Ascend Customer Service

What is in this guide

What's new in this guide

What you should know

Related publications

Related RFCs

ITU-T recommendations

Related books

Documentation conventions

Introduction to WAN connections

Types of encapsulation protocols

How the system answers and authenticates dial-in calls

How the system initiates dial-out calls

How the system establishes and monitors sessions

Spanning cards and shelves for multichannel calls

System-wide profiles

Answer-Defaults profile

Default RADIUS settings

Requiring authentication for PPP calls

V.120 settings

Terminal-Server profile

External-Auth profile

Local and external authentication profiles

Using Connection profiles

Using RADIUS

Specifying session time limits

Settings in a Connection profile

Settings in a RADIUS profile

Examples of setting time limits

Using session accounting

Configuring switched dial-in connections

Single-channel PPP connections

Settings in a Connection profile

Settings in a RADIUS profile

Password authentication

Link compression methods

Link Quality Monitoring

Examples of a synchronous PPP connection

Examples of an asynchronous PPP connection

Multilink Protocol (MP) connections

Settings in a Connection profile

Settings in a RADIUS profile

Examples of an MP connection

MP bonding of analog calls

Multilink Protocol Plus (MP+) connections

How Ascend units add bandwidth

Settings in a Connection profile

Settings in a RADIUS profile

Examples of an MP+ configuration

TCP-Clear connections

Performance enhancements for TCP-Clear calls (local profiles only)

Settings in a Connection profile

Settings in a RADIUS profile

Examples of TCP-Clear connections

Example of TCP-Clear with packet buffering (local profiles only)

X.75 connections

Configuring nailed and nailed/MP+ connections

Nailed connections

Settings in a Connection profile

Settings in a RADIUS profile

Examples of a nailed connection

Nailed MP+ connections

Settings in a Connection profile

Settings in a RADIUS profile

Examples of a nailed MP+ connection

Backup interfaces for nailed connections

Settings in a Connection profile

Settings in a RADIUS profile

Examples of a switched backup interface

Configuring dial-out connections

About RADIUS dial-out profiles

Configurable dial-out timer

Dial-out PPP and multichannel PPP profiles

Settings in a Connection profile

Settings in a RADIUS profile

Password authentication

Examples of a dial-out PPP connection

Modem dial-out connections

System reset requirement

Enabling Modem Direct-Access

Example of Direct-Access using a global password

Dial-out modem connections that require profiles

Introduction

Frame Relay link management

Using the MAX TNT as a Frame Relay concentrator

Using the MAX TNT as a Frame Relay switch

Components of a Frame Relay configuration

Configuring nailed bandwidth for Frame Relay

Defining Frame Relay link operations

Overview of datalink options

Settings in a Frame-Relay profile

Settings in a RADIUS frdlink profile

Examples of a UNI-DTE link interface

Examples of a UNI-DCE link interface

Examples of an NNI link interface

Configuring a DLCI logical interface

Overview of DLCI interface settings

Settings in a Connection profile

Settings in a RADIUS profile

Examples of a DLCI interface configuration

Examples of backup interfaces for nailed Frame Relay links

Concentrating incoming calls onto Frame Relay

Setting up a Frame Relay gateway

Routing parameters in the DLCI profile

Routing parameters in RADIUS

Examples of a gateway configuration

Configuring Frame Relay Direct

Settings in a Connection profile

Settings in a RADIUS profile

Examples of FR-Direct connections

Configuring the MAX TNT as a Frame Relay switch

Overview of circuit-switching options

Settings in a Connection profile

Settings in a RADIUS profile

Examples of a circuit between UNI interfaces

Using local profiles

Using RADIUS profiles

Examples of a circuit between NNI interfaces

Using local profiles

Using RADIUS profiles

Examples of circuits that use UNI and NNI interfaces

Using local profiles

Using RADIUS profiles

Configuring an ATM-Frame Relay circuit

Settings in a Connection profile

Settings in a RADIUS profile

Examples of configuring an ATM-Frame Relay circuit

Using local profiles

Using RADIUS profiles

Routing overview

Routes and interfaces

Displaying the routing table

Displaying the interface table

Ascend notation for IP addresses

Configuring LAN IP interfaces

Overview of LAN interface settings

Example of configuring a LAN IP interface

Enabling proxy ARP

Enabling RIP

Example of defining virtual LAN interfaces

Example of defining the interface-independent IP address

Example of disabling directed broadcasts

Example of defining a management-only interface

Configuring WAN IP interfaces

Overview of WAN interface settings

Settings in Connection profiles

Settings in RADIUS profiles

Examples of a connection to another IP router

Examples of a host route connection

Examples of a numbered-interface connection

Examples of an IP-Direct connection

Examples of making the route to a connection private

Examples of client default gateways

Examples of per-session source address checking

Examples of setting QoS and TOS policy

Configuring static IP routes

Overview of static route settings

Settings in IP-Route profiles

Settings in a RADIUS route profiles

Route settings in a RADIUS user profile

Connection-specific private static routes (RADIUS only)

Examples of configuring default routes

Examples of a LAN-based default route

Examples of a default route across a WAN link

Examples of configuring a route to a remote subnet

Examples of configuring a multipath route

Examples of private static routes

Setting TCP/IP routing policies

Setting a system source IP address

Setting router security policies

Requiring acceptance of dynamic address assignment

Shared profiles

Restricting Telnet access to the system:

Setting system-wide routing policies

Ignoring ICMP packets

Dropping source-routed packets

Setting static route preferences

Setting routing protocol options

RIP policy for propagating updates back to the originating subnet

RIP triggering

Setting the preference value for routes learned from RIP updates

Poisoning routes to force the use of a redundant Ascend unit

Limiting the size of UDP packet queues

Ignoring default routes when updating the routing table

Suppressing host-route advertisements

Setting IP route and IP port cache options

Route caches

Port caches

Enabling protocol options

Enabling Bootstrap Protocol and Reverse-ARP

Enabling UDP checksums

Setting a TCP timeout

Enabling response to Finger queries

Enabling BOOTP-Relay

Using SNTP to set and maintain the MAX TNT system time

Configuring DNS

Configuring DNS lookups and DNS list

Specifying domain names for lookups

Specifying local DNS server addresses

Supporting DNS list

Setting up a local DNS table

Host name matching

Defining the local table

Using the Auto-Update feature

Using client DNS

Overview of client DNS settings

Example of configuring client DNS servers at the system level

Examples of configuring client DNS at the connection level

Configuring and using address pools

Overview of settings for defining pools

Settings in the IP-Global profiles

Settings in RADIUS pseudo-user profiles

Global RADIUS pools (RADIPAD)

Examples of configuring address pools

Examples of configuring summarized address pools

Setting the Pool-Summary flag

Defining network-aligned pools

Examples of assigning an address from a pool

Setting up multicast forwarding

Global settings for enabling multicast forwarding

Specifying a timeout for group memberships

Monitoring the multicast traffic heartbeat

Configuring the MBONE interface

Overview of MBONE interface settings

Example of a local MBONE router

Example of an MBONE router on a WAN interface

Configuring multicast client interfaces

Settings in local IP-Interface and Connection profiles

Settings in RADIUS profiles

Setting the multicast rate limit

Specifying a delay for clearing IGMP groups

Example of configuring a LAN multicast client interface

Examples of configuring WAN multicast client interfaces

Configuring virtual routers

How VRouters affect the routing table

How VRouters affect network commands

Current limitations

Creating a VRouter

Settings in a VRouter profile

Example of defining a VRouter

Viewing the VRouter's routing and interface tables

Defining address pools for a VRouter

Assigning interfaces to a VRouter

Settings in local profiles

Settings in RADIUS profiles

Examples of assigning VRouter membership to interfaces

Viewing assigned interfaces in the VRouter's tables

Defining VRouter static routes

Settings in an IP-Route profile

Settings in RADIUS profiles

Examples of defining a route on a per-VRouter basis

Viewing the static route in the VRouter's table

Specifying an inter-VRouter route

Viewing the inter-VRouter route in the global table

Deleting a VRouter

Introduction to OSPF

RIP limitations solved by OSPF

Distance-vector metrics

15-hop limitation

Excessive routing traffic and slow convergence

Ascend implementation of OSPF

Limited border router capability

Authentication

One active IP interface per port

OSPF diagnostic commands

OSPF features

Security

Support for variable length subnet masks

Interior gateway protocol (IGP)

Exchange of routing information

Designated and Backup Designated Routers

Configurable cost metrics

Hierarchical routing (areas)

The link-state routing algorithm

Adding the MAX TNT to an OSPF network

System reset requirement

Overview of LAN and WAN OSPF settings

Example of configuring a LAN OSPF interface

Examples of configuring WAN OSPF interfaces

Example of integrating a RIP-v2 interface

Configuring route options

Example of importing a summarized pool as an ASE

Example of setting ASE preferences

Configuring OSPF static route information

Example of configuring a Type-7 LSA in an NSSA

Example of assigning a cost to a static route

Example of specifying a third-party route

Introduction to ATMP

Network settings for ATMP

System reset requirement

System IP address recommendation

Setting the UDP port

Specifying tunnel retry limits

Setting an MTU limit

How link compression affects the MTU

How ATMP tunneling causes fragmentation

Pushing the fragmentation task to connection end-points

Forcing fragmentation for interoperation with outdated clients

Network isolation and duplicate IP addresses

Configuring the agent-to-agent connection

Configuring a Foreign Agent

Foreign Agent ATMP profile settings

Mobile client profile settings

Settings in Connection profiles

Settings in RADIUS profiles

Specifying Home Agent addresses and port numbers

Specifying the home network name

Example of a Foreign Agent configuration

Setting the Foreign Agent system address

Configuring the Foreign Agent ATMP profile

Configuring a connection to the Gateway Home Agent

Configuring a connection to the Router Home Agent

Configuring a mobile-client connection to the Gateway Home Agent

Configuring a mobile-client connection to the Router Home Agent

Example of a Foreign Agent that tunnels to a GRF switch

Configuring Home Agents

Home Agent ATMP profile settings

Specifying a Gateway Home Agent

Specifying a Router Home Agent

Specifying the tunnel password

Setting an idle timer for unused tunnels

Home network gateway profile settings

Limiting the maximum number of tunnels

Enabling RIP on the interface to the home router

Example of a Gateway Home Agent configuration

Setting the Home Agent's system address

Configuring the Home Agent ATMP profile

Configuring a gateway profile for connection to the home network

Configuring a mobile client connection to the Gateway Home Agent

Example of a Router Home Agent configuration

Setting the Home Agent's system address

Configuring the IP-Interface profile to the home network

Configuring the Home Agent's ATMP profile

Configuring a mobile client connection to the Router Home Agent

Configuring a Home-and-Foreign-Agent

Configuring the ATMP profile

Example of a Home-and-Foreign-Agent configuration

Setting the system address

Configuring the ATMP profile for Home-and-Foreign Agent

Configuring a mobile client profile

Another example of a Home-and-Foreign-Agent configuration

Setting the system IP address

Configuring the ATMP profile for Home and Foreign Agent

Configuring a profile for Mobile-Client-3

Configuring IPX over ATMP

Configuring the agents for IPX routing

Example of IPX ATMP to a Gateway Home Agent

Configuring a mobile client IPX connection

Example of a gateway profile IPX connection

IPX home router requirements

Example of IPX ATMP to a Router Home Agent

Configuring a mobile client IPX connection

Example of an IPX Router Home Agent configuration

Layer 2 Tunneling Protocol (L2TP)

Components of an L2TP tunnel

Configuring L2TP operations

Configuring a connection to the LNS

Configuring L2TP mobile client profiles

L2TP settings in Connection profiles

L2TP settings in RADIUS profiles

Examples of opening a tunnel after pre-authenticating the call

Examples of opening a tunnel after password authentication

Point-to-Point Tunneling Protocol (PPTP)

Components of a PPTP tunnel

Configuring PPTP operations

Configuring a connection to the PNS

Configuring PPTP mobile client profiles

PPTP settings in Connection profiles

PPTP settings in RADIUS profiles

Examples of opening a tunnel after pre-authenticating the call

Examples of opening a tunnel after password authentication

IP-in-IP encapsulation

Settings in a Connection profile

Settings in a RADIUS profile

Examples of an IP-in-IP connection

IPX routing on the WAN

How Ascend units use IPX SAP

How Ascend units use IPX RIP

How IPX RIP works

The IPX RIP default route

Support for IPXWAN negotiation

Extensions to standard IPX

Recommendations for NetWare client software

Configuring the IPX-Global profile

Defining a virtual IPX network for dial-in clients

Example of an IPX-Global configuration

Configuring LAN IPX interfaces

Overview of LAN IPX settings

Enabling IPX routing and spoofing on the interface

Assigning an IPX network number

Propagating IPX type 20 packets on a LAN interface

Example of an IPX-Interface configuration

Configuring WAN IPX interfaces

Overview of IPX connection settings

Settings in Connection profiles

Settings in RADIUS profiles

Specifying whether the remote device is a router or dial-in client

Answer-Defaults IPX Peer-Mode setting

Controlling RIP and SAP updates to and from the remote router

When to use net-number and net-alias

Using dial-query

Home server proxy

Examples of a connection to a Novell LAN

Examples of a connection to a dial-in client

Configuring static IPX routes

Overview of IPX route settings

Settings in local IPX-Route profiles

Settings in RADIUS ipxroute profiles

Socket numbers in static routes

Examples of a static IPX route

Defining and applying IPX SAP filters

Overview of IPX SAP filter settings

Example of filtering a file server from the SAP table

Example of filtering remote NetWare services from the SAP table

Example of applying a SAP filter to a LAN interface

Example of applying a SAP filter to a WAN interface

Introduction

Configuring the Atalk-Global profile

Configuring LAN AppleTalk interfaces

Example of configuring a seed router

Configuring a nonseed router

Configuring WAN AppleTalk interfaces

Settings in the Answer-Defaults profile

Settings in a Connection profile

Settings in a RADIUS profile

Examples of configuring an ARA client connection

Examples of configuring a PPP AppleTalk dial-in

Examples of configuring a connection to an AppleTalk router

Examples of an IP over AppleTalk connection

Filter overview

Basic types of filters

Data and call filters

How filters work

Generic filters

IP filters

Type of Service filters

IPX filters

Route filters

Specifying a filter's direction

Specifying a filter's forwarding action

Defining generic filters

Settings in a local Filter profile

Settings in a RADIUS profile

Specifying the offset to the bytes to be examined

Specifying the number of bytes to test

Masking the value before comparison

Examples of a generic call filter

Defining IP filters

Settings in a local Filter profile

Settings in a RADIUS profile

Filtering by source or destination address

Filtering by port numbers

Examples of an IP filter to prevent local address spoofing

Examples of an IP filter for more complex security issues

Defining Type-of-Service filters

Settings in a local Filter profile

Settings in a RADIUS profile

Examples of defining a TOS filter

Defining IPX filters

Filtering by source or destination address

Filtering by socket number

Example of an outbound IPX filter

Example of an inbound IPX filter

Defining route filters

Example of a filter that excludes a route

Example of a filter that configures a route's metric

Applying a filter to an interface

Settings in local profiles

Settings in RADIUS profiles

How the system uses Answer-Defaults profile settings

Examples of applying a data filter to a WAN interface

Examples of applying a call filter to a WAN interface

Examples of applying a TOS filter to a WAN interface

Examples of applying a route filter to a WAN or LAN IP interface

Example of applying a filter to a LAN interface

Introduction

Password authentication for framed protocol sessions

Authentication of terminal-server logins

Token card password authentication

Pre-authentication using call information

Using callback for added security

RADIUS password handling

Reserved RADIUS passwords

Password expiration

The DEFAULT user profile

Shared secrets and secure exchanges

Authenticating framed protocol sessions

Specifying an authentication protocol required for dial-in calls

How PAP works

How CHAP and MS-CHAP work

Requesting a protocol for use in dial-out calls

Settings in Connection profiles

Settings in RADIUS profiles

Examples of requesting CHAP for a dial-out call

Authenticating user login sessions

Expect-Send login scripts

Terminal-server security mode

Customizing the login sequence

Specifying the banner and prompts

When to use the third prompt

Token card authentication

Enhanced security with token cards

A simple method of authenticating token-card calls

Authenticating token-card connections from Ascend units

Configuring the MAX TNT as the NAS

How the dial-in user displays and responds to challenges

Configuring RADIUS profiles for token-card authentication

Using ACE authentication for network users

Tunnel authentication

Authenticating ATMP tunnels

Authenticating L2TP tunnels

Pre-authentication (CLID or DNIS)

Configuring the MAX TNT to extract and use call information

Specifying the Disconnect Cause Element (RADIUS only)

Configuring profiles for CLID or DNIS authentication

Settings in Connection profiles

Settings in RADIUS profiles

Example of using Caller-ID as a check-item (RADIUS only)

Examples where CLID is preferred

Examples where DNIS is preferred

Examples where CLID is required

Examples where DNIS is required

Callback after authentication

Settings in a Connection profile

Settings in RADIUS

Examples of callback after CLID authentication

Examples of callback after authentication

Introduction

Authorizing immediate mode login service

Using the Terminal-Server profile

Using Connection profiles

Using RADIUS profiles

Authorizing menu mode access

Terminal-Server profile settings

Settings in a RADIUS initial-banner profile

Examples of creating a menu of hosts

Creating a customized menu of commands (RADIUS only)

Extended example of RADIUS and menu mode

Authorizing terminal-mode logins

TCP, Rlogin, or Telnet connections in terminal mode

Authorizing use of the commands

Configuring the Rlogin source port range

Setting defaults for Telnet sessions

PPP and SLIP sessions in terminal mode

Authorizing use of the commands

Setting defaults for PPP sessions

Setting defaults for SLIP sessions

Allowing users to dial into the terminal-server interface

Authorizing SNMP management access

Setting community strings

Setting up and enforcing address security

Copyright © 1999, Ascend Communications, Inc. All rights reserved.