[Top][Contents][Prev][Next][Last]Search

WAN Connections

This chapter covers the following topics:
Introduction to WAN connections
Local profiles
External authentication servers
Configuring PPP connections
Configuring MP connections
Configuring MP+ connections
Configuring TCP-Clear connections
Enabling modem dial-out connections

Introduction to WAN connections

WAN connections can be synchronous or asynchronous, depending on the remote device. For example, a remote access router (such as an Ascend Pipeline) initiates a synchronous connection, while an analog modem dials an asynchronous connection.

A synchronous data link uses HDLC encoding and connects to an access router for a network-to-network link. It is initially routed as a digital call to an HDLC channel in the MAX TNT, and then to the router software. Synchronous connections use an encapsulation protocol such as Point-to-Point Protocol (PPP) or Frame Relay to deliver packets from one box to another. Synchronous connections may be multi-channel.

An asynchronous data link uses the kind of serial communications provided by a PC COM port, and is typically initiated by a dial-up modem or V.120 terminal adapter (TA) for a host-to-network or host-to-host connection. Async calls initiated by a modem are typically routed as a voice call to a digital modem in the MAX TNT, and then to the terminal-server software. Other kinds of async calls may be routed to an HDLC channel, and from there to the terminal-server software or directly to a local host.

Types of encapsulation protocols

The MAX TNT supports the following encapsulation protocols, which enable delivery of packets from one device to another across the WAN:

Frame Relay configuration is described in Chapter 3, Frame Relay.

V.120 encapsulation is handled transparently and requires minimal configuration (for details, see Answer-Defaults profile).

Note: PPP calls use a single channel. MP calls use a static number of multiple channels, and can be used to communicate with any MP-compliant device. MP+ calls use multiple channels, which are added dynamically as needed, and can be used only between Ascend units. If you configure MP+ and the remote device does not support it, the MAX TNT attempts an MP connection. If the remote device does not support MP, the MAX TNT falls back to single- channel PPP.

Answering and authenticating dial-in calls

When the MAX TNT receives an incoming call on one of its lines (such as a T1 line), it evaluates the call based on the settings in the Answer-Defaults profile. If the call complies with the conditions in that profile, the MAX TNT answers the call, routes it to the appropriate host card (such as a modem or HDLC channel) and looks for a Connection profile or equivalent external profile to match the call's parameters.

If it finds a local or external profile for the caller, the MAX TNT begins the authentication process, which is described in Appendix A, Access Security Settings. If it does not find a matching profile (and the Answer-Defaults profile requires a profile for all callers), the MAX TNT drops the call.

How the system initiates dial-out calls

When the MAX TNT receives an outbound packet destined for a remote location, it looks for a Connection profile or equivalent external profile to match the destination address in the packet. If it finds a matching profile, it brings up the connection. This process is described in more detail in the routing chapters of this guide.

In addition, the MAX TNT can allow users to access its 56K modems to initiate a dial-out session. This is described in Enabling modem dial-out connections

Establishing and monitoring sessions

After it authenticates a call, the MAX TNT builds and maintains a session with the caller. The call's data may be forwarded to the MAX TNT router software (for a framed-protocol session), to the terminal-server software (for an interactive login), or to a specified host, depending on the nature of the call.

The MAX TNT uses Session-Options settings in the caller's Connection profile to monitor and, if appropriate, to terminate the session. For example, it may use its Idle-Timer and Call-Filter settings to terminate the session after a certain amount of idle time. (For more information, see Session time limits.)

Spanning cards and shelves for multichannel calls

The MAX TNT can bundle channels for an MP or MP+ connection across multiple HDLC cards, which may reside in different shelves of a multishelf system. The behavior of the Call-Routing-Sort-Method parameter in the System profile has been modified to enable bundling channels across HDLC cards transparently. For details, see the MAX TNT Reference Guide.

Local profiles

Typically, each call must have a Connection profile (or external profile) that specifies a name and password to be used in the authentication sequence. The Answer-Defaults and Terminal-Server profiles also set parameters that affect WAN connections.

Note: This guide focuses on local Connection profiles. In most cases, you can configure equivalent settings using an external authentication server, as described in External authentication servers.

Answer-Defaults profile

The Answer-Defaults profile sets baseline values that determine whether the MAX TNT accepts certain incoming calls, so you must check the Answer-Defaults values to make sure they are set properly for your site.

Note: Answer-Defaults values are applied before the MAX TNT routes the call to a modem or HDLC channel for processing, and before it locates the caller's Connection profile. If the caller's profile contains a similar parameter with a different value, the MAX TNT uses the connection-specific value rather than the Answer-Defaults value to build the session.

The following commands open the Answer-Defaults profile and display its contents:

Default settings

 By default, the Answer-Defaults profile enables all types of encapsulation and routing, and the basic call-setup parameters use the lowest common denominator settings. This is appropriate for many sites, but you might want to change the settings to fine-tune the criteria for accepting calls, or to constrain how much bandwidth is accessible to multilink PPP calls.

Requiring authentication for PPP calls

The following parameters affect authentication of answered calls. The parameters are shown with their default values:

By default, no Calling Line ID (CLID), Dial Number Information Service (DNIS), or PPP authentication is required for incoming calls. Most sites change the Receive-Auth-Mode default to ensure authentication of PPP call before a session is established, as shown in the following example:

When you specify Any-PPP-Auth as the method of PPP authentication, the MAX TNT accepts incoming PPP calls that support any of the authentication methods, but it drops connections that do not offer any authentication protocols during LCP negotiation. For more details about PPP, CLID, and DNIS authentication, see Appendix A, Access Security Settings.

See the MAX TNT RADIUS Guide for information about Answer-Defaults settings that are useful for RADIUS-authenticated calls.

V.120 settings

V.120 terminal adapters (also known as ISDN modems) are asynchronous devices that use ITU-T V.120 encapsulation. After encapsulation processing, these calls are forwarded to the terminal server. Following are the Answer-Defaults parameters related to V.120 connections. The parameters are shown with their default settings:

V.120 calls are enabled by default in the Answer-Defaults profile. Frame-Length specifies the V.120 maximum transmit and receive frame sizes. The value should correspond to the settings in the TA software. The terminal adapter settings for V.120 operation that is compatible with the MAX TNT follow (refer to the manual for the V.120 device for information about how to enter them).

The following set of commands configure V.120 calls with a maximum frame size of 260 bytes:

Note: If the user's dial-in software supports async-to-sync conversion, the Connection profile can be set for PAP or CHAP authentication and the user can access the terminal server by PPP automatic login.For recommended authentication settings for connections using terminal adapters, see Appendix A, Access Security Settings.

Terminal-Server profile

The MAX TNT terminal-server software receives asynchronous calls after they have been processed by a digital modem. These calls are typically dialed in by a modem or V.120 TA. If the caller does not send PPP packets immediately, the terminal server starts a login sequence.

For an async PPP call, the terminal server forwards the call to the router software as soon as it detects a PPP packet. For information about configuring async PPP calls, see Example of an asynchronous PPP connection.

For a login session, each user must have a Connection profile (or external profile) that specifies a name and password to be used in the terminal-server login sequence. In addition, a global Terminal-Server profile defines how these calls are authenticated, and where the call is directed following authentication. For information about both of these issues, see Appendix A, Access Security Settings and Appendix B, Network Security Settings

You must enable the terminal-server software to allow the MAX TNT to handle asynchronous calls. Following is the related parameter with its default setting:

The following set of commands enables the terminal-server software:

Connection profiles

 A Connection profile contains all connection-specific information, including authentication settings, compression values, filter specifications, and Telco options. The following commands create a new Connection profile and list its contents:

Required settings

 The Station parameter in a Connection profile specifies the name associated with a remote device. It is a required parameter (you cannot write the profile without specifying a station name).The value you specify is case sensitive, and must exactly match the name the remote device provides as part of the authentication process.

In Connection profile listings, the Station parameter is shown in italics, because it is the unique name that indexes each Connection profile. For example:

The Active parameter enables a Connection profile for use. If set to No, the MAX TNT does not use the profile.

Telco settings for nailed connections

A nailed connection is leased bandwidth between two end-points. For the details of grouping leased channels and call routing, see the MAX TNT Hardware Installation Guide.

For the most part, a nailed connection uses the same parameter settings as a switched connection. If either the MAX TNT or the far-end device resets, the nailed connection must be re-established, which typically involves authentication and other negotiations similar to a switched connection. To specify that a connection uses nailed channels, you must set the following parameters, which are shown with their default values:

Following is an example of configuring a nailed connection:

Session time limits

 Once the MAX TNT has answered a call and established a WAN session, it uses the settings in the Session-Options subprofile of the Connection profile to apply filters or firewalls to the session's data stream and time out the session if it becomes inactive for a specified time period. Following are the relevant Session-Options parameters, shown with their default values:

For information about defining and applying filters and firewalls to a WAN connection, see Chapter 9, Ascend Packet Filters.

Setting a time limit for idle connections
The idle timers in the Session-Options subprofile keep track of the amount of time that passes when no data is being exchanged across the connection. You can apply a packet filter in the Session-Options subprofile to specify which packets should not be counted as part of an active data exchange. This helps to prevent routine background traffic from keeping a connection up unnecessarily.

Following is an example of setting the idle timers to 60 seconds and specifying that only input characters reset the timer for a terminal-server session:

The Idle-Timer and TS-Idle-Timer parameters specify how long a network or terminal-server session may remain idle before the MAX TNT drops the connection. The Idle-Timer applies to sessions where the data on the WAN is packetized and passes through the MAX TNT router.

The TS-Idle-Timer applies to sessions where the data on the WAN is not packetized and is processed by the terminal server.

Setting an absolute time limit
The value of the Max-Call-Duration parameter is the maximum number of minutes of connect time before the call is dropped. A value of zero disables the connection timer.

Following is an example of setting the maximum connect time to 60 minutes:

For a multi-channel call, the limitation is per channel rather than for the connection. The call is checked once per minute, so the actual time of the call will be slightly longer (usually less than a minute longer) than the actual time you set.

Session accounting options

The MAX TNT supports RADIUS and TACACS+ accounting. Only RADIUS accounting can be specified on a per-connection basis. Following are the relevant parameters for both RADIUS and TACACS+, shown with their default values:

Using RADIUS
 You can send accounting statistics for a specific connection to the server specified in the External-Auth profile (global), the server specified in the usrRad-options subprofile (local), or both. When the accounting policy includes the local RADIUS accounting server (the one specified in a Connection profile), you can specify the server's address (Acct-Host), a UDP port on that server (Acct-Port), a password (Acct-Key), timeout, and numeric base (10 or 16).

For information about using RADIUS, see the MAX TNT RADIUS Guide.

Using TACACS+
For information about configuring the TACACS+ server for session accounting, see the TACACS+ documentation. This section shows how to configure the MAX TNT to send accounting statistics about all WAN sessions to the specified TACACS+ server. Following is an example of how to enter the parameter settings. Following that are explanations of the parameters.

In the External-Auth profile, the Acct-Type parameter specifies the type of accounting to be performed: RADIUS or TACACS+.

Each acct-server-N parameter can specify the IP address of one TACACS+ server. The MAX TNT first tries to connect to server #1. If it receives no response, it tries to connect to server #2. If it receives no response from server #2, it tries server #3. If the MAX TNT connects to a server other than server #1, it continues to use that server until it fails to service requests, even if the first server has come online again.

The Acct-Port parameter specifies the destination port to use to access the server. The port specified must match the port used by the TACACS+ daemon.

The Acct-Src-Port parameter specifies the source port to use to access the server. If zero, the source port is selected from the non-privileged port range (1024-2000).

Acct-Key is an accounting access key shared with the server.

Routing and security settings

For the MAX TNT to route packets, you must configure its router software and its LAN and WAN interfaces. For details, see one or more of the following chapters:

For information about Connection profile tunnel options, see Chapter 7, Ascend Tunnel Management Protocol.

For information about network security, see Chapter 9, Ascend Packet Filters, and the appendixes of this guide.

External authentication servers

An external authentication server such as RADIUS or TACACS enables administrators to centralize management and authentication of thousands of connections, and many sites use external authentication rather than local Connection profiles. Many of the same options described here are provided in another format in RADIUS or TACACS profiles.

Using RADIUS

If you are using RADIUS authentication, note that Ascend has added features to the standard RADIUS daemon to support Ascend-specific connection features. For information about configuring WAN connections in a RADIUS profile, see the MAX TNT RADIUS Guide.

Using TACACS or TACACS+

If you are using TACACS or TACACS+, the documentation that accompanied the server software explains how to set up the server. Following are the parameters used to configure the MAX TNT to authenticate connections by means of TACACS or TACACS+:

You can specify up to three server addresses, the TCP port to use, a password (key) required by the server, and a timeout value in seconds. In the case of TACACS+, you can also specify when to reset the primary server after a server failure, the amount of time that should elapse before an attempt to connect to a backup server, and the number of connection attempts to make. For detailed information about the parameters, see the MAX TNT Reference Guide.

Configuring PPP connections

This section shows how to configure a connection's PPP options. Following are the Connection profile parameters related to PPP configuration, shown with the default settings:

Password authentication

 For details about password authentication for PPP, MP, and MP+ connections, see Appendix A, Access Security Settings.

Link compression methods

The Link-Compression setting specifies a compression method to use for PPP-encapsulated packets transmitted and received on the connection. During the negotiation phase of the connection, both sides must agree to use the specified method. The MAX TNT supports the following types of link compression:

Link Quality Monitoring

 The process of monitoring data loss on a point-to-point link is called Link Quality Monitoring (LQM). When you enable LQM in a Connection profile, the MAX TNT maintains counts of the number of packets transmitted and successfully received, and periodically transmits this information to the far-end device in a Link-Quality-Report packet. The following set of commands enables LQM for a connection, using the default six-second period for generating Link-Quality-Report packets:

For an explanation of PPP LQM, see RFC 1989, PPP Link Quality Monitoring, W Simpson.

Example of a synchronous PPP connection

The connection shown in Figure 2-1 uses PPP encapsulation and Challenge Handshake Authentication Protocol (CHAP) authentication. The far-end device is a Pipeline unit with the IP address 10.2.3.31/24. The Connection profile settings enable the MAX TNT to dial out to and receive calls from the Pipeline. This is a single-channel synchronous PPP call.

Figure 2-1. Synchronous PPP connection

Following are the commands entered to configure this call, and the system's responses:

Note: The Dial-Number, Send-Auth-Mode, and Send-Password parameters are used only when the connection is dialed out.

Example of an asynchronous PPP connection

The connection shown in Figure 2-2 uses PPP encapsulation and PAP or CHAP authentication. The calling device is a modem. This is a single-channel asynchronous PPP call.

Figure 2-2. Asynchronous PPP connection

Following are the commands entered to configure this Connection profile, and the system's responses:

Configuring MP connections

Multilink Protocol (MP) uses the encapsulation defined in RFC 1990. MP enables the MAX TNT to interact with MP-compliant equipment from other vendors to use multiple channels for a call. Both sides of the connection must support MP encapsulation.

PPP Answer-Defaults and Connection profile settings also apply to MP connections. If you configure an MP connection and the MAX TNT cannot successfully negotiate the connection, it falls back to single-channel PPP (see Configuring TCP-Clear connections).

Following are the Connection profile parameters related to MP connections. The MP options are shown with their default settings.

Setting the base channel count

 When a call is received, the MAX TNT authenticates the first (base) channel of the call and then uses the parameters in the caller's Connection profile to determine the maximum and minimum settings. The base channel count for an MP call must be greater than or equal to the minimum count and less than or equal to the maximum count. For optimum performance, both sides of a connection should set the Base-Channel-Count, Minimum-Channel-Count, and Maximum-Channel-Count parameters to the same values.

Example of an MP connection

For example, the MP connection shown in Figure 2-3 is allocated two channels:

Figure 2-3. Multilink Protocol (MP) connection

Following are the commands entered to configure this Connection profile, and the system's responses:

Send-Password is the password sent to the remote device for a dial-out connection, and Recv-Password is the password expected from the remote device for an inbound connection.

Configuring MP+ connections

Multilink Protocol Plus (MP+) uses PPP encapsulation with Ascend extensions, as described in RFC 1934. MP+ enables the MAX TNT to connect to another Ascend unit through multiple channels. The criteria for adding or dropping a link are part of the Ascend extensions, and are supported only by Ascend equipment.

PPP and MP Answer-Defaults and Connection profile settings also apply to MP+ connections. To specify the base channels of an MP+ connection, you must configure the MP-Options subprofile (see Configuring MP connections).

Following are the Connection profile parameters, shown with default values for MP+ options:

Encapsulation-Protocol specifies MPP for Multilink Protocol Plus connections. Both sides of the connection must support the specified protocol (that is, they must both be Ascend units).

How the MAX TNT adds bandwidth

To add bandwidth on demand, the MAX TNT dials additional connections and inverse multiplexes those channels into the call.

Note: For information about configuring per-channel add-on numbers that enable the MAX TNT to add bandwidth on demand, see the MAX TNT Hardware Installation Guide.

The MAX TNT can reject the request to add bandwidth if there are no more channels available at one or both ends, or if the network is congested. Under either of those conditions, the two ends enter bandwidth-addition-lockout mode, in which neither side can request bandwidth. The restriction prevents both ends from continually trying to add new channels unsuccessfully. The MAX TNT and the Ascend unit at the other end automatically remove the lockout restriction when the condition that caused the lockout changes. Changes typically result from plugging in a new switched-service line, reconfiguration of the line profile, or a switched-service congestion timeout. Once the lockout is removed, either end is free to add bandwidth.

Monitoring bandwidth usage

The MAX TNT uses the Bandwidth-Monitor-Direction parameter to determine the criteria for adding or subtracting bandwidth from the connection. Bandwidth-Monitor-Direction specifies whether criteria for adding or dropping links apply to traffic received across the link, transmitted across the link, or both. If both sides of the link have Bandwidth-Monitor-Direction set to None, DBA is disabled.

Specifying bandwidth increments

You can add channels one at a time or, if the MAX TNT is configured for parallel dialing, in multiples. To configure the unit for parallel dialing, set the Parallel-Dialing parameter in the System profile. For example, the following command shows that Parallel-Dialing is set to 2 (the default), which enables two concurrent dial-out calls:

In a Connection profile, the MAX TNT uses the following parameters to determine the number of channels to add or subtract from the connection at one time:

Parameter

Effect
Increment-Channel-Count

 Specifies the number of channels the MAX TNT can add at one time, subject to the setting of the Parallel-Dialing parameter in the System profile.

Decrement-Channel-Count

Specifies the number of channels the MAX TNT can subtract at one time, dropping the newest channels first.

Specifying the utilization rate that forces a request for bandwidth

To determine when to change the bandwidth allocated to a connection, the MAX TNT uses the following parameter settings:

Parameter

Effect
Seconds-History

 Specifies a number of seconds to use as the basis for calculating average line utilization (ALU).

Target-Utilization

 Specifies a percentage of line utilization (default 70%) to use as a threshold when determining when to add or subtract bandwidth.

Dynamic-Algorithm

 Specifies an algorithm for calculating average line utilization (ALU) over a certain number of seconds (Seconds-History).

Quadratic (the default) gives more weight to recent utilization samples than to older samples within Seconds-History. The weighting grows at a quadratic rate. Linear gives more weight to recent utilization samples than to older samples within Seconds-History. The weighting grows at a linear rate. Constant gives equal weight to all utilization samples.

Specifying how long the utilization rate should persist

To determine how long the utilization rate should persist, the MAX TNT uses the following parameter settings:

Parameter

Effect
Add-Persistence

 Specifies the number of seconds for which ALU must persist beyond the Target-Utilization threshold before the MAX TNT adds bandwidth.

Sub-Persistence

 Specifies the number of seconds for which the ALU must persist below the Target-Utilization threshold before the unit subtracts bandwidth.

ALU spikes

The values for Seconds-History, Add-Persistence, and Sub-Persistence should smooth out spikes in bandwidth utilization that last for a shorter time than it takes to add capacity. Over T1 lines, the MAX TNT can add bandwidth in less than ten seconds. Over ISDN lines, the unit can add bandwidth in less than five seconds.

Telco charges

Once the MAX TNT adds bandwidth, there is typically a minimum usage charge, after which billing is time-sensitive. The Sub-Persistence value should be at least equal to the minimum duration charge plus one or two billing time increments. Typically, billing is done to the next multiple of six seconds, with a minimum charge for the first thirty seconds.

Adding or subtracting channels too quickly (less than 10-20 seconds apart) leads to many short duration calls, each of which incurs the carrier's minimum charge. In addition, adding or subtracting channels too quickly can affect link efficiency, because the devices on either end have to retransmit data when the link speed changes.

Example of an MP+ configuration

The connection in Figure 2-4 uses MP+ encapsulation with CHAP authentication and configures Dynamic Bandwidth Allocation between the MAX TNT and a MAX unit. (The far-end device must be an Ascend unit.)

Figure 2-4. Multilink Protocol Plus (MP+) connection

Following are the commands entered to configure this connection, and the system's responses:

For information about an MP+ call that uses a combination of nailed and switched channels, see Example of a nailed MP+ connection.

Example of a nailed MP+ connection

A connection that uses MP+ encapsulation can specify a certain number of nailed channels as the base connection, and add switched channels as needed by using the DBA algorithms. For details about DBA, see Configuring MP+ connections.

An FT1-MPP connection starts as a nailed connection but can use switched channels either to increase the bandwidth as needed or to provide a backup if the nailed channels go down. The maximum number of channels for the FT1-MPP connection is either the Maximum-Channel-Count for the connection or the number of nailed channels in the specified group, whichever is greater.

The base channels of an FT1-MPP connection are nailed. When a nailed channel is temporarily down, the MAX TNT polls continuously while trying to reestablish that connection. If an outbound packet arrives while the nailed connection is still down, the unit replaces the nailed channel with a switched channel, even if the call is on line with more than the minimum number of channels.

In addition to the DBA parameters in the MPP-Options subprofile (described in Configuring MP+ connections), the following parameters are relevant to an FT1-MPP connection:

If you modify the Connection profile for an FT1-MPP connection, most changes become active only after the call is brought down and then back up, because the connection is primarily a nailed one. However, if you add a group number to the Nailed-Groups parameter and write the modified profile, the additional channels become available immediately.

After the MP+ (switched) part of the connection is configured as usual, the Telco-Options subprofile in this example is configured as follows:

Configuring TCP-Clear connections

The MAX TNT does not process packet encapsulation for a TCP-Clear connection. The connection's data is redirected immediately to a specified host, where encapsulation processing is assumed to occur. These connections often use a proprietary encapsulation method, or encapsulation performed by an application running on top of TCP.

You can configure TCP-Clear for a specific connection, as described in this section. Or, you can enable it globally by using TCP service in immediate mode, as described in Appendix B, Network Security Settings.

Required settings

Following are the required TCP-Clear parameters, shown with their default values:

Following are commands entered to configure a TCP-clear connection to a host named sparky on TCP port 23, and the system's responses:

Performance enhancements for TCP-Clear calls

 TCP-Clear dialup sessions that do not require V.120 processing can be buffered and transmitted as TCP packets rather than as a continuous data stream, which increases performance for these connections. In addition, unless V.120 processing is required, TCP-Clear WAN data is sent directly to the HDLC interface rather than to the terminal-server subsystem. (If V.120 processing is required, the call is processed by the terminal server, as in previous releases.) The system does not collect session statistics for TCP-Clear calls that make use of these performance enhancements.

Parameters for setting up packet buffering

Following are the Connection profile parameters relevant to TCP-Clear packet buffering. The parameters are shown with their default values:

Defining an End-of-Packet pattern

 The character pattern you specify as the value of the End-of-Packet-Pattern parameter can be up to 64 characters long. It can contain both ASCII characters and other binary data using the backslash (\) as an escape mechanism. To insert a literal backslash in the pattern, escape it by entering two backslash characters (\\).

To insert a 1 to 3 digit octal number, escape the value using the single backslash. (To avoid confusion between the literal ASCII characters 0 through 7 and an octal value, you can pad the octal value with leading zeros.) For example, the following pattern represents a carriage return (octal 15):

To insert a 1 or 2 digit hexadecimal number in the pattern, precede the number with \x. For example, the following pattern represents a carriage return (hex 0D):

Other special escape sequences are shown below:

Escape Sequence

Description

Value

 
\a
Alarm

 7

\b
Backspace

 8

\f
Form feed

 12

\n
New line

 10

\r
Carriage return

 13

\t
Tab

 9

\v
Vertical tab

 11

\\
Backslash

 92

\'
Apostrophe

 44

\"
Double Quote

 34

\?
Wildcard

 Matches any single character

Example of a TCP-Clear configuration with packet buffering

In the following example, a caller named Jim dials into the MAX TNT running an application that uses an encapsulation method that must be decoded by a local host named sparky. The data stream from the incoming call is sent directly to that host.

Figure 2-5. TCP-Clear connection to a local host

The following procedure shows an example of how to set up a TCP-clear connection to a host named sparky on TCP port 23, where the MAX TNT buffers packets before transmitting them. The End-of-Packet-Pattern is set to three hexadecimal numbers.

Enabling modem dial-out connections

If Modem Direct-Access is enabled in the Terminal-Server profile, users can dial out over the MAX TNT 56K modems. The direct-access server uses the Telnet protocol, rather than a raw TCP connection, for communicating with client processes. This means that any client process wishing to use this service to transmit or receive binary data must, at a minimum, escape outgoing IAC (0xFF) characters, handle escaped incoming IAC characters, and strip out incoming Telnet options. For a description of the Telnet protocol and how it differs from a raw TCP connection, see RFCs 854 and 855.

You can enable direct access to the 56K modems by setting the following parameters, which are shown with their default values:

Note: To enable modem access, you must set both the Enabled and the Direct-Access parameters to Yes in the Terminal-Server profile.

Parameter

Effect
Enabled

 Controls whether modem dialout of any kind is allowed. If set to No, none of the other parameters in the Dialout-Configuration subprofile apply.

Direct-Access

 Enables the direct-access dialout feature. If set to Yes, users can Telnet to a particular port on the MAX TNT to get immediate dialout service. The port number configured as the Port-for-Direct-Access tells the MAX TNT that all Telnet sessions to port want direct-access to a modem. If set to No, the remaining parameters in the Dialout-Configuration subprofile do not apply.

Port-for-Direct-Access

 Specifies the TCP port for immediate dialout service. Must be set to an integer from 5000 to 32767 if Direct-Access is enabled. The default setting is 5000.

Security-for-Direct-Access

 Specifies the type of security used for Direct-Access. See Password-protecting modem dialout access(next).

Password-for-Direct-Access

 The password (up to 64 characters) used for Global mode authentication. If Security-for-Direct-Access is not set to Global, this parameter is ignored.

Password-protecting modem dialout access

The Security-for-Direct-Access setting in the Terminal-Server Dialout-Configuration subprofile determines whether the modems are password protected for dial-out access, and what type of protection to use. By default, Security-for-Direct-Access is set to None, so no password is initially required. Ascend recommends that you change this default setting.

Global password protection

If you set Security-for-Direct-Access to Global, the Password-for-Direct-Access parameter must specify a password (up to 64 characters). When a user initiates a Telnet session to the specified port, the system prompts for the assigned Password-for-Direct-Access. All users accessing modems supply the same global password.

User-level password protection

 If you set Security-for-Direct-Access to User, for example:

the following Connection profile parameters are used to authenticate Direct-Access use. The parameters are shown with the default settings:

Example of enabling direct-access with global password

 The following commands set up Direct-Access dialout on TCP port 5028 with a Global security:

With this configuration, a user dials out on a MAX TNT modem as follows:

  1. Telnet to the MAX TNT, specifying the Direct-Access port number on the command line. For example:

  2. When prompted for a password, enter the Password-for-Direct-Access.

  3. Use the standard Rockwell AT commands to dial out on the modem, just as if using a modem connected directly to a workstation. For example:

  4. To terminate the session with the modem, terminate the Telnet session.

Example of enabling direct-access with user password

 The following commands set up Direct-Access dialout on TCP port 5000 with User security:

The following example shows how to configure a Connection profile for dial out:

With this configuration, the user named Kevin dials out on a MAX TNT modem as follows:

  1. Telnet to the MAX TNT, specifying the Direct-Access port number on the command line. For example:

  2. Enter your user name at the system prompt:

  3. Enter your password at the system prompt:

  4. Use the standard Rockwell AT commands to dial out on the modem, just as if using a modem connected directly to a workstation. For example:

  5. To terminate the session with the modem, terminate the Telnet session.


[Top][Contents][Prev][Next][Last]Search

techpubs@eng.ascend.com

Copyright © 1998, Ascend Communications, Inc. All rights reserved.