP server, if necessary.
Kill session is useful when a user’s terminal has frozen and he cannot kill the session himself.
Kill session ADMIN=>KILL SESSION
Menu Option Description
Rtelnet/SSH-1 or Kills telnet or SSH on console sessions to router, depending on which option appears.
Console
Slot N Terminates sessions connected through slot N (where N is 1, 2, or 3)
Logout All Terminates all router sessions except the one invoking the command.
Chapter 14 - Admin Menu 354
CyROS Reference Guide
Kill Session Menu 1 ADMIN=>KILL SESSION=>RTELNET/SSH-1 OR CONSOLE
Parameter Description
Session 0 – Kills all sessions, without logging the user out.
1 to 4 – Terminates the session with the corresponding number. These can be seen in
the info menu, INFO=>SHOW ACTIVE SESSIONS in the columns labeled sess1
through sess4.
5 – Logs the user out of the system. The user can optionally log in again at the log-in
prompt.
Kill Session Menu 2 ADMIN=>KILL SESSION=>SLOT N (ZBUS/T1/E1) OR X.25/PAD
Parameter Description
ZBus/E1/T1 Port or 0 – kills all ports of a ZBUS or X.25/PAD slot.
X.25/PAD Port 1 to NN – kills only a specific port.
Session 0 – Kills all sessions on the given port, without logging the user out.
1 to 4 – Terminates the session with the corresponding number. These can be seen in
the info menu, INFO=>SHOW ACTIVE SESSIONS in the columns labeled sess1
through sess4.
5 – Logs the user out of the system. The user can optionally log in again at the log-in
prompt.
Event programming can be used to reboot the router during the night when it is not busy, periodically change filter
definitions, or automate any repeated task.
To see details of programmed events, use the list command in the Event Programming Menu
(ADMIN=>EVENT PROGRAMMING=>L).
Chapter 14 - Admin Menu 355
CyROS Reference Guide
EVENT PROGRAMMING MENU ADMIN=> EVENT PROGRAMMING=>PROGRAM
Menu Option Description
Upload CyROS Saves the current version of CyROS in a separate location. This should be done
before downloading a different version of CyROS in case the change needs to be
undone.
Kill Session Kills sessions or logs users out of the router.
Send Messages Broadcasts messages to all or a subset of users. Could be used before rebooting to
advise users to log out.
Clear Interface Config Use this option to reset all parameters for a slot. The parameters are reset to the
factory defaults.
Event Programming Allows the creation of macros that can be programmed to run at a later time or
periodically.
Date & Time Sets the internal date (using the format mm/dd/aa) and time (using the format
hh:mm:ss).
Kill Virtual Session Applies only to the PR4000. Displays all MLPPP secondary links (virtual links) whose
primary link resides in this PR4000. If a valid virtual session number is entered, the
connection represented by that session number will be dropped.
Restart BGP Peer Restarts a BGP connection with the specified neighbor.
Start/Stop Dig Modem Used to activate/inactivate the modem selected. Sets it administratively down or up
Reboot Dig Modem Applies only to the PR4000. Resets and reinitializes the modem--usually used when a
modem locks up.
Block CAS Channels Applies only to the PR4000 used with an R2-digital E1 line. Blocking a channel causes
it to not receive calls. Either a slot or a link can be blocked. To block all links, set the
link value to 0.
Chapter 14 - Admin Menu 356
CyROS Reference Guide
APPENDIX A APPLICATION PROGRAMMING INTERFACE (API) FOR X.25 WITH TCP SOCKETS
This appendix explains how to use the socket API to converse with a router connected to a X.25 network,
without using IP. An example of the use of the socket API is shown in Figure A.1.
Application
Running On
Server
PR2000 Remote
DTE DTE
X.25
FIGURE A.1 USE OF THE SOCKET API BY AN APPLICATION
If TCP Socket is chosen as the Type of Logical Address in the X.25 Add DTE Menu, three modes of operation
are available:
1 Automatic mode, without packet transaction,
2 Automatic mode, with packet transaction, and
3 Manual mode, with packet transaction.
Appendix A - API for X.25 357
CyROS Reference Guide
The mode is defined in the following menu for each DTE:
X.25 Add DTE Menu CONFIG=>INTERFACE=>SWAN=>ENCAPSULATION =>X.25=><ESC>=>Add DTE
Parameter Description
Type of Logical Choose TCP Socket.
Address
X.25 Socket Port Must be a number in the interval defined by the parameters CONFIG=>IP=>TCP PORT
RANGES=>X25 SOCKET START/END PORT RANGE.
X.121(DTE) Address of remote DTE device.
Address
VC Number Number assigned to this circuit, if it is a PVC. For SVCs, the value should be zero.
Packet Yes for modes 2 and 3. No for mode 1.
Transaction
Automatic Mode Applies for Packet Transaction = Yes. Should be Yes for mode 2.
User Data Len Length of next parameter in bytes.
User Data The value in the user data field of the Call Request packet which determines which
service on the remote host is being requested. 0xCC is used for IP. It is also expected in
received incoming call packets.
Automatic mode
When the application opens a socket connection, the router automatically attempts to establish a connection
with the remote DTE. If an incoming call arrives from the remote DTE, and is neither IP nor PAD, the
connection will not be accepted if the socket is not already connected. When this happens, a clear indication
message will be sent with cause = 0x00 and diagnostic = 0x05. If an established X.25 connection is broken,
the socket will be closed automatically.
After the connection (socket and X.25), data flows normally.
Appendix A - API for X.25 358
CyROS Reference Guide
When packet transaction is not used, the packets between the router and the application contain only data.
When packet transaction is used, the first two bytes of the packet contain the packet size and the Q and More
bits. The data field can contain either data or commands, but only data is utilized in automatic mode. The
format is as shown in Figure A.2.
Q bit X More bit Reserved L11 L10 L9 L8
L7 L6 L5 L4 L3 L2 L1 L0
Data
FIGURE A.2 PACKET FORMAT FOR MANUAL MODE AND FOR AUTOMATIC MODE WITH PACKET
TRANSACTION
X = 0 indicates a data packet and X = 1 indicates a command packet.
The reserved bit might be used in later versions, and should be set to 0.
The Li indicate the size of the packet (up to 2048 bytes).
Manual Mode (mode 3)
The packet format for the manual mode is that shown in Figure A.2. The data field contains either data or
commands as indicated by the X bit. The application determines when a call request or clear request should
be sent, rather than the router.
After the connection (socket and X.25), data flows normally. If an incoming call arrives from the remote DTE,
and is neither IP nor PAD, the connection will not be accepted if the socket is not already connected. When
this happens, a clear indication message will be sent with cause = 0x00 and diagnostic = 0x05.
The commands sent between the application and the router will now be described. The first two bytes of all
messages are as shown in Figure A.2. The command information is placed in the data field. The first message
sent from the application to the router is the S_CONFIG message.
Appendix A - API for X.25 359
CyROS Reference Guide
APPLICATION
RUNNING ON HOST ROUTER X.25 LINE
S_CON
FIG
CONFIGURATION SAVED
FIGURE A.3 S_CONFIG MESSAGE
Appendix A - API for X.25 360
CyROS Reference Guide
Command Identifier 0x01
Virtual Circuit 0 - SVC, 1 to 96 - PVC
Port of Router to be Used see Figure A.5 for details
DTE Address most significant digit
DTE Address, Continued
DTE Address, Continued
DTE Address, Continued
DTE Address, Continued
DTE Address, Continued
DTE Address, Continued
DTE Address, Continued least significant digit
Call User Data Length 0 to 16 bytes
Call User Data xxxxxxxx
Call User Data, Continued xxxxxxxx
Call User Data, Continued xxxxxxxx
FIGURE A.4 S_CONFIG MESSAGE FORMAT (ONE LINE PER BYTE)
A table relating the router’s TCP port with the remote DTE exists in the router’s memory. This command
creates an entry in the list, using the port and DTE values given in the message. The DTE address field should
be filled in as in the following example:
Appendix A - API for X.25 361
CyROS Reference Guide
DTE = 1234567 is equivalent to:
0xff
0xff
0xff
0xff
0x12
0x23
0x56
0x7f
The DTE address field can be set to zero, which will enable the application to listen to all incoming calls on the
TCP Port specified. This will prevent the application from making call requests, however, since no DTE will be
listed in the table as the destination. See the section Details of the Implementation of the TCP Port / DTE Table
in CyROS at the end of this chapter for more information.
Slot Name Slot Number Port
PR2000 WAN 1 1 0
Asynch 2 not applicable
WAN 2 3 2
PR3000 Slot 1 1 0
Slot 1 2 1
Slot 1 3 2
PR3000 with SSE8 Slot 1, port 1 of SSE8 1 00000101
Slot 1, port 2 of SSE8 1 00001001
Slot X, port M of SSE8 N MMMMMMXX (in binary)
PR4000 E1/T1 port 1 1 0
E1/T1 port 2 2 1
Slot 3 2
FIGURE A.5 DEFINITION OF LINK BYTE FOR DIFFERENT POWER ROUTERS
Appendix A - API for X.25 362
CyROS Reference Guide
Outgoing Calls
The messages shown in figure A.6 are sent when the application initiates a call.
APPLICATION
RUNNING ON HOST ROUTER X.25 LINE
S_CON
REQ
Call Re
quest
cept
Call Ac
CNF
S_CON
ation
Clear Indic
IND Clear C
S_DIS onfirma
tion
FIGURE A.6 CALL INITIATION BY APPLICATION AND RECEIPT OF CLEAR INDICATION
Appendix A - API for X.25 363
CyROS Reference Guide
The Connection Request message has the format shown in Figure A.7
Command Identifier 0x02
FIGURE A.7 S_CONREQ MESSAGE FORMAT (ONE LINE PER BYTE)
When the router receives this message, it sends a call request message to the DTE connected to the port
specified in the S_CONFIG message. When the router receives the call accept message from the DTE, it
sends a message to the application indicating that the connection has been confirmed. This message is shown
in Figure A.8.
Command Identifier 0x10
FIGURE A.8 S_CONCNF MESSAGE FORMAT (ONE LINE PER BYTE)
When the router receives a clear indication message from the X.25 line, it replies with a clear confirmation and
sends a disconnection indication message to the application. The format of this message is shown in Figure
A.9.
Command Identifier 0x30
Cause cause
Diagnostic diagnostic
FIGURE A.9 S_DISIND MESSAGE FORMAT (ONE LINE PER BYTE)
Appendix A - API for X.25 364
CyROS Reference Guide
Incoming Calls
The messages shown in Figure A.10 are sent when the router receives an incoming call.
APPLICATION
RUNNING ON HOST ROUTER X.25 LINE
Call
Incoming
IND
S_CON Call Ac
cept
S_DIS
REQ
Clear R
equest
ation
Clear Confirm
NF
S_DISC
FIGURE A.10 INCOMING CALL RECEIVED BY THE ROUTER
Appendix A - API for X.25 365
CyROS Reference Guide
When an incoming call message is received by the router, the router replies with a call accept message and
sends a connection indication message to the application. The format of this message is shown in Figure A.11.
Command Identifier 0x20
DTE Address most significant
digit
DTE Address, Continued
DTE Address, Continued
DTE Address, Continued
DTE Address, Continued
DTE Address, Continued
DTE Address, Continued
DTE Address, Continued least significant digit
Call User Data Length 0 to 16 bytes
Call User Data xxxxxxxx
Call User Data, Continued xxxxxxxx
Call User Data, Continued xxxxxxxx
FIGURE A.11 S_CONIND MESSAGE FORMAT (ONE LINE PER BYTE)
If the application does not want to accept the call, it sends a disconnection request message to the router. The
format of this message is shown in Figure A.12.
Command Identifier 0x03
Cause cause
Diagnostic diagnostic
FIGURE A.12 S_DISREQ MESSAGE FORMAT (ONE LINE PER BYTE)
Appendix A - API for X.25 366
CyROS Reference Guide
The router then sends a clear request message to the X.25 line. The X.25 line confirms with a clear
confirmation message to the router. Upon receipt of this message, the router sends a disconnection
confirmation message to the application. The format of this message is shown in Figure A.13.
If the TCP Port / DTE table entry previously contained a DTE value of zero, the application must
resend the S_CONFIG message. When the incoming call message is received by the router, the
router changes the TCP Port / DTE table entry, replacing it with the value present in the incoming
message under the assumption that the message will be accepted.
Command Identifier 0x40
FIGURE A.13 S_DISCNF MESSAGE FORMAT (ONE LINE PER BYTE)
Status Messages
The application can query the router as to the state of the X.25 connection. The sequence of messages is
shown in Figure A.14.
APPLICATION
RUNNING ON HOST ROUTER X.25 LINE
S_STA
TREQ
TRSP
S_STA
FIGURE A.14 STATUS MESSAGES
Appendix A - API for X.25 367
CyROS Reference Guide
The application first sends a status request message. The format of this message is shown in Figure A.15.
Command Identifier 0x04
FIGURE A.15 S_STATREQ MESSAGE FORMAT (ONE LINE PER BYTE)
The router responds with a status response message, as shown in Figure A.16.
Command Identifier 0x50
Status
FIGURE A.16 S_STATRSP MESSAGE FORMAT (ONE LINE PER BYTE)
Details of the implementation of the TCP Port / DTE table in CyROS
In the menu CONFIG=>INTERFACE=>SWAN=>ENCAPSULATION =>X.25=><ESC>=>Add DTE, when TCP
socket is chosen as the logical address type, an entry is created in the TCP Port/ DTE table. This table has 64
visible entries (entries that can be manipulated via CyROS menus). The table also has 32 additional positions
in dynamic memory that are not visible.
When the router receives a S_CONFIG message, it checks the existing entries (in both the visible and hidden
portions of the table). If the TCP port is not listed, the router creates a hidden entry for the TCP port / DTE pair.
If the router is rebooted, this information is lost.
The number of X.25 connections possible using this API is sixty-four. However, there are only 32 dynamic
entries available in the hidden portion of the table. In order to take advantage of all sixty-four connections, at
least 32 TCP Port / DTE pairs must be configured manually using the menu mentioned above.
Appendix A - API for X.25 368
CyROS Reference Guide
APPENDICE B IPX
IPX is an alternative to IP, proprietary to Novell. When IPX is activated, many new menus appear to allow
configuration of this type of network. IP and IPX can both be active in the router simultaneously, and an interface
can have both IP and IPX traffic passing through it. IPX is not discussed in the other chapters of this manual to
avoid confusion for those who are using IP.
Server Named “Colombo”
Novell Network Management Station
Mac Address: 00: 60: 2E: 00: 11: 11
IPX Network Internal Network Number: 00000003
Number: 00A0B000
PR2000
ETH0 Static Route
Internal Network Slot 1
Number: 00000001
IPXWAN Network
Number: 00B0C000
PR3000 Windows Network with
Internal Network .....
.....
.....
.....
.....
.....
....
Network Number: 00010001
Number: 00000002
Mac Address: 00: 60: 2E: 00: 11: 00
FIGURE B.1 IPX NETWORK EXAMPLE
Appendice B - IPX 369
CyROS Reference Guide
Enabling IPX
The first step is to activate the IPX feature in the router. This is accomplished using the menu option ADMIN
=>ENABLE FEATURES => IPX. The IPX protocol must also be activated in the menu CONFIG =>IPX => GENE-
RAL. In this menu, the Internal Network Number (the unique number assigned to the router) and the Maximum
Number of Hops must be defined. The maximum number of hops defines how many routers can be on the path
from this router to the destination of any packet sent through this interface.
Configuring the Ethernet Interface
The example in Figure B.1 will be used to explain the remaining parameters that must be configured. The Ethernet
interface for the PR2000 is examined first. In the menu CONFIG =>INTERFACE => ETHERNET =>
ENCAPSULATION, the Ethernet interface must be activated. The MAC address should be correct, as it is preset
at the factory. For IPX, the Encapsulation parameter should be set according to the value used by the servers on
the network..
In the menu CONFIG =>INTERFACE => ETHERNET => NETWORK PROTOCOL => IPX, the protocol should be
activated and the LAN Network Number (00A0B000 in the example) set. All other parameters are explained in
chapter 5.
Configuring Other Interfaces
This stage depends on which board is occupying slot 1 and which encapsulation will be used. Each encapsulation
option will be discussed separately. Read the chapter describing the configuration for the appropriate interface,
consulting this section for details on IPX-specific parameters.
Appendice B - IPX 370
CyROS Reference Guide
PPP
The parameters for the PPP data-link protocol are discussed in the chapter for the specific interface. Only the
parameters particular to the IPX protocol will be described here. The are located in the CONFIG =>INTERFACE
=><INTERFACE> =>ENCAPSULATION =>PPP. The first parameter is the IPXWAN Network Number, shown in
Figure B.1 as 00B0C000. IPX Compression can be enabled, and if so the Number of Compression Slots determined.
If enabled, it must be used on both sides of the link (both routers in Figure B.1) in order for the link to work.
The parameter Send SAP Update can be set to Demand, Periodic, or None. This parameter affects both SAP and
RIP. Periodic causes the router to send these messages every minute, while choosing Demand will cause the
router to send messages only when a message request is received.
Frame Relay
Frame Relay parameters are explained in in the chapter for the specific interface. The IPX-protocol-specific
parameters are the same as those described in the preceding section, but are located in the menu CONFIG
=>INTERFACE =><INTERFACE> =>ENCAPSULATION =>FRAME RELAY => <ESC> => ADD DLCI.
X.25
X.25 is explained in in the chapter for the specific interface. The IPX-protocol-specific parameters are the same
as those described in the PPP section, but are located in the menu CONFIG =>INTERFACE =><INTERFACE>
=>ENCAPSULATION =>X25 => <ESC> => ADD DTE.
Routing
Routing can be done statically, by configuring static routes, or dynamically using RIP. RIP is described in in the
chapter for the specific interface. To create a static route, as shown in Figure B.1, navigate to the menu CONFIG
=> STATIC ROUTES => IPX =>ADD ROUTE. The parameters for the system shown in the example are the
following:
Appendice B - IPX 371
CyROS Reference Guide
Add IPX Static Route Menu CONFIG => STATIC ROUTES => IPX =>ADD ROUTE
Parameter Value for the Example
Destination Network 00010001
Number
Interface Slot 1
Next Hop Node 00602e001100
Number of Hops 1 (one router is between the router being configured and the network to be reached)
Number of Ticks 1 (related to the time necessary to reach the network)
The routing table is displayed by the menu option INFO => SHOW ROUTING TABLE => IPX. For the example,
and using only the static route created above, the routing table appears as in Figure B.2.
Destination Interface/ Subinterface/ hops ticks Type
Remote address
00000001 0 1 PrimaryNet
00A0B000 Ethernet 0 1 Connected
00010001 Slot1 Node 00602E001100 1 1 Static
00B0C000 Slot1 0 1 Connected
FIGURE B.2 ROUTING TABLE FOR THE EXAMPLE
Appendice B - IPX 372
CyROS Reference Guide
The SAP (Service Advertisement Protocol) Table
In Novell networks, a given server can provide various services. In order for the router to identify these servers,
their locations and services are entered into a SAP table in the router. This is done using the menu CONFIG
=>IPX => SAP TABLE. The parameters for each entry are shown in the table.
SAP Table Menu CONFIG =>IPX => SAP TABLE
Parameter Description
Service Type Service this server offers. ? provides a list of valid codes. For the server Columbo, in
the example, this code is 0166.
Server Name In the example, the name is Columbo.
Service Network 00000003
Number
Server Node 00602e001111
Server Socket ? provides a list of valid codes.
Number
Number of Hops Number of routers between this router and the server. 0 in the example.
Appendice B - IPX 373
CyROS Reference Guide
Index
A F Menu
admin menu 347
ACCM 142 Firmware Boot 34 application menu 339
Flash Memory 20 config menu 23
B Frame Relay controller menu
Bandwidth Reservation 108 see the chapter for the interface PR3000 227
Buffers 342 Ftp Site 17 PR4000 228
H controller menu, with signaling 271
C
debug menu 342
CAS Signaling Mode 276 HDLC E1/T1 interface configuration menu
CCS Signaling Mode 273 see the chapter for the interface with signaling 278
CHAR Encapsulation Host Names 35 without signaling 231
see the chapter for the interface Hot Keys ethernet interface menu 117
Clear Interface Configuration 348, 349 esc - moving between menus 20 info menu 343
Cyclades L - list current configuration 20 IP configuration menu 72
telephones 17 ISDN-BRI interface configuration menu 299
I
Cyclades-Serial Expander 16 168 navigation 19
Cyclades-Synchronous Serial Expander 168 IP Accounting 123 rules list menu 97
CyROS menus 19 IP Bridges 121 security configuration menu 51
IP Filter Rules 100 static routes menu 25
D ISDN-BRI Interface 299 super-user main menu 21
Default User Main Menu 22 ISDN-PRI, see E1 and T1 Interfaces, with signaling SWAN interface configuration menu 129
Dial-Out Table 36 system configuration menu 29
K transparent bridge menu 94
Downloading CyROS 354
Kill Session 354 user main menu 22
E Z-Bus interface menu 168
L Menu Navigation 19
E1 and T1 Interfaces
bibliography 270 Link Backup 65 MIB 39
channelized T1/E1 229 Load Backup 65 Modem Strings Table 37
fractional T1/E1 229 Load Balancing 65 Multilink
full T1/E1 229 Load Configuration 352 multichassis, multilink PPP (MCPPP) 84
with signaling 271 Lucent Portmaster 3 84 Multilink Circuits 65
lan-to-lan wizard 298 link backup 65
RAS wizard 297 M load backup 65
terminal server wizard 296 MAC Transparent Bridge, see Transparent Bridge load balancing 65
without signaling 227 Main Menu 21 Multilink PPP
Enable Features 347 Memory see the PPP section for the interface
flash 20
Index 374
CyROS Reference Guide
N Rules Lists 97 U
interface configuration 120, 121
NAT 55 Run Configuration 20 UDP Commands 38
Navigation 19 Uploading CyROS 354
Network Address Translation, see NAT 55 S Using CyROS menus 19
O Saving Changes V
to flash 20
Open Shortest Path First, see OSPF to flash at a later time 20 Version
OSPF 78 to run configuration 20 of CyROS 2
areas 79 SE16 168 newest, via ftp 14
autonomous system 79 Service Prioritization 108 of manual 2
interface configuration 126 Simple Network Management Protocol, see SNMP newest, via ftp 14
virtual links 84 SNMP 39 W
P alarms 45
and IP accounting 124 Write Configuration 347
Ping 340 communities 43 Write to
PPPCHAR events 48 FTP Server 353
see the chapter for the interface traps 44 TFTP Server 352
Spanning Tree Algorithm 96
R X
SSE8 168
Radius Static Routes 25 X.25
callback 60 SWAN Interface 129 see the chapter for the interface
servers 60 X.25 PAD
supported attributes 61 T see the chapter for the inteface
Radius Rule Lists 106 T1 Interface, see E1 and T1 Interfaces
Reboot 347 Z
Tacacs Server 62
Remote Network Monitoring, see RMON Technical Support 17 Z-Bus Interface 168
Reserved IP Addresses 55 Telephone Numbers 17 asynchronous port menus 170
RIP Telnet 340 lan-to-lan wizard 221
interface configuration 126 Trace 342 mode-independent menus 204
types of RIP 126 Traceroute 341 RAS wizard 218
RMON 48 Traffic Rule Lists 108 synchronous port menus 176
history 50 Traffic Shaping 108 terminal server wizard 216
statistics 50 Transparent Bridges 94
Router Description 34, 35 spanning tree algorithm 96
Routing Protocol
OSPF, see OSPF
RIP, see RIP
Index 375
Cyclades Corporation Cyclades Europe Cyclades South America
41829 Albrae Street Kenzestrasse 9 Av. Santa Catarina, 155
Fremont, CA 94538 - USA D-85737 Ismaning - Germany 04635-000 São Paulo, SP, Brazil
Phone: (510) 770-9727 Phone: +49 (0)89 96 99 74-40 Phone: 55-11- 5033-3333
Fax: (510) 770-0355 Fax: +49 (0)89 96 99 74-55 Fax 55-11-5033-3388
www.cyclades.com www.cyclades.de www.cyclades.com.br
Shared by: xiaohuicaicai
Related docs
Other docs by xiaohuicaicai
brochure1 second generation third generation first generation Associates Inc
Views: 4 | Downloads: 0
