98/09/25 _______________________ ComOS 3.8 Release Note for PortMaster 3 ________________ Introduction The new Lucent Remote Access (formerly Livingston Enterprises) ComOS(R) 3.8 software release is now released for the PortMaster(R) 3 Integrated Access Server. This release note applies only to the PortMaster 3. This release is provided at no charge to all Lucent customers. This release note documents commands and features added between ComOS release 3.7.2 and ComOS 3.8 on the PortMaster 3, including V.90 dial-in support. ComOS 3.8 will be the last release supporting the old "True Digital V.34 Cards." Starting with ComOS 3.9, only the "True Digital 56K Cards" will be supported. See "Limitations" for more information before upgrading. You must use PMconsole(TM) 3.5.3 or PMVision(TM) 1.2 or later when upgrading to ComOS 3.8. If you are running Microsoft Windows 95 or Windows NT 4.0, you must use PMconsole for Windows 3.5.1.4 or PMVision 1.2 or later. Read "Upgrade Instructions" thoroughly before upgrading. Use PMVision 1.2 or later when configuring ComOS 3.8. _______________ Contents Introduction Bugs Fixed in ComOS 3.8 New Features in ComOS 3.8 V.90 Support T1 Card Support R2 Signaling Support Asynchronous Multilink PPP via Modem Connection Multilink PPP Packets No Longer Fragment for NEC Aterm X.75 Support for European ISDN Fractional ISDN ISDN Unnumbered Plan ISDN Call Progress IPXCP Support Longer Filters Alternate RADIUS and ChoiceNet Ports RADIUS Authentication before Call Acceptance on PRI (Call-Check) RADIUS Class Support RADIUS LE-Advice-of-Charge RADIUS LE-Terminate-Detail Bandwidth Allocation Control Protocol (BACP) Support Ethernet Subinterfaces OSPF Support over PPP Dialup New Command "show route to-dest " SNMP Modem Table SNMP Traps and Alarm Management Detailed Ptrace PMVision Support Command Line Context-Sensitive Help Updated Help Lastcall Command Reset Modem Command "show " Command Displays Card Type How to Use RADIUS Call-Check R2 Signaling Configuration T1 Card Configuration Clocking Fractional T1 Configuration T1 Configuration Frame Relay Configuration Point-to-Point Configuration LED Indication Troubleshooting the T1 Card Limitations of the T1 Card Limitations in ComOS 3.8 RADIUS Server 2.0.1 Incompatibility No V.22 on V.34 Card Downgrading to ComOS 3.5 Loses Ether0 IP Address Upgrade Instructions Technical Support _______________ Bugs Fixed in ComOS 3.8 Any bugs introduced in ComOS 3.8 beta software that were fixed in ComOS 3.8b21 are also fixed in ComOS 3.8, and are not listed here. * On non-USA switch types, the PortMaster failed to generate a busy signal when resources (such as modems or ports) were not available to take the call. Instead of sending "Call Proceeding" after every SETUP message received, the PortMaster 3 now sends "Call Proceeding" just before accepting the call, after allocating necessary resources. * The ISDN session layer has been improved to solve a problem, occurring in Europe, with the PRI line not coming up. * Reboots caused by synchronous ports are fixed. These reboots are indicated by a console message mentioning BLOCK_STATE_ACTIVE in an assertion failure. * Reboots due to a panic caused by memory corruption are fixed. * V.120 buffer management is fixed. In a previous release, V.120 was incapable of handling large packets. As a result, when you logged in to the command line interface using V.120 and used the "show session" or "show all" command, the output was truncated. * The forward slash (/) character is now permitted in usernames in the location table, usable with both PAP and CHAP. * RADIUS State attributes containing the NUL character in access-challenges are no longer truncated at the NUL when returned in the next access-request. * The PortMaster 3 now supports odd or even parity and 7 or 8 data bits on the "True Digital 56K Card." * Statistics for the T1 card now update every second instead of every 10 seconds. * When ChoiceNet(R) downloads a filter into the PortMaster, it no longer generates a RADIUS Administrative-User start and stop record. However, PMconsole logins by PMconsole, PMVision, or pmcommand still generate RADIUS Administrative-User records, if RADIUS accounting is turned on. * The PortMaster no longer generates a RADIUS accounting start record when a user with a Port-Limit of 1 tries to bring up a second B channel. * Channelized T1 no longer reports a 50Kbps connection when a client reports 48Kbps. * V.34 support in the "True Digital 56K Card" is improved. A V.34 renegotiation and/or retrain problem is fixed, improving V.34 throughput. V.34 connect rates have been improved. * A problem with the assigned pool is fixed. In previous releases, if you were using assigned pool addresses for both IP and IPX, the PortMaster freed the address twice, resulting in duplicate addresses being assigned. * Choosing rlogin from a RADIUS menu and then exiting from the host no longer causes the PortMaster to print "Invalid login" and return to the login: prompt instead of the menu. This bug was introduced in ComOS 3.7 and fixed in ComOS 3.8. * In ComOS 3.8, the first 8 characters of the username in the local user table are matched against the first 8 characters of the username entered by the user. (Use RADIUS for authentication if usernames longer than 8 characters are desired.) Before ComOS 3.8, the command line interface allowed an administrator to create a username longer than 8 characters in the local user table, but compared only the first 8 characters to the first 8 characters of the username entered by a user. Starting in ComOS 3.8b13, the command line interface limits usernames to a maximum of 8 characters, and the PortMaster compared the entire username to the entire username entered by the user. As a result, existing usernames longer than 8 characters failed at login. In ComOS 3.8, the command line interface limits usernames to a maximum of 8 characters, and the PortMaster compares the first 8 characters of the username in the local user table to the first 8 characters of the username entered by the user. * Stac LZS compression in conjunction with Multichassis PPP (MCPPP) no longer causes network buffer loss and the resultant unexpected halts in the PortMaster 3. * The PortMaster 3 no longer gets stuck sending and receiving RESET_REQUEST and RESET_ACKNOWLEDGEMENT packets used in Stac LZS compression to resynchronize the compressor and the decompressor. * If you receive cause code 17 (User Busy) after entering an "atdt" command attached to a port, the message "BUSY" now appears instead of the misleading "NO CARRIER" message displayed by previous releases. * V.8bis tone has been improved. The volume of the V.8bis tone has been lowered, to allow some of the older 14.4Kbps modems to connect more reliably. * A problem that caused modems to become stuck in the TEST state has been fixed. In previous releases, this problem caused "dead air" (a user dialed in and received no tones) on u-law circuits (such as in the United States), and caused "Ring No Answer" on a-law circuits. * The problem of "show all" reporting the wrong connection speed has been fixed. In previous releases, a "show all" might show the speed "64000" or "56000" depending on how the port was configured for ISDN, instead of the speed the user had connected at. * Dial-out locations using PPP sometimes failed to connect to remote systems, and "show session" reported direction as "IN" before disconnecting. This problem is fixed. * Previously, an upgrade might create a null Ethernet incoming route filter, and filter out all inbound Ethernet traffic. This problem is fixed. * Previously, data-over-voice (DOV) calls incremented the total number of calls on a modem but did not increment the total connects, making the statistics invalid. This problem has been fixed. Data-over-voice calls no longer increment the total number of calls on a modem. _______ The following bugs were fixed in ComOS interim release 3.7.2c3 and are fixed in ComOS release 3.8 as well: * During system startup, the Stac LZS compression card on the PortMaster 3 sometimes failed to initialize. This problem is now fixed. * When Redhat Linux incorrectly sent out-of-window TCP data on a Telnet or rlogin session from the PortMaster, the PortMaster was temporarily reporting a large window size that was confusing Linux. The PortMaster now properly advertises a window size of zero (0) until the TCP window is emptied, for better interoperability with versions of Linux that have this problem. * Previously, when the ISDN device driver ran out of receive buffers, an error condition occurred that caused an immediate system reboot. This symptom was reported as "random reboots" and generally sent the console message "munich_next_rd: NO BLOCKS" just before the PortMaster rebooted. Running out of receive buffers is now properly handled, and no longer causes a reboot. * The modem code for the "True Digital 56K Card" has been improved. - A software condition that caused the modem to not generate initial modem tones during the answer sequence has been fixed. - Interoperability problems with several V.34 modems have been fixed. - The occasional failure to properly complete self-test has been fixed. - A problem that caused many rate renegotiations, and which sometimes resulted in disconnection, has been fixed. * A "No Tone" problem has been fixed. Previously, dial-in users were sometimes inappropriately disconnected during port cleanup. The message "m_comio_save != NULL" appeared on the console to identify the problem. For example, suppose a user connected to port S0 allocated modem (DSP) M0, but then disconnected at the same time another user dialed in on S1. Because the modem was already back in the ready state, S1 allocated M0. However, when S0 ran its cleanup process, it reinitialized M0 and disconnected the user on S1 before he heard any tones. * If is active when "set on" is entered on the command line, the modem used to suspend service for a minute or two. This problem is fixed. * The LAPM code in the modems has been improved with regard to the LAPM timer and the Echo Canceller training. _______________ New Features in ComOS 3.8 The following commands and features have been added in ComOS 3.8. V.90 Support ComOS 3.8 supports the ITU standard V.90. V.90 is now supported for Lucent, 3Com, and Rockwell chipset client modems dialing in. V.90 is supported for a-law and u-law. ITU-T V.90 support inside the PortMaster 3 has been extensively tested with 3Com, Rockwell (both 1MEG and 2MEG), and Lucent chipset client modems. Modem test results show connection rates and throughput speeds to be competitive. Due to the complicated interoperability issues of modems, if you encounter a problem, verify that the dial-in client modem is running the latest firmware available from the modem vendor. If the issue persists, contact our technical support staff for further assistance. V.90 is not supported for dial-out. The maximum analog dial-out speed is 33600bps for V.34, K56flex, and V.90. T1 Card Support The PortMaster 3 T1 card (PM3-SYNC-T1) is now supported; see "T1 Card Configuration" below for more information. R2 Signaling Support R2 signaling is now supported for certain countries. See "R2 Signaling Configuration" below for more information. Asynchronous Multilink PPP via Modem Connection The PortMaster 3 now supports Multilink PPP (MP) connections per RFC 1717 over asynchronous PPP dialup connections. Multilink PPP Packets No Longer Fragment for NEC Aterm Because the NEC Aterm ISDN terminal adapter (TA) does not accept fragmented Multilink PPP (MP) packets, ComOS now detects this during negotiation and sends only nonfragmented frames. X.75 Support for European ISDN X.75 is now supported for European ISDN. X.75 handles a 2048-byte block size, for better interoperability with European terminal adapters. Fractional ISDN PortMaster 3 line0 and line1 can be configured for fractional ISDN service, where supported by the telephone company: set isdn-fractional set group channel save all reboot You can configure as many groups as needed. Group 1 is used for ISDN. The D channel is assumed to be in its regular time slot, and must not be listed as part of any channel group. Other groups can be defined for use as fractional T1 PPP or Frame-Relay. Example: Command> set line0 isdn-fractional line0 changed to isdn-fractional E1 Command> set line0 group 1 channel 1 2 3 4 5 6 7 line0 channel list for group 1 changed Command> show line0 ---------------------- line0 - E1 ISDN-Fractional --------------- Status: UP Framing: ESF Encoding: B8ZS PCM: a-law Channel Group Speed Channels ----- ------- --------------------------------------------------- 1 ISDN 1 2 3 4 5 6 7 Receive Level: +2dB to -7.5dB Alarms Violations ----------------------------- ----------------------------- Blue 0 Bipolar 0 Yellow 0 CRC Errors 0 Receive Carrier Loss 0 Multiframe Sync 0 Loss of Sync 0 ISDN Unnumbered Plan The ISDN number plan and type are information passed to the switch on outbound calls. These values inform the switch what kind of call is being placed and where the call is to be routed. Usually (especially in Europe), you must use the "unknown, unknown" plan so the switch will make the decision, but in some cases you must set a specific number plan and number type. You can display the current ISDN number plan and type with the "show global" command. set isdn-numberplan Plan 0 unknown 1 ISDN E.164 2 Telephony E.163 7 National 8 Private set isdn-numbertype Type 0 unknown 1 International 2 National 4 Local ISDN Call Progress In previous releases, the PortMaster 3 answered the call before some older switches were ready to set up end to end. The PortMaster 3 now acknowledges the call from the switch and waits 150ms before proceeding, for improved interoperability. IPXCP Support IPXCP negotiation is now supported in addition to IPXWAN negotiation, on PPP connections. Novell uses IPXWAN, but Microsoft still uses IPXCP. The PortMaster tries IPXCP first, and if the remote device does not allow network number negotiation in IPXCP, then the PortMaster tries IPXWAN. If the network number is successfully negotiated via IPXCP, then IPXWAN negotiation is skipped. Longer Filters The PortMaster 3 now supports a maximum of 256 filter rules per filter. An error message is generated when the number of filter rules exceeds the limit. Alternate RADIUS and ChoiceNet Ports The UDP port to send RADIUS authentication, RADIUS accounting, and ChoiceNet requests is now configurable. Different ports can be specified for the primary and secondary servers: set authentic [] set alternate [] set accounting [2] [] set choicenet [2] [] The value is optional, and if not specified defaults to 1645 for RADIUS, 1646 for RADIUS accounting, and 1647 for ChoiceNet, the same as in previous releases. A value of 0 is treated as the default. The Lucent Remote Access RADIUS server, radiusd, uses the -p flag to specify the UDP port for listening for RADIUS authentication requests. The server listens for RADIUS accounting requests on the next higher port. The Lucent Remote Access ChoiceNet server, filterd, uses the -p flag to specify the UDP port for listening for ChoiceNet requests. The default is port 1647. RADIUS Authentication before Call Acceptance on PRI (Call-Check) After receiving the command "set call-check on", the PortMaster 3 sends a RADIUS access-request for any incoming call before accepting the call. The PortMaster 3 expects to receive one of the following replies: 1) a RADIUS access-accept with attributes, to accept the call and provide the indicated service (such as connecting the user via a netdata connection to a given host and TCP port), 2) a RADIUS access-accept with no attributes to accept the call and perform the usual RADIUS authentication, or 3) a RADIUS access-reject to reject the call. The following command enables or disables the call-check feature: set call-check on | off If call-check is enabled, the "show global" command displays the words "(Call Check Enabled)" after the ISDN switch type. If call-check is enabled but no RADIUS support is configured, all dial-in users receive either a busy condition or dead air. The dictionary on the RADIUS server must include this entry: VALUE Service-Type Call-Check 10 NOTE: The value 129 used for Call-Check-User in beta dictionaries has been obsoleted and should be removed from the dictionary if present. The call-check feature is supported for both modem calls and ISDN calls. For more information, see "How to Use RADIUS Call-Check" below. RADIUS Class Support A RADIUS access-accept packet can now return Class (attribute 25, a string). The PortMaster then sends the unmodified Class attribute in the accounting-request packets for that session. To use Class with RADIUS server 1.16, 2.0, or 2.0.1, update the dictionary to include the following entry: ATTRIBUTE Class 25 string RADIUS server 2.1 already includes the Class attribute in its dictionary. RADIUS LE-Advice-of-Charge LE-Advice-of-Charge is a RADIUS vendor-specific attribute included in the RADIUS Accounting stop packet, containing the Advice of Charge information (if any) provided on the ISDN D channel by the telephone company. It requires RADIUS server 2.1 (or another RADIUS server with support for vendor-specific attributes). If you are running an earlier RADIUS server you should refer to "RADIUS Server 2.0.1 Incompatibility" later in this release note. RADIUS LE-Terminate-Detail LE-Terminate-Detail is a RADIUS vendor-specific attribute included in RADIUS Accounting Stop records generated by ComOS 3.8, that contains a detailed description of the reason for session termination (like the one sent to syslog). It requires RADIUS server 2.1 (or another RADIUS server with support for vendor-specific attributes). If you are running an earlier RADIUS server you should refer to "RADIUS Server 2.0.1 Incompatibility" later in this release note. Bandwidth Allocation Control Protocol (BACP) Support BACP has been implemented in accordance with RFC 2125. Because BACP and the Bandwidth Allocation Protocol (BAP) are both negotiated protocols, no special commands are needed to turn them on. The only requirement for use of BAP and BACP is setting directory numbers on all the serial ports so that the PortMaster can offer a second number to the client dialing in. Use the following command to set a directory number: set directory Replace with an ISDN port and with the access telephone number for that port. Example: Command> set s0 directory 5105551234 BACP supports local exchange telephone numbers. If a long-distance BACP user is configured to dial a local exchange telephone number, the PortMaster now checks the Called-Station-Id when a second channel is requested. In this configuration, the directory numbers should not be set. Ethernet Subinterfaces Multiple logical Ethernet interfaces are now allowed on one Ethernet port, for situations that require them. The MAC address and packet filters for subinterfaces are the same as for the primary interface. IPX, RIP, OSPF, and route filters are not supported on the subinterfaces. Ethernet subinterfaces can be viewed, but not modified, with the ifconfig command, because the Ethernet subinterfaces are rebuilt every time a new subinterface is added. Example: add subinterface delete subinterface show table subinterface set subinterface port set subinterface address | / set subinterface netmask set subinterface broadcast high | low add subinterface This command adds a subinterface entry to the subinterface table. The is used to reference the subinterface configuration in the subinterface table, and has a maximum length of 11 characters. It is not the name of the interface or the port the subinterface is associated with. Command> add subinterface enet2 New subinterface enet2 successfully added The following command removes a subinterface entry from the table: delete subinterface The following command displays the subinterface table: Command> show subinterface Subinterface Interface Addr Netmask Broadcast Addr Port Name ------------ ---------------- ---------------- ---------------- --------- enet2 192.168.55.6 255.255.255.0 192.168.55.255 ether0 The following command associates the subinterface configuration with a physical port: set subinterface port Command> set subinterface enet2 port ether0 enet2 changed from to ether0 The following command sets the IP address or an IP address and netmask for the subinterface: set subinterface address | / Command> set subinterface enet2 address 192.168.55.6 enet2 changed from 0.0.0.0 to 192.168.55.6 Command> set subinterface enet2 address 192.168.55.6/27 enet2 changed from 192.168.55.6/24 to 192.168.55.6/27 The following command sets the netmask in dotted decimal notation for the subinterface configuration. This command is not needed if you set the netmask using the classless interdomain routing (CIDR) notation (/xx) in the "set subinterface address" command. set subinterface netmask Command> set subinterface enet2 netmask 255.255.255.0 enet2 netmask changed from 0.0.0.0 to 255.255.255.0 The following command sets the broadcast address for the subinterface: set subinterface broadcast high | low Command> set subinterface enet2 broadcast high enet2 broadcast address changed from low to high The new subinterface is displayed in the "ifconfig" output. The interface name is system generated. ifconfig Command> ifconfig ether0: flags=16 inet 172.16.110.68 netmask fffffff0 broadcast 172.16.110.64 area 0.0.0.64 ospf-state DROTHER mtu 1500 et01: flags=106 inet 192.168.55.6 netmask ffffff00 broadcast 192.168.55.255 mtu 1500 OSPF Support over PPP Dialup OSPF support has been added to locations and network user profiles, for use only as dialup backup to leased lines or Frame Relay. OSPF is now supported on Frame Relay subinterfaces as well. Example: Netuser OSPF commands: set netuser ospf on|off set netuser ospf cost <1-65535> set netuser ospf hello-interval <10-120> set netuser ospf dead-time <40-1200> set netuser ospf point-to-multipoint | nbma | wan-as-stub-ptmp set netuser accept-rip on | off set netuser route-filter in | out Example: Command> set netuser test ospf on Username: test Type: Dial-in Network User Address: Negotiated Netmask: 255.255.255.255 Protocol: PPP Options: Quiet, Compression MTU: 1500 Async Map: 00000000 Port Limit: 30 Idle Timeout: 0 minutes OSPF: on OSPF accept-rip: off OSPF cost: 1 OSPF Hello Int: 10 OSPF Dead Time: 40 OSPF(WAN Type): nbma route-filter incoming: outgoing: Location OSPF commands: set location ospf on|off set location ospf cost <1-65535> set location ospf hello-interval <10-120> set location ospf dead-time <40-1200> set location ospf point-to-multipoint | nbma | wan-as-stub-ptmp set location accept-rip on | off set location route-filter in | out Command> show location test Location: test Type: Manual Destination: Negotiated Netmask: 255.255.255.255 Protocol: PPP Options: Quiet, VJ-Comp, Analog Group: 1 Max Ports: 1 Idle Timeout: 0 minutes High Mark: 0 bytes Mtu: 1500 Async Map: 00000000 Username: test1 Password: test1 Telephone: 5551212 OSPF: on OSPF accept-rip: on OSPF cost: 1 OSPF Hello Int: 10 OSPF Dead Time: 40 OSPF(WAN Type): nbma New Command "show route to-dest " This command shows the route in the routing table that is used to forward an IP packet with a destination address of . This command is useful for debugging routing problems. show route to-dest Example: The "show routes" command shows the complete routing table for this PortMaster: Command> show routes Destination Mask Gateway Source Flag Met Interface ----------------- ---- -------------------- ------- ---- --- --------- 0.0.0.0 0 172.16.110.2 local NS 1 ether0 172.16.110.64 27 172.16.110.4 rip ND 2 ether0 172.16.0.0 27 172.16.110.9 rip ND 3 ether0 172.16.110.0 27 172.16.110.3 local NL 1 ether0 192.168.32.0 24 172.16.110.9 rip ND 2 ether0 10.0.0.0 8 172.16.110.9 rip ND 3 ether0 Use "show route to-dest" to look for the particular route in the routing table that would forward an IP packet with a destination address of 172.16.110.68: Command> show route to-dest 172.16.110.68 Destination Mask Gateway Source Flag Met Interface ----------------- ---- -------------------- ------- ---- --- --------- 172.16.110.64 27 172.16.110.4 rip ND 2 ether0 The displayed route above is a network route with a 27-bit subnet mask. The route covers IP addresses 172.16.110.64 through 172.16.110.95. The PortMaster displayed this route because 172.16.110.68 is a member of this subnet. In the following example, the default route is the route used to forward the packet: Command> show route to-dest 192.168.10.2 Destination Mask Gateway Source Flag Met Interface ----------------- ---- -------------------- ------- ---- --- --------- 0.0.0.0 0 172.16.110.2 local NS 1 ether0 SNMP Modem Table Support is included for a new SNMP MIB to display the information output by the "show modem" command. The MIB is available from ftp://ftp.livingston.com/pub/le/snmp/le38.mib. SNMP Traps and Alarm Management A trap is a notification of an event. An alarm is an instance of a trap. If SNMP is on and a reader is specified, the reader gets traps for failures in PRI lines, modems, channelized T1 lines, and T1 cards. The MIB for the traps is available from ftp://ftp.livingston.com/pub/le/snmp/le38trap.mib. NOTE: The 8-modem "True Digital V.34 Card" generates an alarm for the 9th and 10th modems that do not exist. This alarm can be ignored. show alarms [] clear alarms all | Example: Command> show alarms Alarm Id Age Severity Alarm Message -------- ------ --------- ------------------------------------------ 4763864 19:11 0 T1 line(0) down 4764168 19:09 0 Modem failure: card(0) modem(8) 4772816 19:09 0 Modem failure: card(0) modem(9) Command> show alarm 4763864 ------------------------ Alarm Details -------------------------- Alarm Id: 4763864 Alarm Message: T1 line(0) down Age in minutes: 19:11 Alarm repeated: 1 times Severity: 0 Reported: SNMP Command> clear alarm 4763864 Command> show alarm Alarm Id Age Severity Alarm Message -------- ------ --------- ------------------------------------------ 4764168 19:11 0 Modem failure: card(0) modem(8) 4772816 19:11 0 Modem failure: card(0) modem(9) Command> clear alarm all Command> show alarm Alarm Id Age Severity Alarm Message -------- ------ --------- ------------------------------------------ The "show alarms" command displays a list of each trap that occurred, except that each recurring trap is summarized and identified by an asterisk (*). This handling of duplicates is similar to a recurring message in syslog. For now, "Reported" is always SNMP and "Severity" is always 0. Detailed Ptrace A detailed version of ptrace now displays the Ethernet frame for any packet matching the filter specified with the ptrace command. This command does not work with PPP or Frame Relay packets, and can display garbage after the end of the packet for UDP packets. ptrace dump <0-1514> Command> add filter u New Filter successfully added Command> set filter u 1 permit udp Filter u updated Command> ptrace u dump 128 Packet Tracing Enabled IN ether0 UDP from 172.16.110.4.520 to 172.16.110.0.520 ffffffff ffff00c0 05001228 08004500 005c0db9 0000ff11 0000ac10 6e04ac10 6e000208 02080048 2b580201 00000002 0000ac10 6e400000 00000000 00000000 00010002 0000c0a8 37000000 00000000 00000000 00020002 0000c0a8 0a000000 00000000 00000000 0002c392 e5e50000 00000000 00000000 00000000 04813200 IN ether0 UDP from 172.16.110.9.520 to 172.16.110.31.520 ffffffff ffff00c0 05031d8a 08004500 0034416e 0000ff11 0000ac10 6e09ac10 6e1f0208 02080020 ed5d0201 00000002 0000ac10 6ec00000 00000000 00000000 00018d45 fe356330 61382030 61303030 30303020 30303030 IN ether0 UDP from 172.16.110.5.520 to 172.16.110.31.520 ffffffff ffff00c0 050028ce 08004500 007022b0 0000ff11 0000ac10 6e05ac10 6e1f0208 0208005c dfd10201 00000002 0000ac10 6e600000 00000000 00000000 00020002 0000ac10 6ee80000 00000000 00000000 00010002 0000ac10 6ee00000 00000000 00000000 00010002 0000ac10 6e500000 00000000 00000000 0002ce43 Command> ptrace Packet Tracing Disabled PMVision Support ComOS 3.8 supports PMVision, the new Java graphical user interface to ComOS. PMVision release 1.2 or later is recommended. Command Line Context-Sensitive Help The command line parser has been improved, and the help system has been updated and improved. Context-sensitive help is now available; you can enter a question mark (?) at any point on the command line and press Return to get a list of the keywords or values that can be entered at that point. Keywords use capitals to indicate the shortest permitted abbreviation. The "!!" command now repeats the last command (except for any "?" in it), and you can include additional information to complete the command. Example: Command> set snmp ? ON OFf Readcommunity Writecommunity Command> !! readcommunity ? set snmp readcommunity ? string256 NONE Command> !! public set snmp readcommunity public SNMP read community changed to: public Updated Help Online help from the "help" command has been updated to include all current commands. Example: Command> help add - Add entry to table ptrace - Trace packet traffic attach - Connect direct to port quit|exit - Quit Console clear - Clear SNMP alarm reboot - Restart the system delete - Remove entry from table reset - Reset session/port dial - dial to a location rlogin - Establish rlogin session erase - Erase element of FLASH save - Save current config help - list available commands set - Set configuration ifconfig - View/configure interface show - Show configuration ip|ipx - Sets the environment telnet - Establish Telnet session max pmconsole - Pmconsole session limit# ping - Send ICMP packet to Dest tftp - Transfer file from host pmlogin - Establish PMD session traceroute - Use ICMP to detect route !! - Repeat last command version - Display ComOS version Use "help [command]" for more ... Lastcall Command This command is now available for both the "True Digital V.34 Card" and "True Digital 56K Card." It was available for only the 56K Card in ComOS 3.7.2c3. Use this command to hot-swap a modem card without disconnecting users. If the modem M0 is active, you can enter the command "set m0 lastcall" to force the modem into ADMIN mode as soon as the user logs out. If no user is logged in on the modem when the command is given, the modem immediately enters the ADMIN state. Because this ADMIN mode is not saved, a reboot returns the modem to normal operation. The "set m0 on" command returns the modem to normal operation without affecting the current user. The modem status displayed by the "show " and "show modems" commands is ACT(LC) instead of ACTIVE, to show that the modem status is Active (Last Call), until the current user logs out. If circuits are available to the PortMaster 3 but no modems are available, the PortMaster 3 sends a User Busy signal back to the telephone company when another call comes in. As a result, the user receives a busy signal instead of being forwarded to the next line in the hunt group. To prevent this behavior, the telephone company might be able to configure the line for "forward when busy." Reset Modem Command The "reset " command has been added, to reset the modem and reload its DSP code. The "set on" command performs the same functions and places the modem in READY state. "show " Command Displays Card Type The "show " command now displays the card type -- either "ADI Chipset" for the "True Digital V.34 Card" or "Lucent Chipset" for the "True Digital 56K Card." If the card type is Lucent Chipset, "show " does not provide "Connection Failures" information. _______________ How to Use RADIUS Call-Check After receiving the command "set call-check on", the PortMaster 3 sends a RADIUS access-request for any incoming call before accepting the call. The PortMaster 3 expects to receive one of the following replies: 1) a RADIUS access-accept with attributes, to accept the call and provide the indicated service (such as connecting the user via a netdata connection to a given host and TCP port), 2) a RADIUS access-accept with no attributes to accept the call and perform the usual RADIUS authentication, or 3) a RADIUS access-reject to reject the call. set call-check on | off This command enables or disables the call-check feature. If call-check is enabled, the "show global" command displays the words "(Call Check Enabled)" after the ISDN switch type. If call-check is enabled but no RADIUS support is configured, all dial-in users receive either a busy condition or dead air. The dictionary on the RADIUS server must include this entry: VALUE Service-Type Call-Check 10 NOTE: The value 129 used for Call-Check-User in beta dictionaries has been obsoleted and should be removed from the dictionary if present. The call-check feature is supported for both modem calls and ISDN calls. Call-check is available on the PortMaster 3 to allow an ISP to check the telephone number before answering the call. Typical applications might be to hang up and call the user back with no charge incurred for connecting the user in the first place, or to limit the number of people who can call a given number. (Both require changes to the RADIUS server as well.) Call-check also allows the redirection of a call to support virtual points of presence (POPs). If a customer calls one number, you authenticate normally. If he calls a different number, you accept the call but forward all data through a netdata (TCP clear) connection to an IP address and port of your choosing, where some other process handles the user. The PortMaster sends an access-request packet to the RADIUS server with a User-Name set to be the Calling-Station-Id and a Service-Type of Call-Check. All the usual information is included in the packet, except the User-Password or CHAP-Password is not included, because the call has not been accepted yet, and the user has provided no login and password. The following three examples show possible user entries: # Send back an access-accept to ask for login & password for this user. # He will need a usual user entry as well. 9255551112 Service-Type = Call-Check, Calling-Station-Id = "9255551112", Called-Station-Id = "5553333" fred Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP # Do not accept calls from this phone number. 9255551113 Service-Type = Call-Check, Calling-Station-Id = "9255551113", Auth-Type = Reject # Redirect calls to 5552222 to host via netdata. DEFAULT Service-Type = Call-Check, Calling-Station-Id = "9255551111", Called-Station-Id = "5552222" Service-Type = Login-User, Login-IP-Host = virtual.edu.com, Login-Service = TCP-Clear, Login-TCP-Port = 2000 _______________ R2 Signaling Configuration Use the following procedure to configure the PortMaster 3 to support R2 signaling on an E1 line. R2 signaling for the PortMaster 3 has been tested in Argentina, Brazil, Chile, Israel, Mexico, Panama, Philippines, Romania, Russia, South Africa, Tunisia, Turkey, United Kingdom, and Venezuela. Both analog modem and 56Kbps ISDN data dial-in calls are supported. Dial-out is not supported. R2 is not supported on the T1 card. 1. Obtain line parameters from the telephone company, and then enter commands in the following order to set up R2 signaling. Replace with either line0 or line1. Command> set inband Command> set signal r2generic | mfr2 Command> set framing crc4 | fas Command> set encoding hdb3 | ami Command> save all New commands are explained below. See the "PortMaster Command Line Reference" for descriptions of other commands. 2. Insert the line connector (RJ-48c) from the telephone company into the line0 or line1 port, and enter the "reboot" command. 3. Enter the "show line0" command to verify the configuration. This example illustrates MFR2 signaling with profile 0, Frame Alignment Signaling (FAS) framing, and high-density bipolar 3 (HDB3) encoding. Command> show line0 ---------------------- line0 - E1 Inband DS0 --------------- Status: UP F1 Framing: FAS Encoding: HDB3 PCM: a-law Signaling: MFR2 Profile: 0 Violations ----------------------------- Bipolar 0 CRC4 0 E-bit 0 FAS bit 0 You enable R2 signaling on a per-line basis using one of the two following commands. Most setups use MFR2 profile 0. set signaling r2generic set signaling mfr2 Replace with either line0 or line1, and with an integer that is dependent on the country and switch. Generic R2 signaling (r2generic) provides line signaling with all inband tone signaling disabled. If the telephone company provides inband tone signaling, you must set the MFR2 profile as follows: Profile Country ------- ------------ 0 ITU-T standard, Argentina 1 Mexico1 2 Brazil and Tunisia 3 Venezuela 4 Mexico2 Most countries use profile 0, the ITU-T standard. Profile 4 can be used wherever profile 1 is used in Mexico, but not vice versa. Profile 4 is a subset of profile 1 and is used with switches that do not support caller ID. See ITU Reference Q.422 for Standard R2 signaling, and Q.441 and Q.442 for Multi-frequency (MFR2) signaling. _______________ T1 Card Configuration You can install one T1 card (PM3-SYNC-T1) in any available modem slot of a PortMaster 3 running ComOS 3.8 or later. Only one T1 card is supported in the PortMaster 3. If you install additional T1 cards, they are ignored. The T1 card operates the same way as leased line connections on built-in ports on the PortMaster 3, with a few exceptions. The T1 card is identified as "line2" and has the same settings as line0 and line1. Unused settings are ignored. All line framing and encoding types are supported. Valid line types are "T1" and "Fractional". (Setting ISDN defaults to T1 operation.) When set to fractional, the T1 card supports only one line group. In this case, the card uses the first line group detected (numerically) for configuration. The fractional line group supports any number of time slots and also supports 56Kbps channels. When you install the T1 card, a new port is added to the list of active ports in the "show all" command. In a single PRI PortMaster 3, the new port is W24; in a two-PRI PortMaster 3, it is W48. If the Stac LZS compression card is present in the PortMaster 3, you can enable Stac compression for the T1 card. The T1 card cannot be used for PRI or channelized T1. The T1 card does not support E1 or R2. Clocking The T1 card uses the following new command, which is valid only for line2: set line2 clock internal | external When you select "internal", the built-in 1.544MHz crystal drives the line. You can use this setting for dry wire or back-to-back connections. When you select "external" (the default), the built-in CSU/DSU extracts the clock signal from the line. Fractional T1 Configuration To configure the card for fractional T1, use the following command: set line2 fractional To set the channel group for fractional T1, use the following command: set line2 group channel is a group number from 1 to 63, or use the "none" keyword to unassign channels. is a list of channels from 1 to 24, separated by spaces. The channel numbers do not have to be contiguous. To set the channel rate to 56Kbps or 64Kbps for a channel group, use the following command: set line2 group 56k | 64k Note that 56Kbps is typically used for D4 framing, while 64Kbps is used for other framing types. 64Kbps is the default. save all reboot T1 Configuration To configure the card for full T1, use the following commands: set line2 t1 save all reboot Frame Relay Configuration Refer to the "Using Frame Relay" chapter of the "PortMaster Configuration Guide". Point-to-Point Configuration Refer to the "Configuring a Synchronous WAN Port" chapter of the "PortMaster Configuration Guide". LED Indication The LED indication of the T1 card is the same as for line0 and line1 of the PortMaster 3. Red light only -- CSU/DSU is not synchronized with switch and/or remote end. Red light and green light -- CSU/DSU is up and synchronized. WAN port is idle or connecting. Green light only -- Port is established and fully operational. Troubleshooting the T1 Card Use the "show line2" command to display the status of the line. If you have not installed the T1 card correctly, the "show line2" command displays the following error message: line2 is not available In this case, remove the card, wait 5 seconds, and reinsert the card carefully. When the card is pulled out, the console displays the message: "Card Service: Stopping wancard in slot 0" When the card is inserted, the console displays the following message: Card Service: Starting wancard in slot 0 WANCTL version 0.0 WANCTL: sync_init - found device The "show alarms" command detects when line2 goes down (for example, if the T1 cable is pulled out). It does not show an alarm if the card is removed. Command> show alarms Alarm Id Age Severity Alarm Message -------- ------ --------- ------------------------------------------ 2851352 0 0 T1 line(2) down Command> show alarm 2851352 ------------------------ Alarm Details -------------------------- Alarm Id: 2851352 Alarm Message: T1 line(2) down Age in minutes: 0 Alarm repeated: 1 times Severity: 0 Reported: SNMP Limitations of the T1 Card The T1 card is hot-swappable. However, after pulling the card out from the PortMaster 3 slot you must wait a few seconds before reinserting it. If you pull the card out and reinsert it immediately, the PortMaster 3 might lock up. Turn the power off and on to fix this problem. _______________ Limitations in ComOS 3.8 RADIUS Server 2.0.1 Incompatibility RADIUS server 2.0.1 and earlier releases do not support Vendor-Specific attributes properly. To use RADIUS Server 2.0.1 with ComOS 3.8 you must add the following line to the dictionary file and kill and restart radiusd. ATTRIBUTE Vendor-Specific 26 string RADIUS accounting stop records in the accounting detail file will then show LE-Advice-of-Charge and LE-Terminate-Detail attributes (if present) like this: Vendor-Specific = "" Request-Authenticator = Unverified The RADIUS accounting stop record in the detail file for ComOS 3.8 will be (falsely) identified as having an unverified Request-Authenticator, this indicator should be ignored. RADIUS server 2.1 supports Vendor-Specific attributes properly and does not have this problem. At the time of this release note, RADIUS server 2.1b6 is available in open beta. No V.22 on V.34 Card V.22 is no longer supported on the "True Digital V.34 Card" and will not be supported in future releases. Downgrading to ComOS 3.5 Loses Ether0 IP Address If the PortMaster is downgraded from ComOS release 3.8 to ComOS 3.5 or ComOS 3.7.2c3, the Ether0 address is lost and must be reconfigured. To reconfigure, attach a console to the C0 port and enter the "set ether0 address " command, followed by "save all" and "reboot". _______________ Upgrade Instructions WARNING! YOU MUST USE PMINSTALL VERSION 3.5.3 OR LATER TO PERFORM THIS UPGRADE! If you are upgrading using PMconsole for Windows, you must use PMconsole for Windows 3.5.1.4 or later. You can also perform this upgrade using PMVision 1.2 or later, or the pmupgrade from PMTools 4.0. *** CAUTION! If the upgrade fails, do NOT reboot! Contact Lucent *** *** Remote Access Technical Support without rebooting. *** The upgrade process on the PortMaster 3 erases the configuration area from nonvolatile memory and saves the current configuration into nonvolatile memory. Never interrupt the upgrade process, or loss of configuration information can result. This upgrade does not otherwise affect your stored configuration in the PortMaster. The installation software can be retrieved by FTP from ftp://ftp.livingston.com/pub/le/software/System/Tarfile.tar.Z. Replace System and Tarfile.tar.Z with the names of the files. You can retrieve the upgrade image at the same time. The following example shows an administrator retrieving pmupgrade and the PortMaster 3 upgrade image: umask 22 mkdir /usr/portmaster cd /usr/portmaster ftp ftp.livingston.com (Enter anonymous) (Enter your email address; it will not echo.) binary cd /pub/le/software/java get pmtools40b2.txt get pmtools40b2_unix.tar cd /pub/le/upgrades get pm3_3.8 quit (Follow the instructions in pmtools40b2.txt to install and run pmupgrade.) PMconsole 3.5.1.4 for Windows 95 and Windows NT 4.0 is available on ftp://ftp.livingston.com/pub/le/software/pc/pmw3514.exe in a self-extracting file. Transfer that file via FTP, run the file to install PMconsole for Windows, move the upgrade file into the data directory, run PMconsole for Windows, and click the Upgrade icon. PMconsole for the following operating systems can be found under ftp://ftp.livingston.com/pub/le/software/: bsdi/pm_3.5.3_BSDOS_2.0.tar.Z BSD/OS 2.0 and 2.1 sgi/pm_3.5.3_IRIX_5.2.tar.Z SGI IRIX 5.2 linux/pm_3.5.3_Linux.tar.Z Linux 1.2.13 ELF rs6000/pm_3.5.3_RS6000_4.1.tar.Z RS6000 AIX 4.1 alpha/pm_3.5.3_alpha_T3.0.tar.Z Digital Alpha OSF/1 T3.0 hp/pm_3.5.3_hp9000_10.01.tar.Z HP 9000 HP/UX 10.01 sun4/pm_3.5.3_sun4.tar.Z SunOS 4.1.4, 5.5.1 on Sparc sun86/pm_3.5.3_sun86_5.5.tar.Z Solaris x86 2.5.1 pc/pmw3514.exe Windows 95 and Windows NT 4.0 java/pmvision12.tar Java on UNIX java/pmvision12.zip Java on Windows 95 and NT See ftp://ftp.livingston.com/pub/le/software/java/pmvision12.txt for installation instructions for the PMVision 1.2, or use PMVision 1.2b4 or PMVision 1.3b3 if release 1.2 is not on the FTP site yet. The following upgrade image is available at ftp://ftp.livingston.com/pub/le/upgrades/: ComOS Upgrade Image Product _________ _____________ _____________________________________ 3.8 pm3_3.8 PortMaster 3 You must add the following three lines to your RADIUS dictionary before running ComOS 3.8. If upgrading from a ComOS 3.8 beta release, you must also modify your RADIUS users file to use Call-Check instead of Call-Check-User. Then kill and restart radiusd. ATTRIBUTE Class 25 string ATTRIBUTE Vendor-Specific 26 string VALUE Service-Type Call-Check 10 If you are running the Lucent Remote Access RADIUS Server 2.1, the above attributes are already included in your dictionary file, along with the following vendor-specific attributes: VENDOR Livingston 307 ATTRIBUTE LE-Terminate-Detail 2 string Livingston ATTRIBUTE LE-Advice-of-Charge 3 string Livingston ________________________________________________________________________ Copyright and Trademarks Copyright 1998 Lucent Technologies. All rights reserved. PortMaster, ComOS, and ChoiceNet are registered trademarks of Lucent Technologies, Inc. RADIUS ABM, PMVision, PMconsole, and IRX are trademarks of Lucent Technologies, Inc. ProVision is a service mark of Lucent Technologies, Inc. All other marks are the property of their respective owners. Notices Lucent Technologies, Inc. makes no representations or warranties with respect to the contents or use of this publication, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Lucent Technologies, Inc. reserves the right to revise this publication and to make changes to its content, any time, without obligation to notify any person or entity of such revisions or changes. Contacting Lucent Remote Access Technical Support Lucent Technologies Remote Access Business Unit (previously Livingston Enterprises) provides technical support via voice, fax, electronic mail, or through the World Wide Web at http://www.livingston.com/. Please specify that you are running ComOS 3.8 when reporting problems with this release. Internet service providers (ISPs) and other end users in Europe, the Middle East, Africa, India, and Pakistan should contact their authorized Lucent Remote Access sales channel partner for technical support; see http://www.livingston.com/International/EMEA/distributors.html. For North and South America and Asia Pacific customers, technical support is available Monday through Friday from 7 a.m. to 5 p.m. U.S. Pacific Time (GMT -8). Dial 1-800-458-9966 within the United States (including Alaska and Hawaii), Canada, and the Caribbean, or 1-925-737-2100 from elsewhere, for voice support. Otherwise, fax to 1-925-737-2110, or send email to support@livingston.com (asia-support@livingston.com for Asia Pacific customers).