Setting Up Terminal-Server Connections

This chapter, which describes how to configure terminal-server connections, is divided into the following sections:

Before you begin

Overview of terminal-server connections

Overview of terminal-server configuration tasks

Enabling Telnet, TCP, and Rlogin connections

Setting the terminal-server idle timer

Setting up a custom menu and an input prompt

Setting up the message text and a list of hosts

Controlling access to digital modems

An extended terminal-server example

Before you begin
Overview of terminal-server connections
Overview of terminal-server configuration tasks
Enabling Telnet, TCP, and Rlogin connections
Setting the terminal-server idle timer
Setting up a custom menu and an input prompt
Setting up the message text and a list of hosts
Controlling access to digital modems
An extended terminal-server example

Before you begin

Before configuring a terminal-server connection in a RADIUS user profile, carry out the following tasks at the MAX TNT configuration interface:

Specify system-wide settings.
Enable the appropriate encapsulation methods.
Specify Terminal-Server profile settings.

The sections that follow briefly describe each task. For complete information, see the MAX TNT Network Configuration Guide.

Specifying system-wide settings for a terminal-server connection

To specify system-wide settings for a terminal-server connection, proceed as follows:

In the System profile, indicate the MAX TNT unit's name with the Name parameter. You can specify up to 24 characters. The default value is null.
Decide whether the MAX TNT should use the Answer-Defaults profile as the default when answering a call. If so, set Use-Answer-For-All-Defaults=Yes in the Answer-Defaults profile. If you accept the default setting of No, the MAX TNT uses the factory defaults.
If you are setting up a TCP link between two MAX TNT units, set CLID-Auth-Mode=DNIS-Require in the Answer-Default profile for the MAX TNT at the central switch.

Enabling the encapsulation method for a terminal-server connection

When setting up your connection, select the appropriate encapsulation method(s) in a subprofile of the Answer-Defaults profile. Proceed as follows:

If you give the terminal-server operator raw TCP access, makes sure that Enabled=Yes in the TCP-Clear-Answer subprofile.
To allow V.120 calls, set Enabled=Yes in the V.120-Answer subprofile.

Specifying Terminal-Server profile settings

To make settings affecting the terminal-server interface, open the Terminal-Server profile. All the settings discussed in this section are optional, and depend upon the needs of your site. Proceed as follows:

To specify the type of security that the MAX TNT uses for a remote terminal-server session, set the Security-Mode parameter.
To enable users to establish Telnet sessions from the terminal-server interface, set Telnet=Yes in the Terminal-Mode-Configuration > Telnet-Options subprofile.
If you want the RADIUS server to remotely configure a login banner and a list of Telnet hosts, set Remote-Configuration=Yes in the Menu-Mode-Options subprofile.
To specify whether the operator uses the command-line interface or the menu-driven interface, set the Start-With-Menus parameter, the Toggle-Screen parameter, or both in the Menu-Mode-Options subprofile.
To enable users to access PPP from inside the terminal-server interface, set PPP=Yes in the PPP-Mode-Configuration subprofile.
To specify that you want to control the use of the MAX TNT unit's digital modems for outgoing calls, specify values for the parameters in the Dialout-Configuration subprofile.

Overview of terminal-server connections

A terminal-server connection is a host-to-host link initiated by an analog modem or ISDN modem (such as a V.120 terminal adapter). When the MAX TNT receives a call that uses raw TCP, V.34, V.42, or V.120 encapsulation, it removes the encapsulation and then determines whether the call is further encapsulated in PPP.

The terminal server waits briefly to receive a PPP packet. If it times out waiting for PPP, it sends its login prompt. When it receives a name and password, it authenticates the user with a Connection Profile or RADIUS user profile. If authentication is successful, the MAX TNT routes the call to a digital modem and then forwards it to the terminal server.

A terminal-server call that contains PPP encapsulation is known as an asynchronous PPP call. If the terminal server receives a PPP packet, it does not send the login prompt. Instead, it responds with a PPP packet. LCP negotiations begin, including PAP, CHAP, or MS-CHAP authentication. If authentication is successful, the MAX TNT forwards the call to the router software, and establishes a regular PPP session. Except for the initial processing, the MAX TNT handles an asynchronous PPP call as any regular PPP call.

Figure 6-1 shows an incoming modem call. A PC running SoftComm initiates the connection. (SoftComm is a program that causes the user's modem to dial into the MAX TNT.) The MAX TNT directs the call to its digital modem, and then forwards the calls to its terminal-server software. In Figure 6-1, the MAX TNT immediately directs the call to a Telnet host.

Figure 6-1. A terminal-server connection

When the MAX TNT directs the call to the terminal server, the user sees one of the terminal-server interfaces (command line or menu), or bypasses the terminal-server interface and initiates an immediate Telnet, TCP, or Rlogin connection to a host on the local network.

Note: Most sites restrict dial-in access to the terminal-server interface of the MAX TNT, because a user who has logged into the MAX TNT is able to access status and routing information, and might be able to modify routes.

Overview of terminal-server configuration tasks

All terminal-server tasks are optional. The attributes you configure depend upon the specific needs of your site. You can set RADIUS attributes in a user profile to perform the following tasks:

Configure Telnet, TCP, and Rlogin connections. (For instructions, see Enabling Telnet, TCP, and Rlogin connections.)
Set the terminal-server idle timer. (For instructions, see Setting the terminal-server idle timer.)
Configure menu items and an input prompt. (For instructions, see Setting up a custom menu and an input prompt.)
Configure message text and a list of hosts to which users can Telnet. (For instructions, see Setting up the message text and a list of hosts.)
Restrict the use of the MAX TNT unit's digital modems for outgoing calls on a per-user basis. (For instructions, see Controlling access to digital modems.)

Enabling Telnet, TCP, and Rlogin connections

The terminal-server software manages dial-in Telnet, TCP, and BSD-style Rlogin connections. You can set them up as regular terminal-server connections, or you can direct them to an IP host immediately so that the dial-in user never sees the terminal-server interface. Telnet, TCP, and Rlogin connections are TCP/IP based. When you enable Telnet, TCP, and Rlogin connections, you specify the attributes listed in Table 6-1.

Table 6-1. Telnet, TCP, and Rlogin attributes

Attribute

Description

Possible values

Login-Host (14)

Specifies the host to which the user automatically connects when User-Service=Login-User and you specify a value for the Login-Service attribute.

IP address in dotted decimal notation n.n.n.n, where n is a number from 0 to 255. The default value is 0.0.0.0. This setting specifies that the user does not automatically connect to a particular host.
If you specify Login-Service=Telnet or Login-Service=TCP-Clear, and you do not specify a value for the Login-Host attribute, the MAX TNT unit's response depends on the value of the Auth-TS-Secure parameter in the Rad-Auth-Client subprofile of the External-Auth profile. If Auth-TS-Secure=Yes (the default), the MAX TNT drops the call. If Auth-TS-Secure=No, the MAX TNT allows the caller access to the terminal-server interface. For detailed information about the Auth-TS-Secure parameter, see the MAX TNT Reference Guide.

Login-Service (15)

Specifies the type of terminal-service connection to an IP host that occurs immediately after authentication.

Telnet (0) specifies that the user immediately enters a Telnet session with the host specified by the Login-Host attribute.
Rlogin (1) specifies that the user immediately enters an Rlogin session with the host specified by the Login-Host attribute.
TCP-Clear (2) specifies a TCP/IP connection with no Telnet protocol. This setting establishes a TCP session, between the MAX TNT and the host specified by Login-Host, over which the user can run an application specified by Login-TCP-Port.
By default, the MAX TNT does not grant immediate access to an IP host.

Login-TCP-Port (16)

Specifies the port number to which a TCP session connects.

Integer from 1 to 65535. The default value is 23.

Password (2)

Specifies the user's password.

Alphanumeric string of up to 252 characters. The default value is null.

User-Name (1)

Specifies the name of the remote user or device.

Alphanumeric string of up to 252 characters. The default value is null.

User-Service (6)

Specifies whether the link can use framed or unframed services.

Login-User (1)
Framed-User (2)
Dialout-Framed-User (5)
If User-Service=Login-User, the caller cannot use a framed protocol. By default, the MAX TNT does not restrict the services that a link can use.

Attribute	Description	Possible values
Login-Host (14)	Specifies the host to which the user automatically connects when User-Service=Login-User and you specify a value for the Login-Service attribute.	IP address in dotted decimal notation n.n.n.n, where n is a number from 0 to 255. The default value is 0.0.0.0. This setting specifies that the user does not automatically connect to a particular host. If you specify Login-Service=Telnet or Login-Service=TCP-Clear, and you do not specify a value for the Login-Host attribute, the MAX TNT unit's response depends on the value of the Auth-TS-Secure parameter in the Rad-Auth-Client subprofile of the External-Auth profile. If Auth-TS-Secure=Yes (the default), the MAX TNT drops the call. If Auth-TS-Secure=No, the MAX TNT allows the caller access to the terminal-server interface. For detailed information about the Auth-TS-Secure parameter, see the MAX TNT Reference Guide.
Login-Service (15)	Specifies the type of terminal-service connection to an IP host that occurs immediately after authentication.	Telnet (0) specifies that the user immediately enters a Telnet session with the host specified by the Login-Host attribute. Rlogin (1) specifies that the user immediately enters an Rlogin session with the host specified by the Login-Host attribute. TCP-Clear (2) specifies a TCP/IP connection with no Telnet protocol. This setting establishes a TCP session, between the MAX TNT and the host specified by Login-Host, over which the user can run an application specified by Login-TCP-Port. By default, the MAX TNT does not grant immediate access to an IP host.
Login-TCP-Port (16)	Specifies the port number to which a TCP session connects.	Integer from 1 to 65535. The default value is 23.
Password (2)	Specifies the user's password.	Alphanumeric string of up to 252 characters. The default value is null.
User-Name (1)	Specifies the name of the remote user or device.	Alphanumeric string of up to 252 characters. The default value is null.
User-Service (6)	Specifies whether the link can use framed or unframed services.	Login-User (1) Framed-User (2) Dialout-Framed-User (5) If User-Service=Login-User, the caller cannot use a framed protocol. By default, the MAX TNT does not restrict the services that a link can use.

To enable Telnet, TCP, and Rlogin connections in a RADIUS user profile, proceed as follows:

Set User-Service=Login-User on the first line of the profile, along with the User-Name and Password attributes. After the terminal server has authenticated an incoming caller, the operator can use an asynchronous Telnet connection to log into the terminal server, and can start Telnet or raw TCP sessions to an IP host on the local network. The MAX TNT rejects incoming framed calls and the caller cannot use any framed protocol.
To specify the type of service that the user immediately has access to upon login (without ever seeing the terminal-server interface), set the Login-Service attribute.
To specify the host to which the user automatically connects, set the Login-Host attribute to an IP address in dotted decimal notation. (If you do not specify a value for the Login-Host attribute, the user can access any remote host through the Telnet or raw TCP commands of the terminal-server command-line interface.)
When you specify an IP address, the Login-User never sees the MAX TNT interface, but connects immediately to the specified host via a Telnet, Rlogin, or TCP-Clear connection.
If you set Login-Service=TCP-Clear, set the Login-TCP-Port attribute to specify the port number to which a TCP session connects

Example of configuring an Rlogin connection

In Figure 6-2, an Rlogin session starts automatically for anyone entering the user name Greg and the password xyzzy.

Figure 6-2. Configuring an Rlogin connection

In this example, you would configure the user profile as follows:

Greg     Password="xyzzy", User-Service=Login-User,

              Login-Service=Rlogin,

              Login-Host=10.0.200.4,

              Ascend-Idle-Limit=300

Setting the terminal-server idle timer

The two terminal-server idle timer settings in a user profile determine the circumstances under which the MAX TNT disconnects a session. You cannot make terminal-server idle-timer settings for a Frame Relay or raw TCP connection. When you set the terminal-server idle timer, use the attributes listed in Table 6-2.

Table 6-2. Idle-timer attributes

Attribute

Description

Possible values

Ascend-TS-Idle-Limit (169)

Specifies the number of seconds that a terminal-server connection must be idle before the MAX TNT disconnects the session.

Number from 0 to 65535.The default value is 120. A setting of 0 (zero) means that the line can be idle indefinitely.

Ascend-TS-Idle-Mode (170)

Specifies whether the MAX TNT uses a terminal-server idle timer and, if so, whether both the user and host must be idle before the MAX TNT disconnects the session.

TS-Idle-None (0) specifies that the MAX TNT does not disconnect the session, no matter how long the line is idle. This setting disables the idle timer.
TS-Idle-Input (1) specifies that the MAX TNT disconnects the session if the user is idle for a length of time greater than the value of the Ascend-TS-Idle-Limit attribute.
TS-Idle-Input-Output (2) specifies that the MAX TNT disconnects the session if both the user and the host are idle for a length of time greater than the value of the Ascend-TS-Idle-Limit attribute.
TS-Idle-Input is the default.

Attribute	Description	Possible values
Ascend-TS-Idle-Limit (169)	Specifies the number of seconds that a terminal-server connection must be idle before the MAX TNT disconnects the session.	Number from 0 to 65535.The default value is 120. A setting of 0 (zero) means that the line can be idle indefinitely.
Ascend-TS-Idle-Mode (170)	Specifies whether the MAX TNT uses a terminal-server idle timer and, if so, whether both the user and host must be idle before the MAX TNT disconnects the session.	TS-Idle-None (0) specifies that the MAX TNT does not disconnect the session, no matter how long the line is idle. This setting disables the idle timer. TS-Idle-Input (1) specifies that the MAX TNT disconnects the session if the user is idle for a length of time greater than the value of the Ascend-TS-Idle-Limit attribute. TS-Idle-Input-Output (2) specifies that the MAX TNT disconnects the session if both the user and the host are idle for a length of time greater than the value of the Ascend-TS-Idle-Limit attribute. TS-Idle-Input is the default.

Example of setting the terminal-server idle timer

In Figure 6-3, a user named John can initiate an immediate Telnet connection. The MAX TNT terminates the session if both the user and host are idle for more than five minutes.

Figure 6-3. Setting the terminal-server idle timer

In this example, you would configure the RADIUS user profile as follows:

John     Password="xyzzy"

              User-Service=Login-User,

              Login-Service=Telnet,

              Login-Host=10.1.2.3,

              Ascend-TS-Idle-Mode=TS-Idle-Input-Output,

              Ascend-TS-Idle-Limit=300

Setting up a custom menu and an input prompt

You can configure the user profile to give the operator a custom menu of items from which to choose, along with an input prompt. The user does not have access to the regular menu or to the terminal-server command line. When you configure a custom menu and input prompt, use the attributes listed in Table 6-3.

Table 6-3. Custom menu and input prompt parameters

Attribute

Description

Possible values

Ascend-Menu-Item (206)

Defines a single menu item that appears in lieu of the terminal-server prompt. You can specify up to 20 Ascend-Menu-Item attributes per profile to give the user a custom menu of items from which to choose. The menu items are displayed in the order in which they appear in the RADIUS profile.

command;text[;match]
where
command is the string sent to the terminal server when the user selects the menu item.
text is the text that appears on the user's screen.
match is the pattern the user must type to select the item.
By default, the MAX TNT uses the standard terminal-server menu.

Ascend-Menu-Selector (205)

Specifies a string as a prompt for user input in the terminal-server menu interface.

Text string of up to 31 characters. The default is Enter Selection (1-num, q) where num is the number of items on the menu.

Attribute	Description	Possible values
Ascend-Menu-Item (206)	Defines a single menu item that appears in lieu of the terminal-server prompt. You can specify up to 20 Ascend-Menu-Item attributes per profile to give the user a custom menu of items from which to choose. The menu items are displayed in the order in which they appear in the RADIUS profile.	command`;`text`[;`match`]` where command is the string sent to the terminal server when the user selects the menu item. text is the text that appears on the user's screen. match is the pattern the user must type to select the item. By default, the MAX TNT uses the standard terminal-server menu.
Ascend-Menu-Selector (205)	Specifies a string as a prompt for user input in the terminal-server menu interface.	Text string of up to 31 characters. The default is `Enter Selection (1-`num`, q)` where num is the number of items on the menu.

Specifying the Ascend-Menu-Item attribute

In a RADIUS user profile, you can set one or more Ascend-Menu-Item attributes. Each Ascend-Menu-Item attribute defines a single menu item that appears in lieu of the terminal-server prompt. You can specify up to 20 Ascend-Menu-Item attributes per profile. RADIUS ignores additional entries. The menu items are displayed in the order in which they appear in the RADIUS profile.

Enter your specifications in the following format:

Ascend-Menu Item="command;text[;match]"

Table 6-4 lists each argument. If any entry consists of an option containing more than the maximum number of characters allowed, the RADIUS server discards the entry.

Table 6-4. Ascend-Menu-Item arguments

Argument

Description

command

Specifies the string sent to the terminal server when the user selects the menu item. The string must be in a format that the Ascend terminal server understands. It can contain up to 80 characters.

text

Specifies the text that appears on the user's screen, up to 31 characters.

match

Specifies the pattern of up to 10 characters that the user must type to select the item. The MAX TNT considers blanks part of the matching pattern.

; (semi-colon)

The first semicolon (;) you enter acts as the delimiter between command and text. If you enter a second semicolon, it acts as the delimiter between text and match.

Argument	Description
command	Specifies the string sent to the terminal server when the user selects the menu item. The string must be in a format that the Ascend terminal server understands. It can contain up to 80 characters.
text	Specifies the text that appears on the user's screen, up to 31 characters.
match	Specifies the pattern of up to 10 characters that the user must type to select the item. The MAX TNT considers blanks part of the matching pattern.
; (semi-colon)	The first semicolon (;) you enter acts as the delimiter between command and text. If you enter a second semicolon, it acts as the delimiter between text and match.

Specifying the Ascend-Menu-Selector attribute

To specify a string as a prompt for user input in the terminal-server menu interface, set the Ascend-Menu-Selector attribute. By default, when you create a custom menu with the Ascend-Menu-Item attribute, the terminal server displays the following string when prompting the user to make a selection:

Enter Selection (1-num, q)

The num argument represents the last number in the list. The terminal server automatically determines the value of num by counting the number of items in the menu. The only valid user input is in the range 1 through num, and q to quit.

However, you can specify a different string for prompting the user to make a selection. The Ascend-Menu-Selector attribute enables you to specify a string that the terminal server displays when prompting a user for a menu selection. If you define this attribute, its value overrides the default.

Enter your specification using the following format:

Ascend-Menu-Selector="string"

where the string argument contains the text you want the terminal server to display when prompting the user for a menu selection. You can specify up to 31 characters.

Example of configuring custom terminal-server menus

Suppose you set the following attributes:

Emma Password="m2dan", User-Service=Login-User

      Ascend-Menu-Item="show ip stats;Display IP Stats",

      Ascend-Menu-Item="ping 1.2.3.4;Ping server",

      Ascend-Menu-Item="telnet 10.2.4.5;Telnet to Ken's unit",

      Ascend-Menu-Item="show arp;Display ARP Table",

      Ascend-Menu-Selector="                              Option:"

The terminal server displays the following text:

1. Display IP Stats     3. Telnet to Ken's unit

2. Ping server          4. Display ARP Table.

                              Option:

Now, suppose you also enter specifications for the match option, as in the following profile:

Emma Password="m2dan", User-Service=Login-User

      Ascend-Menu-Item="show ip stats;ip=Display ip stats;ip",

      Ascend-Menu-Item="ping 1.2.3.4;p=Ping server;p",

      Ascend-Menu-Item="telnet 10.2.4.5;t=Telnet to Ken's unit;t",

      Ascend-Menu-Item="show arp;dsp=Display arp table;dsp ",

      Ascend-Menu-Selector="                              Option:"

The terminal server displays the following text:

ip=Display ip stats          p=Ping server 

t=Telnet to Ken's unit       dsp=Display arp table

                              Option:

Note that you cannot combine numeric menu selections with pattern matching. The first Ascend-Menu-Item attribute determines whether the screen displays numbered selections or patterns. The following example shows what you should not do:

Emma Password="m2dan", User-Service=Login-User

      Ascend-Menu-Item="show ip stats;ip=Display ip stats",

      Ascend-Menu-Item="ping 1.2.3.4;p=Ping server;p",

      Ascend-Menu-Item="telnet 10.2.4.5;t=Telnet to Ken's unit;t",

      Ascend-Menu-Item="show arp;dsp=Display arp table;dsp ",

      Ascend-Menu-Selector="                              Option:"

If you mix numbered selections and pattern matching, the terminal-server screen displays the following text:

1. ip=Display ip stats               3. t=Telnet to Ken's unit

2. p=Ping server                     4. dsp=Display arp table

                              Option:

Setting up the message text and a list of hosts

For terminal-server operators using the standard menu-driven interface, you can specify message text and a list of available Telnet hosts. The message text can contain instructions or other helpful information. The list of hosts consists of each host's IP address and description.

When you set up the message text and list of hosts, you must carry out the following tasks:

Create the first line of a pseudo-user profile.
Specify the message text.
Specify the list of hosts.

Use the attributes listed in Table 6-5.

Table 6-5. Message-text and host-list attributes

Attribute

Description

Possible values

Ascend-Host-Info (252)

Specifies the IP address and name of up to 10 hosts to which the user can establish a Telnet session. (The terminal-server menu-driven interface lists the addresses.)

IP_address;text
where IP_address specifies the IP address of each host, and text describes each host.
The default address is 0.0.0.0/0 and the default description is null.

Password (2)

Specifies the user's password.

Alphanumeric string of up to 252 characters. The default value is null.

Reply-Message (18)

Specifies text that appears to the terminal-server operator using the menu-driven interface. You can specify up to 16 entries per user profile.

Text string of up to 80 characters. The default value is null.

User-Name (1)

Specifies the name of the remote user or device.

Alphanumeric string of up to 252 characters. The default value is null.

User-Service (6)

Specifies whether the link can use framed or unframed services.

Login-User (1)
Framed-User (2)
Dialout-Framed-User (5)
By default, the MAX TNT does not restrict the services that a link can use.

Attribute	Description	Possible values
Ascend-Host-Info (252)	Specifies the IP address and name of up to 10 hosts to which the user can establish a Telnet session. (The terminal-server menu-driven interface lists the addresses.)	IP_address;text where IP_address specifies the IP address of each host, and text describes each host. The default address is 0.0.0.0/0 and the default description is null.
Password (2)	Specifies the user's password.	Alphanumeric string of up to 252 characters. The default value is null.
Reply-Message (18)	Specifies text that appears to the terminal-server operator using the menu-driven interface. You can specify up to 16 entries per user profile.	Text string of up to 80 characters. The default value is null.
User-Name (1)	Specifies the name of the remote user or device.	Alphanumeric string of up to 252 characters. The default value is null.
User-Service (6)	Specifies whether the link can use framed or unframed services.	Login-User (1) Framed-User (2) Dialout-Framed-User (5) By default, the MAX TNT does not restrict the services that a link can use.

Creating the first line of a pseudo-user profile for the message and list

You create a pseudo-user profile to store information that the MAX TNT can query. In this case, information consists of message text and a list of hosts. You can configure pseudo-users for both global and MAX TNT-specific configuration of the message text and list. The terminal server loads the unit-specific information in addition to the global information.

For a unit-specific configuration, specify the first line of a pseudo-user profile in the following format:

initial-banner-name Password="ascend", User-Service=Dialout-Framed-User

where name is the system name of the Ascend unit (the name specified by the Name parameter in the System profile).

For a global configuration, specify the first line of a pseudo-user profile in the following format:

initial-banner Password="ascend", User-Service=Dialout-Framed-User

Specifying the message text

To specify message text, set one or more Reply-Message attributes. The maximum number of Reply-Message attributes per profile is 16. Use the following format:

Reply-Message="string"

where string is the text of the reply message. Enter up to 80 characters.

Specifying the list of hosts

To specify a list of hosts to which a user can establish a Telnet session, set the Ascend-Host-Info attribute. You can specify up to 10 Ascend-Host-Info entries. Enter your attribute settings in the following format:

Ascend-Host-Info="IP_address text"

where IP_address specifies the IP address of each host, and text describes each host. You can enter up to 31 characters for text. The RADIUS server assigns each entry a number. When the user selects the number, the terminal server initiates a Telnet session with the host at the specified IP address.

If you specify a value for the Ascend-Host-Info attribute, you must also make the following settings in the Menu-Mode-Options subprofile of the Terminal-Server profile:

Set Start-With-Menus=Yes or Toggle-Screen=Yes.
Set Remote-Configuration=Yes.

Example of configuring message text and a list of hosts

In Figure 6-4, a MAX TNT named Cal uses RADIUS to set up message text and a list of three Telnet hosts.

Figure 6-4. Configuring message text and a list of hosts

When Cal boots up, it looks into the RADIUS database for a pseudo-user profile named initial-banner-Cal. If it does not find this pseudo-user profile, it looks for a pseudo-user profile named initial-banner. If it does not find this pseudo-user profile, it uses the value of the Banner parameter in the Terminal-Mode-Configuration subprofile of the Terminal-Server profile.

Whenever a user logs into the MAX TNT unit's terminal server, the screen displays the appropriate message text and list of hosts. In this example, you would configure a pseudo-user profile for the MAX TNT named Cal as follows:

initial-banner-Cal Password="ascend", User-Service=Dialout-Framed-User

    Reply-Message="Up to 16 lines of up to 80 characters each",

    Reply-Message="will be accepted. "

    Reply-Message="Additional lines will be ignored.",

    Reply-Message="",

    Ascend-Host-Info="1.2.3.4 Berkeley",

    Ascend-Host-Info="1.2.3.5 Alameda",

    Ascend-Host-Info="1.2.3.6 San Francisco"

Controlling access to digital modems

The direct-access dialout feature enables a user to Telnet to a MAX TNT in order to access the MAX TNT unit's modems. The user can place outgoing calls without going through the MAX TNT terminal-server interface. The MAXDial software offers the same outgoing call ability, but through a GUI interface.

Specifying the Ascend-Dialout-Allowed attribute

You can control access to the modems on a per-user basis by setting the Ascend-Dialout-Allowed attribute in a RADIUS user profile. This attribute specifies whether the user associated with the RADIUS user profile can dial out by means of one of the MAX TNT unit's digital modems. You can specify one of the following settings:

Dialout-Not-Allowed (0) indicates that the RADIUS user profile does not allow modem dialout. Dialout-Not Allowed is the default.
Dialout-Allowed (1) indicates that the RADIUS user profile allows modem dialout.

Dialout-Not-Allowed is the default.

Understanding accounting for modem dialout

When you configure the MAX TNT to use RADIUS accounting, RADIUS generates the appropriate session Start and Stop records for the immediate modem dialout sessions. In the Stop record, the attribute Ascend-Connect-Progress identifies a modem dialout session. The Acct-Input-Octets attribute specifies the number of bytes the MAX TNT receives from the modem. The Acct-Output-Octets attribute specifies the number of bytes the MAX TNT writes to the modem.

Call accounting does not record outgoing modem calls you make through the terminal-server interface. It applies only to modem dialout calls.

Example of controlling access to digital modems

In Figure 6-5, the user Fred can dial out by means of the MAX TNT unit's digital modems.

Figure 6-5. Controlling access to digital modems

In this example, you would configure Fred's RADIUS user profile as follows:

Fred Password="scr41"

     User-Service=Framed-User,

     Framed-Protocol=PPP,

     Framed-Address=10.0.1.1,

     Framed-Netmask=255.255.255.0,

     Ascend-Metric=2,

     Framed-Routing=None,

     Ascend-Idle-Limit=30,

     Ascend-Dialout-Allowed=Dialout-Allowed

An extended terminal-server example

In Figure 6-6, a network administrator needs to set up a terminal-server menu that gives each user the choice of logging into a BBS or starting PPP, SLIP, or CSLIP. RADIUS is running on a UNIX server.

Figure 6-6. An extended terminal-server example

The RADIUS server uses the Default profile to determine the kind of access it grants to users who do not appear in the users file. You can configure only one Default profile in the users file. Make sure that the Default profile is last in the file. RADIUS ignores any profiles that follow the Default profile.

The first line of the user profile enables a terminal-server user to log in with his or her UNIX account name or password. The Reply-Message attribute provides introductory message text. The Ascend-Menu-Selector and Ascend-Menu-Item attributes provide each line of menu text. In this example, you would configure the user profile as follows:

Default Password="UNIX"

      Ascend-Idle-Limit=1800,

      Framed-Routing=None,

      Framed-Compression=Van-Jacobsen-TCP-IP,

      Ascend-Link-Compression=Link-Comp-None,

      Ascend-PPP-VJ-1172=PPP-VJ-1172,

      Ascend-Assign-IP-Pool=1,

      Ascend-Route-IP=Route-IP-Yes,

      Ascend-Route-IPX=Route-IPX-No,

      Reply-Message="Welcome to ABCNet's Terminal Server."

      Ascend-Menu-Selector="Press q to Quit>>",

      Ascend-Menu-Item="rlogin bbs.net;BBS",

      Ascend-Menu-Item="ppp;Start PPP",

      Ascend-Menu-Item="slip;Start SLIP",

      Ascend-Menu-Item="cslip;Start CSLIP"

The following text appears on the terminal-server screen:

Welcome to ABCNet's Terminal Server

1. BBS           3. Start SLIP

2. Start PPP     4. Start CSLIP

Press q to Quit>>

Notice that pressing the first option causes the MAX TNT to establish an Rlogin session with the BBS at bbs.net.

Instead of using the Default profile, you can configure individual profiles to restrict users from certain services. For example, if you want the user Emma to immediately establish an Rlogin session with bbs.net upon authentication, you might configure the following user profile:

Jonah Password="UNIX"

      User-Service=Login-User,

      Login-Host=bbs.net,

      Login-Service=Rlogin

To let new users sign up, you might configure a profile like the following:

Guest Password="UNIX"

      User-Service=Login-User,

      Login-Host=unix.bbs.net,

      Login-Service=Rlogin

When a user dials in as Guest, he or she immediately logs into the UNIX machine. The UNIX machine has a shell /usr/local/bin/guest like the following:

#!/bin/sh

echo Welcome to BBS.NET.

signup

The signup line refers to an interactive shell script you can write in order to gather introductory information, set up a temporary account for verification, and perform any other relevant tasks.

techpubs@eng.ascend.com