itwelzel.bizgwise.itwelzel.biz/novellpdf/nias 4.1 - routing...: 3 march 24, 1999 novell confidential...
TRANSCRIPT
95g_tpl.fm Temp. Rev 2.0 25 August 98
Front
Novell Intern
et Access Server 4.1 Routing ConfigurationFront : 1
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
2 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
About This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Configuring Novell Internet Access Server 4.1. . . . . . . . . . . . . . . . . . 15
Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Understanding Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Source Route Bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18On-Demand Links and Static Routes . . . . . . . . . . . . . . . . . . . . . 18Permanent Links and Static Routes . . . . . . . . . . . . . . . . . . . . . . 19Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Configuration Utilities and Commands . . . . . . . . . . . . . . . . . . . . . . . 20Configuration and Management Utilities . . . . . . . . . . . . . . . . . . . 21Command-Line Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Dynamic Reconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25IPX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25TCP/IP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26AppleTalk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Configuring Drivers and Board Parameters . . . . . . . . . . . . . . . . . . . . 29
Board Configuration Decisions . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Configuring a LAN or WAN Board . . . . . . . . . . . . . . . . . . . . . . . . . 31
How to Configure a LAN or WAN Board . . . . . . . . . . . . . . . . . . . 31Adding a New Board Driver or NLM File to Your System . . . . . . . . . . . . . . 34Configuring a Logical Adapter Board for ATM LEC . . . . . . . . . . . . . . . . . 35
LAN Emulation Command Parameters . . . . . . . . . . . . . . . . . . . . 36Configuring Logical Adapter Boards for NetWare Link/ATM . . . . . . . . . . . . 38
How to Configure a Logical Adapter Board for NetWare Link/ATM . . . . . . 38Configuring Boards for Running PPP over ISDN . . . . . . . . . . . . . . . . . . 39
How to Configure Boards for Running PPP over ISDN . . . . . . . . . . . . 40Configuring Boards for Running PPP over Asynchronous Ports . . . . . . . . . . 42
Sharing AIO Ports with Novell Internet Access Server 4.1 Routing Software . 44How to Configure Boards for Running PPP over Asynchronous Ports . . . . 45
How to Configure Boards for Point-to-Point Tunneling Protocol (PPTP) . . . . . . 47Enabling or Disabling a LAN or WAN Board . . . . . . . . . . . . . . . . . . . . 48Deleting a LAN or WAN Board . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Configuring Permanent PPP Connections . . . . . . . . . . . . . . . . . . . . . 51
Permanent PPP Connection Configuration Decisions . . . . . . . . . . . . . . . 51Leased-Line or Dial-Up Connection . . . . . . . . . . . . . . . . . . . . . . 51
: 3
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Transport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Call Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Login Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Configuring a Permanent PPP Connection . . . . . . . . . . . . . . . . . . . . 54How to Configure a Permanent PPP Data Link over a Synchronous Leased-Line Interface
54How to Configure a Permanent PPP Data Link over an ISDN Interface . . . 56How to Configure a Permanent PPP Data Link over a Dial-Up Line Interface 59How to Configure a WAN Call Destination for a Permanent PPP Connection 63
Where to Go from Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Configuring On-Demand PPP Connections . . . . . . . . . . . . . . . . . . . . . 69
On-Demand PPP Connection Configuration Decisions . . . . . . . . . . . . . . 69Transport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Static Route and Service Databases . . . . . . . . . . . . . . . . . . . . . 70Call Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Interface Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Login Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Configuring an On-Demand PPP Connection . . . . . . . . . . . . . . . . . . . 73How to Configure an On-Demand PPP Data Link over a Synchronous or Asynchro-
nous Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73How to Configure an On-Demand PPP Data Link over a Synchronous ISDN Interface
77How to Configure a WAN Call Destination for an On-Demand PPP Connection 80
Where to Go from Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Configuring Backup Calls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Configuring a Backup Call Association . . . . . . . . . . . . . . . . . . . . . . 86How to Configure a Backup Call Association . . . . . . . . . . . . . . . . 86
Where to Go from Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Advanced PPP Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Configuring Data or Header Compression . . . . . . . . . . . . . . . . . . . . . 91Using Data Compression. . . . . . . . . . . . . . . . . . . . . . . . . . . 92Using Header Compression . . . . . . . . . . . . . . . . . . . . . . . . . 94How to Configure Data or Header Compression . . . . . . . . . . . . . . . 94
Maximizing Performance with the Packet Burst Protocol and Large Internet Packet Protocol 96
Configuring Maximum Receive Unit Parameters to Adjust the Frame Size . . . . 96How to Configure MRU Parameters to Adjust the Frame Size . . . . . . . . 97
Configuring Call Retry and Timeout Parameters. . . . . . . . . . . . . . . . . . 98Retrying Failed WAN Connections . . . . . . . . . . . . . . . . . . . . . . 99
4 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Terminating Inactive On-Demand Connections . . . . . . . . . . . . . . . . 99How to Configure WAN Call Retry and Timeout Parameters . . . . . . . . . 100
Configuring Matching Inbound and Outbound Authentication . . . . . . . . . . . 101How to Configure Matching Inbound and Outbound Authentication . . . . . 102
Configuring Additional Inbound Call Options . . . . . . . . . . . . . . . . . . . . 102How to Configure Additional Inbound Call Options . . . . . . . . . . . . . . 103
Configuring the Bandwidth Allocation Control Protocol and the Multilink Protocol . 104Configuring Enterprise-Specific Traps . . . . . . . . . . . . . . . . . . . . . . . 107Configuring Interface Physical Options . . . . . . . . . . . . . . . . . . . . . . . 108
How to Configure Interface Physical Options . . . . . . . . . . . . . . . . . 109Where to Go from Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Configuring Modems and DTR-Controlled Devices . . . . . . . . . . . . . . 111
Modem and DTR-Controlled Device Configuration Decisions . . . . . . . . . . . 111Configuring Modem Control Scripts for AT Dialing . . . . . . . . . . . . . . . . . 113Using CPECFG to Configure Modem and DCE Devices . . . . . . . . . . . . . . 113
How to Use CPECFG to Configure Modems and DCE Devices . . . . . . . 114Configuring the Asynchronous Control Character Map . . . . . . . . . . . . . . . 116Configuring Additional Modem/DCE Parameters . . . . . . . . . . . . . . . . . . 117
How to Configure Additional Modem/DCE Parameters . . . . . . . . . . . . 118Where to Go from Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Configuring IPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
IPX Configuration Decisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122Turning Off IPX Packet Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . 125
How to Turn Off IPX Packet Forwarding . . . . . . . . . . . . . . . . . . . 126Configuring Static Routes and Services . . . . . . . . . . . . . . . . . . . . . . 127
Configuring Static Routes and Services with NIASCFG . . . . . . . . . . . 128Configuring Static Routes and Services with STATICON . . . . . . . . . . . 131
Configuring Watchdog Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . 141How to Configure Watchdog Spoofing on an Interface . . . . . . . . . . . . 142How to Configure Watchdog Spoofing for Call Destinations . . . . . . . . . 142
Configuring Routed or Static On-Demand Calls . . . . . . . . . . . . . . . . . . 143How to Configure Routed or Static On-Demand Calls . . . . . . . . . . . . 144
Configuring IPX and NCP Header Compression . . . . . . . . . . . . . . . . . . 145How to Configure IPX and NCP Header Compression on an Interface . . . . 146How to Configure IPX and NCP Header Compression per Call Destination . 147
Configuring NLSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148How to Configure NLSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150How to Change the LSP Size . . . . . . . . . . . . . . . . . . . . . . . . . 152
Configuring RIP and SAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153How to Configure RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
: 5
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
How to Configure SAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156Accepting and Advertising Services from a Network Not Listed in the Routing Infor-
mation Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158Proxying a NetWare File Server . . . . . . . . . . . . . . . . . . . . . . . . . . 160
How to Proxy a NetWare File Server . . . . . . . . . . . . . . . . . . . . . 160How to Check the Proxy Configuration. . . . . . . . . . . . . . . . . . . . 161
Configuring the IPX Address Mapping Gateway . . . . . . . . . . . . . . . . . . 162Configuring IPX Route Aggregation . . . . . . . . . . . . . . . . . . . . . . . . 164Controlling the Propagation of Type 20 Packets . . . . . . . . . . . . . . . . . . 165
How to Control Propagation of Type 20 Packets. . . . . . . . . . . . . . . 166Changing the Hop Count Limit for IPX Packets . . . . . . . . . . . . . . . . . . 167
How to Change the Hop Count Limit . . . . . . . . . . . . . . . . . . . . . 168Balancing Traffic Loads over Equal-Cost Routes . . . . . . . . . . . . . . . . . 169
How to Balance Traffic Loads over Equal-Cost Routes . . . . . . . . . . . 170Configuring SPX Connection Parameters . . . . . . . . . . . . . . . . . . . . . 171
How to Configure SPX Connection Parameters . . . . . . . . . . . . . . . 172Setting Delay and Throughput for a Slow Link . . . . . . . . . . . . . . . . . . . 172
How to Set Delay and Throughput for a Slow Link . . . . . . . . . . . . . . 174
Configuring IPX for Wireless Connectivity . . . . . . . . . . . . . . . . . . . . . . 177
NetWare Mobile IPX Configuration Decisions . . . . . . . . . . . . . . . . . . . 177Mobile Client Driver Selection . . . . . . . . . . . . . . . . . . . . . . . . 178Planning for Efficient Use of Your Mobile Client . . . . . . . . . . . . . . . 178Deciding Where to Locate a Home Router . . . . . . . . . . . . . . . . . . 178
Configuring a Home Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182How to Configure a Home Router . . . . . . . . . . . . . . . . . . . . . . 182
Configuring a Mobile Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184How to Configure a Mobile Client . . . . . . . . . . . . . . . . . . . . . . 184How to Customize Your Mobile Client . . . . . . . . . . . . . . . . . . . . 186
Configuring the MacIPX Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Configuring and Binding the Gateway Driver . . . . . . . . . . . . . . . . . . . 192Restricting Gateway Service to Selected Networks . . . . . . . . . . . . . . . . 194Viewing the MacIPX Gateway Configuration. . . . . . . . . . . . . . . . . . . . 196Viewing MacIPX Gateway Statistics . . . . . . . . . . . . . . . . . . . . . . . . 196
Configuring IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
IP Configuration Decisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Configuring IP for a WAN Connection . . . . . . . . . . . . . . . . . . . . . . . 204
Configuring IP for Permanent and On-Demand Calls . . . . . . . . . . . . 205Configuring the WAN Network Mode. . . . . . . . . . . . . . . . . . . . . 208Configuring Individual WAN Calls . . . . . . . . . . . . . . . . . . . . . . 215
6 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Configuring Static Routes for WAN Connections . . . . . . . . . . . . . . . 218Enabling TCP/IP Header Compression . . . . . . . . . . . . . . . . . . . . 221Binding IP to an Interface Group . . . . . . . . . . . . . . . . . . . . . . . 222Assigning OSPF Neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . 223Configuring Dynamic Address Assignments . . . . . . . . . . . . . . . . . 223
Configuring RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227How to Configure RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Configuring OSPF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231How to Configure OSPF. . . . . . . . . . . . . . . . . . . . . . . . . . . . 233Configuring Load Sharing over Equal-Cost OSPF Routes . . . . . . . . . . 237
Configuring Static Routes for LANs . . . . . . . . . . . . . . . . . . . . . . . . . 238How to Configure a LAN Static Route . . . . . . . . . . . . . . . . . . . . . 239
Configuring Router Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241How to Configure Router Discovery . . . . . . . . . . . . . . . . . . . . . . 241
Configuring ARP and Proxy ARP . . . . . . . . . . . . . . . . . . . . . . . . . . 242How to Disable ARP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243How to Enable Proxy ARP . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Configuring Directed Broadcast Forwarding . . . . . . . . . . . . . . . . . . . . 244How to Enable Directed Broadcast Forwarding . . . . . . . . . . . . . . . . 244
Configuring Source Route Packet Forwarding . . . . . . . . . . . . . . . . . . . 244How to Enable Forwarding Source Route Packets . . . . . . . . . . . . . . 245
Configuring BOOTP Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . 245How to Configure the Router as a BOOTP Forwarder . . . . . . . . . . . . 245
Configuring EGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246Configuring Multiple Logical Interfaces . . . . . . . . . . . . . . . . . . . . . . . 248
Merging Two Networks When the Connecting Router Fails. . . . . . . . . . 248Reassigning IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . 249Adding New Nodes to a Full Subnet . . . . . . . . . . . . . . . . . . . . . 250
Multihoming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250Configuring Network Address Translation . . . . . . . . . . . . . . . . . . . . . 251
How to Configure Network Address Translation . . . . . . . . . . . . . . . 252
Configuring AppleTalk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
AppleTalk Configuration Decisions . . . . . . . . . . . . . . . . . . . . . . . . . 255Configuring Basic AppleTalk Parameters . . . . . . . . . . . . . . . . . . . . . . 259
Enabling AppleTalk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259Enabling Packet Error Detection . . . . . . . . . . . . . . . . . . . . . . . 260Configuring an Internal Network. . . . . . . . . . . . . . . . . . . . . . . . 261Enabling Static Routes for On-Demand Calls . . . . . . . . . . . . . . . . . 262Enabling Expert Configuration Options . . . . . . . . . . . . . . . . . . . . 263
Configuring Your PC Router as an AppleTalk End Node . . . . . . . . . . . . . . 264How to Configure Your PC Router as an AppleTalk End Node . . . . . . . . 264
Configuring AppleTalk for LAN Connections . . . . . . . . . . . . . . . . . . . . 265
: 7
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Configuring AppleTalk for WAN Connections . . . . . . . . . . . . . . . . . . . 267Configuring AppleTalk for a Permanent Connection . . . . . . . . . . . . . 269Configuring AppleTalk for an On-Demand Connection . . . . . . . . . . . 270Configuring the WAN Network Mode. . . . . . . . . . . . . . . . . . . . . 272Binding AppleTalk to a WAN Interface . . . . . . . . . . . . . . . . . . . . 276Using Interface Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Configuring IP Tunnels for IPX and AppleTalk . . . . . . . . . . . . . . . . . . . 283
IP Tunneling for IPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283The IPRELAY Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284The IPTUNNEL Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284Compatibility Between IPTUNNEL and IPRELAY . . . . . . . . . . . . . . 285How to Configure IPRELAY . . . . . . . . . . . . . . . . . . . . . . . . . 285How to Configure IPTUNNEL from NIASCFG . . . . . . . . . . . . . . . . 286How to Configure IPTUNNEL for Multiple Peers . . . . . . . . . . . . . . . 288
IP Tunneling for AppleTalk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291Tunneling AppleTalk Packets . . . . . . . . . . . . . . . . . . . . . . . . 291How to Configure AURP . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Configuring Source Route Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Source Route Bridging Configuration Decisions . . . . . . . . . . . . . . . . . . 296Configuring Local Two-Port Bridging. . . . . . . . . . . . . . . . . . . . . . . . 297
How to Configure Local Two-Port Bridging. . . . . . . . . . . . . . . . . . 298Configuring Remote Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Connecting a Bridge to Another Vendor’s Bridge . . . . . . . . . . . . . . 300Connecting a Bridge to Another Novell Source Route Bridge . . . . . . . . 301
Configuring Multiport Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . 303How to Configure Multiport Bridging . . . . . . . . . . . . . . . . . . . . . 305
Configuring Server-Based Bridging . . . . . . . . . . . . . . . . . . . . . . . . 306How to Configure Server-Based Bridging . . . . . . . . . . . . . . . . . . 307
Configuring the Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . 310How to Configure the Spanning Tree Protocol . . . . . . . . . . . . . . . . 310
Configuring Source Route End Stations . . . . . . . . . . . . . . . . . . . . . . 311How to Configure Source Route End Stations . . . . . . . . . . . . . . . . 312
Configuring the Novell LNM Agent . . . . . . . . . . . . . . . . . . . . . . . . . 314How to Configure the Novell LNM Agent . . . . . . . . . . . . . . . . . . . 315
Configuring Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Filter Configuration Decisions . . . . . . . . . . . . . . . . . . . . . . . . . . . 317How to Run FILTCFG . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318How to Save Filters to a Text File . . . . . . . . . . . . . . . . . . . . . . 320
Configuring IPX Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
8 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
How to Configure IPX SAP Filters. . . . . . . . . . . . . . . . . . . . . . . 321IPX SAP Filter Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323How to Configure IPX RIP Filtering . . . . . . . . . . . . . . . . . . . . . . 325IPX RIP Filter Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328IPX NetBIOS and Packet Forwarding Filters . . . . . . . . . . . . . . . . . 329Configuring IPX Packet Forwarding . . . . . . . . . . . . . . . . . . . . . . 330IPX Packet Forwarding Filter Example . . . . . . . . . . . . . . . . . . . . 333
Configuring TCP/IP Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337How to Configure IP Routing Information Filters . . . . . . . . . . . . . . . 337How to Configure EGP Filters . . . . . . . . . . . . . . . . . . . . . . . . . 340How to Configure OSPF External Route Filters . . . . . . . . . . . . . . . . 343IP Routing Information Filter Example. . . . . . . . . . . . . . . . . . . . . 345IP Packet Forwarding Filters . . . . . . . . . . . . . . . . . . . . . . . . . 346
Configuring AppleTalk Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351How to Configure AppleTalk Device Hiding Filtering . . . . . . . . . . . . . 352Example AppleTalk Device Hiding Filter . . . . . . . . . . . . . . . . . . . 356How to Configure AppleTalk Route Filtering . . . . . . . . . . . . . . . . . 358AppleTalk Outgoing Routing Information Filter Example . . . . . . . . . . . 360
Configuring Source Route Bridge Filters . . . . . . . . . . . . . . . . . . . . . . 362Configuring Protocol ID Filters . . . . . . . . . . . . . . . . . . . . . . . . 362Configuring Ring Number Filters . . . . . . . . . . . . . . . . . . . . . . . 364
Planning WAN Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Wide Area Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365Point-to-Point Connections . . . . . . . . . . . . . . . . . . . . . . . . . . 366Packet-Switched Networks . . . . . . . . . . . . . . . . . . . . . . . . . . 366
Planning for WAN Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . 366Contacting Service Providers . . . . . . . . . . . . . . . . . . . . . . . . . 367Using NIASCFG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
NetWare Link/Frame Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367Frame Relay Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368NetWare Link/Frame Relay Parameters . . . . . . . . . . . . . . . . . . . 369Diagramming Your Frame Relay Network. . . . . . . . . . . . . . . . . . . 370Planning Your Frame Relay Network . . . . . . . . . . . . . . . . . . . . . 371Where to Go from Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
NetWare Link/X.25 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374Virtual Circuit Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375Logical Channel Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . 377NetWare Link/X.25 User Facilities. . . . . . . . . . . . . . . . . . . . . . . 377Diagramming Your X.25 Network . . . . . . . . . . . . . . . . . . . . . . . 379Planning Your X.25 Network . . . . . . . . . . . . . . . . . . . . . . . . . 380Where to Go from Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
: 9
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Configuring NetWare Link/ATM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
How to Configure NetWare Link/ATM Network Interface Parameters . . . . . . . 391How to Configure NetWare Link/ATM WAN Call Destination Parameters . . . . . 393
Configuring Frame Relay Network Access. . . . . . . . . . . . . . . . . . . . . . 397
Frame Relay Configuration Decisions . . . . . . . . . . . . . . . . . . . . . . . 397Setting Up and Using NetWare Link/Frame Relay . . . . . . . . . . . . . . 397
Configuring a Frame Relay Network Interface . . . . . . . . . . . . . . . . . . . 398How to Configure a Frame Relay Network Interface . . . . . . . . . . . . . 398
Configuring the WAN Call Directory . . . . . . . . . . . . . . . . . . . . . . . . 403How to Configure WAN Call Destinations . . . . . . . . . . . . . . . . . . 403
Configuring NetWare Link/X.25 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
X.25 Configuration Decisions . . . . . . . . . . . . . . . . . . . . . . . . . . . 407Configuring the Network Interface . . . . . . . . . . . . . . . . . . . . . . . . . 408
How to Configure the Network Interface . . . . . . . . . . . . . . . . . . . 409Configuring the WAN Call Directory . . . . . . . . . . . . . . . . . . . . . . . . 415
How to Configure the WAN Call Directory . . . . . . . . . . . . . . . . . . 415
Configuring Router Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
Configuring SNMP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . 425Configuring SNMP Information. . . . . . . . . . . . . . . . . . . . . . . . . . . 428Export Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430Import Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431Configuring Server Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431Edit AUTOEXEC.NCF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Customizing PPP Login Scripts 435
Customizing a PPP Login Script . . . . . . . . . . . . . . . . . . . . . . . . . . 435Login Script Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436Login Script Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
Modem Description Files 439
Customizing a Modem Description File . . . . . . . . . . . . . . . . . . . . . . 439Limited Public-Switched Telephone Support. . . . . . . . . . . . . . . . . . . . 440
Pseudopermanent Link Operation . . . . . . . . . . . . . . . . . . . . . . 440Initial Connection Establishment . . . . . . . . . . . . . . . . . . . . . . . 441Call Disconnection and Reconnection . . . . . . . . . . . . . . . . . . . . 441Modem Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442Modem Programming Example . . . . . . . . . . . . . . . . . . . . . . . 442
10 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Modem Description Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444Modem Description File Information. . . . . . . . . . . . . . . . . . . . . . 445Modem Description File Components . . . . . . . . . . . . . . . . . . . . . 446
Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460Novell Internet Access Server 4.1 Remote Access Software . . . . . . . . . 460Novell Internet Access Server 4.1 Routing Software . . . . . . . . . . . . . 460
: 11
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
12 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Preface
About This Guide
Introduction
This guide provides the information you need to configure the Novell Internet Access Server 4.1 routing software.
You must configure the routing software if your network uses parameter settings other than the default settings of the routing software. For example, you must change the default settings if you want to use OSPF instead of RIP as the routing protocol for IP, if you want to configure an IP tunnel, or if you want to set up on-demand WAN connections.
Preface : 13
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
14 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
1 Con
figuring Novell Internet Access Server 4.1The Novell Internet Access Server 4.1 routing software offers an extensive set
dures,
ted
nitial
ty
of configurable parameters for all supported protocols. You can use these parameters to
• Modify the default characteristics of the initial configuration
• Configure advanced features and optimize router and WAN link performance options
This guide presents basic and advanced configuration concepts and proceand covers the management utilities that you might find useful.
The initial configuration of Novell Internet Access Server 4.1 provides thebasis for most routing needs. The initial configuration is based on the configured boards, the enabled and configured protocols, and the supporWAN protocol. If you followed the instructions when you installed Novell Internet Access Server 4.1, you set most protocol parameters during the iconfiguration at their default values.
This chapter contains the following sections:
• “Configuration Overview” on page 15
• “Understanding Configuration” on page 17
• “Configuration Utilities and Commands” on page 20
• “Dynamic Reconfiguration” on page 25
Configuration Overview
To configure a router to run on a LAN or a WAN, you need to perform thefollowing tasks using the Novell Internet Access Server Configuration utili(NIASCFG):
Chapter 1: Configuring Novell Internet Access Server 4.1 15
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
N
ng
fer or
or
or
rt
,
1. Configure the LAN or WAN board.
• For a LAN board, you only need to configure the board.
• For a WAN board, you need to configure the board and the WAnetwork interfaces.
For information about configuring LAN or WAN boards, refer to Chapter 2, “Configuring Drivers and Board Parameters,” on page 29
For information about configuring WAN network interfaces for the NetWare® Link/PPPTM software, refer to Chapter 3, “Configuring Permanent PPP Connections,” on page 51 or Chapter 4, “ConfiguriOn-Demand PPP Connections,” on page 69
2. For a WAN link, configure the PPP WAN call destination.
For information about setting up permanent WAN call destinations, reto Chapter 3, “Configuring Permanent PPP Connections,” on page 51Chapter 4, “Configuring On-Demand PPP Connections,” on page 69
3. Configure the network protocols that will run over the LAN or WAN connection.
• For a LAN connection, you can configure the routing protocol (fthe Internetwork Packet ExchangeTM [IPXTM ] protocol and TCP/IP protocol), tunneling (for IPX and AppleTalk*), filtering, staticroutes (for TCP/IP only), and other expert configurations.
• For a WAN connection, you can configure the routing protocol (fIPX and TCP/IP), tunneling (for IPX and AppleTalk), filtering, static services or routes (for on-demand links), and other expeconfigurations.
Refer to the corresponding chapters in this guide for more information.
4. If necessary, configure the source route bridge. Refer to Chapter 14“Configuring Source Route Bridging,” on page 295
5. Bind the network protocols, or source route bridge, to the network interfaces through which you want them to connect.
16 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
g
y , in n
ctor wer
Understanding Configuration
Configuring the router involves some planning and decision-making along the way. You must know the details of the network where you are placing the router, the type of connectivity you want, and the configuration details of the peers to which you are connecting the router. For example, deciding whether you need to bridge rather than route a protocol over a specific interface depends on the type of network to which you are attaching the router.
Deciding the characteristics of each protocol you are routing (or bridging) over a LAN or WAN interface is based on the topology and existing characteristics of the network. For every protocol you configure to run over a LAN or WAN link, you must determine which routing protocol to use, whether to tunnel packets, whether you need or want to configure static routes, and which type of filtering to use.
This section discusses the basic concepts you must know to make the right decisions when configuring the network protocols you want to route using Novell Internet Access Server 4.1. Each network protocol you want to support must be bound and must run over a configured link.
For information about binding configuration concepts and procedures and about configuring protocols and bridges, refer to the corresponding chapters in this guide on configuring IPX, IP, AppleTalk, and bridging network protocols. For information about configuring WAN links, refer to Chapter 4, “Configuring On-Demand PPP Connections,” on page 69
Routing Protocols
NetWare IPX and TCP/IP configurations offer options for setting the routinprotocols. There are two general types of routing protocols available: distance vector and link state . Your choice of routing protocols is determined largelby which routing protocols are currently used in your network. For exampleolder networks, such as NetWare 2, there might be several routers that casupport only distance vector routing.
If your network contains routers that support both link state and distance verouting, your router will need to support both. In networks that have only nerouters, it is best to configure the routers to use only link state routing protocols. In networks with older routers, you can gradually update your routers and migrate to the exclusive use of link state routing protocols.
Chapter 1: Configuring Novell Internet Access Server 4.1 17
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Table 1-1 shows the distance vector and link state protocols that are supported by Novell Internet Access Server 4.1.
Table 1-1Distance Vector and Link State Protocols
Source Route Bridge
The source route bridge enables you to use your router to link token ring networks and create an extended network. Source route bridging allows end stations to discover routes dynamically and determine which one to use when sending data to any particular destination.
Novell Internet Access Server 4.1 supports concurrent routing and bridging of all major protocols, including IPX, TCP/IP, and AppleTalk, and bridges unroutable protocols, such as the IBM* NetBIOS and SNA protocols. However, because you cannot bridge and route the same protocol on the same interface, the software provides a mechanism for automatically disabling bridging for the protocols that are being routed.
On-Demand Links and Static Routes
NetWare Link/PPP on-demand links are WAN circuits that become active only when there is traffic on the link. Standard network protocols generally expect each WAN circuit to provide permanent connections to all remote systems. The reason is that the network protocols rely on periodic communication with remote systems to exchange routing information dynamically and, in the case of IPX, to receive service advertising updates. These periodic exchanges identify the network routes and services that are known on each remote LAN accessed over the WAN connections.
Because on-demand connections do not exchange routing or service information, both ends of the link must have enough information to be able to call each other. Because no routing traffic crosses an on-demand link, you must
Network Protocol Distance Vector Routing Protocol Link State Routing Protocol
IPX RIP NetWare Link Services ProtocolTM (NLSPTM ) software with RIP/SAP compatibility (default)
TCP/IP RIP (default) OSPF
AppleTalk RTMP and AURP not applicable
18 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
configure remote routes manually on the local router as static routes . This way, the connection can remain inactive until data needs to cross it.
Static routes are configured at the network protocol level, such as IPX or AppleTalk. They let the protocol know the WAN call destination to use to reach that route, as well as information about the remote router, such as IP address, number of hops, and so on.
For example, if an IP router needs to reach a remote destination, it sends packets to the local IP router that advertises the routes, and assumes the packets can reach their destination. The local router then stores the packets and, using the static route information, uses the appropriate WAN call destination to establish a connection to the remote router. After the local router completes the call and negotiates on-demand service, it forwards the stored packets to the remote router, which then forwards them to their destination.
Permanent Links and Static Routes
In TCP/IP and IPX, static routes are not limited to on-demand WAN calls; you can also use them for permanent WAN calls and connections. You use a static route for a permanent WAN connection if you want to eliminate routing protocol traffic over the connection, making more bandwidth available for data, or to have a backup route for dynamic routes. You can also use static routes to limit user access to one portion of the network, or to gain access to isolated areas of the network. You can also use routed on-demand links for IPX.
Tunneling
Novell Internet Access Server 4.1 provides the IPRELAY and IPTUNNEL drivers for tunneling IPX packets through IP internetworks, and provides the AppleTalk Update-based Routing Protocol (AURP) to tunnel AppleTalk packets through IP internetworks.
IPRELAY is configured as a WAN board driver that simulates a collection of point-to-point Permanent Virtual Connections (PVCs) between routers. IPRELAY uses the User Datagram Protocol (UDP) encapsulation to send IPX packets through an IP internetwork to a remote IPRELAY peer. The remote IPRELAY peer then strips the UDP encapsulation and sends the IPX packet through an IPX network to its destination.
Similarly, AURP encapsulates AppleTalk packets to send them through an IP internetwork to a remote AURP peer. The remote AURP peer then strips the
Chapter 1: Configuring Novell Internet Access Server 4.1 19
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ing X
es the k.
f
,
ts
encapsulation and sends the packet through the AppleTalk network to its destination.
The IPTUNNEL driver enables IPX to use a TCP/IP network to communicate with other IPX nodes. The IPTUNNEL driver models the IP internetwork as a single IPX LAN. To IPX, IPTUNNEL performs the same functions as a typical NetWare LAN driver. The TCP/IP network operates as if it were a hardware network, passing packets among the IPX nodes connected to it.
Filtering
Novell Internet Access Server 4.1 supports filtering to control the service and route information that is accepted or advertised by a router. Filters are useful when you want to limit specific types of traffic to certain parts of your network and when you want to provide a certain level of security. The Filter Configuration utility (FILTCFG) enables you to configure the filters for IPX, IP, AppleTalk, and the source route bridge, to selectively discard packets sent or received by a router. The following types of filters are supported:
• Packet forwarding —Prevents or allows selected data packets from beforwarded by the router. Packet forwarding filtering is available for IPand TCP/IP.
• Service information —Prevents or allows packets that advertise servicdestined for particular parts of the network from being advertised by router. Service information filtering is available for IPX and AppleTal
• Routing information —Limits the routes added to the routing tables ospecified routers. Routing information filtering is available for IPX, AppleTalk, and TCP/IP.
• Protocol ID and Ring Number —Only available for source route bridgethe Protocol ID filter is used for packets of certain protocol types received by the bridge, and the Ring Number filter is used for packereceived from specific rings in a token ring network.
Configuration Utilities and Commands
You use the following utilities to configure and manage your router:
20 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
e
ver d
u , IP,
• Configuration and management utilities to configure and optimize throuter. These include NIASCFG, FILTCFG, STATICON, CALLMGR, and CPECFG.
• Command-line utilities to implement configuration changes to your router. These utilities include the INITIALIZE SYSTEM and REINITIALIZE SYSTEM commands.
Note You use monitoring utilities to check how each protocol is functioning and to help you identify potential problems. These include PPPCON, IPXCON, ATCON, and TCPCON, and are covered in Novell Internet Access Server 4.1 Troubleshooting and Novell Internet Access Server 4.1 Management and Optimization .
Configuration and Management Utilities
The utilities you use to configure and manage Novell Internet Access Ser4.1 work in conjunction with the monitoring utilities to configure, monitor, anoptimize the router and its connections.
NIASCFG
NIASCFG enables you to configure Novell Internet Access Server 4.1. Yocan set up and customize your internetworking configuration for PPP, IPXAppleTalk, and the source route bridge by performing the following tasks:
• Select and configure a board.
• Select and configure a network interface.
• Create a WAN call directory.
• Create a backup call association.
• Select and configure a network protocol.
• Bind a network protocol to an interface.
• Manage the configuration.
• View the configuration.
• Switch to the fast setup method.
Chapter 1: Configuring Novell Internet Access Server 4.1 21
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ved .
n ity.
s at fer
NIASCFG records information in various configuration (*.CFG) files located in SYS:\ETC. Some of these files are present at system startup; others are created by NIASCFG, depending on the parameters you configure. The following is a partial list of these files:
• AURP.CFG
• TCPIP.CFG
• IPXSPX.CFG
• NLSP.CFG
• NETINFO.CFG
Warning NIASCFG creates these files strictly for its own use; do not delete them or change their contents.
FILTCFG
You use the Filter Configuration utility (FILTCFG) to set up and configure filters for the IPX, TCP/IP, and AppleTalk protocols and the source route bridge.
Filters provide a way to control the kind of information that is sent and receiby a router by selectively discarding packets and routes of specified typesFilters are useful when you want to limit specific kinds of traffic to a certaipart of your network topology, or when you want to provide a level of securTo configure filters, refer to “Configuring Filters” on page 317
STATICON
You use the Static Routing Configuration utility (STATICON) to open a connection to a remote IPX router and configure static routes and serviceeach end of the connection. To configure static routes with STATICON, reto Chapter 8, “Configuring IPX,” on page 121
You can use STATICON to perform the following tasks:
• Initiate configuration of static routing tables with a remote router.
• Configure local static services from gatekeepers.
22 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
r ou d for fied
u
e G to a
er
e
• Configure local and remote static services and routes.
• Save static routing tables to permanent storage.
• Restore static routing tables from permanent storage.
CALLMGR
You use the Call Manager utility (CALLMGR) to monitor the status of youWAN connections or to initiate and terminate WAN calls manually. When ystart CALLMGR, you see a list of the current WAN connections. Each linedisplays the status of the call, the network interface, and the protocol usethe call. Outgoing calls display the name of the WAN call destination specifor the call. The name of the remote system might also be displayed.
Call error detailed information is available for calls that terminate while yoare in CALLMGR.
CPECFG
You use the CPE Configuration utility (CPECFG) to configure and managcommunications equipment from the server console. You can use CPECFestablish communications with your communications equipment, such asDSU/CSU or a modem, through the existing serial port on a server or standalone router.
TECHWALK
You use the TECHWALK utility to record your Novell Internet Access Serv4.1 configuration. The TECHWALK utility records all information in NIASCFG or other console utilities by walking through the configuration parameters and saving them to the SYS:/ETC/TECHWALK.OUT file. All enabled items and summary lists are recorded.
You can access TECHWALK by typing one of the following command variations:
• LOAD TECHWALK
• LOAD TECHWALK console NLM name
The console option runs TECHWALK to record only the information for thconsole utility you specified in the command.
Chapter 1: Configuring Novell Internet Access Server 4.1 23
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Depending on the information you want to record, you should exit NIASCFG or the specific console before you run TECHWALK. Running TECHWALK might take from 5 to 60 minutes, depending on your configuration and the network traffic, and dedicates your machine to the process.
Command-Line Utilities
Novell Internet Access Server 4.1 also includes the commands described in this section to enhance the configuration and management utilities.
INITIALIZE SYSTEM
The INITIALIZE SYSTEM command lets you enable the Novell Internet Access Server 4.1 configuration by executing all commands in the system NETINFO.CFG file.
To use INITIALIZE SYSTEM, type the following command at the server prompt:
INITIALIZE SYSTEM
This command is typically executed from the INITSYS.NCF file during server startup.
Note Executing INITIALIZE SYSTEM on a system that has already been initialized can generate errors as the system discovers that the commands in the NETINFO.CFG file have already been executed.
REINITIALIZE SYSTEM
The REINITIALIZE SYSTEM command lets you enable configuration changes made since the commands in the NETINFO.CFG file were executed.
To use REINITIALIZE SYSTEM, type the following command at the server prompt:
REINITIALIZE SYSTEM
Note The REINITIALIZE SYSTEM command is also available from the Internetworking Configuration menu.
24 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
or of
it
REINITIALIZE SYSTEM compares the current NETINFO.CFG file with the previous one, which became effective with the execution of the INITIALIZE SYSTEM command. If REINITIALIZE SYSTEM finds any new or changed commands in the current NETINFO.CFG file, it executes them.
REINITIALIZE SYSTEM also informs any SNMP-registered NetWare Loadable ModuleTM (NLMTM ) file that it is executing. This callback mechanism enables NLM files that store configuration information outside the NETINFO.CFG file to recognize that changes to the configuration have taken place.
Dynamic Reconfiguration
With dynamic reconfiguration, any changes you make to a router take place automatically without the router being restarted.
Any protocol parameter changes (from the Protocols menu in NIASCFG) to TCP/IP, IPX, or AppleTalk parameters take place dynamically at reinitialization. Status changes and configuration changes in any routing protocol take place dynamically without affecting other routing protocols.
All bind configuration changes (from the Bindings menu in NIASCFG) cause an automatic unbind and rebind to the interface.
IPX
The following conditions are true for IPX:
• All global configuration changes will cause an automatic unload andreload of IPX.
• Port-specific parameter changes or WAN call profile changes might might not bring the affected connection down, depending on the typechange being made. Only permanent connections will be brought upagain.
• Any configuration changes to the static routes or services for a circuwill delete and refresh all static routes and services for that circuit without disconnecting the call.
Chapter 1: Configuring Novell Internet Access Server 4.1 25
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
d
g
ain.
ce.
e
nd es
TCP/IP
The following conditions are true for TCP/IP:
• All configuration changes, except to WAN Call Destinations , RIP Bind Options , and OSPF Bind Options , cause an automatic unbind and rebinof IP to the interface.
• Any configuration changes to RIP Bind Options and OSPF Bind Options will simply reconfigure the respective routing protocol without affectinother routing protocol bind parameters.
• Any configuration changes to WAN Call Destinations , except changes toStatic Routing Table and RIP Bind Options , will bring the connection down. Only permanent, automatic connections will be brought up ag
• Any configuration changes to RIP Bind Options or Static Routing Table under WAN Call Destinations will reconfigure RIP or the static routes for the specified connection without affecting other parameters, andwithout disconnecting the call for the given connection.
AppleTalk
The following conditions are true for AppleTalk:
• All AppleTalk configuration parameter changes are dynamically reconfigured immediately, except changes to the WAN Protocol ID (PID). You must restart the router to use a new Protocol ID.
• Binding configuration changes, except those made to WAN call destinations, automatically unbind and rebind AppleTalk to the interfa
• Any configuration changes to the zone(s) list for an external interfacwill cause an automatic unbind. You must enter the REINITIALIZE SYSTEM command to rebind AppleTalk to the interface 10 minutes later.
• Any configuration changes to the zone(s) list of the internal network athe static routes will make AppleTalk not advertise the changed routfor 10 minutes.
• Any configuration changes to the WAN interface or WAN call destinations, except changes to the static routes, will bring the
26 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
rs,
P
connection down. Only permanent, automatic connections are brought up again.
• Any configuration changes to static routes will reconfigure the staticroutes for the specified connection without affecting other parameteand without disconnecting the call for the given connection.
• Any configuration changes to the AURP parameters will make AURunload and reload internally, and all connected AURP peers will be disconnected and reconnected.
Chapter 1: Configuring Novell Internet Access Server 4.1 27
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
28 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
2 Con
figuring Drivers and Board ParametersThis chapter contains the following sections:
4
r,
nds
• “Board Configuration Decisions” on page 29
• “Configuring a LAN or WAN Board” on page 31
• “Adding a New Board Driver or NLM File to Your System” on page 3
• “Configuring a Logical Adapter Board for ATM LEC” on page 35
• “Configuring Logical Adapter Boards for NetWare Link/ATM” on page 38
• “Configuring Boards for Running PPP over ISDN” on page 39
• “Configuring Boards for Running PPP over Asynchronous Ports” onpage 42
• “How to Configure Boards for Point-to-Point Tunneling Protocol (PPTP)” on page 47
• “Enabling or Disabling a LAN or WAN Board” on page 48
• “Deleting a LAN or WAN Board” on page 49
Board Configuration Decisions
For most boards, you only need to perform the basic board configuration described in “How to Configure a LAN or WAN Board” on page 31 Howevethere are four scenarios that require more than just the basic board configuration. Whether you need to configure additional information depeon the following decisions:
• Whether you are configuring the ATM LEC
Chapter 2: Configuring Drivers and Board Parameters 29
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
s
fer l to
e g
10 r
the
ne of
ore
If you are configuring the ATM LEC (Asynchronous Transfer Mode LAN Emulation Client) software, you must perform the steps described in “Configuring a Logical Adapter Board for ATM LEC” on page 35
ATM LEC software emulates existing LAN services, making the ATMnetwork appear connectionless, such as an Ethernet or token ring network. ATM LEC configurations allow existing network protocols torun over ATM without modification, and they allow interoperability between software applications residing on ATM-attached end systemand traditional LAN end systems.
• Whether you will be using NetWare Link/ATM TM software
If you decide to use NetWare Link/ATM, you must perform the stepsdescribed in “Configuring Logical Adapter Boards for NetWare Link/ATM” on page 38
NetWare Link/ATM is used to transfer data over Asynchronous TransMode (ATM) networks that use cell switching based on a 53-byte celprovide low-latency, scalable virtual-circuit-multiplexed WAN connectivity.
• Whether you will be running PPP over ISDN
If you decide to use PPP over ISDN, you must perform the steps described in “Configuring Boards for Running PPP over ISDN” on page 39
PPP over ISDN is used only in dial-up situations. ISDN lines have thadvantage of being faster and more efficient than PPP dial-up analolines, resulting in a lower cost to transfer the same amount of data. Synchronous on-demand connections over ISDN lines provide 5 to times the bandwidth of analog connections at significantly lower errorates.
• Whether you will be running PPP over asynchronous ports
If you decide to use PPP over asynchronous ports, you must performsteps described in “Configuring Boards for Running PPP over Asynchronous Ports” on page 42
Asynchronous ports are used when only low-speed connections arerequired. They also have the advantage of a low cost. You can use oyour PC's existing COM ports, a low-cost third-party asynchronous board, or a high-performance third-party asynchronous board. For minformation about the advantages and disadvantages of using
30 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
ow n
ugh he he te
rd, eters.
one r ed
iver
s an oard iver
n
asynchronous ports, contact the Novell® LabsTM group or refer to the Novell Labs WWW location http://labs.novell.com/infosys/mastr_06.htm.
• Whether you will be using PPTP
If you decide to use PPTP, you must perform the steps described in “Hto Configure Boards for Point-to-Point Tunneling Protocol (PPTP)” opage 47
PPTP enables the Point-to-Point Protocol (PPP) to be tunneled throan IP network. PPTP is most commonly used for ISP connections. Tuse of a TCP connection for call control and management enables tserver to control dial-in access from remote PPP clients and to initiaoutbound calls.
Configuring a LAN or WAN Board
Configuring, or reconfiguring, a board involves choosing a driver for the boaassigning a name to the board, and specifying values for the board param
When you select and configure a LAN board, you are actually configuring or more physical interfaces that correspond to individual connections ovewhich packets are routed. Configuring a board causes the driver associatwith the board to load each time you initialize the router.
Most drivers that are compatible with NetWare software have a driver description file that defines the hardware parameters necessary for the drto operate with the board you select. This file—sometimes called the .LDI file —also specifies the valid range of values for each parameter. If a driver ha.LDI file, the parameters associated with that driver are presented in the BConfiguration menu; you simply choose a value for each parameter. If a drhas no .LDI file, you must enter the required values in the Board Parameters field.
For information about selecting a WAN board and about the most currentNovell-certified boards and drivers, refer to the Novell Labs WWW locatiohttp://labs.novell.com/infosys/mastr_06.htm.
How to Configure a LAN or WAN Board
To configure a board, complete the following steps:
Chapter 2: Configuring Drivers and Board Parameters 31
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
at
ith
s
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Boards
2. Do one of the following:
If you are configuring a new board:
• Press Ins to display the list of available drivers.
• Scroll through the list of available drivers and select the driver thcorresponds to the type of new LAN board you are installing inyour system. If the driver you need is not in the list, refer to “Adding a New Board Driver or NLM File to Your System” on page 34
If you are changing an existing board configuration, select that board.
3. The Configured Boards screen is displayed.
Note If you are doing a new configuration, no existing boards are shown. Otherwise, boards that have already been configured are shown.
The Configured Boards screen displays a list of configured boards wsome or all of the following information:
• Board Name —Name you assign to the board.
• Driver —Name of the driver associated with the board.
• Int —Interrupt request level (IRQ) used by the board.
• IOAddr —Base input/output port address for the board.
• MemAddr —Base memory address used by the board.
• Slot —Number of the slot where the board is installed.
• Status —Status of the board, which is Enabled by default.
• Comment —Any comments that you enter about the board or itconfiguration.
Note Not every board-driver configuration requires all this information; in fact, some configurations require other, link-specific parameters that are not shown in the Configured Boards screen. These parameters are displayed in the Board Configuration menu, as described in the following steps.
32 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
If the board driver has an .LDI file, the parameters you need to configure for the board are displayed as separate fields in the menu.
If the board driver has no .LDI file, only the Board Name , Board Parameters , and Comment fields are provided as a means for entering the parameters manually.
4. Enter a name in the Board Name field; or, if needed, change the name of an existing board.
You can use up to 10 alphanumeric characters for the board name.
5. Specify the board parameters by doing one of the following:
If the driver selected has a description file, the parameters are listed as separate fields. You must highlight each field one at a time and select the appropriate value for the parameter from the displayed list.
Hint Use the context-sensitive help text if you need an explanation of any parameter. Highlight the parameter and press F1 to display the help text. Press Esc to exit the help screen. When in doubt, accept the default values.
If the driver selected does not have a description file, the Board Configuration Without A Driver Description File menu is displayed. You must type the parameters in the Board Parameters field; use the following as an example:
PORT=300 INT=3
These parameters are appended to the LOAD <driver> line.
Warning NIASCFG automatically manages frame types. Do not put a frame= option in the Board Parameters field.
6. Press Esc to return to the Configured Boards screen; save your changes when prompted.
The Configured Boards screen now shows the board you just configured. Note that the board status is Enabled ; you can use the Tab key to toggle between Enabled and Disabled . To ensure that the board is loaded, continue with the next step.
7. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
Chapter 2: Configuring Drivers and Board Parameters 33
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
8. If you want these changes to take effect immediately, perform the following actions.
LAN boards with a single network interface need no further configuration; however, an enabled driver is not loaded unless a protocol is bound to it.
WAN boards also require that a data-link protocol be assigned and configured for each required port. This is done by selecting Network Interfaces in NIASCFG. Refer to the appropriate data-link protocol configuration chapter for information about configuring network interfaces.
After a data-link protocol has been associated with the board, select Reinitialize System or restart the router to make the changes take effect. If there are any conflicts with the hardware parameters of other boards, one or more messages describe them. You must determine whether the conflicts are acceptable or whether they interfere with the operation of the router and, if necessary, resolve them.
Adding a New Board Driver or NLM File to Your System
For a list of board drivers that are certified for use with the Novell Internet Access Server 4.1 routing software, refer to the Novell Labs WWW location at http://labs.novell.com/infosys/bulletin.htm.
To add a new board driver or NetWare Loadable Module TM (NLMTM ) file, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Boards
2. Press Ins to display the list of available drivers.
3. Press Ins again.
The New Driver screen is displayed. You must now tell the system where to copy the driver from.
4. Enter the full pathname of the driver at the console prompt, then press Enter .
If NIASCFG cannot find the driver file you enter, the message Driver file not found is displayed.
34 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
he ed ard.
Note You can also use this screen for copying drivers and NLM files from a floppy diskette to the SYS:/SYSTEM directory.
To add a driver to the list of available drivers, insert the diskette containing the driver in one of the disk drives, specify the complete path and filename of the driver (for example, A:\NEWDRV\DRIVER), then press Enter . The driver and its description file, if any, are copied into the SYS:SYSTEM directory. (Note that the file extension is not required.)
5. Configure the new board as described in the appropriate section in this chapter.
Configuring a Logical Adapter Board for ATM LEC
Before you begin, you must configure a physical ATM board as described in “Configuring a LAN or WAN Board” on page 31
If you configure ATM LEC before configuring the physical adapter board, tLEC software will not load. ATM LEC requires an ATM adapter to be loadand connected to an ATM switch prior to configuring the logical adapter bo
To configure a logical adapter board, complete the following steps:
Note Refer to Table 2-1 on page 37 for LAN Emulation parameter descriptions.
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Boards
2. Do one of the following:
If you are configuring a new board, press Ins to display the list of available drivers.
• Select ATMELEC for Ethernet emulation.
• Select ATMTRLEC for token ring emulation.
If you are changing an existing board configuration, you must delete the board configuration and return to the beginning of this step to add a new board.
3. Select Board Name and enter a unique name.
Chapter 2: Configuring Drivers and Board Parameters 35
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
n.
4. Select ATM HSM Board Name and enter the name of the ATM HSMTM (Hardware Specific ModuleTM ) board. Multiple emulated LANs can share the same physical ATM adapter. Input in this field is required.
5. Select ELAN Name and specify the name of the emulated LAN. This name, if specified, must match the LES (LAN Emulation Server) name. If no name is specified the LECS (LAN Emulation Configuration Server) will determine the default. Use double quotation marks if the name contains lowercase letters (for example, \elan1\.).
6. Select Node Override and specify a node address to override the default if it has already been used for another emulated LAN.
7. Select LECS and specify the ATM address of the LECS.
8. Select LES and specify the address of the LES.
9. Select LSB (canonical) for a token ring LEC.
The default is noncanonical Most Significant Bit (MSB) mode.
10. Select Comment and enter a descriptive comment, if desired.
11. Select Board Status and indicate whether the board is loaded.
• Enabled —Indicates whether the board is loaded.
• Disabled —indicates that no driver load lines or protocol bind commands are created for the board.
• Force —Loads all LAN driver frame types.
12. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
LAN Emulation Command Parameters
Table 2-1 describes the parameters used for ATM LEC board configuratio
36 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Table 2-1LAN Emulation Command Parameters
Parameter Name Description
NAME Logical board to which the protocol stacks can bind.
ELAN The name of the emulated LAN (ELAN) to which you want this LAN port to join. This parameter is sent in a LAN Emulation Configuration Server (LECS) configuration request to obtain other parameter values associated with the ELAN from the LECS. If this parameter is not specified and the LECS address is specified in the load line, then the LECS configuration request will contain a NULL value for the ELAN. This allows the LECS to optionally assign the LAN Emulation Client (LEC) to a default ELAN and supply the default ELAN’s configuration parameters to the LEC.
Place the ELAN name in double quotation marks if the name contains lowercase letters (for example, ELAN NAME: \elan1\.).
NODE The 6-byte MAC address for the ELAN port. If this parameter is not specified, the primary End Station Identifier (ESI) value (registered by the ATM adapter) is chosen as the MAC address, unless it has already been assigned to another instance of the ELAN. The NODE value should be unique within the ELAN. Otherwise, the LAN Emulation Server (LES) rejects the address and the LEC is terminated. The NODE value should not have the multicast bit on and should be a local address. Otherwise, the LEC rejects the address and is terminated.
LECS Full 20-byte address of the LAN Emulation Configuration Server (LECS). The format for this address is 20 bytes with no separators. If the LECS is connected to the same switch as the LEC, only the last 7 bytes of the LECS address must be entered. This parameter is optional.
If neither the LES nor LECS address is specified, by default, the LEC tries to access the LECS by using its well-known unicast address.
LES Full 20-byte address of the LAN Emulation Server (LES). The format for the address is 20 bytes with no separators. If the LES is connected to the same switch as the LEC, only the last 7 bytes of the LES address must be entered. This parameter is optional.
LSB This parameter is required only for token ring LEC when the LEC needs to handle the MAC address in the Least Significant Bit (LSB) mode (canonical mode). If this parameter is not specified, the LEC uses the default, the Most Significant Bit (MSB) mode.
ATMBOARD Name of the ATM interface (up to 17 bytes long) that the ELAN uses. If this parameter is not specified, the first available ATM board is chosen. To avoid having an undesired board chosen, this parameter should be specified when multiple ATM boards are present.
Chapter 2: Configuring Drivers and Board Parameters 37
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Configuring Logical Adapter Boards for NetWare Link/ATM
NetWare Link/ATM recognizes only a logical interface adapter board. This means that you must first configure a physical adapter board and driver on the server and then configure a corresponding logical interface board using the NetWare Link/ATM driver (ATMWAA). The logical interface board name is the network interface used when you bind protocols.
For information about configuring NetWare Link/ATM network interfaces and WAN call destinations, refer to “Configuring NetWare Link/ATM” on page 391
How to Configure a Logical Adapter Board for NetWare Link/ATM
Before you begin, you must configure a physical ATM board.
To configure a logical adapter board, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Boards
2. Do one of the following:
If you are configuring a new board:
• Press Ins to display the list of available drivers.
• Select ATMWAA from the list of drivers.
If you are changing an existing board configuration, you must delete the existing board configuration and return to the beginning of this step to add a new board.
3. In the Board Name field, enter a unique name.
4. In the Comment field, type a descriptive comment, if desired.
5. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
6. If you want these changes to take effect immediately, you must first configure the network interface for this board as described in Chapter 17, “Configuring NetWare Link/ATM,” on page 391
38 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
After configuring the network interface, you can make the changes take effect by restarting the router or selecting Reinitialize System . If you want to configure other parameters, do so now, then restart the router or reinitialize the system when you are finished.
Configuring Boards for Running PPP over ISDN
To run the Point-to-Point Protocol (PPP) over Integrated Services Digital Network (ISDN) on a Novell router, you must use an ISDN board driver that is compliant with the Common Application Program Interface (CAPI) standard. A CAPI-compliant driver is able to communicate with CAPIMGR, which then communicates with the WHSMCAPI driver. The WHSMCAPI driver converts CAPI ISDN signaling into PPP signaling. Finally, the WHSMCAPI driver provides a WHSM (WAN Hardware Specific ModuleTM ) interface with the PPP Data-Link layer (PPPTSM.NLM). The relationship of these modules is shown in Figure 2-1 .
Figure 2-1
Modules Required to Run PPP over ISDN
Because the structure shown in Figure 2-1 contains two separate drivers, two boards must be configured, one for the CAPI-compliant driver and one for the WHSMCAPI driver. This section does not explain how to configure a board for the CAPI-compliant driver, because it is configured just like any other physical WAN board. However, the WHSMCAPI board is not a physical board. Instead, it is a software entity that is used to represent one or more CAPI ports as one or more WHSM interfaces. The WHSMCAPI driver can also be applied to many different physical ISDN boards using different CAPI-compliant drivers. With NIASCFG, you can configure several ports that have the same parameter
PPPTSM
WHSMCAPI Driver
CAPIMGR
CAPI-Compliant Board Driver
ISDN Board
Chapter 2: Configuring Drivers and Board Parameters 39
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ce
ver
settings using just one screen. However, each port’s configuration is shown as a separate board under Network Interfaces .
Refer to the Novell Labs WWW location http://labs.novell.com/infosys/mastr_06.htm. for more information about the following topics:
• Selecting WAN hardware based on performance
• Determining whether to run PPP over a CAPI-compliant WAN interfa
• Understanding the advantages and disadvantages of running PPP oISDN
• Getting the most current Novell-certified boards and drivers
How to Configure Boards for Running PPP over ISDN
Before you begin, you must configure a physical WAN board.
To configure a WHSMCAPI board, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Boards
2. Do one of the following:
If you are configuring a new WHSMCAPI board:
• Press Ins to display the list of available drivers.
• Select the WHSMCAPI driver.
• Enter a name for the new board.
The WHSMCAPI Configuration menu appears.
If you are changing an existing WHSMCAPI board configuration, select that board.
3. Select CAPI Board Options .
If you are configuring a new board, the following message appears:
Should NIASCFG automatically load the CAPI driver?
40 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
If you are changing the configuration of a CAPI board that was previously configured with NIASCFG, a screen containing configuration information for that board only is displayed. To reconfigure the board, proceed to Step 3c .
3a. Select Yes or No .
Note If possible, always select Yes to load the CAPI driver using INECTFG.
Select No if your system has a CAPI board that has already been configured for another product using LOAD commands in the AUTOEXEC.NCF file. A screen containing information about all available CAPI boards is displayed. Select the board you want to use.
This screen displays the following information for each board: CAPI controller name, number of ports, port speed, manufacturer, and version. Select a board that is likely to have some ports available for use by PPP. This board does not necessarily have to be currently used by another product. If no drivers are displayed, you must load the board driver at the console or restart the router.
Select Yes if you want to use a CAPI board that will be configured for the first time through NIASCFG. A list of available CAPI drivers is displayed. Select the driver that you want to use.
When a driver is selected, a screen showing the associated board’s hardware configuration is displayed.
3b. Press Esc after configuring the hardware parameters to return to the WHSMCAPI Board Configuration menu.
3c. Enter a value for the Number of CAPI Ports parameter.
This number indicates the number of ports that will be made available to PPP on this controller.
3d. If you are using a third-party driver that has its own configuration utility, select Driver-Specific Configuration to start the utility.
A menu with driver-specific parameters is displayed. Configure these parameters as needed. If the driver configuration requires a board name, use the name entered in Step 2 on page 40 .
Refer to the online help or the documentation included with your interface board for information about the configuration of driver-specific parameters. For information about the Eicon* driver-
Chapter 2: Configuring Drivers and Board Parameters 41
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
specific parameters, refer to the README files included on the Novell product CDs.
3e. Press Esc until you return to the Internetworking Configuration menu; save your changes when prompted.
3f. If you want these changes to take effect immediately, you must first configure a PPP network interface for this board as described in Chapter 3, “Configuring Permanent PPP Connections,” on page 51 or Chapter 4, “Configuring On-Demand PPP Connections,” on page 69
After configuring a network interface, you can make the changes take effect by restarting the router or selecting Reinitialize System . If you want to configure other parameters, do so now, then restart the router or reinitialize the system when you are finished.
Configuring Boards for Running PPP over Asynchronous Ports
To run PPP over asynchronous ports, such as your PC’s COM ports, you must use a board driver that is compliant with the AIO standard. An AIO-compliant driver is able to communicate with the AIO Manager (AIO.NLM), which then communicates with the WHSMAIO driver. The WHSMAIO driver converts the AIO character stream into the asynchronous HDLC framing service required by the NetWare Link/PPPTM software. WHSMAIO also converts PPP asynchronous HDLC frames into an AIO character stream. Finally, the WHSMAIO driver provides a WHSM interface with the PPP Data-Link layer (PPPTSM.NLM). The relationship of these modules is shown in Figure 2-2 .
42 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
ous
ver
Figure 2-2
Modules Required to Run PPP over Asynchronous Ports
Because the structure shown in Figure 2-2 contains two separate drivers, two boards must be configured, one for the AIO-compliant driver and one for the WHSMAIO driver. This section does not explain how to configure a board for the AIO-compliant driver because this board is configured just like any other physical WAN board. However, the WHSMAIO board is not a physical board. Instead, it is a software entity that is used to represent one or more AIO ports as one or more WHSM interfaces. The WHSMAIO driver can also be applied to many different physical AIO boards using different AIO-compliant drivers. With NIASCFG, you can configure several ports that have the same parameter settings using just one screen. However, each port’s configuration is shown as a separate board under Network Interfaces .
The Novell Internet Access Server 4.1 routing software includes an AIO-compliant driver, AIOCOMX, that runs over your PC’s COM ports.
Refer to the Novell Labs WWW location http://labs.novell.com/infosys/mastr_06.htm for more information about the following topics:
• Selecting WAN hardware based on performance
• Determining whether to run PPP over an asynchronous or synchronport
• Understanding the advantages and disadvantages of running PPP oyour PC's COM ports
PPPTSM
WHSMAIO Driver
AIO (AIO Manager)
AIO-CompliantBoard Driver
Asynchronous Boardor PC COM Port
Chapter 2: Configuring Drivers and Board Parameters 43
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ents AIO
f the
ess
• Getting the most current Novell-certified boards and drivers
Sharing AIO Ports with Novell Internet Access Server 4.1 Routing Software
The Novell Internet Access Server 4.1 routing and remote access componcan coexist on a single server and can share serial interfaces provided bydrivers. However, the following information should be taken into consideration.
The AIO ports for Novell Internet Access Server 4.1 routing software are configured under the Protocols and Routing option in NIASCFG, whereas theAIO ports for the remote access software are configured under the Remote Access option. Typically, AIO ports used by the WHSMAIO driver do not require configuration by the remote access software. However, when bothproducts are enabled, you can reserve all AIO ports for the exclusive use oremote access product. This causes the WHSMAIO driver to fail with the following error message:
Fatal Error: Unable to initialize the AIO board.
To correct this problem, use NIASCFG to enable the WHSMAIO driver accto the specified AIO ports.
To configure an AIO port for use by the WHSMAIO driver, complete the following steps:
1. If Novell Internet Access Server 4.1 remote access software is running, stop the remote access software by entering the following command at the NetWare console prompt:
NWCSTOP
2. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Remote Access > Set Up ... > Select Remote Access Ports
3. Select any listed remote access ports that you want to be dedicated to WHSMAIO and press Del .
Repeat this step on each port to be dedicated to WHSMAIO.
4. Start the remote access software by entering the following command at the NetWare console prompt:
44 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
rs,
NWCSTART
5. From this point, use only the path NIAS Options > Protocols and Routing to configure Novell Internet Access Server 4.1 routing ports. Use only the path NIAS Options > Remote Access to configure remote access ports.
The following NIASCFG remote access options should not be used for AIO ports that use the WHSMAIO driver:
• Manage Ports
• Reset Port
• Unconditional Reset Port
If you use any of these options, the port becomes inoperative. If this occuunload the WHSMAIO driver and enter the REINITIALIZE SYSTEM command to restore normal operation.
How to Configure Boards for Running PPP over Asynchronous Ports
Before you begin, you must configure a physical WAN board.
To configure a WHSMAIO board, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Boards
2. Do one of the following:
If you are configuring a new WHSMAIO board:
• Press Ins to display the list of available drivers.
• Select the WHSMAIO driver.
• Enter a name for the new board.
The WHSMAIO Configuration menu appears.
If you are changing an existing WHSMAIO board configuration, select that board.
3. Select AIO Board Options .
Chapter 2: Configuring Drivers and Board Parameters 45
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
If you are configuring a new AIO board, the following message appears:
Should NIASCFG automatically load the AIO driver?
If you are configuring an existing board, a message is displayed that explains that you can change only the configuration of the board that was previously configured with NIASCFG. You cannot select another AIO board unless you delete the existing WHSMAIO board and add a new one. To reconfigure the existing board, press Enter and proceed to Step 5 .
4. Select Yes or No .
Note If possible, always select Yes to load the AIO driver using NIASCFG.
Select No if your system has an AIO board that has already been configured for another product using LOAD commands in the AUTOEXEC.NCF file. A screen containing information about all available AIO boards is displayed. Select the board you want to use.
This screen displays the following information for each AIO board: AIO board name, number of ports, port speed, manufacturer, and version. Select a board that is likely to have some ports available for use by PPP. This board does not necessarily have to be currently used by another product. If no drivers are displayed, you must load the board driver at the console or restart the router.
Select Yes if you are using a board that is being configured for the first time through NIASCFG. A list of AIO drivers is displayed. Select a driver from the list. A menu with driver-specific parameters is displayed. Enter the appropriate values for these parameters.
These parameters are vendor-specific and vary depending on which third-party AIO driver is being used. Parameters that are commonly displayed include Interrupt , I/O Base , and Memory Base . Refer to the documentation supplied with the third-party driver for more information about the displayed parameters.
Some AIO drivers have interface speed limits that prevent you from configuring the interface to a speed above the default limit. If a console error message indicates that the WHSMAIO port configured in Step 5 failed to load because the default speed limit has been exceeded, you might be able to increase the AIO driver speed limit. Refer to the documentation supplied with the third-party driver for more information about the parameter to configure to increase this speed limit.
46 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
5. Enter a value for the First AIO Port Number parameter.
Enter the number of the first port that is available for use by PPP. The reason is to distinguish the ports available for use by PPP from the other ports on this board that are being used by another product.
6. Enter a value for the Number of AIO Ports parameter.
This number is used in conjunction with the previous parameter to determine the total number of ports, starting with the first port, that are available for use by PPP.
7. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
8. If you want these changes to take effect immediately, you must first configure a PPP network interface for this board as described in Chapter 3, “Configuring Permanent PPP Connections,” on page 51 or Chapter 4, “Configuring On-Demand PPP Connections,” on page 69
After configuring a network interface, you can make the changes take effect by restarting the router or selecting Reinitialize System . If you want to configure other parameters, do so now, then restart the router or reinitialize the system when you are finished.
The AIOCOMX.NLM and AIO.NLM files are used by many Novell products. If you install another product that uses the COM ports on the server running Novell Internet Access Server 4.1 routing software, check the versions of these files before and after the installation of the new product. If problems occur with the WHSMAIO ports after the installation of a new product that uses the AIOCOMX.NLM and AIO.NLM files, try using the versions of these files that are supplied with the Novell Internet Access Server 4.1 software.
How to Configure Boards for Point-to-Point Tunneling Protocol (PPTP)
To configure a board for PPTP, complete the following steps:
1. Configure a WHAMAIO board as described in “How to Configure Boards for Running PPP over Asynchronous Ports” on page 45 except select AIOPPTP for the driver in Step 4 on page 46 .
Chapter 2: Configuring Drivers and Board Parameters 47
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
2. Select the Number of AIOPPTP Ports parameter and select a value.
This number is used in conjunction with the First AIO Port Number parameter to determine the total number of ports, starting with the first port, that are available for use by PPTP.
Valid values range from 4 to 256.
3. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
4. If you want these changes to take effect immediately, you must first configure a PPP network interface for this board as described in Chapter 3, “Configuring Permanent PPP Connections,” on page 51 or Chapter 4, “Configuring On-Demand PPP Connections,” on page 69
After configuring a network interface, you can make the changes take effect by restarting the router or selecting Reinitialize System . If you want to configure other parameters, do so now, then restart the router or reinitialize the system when you are finished.
Enabling or Disabling a LAN or WAN Board
To enable or disable a LAN or WAN board, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Boards
2. Select the board you want to enable or disable, then press Tab .
The screen displays the board’s new status (Enabled or Disabled ).
Important If you disable a board that uses an AIO or CAPI driver and you reinitialize the system, then all other boards that use the same driver will also be disabled. If this happens, you must restart the server to reload all instances of the driver that were loaded for another product in AUTOEXEC.NCF (without NIASCFG). As an example, if you have two WHSMAIO boards defined for AIOCOMX ports, one loaded automatically by NIASCFG and the other loaded in AUTOEXEC.NCF, disabling the board configured in NIASCFG and reinitializing the system unloads WHSMAIO and AIOCOMX and disables both boards. The board loaded by NIASCFG can be reloaded by enabling the board in NIASCFG and reinitializing the system. However, the board loaded in AUTOEXEC.NCF will remain inoperable until you restart the server or until you enter
48 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
the LOAD command at the console and reinitialize the system. To avoid this problem, use NIASCFG to load both drivers.
3. Press Esc to return to the Internetworking Configuration menu.
Deleting a LAN or WAN Board
To delete a LAN or WAN board, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Boards
2. Select the board you want to delete, then press Del .
A message is displayed indicating that deleting the board also deletes all existing binds to the board’s interfaces.
If WAN call destinations are configured, another message is displayed asking whether you want to delete WAN call destinations that refer to this board. If you answer No, the WAN call destinations remain even though the board is deleted.
3. When prompted, select Yes to delete the board.
The board is removed from the list of configured boards.
4. Press Esc to return to the Internetworking Configuration menu.
Chapter 2: Configuring Drivers and Board Parameters 49
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
50 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
3 Con
figuring Permanent PPP ConnectionsThis chapter describes how to use the Novell® Internet Access Server
PP
g
.
ions
Configuration utility (NIASCFG) to configure permanent Point-to-Point Protocol (PPP) connections. It contains the following sections:
• “Permanent PPP Connection Configuration Decisions” on page 51
• “Configuring a Permanent PPP Connection” on page 54
• “Where to Go from Here” on page 67
For information about configuring backup call associations to permanent Pconnections, refer to Chapter 5, “Configuring Backup Calls,” on page 85
Permanent PPP Connection Configuration Decisions
How you configure a permanent PPP connection depends on the followindecisions:
• Whether you will use a leased-line or dial-up connection
• The transport over which your permanent connection will be made
• What form of call authentication you will use
• Whether you will need to use a login script
These configuration decision topics are covered in the sections that follow
Leased-Line or Dial-Up Connection
The following sections describe the two types of permanent PPP connectyou can make.
Chapter 3: Configuring Permanent PPP Connections 51
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
nt
ured e
ent
are
Leased-line Connection
In a permanent connection over a synchronous leased-line interface, a leased line is used for the physical connection between the separated LANs. There is no cost savings for disconnecting the link because the service provider of a leased line charges a fixed cost.
The bandwidth of a leased line usually ranges from about 56 Kbps to 2.048 Mbps, which is much less than that of a LAN. However, this bandwidth is usually sufficient because not all the traffic that occurs on a LAN needs to be routed across a WAN.
To configure this kind of connection, refer to “How to Configure a PermanePPP Data Link over a Synchronous Leased-Line Interface” on page 54
Dial-Up Connection
In a permanent connection over a dial-up line interface, a modem is configto keep the permanent connection active. If the connection goes down, thmodem reestablishes the connection.
To configure this kind of connection, refer to “How to Configure a PermanPPP Data Link over a Dial-Up Line Interface” on page 59
Transport
You should choose the transport that will best serve the needs of your NetW® Link/PPPTM connection.
Voice-grade telephone lines can be used to establish low-bandwidth (typically 2,400 bps to 28,800 bps) permanent connections. Integrated Services Digital Network (ISDN) lines can be used to establish medium-bandwidth (56/64 Kbps to 112/128 Kbps) permanent connections. Depending on bandwidth requirements, permanent connections over Public Switched Telephone Network (PSTN) lines can be a simple and quick way to maintain connectivity between remote LANs.
If low-bandwidth connections do not suffice, you can consider a switched data service, such as switched/56 or switched/256. Switched services can offer significant cost savings over dedicated circuits with the same bandwidth.
Note that although synchronous interfaces operating over ISDN lines are a viable solution for your permanent connection needs, this kind of solution
52 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
ation
tem ased
f the
word
ge
r to
nse
rver), n
might not be as cost-efficient as other alternatives, depending on the service provider rates for permanent ISDN lines in your area.
To configure a connection over an ISDN line, refer to “How to Configure aPermanent PPP Data Link over an ISDN Interface” on page 56
Call Authentication
To provide protection against unauthorized router access, the PPP specificdefines two optional protocols that authenticate inbound call attempts: thePassword Authentication Protocol (PAP) and the Challenge Handshake Authentication Protocol (CHAP). These protocols ensure that the local syscan accept calls from only authorized remote systems. Authentication is bon a remote system identified by a user ID and a password.
With NetWare Link/PPP, you can configure each interface to support one ofollowing methods for inbound call authentication:
• PAP
• CHAP
• Either PAP or CHAP, with CHAP attempted initially
The main difference between PAP and CHAP is that PAP sends the passstring across the WAN in clear text, whereas CHAP is a more secure authentication protocol because it uses the password to encrypt a challenstring. Note, however, that not all PPP products currently support CHAP authentication.
For more information about NetWare Link/PPP and call authentication, refeNovell Internet Access Server 4.1 Routing Concepts .
Login Script
For users or systems dialing up and logging in to asynchronous service providers, login scripts facilitate the process by defining a command/respodialog that takes place between a router and a remote server at dial-up. According to syntactical conventions, certain login script strings are interpreted as output to be sent by the router (a command to the remote sewhereas others are interpreted as input to be listened for by the router (aexpected response from the remote server).
Chapter 3: Configuring Permanent PPP Connections 53
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
of PP
ng
e
rd
:
NetWare Link/PPP provides a login script for logging in to a network. For information about customizing a login script to meet your site’s needs, refer to Appendix A, “Customizing PPP Login Scripts,” on page 435
Configuring a Permanent PPP Connection
The following sections provide instructions for configuring different types permanent PPP data links and for configuring WAN call destinations for Pconnections.
For more information about NetWare Link/PPP and permanent PPP connections, refer to Novell Internet Access Server 4.1 Routing Concepts .
How to Configure a Permanent PPP Data Link over a Synchronous Leased-Line Interface
Before you begin, you must complete the following tasks:
• Configure the appropriate WAN board (refer to Chapter 2, “ConfiguriDrivers and Board Parameters,” on page 29 ).
• Identify the physical type of the interface adapter.
To configure a permanent PPP connection over a synchronous leased-lininterface, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Network Interfaces
If you are configuring a new interface and the appropriate WAN boahas been configured, then continue with Step 2.
If you are changing the data-link protocol associated with an existingWAN interface, select that interface, then press Del to delete the current interface configuration. This changes the interface's status to Unconfigured . Press Esc to exit, then select Reinitialize System and select Network Interfaces once again.
The Network Interfaces screen displays a list of network interfaces associated with each configured board with the following information
54 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
d
gs
ed.
just
.)
• Board Name —Name you gave to the board when you configureit.
• Interface —Name of the network interface. Each interface is identified as boardname_n , where n is the interface number.
• Group —Interface group, if any, that the network interface belonto.
• Media —Network medium or WAN protocol selected.
• Status —Current status of the interface.
2. Scroll to an unconfigured network interface, then select it.
The Select A Medium screen is displayed.
3. Select PPP Routing to assign the protocol to the selected network interface.
The PPP Network Interface Configuration menu is displayed.
Verify that the physical type is correct for the interface adapter installThe default value is RS-232.
Leave all other parameters at their configured default values.
4. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
The Network Interfaces screen is redisplayed with the interface you configured. The interface status is Enabled ; you can use the Tab key to toggle between Enabled and Disabled . (Note that disabled interfaces arenot unconfigured, but are configured interfaces that are not enabled
The default configuration for a permanent PPP connection over a synchronous leased-line interface has the following attributes:
• Bit synchronous High-level Data-Link Control (HDLC) framing
• RS-232 interface
• Externally clocked line speed
• NRZ data encoding
• 1,500-byte Maximum Receive Unit (MRU) size (payload data)
• Inbound callers authentication required (PAP or CHAP)
Chapter 3: Configuring Permanent PPP Connections 55
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
d.
the
u to
ng
e
rd
• No modem or data circuit-terminating equipment (DCE) deviceconfiguration required
• No PPP data compression
• Generation of SNMP traps disabled
• PPP RFC-defined defaults for all other option values
You can selectively change the values of these parameters, if needeRefer to Chapter 6, “Advanced PPP Configuration,” on page 91 for detailed information.
5. To configure another interface, repeat Step 1 through Step 4 .
6. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitializesystem when you are finished.
After you have configured the desired PPP interfaces for WAN boards, yoshould configure one or more WAN call destinations as described in “HowConfigure a WAN Call Destination for a Permanent PPP Connection” on page 63
How to Configure a Permanent PPP Data Link over an ISDN Interface
Before you begin, you must complete the following tasks:
• Configure the appropriate WAN board (refer to Chapter 2, “ConfiguriDrivers and Board Parameters,” on page 29 ).
• Identify the switch type you will be using.
To configure a permanent PPP connection over a synchronous dial-up linISDN interface, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Network Interfaces
If you are configuring a new interface and the appropriate WAN boahas been configured, continue with Step 2.
56 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
d
gs
ill nter
on
If you are changing the data-link protocol associated with an existing WAN interface, select that interface, then press Del to delete the current interface configuration. This changes the interface’s status to Unconfigured . Press Esc to exit, then select Reinitialize System and select Network Interfaces once again.
The Network Interfaces screen displays a list of network interfaces associated with each configured board with the following information:
• Board Name —Name you gave to the board when you configureit.
• Interface —Name of the network interface. Each interface is identified as boardname_n , where n is the interface number.
• Group —Interface group, if any, that the network interface belonto.
• Media —Network medium or WAN protocol selected.
• Status —Current status of the interface.
2. Scroll to an unconfigured network interface, then select it.
The Select a Medium screen is displayed.
3. Select PPP Routing to assign the protocol to the selected network interface.
Note For an ISDN configuration, PPP Routing is the only available medium.
The PPP Network Interface Configuration menu is displayed.
Because your configuration is using an ISDN board, the following parameters are automatically set:
• Framing Type —SYNC
• Physical Type —ISDN
The Interface Speed field is grayed out because the interface speed wbe determined at dial-up by the format of the telephone number you ewhen you configure the WAN call destination (refer to “How to Configure a WAN Call Destination for a Permanent PPP Connection”page 63 ).
4. Select Modem/DCE Type .
Chapter 3: Configuring Permanent PPP Connections 57
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
, if 91
A list of the PPP modem and DCE device types is displayed.
5. Select ISDN (AT Controlled) if you are using a NetWare CAPI ISDN driver or if the manufacturer of your AT ISDN driver does not provide a driver-specific terminal adapter script.
6. If you are configuring multiple ports and you want an incoming call to be answered by a particular port, select Local ISDN Address and enter the appropriate ISDN address.
If this parameter is configured, the port will accept incoming calls only from clients that have a matching ISDN address.
7. Optionally, if your services provider uses subaddresses, you can determine which port will answer an incoming call by selecting Local ISDN Sub-Address and entering the appropriate ISDN subaddress.
If this parameter is configured, the port will accept incoming calls only from clients that have a matching ISDN address. This parameter is usually not used in the United States.
8. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
The Network Interfaces screen is redisplayed with the interface you just configured. The interface status is Enabled ; you can use the Tab key to toggle between Enabled and Disabled .
The default configuration for a PPP connection over a synchronous dial-up line ISDN interface has the following characteristics:
• Character synchronous HDLC framing
• ISDN interface
• Line speed determined by the type of ISDN connection
• 1,500-byte MRU (payload data) size
• Inbound callers authentication required (PAP or CHAP)
• No PPP data compression
• PPP RFC-defined defaults for all other option values
You can selectively change the values of some of these parametersneeded. Refer to Chapter 6, “Advanced PPP Configuration,” on pagefor detailed information.
58 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
to
ng
to
line
9. To configure another interface, repeat Step 1 through Step 8 .
10. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
After you have configured the desired PPP interfaces for WAN boards, you should configure one or more WAN call destinations as described in “HowConfigure a WAN Call Destination for a Permanent PPP Connection” on page 63
How to Configure a Permanent PPP Data Link over a Dial-Up Line Interface
Before you begin, you must complete the following tasks:
• Configure the appropriate WAN board (refer to Chapter 2, “ConfiguriDrivers and Board Parameters,” on page 29 ).
• Identify the modem or DCE device you will be using.
• Optionally, if your modem supports Data Terminal Ready (DTR) controlled dialing, configure the modem for DTR dialing (refer to themanufacturer's instructions and refer to Chapter 7, “Configuring Modems and DTR-Controlled Devices,” on page 111 ).
• Optionally, if your device will be using V.25bis dialing, do one of the following:
• Configure the modem so that the dialing mode is set to V.25bisdialing mode (refer to the manufacturer's instructions).
• Use CPECFG to configure the device for V.25bis dialing (refer the manufacturer's instructions and refer to Chapter 7, “Configuring Modems and DTR-Controlled Devices,” on page 111 ).
To configure a permanent PPP connection over an asynchronous dial-upinterface, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Network Interfaces
Chapter 3: Configuring Permanent PPP Connections 59
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
d
gs
If you are configuring a new interface and the appropriate WAN board has been configured, continue with Step 2.
If you are changing the data-link protocol associated with an existing WAN interface, select that interface, then press Del to delete the current interface configuration. This changes the interface’s status to Unconfigured . Press Esc to exit, then select Reinitialize System and select Network Interfaces once again.
The Network Interfaces screen displays a list of network interfaces associated with each configured board with the following information:
• Board Name —Name you gave to the board when you configureit.
• Interface —Name of the network interface. Each interface is identified as boardname_n , where n is the interface number.
• Group —Interface group, if any, that the network interface belonto.
• Media —Network medium or WAN protocol selected.
• Status —Current status of the interface.
2. Scroll to an unconfigured network interface, then select it.
The Select A Medium menu is displayed.
3. Select PPP Routing to assign the protocol to the selected network interface.
The PPP Network Interface Configuration menu is displayed.
4. The Modem/DCE Type field is already highlighted; press Enter .
A list of the PPP modem and DCE device types is displayed.
5. Scroll through the list and do one of the following:
If your modem/device type is listed:
• Select that modem/device type.
• Select Interface Speed , then select an interface speed from the pop-up menu.
60 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
e
e
es,
Note For PPP over AIO connections, if you cannot determine the speed of the UART from the documentation provided with the AIO interface, enter the load command for the AIO driver from the server prompt.
You should select the highest data terminal equipment (DTE) speed supported by that modem/device type or UART.
If your modem/device type is not listed, but it uses Hayes* AT commands:
• Select Hayes Compatible .
• Select Modem/DCE Options , then select Dialing Mode .
A list of the available dialing modes is displayed. Options includAT Commands , DTR Controlled , and V.25bis .
• Ensure that Dialing Mode is set to AT Commands (the default), then press Esc .
• Select Interface Speed , then select an interface speed from the pop-up menu.
You should select the highest DTE speed supported by that modem/device type or UART.
If you want V.25bis dialing or DTR-controlled dialing:
• Select NO MODEM INSTALLED . (Press Del if a modem is already installed.)
• Select Modem/DCE Options , then select Dialing Mode .
A list of the available dialing modes is displayed. Options includAT Commands , DTR Controlled , and V.25bis .
• Set Dialing Mode to V.25bis or DTR Controlled , as applicable, then press Enter .
• Ensure that Framing Type is set to SYNC (the default when V.25bis or DTR Controlled is specified).
• Ensure that Interface Speed is set to External (the default when V.25bis or DTR Controlled is specified).
The default modem type of None (NO MODEM INSTALLED ) should be used with only leased lines, V.25bis dialing, DTR-controlled devicnull modems, and other directly connected communications links.
Chapter 3: Configuring Permanent PPP Connections 61
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
d.
the
u to
Note For DTR-controlled dialing, the dedicated answering modems must be configured with a Framing Type of SYNC , an Interface Speed of External , and a Dialing Mode of None .
All other parameters can be left at their configured default values.
6. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
The Network Interfaces screen is redisplayed with the interface you just configured. The interface status is Enabled ; you can use the Tab key to toggle between Enabled and Disabled . (Note that disabled interfaces are not unconfigured, but are configured interfaces that are not enabled.)
The default configuration for a PPP connection over an asynchronous dial-up line interface has the following characteristics:
• Character asynchronous HDLC framing
• RS-232 interface
• Internally clocked line speed (user-specified)
• 1,500-byte MRU (payload data) size
• Inbound callers authentication required (PAP or CHAP)
• No PPP data compression
• PPP RFC-defined defaults for all other option values
You can selectively change the values of these parameters, if needeRefer to Chapter 6, “Advanced PPP Configuration,” on page 91 for detailed information.
7. To configure another interface, repeat Step 1 through Step 6 .
8. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitializesystem when you are finished.
After you have configured the desired PPP interfaces for WAN boards, yoshould configure one or more WAN call destinations as described in “HowConfigure a WAN Call Destination for a Permanent PPP Connection” on page 63
62 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
ng
a ce”
e of
r ied.
nd
How to Configure a WAN Call Destination for a Permanent PPP Connection
Before you begin, you must complete the following tasks:
• Configure the appropriate WAN board (refer to Chapter 2, “ConfiguriDrivers and Board Parameters,” on page 29 ).
• Configure the appropriate PPP data link (refer to “How to ConfigurePermanent PPP Data Link over a Synchronous Leased-Line Interfaon page 54 “How to Configure a Permanent PPP Data Link over anISDN Interface” on page 56 or “How to Configure a Permanent PPPData Link over a Dial-Up Line Interface” on page 59 ).
To configure a WAN call destination for a permanent PPP connection, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > WAN Call Directory
2. Press Ins to configure a new WAN call destination.
The prompt New Call Destination Name , allows you to enter a namup to 47 alphanumeric characters for the new WAN call destination.
The WAN call destination name entered here is used in several othemenu options when a WAN call destination name needs to be identifYou should use a descriptive name, such as the name of the remotedestination or a branch or store number.
3. Enter a name for the new WAN call destination.
A list of supported wide area media is displayed. These are media available on previously configured interfaces.
4. Select PPP as the wide area medium.
The PPP Call Destination Configuration menu is displayed. The Call Type selection is highlighted. This selection specifies the type of connection to be made: permanent (continuously active) or on-dema(when activated by the presence of data traffic to the remote peer).
5. Ensure the call type is set to Permanent (the default).
This sets a WAN call destination for permanent calling through the specified interface.
Chapter 3: Configuring Permanent PPP Connections 63
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
e d.
6. Select Interface Name , then select an interface name from the pop-up menu.
This field allows you to select the name of the configured WAN interface through which this WAN call destination can be accessed.
7. For the Telephone Number field, do one of the following:
If you are using a dial-up line or V.25bis (but not DTR-controlled dialing), specify a telephone number.
The ASCII string you enter in the Telephone Number field can be up to 32 alphanumeric characters. This string is used by device (modem) management when initiating the outbound call to this destination.
If you are using a dial-up line with DTR-controlled dialing, leave this parameter blank.
The DTR-controlled device should have been configured with the telephone number offline, as specified by the modem manufacturer.
If you are using a leased line, leave this parameter blank.
8. Select Outbound Authentication , then select the appropriate authentication option from the pop-up menu.
This lets you specify the authentication protocol to use for an outbound connection. You can disable authentication for a permanent call if the remote system does not require either authentication type.
You can choose from the following options:
Note If you choose Either PAP or CHAP , PPP will provide CHAP authentication if CHAP is requested or will provide PAP authentication if PAP is requested.
• CHAP —Allows CHAP to be used.
• Either PAP or CHAP —(Default) WAN call uses either protocol based on what the remote peer requests. This setting offers thmost flexibility. If both sides use this setting, then CHAP is use
• None —WAN call does not provide authentication.
• PAP —Allows PAP to be used.
9. Select Password , then enter a password of up to 47 alphanumeric characters.
64 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Note This field is case-sensitive.
The value specified in this field must be the PAP password (or the CHAP secret value) expected by the remote peer during the PPP authentication. If Outbound Authentication is set to anything other than None , then a password must be specified; this field cannot be left blank.
For the WAN call destination to succeed, this password and the local system ID must also be configured in the inbound authentication database of the called router.
10. Select Local System ID , then enter a local system ID of up to 47 alphanumeric characters.
Note This field is case-sensitive.
During outbound authentication, this name is sent to the remote system to identify the local system for authentication and connection purposes. The default value is the local system server name.
11. Select Remote System ID , then enter a remote system ID of up to 47 alphanumeric characters.
Note NetWare server names should be all uppercase. TCP/IP hostnames are usually lowercase.
This field allows you to specify the name of the remote peer associated with this WAN call destination. Typically, this name is the remote system server name. By default, the Remote System ID is blank.
Leave all other parameters in the PPP Call Destination Configuration menu at their default values. For a complete discussion of the other parameters in this menu, refer to Chapter 6, “Advanced PPP Configuration,” on page 91
12. If the media type is ISDN, select ISDN Parameters and configure the following parameters as needed.
12a. Select Remote Address and enter the telephone number of the destination of the call.
This field must be configured if you are using ISDN.
12b. If your service provider requires a destination subaddress (usually a telephone extension number), select Remote Sub-Address and enter the desired number.
Chapter 3: Configuring Permanent PPP Connections 65
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Your service provider might not require a subaddress to be configured. Contact your service provider for more information.
12c. If your service provider requires a local subaddress (usually a telephone extension number), select Local Sub-Address and enter the desired number.
The local subaddress is assigned by your ISDN service provider and might not be required. Contact your service provider for details. The default is the value you configured under Network Interfaces .
12d. Select ISDN Call Rate and select a rate of 56 Kbps, 56 Kbps over voice, or 64 Kbps.
Contact your service provider for this information.
13. Press Esc .
14. Select Special Options and configure the following parameters as needed.
If the remote system requires a login script and the medium is not ISDN, select Login Script Name and select the desired login script from the list of supported scripts or enter the values for the parameters required by the login script, such as the username, password, and so on. Login scripts are not supported for ISDN.
To update the inbound authentication database so that the interface associated with this WAN call destination reflects the connection information entered here, select Inbound Authentication Update and select Enabled .
15. Press Esc until you return to the Internetworking Configuration menu; save your changes when prompted.
16. If prompted, select Yes to synchronize the inbound authentication database.
The inbound authentication database is made to agree with the outbound call authentication parameters in this WAN call destination configuration. This is useful if you expect to receive calls from systems you make calls to.
The WAN call destination you configured is listed in the Configured WAN Call Destinations screen.
66 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
X,”
ce
17. To configure another WAN call destination, repeat Step 2 through Step 16 .
18. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
Where to Go from Here
If you want to further customize and optimize your connection, refer to Chapter 6, “Advanced PPP Configuration,” on page 91 for the following topics:
• Configuring data or header compression
• Configuring MRU parameters to adjust the frame size
• Configuring call retry and timeout parameters
• Configuring matching inbound and outbound authentication
• Configuring other inbound call options
• Configuring interface physical options
Before your WAN connection works, you must also complete the followingtasks:
• Configure network protocols that will run over the WAN connection. These might include the Internetwork Packet ExchangeTM (IPXTM ) protocol, IP, and AppleTalk.
• Bind the network protocols to the configured WAN interfaces.
For information about these two tasks, refer to Chapter 8, “Configuring IPon page 121 ; Chapter 11, “Configuring IP,” on page 199 ; Chapter 12, “Configuring AppleTalk,” on page 255 ; and Chapter 14, “Configuring SourRoute Bridging,” on page 295
Chapter 3: Configuring Permanent PPP Connections 67
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
68 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
4 Con
figuring On-Demand PPP ConnectionsThis chapter describes how to use the Novell® Internet Access Server
ions
are
Configuration utility (NIASCFG) to configure on-demand Point-to-Point Protocol (PPP) connections. It contains the following sections:
• “On-Demand PPP Connection Configuration Decisions” on page 69
• “Configuring an On-Demand PPP Connection” on page 73
• “Where to Go from Here” on page 83
On-Demand PPP Connection Configuration Decisions
How you configure an on-demand PPP connection depends on the decisyou make concerning the following:
• The transport over which your on-demand connection will be made
• How you will configure static route and service databases
• What form of call authentication you will use
• Whether you will create interface groups
• Whether you will need to use a login script
Transport
You should choose the transport that will best serve the needs of your NetW® Link/PPPTM connection.
Voice-grade telephone lines can be used to establish low-bandwidth (typically 2,400 bps to 28,800 bps) on-demand connections. Integrated Services Digital Network (ISDN) lines can be used to establish medium-bandwidth (56/64
Chapter 4: Configuring On-Demand PPP Connections 69
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ute r
ce m.
Kbps to 112/128 Kbps) on-demand connections. Depending on bandwidth requirements, on-demand connections placed over Public Switched Telephone Network (PSTN) lines can be a simple and quick way to establish temporary connectivity between remote LANs.
If low-bandwidth connections do not suffice, you can consider a switched data service, such as switched/56 or switched/256. Switched services can offer significant cost savings over dedicated circuits with the same bandwidth.
Synchronous interfaces operating over ISDN lines are excellent for on-demand connections because they provide 2 to 30 times the bandwidth of analog connections at significantly lower error rates.
Static Route and Service Databases
Standard network protocols generally expect each WAN circuit to provide permanent connections to all remote systems. The reason is that the network protocols rely on periodic communication with remote systems to dynamically exchange routing updates and, in the case of the Internetwork Packet ExchangeTM (IPXTM ) protocol, service advertising updates. These periodic exchanges identify the network routes and services that are known on each remote LAN accessed over the WAN connections.
Depending on the size of each remote LAN and the speed of the WAN connection, periodic maintenance exchanges can result in a constant stream of data across the NetWare Link/PPP connection. This constant stream of data prevents on-demand connections from terminating using idle-link detection. However, without the maintenance exchanges, Network-layer protocols do not have the information required to route data to the proper remote systems, and on-demand connections are never established because the local network protocols are not aware of the accessible WAN routes and services.
To provide the required route and service information without tying up the on-demand connection, the Novell Internet Access Server 4.1 routing software offers two alternatives:
• Static route and service databases —Each database is network protocol-specific and contains a manually configured subset of the roand service information. Manual configuration eliminates the need foperiodic maintenance updates because the required route and serviinformation is already available in the static databases of each syste
70 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
or
d
that ion
nes pts: ke tem ased
f the
word
ge
A single static route is also useful as a default route for IPX or TCP/IP hosts. In this way, the only routing information crossing the link is that required by users to access a specified set of services.
For information about configuring static routes and services, refer to the chapter that describes configuration for the network protocol that will run over the WAN connection.
• Routed on-demand calls (with IPX and IP protocols) —Rather than using static routing information, a routed on-demand call runs the IPXIP routing protocol over the link. Because routing protocols would produce steady traffic over a link, the timeout for a routed on-demancall is based on the receipt of Network-layer data packets.
Routed on-demand calls are well-suited for large corporate networkshave many branch offices. For information about protocol configuratfor routed on-demand calls, refer to Chapter 8, “Configuring IPX,” onpage 121 and Chapter 11, “Configuring IP,” on page 199
Call Authentication
The use of public-switched data or telephone networks introduces the possibility of call attempts by unauthorized remote systems. To provide protection against unauthorized router access, the PPP specification defitwo optional authentication protocols that authenticate inbound call attemthe Password Authentication Protocol (PAP) and the Challenge HandshaAuthentication Protocol (CHAP). These protocols ensure that the local syscan accept calls from only authorized remote systems. Authentication is bon a remote system identified by a user ID and a password.
With NetWare Link/PPP, you can configure each interface to support one ofollowing methods for inbound call authentication:
• PAP
• CHAP
• Either PAP or CHAP, with CHAP attempted initially
The main difference between PAP and CHAP is that PAP sends the passstring across the WAN in clear text, whereas CHAP is a more secure authentication protocol because it uses the password to encrypt a challenstring. Note, however, that not all PPP products currently support CHAP authentication.
Chapter 4: Configuring On-Demand PPP Connections 71
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
For on-demand connections, you must configure outbound calls to specify an authentication protocol type, an ID, and a password. To accept inbound on-demand connections, you must configure the PPP interface to validate the authentication information supplied by the calling system.
For more information about NetWare Link/PPP and call authentication, refer to Novell Internet Access Server 4.1 Routing Concepts .
Interface Groups
Each permanent outbound call configuration identifies a specific NetWare Link/PPP interface that is used to place the call to a remote system. However, when supporting on-demand connections, you might want to have a group of interfaces that can be shared between outbound connections. If each interface in the group provides the same capabilities, any available interface can be used to establish an on-demand outbound connection to a remote system. Furthermore, if all the interfaces are attached to switched circuits that are represented by the same telephone number, inbound calls placed to that telephone number can be accepted over any available interface in the interface group. This is similar to a multiple-line business telephone. To place an outbound call, you select any available line. Multiple inbound calls placed to the main office number are directed to any available line.
NetWare Link/PPP lets you assign a symbolic name to a group of interfaces that have similar characteristics. At configuration, you can select an interface group name rather than a specific interface name for making outbound calls. Selecting an interface group name directs NetWare Link/PPP to use any available interface within the group to establish the connection.
Defining an interface group (F4 from the Network Interfaces screen in NIASCFG) lets you make an on-demand call on any of several network interfaces without creating an individual WAN call destination for each interface. All you need to do is specify the interface group name in place of the interface name in the WAN call destination. When the call is made, the specific interface is selected from the group. Because an interface is selected automatically when the call is made, you do not need to dedicate interfaces to specific destinations. This flexibility in selecting interfaces lets you use your WAN hardware more efficiently.
72 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
P n-
ng
s)
ce
Login Script
If you are dialing up and logging in to a dial-up service provider, you must decide whether you need to use a login script. Login scripts facilitate this process by defining a command/response dialog that takes place between a router and a remote server at dial-up. According to syntactical conventions, certain login script strings are interpreted as output to be sent by the router (a command to the remote server), whereas others are interpreted as input to be listened for by the router (an expected response from the remote server).
NetWare Link/PPP provides a login script for logging in to a network. For information about customizing a login script to meet your site’s needs, refer to Appendix A, “Customizing PPP Login Scripts,” on page 435
Configuring an On-Demand PPP Connection
The following sections provide instructions for configuring on-demand PPdata links over synchronous or asynchronous interfaces, for configuring odemand PPP data links over ISDN lines, and for configuring WAN call destinations for PPP connections.
For more information about NetWare Link/PPP and on-demand PPP connections, refer to Novell Internet Access Server 4.1 Routing Concepts .
How to Configure an On-Demand PPP Data Link over a Synchronous or Asynchronous Interface
Before you begin, you must complete the following tasks:
• Configure the appropriate WAN board (refer to Chapter 2, “ConfiguriDrivers and Board Parameters,” on page 29 ).
• Identify the serial interface frame type (synchronous or asynchronoubased on the requirements of the connection.
• Identify the physical type of the serial interface.
• Determine the speed at which the interface will communicate.
• Identify the modem or data circuit-terminating equipment (DCE) deviyou will be using.
Chapter 4: Configuring On-Demand PPP Connections 73
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
to
to
rd
:
d
gs
• Optionally, if your device will be using V.25bis dialing, do one of the following:
• Set the dip switch on the device so that the dialing mode is setV.25bis dialing mode (refer to the manufacturer's instructions).
• Use CPECFG to configure the device for V.25bis dialing (refer the manufacturer's instructions and refer to Chapter 7, “Configuring Modems and DTR-Controlled Devices,” on page 111 ).
To configure an on-demand PPP connection over a synchronous or asynchronous interface, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Network Interfaces
If you are configuring a new interface and the appropriate WAN boahas been configured, continue with Step 2.
If you are changing the data-link protocol associated with an existingWAN interface, select that interface, then press Del to delete the current interface configuration. This changes the interface's status to Unconfigured . Press Esc to exit, then select Reinitialize System and select Network Interfaces once again.
The Network Interfaces screen displays a list of network interfaces associated with each configured board with the following information
• Board Name —Name you gave to the board when you configureit.
• Interface —Name of the network interface. Each interface is identified as boardname_n , where n is the interface number.
• Group —Interface group, if any, that the network interface belonto.
• Media —Network medium or WAN protocol selected.
• Status —Current status of the interface.
2. Scroll to an unconfigured network interface, then select it.
The Select A Medium screen is displayed.
74 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
e
e
3. Select PPP Routing to assign the protocol to the selected network interface.
The PPP Network Interface Configuration menu is displayed.
4. The Modem/DCE Type field is already highlighted; press Enter .
A list of the PPP modem and DCE device types is displayed.
5. Scroll through the list and do one of the following:
If your modem/device type is listed, select it.
If your modem/device type is not listed, but it uses Hayes AT commands:
• Select Hayes Compatible .
• Select Modem/DCE Options , then select Dialing Mode .
A list of the available dialing modes is displayed. Options includAT Dialing , DTR Controlled , and V.25bis .
• Ensure that Dialing Mode is set to AT Commands (the default), then press Esc .
If you want V.25bis dialing:
• Select NO MODEM INSTALLED . (Press Del if a modem is already installed.)
• Select Modem/DCE Options , then select Dialing Mode .
A list of the available dialing modes is displayed. Options includAT Commands , DTR Controlled , and V.25bis .
• Set Dialing Mode to V.25bis , then press Enter .
• Ensure that Framing Type is set to SYNC (the default when V.25bis is specified).
• Ensure that Interface Speed is set to External (the default when V.25bis is specified).
6. Select Framing Type , then select a framing type from the pop-up menu.
Chapter 4: Configuring On-Demand PPP Connections 75
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
If you use synchronous services such as switched/56 with external digital service unit/channel service unit (DSU/CSU) equipment, select SYNC (synchronous).
If you use switched telephone services with asynchronous modems, select ASYNC (asynchronous).
7. Select Physical Type, then select the appropriate physical type from the pop-up menu.
Options presented depend on the WAN driver that was selected. Options might include RS-232 , RS-422 , V.35 , and X.21 .
8. Select Interface Speed , then select the appropriate speed from the pop-up menu.
Synchronous interfaces default to, and should use, external timing provided by the modem or DSU/CSU.
Note For PPP over AIO connections, if you cannot determine the speed of the UART from the documentation provided with the AIO interface, enter the load command for the AIO driver from the server prompt.
Asynchronous interfaces do not use external timing and should use a matching interface speed for both ends of the connection. Asynchronous interfaces default to 9,600 bps.
9. Optionally, do the following:
9a. Select Interface Group .
A list of defined interface groups is displayed. If no interface groups have been defined, the list is empty.
9b. Select an interface group from the list or press Ins and enter up to 17 alphanumeric characters to create an interface group.
An interface group is a grouping of several interfaces with similar characteristics, such as framing type and line speed. A symbolic name identifies an interface group. All interfaces in a group have similar characteristics and can be used interchangeably.
10. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
The Network Interfaces screen is redisplayed with the interface you just configured. The interface status is Enabled ; you can use the Tab key to
76 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
to n
ng
face,
rd
g
:
toggle between Enabled and Disabled . (Note that disabled interfaces are not unconfigured, but are configured interfaces that are not enabled.)
11. To configure another interface, repeat Step 1 through Step 10 .
12. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
After you have configured the desired PPP interfaces for WAN boards, you should configure one or more WAN call destinations as described in “HowConfigure a WAN Call Destination for an On-Demand PPP Connection” opage 80
How to Configure an On-Demand PPP Data Link over a Synchronous ISDN Interface
Before you begin, you must complete the following tasks:
• Configure the appropriate WAN board (refer to Chapter 2, “ConfiguriDrivers and Board Parameters,” on page 29 ).
• Identify the switch type you will be using.
To configure a permanent PPP connection over a synchronous ISDN intercomplete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Network Interfaces
If you are configuring a new interface and the appropriate WAN boahas been configured, continue with Step 2.
If you are changing the data-link protocol associated with an existinWAN interface, select that interface, then press Del to delete the current interface configuration. This changes the interface's status to Unconfigured . Press Esc to exit, then select Reinitialize System and select Network Interfaces once again.
The Network Interfaces screen displays a list of network interfaces associated with each configured board with the following information
Chapter 4: Configuring On-Demand PPP Connections 77
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
d
gs
ill nter
n”
• Board Name —Name you gave to the board when you configureit.
• Interface —Name of the network interface. Each interface is identified as boardname_n , where n is the interface number.
• Group —Interface group, if any, that the network interface belonto.
• Media —Network medium or WAN protocol selected.
• Status —Current status of the interface.
2. Scroll to an unconfigured network interface, then select it.
The Select A Medium screen is displayed.
3. Select PPP Routing to assign the protocol to the selected network interface.
Note For an ISDN configuration, PPP Routing is the only available medium.
The PPP Network Interface Configuration menu is displayed.
Because your configuration is using an ISDN board, the following parameters are automatically set:
• Framing Type —SYNC
• Physical Type —ISDN
The Interface Speed field is grayed out because the interface speed wbe determined at dial-up by the format of the telephone number you ewhen you configure the WAN call destination (refer to “How to Configure a WAN Call Destination for an On-Demand PPP Connectioon page 80 ).
4. Select Modem/DCE Type .
A list of the PPP modem and DCE device types is displayed.
5. Select ISDN (AT Controlled) if you are using a NetWare CAPI ISDN driver or if the manufacturer of your AT ISDN driver does not provide a driver-specific terminal adapter script.
78 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
, if 91
6. If you are configuring multiple ports and you want an incoming call to be answered by a particular port, select Local ISDN Address and enter the appropriate ISDN address.
If this parameter is configured, the port will accept incoming calls only from clients that have a matching ISDN address.
7. Optionally, if your service provider uses subaddresses, you can determine which port will answer an incoming call by selecting Local ISDN Sub-Address and entering the appropriate ISDN subaddress.
If this parameter is configured, the port will accept incoming calls only from clients that have a matching ISDN address. This parameter is usually not required in the United States.
8. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
The Network Interfaces screen is redisplayed with the interface you just configured. The interface status is Enabled ; you can use the Tab key to toggle between Enabled and Disabled .
The default configuration for a PPP connection over a synchronous dial-up line ISDN interface has the following characteristics:
• Character synchronous HDLC framing
• ISDN interface
• Line speed determined by the type of ISDN connection
• 1,500-byte MRU (payload data) size
• Inbound callers authentication required (PAP or CHAP)
• PPP data compression enabled
• PPP RFC-defined defaults for all other option values
You can selectively change the values of some of these parametersneeded. Refer to Chapter 6, “Advanced PPP Configuration,” on pagefor detailed information.
9. To configure another interface, repeat Step 1 through Step 8 .
10. If you want these changes to take effect immediately, select Reinitialize System .
Chapter 4: Configuring On-Demand PPP Connections 79
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ng
an
ta
7
r ied.
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
After you have configured the desired PPP interfaces for WAN boards, you should configure one or more WAN call destinations as described on this page.
How to Configure a WAN Call Destination for an On-Demand PPP Connection
Before you begin, you must complete the following tasks:
• Configure the appropriate WAN board (refer to Chapter 2, “ConfiguriDrivers and Board Parameters,” on page 29 ).
• Configure the appropriate PPP data link (refer to “How to Configure On-Demand PPP Data Link over a Synchronous or Asynchronous Interface” on page 73 or “How to Configure an On-Demand PPP DaLink over a Synchronous ISDN Interface” on page 77 ).
To configure a WAN call destination for an on-demand PPP connection, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > WAN Call Directory
2. Press Ins to configure a new WAN call destination.
At the prompt New Call Destination Name , enter a name of up to 4alphanumeric characters for the new WAN call destination.
The WAN call destination name entered here is used in several othemenu options when a WAN call destination name needs to be identifYou should use a descriptive name, such as the name of the remotedestination or a branch or store number.
3. Enter a name for the new WAN call destination.
A list of supported wide area media is displayed. These are media available on previously configured interfaces.
4. Select PPP as the wide area medium.
The PPP Call Destination Configuration menu is displayed. The Call Type selection is highlighted. This selection specifies the type of
80 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
on
nd
e d.
connection to be made: permanent (continuously active) or on-demand (when activated by the presence of data traffic to the remote peer).
5. Press Enter , then select On-Demand from the pop-up menu.
6. To specify an interface name or an interface group, do one of the following:
If you are specifying an interface name, select Interface Name, then select an interface name from the pop-up menu.
If you are specifying an existing interface group, select Interface Group, then select an interface group from the pop-up menu.
When you specify an interface group, the system selects any available interface associated with the group for outbound connection attempts. For more information on interface groups, refer to “Interface Groups” page 72
7. For the Telephone Number field, specify a telephone number.
The ASCII string you enter in the Telephone Number field can be up to 32 alphanumeric characters. This string is used by device (modem)management when initiating the outbound call to this destination.
8. Select Idle Connection Timeout , specify a value that is appropriate for your system, then press Enter .
9. Select Outbound Authentication , then select the appropriate authentication option from the pop-up menu.
This lets you specify the authentication protocol to use for an outbouconnection. You can choose from the following options:
Note If you choose Either PAP or CHAP , the called PPP system will determine through negotiation which authentication protocol is used.
• CHAP —Allows CHAP to be used.
• Either PAP or CHAP —(Default) WAN call uses either protocol based on what the remote peer requests. This setting offers thmost flexibility. If both sides use this setting, then CHAP is use
• None —WAN call does not provide authentication.
• PAP —Allows PAP to be used.
Chapter 4: Configuring On-Demand PPP Connections 81
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
You cannot choose the option None for an on-demand call. A form of authentication must be enabled.
10. Select Password, then enter a password of up to 47 alphanumeric characters.
The value specified in this field must be the PAP password or the CHAP secret value expected from the remote peer during the PPP inbound authentication. The value cannot be a null string.
For the WAN call destination to succeed, this password and the local system ID must also be configured in the inbound authentication database of the called router.
Note This field is case-sensitive.
11. Select Local System ID , then enter a local system ID of up to 47 alphanumeric characters.
During outbound authentication, this name is sent to the remote system to identify the local system for authentication and connection purposes. The name is also used by some remote protocol stacks to determine whether the call can be accepted as an on-demand call.
Note This field is case-sensitive.
The default value is the local system server name.
12. Select Remote System ID , then select an ID from the pop-up menu or press Ins and enter a remote system ID of up to 47 alphanumeric characters.
This field lets you specify the name of the remote peer system associated with the WAN call destination entry. This name is typically the remote system server name. You must specify this option.
This name is accessed by some local protocol stacks to identify the WAN call destination needed to restore an on-demand connection to a remote system that previously initiated a connection to the local system.
Note When you configure the protocol you will use for an on-demand PPP connection, you must configure static routes and services. Some protocol stacks do not accept an inbound connection unless they have a configured static route or service to an identified remote system.
82 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
ound
ms
the
Leave all other parameters in the PPP Call Destination Configuration menu at their default values. For a complete discussion of the other parameters in this menu, refer to Chapter 6, “Advanced PPP Configuration,” on page 91
13. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
14. If prompted, select Yes to synchronize the inbound authentication database.
The inbound authentication database is made to agree with the outbcall authentication parameters in this WAN call destination configuration. This is useful if you expect to receive calls from systeyou make calls to.
The WAN call destination you configured is listed in the Configured WAN Call Destinations screen.
15. To configure another WAN call destination, repeat Step 2 through Step 14 .
16. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitializesystem when you are finished.
Where to Go from Here
If you want to further customize and optimize your connection, refer to Chapter 6, “Advanced PPP Configuration,” on page 91 for the following topics:
• Configuring data or header compression
• Configuring MRU parameters to adjust the frame size
• Configuring call retry and timeout parameters
• Configuring matching inbound and outbound authentication
• Configuring other inbound call options
Chapter 4: Configuring On-Demand PPP Connections 83
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
X,”
ce
• Configuring interface physical options
Before your WAN connection works, you must also complete the followingtasks:
• Configure network protocols that will run over the WAN connection. These might include IPX, IP, and AppleTalk.
• Bind the network protocols to the configured WAN interfaces.
For information about these two tasks, refer to Chapter 8, “Configuring IPon page 121 ; Chapter 11, “Configuring IP,” on page 199 ; Chapter 12, “Configuring AppleTalk,” on page 255 ; and Chapter 14, “Configuring SourRoute Bridging,” on page 295
84 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
5 Con
figuring Backup CallsThis chapter describes how to use the Novell® Internet Access Server
). If
D
the
ectly all
are
, the tes
Configuration utility (NIASCFG) to configure a backup call for a WAN connection.
A backup call enhances the reliability of your WAN. It ensures that permanent connections are maintained even if your primary WAN call destination goes down. As a result, you avoid unnecessary delays and maintain high reliability over your WAN connection.
Backup calls are also useful for ensuring filtering reliability. By default, all filters that currently affect a primary call will affect a configured backup call. If a primary call should go down, the configured backup call will maintain your filtering configurations.
You can configure additional filtering for the backup link to meet the specific needs of your site (refer to Chapter 15, “Configuring Filters,” on page 317 you configure additional filtering, that filtering will be maintained on the backup link in addition to the automatically mapped filtering.
Optionally, the automatic mapping of filtering can be disabled with the LOAFILTSRV NOBACKUP command. With automatic mapping of filtering disabled, you can configure a selective filtering scheme that is specific toneeds of the backup link (refer to Chapter 15, “Configuring Filters,” on page 317 ).
Backup calls must be PPP-based and the circuit information must be corrspecified. When you configure a backup call, you specify a backup WAN cdestination to be used in the event that the primary WAN call destination becomes unavailable. The Novell Internet Access Server 4.1 routing softwswitches automatically to the backup WAN call destination if the primary WAN call destination goes down. When the primary connection is restoredrouting software switches to the primary WAN call destination and terminathe backup.
Chapter 5: Configuring Backup Calls 85
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ng
You specify a backup WAN call destination by configuring two existing WAN call destinations to have an association by which the routing software recognizes one as the primary destination and the other as its backup.
Primary connections can be over fixed or switched circuits. Backups are always over switched circuits.
This chapter describes the configuration of backup calls through the use of WAN call associations. It contains the following sections:
• “Configuring a Backup Call Association” on page 86
• “Where to Go from Here” on page 89
Configuring a Backup Call Association
This section provides instructions for configuring backup calls.
For more information about the NetWare® Link/PPPTM software, refer to Novell Internet Access Server 4.1 Routing Concepts .
How to Configure a Backup Call Association
Note A backup call destination can be configured for the same interface as the primary call destination if there is only one physical interface available. Note, however, that in such a configuration, when the backup call is connected, the primary call destination will not be able to reconnect because the interface will be in use.
Note If a primary and backup call are to the same host and that remote host is running the NetWare MultiProtocol RouterTM 2.11 or 3.0 software, you must configure different local system IDs in the primary and backup WAN call destination records.
Before you begin, you must complete the following tasks:
• Configure the appropriate WAN board (refer to Chapter 2, “ConfiguriDrivers and Board Parameters,” on page 29 ).
• Configure the appropriate WAN connection (refer to Chapter 3, “Configuring Permanent PPP Connections,” on page 51 ).
86 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
you
all
red.
d
ll
e
• Configure two WAN call destinations to the same destination so that can associate one as the backup for the other (refer to Chapter 3, “Configuring Permanent PPP Connections,” on page 51 ).
To configure a backup call association, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Backup Call Associations
The Backup Call Associations screen lists all currently configured backup call associations with the following information:
• Primary Call Destination —A WAN call destination name that hasbeen configured to be a primary call destination.
• Backup Call Destination —A WAN call destination name that hasbeen configured to be a backup call destination to the primary cdestination.
• Status —Current status of the backup call association.
This screen has no entries if no backup call associations are configu
2. Press Ins to create a new backup call association.
The Backup Association Configuration menu is displayed. The Primary Call Destination field is highlighted.
3. Press Enter to display a list of configured WAN call destinations that are available to be primary call destinations.
A list of WAN call destinations is displayed. These are the configureWAN call destinations that are available to define as primary call destinations. Destinations that have already been configured to be primary or backup call destinations are not listed here. Only WAN cadestinations with a call type of permanent are listed here.
4. Select a primary call destination.
The Backup Association Configuration menu is displayed again. ThPrimary Call Destination field is filled in, and the Backup Call Destination field is highlighted.
5. Press Enter to display a list of configured WAN call destinations that are available to be backup call destinations.
Chapter 5: Configuring Backup Calls 87
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
The list of WAN call destinations is displayed again. The destination you selected as a primary call destination is no longer contained in this list.
Note Only permanent PPP connections can be used as backup call destinations.
6. Select a backup call destination.
The Backup Association Configuration menu is displayed with the Backup Call Destination field filled in.
7. Ensure that Association Status is set to Enabled .
To change the displayed status, select Status , select the desired status from the pop-up display, then press Enter .
8. Optionally, do the following to modify the connect and disconnect timer values:
8a. Enter a new value, in seconds, in the Connect Delay Timer field, then press Enter .
When the primary call destination fails, this value is the number of seconds to delay before attempting to connect to the backup call destination.
8b. Enter a new value, in seconds, in the Disconnect Delay Timer field, then press Enter .
When the backup call destination is up and the primary call destination reconnects, this value is the number of seconds to delay before disconnecting the backup call.
9. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
The backup call association you configured is listed in the Configured Backup Call Associations menu.
10. To configure another interface, repeat Step 2 through Step 9 .
Note When binding to a backup call destination, select WAN Call Destinations and set Type to Manual to keep the backup call from coming up when the router is restarted. This setting does not keep the backup call from coming up automatically when the primary call goes down.
88 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
ke
n
ce
11. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
Where to Go from Here
If you want to further customize and optimize your connection, refer to Chapter 6, “Advanced PPP Configuration,” on page 91 for the following topics:
• Configuring data or header compression
• Configuring MRU parameters to adjust the frame size
• Configuring call retry and timeout parameters
• Configuring matching inbound and outbound authentication
• Configuring other inbound call options
• Configuring interface physical options
Before your WAN connection works, you must also complete the followingtasks:
• Configure network protocols that will run over the WAN connection. These might include the Internetwork Packet ExchangeTM (IPXTM ) protocol, IP, and AppleTalk.
• Bind the network protocols to the configured WAN interfaces.
• Specify an automatic permanent WAN call destination in order to mathe primary call initially.
For information about these tasks, refer to Chapter 8, “Configuring IPX,” opage 121 ; Chapter 11, “Configuring IP,” on page 199 ; Chapter 12, “Configuring AppleTalk,” on page 255 ; and Chapter 14, “Configuring SourRoute Bridging,” on page 295
Chapter 5: Configuring Backup Calls 89
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
90 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
6 Adv
anced PPP ConfigurationThis chapter describes how to use the Novell® Internet Access Server
e
field e ted by ork
Configuration utility (NIASCFG) for advanced NetWare® Link/PPPTM configuration. It contains the following sections:
• “Configuring Data or Header Compression” on page 91
• “Maximizing Performance with the Packet Burst Protocol and LargeInternet Packet Protocol” on page 96
• “Configuring Maximum Receive Unit Parameters to Adjust the FramSize” on page 96
• “Configuring Call Retry and Timeout Parameters” on page 98
• “Configuring Matching Inbound and Outbound Authentication” on page 101
• “Configuring Additional Inbound Call Options” on page 102
• “Configuring the Bandwidth Allocation Control Protocol and the Multilink Protocol” on page 104
• “Configuring Enterprise-Specific Traps” on page 107
• “Configuring Interface Physical Options” on page 108
• “Where to Go from Here” on page 110
Configuring Data or Header Compression
NetWare Link/PPP supports compression of either the data or the headerof the Point-to-Point Protocol (PPP) packet. Both cannot be enabled at thsame time because PPP data compression uses fields that are usually delePPP header compression. With either method, you can also use Internetw
Chapter 6: Advanced PPP Configuration 91
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
by
ome
ed
or en ol ssed
n
ore
ion
Packet ExchangeTM (IPXTM ) header compression or TCP/IP header compression for further optimization.
Using Data Compression
When you select data compression, you are specifying that you want data to be transmitted in a more compact form. Using data compression has the following effect:
• Reduces the amount of data transferred over a communications linkreplacing previously observed data sequences with more compact sequences
• Increases the apparent speed (bandwidth) of the link, at the cost of sadditional router CPU usage and memory usage
• Allows for a more effective use of a PPP link when packets are routbetween remote LANs
Note When you enable data compression, it is used only if both the local and remote peers support a common compression technique. The Control Compression Protocol (CCP) handles the negotiation and selection of a common data compression protocol between systems. NetWare Link/PPP supports the Pattern Predictor algorithm, as well as other CCP-compliant data compression algorithms. Note that the Novell Internet Access Server 4.1 routing software maintains backward compatibility with NetWare MultiProtocol RouterTM 3.1 PPP data compression if the PTFs are installed. PPP data compression is not compatible with NetWare MultiProtocol Router 2.11 or 3.0.
By default, PPP does not guarantee data integrity. Retransmission of lostcorrupted data is the responsibility of higher-level protocols. However, whCCP successfully negotiates data compression, a reliable data-link protocreplaces the unreliable PPP data link to ensure the integrity of the compredata exchange. This reliable data-link protocol is the International Telecommunication Union (ITU) Link Access Protocol-Balanced (LAPB). LAPB significantly increases the reliability of the communications link wheused in conjunction with rigorous error checking after the received data isuncompressed.
Most data compression algorithms do not permit data corruption on the communications link because each bit of the compressed data is much msignificant than the uncompressed data. One incorrect bit can result in thousands of bytes of incorrect output. This, in turn, results in retransmissrequests and lower overall throughput.
92 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Data compression is performed on network data only. NetWare Link/PPP Link Control Protocol (LCP) and Network Control Protocol (NCP) data is passed uncompressed. LCP and NCP data exchanges are used for connection management and configuration negotiation. They are typically used only during the connection establishment and termination operations.
NetWare Link/PPP supports the Pattern Predictor algorithm, as well as other CCP-compliant data compression algorithms. The Pattern Predictor compression technique provides useful data compression over a wide range of line speeds, from 1,200 baud through E1 data rates. Future versions of NetWare Link/PPP might include additional compression algorithms tailored to provide higher compression at specific line speeds.
Figure 6-1 illustrates a simple network configuration in which NetWare Link/PPP is operating over a 56-Kbps leased-line interface to connect two Ethernet LANs operating at 10 Mbps. Note that data compression is necessary only over the PPP link connecting two LANs, because this link is the slowest portion of the end-to-end network traffic.
Chapter 6: Advanced PPP Configuration 93
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
, that s hed.
Figure 6-1
PPP Data Compression for LAN-to-LAN Routing
Using Header Compression
When you use header compression, you are specifying that you want the following two fields in the header to be compressed:
• Address and Control
• Protocol ID
Compressing these fields reduces PPP header overhead. Note, howeverenabling this compression does not guarantee that header compression iactually used. Header compression is negotiated when the link is establis
How to Configure Data or Header Compression
To configure data or header compression, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Network Interfaces
2. Scroll to a configured PPP interface, then select it.
10-Mbps Ethernet
Compressed NetWare Link/PPP
56 Kbps
Server Client
NetWareRouter
NetWareRouter
10-Mbps Ethernet
ServerClient
94 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
PPP
is
ess be ter, hm
The PPP Network Interface Configuration menu is displayed.
3. Select PPP Negotiations Options .
The PPP Negotiations Options menu is displayed.
Warning Data and header compression cannot be enabled at the same time. PPP data compression uses fields that are usually deleted by PPP header compression.
4. Do one of the following:
If you are configuring header compression, select PPP Header Compression, then select Enabled.
This option specifies whether compression of the PPP Address and Control and PPP Protocol fields is enabled. PPP header compression is disabled by default.
Enabling this option does not guarantee that header compression is used. It indicates only that the local PPP interface attempts to negotiate its use.
If you are configuring data compression, do the following:
• Select PPP Data Compression, then select Enabled .
This option specifies whether PPP data compression is used. data compression is enabled by default.
Note PPP data compression uses 150 KB of memory per port. If the router is short of memory, disable PPP data compression to decrease memory usage.
Enabling this option does not guarantee that data compressionnegotiated with the remote peer. If the remote peer does not support compression, negotiation for the option fails, but the connection is still established.
• If you are configuring data compression, select Preferred Compression Algorithm, then select the desired algorithm.
The interface starts the compression algorithm negotiation procwith the selected algorithm. However, the algorithm might not used. If the selected algorithm is not supported by the peer rounegotiation continues until a common data compression algoritis found. The default algorithm is Predictor II.
5. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
Chapter 6: Advanced PPP Configuration 95
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
6. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
Maximizing Performance with the Packet Burst Protocol and Large Internet Packet Protocol
NetWare Link/PPP data compression works best when a constant supply of transmitted data is available at the interface. This maximizes the replacement of data sequences with more compact sequences. Therefore, when using IPX with NetWare Link/PPP data compression, you should also use the IPX Packet Burst protocol and the Large Internet Packet (LIP) protocol.
The Packet Burst protocol enhances IPX by allowing larger data transactions, composed of multiple IPX packets, to be transmitted as a single burst (or logical operation). Acknowledgments are issued for the complete burst rather than for individual IPX packets. The Packet Burst and LIP protocols are included in the NetWare 3.12 and NetWare 4TM operating systems. LIP and Packet Burst are enabled separately on IPX clients.
Packet Burst protocol support is provided for IPX client workstations by the latest version of the Virtual Loadable ModuleTM (VLMTM ) software update. Refer to this update for instructions on how to configure the protocols.
Configuring Maximum Receive Unit Parameters to Adjust the Frame Size
Note If you choose to configure a high Maximum Receive Unit (MRU) range for NetWare Link/PPP, you might need to edit the STARTUP.NCF file to redefine the Maximum Physical Receive Packet parameter. The Maximum Physical Receive Packet parameter defined in the STARTUP.NCF file must be large enough to accommodate the configured NetWare Link/PPP MRU Maximum Size value plus 10 bytes.
NetWare Link/PPP ensures that both send and receive data frames are never outside the configured MRU range. Through negotiation with the remote peer, the data frames are never smaller than the configured minimum MRU or larger than the configured maximum MRU. If the remote PPP peer requires frames outside the range, the connection is not established.
96 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
NetWare Link/PPP provides three parameters that control MRU negotiation with the remote data-link peer. The minimum and maximum MRU parameters establish a window or range of MRU values that are acceptable to the NetWare Link/PPP interface. The optimal MRU value establishes the preferred MRU value that the NetWare Link/PPP interface tries to establish.
The Internet PPP specification defines a default MRU size of 1,500 bytes. IP can run with 1,500-byte datagrams because it can support fragmentation of the stream to fit the data-link MRU. However, source route bridging does not support fragmentation. Therefore, when providing connectivity between bridged token ring LANs, you should reconfigure the NetWare Link/PPP interface to support a 4,500-byte MRU for the token ring LANs.
Using the bridged token ring example, the minimum and optimal MRU values should be set to 4,500 bytes. This configuration change forces the negotiated MRU value to 4,500 bytes, or the connection is not established.
If you are using IPX routing over NetWare Link/PPP to connect two token ring LANs, a negotiated MRU size of 4,500 bytes is preferred because it allows full-size token ring packets to be exchanged. A smaller MRU is still usable because the IPX packet size is automatically adjusted to the smaller NetWare Link/PPP MRU. In this case, you could configure the MRU Optimal Size parameter to 4,500 and leave the MRU Maximum Size and MRU Minimum Size parameters at their default values of 4,500 and 600, respectively. This approach starts the MRU negotiation with the remote PPP system at 4,500, but allows the acceptance of any value proposed by the remote system within the range of 600 to 4,500.
How to Configure MRU Parameters to Adjust the Frame Size
To configure MRU parameters, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Network Interfaces
2. Scroll to a configured PPP interface, then select it.
The PPP Network Interface Configuration menu is displayed.
3. Select PPP Negotiations Options .
The PPP Negotiations Options menu is displayed.
Chapter 6: Advanced PPP Configuration 97
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
4. Select MRU Maximum Size , then enter a value.
This parameter specifies the largest MRU size that PPP accepts for the local interface during link negotiation with a remote peer. This value, combined with the MRU Minimum Size value, defines the upper and lower limits used during MRU negotiation. The remote PPP peer must agree to a value within these limits to establish a connection.
5. Select MRU Optimal Size, then enter a value.
This parameter specifies the preferred MRU size that PPP proposes for the local interface during link negotiation with a remote peer. The actual negotiated MRU value can be anywhere within the range established by the MRU Minimum Size and the MRU Maximum Size parameters.
6. Select MRU Minimum Size , enter a value, then press Esc to confirm your configuration entries and return to the PPP Network Interface Configuration menu.
This parameter specifies the smallest MRU size that PPP accepts for the local interface during link negotiation with a remote peer. This value, combined with the MRU Maximum Size value, defines the upper and lower limits used during MRU negotiation. The remote PPP peer must agree to a value within these limits to establish a connection.
7. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
8. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
Configuring Call Retry and Timeout Parameters
When you create WAN connections, you can establish the following outbound call attributes for permanent and on-demand calls:
• For either type of connection, the conditions for retrying failed connections
• For on-demand connections, the amount of time for links to remain active when no data has been transmitted
98 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Retrying Failed WAN Connections
By default, a PPP WAN connection retries all self-correcting failures at increasing intervals until the call is established, with a retry interval limit of 10 minutes for permanent connections and 2 minutes for on-demand connections.
You can use the Retry Mode parameter to specify the conditions under which a failed permanent connection is retried automatically. Its default setting, Retry Self-Correcting Failures , uses error information from NetWare Link/PPP to differentiate between errors that are self-correcting, such as a busy telephone number, and errors that require user intervention, such as a call authentication failure.
Alternatively, you can set up your system to retry all failures (Retry All ) or to never retry at all (Never Retry ). Retrying all failures is used for unattended environments and for situations in which configuration changes are not easily made to the router. For example, it might be easier to correct problems at the peer system or WAN service provider system, and simply let the router continue to retry until the problem is corrected. However, this is not advisable when a cost is associated with each connection attempt.
Retrying failed connections results in successive connection attempts with an increasing delay between each attempt. By default, the delay is set initially to 1 second, and it is increased exponentially until the maximum delay specified by the Retry Interval Limit parameter is reached.
Warning Some retry intervals might be slightly longer than expected because NetWare Link/PPP employs a random backoff interval to decrease the chance of collisions between calling systems.
The Retry Limit Handling parameter defines connection attempt behavior after the retry interval limit has been reached. Retries can continue indefinitely at the configured interval limit, or retry attempts can be terminated and the connection failed. For permanent connections, keep the default, Continuous At Limit , to support unattended operation. Otherwise, use Stop At Limit if a cost is associated with each connection attempt.
For on-demand connections, the default is Stop At Limit .
Terminating Inactive On-Demand Connections
You can specify the amount of time that an on-demand connection remains active without the presence of data by setting the Idle Connection Timeout
Chapter 6: Advanced PPP Configuration 99
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ress
WAN call destination parameter. The default timeout of 10 minutes is usually a reasonable compromise between performance and cost effectiveness when using public-switched telephone networks.
Warning Setting this value too low can cause the connection to terminate before data is actually sent. This forces multiple-connection establishment and degradation of data transfer performance.
Consider switched-circuit connection billing policies when modifying the value of the timeout. If a large percentage of the connection cost is based on the call duration, reduce the value to minimize costs. If a large percentage of the connection cost is based on establishing the initial connection, and if the call duration is less of a factor, increase the value.
How to Configure WAN Call Retry and Timeout Parameters
To configure WAN call retry and timeout parameters, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > WAN Call Directory
2. Scroll to the WAN call you are configuring, then select it.
The PPP Call Destination Configuration menu is displayed.
3. To set the idle connection timeout, do the following:
• Select Idle Connection Timeout .
• Specify a value for hours, minutes, and seconds in the pop-upmenu, then press Enter .
4. Select Call Retry Options and do one or more of the following:
To set the retry mode, do the following:
• Select Retry Mode .
• Select one of the modes displayed in the pop-up menu, then pEnter .
To set retry limit handling, do the following:
• Select Retry Limit Handling .
100 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
ress
the
e
that eed If the e ly.
o be
roup a the
• Select one of the options displayed in the pop-up menu, then pEnter .
To set the retry interval limit, do the following:
• Select Retry Interval Limit .
• Specify a value for hours, minutes, and seconds in the pop-upmenu, then press Enter .
5. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
6. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitializesystem when you are finished.
Configuring Matching Inbound and Outbound Authentication
By default, every time a NetWare Link/PPP outbound call is configured, thauthentication information for that outbound call is also entered into the inbound authentication database for the selected interface. The reason isconnectivity between systems is usually bidirectional. For example, if you nto call system X, chances are great that system X also needs to call you. same password is used by both systems, you do not need to configure thinformation for the outbound and inbound authentication entries separate
You can specify that outbound authentication should match its informationwith inbound authentication. This causes an inbound authentication entry tmade with the remote system ID and password entered for the WAN call destination. If a group is selected, the database for each interface in the gis updated. If you change either the remote system ID or the password inWAN call destination, and that remote system ID was previously added toauthentication database, you are prompted to determine whether it will beadded to the inbound authentication database.
Note Disable Inbound Authentication Update for a more secure method of authentication. This way, the inbound authentication information is not created or updated automatically for a WAN connection and its related interface, enabling you to maintain the inbound and outbound authentication entries separately.
Chapter 6: Advanced PPP Configuration 101
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
s
t are
m.
How to Configure Matching Inbound and Outbound Authentication
To configure matching inbound and outbound authentication, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > WAN Call Directory
2. Select a configured WAN call destination.
The PPP Call Destination Configuration menu is displayed.
3. Select Special Options .
4. Select Inbound Authentication Update , then select Enabled from the pop-up menu and press Enter .
5. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
6. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
Configuring Additional Inbound Call Options
You can also configure the following inbound call options:
• Inbound Call Processing —Controls the processing of inbound connection attempts. When Disabled is selected, no inbound connections are allowed. If a modem is attached to the interface, it iinitialized not to answer when called.
Disabling inbound calls on an interface is a good way to reserve theinterface for outbound call attempts.
• Local System ID for CHAP —Provides a common local system ID thacan be used by multiple connected NetWare Link/PPP systems thatusing CHAP authentication. This option allows a remote system to maintain a single CHAP authentication secret instead of having to maintain a separate CHAP authentication secret for each local syste
102 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
. By e of
iew,
sing
Note that the Local System ID for CHAP parameter is used only for CHAP challenges issued to remote systems that are calling in. The local system ID specified in the WAN call destination configuration is used for the name field value in a CHAP response to authenticate a local system to a remote system.
• Authentication Database Name —Maintains caller authentication information in named databases. Each interface can have a unique database, or multiple interfaces can share a single database. Each database can contain any number of inbound authentication entriesdefault, all NetWare Link/PPP interfaces share a single database namPPP-AUTH.
• Authentication Database —Accesses the inbound authentication database specified in the Authentication Database Name parameter. You can select an inbound authentication entry from the list, then delete, vor edit it. You can also create new entries. New entries use a remotesystem ID from the list or a new remote system ID you create by presIns while in the Remote System ID list.
How to Configure Additional Inbound Call Options
To configure inbound call processing, modify the authentication databasename, or modify authentication database contents, complete the followingsteps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Network Interfaces
2. Scroll to a configured PPP interface, then select it.
The PPP Network Interface Configuration menu is displayed.
3. Select Authentication Options .
The PPP Inbound Authentication Options menu is displayed.
4. Do one or more of the following:
To configure inbound call processing, select Inbound Call Processing, then select Enabled or Disabled from the pop-up menu.
Chapter 6: Advanced PPP Configuration 103
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
list
list
f
the
rts en port
To configure a common local system ID for CHAP authentication, select Local System ID for CHAP, then enter a unique name of up to 45 alphanumeric characters.
To configure a common local system ID for multiple NetWare Link/PPP systems using CHAP for authentication, select Local System ID for CHAP, then enter a unique alphanumeric name.
If your network configuration consists of multiple routers and third-party PPP systems, using a common local system ID for CHAP minimizes authentication processes and is easier to maintain.
To modify the authentication database name, select Authentication Database Name, then enter a new name of up to eight characters.
To modify the authentication database contents, do the following:
• Select Authentication Database .
• To modify an existing entry, select a remote system ID from the displayed in the pop-up menu, then enter a new password.
To delete an existing entry, select a remote system ID from thedisplayed in the pop-up menu, then press Del .
To create a new entry, press Ins , enter a new remote system ID oup to 47 ASCII characters, then enter a password.
5. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
6. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitializesystem when you are finished.
Configuring the Bandwidth Allocation Control Protocol and the Multilink Protocol
The Bandwidth Allocation Control Protocol and the Multilink Protocol are used in conjunction with each other. The Bandwidth Allocation Control Protocol and the Multilink Protocol enable you to use multiple physical poon your WAN boards to represent a single logical link to one location. Whthe bandwidth threshold of one port is reached, the bandwidth of the next
104 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
becomes available. More ports are added to the connection if bandwidth requirements continue to increase beyond the threshold of the ports currently in use. This feature greatly increases the total available bandwidth.
To configure the Bandwidth Allocation Control Protocol and the Multilink Protocol, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Network Interfaces
2. Select or create a PPP WAN interface.
3. Select Local Telephone Number and enter the local (inbound) telephone number of this interface.
4. Press Esc and save your changes.
5. Select WAN Call Directory .
The Configured WAN Call Destinations screen is displayed.
6. Select the appropriate PPP destination.
7. Select Multilink Configuration .
The PPP Multilink Protocol Configuration menu is displayed.
8. Configure the Total Member Links parameter.
This parameter represents the maximum number of physical WAN ports you want to make available for use in the multilink connection. You can use up to 32 ports.
9. Configure the following parameters as needed.
To bring up additional ports as needed, set Member Link Activation Type to Bandwidth-On-Demand. To have all available ports active at the same time, set Member Link Activation Type to Static.
When the Member Link Activation Type parameter is set to Bandwidth-On-Demand , you must configure the next two parameters to specify the bandwidth utilization that causes the next port to be added to the WAN connection and the time period that is used to calculate the utilization percentage.
Chapter 6: Advanced PPP Configuration 105
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
To configure the percentage aggregate utilization for the connection that must be exceeded to activate an additional port, set Bandwidth Threshold Level to the desired value.
The default is 80%.
To configure the time in seconds that will be used to compute the real-time bandwidth utilization, set Bandwidth Measurement Time to the desired value.
The default is 30 seconds.
To use a single interface as a secondary interface, set Interface Selection to Interface. To use multiple interfaces as a secondary interface, set Interface Selection to Group Interface.
To specify which interface or interface group will be used as a secondary interface when the bandwidth threshold of the primary interface is exceeded, select Interface/Group Name.
When this field is selected, a list of configured interfaces and groups from which to choose is displayed.
To specify the outbound phone numbers that will be used to establish secondary links, select Phone Number Configuration.
If the media type is ISDN, one phone number can be used for multiple calls.
10. Press Esc .
11. If needed, configure Call Retry Options as described in “How to Configure WAN Call Retry and Timeout Parameters” on page 100
12. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
13. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
106 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Configuring Enterprise-Specific Traps
You can also configure enterprise-specific traps so that particular SNMP traps will be generated to provide diagnostic information about events such as failed PPP connections. This diagnostic information appears in console notifications.
To configure enterprise-specific traps, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Network Interfaces
2. Scroll to a configured PPP interface, then select it.
The PPP Network Interface Configuration menu is displayed.
3. Select Enterprise Specific Traps .
The Enterprise Specific Traps Configuration menu is displayed.
4. Do one or more of the following:
To enable an SNMP trap for failed PPP connections, select PPP Call Attempt Failure Trap, then select Enabled from the pop-up menu.
The failed PPP connections trap is disabled by default.
To enable an SNMP trap for PPP connection terminations, select PPP Call Termination Trap, then select Enabled from the pop-up menu.
The PPP connection terminations trap is disabled by default.
To enable an SNMP trap for when the physical layer’s send and receive utilization exceeds its threshold, select Physical Bandwidth Threshold Trap, then select Enabled from the pop-up menu.
The physical bandwidth threshold trap is disabled by default.
To force PPP to generate an SNMP trap if the LCP experiences an up or down transition of the link, select PPP Link Up/Down Trap, then select Enabled from the pop-up menu.
The PPP link up/down trap is disabled by default.
If the Physical Bandwidth Threshold Trap is enabled, to modify the bandwidth, enter new percentage values for Bandwidth Lower Threshold and Bandwidth Upper Threshold.
Chapter 6: Advanced PPP Configuration 107
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
at it is
om
on-
, a-
After bandwidth threshold traps begin to be sent because the upper threshold has been exceeded, traps will continue to be sent until utilization falls below the lower threshold.
By default, the upper threshold is 80 and the lower threshold is 60. The upper threshold can be any integer less than 100 and greater than the lower threshold.
5. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
6. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
Configuring Interface Physical Options
You can also configure the following low-level serial interface parameters:
• Send Queue Limit —The maximum number of outbound data frames thcan be queued to the interface for transmission. When the queue limexceeded, frames are returned to the Network layer.
The Send Queue Limit functionality provides transmit time limiting with a random drop mechanism, as well as an item count limit with a randdrop.
• Data Encoding —The serial data encoding technique, specified as NReturn to Zero (NRZ) or Non-Return to Zero Inverted (NRZI). Data encoding is meaningful only when the interface framing type is synchronous.
• Idle Line State —The serial line interframe idle line transmission statespecified as either Flags (repeated transmission of the High-level DatLink Control [HDLC] 7E synchronous pattern) or Marks (holding the data line in the marking state).
• Simulate DSR ON: , Simulate DCD ON: , Simulate CTS On: —These three options should be used only when the attached modem or communication device does not provide the signal or an equivalent.
108 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
How to Configure Interface Physical Options
To configure authentication and call management parameters, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Network Interfaces
2. Scroll to a configured PPP interface, then select it.
The PPP Network Interface Configuration menu is displayed.
3. Select Physical Options .
The PPP Physical Configuration Options menu is displayed.
4. Do one or more of the following:
To configure the send queue limit, select Send Queue Limit, then enter a value.
Set the limit to zero for unlimited queueing, but keep in mind that this can result in NetWare system buffer depletion.
To configure data encoding, select Data Encoding, press Enter, then select one of the displayed options.
Use NRZ encoding unless the remote PPP node supports only NRZI. Make sure that data encoding types are configured to be the same at both ends of the link.
To configure the serial line interframe idle line transmission state, select Idle Line State, then select one of the displayed options.
Select Flags for repeated transmission of the HDLC 7E synchronous pattern. Select Marks to make the transmitter hold the data line in the marking state.
Note The idle line state must be the same at both ends of the link. Not all drivers support both Flags and Marks . If the selected driver does not support both options, only the supported option is offered. Make sure you select the idle line state that you know the remote PPP node supports.
To configure the WAN driver to assume the interface signal is on, do one or more of the following:
Chapter 6: Advanced PPP Configuration 109
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
the
X,”
ce
Note Use these options only when the attached modem or communication device does not provide the signal or an equivalent.
• Select Simulate DSR On: , then select Yes .
• Select Simulate DCD On: , then select Yes .
• Select Simulate CTS On: , then select Yes .
5. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
6. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitializesystem when you are finished.
Where to Go from Here
Before your WAN connection works, you must also complete the followingtasks:
• Configure network protocols that will run over the WAN connection. These might include IPX, IP, and AppleTalk.
• Bind the network protocols to the configured WAN interfaces.
For information about these two tasks, refer to Chapter 8, “Configuring IPon page 121 ; Chapter 11, “Configuring IP,” on page 199 ; Chapter 12, “Configuring AppleTalk,” on page 255 ; and Chapter 14, “Configuring SourRoute Bridging,” on page 295
110 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
7 Con
figuring Modems and DTR-Controlled DevicesNetWare® Link/PPPTM modem device management uses file-based scripts to
P
well
the
13
rcuit
specify the commands for modem initialization, connection dialing, answering, and termination.
Most of the modem device management settings you need to make are covered by the configuration procedures in Chapter 3, “Configuring Permanent PPConnections,” on page 51 and Chapter 4, “Configuring On-Demand PPPConnections,” on page 69
This chapter provides information about modem and device selection, as as additional configuration procedures that might be necessary for some modems and Data Terminal Ready (DTR) controlled devices. It contains following sections:
• “Modem and DTR-Controlled Device Configuration Decisions” on page 111
• “Configuring Modem Control Scripts for AT Dialing” on page 113
• “Using CPECFG to Configure Modem and DCE Devices” on page 1
• “Configuring the Asynchronous Control Character Map” on page 116
• “Configuring Additional Modem/DCE Parameters” on page 117
• “Where to Go from Here” on page 119
Modem and DTR-Controlled Device Configuration Decisions
The standard method used by NetWare Link/PPP to establish switched-ciconnections relies on AT command exchanges with the attached modem.
Chapter 7: Configuring Modems and DTR-Controlled Devices 111
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
no be ng P nd
ltiple
sing s
ing gle
Some modems and communications equipment, however, do not support AT commands. These devices might support V.25bis dialing or DTR-controlled dialing.
If your modem supports V.25bis dialing, it will have faster dialing time than an AT modem. No modem script or type needs to be configured. The modem, however, might need to have switch settings changed or might need front panel configuration changes. Refer to the manufacturer’s documentation for detailed information. The V.25bis dial mode uses the WAN call destination telephone number.
DTR-controlled devices generally require that you configure the remote system telephone number at the DSU or modem. These devices usually provide a limited amount of nonvolatile memory for telephone number storage. Once the remote system telephone number is configured, whenever the device’s DTR signal changes from off to on, the device attempts to initiate a call to the specified remote number. An on-to-off transmission of the DTR causes the device to terminate the connection.
Some modems support both AT commands and V.25bis or DTR-controlled dialing. If you have such a choice, consider the following:
• V.25bis might be preferable because it has a faster dialing time andmodem script is required. Programming a modem for V.25bis might difficult or very easy, depending on the modem. It is worth investigatiif V.25bis is an option. Using the V.25bis dial mode, NetWare Link/PPcan dial using the WAN call destination telephone number. On-demaconnections can use a single interface and modem to connect to muremote systems sequentially.
• Using the AT command mode, NetWare Link/PPP can initialize the modem automatically, based on the specified modem type, and dial uthe WAN call destination telephone number. On-demand connectioncan use a single interface and modem to connect to multiple remotesystems sequentially.
• Preprogramming a DTR-controlled device can be both time-consumand inconvenient. DTR-controlled devices are limited to calling a sinremote system.
112 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
n
.
the
ting uses M1
or
ate ur
Configuring Modem Control Scripts for AT Dialing
The Novell® Internet Access Server 4.1 software provides modem scripts that support more than 130 modem types.
If you have an AT dialing modem that is on the list of supported modems, you do not need to do the additional configuration described in this section.
If you have an AT dialing modem that is not on the list of supported modems, you must use the WMDMMGR utility to create a modem script. Refer to Appendix B, “Modem Description Files,” on page 439 for more informatioabout creating a modem scripts and refer to Novell Internet Access Server 4.1 Management and Optimization for more information about using Wmdmmgr
Using CPECFG to Configure Modem and DCE Devices
CPECFG is a NetWare Loadable ModuleTM (NLMTM ) file that can be used to configure modems and data circuit-terminating equipment (DCE), such asDSU/CSUs, DTR-controlled dialers, and V.25bis dialers. You can perform configuration from anywhere on the network by using RCONSOLE, XCONSOLE, or ACONSOLE in conjunction with CPECFG.
CPECFG communicates with modems and DCE devices through the exisserial port on the server or standalone router. It is a terminal emulator thatthe COM1 port. You use a standard modem cable to connect from the COport to your modem or DSU/CSU. For more information about cable connections, refer to the manufacturer's instructions.
You can use CPECFG to perform the following tasks:
• Configure the COM port to match the characteristics of the modem DCE device you want to program.
• Communicate directly with the modem or DCE device.
• Send a configuration file to your modem or DCE device. You can crea text file with the commands and have CPECFG send the file to yomodem or DCE device.
Chapter 7: Configuring Modems and DTR-Controlled Devices 113
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
us for FG.
-to-
tion
peed
call ld ring d
be
m n
ing sole.
How to Use CPECFG to Configure Modems and DCE Devices
If you are configuring DTR-controlled dialing for a modem or DSU, the following requirements exist:
• The modem or DSU should hold the configuration for the automatic dialing of stored numbers in nonvolatile memory. With an asynchronoterminal in asynchronous mode, you can program the configuration the modem offline using the front panel keypad, if available, or CPEC
• The modem or DSU should dial the stored number when the DTR offon transition occurs, connect to the remote modem, and switch to synchronous mode. The modem or DSU should terminate the connecif DTR is turned off by the router.
• Both modems or DSUs should be programmed to establish the connection at the user-defined rate rather than at the asynchronous sused to program the modem.
• The answering modem or DSU should be programmed to answer theonly if DTR is on. Even if the modem is turned on, the modem shouignore the call even if the router has not turned on DTR. The answemodem should not be enabled for DTR dialing; it should be programmefor Dialing Mode = None.
• After the modems or DSUs are programmed, both modems should disabled from recognizing synchronous data as modem control commands. Do this by forcing the modem into dumb mode.
For more information, refer to the manufacturer's instructions. For a modeprogramming example, refer to Appendix B, “Modem Description Files,” opage 439
To use CPECFG to configure a modem or DCE device, complete the followsteps from the remote workstation or directly from the server or router con
Warning If an incorrect interrupt value has been set for AIOCOMX, it can cause unpredictable and sometimes serious results. CPECFG uses only COM1, which generally uses interrupt 4. CPECFG automatically loads AIOCOMX. If you are prompted for an interrupt value by AIOCOMX, the prompt indicates that the correct interrupt is currently being used by another device. Halt the loading of AIOCOMX by pressing Esc . Then determine which device is using the interrupt and disable it.
114 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
e
You ly use u is
or
1. Load CPECFG and perform one of the following configuration actions from the CPECFG menu:
To configure the COM port, do the following:
• Select Configure Async Port .
• Set the appropriate configuration for the device, as shown in thfollowing table.
• To save the settings, press Esc and save your changes when prompted.
To communicate with the modem or DCE device directly, do the following:
• Select CPE Communications Screen .
In this mode, CPECFG is acting as an asynchronous terminal. can configure and monitor your modem or DCE device remotethrough this connection, and enter any commands that you canfrom the local modem or DCE device console. For example, yocan enter the command that will set your V.25bis dialer to V.25bdialing mode. For the appropriate commands for your modem DCE device, refer to the manufacturer's instructions.
Parameter Range Default
Baud Rate 300, 1,200, 2,400, 4,800, 9,600, 19,200
Maximum supported by UART, as discovered by AIOCOMX. (AIOCOMX is automatically loaded when CPECFG loads.)
Word Length (bits)
5, 6, 7, 8 8
Parity Even, Mark, None, Odd, Space
None
Stop Bits 1, 1.5, 2 1
Flow Hardware, X-On/X-Off, Both, None
X-On/X-Off
VT100* Emulation
Off, On On
Chapter 7: Configuring Modems and DTR-Controlled Devices 115
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
u
cter )
e SCII sed by
or ters
• Press Shift+F10 to exit the CPE Communications screen and return to the CPECFG menu.
To upload a configuration file to the device, do the following:
• Create a file using a text editor, then type in the commands yowant to send to CPE.
• From the CPECFG main menu, select Upload Command File .
• Enter the path and name of the text file you created.
• After you review the results of the command file sent back fromCPE, press Enter to return to the main menu.
2. Press Esc to exit CPECFG.
Configuring the Asynchronous Control Character Map
You can specify the configured value of the Asynchronous Control CharaMap (ACCM) that is proposed to the remote Point-to-Point Protocol (PPPpeer during PPP negotiation. By default, the following control values are mapped:
• 0x11 or Ctrl-Q (DC1 [device control number 1])
• 0x13 or Ctrl-S (DC3 [device control number 3])
Modify the ACCM to meet the inband control character requirements of thasynchronous DCE devices, such as modems. The ACCM specifies the Acontrol characters in the remote PPP peer's transmit data stream that aretranslated to transparent character sequences to ensure that they are pasthe local DCE device.
If certain ASCII control characters have special meaning to the modems other DCE devices being used, use the ACCM to force the control characto map to transparent, two-character sequences.
The ACCM is for asynchronous interfaces only and has no effect for synchronous interfaces.
To configure the ACC map, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
116 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
ribe
the
Select Configure NIAS > Protocols and Routing > Network Interfaces
2. Scroll to a configured PPP interface, then select it.
The PPP Network Interface Configuration menu is displayed.
3. Select Negotiation Options .
The PPP Negotiation Options menu is displayed.
4. Select Asynchronous Control Character Map .
The Async Control Character Map Configuration menu is displayed.
5. Select a specific control character.
6. Select Enabled or Disabled from the pop-up menu.
If you select Enabled , the ACC map forces that control character to map to a transparent, two-character sequence that has a meaning to the modem or DCE device.
7. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
8. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
Configuring Additional Modem/DCE Parameters
Chapter 3, “Configuring Permanent PPP Connections,” on page 51 and Chapter 4, “Configuring On-Demand PPP Connections,” on page 69 deschow to configure the following modem/DCE parameters:
• Dialing Mode —The method of modem device management used toinitiate outbound connections on a dial-up network: AT commands, DTR-controlled, V.25bis, or None.
• Interface Speed —The internally generated interface speed to use for device management commands when the dialing mode is AT Commands and the framing type is Sync . (This is the speed at which the AT
Chapter 7: Configuring Modems and DTR-Controlled Devices 117
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
f r ext n
ow
nd
.
gs . er.
he
commands in the modem scripts are sent to the modem, not the speed at which the modem connection is established.)
You can also modify the following modem/DCE parameters:
• Initialization Override Delay —The delay, in seconds, between output oeach consecutive initialization string. This delay gives the modem oDCE device a chance to respond to an initialization string before the nstring is sent. NetWare Link/PPP device management does not act odevice responses to user-specified initialization strings, but does alltime for responses.
Adjust this parameter only if you are using multiple override strings ayou have determined that the modem is responding slower than theoverride strings that are being issued.
• Initialization Strings —Up to five strings, each of which specifies an initialization override string that is sent to the modem or DCE deviceafter the standard script initialization sequence has been completed
You can use the initialization override strings to modify modem settinafter initialization. This lets you enable optional modem functionalityFor example, the initialization string ATM0 turns off the modem speak
How to Configure Additional Modem/DCE Parameters
To configure initialization override delay or initialization strings, complete tfollowing steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Network Interfaces
2. Scroll to a configured PPP interface, then select it.
The PPP Network Interface Configuration menu is displayed.
3. Select Modem/DCE Options .
The PPP Modem/DCE Device Options menu is displayed.
4. Do either, or both, of the following:
To set the initiation override delay, do the following:
118 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
d
ing ge
• Select Initialization Override Delay .
• Enter a value, in seconds, then press Enter .
• Save the configuration.
Press Esc to return to the Internetworking Configuration menu;save your changes when prompted.
If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now and reinitialize the system when you are finished.
To specify initialization strings, do the following:
• Select Initialization Strings .
• Enter up to five initialization strings, one per line, each followeby Enter .
• Save the configuration.
Press Esc to return to the Internetworking Configuration menu;save your changes when prompted.
If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now and reinitialize the system when you are finished.
Where to Go from Here
For information about creating a modem login script or modifying an existmodem login script, refer to Appendix B, “Modem Description Files,” on pa439
Chapter 7: Configuring Modems and DTR-Controlled Devices 119
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
120 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
8 Con
figuring IPXNovell® Internet Access Server 4.1 routing software provides a set of
configurable parameters with which you can modify operational characteristics of the Internetwork Packet ExchangeTM (IPXTM ) network protocol. You configure all IPX parameters from the Novell Internet Access Server Configuration utility (NIASCFG).This chapter contains the following sections:
• “IPX Configuration Decisions” on page 122
• “Turning Off IPX Packet Forwarding” on page 125
• “Configuring Static Routes and Services” on page 127
• “Configuring Watchdog Spoofing” on page 141
• “Configuring Routed or Static On-Demand Calls” on page 143
• “Configuring IPX and NCP Header Compression” on page 145
• “Configuring NLSP” on page 148
• “Configuring RIP and SAP” on page 153
• “Proxying a NetWare File Server” on page 160
• “Configuring the IPX Address Mapping Gateway” on page 162
• “Configuring IPX Route Aggregation” on page 164
• “Controlling the Propagation of Type 20 Packets” on page 165
• “Changing the Hop Count Limit for IPX Packets” on page 167
• “Balancing Traffic Loads over Equal-Cost Routes” on page 169
Chapter 8: Configuring IPX 121
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
he
n a
,
nd
og
• “Configuring SPX Connection Parameters” on page 171
• “Setting Delay and Throughput for a Slow Link” on page 172
IPX Configuration Decisions
How you configure IPX beyond its most basic configuration depends on tfollowing decisions:
• Whether to turn off IPX packet forwarding or to use the system as an IPX router
The routing software enables you to turn off IPX packet forwarding oNetWare® file server. This is useful when you have more than one NetWare system connecting two or more LANs and you want to free one of the systems from the task of forwarding—that is, routing —IPX packets between the LANs.
To turn off IPX packet forwarding, refer to “Turning Off IPX Packet Forwarding” on page 125
• If you have WAN connections, whether to configure any of the following:
• Static routes and services
• Watchdog packet spoofing
• Routed or static on-demand calls
• IPX and NetWare Core ProtocolTM (NCPTM ) header compression
How you configure a WAN connection for IPX depends on how you want to use the connection and whether you use IPX with PPP, X.25frame relay, or asynchronous transfer mode (ATM).
Note Before you can configure IPX to run over a WAN connection, you must configure the WAN board, a network interface, and at least one WAN call destination.
To configure static routes and services for a permanent or on-demacall, refer to “Configuring Static Routes and Services” on page 127
To configure watchdog packet spoofing, refer to “Configuring WatchdSpoofing” on page 141
122 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
P
nd
PC f ame ns' tion
es:
sing
sses
t
To configure routed or static on-demand calls, refer to “Configuring Routed or Static On-Demand Calls” on page 143
To configure header compression, refer to “Configuring IPX and NCHeader Compression” on page 145
• Whether to use NLSP, RIP/SAP, or both
NetWare Link Services ProtocolTM (NLSPTM ) software is the Novell link state routing protocol for IPX internetworks; Routing Information Protocol (RIP) and Service Advertising Protocol (SAP) are the traditional NetWare routing and service advertising protocols.
To configure NLSP on your router, refer to “Configuring NLSP” on page 148
To configure RIP and SAP on your router, refer to “Configuring RIP aSAP” on page 153
• Whether to configure file server proxying on a dedicated router
File server proxying is useful when you have a dedicated router—a running Novell Internet Access Server 4.1 over a two-user version oNetWare 4.11—and several NetWare workstations operating on the snetwork. Proxying enables the dedicated router to reply to workstatioGet Nearest Server requests with the name of a NetWare file serverinstead of its own. This enables the server, which has multiple connecslots, to handle simultaneous NCP connection requests from the workstations.
To configure file server proxying, refer to “Proxying a NetWare File Server” on page 160
• Whether to use the IPX Address Mapping Gateway
The IPX Address Mapping Gateway provides the following advantag
• You can connect to a backbone network even when your localnetwork numbers are not compatible with the backbone addresscheme.
• If the routing protocol in the backbone does not support route aggregation, like most implementations of NLSP, the routing protocol probably cannot manage the number of network addrefrom every user. Even if the routing protocol could handle routeaggregation, network numbers might be assigned in a way thadoes not lend itself to aggregation. The IPX Address Mapping
Chapter 8: Configuring IPX 123
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
X
o an
t
t e
our
nt
ame for
ing
Gateway enables the summarization of routes in a manner transparent to the routing protocol by mapping many network numbers to a single number outside the local network.
To use the IPX Address Mapping Gateway, refer to “Configuring the IPAddress Mapping Gateway” on page 162
• Whether to use IPX Route Aggregation
IPX Route Aggregation allows your router to compactly report manyIPX networks to a connecting backbone network. IPX Route Aggregation is most useful when several RIP networks are attached tNLSP backbone network. Information in the backbone network is minimized by having the routers that connect to RIP networks reporaddress summaries for these networks.
To use IPX Route Aggregation, refer to “Configuring IPX Route Aggregation” on page 164
• Whether to change how your router propagates type 20 packets
Type 20 is an IPX packet type that refers to any propagated packet.NetBIOS packets, for example, are type 20 packets. If your router processes a large number of type 20 packets, you can control how ipropagates these packets through its interfaces. This can reduce thamount of traffic on a LAN.
To change how your router propagates type 20 packets, refer to “Controlling the Propagation of Type 20 Packets” on page 165
• Whether to change the hop count limit of outbound IPX packets
This enables you to control the range of outbound IPX packets on yrouter.
To control the range of IPX packets, refer to “Changing the Hop CouLimit for IPX Packets” on page 167
• Whether to balance traffic loads over equal-cost routes
If your router has two or more network interfaces that can reach the sdestination, it can distribute outbound traffic among those interfacesan effective increase in throughput. This is called load balancing .
To configure load balancing over equal-cost routes, refer to “BalancTraffic Loads over Equal-Cost Routes” on page 169
124 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
ed o eed run
a
e
and
PX
his you es.
but
ot ing
rk.
uting ts file
• Whether to configure SPX connection parameters
Some NetWare applications have specific requirements for SequencPacket ExchangeTM (SPXTM ) connection timeouts, retry counts, and son. If any of these applications are used on your network, you might nto configure certain SPX parameters to enable these applications toproperly.
To configure any of these parameters, refer to “Configuring SPX Connection Parameters” on page 171
• Whether to change the delay and throughput values on your router
This section explains how to set the delay and throughput values onrouter to avoid connection timeouts over a slow link. This is often necessary for routers on LANs or bridged network segments that arseparated by slow links.
To change the delay and throughput values, refer to “Setting Delay Throughput for a Slow Link” on page 172
Turning Off IPX Packet Forwarding
As a typical part of its operation, a NetWare file server forwards (routes) Ipackets between its network interfaces. By disabling the Packet Forwarding parameter, you turn off IPX packet forwarding on a NetWare file server. Tis useful when you have more than one NetWare system on a network andwant to make more computing resources available for file and print servic
A server with IPX packet forwarding disabled still operates as a file server,broadcasts only its own services and internal network number—not thoseassociated with its network interfaces. A server operating in this way is sometimes called a multihomed server. Although a multihomed server does nreply to routing requests from NetWare workstations, it still accepts incomRIP and SAP broadcasts to maintain its bindery.
Figure 8-1 shows how the tasks of routing and file service can be dividedbetween a NetWare file server and a dedicated router on the same netwoTypically, the task of routing IPX traffic between the two internetworks is shared by the router and the file server. When you disable IPX packet forwarding on the file server, the dedicated router assumes the task of roall IPX traffic. The file server, now free from the tasks of routing IPX packeand answering route requests, can devote its full processing resources toservice.
Chapter 8: Configuring IPX 125
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Figure 8-1
Turning Off IPX Packet Forwarding on a NetWare File Server
You should turn off IPX packet forwarding if you do not want the server to forward IPX packets between its interfaces.
For more information about IPX routing and related topics, refer to Novell Internet Access Server 4.1 Routing Concepts . For more information about NetWare file and print services, refer to your NetWare documentation.
How to Turn Off IPX Packet Forwarding
Before you begin, you must have at least two NetWare servers, or one NetWare server and a dedicated router on the same IPX network.
To turn off IPX packet forwarding, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > IPX
NetWareFile Server
Packet Forwarding = Disabled
NetWareRouter
IPXInternetwork
NetWareWorkstation
NetWareWorkstation
IPXInternetwork
IPXInternetwork
NetWareWorkstationFile Services
Routed Traffic
126 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
l—ss t and
ter
hen calls
rriers to
.
. to uter
2. The Packet Forwarding parameter is already highlighted; select it, then select Disabled .
3. Press Esc and save your change.
4. Press Esc to return to the Internetworking Configuration menu.
5. If you want this change to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
Configuring Static Routes and Services
A static route is a RIP route that is added to a router’s Routing Information Table by a network administrator rather than by the active routing protocoin this case, RIP—operating over a network link. With Novell Internet AcceServer 4.1, you can configure static routes and services for both permanenon-demand calls.
A permanent call is a connection that remains active between the local rouand the remote router identified by the call destination. An on-demand call is a point-to-point connection between two routers that becomes active only wone router must send user data to the router at the other end. On-demandare well-suited for connections that use expensive telecommunications caand for slow links over which it is undesirable to send routing and servicetraffic. For more information about permanent and on-demand calls, referNovell Internet Access Server 4.1 Routing Concepts .
You can configure static routes and services with the following utilities:
• NIASCFG —With NIASCFG, you must configure all routes and services manually. To activate the configuration on both routers, youselect Reinitialize System from the Internetworking Configuration menuUse NIASCFG to set up WAN call destinations at each end of the connection and configure static routes and services.
• STATICON —The static route and service configuration utility for IPXSTATICON uses the Simple Network Management Protocol (SNMP)discover which routes and services are available through a remote roand adds them to the static routing table on a local router.
Chapter 8: Configuring IPX 127
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
s,”
ns,”
Before configuring static routes and services with STATICON, you must use NIASCFG to set up the WAN call destinations and activate the configuration by selecting Reinitialize System . You then load STATICON and configure the static routes and services on the routers. STATICON configures all routes and services on each router automatically and allows you to try the static configuration before saving it to disk. The STATICON configuration becomes active immediately; you do not need to reinitialize or restart the router.
For more information about static routes and services and related topics, refer to Novell Internet Access Server 4.1 Routing Concepts .
Configuring Static Routes and Services with NIASCFG
Note If you plan to configure static routing information, we recommend using STATICON to avoid potential routing loops.
Before you configure static routes and services with NIASCFG, determine the addresses of the networks or hosts that you want to access. Then set up a WAN call destination, on each router, to the router at the other end of the connection.
For information about setting up WAN call destinations for permanent connections, refer to Chapter 3, “Configuring Permanent PPP Connectionon page 51
For information about setting up WAN call destinations for on-demand connections, refer to Chapter 4, “Configuring On-Demand PPP Connectioon page 69
Warning When setting up a call destination, be sure you set the Remote System ID parameter to the server name of the system initiating the inbound call. The local system checks each inbound call against the remote system ID.
Configuring Static Routes
To configure static routes with NIASCFG, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > a WAN interface > WAN Call Destinations
128 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
is
al
h N
the
2. Select a WAN call destination from the list, or press Ins to choose from a list of available call destinations.
3. Select Static Routes .
A new screen displays any configured static routes.
4. Press Ins , then enter the following information:
• Network Number —Network number that must be accessed for thon-demand call.
• Hops to Network —Number of routers crossed to reach the specified network number. If the network number is in the internnetwork of the remote router, specify 1.
• Ticks to Network —Number of ticks used to allow a packet to reacthe destination network. Add one tick to this value for each LAhop.
5. Press Esc and save your changes.
6. Press Esc to return to the Internetworking Configuration menu.
7. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitializesystem when you are finished.
Configuring Static Services
Hint If you plan to configure any uncommon services, we recommend using STATICON to avoid errors.
To configure static services with NIASCFG, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > a WAN interface > WAN Call Destinations
2. Select a WAN call destination from the list, or press Ins to choose from a list of available call destinations.
Chapter 8: Configuring IPX 129
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
e , is
a ).
ter,
. If ter, e
e.
e p.
3. Select Static Services .
A new screen displays any configured static services.
4. Press Ins , then enter the following information:
• Service Name —Name of the service to be accessed through thon-demand call. This name, which is typically the server nameadded to the local service and routing tables.
Note If you need to obtain service name information, use the IPXCON utility at the remote router. If you use STATICON to configure static services, this information is obtained automatically.
• Service Type —SAP service type for this service, expressed as hexadecimal number. This is typically the file server type (0004Press Ins to display a list of service types.
• Service Address Network —IPX network number of the service. Ifyou are specifying a file service or a service on a server or rouenter the internal network number of that server or router.
• Service Address Node —Node address where the service residesyou are specifying a file service or a service on a server or rouenter 1 . If you are specifying a NetWare 2 file server, specify thNIC address of LAN board A.
• Service Address Socket —Socket number on which this service listens for service requests. If you are specifying a file service,enter 0x0451 .
Note If you need to obtain service address socket information, use the IPXCON utility at the remote router. If you use STATICON to configure static services, this information is obtained automatically.
• Hops to Service —Number of routes crossed to reach the servic
• Ticks to Service —Number of ticks needed for a packet to reach thdestination network. Add one tick to this value for each LAN ho
5. Press Esc and save your changes.
6. Press Esc to return to the Internetworking Configuration menu.
7. If you want these changes to take effect immediately, select Reinitialize System .
130 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
rs.
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
Configuring Static Routes and Services with STATICON
STATICON provides a fast and error-free way to configure static routes and services on routers at each end of a point-to-point WAN connection. However, before loading STATICON, you must use NIASCFG to complete the following preparatory tasks on each router:
• Set up a WAN call destination to the router at the other end of the connection.
• Select Reinitialize System to activate the NIASCFG configuration.
Important For STATICON to operate, the router at the other end of the connection must either be running Novell Internet Access Server 4.1 or be a third-party router that supports IPX SNMP and the IPX Management Information Base (MIB) variables.
When you load STATICON, the Select Configuration Method menu appeaTable 8-1 describes each menu option.
Chapter 8: Configuring IPX 131
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
l
ke a
m
ic
ic
the
the
Table 8-1Select Configuration Method Menu Options
The most efficient way to configure static routes and services is to select the Dynamically Configure Static Routing Tables option. This enables you to select from the following options:
• Autoconfigure Local and Remote Routing Tables —Exchanges all routing and service table information automatically with the remote router. Select this option if you want an on-demand call to obtain fulrouting and service information in the static routing tables. A status screen shows the progress of the exchange. This exchange might tasignificant time to complete if you are working over a slow link or onlarge network.
• Configure Local Routing Tables —Selectively configures routing and service tables for the local router from information learned from the remote router through IPX SNMP requests.
• Configure Remote Routing Tables —Selectively configures the routing and service tables for the remote router from information learned frothe local router through IPX SNMP requests.
Menu Option Description
Dynamically Configure Static Routing Tables
Opens an on-demand call to the remote router and allows you to edit the local and remote configurations using dynamically obtained selection lists.
Configure Services from Gatekeepers Opens an on-demand call to obtain a list of services available from a gatekeeper and allows you to select the services you want. The gatekeeper is normally on the other side of a WAN link.
Configure Local Static Services Lets you configure static services manually on the local router. This configuration is nearly identical to the one presented in “Configuring StatServices” on page 129
Configure Local Static Routes Lets you configure static routes manually on the local router. This configuration is nearly identical to the one presented in “Configuring StatRoutes” on page 128
Write Static Routing Tables to Permanent Storage
Sends IPX SNMP requests to the local router to put the routing table information into permanent storage. The router is polled to ensure that information is updated.
Restore Static Routing Tables from Permanent Storage
Sends IPX SNMP requests to the local router to restore routing table information from permanent storage. The router is polled to ensure that information is updated.
132 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
ocal ach
cal
ted.
ally, and
it e s
• Write Connection Routing Tables to Permanent Storage —Sends IPX SNMP requests to the local and remote routers to save the current land remote routing tables for this connection to permanent storage. Erouter is polled to make sure the operation is completed.
• Restore Connection Routing Tables from Permanent Storage —Sends IPX SNMP requests to the local and remote routers to restore the loand remote static routing tables for this connection from permanent storage. Each router is polled to make sure the operation is comple
For more information about configuring static routes and services dynamicrefer to “Selectively Configuring Static Routes and Services” on page 134 “Automatically Configuring Static Routes and Services” on page 138
Checking Write Access on the Remote Router
For STATICON to configure a remote router's routing and service tables, must support IPX SNMP and the IPX MIB variables and have SNMP-writaccess to the router. If the remote router is running Novell Internet AccesServer 4.1, specifying a Control Community from NIASCFG enables write access.
To check write access, complete the following steps:
1. Load NIASCFG on the remote router, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Manage Configuration > Configure SNMP Parameters
The Control State field should read Any Community May Write or Specified Community May Write . If it reads Specified Community May Write , note the name in the Control Community field. Use this name when you must provide the name of the SNMP control community inStep 8 on page 135 of “Selectively Configuring Static Routes and Services” on page 134 and Step 8 on page 138 of “Automatically Configuring Static Routes and Services” on page 138
2. Press Esc to return to the Internetworking Configuration menu.
3. Exit NIASCFG.
Chapter 8: Configuring IPX 133
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Selectively Configuring Static Routes and Services
Through selective configuration, you can choose specific routes and services you want to add to a routing table. This feature lets you select from an existing routing table the routes and services that your router does not have in its table. You can copy routes to a remote router from a local router, or copy routes to a local router from a remote router.
To selectively configure static routes and services, complete the following steps:
1. Load STATICON.
2. Select Dynamically Configure Static Routing Tables .
STATICON displays the on-demand calls of which IPX is currently aware. It also shows the connection state of each call.
Note The Auto Static Route listed in the display is the nonconfigured static route to the internal network on the other side of the WAN link. This automatic static route ensures a route across the link in case normal RIP filtering might prevent such a route. It must not be deleted.
3. Use the arrow keys on your keyboard to select the WAN call destination associated with the remote router.
4. If the Status field associated with the call reads Not Connected , press Ins to connect the call.
5. Wait for the Status field to change to Connected .
This can take several seconds if you are using a dial-up line.
6. Press Enter .
7. Do one of the following:
To configure the routing table for the local router, select Configure Local Routing Tables.
To configure the routing table for the remote router, select Configure Remote Routing Tables.
134 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
” on
ly
ve d
s and t in
as
the
8. Enter the SNMP Control Community name associated with the remote router, or press Enter to accept the default Control Community named public .
The remote router must have write access enabled. If you need to check write access, refer to “Checking Write Access on the Remote Routerpage 133
9. If you selected Configure Local Routing Tables , complete the following steps; otherwise, continue with Step 10 on page 136 .
A progress screen appears while the local system reads the currentconfigured routes and services.
After the Locally Configured Routes screen appears, you can remoitems from the routing table by highlighting or marking the entries anpressing Del .
9a. Press Ins to add static routes or services to the local routing table.
A progress screen appears while the local system gathers information from the remote router.
The Selectable Routes and Services screen appears. The routeservices listed here are from the remote router's table. The listshows only the routes and services that are not already presenthe local router's table.
9b. Mark the routes or services you want to add to the local routing table.
Use the following keys to mark your selections:
• F5 —Marks the current entry.
• Tab —Marks all entries that have the same network numberthe currently highlighted entry.
• F6 —Lets you use wildcard characters (* and ?) to select entries.
If you use F6 , the Select Wild Card Marking Option screenappears. You can select Match Service Names or Match Network Numbers . After you make a selection, the Enter Pattern for Matching screen appears, enabling you to entername or number pattern and wildcard.
9c. Press Enter .
Chapter 8: Configuring IPX 135
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
as
the
The Select Currently Marked Routes and/or Services? screen appears.
9d. Select Yes . Proceed to Step 11 on page 137 .
10. If you selected Configure Remote Routing Tables , complete the following steps:
A progress screen appears while the local system gathers information from the remote router.
After the Remote Router’s Configured Routes and Services screen appears, you can remove items from the routing table by highlighting or marking the entries and pressing Del .
10a. Press Ins to add static routes or services to the remote routing table.
A progress screen appears while the local system reads the currently configured routes and services.
The Selectable Routes and Services screen appears. The routes and services listed here are from the local router’s table. They show only the routes and services that are not already present on the remote router’s table.
10b. Mark the routes or services you want to add to the remote routing table.
Use the following keys to mark your selections:
• F5 —Marks the current entry.
• Tab —Marks all entries that have the same network numberthe currently highlighted entry.
• F6 —Lets you use wildcard characters (* and ?) to select entries.
If you use F6 , the Select Wild Card Marking Option screenappears. You can select Match Service Names or Match Network Numbers . After you make a selection, the Enter Pattern for Matching screen appears, enabling you to entername or number pattern and wildcard.
10c. Press Enter .
The Select Currently Marked Routes and/or Services? screen appears.
136 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
isk:
10d. Select Yes .
11. Press Esc twice.
STATICON allows you to choose whether to save the static configuration to disk now or test the configuration first by trying to establish a connection.
If you want to save the configuration to disk now, continue with Step 12 on page 137 .
If you want to test the configuration before saving it to disk, select Do Not Save the Routing Tables to Permanent Storage.
In this case, the configuration remains in router memory.
If you decide later to save the configuration to disk, return to the Select Configuration Option For This Call screen and select Write Connection Routing Tables to Permanent Storage .
The configuration is saved to disk if you did not do any of the following while testing the configuration:
• Restart the router
• Delete the WAN call destination from NIASCFG
• Unload IPXRTR
12. Select Save the Routing Tables to Permanent Storage .
Note Changes you make from STATICON take effect immediately; you do not need to reinitialize or restart either router after completing the configuration.
The following message appears after the configuration is saved to d
Writing static routing tables for this call to permanent storage completed successfully in router <router_name >.
<Press ENTER to continue>
13. Press Enter , then press Esc until you return to the Select Configuration Method menu.
14. Exit STATICON.
Chapter 8: Configuring IPX 137
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
” on
vices
Automatically Configuring Static Routes and Services
Configuring static routes and services automatically lets you copy all the missing routes from your local router to a remote router and from the remote router to your local router at the same time.
To automatically configure static routes and services, complete the following steps:
1. Load STATICON.
2. Select Dynamically Configure Static Routing Tables .
STATICON displays the on-demand calls of which IPX is currently aware. It also shows the connection state of each call.
3. Use the arrow keys on your keyboard to select the WAN call destination associated with the remote router.
4. If the Status field associated with the call reads Not Connected , press Ins to connect the call.
5. Wait for the Status field to change to Connected .
This can take several seconds if you are using a dial-up line.
6. Press Enter .
7. Select Autoconfigure Local and Remote Routing Tables .
8. Enter the SNMP Control Community name associated with the remote router, or press Enter to accept the default Control Community public .
The remote router must have write access enabled. If you need to check write access, refer to “Checking Write Access on the Remote Routerpage 133
A progress screen appears as STATICON exchanges routes and serwith the remote router. This might take several minutes if you are working over a large network or slow link.
The following message appears when the exchange is complete:
Autoconfiguration of Routing Tables between local and remote Routers completed successfully.
138 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
isk:
<Press ENTER to continue>
9. Press Enter .
STATICON allows you to choose whether to save the static configuration to disk now or try the configuration first.
If you want to save the configuration to disk now, continue with Step 10 on page 139 .
If you want to try the configuration before saving it to disk, select Do Not Save the Routing Tables to Permanent Storage.
In this case, the configuration remains in router memory.
If you decide later to save the configuration to disk, return to the Select Configuration Option For This Call screen and select Write Connection Routing Tables to Permanent Storage .
You can do this as long as you do not do any of the following while trying out the configuration:
• Restart the router
• Delete the WAN call destination from NIASCFG
• Unload IPXRTR
10. Select Save the Routing Tables to Permanent Storage .
Note Changes you make from STATICON take effect immediately; you do not need to reinitialize or restart either router after completing the configuration.
The following message appears after the configuration is saved to d
Writing static routing tables for this call to permanent storage completed successfully.
<Press ENTER to continue>
11. Press Esc until you return to the Select Configuration Method menu.
12. Exit STATICON.
Chapter 8: Configuring IPX 139
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Configuring Services for a Gatekeeper
A gatekeeper is a special file server that is located in the hub of an internetwork and is able to see all public services from all connected sites. A gatekeeper stores routing and services information in its bindery, Novell’s equivalent of a telephone book. Using STATICON, you can obtain a list of services available from a gatekeeper and select the required services for advertisement by your local router. For more information about gatekeepers and binderies, refer to Novell Internet Access Server 4.1 Routing Concepts .
To configure services for a gatekeeper, complete the following steps:
1. Load STATICON.
2. Select Configure Services for Gatekeepers .
STATICON displays the IPX Calls screen, a list of on-demand calls of which IPX is currently aware. It also shows the connection state of each call.
3. Use the arrow keys on your keyboard to select the WAN call destination associated with the remote router.
4. If the Status field associated with the call reads Not Connected , press Ins to connect the call.
5. Wait for the Status field to change to Connected .
This can take several seconds if you are using a dial-up line.
6. Press Enter .
The Select Configuration Option For This Call screen displays.
7. Select Configure Local Routes and Services .
The Configured Services screen displays.
8. Press Ins to display a list of gatekeepers.
9. Use the arrow keys to select a gatekeeper, then press Enter .
STATICON displays messages that it is attaching to the selected gatekeeper and that it is scanning the gatekeeper for services. Service names are displayed as STATICON discovers them. When the scanning
140 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
is completed, a list is displayed of all the services available from the gatekeeper.
10. Select all the services you want by using the arrow keys to highlight each desired service, then pressing F5 .
11. Press Enter to confirm your selection of all the marked services.
12. Optionally, press Esc to return to the IPX Calls screen and then repeat Step 3 on page 140 through Step 11 for another WAN call.
13. Save the information as follows:
If you have collected gatekeeper information for a single WAN call, press Esc to return to the Select Configuration Option For This Call screen, then select Write Static Routing Tables to Permanent Storage.
If you have collected gatekeeper information for multiple WAN calls, press Esc to return to the STATICON main menu, then select Write Static Routing Tables to Permanent Storage.
14. If necessary, press Esc to return to the Select Configuration Method menu. Exit STATICON.
Configuring Watchdog Spoofing
When several workstations are operating over an on-demand call, the frequent exchange of watchdog packets can keep the connection active most of the time. Depending on the telecommunications carrier you use for the connection, this can become expensive.
You can avoid this by configuring your router to spoof the watchdog packets. This means that the router captures watchdog query packets on their way to a workstation and responds on the workstation’s behalf without activating the on-demand call.
Note, however, that because of spoofing, the workstation’s server connection remains occupied unless the workstation logs out. To avoid this, have the remote server execute a forced logout of all workstations at a predetermined time so that all server connections are free for the next day.
For more information about watchdog spoofing and related topics, refer to Novell Internet Access Server 4.1 Routing Concepts .
Chapter 8: Configuring IPX 141
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
How to Configure Watchdog Spoofing on an Interface
By default, watchdog spoofing is enabled for all on-demand WAN connections. If you want to disable watchdog spoofing on a WAN interface, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > a WAN interface > Expert Bind Options
2. Select On Demand Spoofing , press Enter , then select Disabled .
3. Press Esc and save your change.
4. Press Esc to return to the Internetworking Configuration menu.
5. If you want this change to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
How to Configure Watchdog Spoofing for Call Destinations
By default, watchdog spoofing is enabled for all on-demand WAN connections. To configure watchdog spoofing for a particular on-demand WAN call destination, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > a WAN interface > WAN Call Destinations
2. Select a call destination.
If you are modifying an on-demand call that has already been configured, select one from the list.
If you are configuring a new on-demand call, press Ins and choose a call from the list of available calls.
3. Select Expert Options .
4. Select On Demand Spoofing .
142 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
k. In no
The default state is Use Default . This means the call uses the spoofing state to which the interface is currently set.
If spoofing is enabled on the interface but you want to disable it only for this call, select Disabled.
If spoofing is disabled on the interface but you want to enable it only for this call, select Enabled.
5. Press Esc and save your changes.
6. Press Esc to return to the Internetworking Configuration menu.
7. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
Configuring Routed or Static On-Demand Calls
Novell Internet Access Server 4.1 enables you to configure a routed on-demand call or static on-demand call for each WAN call destination.
Unlike the standard on-demand call, which relies on statically configured routes and services at each end of a point-to-point connection, a routed on-demand call runs a routing protocol while the link is active. When the link goes down, the routes and services made known by the routing protocol become unavailable.
Typically, a Data-Link layer timer triggers the termination of an on-demand call after no data has crossed the link for some period of time. Because a routing protocol running over a routed on-demand call would reset this timer each time a protocol packet is sent or received, it would keep a link active because of the protocol data flowing through. To solve this problem, Novell Internet Access Server 4.1 uses a timer that operates at the Network layer. This timer is reset only when data packets—not protocol packets—cross the linthis way, the routing updates do not keep an on-demand link active whendata is being transmitted.
Note A minimal (seed) set of static routes and services must be associated with a routed on-demand call for key server access. Unless the call is known to get somewhere, the link will not come up. After the link comes up, other services and routes can be accessed.
Chapter 8: Configuring IPX 143
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
s.
ps:
-
For more information about routed and static on-demand calls and related topics, refer to Novell Internet Access Server 4.1 Routing Concepts .
How to Configure Routed or Static On-Demand Calls
Before you begin, you must complete the following tasks:
• Configure at least one on-demand WAN call destination.
• Configure a minimal set of routes and services for key server acces
To configure a routed or static on-demand call, complete the following ste
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings
2. Select an on-demand call.
If you are modifying an on-demand call that has already been configured, select one from the list.
If you are configuring a new on-demand call, press Ins and choose a call from the list of available calls.
The WAN Call Destination Entry screen is displayed.
3. Select WAN Call Destinations .
4. Select a WAN call destination from the list of configured calls, then do one of the following:
To configure a routed on-demand call, select Routed On Demand from the pop-up menu, then proceed to Step 5 on page 144 .
To configure a static on-demand call, select Static On Demand from the pop-up menu, then proceed to Step 6 .
By default, on-demand calls are static, and routing traffic over an ondemand call is disabled.
5. For a routed on-demand call only, do the following:
5a. Select RIP Bind Options .
5b. Configure the routing protocol you want to run over the call.
144 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
.
y.
ry.
the
ver
der w
n the t it.
If you want to run RIP/SAP:
• Select RIP Options .
• Set RIP State Override to On .
• Configure the other RIP override parameters as necessary
• Press Esc .
• Select SAP Options .
• Set SAP State Override to On .
• Configure the other SAP override parameters as necessar
If you want to run NLSP:
• Select NLSP Options .
• Set NLSP State Override to On .
• Configure the other NLSP override parameters as necessa
6. Press Esc and save your changes.
7. Press Esc to return to the Internetworking Configuration menu.
8. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitializesystem when you are finished.
Configuring IPX and NCP Header Compression
Header compression increases the throughput of IPX and NCP packets olow-speed serial lines. An IPX packet header is 30 bytes and is typically followed by an upper-layer protocol header, such as an SPX header. Heacompression reduces the size of this combined packet header to just a febytes.
Header compression is negotiated by the IPXWANTM protocol when a call is established over any WAN connection. Header compression is not used oconnection if IPXWAN detects that one of the end nodes does not suppor
Chapter 8: Configuring IPX 145
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ne or s are .
d
lete
is ce,
ore
When you enable header compression, you can also specify the number of compression slots . A compression slot is a location in router memory that stores packet header information. The compression algorithm uses this information to compress outgoing—and decompress incoming—packet headers.
By default, the number of allocated compression slots is 16. In general, asession between two end points uses one slot; routing information uses otwo. Each slot can contain an IPX or an NCP header. When no more slotavailable, packet headers are sent uncompressed, or old slots are reused
For more information about IPX and NCP header compression and relatetopics, refer to Novell Internet Access Server 4.1 Routing Concepts .
Important To use header compression, the routers at each end of the connection must have header compression enabled and must allocate the same number of header compression slots . If the number of compression slots is different on each router, IPXWAN selects the lesser of the two.
How to Configure IPX and NCP Header Compression on an Interface
To configure IPX and NCP header compression on a WAN interface, compthe following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > a WAN interface > Expert Bind Options
2. Select Header Compression .
This parameter enables or disables header compression for all IPX packets sent through this interface. By default, header compressionenabled on all WAN interfaces; if you want to disable it on the interfaselect Disabled .
3. Select Compression Slots , then enter the number of slots you want to allocate to this interface.
The more concurrent IPX sessions you use over the interface, the mcompression slots you should allocate.
Important Be careful not to allocate too many compression slots. Memory is required to store the headers, and the compression algorithm must scan through stored headers to find a
146 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
match for each transmitted packet. An excessive number of slots results in a higher processing load and slower performance.
4. Press Esc and save your changes.
5. Press Esc to return to the Internetworking Configuration menu.
6. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
How to Configure IPX and NCP Header Compression per Call Destination
By default, header compression is enabled for all WAN connections. To configure header compression for a particular WAN call destination, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > a WAN interface > WAN Call Destinations
2. Select a call destination.
If you are modifying a call that has already been configured, select one from the list.
If you are configuring a new call, press Ins and choose a call from the list of available calls.
3. Select Expert Options .
4. Select Header Compression .
The default state is Use Default . This means the call uses the compression state to which the interface is currently set.
If compression is enabled on the interface but you want to disable it only for this call, select Disabled.
If compression is disabled on the interface but you want to enable it only for this call, select Enabled.
Chapter 8: Configuring IPX 147
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
o
rks. ices
152
ket. ast
5. Select Compression Slots , then enter the number of slots you want to allocate to this call.
Important Be careful not to allocate too many compression slots. Memory is required to store the headers, and the compression algorithm must scan through stored headers to find a match for each transmitted packet. An excessive number of slots results in a higher processing load and slower performance.
6. Press Esc and save your changes.
7. Press Esc to return to the Internetworking Configuration menu.
8. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
Configuring NLSP
Novell developed NLSP to meet the demands of large IPX internetworks. As a link state routing protocol, NLSP offers better performance, reliability, and scalability than the IPX RIP routing traditionally employed by NetWare servers.
Unlike RIP and SAP, which periodically broadcast routing and service information respectively, NLSP transmits routing information only when a change occurs in a route or service somewhere in the network, or every two hours —whichever occurs first. Because NLSP generates fewer routing updates than RIP and SAP, it uses less network bandwidth to maintain itsrouting database.
To transmit information about its directly connected routers and the links tthose routers, an NLSP router uses Link State Packets (LSPs). By default, LSPs are 512 bytes, a nominal value that is sufficient for most IPX netwoIf you have a large network—on the order of 4,000 routes and 2,000 servor more—you should increase the value of the LSP Size parameter to 1024. To configure this parameter, refer to “How to Change the LSP Size” on page
By default, NLSP broadcasts its packets because some LAN drivers do notproperly support multicast , a transmission mode that enables only those devices listening for a specific multicast packet address to accept the pacYou can, however, change the NLSP packet transmission mode to multic
148 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
. r its ld
with the MAC Channel parameter. An advantage of using multicast transmission is that NLSP packets sent by multicast do not clutter nonrouting nodes with unnecessary traffic.
Note All NetWare systems on the same LAN must use the same NLSP packet transmission mode.
NLSP makes large IPX internetworks more manageable by allowing you to partition them into administrative domains called routing areas . Each routing area can be identified by up to three area addresses , a unique, 4-byte hexadecimal number that identifies each NLSP router as being part of a routing area. Although area addresses are not required, they are available chiefly for compatibility with future versions of NLSP and do provide some benefit for large IPX internetworks.
Warning Do not configure area addresses unless you must partition a large IPX internetwork. If you make an error in the address assignments, you can partition your network inadvertently and lose connectivity between some routers.
For more information about routing areas and partitioning an IPX internetwork, refer to Novell Guide to NLSP Migration .
Each NLSP router is identified by a unique, 6-byte hexadecimal number called the system ID . The default system ID comprises a 2-byte constant, 0x0200, followed by the router’s own internal network number. You should not change the system ID unless you have another numbering scheme in place with which you can reliably track and manage the NLSP routers on your network. If you must change a router’s system ID, use another unique number, such as the physical address of one of the router’s network interface boards.
Using a default cost value based on media throughput, NLSP chooses the best route by which to forward IPX packets. Novell Internet Access Server 4.1 enables you to override this value on an interface. By overriding the default cost, you can establish preferred routes, balance traffic loads among interfaces, and set up specific traffic flows between routers. For more information, refer to “Balancing Traffic Loads over Equal-Cost Routes” on page 169
All NLSP routers have a configurable parameter called the Priority . The router with the highest priority becomes the Designated Router , which assumes the responsibility for exchanges of link state information on behalf of all otherNLSP routers on the LAN. You do not typically need to change a router's Priority value; the NLSP routers automatically elect one from themselvesHowever, if you want to force a router to become the Designated Router foLAN, increase its Priority value to at least 85. The router you choose shou
Chapter 8: Configuring IPX 149
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
be typically up and should have enough memory to process NLSP routing information and generate the pseudonode LSP for its LAN. If you want to prevent a particular router from becoming the Designated Router, decrease its Priority value.
Important Novell Internet Access Server 4.1 provides a set of convergence parameters that enable you to customize the operation of NLSP on your router. The default values for these parameters are sufficient for most IPX networks and should be changed only on the advice of your technical support representative.
When configuring NLSP on an interface, you can set the NLSP State parameter to one of two states: On or Off . On enables the router to exchange NLSP packets freely with other NLSP routers on the attached network. Off disables NLSP routing on the interface.
For more information about NLSP and related topics, refer to Novell Guide to NLSP Migration .
How to Configure NLSP
If you implement NLSP throughout a large IPX internetwork, or even if you want to configure NLSP on just a few routers or servers, refer to Novell Guide to NLSP Migration for information about planning your implementation of NLSP.
To configure NLSP on the router, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > IPX
2. Select the Routing Protocol parameter, then select NLSP with RIP/SAP Compatibility .
3. Press Esc to return to the Internetworking Configuration menu, then select the following path:
Select Bindings > a network interface > Expert Bind Options > NLSP Bind Options
4. Select NLSP State .
If you want to run NLSP over the interface, select On.
This enables NLSP routing on the interface.
150 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
you es.
n
ity
ant
If the interface is on an area boundary, or if you want to filter incoming RIP or SAP packets at the interface, select Off.
If the router supports two or more interfaces and you want to filter routes and services to a remote site through this interface:
• Select Off .
• Enable RIP and SAP on the interface.
To enable RIP and SAP, refer to “Configuring RIP and SAP” onpage 153
5. Select MAC Channel , then select the NLSP packet transmission mode.
If you select Multicast , NLSP automatically determines the multicast address. All systems on a network must be set to Multicast ; otherwise, the systems default to Broadcast , the default state for this parameter.
Important Make sure the driver you are using supports multicast transmission; drivers that do not support multicast can cause systems to become unaware of each other.
6. If you want to customize the interface further, configure one or more of the following parameters:
Important Because the default settings for these parameters are suitable for most NLSP networks, you should change them only for a specific purpose. Misconfiguring these parameters can increase routing traffic or cause loss of connectivity on your network.
• MTU Override —Overrides the Maximum Transmission Unit (MTU) of the network medium to which this interface is connected. All outbound packets on this interface use the valueenter. The default value is 0, which means use the MTU of thenetwork medium. For example, the Ethernet MTU is 1,500 byt
Configure this parameter if you have a bridge or other device oyour network, or if you want to transmit smaller packets over aWAN.
• Priority —Sets the priority of the NLSP router on the network segment to which this interface is connected. The default prioris 64; increase this value to at least 85 if you want the router tobecome the Designated Router for its LAN; decrease it if you wto prevent the router from becoming the Designated Router.
Chapter 8: Configuring IPX 151
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
er,
ts , the a .
the
er,
an
e m
the
ing
• Cost Override —Overrides the default cost of the network mediumto which this interface is connected. To configure this parametrefer to “Balancing Traffic Loads over Equal-Cost Routes” on page 169
• Pace Override —Specifies the maximum number of NLSP packethat can be sent each second through this interface. On a LANdefault—and maximum—pace for NLSP packets is 30 pps; onWAN, the NLSP pace is derived from the throughput of the link
The default value for this parameter is 0, which means do not override the current pace.
7. Press Esc and save your changes.
8. Press Esc to return to the Internetworking Configuration menu.
9. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitializesystem when you are finished.
How to Change the LSP Size
The larger the packet a network can carry, the fewer LSPs are required topropagate an NLSP router's link state information on that network. Howevthe LSP used by the router must be no larger than the largest frame size supported by the network, less 30 bytes for the IPX header. For example,ARCnet* LAN can transmit no more than 576 bytes at a time. If you leave LSP Size at the default value of 1024, the LSP cannot be transmitted across thLAN because it is too large. The result is that the network is prevented froconverging.
Before you begin, you should know the maximum frame size supported bynetwork to which the NLSP router is connected.
To change the size of the LSP that a router transmits, complete the followsteps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > IPX > Expert Configuration Options
152 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
2. Select LSP Size , enter a value between 128 and 4096, then press Enter .
3. Press Esc and save your changes.
4. Press Esc to return to the Internetworking Configuration menu.
5. If you want this change to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
Configuring RIP and SAP
RIP and SAP are the routing and service advertising protocols traditionally used by NetWare systems to exchange route and service information on an IPX network. RIP is currently the most common routing protocol used on IPX networks.
RIP and SAP perform well in small networks that have simple architectures and few routers. These protocols, however, begin to reveal their limitations in the large, complex internetworks that are becoming increasingly common throughout the installed base of NetWare systems.
By default, RIP and SAP packets are broadcast every 60 seconds, even if no change has occurred anywhere in a route or service. Depending on the size and speed of the network, these periodic broadcasts can consume a significant amount of bandwidth and burden NetWare nodes, especially over WAN links.
Novell Internet Access Server 4.1 provides a configurable parameter, Periodic Update Interval , that enables you to control how often a router broadcasts its route and service updates. This, along with other configurable parameters, such as Aging Interval Multiplier , Pace Override , and Packet Size Override , enables you to fine-tune the operation of RIP and SAP on your router. However, the default values for these parameters are sufficient for most IPX networks and should be changed only on the advice of your technical support representative. A misconfiguration can cause the router to lose routes and services or even generate more traffic than usual.
When configuring RIP on an interface, you can set the RIP State parameter to one of three states: Auto , On , or Off . Auto , the default state, enables the router to accept incoming RIP packets and rebroadcast their routes only if RIP-
Chapter 8: Configuring IPX 153
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
broadcasting devices, such as NetWare 2 servers, are operating on the attached network. If those devices are removed from the attached network, the Auto -state interface responds by automatically disabling RIP and enabling NLSP. On enables the router to exchange RIP packets freely with other RIP routers on the network. Off disables RIP routing on the interface but does not prevent the router from responding to incoming requests for RIP routes from local NetWare workstations.
Similarly, you configure SAP on an interface with the SAP State parameter, which can also assume one of three states: Auto , On , and Off . Auto , the default state, enables the router to accept incoming SAP packets and rebroadcast their services only if SAP-broadcasting devices, such as NetWare 2 servers, are operating on the attached network. If those devices are removed from the attached network, the Auto -state interface responds by automatically disabling SAP and enabling NLSP. On enables the router to exchange SAP packets freely with other routers on the network. Off disables SAP advertising on the interface but does not prevent the router from responding to incoming requests for services from local NetWare workstations. Additionally, the Off state still allows the router to import locally advertised services.
Note If you want to filter routes or services between routers, use RIP and SAP. NLSP routers cannot filter routes or services.
You should avoid running RIP and SAP over WAN connections because of the cost they incur from periodic transmissions.
For additional information about RIP and SAP, refer to Novell Internet Access Server 4.1 Routing Concepts .
How to Configure RIP
To configure RIP, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > IPX
2. Select Routing Protocol , then select RIP/SAP Only .
Select RIP/SAP Only only if your network has no NLSP routers.
3. Press Esc to return to the Internetworking Configuration menu, then select the following path:
154 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
hed
of
tes
is the
Select Bindings > a network interface > Expert Bind Options > RIP Bind Options
4. Select RIP State .
If you want to run RIP over the interface, select On.
This state is necessary for some third-party products that require RIP to operate.
If you do not want to run RIP over the interface, select Off.
This state disables backward compatibility with older routers and servers that use and depend on RIP.
If non-NLSP devices, such as NetWare 2 servers, are operating on the attached network and you want the router to accept and broadcast RIP packets received from these devices, select Auto.
Auto is the default state.
5. If you want to customize RIP operation further, configure one or more of the following parameters:
Important Because the default settings for these parameters are suitable for most RIP-based IPX networks, you should change them only for a specific purpose. Misconfiguring these parameters can increase routing traffic or cause loss of connectivity on your network.
• Periodic Update Interval —Measured in 30-second units, determines the interval at which RIP packets are transmitted through this interface. The default value is 2 (60 seconds).
Each router on the network segment to which this router is attacmust use the same value for the Periodic Update Interval .
• Aging Interval Multiplier —Controls how long the router keeps route information received through this interface. The product this parameter and the RIP Periodic Update Interval specifies how long the router keeps route information from periodic RIP updareceived through an interface.
Increasing the Aging Interval Multiplier slows the rate at which the router ages the routes in its Routing Information Table. Thisnecessary to keep routes that might otherwise be aged out of routing table because of dropped RIP updates.
The default value for the Aging Interval Multiplier is 4. For example, if RIP packets are sent every 60 seconds (Periodic
Chapter 8: Configuring IPX 155
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
s lt—
ts not
the
Update Interval equals 2), the router keeps the route information for 240 (60 x 4) seconds without refreshing it.
Each router on the network segment to which this router is attached must use the same value for the Aging Interval Multiplier .
• Pace Override —Specifies the maximum number of RIP packetthat can be sent each second through this interface. The defauand maximum—pace for RIP packets is 9 pps.
The default value for this parameter is 0, which means do not override the current pace.
• Packet Size Override —Specifies the size, in bytes, of RIP packesent on this interface. The default value is 0, which means do override the current value.
Each router on the network segment must use the same RIP packet size.
6. Press Esc and save your changes.
7. Press Esc to return to the Internetworking Configuration menu.
8. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitializesystem when you are finished.
How to Configure SAP
To configure SAP, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > IPX
2. Select Routing Protocol , then select RIP/SAP Only .
3. Press Esc to return to the Internetworking Configuration menu, then select the following path:
Select Bindings > a network interface > Expert Bind Options > SAP Bind Options
156 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
ns:
this
this
hed
4. Select SAP State .
If you want to run SAP over the interface, select On.
This state is necessary for some third-party products that rely on SAP to advertise their services. Setting SAP State to On also enables RIP routing on the interface.
If you do not want to run SAP over the interface, select Off.
This state disables backward compatibility with older routers and servers that use and depend on SAP. The router responds to incoming SAP requests, such as Get Nearest Server, even if SAP is disabled on this interface.
If non-NLSP devices, such as NetWare 2 servers, are operating on the attached network and you want the router to accept and broadcast SAP packets received from these devices, select Auto.
Auto is the default state.
5. If you want to customize SAP operation further, configure one or more of the following parameters:
Important Because the default settings for these parameters are suitable for most RIP-based IPX networks, you should change them only for a specific purpose. Misconfiguring these parameters can increase routing traffic or cause loss of connectivity on your network.
• Get Nearest Server Requests Override —Determines whether the router accepts or ignores SAP Get Nearest Server requests it receives through this interface. Select one of the following optio
No Override —Do not override the global setting for the router. This is the default state.
Ignore —Ignore Get Nearest Server requests received through interface.
Accept —Accept Get Nearest Server requests received through interface.
• Periodic Update Interval —Measured in 30-second units, determines the interval at which SAP packets are transmitted through this interface. The default value is 2 (60 seconds).
Each router on the network segment to which this router is attacmust use the same value for the Periodic Update Interval .
Chapter 8: Configuring IPX 157
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
on
hed
ts lt—
ts not
the
and r
• Aging Interval Multiplier —Controls how long the router keeps service advertisements received through this interface. The product of this parameter and the SAP Periodic Update Interval specifies how long the router keeps service information from periodic SAP updates received through an interface. This parameter is a holding multiplier for the SAP Periodic Update Interval .
The default value for the Aging Interval Multiplier is 4. For example, if SAP packets are sent every 60 seconds (Periodic Update Interval equals 2), the router keeps the service informatifor 240 (60 x 4) seconds without refreshing it.
Each router on the network segment to which this router is attacmust use the same value for the Aging Interval Multiplier .
• Pace Override —Specifies the maximum number of SAP packethat can be sent each second through this interface. The defauand maximum—pace for SAP packets is 9 pps.
The default value for this parameter is 0, which means do not override the current pace.
• Packet Size Override —Specifies the size, in bytes, of SAP packesent on this interface. The default value is 0, which means do override.
Each router on the network segment must use the same SAP packet size.
6. Press Esc and save your changes.
7. Press Esc to return to the Internetworking Configuration menu.
8. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitializesystem when you are finished.
Accepting and Advertising Services from a Network Not Listed in the Routing Information Table
Novell Internet Access Server 4.1 routing software includes a SET commthat enables an IPX router to accept and advertise a service from anothe
158 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
network, even if the network number associated with the service is not listed in the router’s Routing Information Table.
The syntax of this command is as follows:
SET REQUIRED NETWORK FOR SERVICES=ON|OFF
To understand how this command works, consider Figure 8-2 , which shows two directly connected IPX routers, one serving a large backbone network, the other serving a NetWare LAN.
Figure 8-2
IPX Router Accepting and Advertising Services from a Network Not Listed in the Routing Information Table
Suppose a NetWare server somewhere within the backbone network advertises its file services, which the backbone router receives as a SAP packet (Service Type=0x0004 and Network Number=0x01234567, for example). When the LAN router receives the SAP packet from the backbone router, it checks its Routing Information Table for the network number 0x01234567.
If the LAN router finds the network number, it adds the associated service information to its services table and advertises the service to the LAN during the next SAP broadcast. If the LAN router does not find the network number, it discards the packet. This function occurs if the following command has been entered at the LAN router:
SET REQUIRED NETWORK FOR SERVICES=ON
This function is disabled by default. However, if this function has been enabled by the preceding command, it can be disabled by entering the following command:
BackboneRouter
BackboneNetwork
LAN Router
NetWare File Serveron Network 0x01234567
NetWareLAN
SAP
Chapter 8: Configuring IPX 159
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ver
file erver
ated est to eous the us
roxy, the
tion
o
ant
SET REQUIRED NETWORK FOR SERVICES=OFF
If the previous command has been entered, the LAN router will not discard the packet if it does not find the network number in its Routing Information Table. If the router does not find the network number, it first checks for the nearest NLSP level 2 router and then for the RIP default route (0xFFFFFFFE) or an aggregated route. If the LAN router finds one of these, it adds the associated service information to its services table. If the LAN router does not find any one of these, it then discards the SAP packet.
Proxying a NetWare File Server
If you have a dedicated router—a PC running Novell Internet Access Ser4.1 over a two-user version of NetWare 4.11—and several NetWare workstations operating on a network, the router can reply with a NetWareserver's name—instead of its own—when it receives a SAP Get Nearest Srequest. This is called proxying a file server .
Proxying avoids the situation in which several workstations on a network restart simultaneously, and the only path to a file server is through the dedicrouter. When each workstation restarts, it sends a Get Nearest Server requthe router. Because the dedicated router cannot support multiple, simultanlogins, all but one of the requesting workstations lock up and fail. Becauseproxied file server has multiple connection slots, it can handle simultaneoNCP connection requests from the workstations.
A dedicated router always replies to Get Nearest Server requests. As a pthe router still replies but gives the proxy name rather than its own. In fact,router replies with the server name even if the server is not active.
In addition to having a server proxy on the network, each NetWare workstashould be configured with a preferred server.
For more information about SAP and Get Nearest Server requests, refer tNovell Internet Access Server 4.1 Routing Concepts .
How to Proxy a NetWare File Server
Before you begin, you must know the name of the NetWare file server you wto proxy.
To proxy a NetWare file server, complete the following steps:
160 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > IPX > Expert Configuration Options
By default, the Get Nearest Server Requests parameter is set to Accept . The setting you select applies to all interfaces. You can, however, override this setting on a particular interface. For a description of how to configure a network interface, refer to the appropriate chapter in this guide for the type of WAN interface you are using.
2. If you want the router to ignore Get Nearest Server requests, set Get Nearest Server Requests to Ignore .
3. Select Override Nearest Server , then select Enabled .
This parameter enables the router to respond to a workstation’s Get Nearest Server requests with the proxied server name instead of its own name.
4. Select Nearest Server , then enter the name of a reliable server (one that is operating most of the time).
5. Press Esc and save your changes.
6. Press Esc to return to the Internetworking Configuration menu.
7. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
How to Check the Proxy Configuration
To make sure the router is proxying for the correct file server, complete the following steps:
1. At the router console prompt, enter
TRACK ON
2. Display the SAP Tracking screen.
Chapter 8: Configuring IPX 161
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
3. Restart one of the NetWare workstations on the network.
4. Watch the SAP Tracking screen for the workstation’s Get Nearest Server request and for the router’s reply with the correct server name.
If you supplied the wrong name or the name of a server that the router cannot reach, the SAP Tracking screen displays the following message:
No response to GNS sent - no route to configured server <server_name>
5. Return to the router console, then enter
TRACK OFF
Configuring the IPX Address Mapping Gateway
The IPX Address Mapping Gateway allows you to connect to a backbone network even when your local network numbers are not compatible with the backbone addressing scheme.
To configure the IPX Address Mapping Gateway, complete the following steps:
1. Load NIASCFG and select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > IPX
2. Select Address Mapping Gateway and select Enabled .
3. Select Address Mapping Gateway Configuration , select Address Mapping Network Number , and enter the number to which your local network will be mapped.
Note You must enter a registered address unique to the backbone.
One number is supported for each router. Additionally, this number is included as part of the SAP name advertised by the IPX Address Mapping Gateway. The SAP name is used by other gateways to locate gateways that use the same address mapping network number when a packet with an unknown reverse mapping is received.
4. Configure the following parameters as needed.
162 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
To configure the maximum number of address mappings that is allocated during router initialization, select Maximum Address Mapping Entries and enter the desired number of mapping entries.
The default is 1,000 mapping entries.
To configure the amount of time an address mapping is remembered after the last mapping entry was used, select Address Mapping Hold Time and enter the desired amount of time in minutes, hours, and days.
After the holding time expires, the mapping is dropped and new packets must flow from the customer network to the backbone to renew the mapping. This process allows mapping slots to be reused. The default hold time for mapping is one hour.
To use outbound RIP filters to determine nonmappable networks, in addition to manually configuring nonmappable entries, select Use RIP Filters for Nonmappable Networks and select Enabled.
If the source network number in a packet being forwarded to an IPX Address Mapping Gateway circuit passes the outbound RIP filter on that circuit, the packet is not mapped. If the source network number does not pass a RIP filter, the packet is mapped.
The default is Disabled . When disabled, RIP filters are not used to determine nonmappable network addresses.
Note If enabled, the RIP filter module must be loaded from the IPX protocol menu, and the RIP filter must be configured carefully to block the correct network numbers.
To configure a SAP type list that is used to determine networks that are nonmappable, select Nonmappable SAP Types and select one of the predefined SAP types or press Ins to add a new type. To add a new SAP type, enter the desired SAP type or press Ins and select a SAP type from the list of known service types.
The SAP tables are scanned for SAP entries with matching SAP types. After finding all matching SAP types, the IPX Address Mapping Gateway determines the network numbers on which the services are found and applies those network numbers to the list of nonmappable networks.
This option makes configuring nonmappable network numbers easier. For example, all packets originating from the Novell Directory ServicesTM (NDSTM ) software or NetWare Mobile IPXTM software should not be translated. Therefore, SAP types for NDS, NetWare Mobile IPX, and Timesync are included in the list by default.
Chapter 8: Configuring IPX 163
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Note To avoid mapping NetWare 3.x servers, add SAP type 4 to the list of nonmappable SAP types.
5. Press Esc and save your changes.
6. Press Esc to return to the Internetworking Configuration menu.
7. Select the following parameter path:
For LAN interfaces, select Bindings > a LAN interface > Expert Bind Options .
For WAN interfaces, select Bindings > a WAN interface > WAN Call Destinations > a call destination > Expert Options .
8. To enable the IPX Address Mapping Gateway on an interface, select Use For Address Mapping Gateway and select Yes .
When this option is enabled, all packets destined for the interface or WAN call destination are subject to the address mapping rules.
Configuring IPX Route Aggregation
IPX Route Aggregation enables you to introduce routes learned through RIP in a summarized form. Route aggregation compactly describes many IPX network numbers simultaneously by using an address and mask pair. For example, all addresses from C9000000 to C9FFFFFF can be represented using the address C9000000 and the mask FF000000.
To configure IPX Route Aggregation, complete the following steps:
1. Load NIASCFG and select the following parameter path:
For LAN interfaces, select Configure NIAS > Protocols and Routing > Bindings > a LAN interface > Expert Bind Options > Aggregate Routes .
For WAN interfaces, select Configure NIAS > Protocols and Routing > Bindings > a WAN interface > WAN Call Destinations > a call destination > Aggregate Routes .
2. Press Ins and configure the following parameters:
2a. Select Address Summary and enter the prefix for the network addresses to be aggregated.
164 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
n.
For example, any network beginning with C9, such as C9123829 or C9823878, can be aggregated using the address summary C9000000 with a mask of FF000000.
2b. Select Mask and enter a number with Fs for the part of the mask that corresponds to the common prefix of all network addresses to be aggregated and 0s for the rest of the mask.
For example, to summarize all addresses that begin with the same three numbers, set the mask to FFF00000.
2c. Optionally, to advertise an aggregate route only when at least one of the routes is received, select Type and set it to Dynamic .
For LANs, Type can be set only to Dynamic . If you select Static for a WAN interface, the aggregate route is always advertised. Aggregate routes associated with static on-demand WAN calls should always be set to Static .
Note If Type is set to Dynamic , only routes learned through RIP will trigger the dynamic aggregate route to be advertised. Routes learned through NLSP will not trigger the dynamic aggregate route to be advertised. Routers that have dynamic aggregate routes configured on some interfaces should have NSLP disabled and RIP enabled on those interfaces.
3. Press Esc and save your changes.
4. Press Esc to return to the Internetworking Configuration menu.
Controlling the Propagation of Type 20 Packets
Novell Internet Access Server 4.1 enables you to control the propagation of type 20 packets with the Advanced Packet Type 20 Flooding parameter. Type 20 is an IPX packet type that refers to any propagated packet. NetBIOS packets, for example, are type 20 packets.
The Advanced Packet Type 20 Flooding parameter can be set to one of the following options:
• 0 —Router discards, rather than propagates, any type 20 packet it receives. This option completely disables type 20 packet propagatio
• 1 —Router receives and propagates type 20 packets through all its interfaces, regardless of whether some of the interfaces are equal-cost routes to the same source.
Chapter 8: Configuring IPX 165
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
do ket cket
rface
ut
nter
the
• 2 —Router propagates type 20 packets only through interfaces that not lead back to the source of the packets. For example, if Router Areceives a type 20 packet from Router B, Router A forwards the paconly through interfaces that do not lead back to Router B. This is a paforwarding mechanism known as reverse path forwarding .
The router does not propagate type 20 packets through the same intefrom which it receives them. This is known as split horizon , a technique used with RIP and other distance vector routing protocols.
• 3 —Router propagates type 20 packets the same way as option 2, bdoes not forward them across WAN connections.
If you use FILTCFG to configure NetBIOS packet filters, be aware of the following interactions between these filters and the Advanced Packet Type 20 Flooding parameter:
• Setting Advanced Packet Type 20 Flooding to 1 (disabled) overrides the effect of NetBIOS packet filters operating on any network interface.
• Conversely, the action of NetBIOS packet filters on any network interface overrides the effect of setting the Advanced Packet Type 20 Flooding parameter to 2 (enabled).
For more information about NetBIOS and other IPX packet types, refer toNovell Internet Access Server 4.1 Routing Concepts .
How to Control Propagation of Type 20 Packets
To configure the propagation of type 20 packets from the server console, ethe following console command:
SET IPX NETBIOS REPLICATION OPTION = [0|1|2|3]
To check the current setting, you can type the command by itself.
To configure the propagation of type 20 packets from NIASCFG, completefollowing steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > IPX > Expert Configuration Options
166 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
2. Select Advanced Packet Type 20 Flooding and select one of the options described previously.
3. Press Esc and save your changes.
4. Press Esc to return to the Internetworking Configuration menu.
5. If you want this change to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
Changing the Hop Count Limit for IPX Packets
The Novell Internet Access Server 4.1 routing software enables you to increase the range of outbound IPX packets with the Hop Count Limit parameter. The hop count limit is the maximum number of routers (hops) an IPX packet can traverse before it is discarded. You can set the Hop Count Limit parameter to any number between 8 and 127; however, the default value of 64 is sufficient for most IPX networks.
Note The Hop Count Limit parameter applies only to IPX packets. It does not increase the range of RIP and SAP packets, which are limited to 16 hops, or NetBIOS packets, which are limited to eight hops.
Before the release of NetWare MultiProtocol Router 3.0 and NetWare 4.1, the hop count limit for all IPX packets was 16. This limited the size, or diameter , of IPX networks.
If the diameter of your IPX network is close to the 16-hop limit, you should run NLSP on the routers at the network boundary to ensure continued connectivity across the network as it grows. Figure 8-3 provides a simple, conceptual view of how this can work.
Chapter 8: Configuring IPX 167
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Figure 8-3
Running NLSP at the Boundary of a Large IPX Network
For more information about hop count, IPX routing, and related topics, refer to Novell Internet Access Server 4.1 Routing Concepts .
How to Change the Hop Count Limit
To change the hop count limit, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > IPX > Expert Configuration Options
2. Select the Hop Count Limit parameter, enter a value between 8 and 127, then press Enter .
3. Press Esc and save your changes.
4. Press Esc to return to the Internetworking Configuration menu.
5. If you want this change to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
20 hops
5 hops
NLSP Routers
5 hops
NLSP RoutersRIP Routers
10 hops
168 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Balancing Traffic Loads over Equal-Cost Routes
If a NLSP router has two or more network interfaces with routes to the same destination, it can distribute outbound traffic among those interfaces for an effective increase in throughput. This is called load balancing or load sharing .
NLSP uses an assigned path cost to select the best route by which to forward outbound IPX packets. The higher the throughput of the network medium, the lower the cost of the route.
Table 8-2 shows the throughput range and default cost of some typical network media.
Table 8-2Throughput Range and Default Cost of Typical Network Media
You can specify up to eight equal-cost routes to a single destination with the Maximum Number of Path Splits parameter. Two routes are equal in cost if the cost to the destination is the same for both routes. To equalize the costs of two interfaces, you set their Cost Override parameter to the same value. By default, Cost Override is set to 0 for all interfaces, which means that NLSP uses the default cost associated with the connected medium and throughput range listed in Table 8-2 .
Throughput Range Default Cost Typical Network Media
0–16 Kbps 61 9,600-baud line
48–64 Kbps 45 ISDN (U.S.)
64–128 Kbps 45 ISDN (Europe)
1–2 Mbps 27 Corvus Omninet (1 Mbps), T1 (1.5 Mbps)
2–4 Mbps 26 E1 (2 Mbps), ARCnet (2.5 Mbps)
4–8 Mbps 25 Token ring (4 Mbps), Corvus Omninet (4Mbps)
10–16 Mbps 20 Ethernet (10 Mbps)
16–32 Mbps 19 Token ring (16 Mbps)
64–128 Mbps 14 FDDI (100 Mbps), CDDI (100 Mbps)
Chapter 8: Configuring IPX 169
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ps
to
the
8-2
g
If you configure equal-cost routes on two or more interfaces, make sure the associated media throughputs fall within—or near—the same range, as indicated in Table 8-2 . For example, equal-cost routes between a 10-MbEthernet link and a 16-Mbps token ring link are viable; equal-cost routes between a 4-Mbps token ring link and a 16-Mbps token ring link are not.
Warning Do not equalize the cost of routes whose throughputs differ greatly; this can interfere with the operation of IPX applications running over the network.
For more information about load balancing and path cost, refer to Novell Internet Access Server 4.1 Routing Concepts .
How to Balance Traffic Loads over Equal-Cost Routes
Before you begin, make sure of the following:
• NLSP is enabled on all interfaces you plan to configure.
To enable NLSP globally or on one or more interfaces, refer to “HowConfigure NLSP” on page 150
• The media over which you plan to configure equal-cost routes havesame or similar throughput ranges.
For a list of throughput ranges and associated media, refer to Tableon page 169 .
To configure load balancing over equal-cost routes, complete the followinsteps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > IPX > Expert Configuration Options
2. Select the Maximum Number of Path Splits parameter, enter a value between 2 and 8, then press Enter .
Selecting a value of 2 or above automatically enables local load balancing over the specified number of equal-cost routes.
3. Press Esc and save your changes.
4. Press Esc to return to the Internetworking Configuration menu.
170 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
, tion
ting
ket.
et
5. Enter a cost for each interface over which you want to balance IPX traffic.
5a. Select the following path:
Select Bindings > a network interface > Expert Bind Options > NLSP Bind Options
5b. Select the Cost Override parameter, enter a value between 1 and 63, then press Enter .
6. Press Esc and save your changes.
7. Press Esc to return to the Internetworking Configuration menu.
8. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
Configuring SPX Connection Parameters
Because some Novell and third-party NetWare applications place unique demands on the SPX transport protocol, NIASCFG enables you to adjust the values of the following parameters:
• Maximum IPX Socket Table Size —Maximum number of concurrent IPXsockets that can be opened by an application.
• SPX Watchdog Abort Timeout —Time, in ticks (about 1/18 of a second)SPX waits without receiving a packet from the other end of a connecbefore concluding that the connection is no longer valid.
• SPX Watchdog Verify Timeout —Time, in ticks, SPX waits without receiving a packet from the other end of a connection before requesa watchdog, or keep-alive, packet.
• SPX Ack Wait Timeout —Time, in ticks, SPX waits without receiving anacknowledgment for a data packet it sent, before resending the pac
• SPX Default Retry Count —Number of times SPX resends a data packif it does not receive an acknowledgment.
Chapter 8: Configuring IPX 171
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
se
ing
ters.
the
e
The product of this parameter and the SPX Ack Wait Timeout is about how long it takes for SPX to conclude that the connection is no longer valid.
• Maximum Concurrent SPX Sessions —Maximum number of concurrent SPX sessions that can be opened by an application program.
The default values for these parameters are sufficient for most NetWare applications. Any application that requires a change to one or more of theparameters typically tells you so.
For more information about SPX, refer to Novell Internet Access Server 4.1 Routing Concepts .
How to Configure SPX Connection Parameters
To adjust the value of any SPX connection parameter, complete the followsteps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > IPX > IPX/SPX Parameters
The IPX/SPX Parameters menu displays the SPX connection parame
2. Enter a new value for each parameter you need to change.
3. Press Esc and save your changes.
4. Press Esc to return to the Internetworking Configuration menu.
5. If you want this change to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitializesystem when you are finished.
Setting Delay and Throughput for a Slow Link
Delay is the time, in microseconds, to send a byte of information from onsystem to another. Throughput is the bandwidth of the network medium that
172 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
connects the systems. Together, these parameters characterize a link between two systems or networks.
On WAN links, delay and throughput are estimated by the IPXWAN protocol. For this reason, you should not need to change these parameters on routers operating over a WAN link. On LAN links, the throughput is reported by the network interface driver; the delay is 200 microseconds, a constant used by all LAN media.
NLSP uses the delay and throughput values to calculate the number of ticks for a route to a destination network. The number of ticks associated with a route is directly proportional to the delay and inversely proportional to the throughput.
Some NetWare protocols, such as SPX, use the ticks value to calculate retransmit timers. If you are configuring LAN routers that must communicate over a bridge, a satellite, or both, you probably need to adjust the delay and throughput values on the routers. Setting the throughput to match the speed of the link and increasing the link delay prevent SPX retransmissions and timeouts between systems separated by a slow link.
Figure 8-4 shows two NetWare LANs joined by two bridges communicating over a satellite link. To enable the workstations to communicate with the router and the systems in the IPX internetwork on the other end of the link, you set the Throughput Override on each router to 56,000—the throughput of the satellite link—and the Delay Override to 800,000—an arbitrary (but sufficiently high) value to prevent timeouts over the link.
Important Although this configuration enables systems on each end of the link to communicate through the routers, it does not enable direct workstation-to-workstation communication between the two LANs.
Chapter 8: Configuring IPX 173
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Figure 8-4
Setting Delay and Throughput for Systems Communicating over a 56-KB Satellite Link
For more information about delay and throughput, refer to Novell Internet Access Server 4.1 Routing Concepts .
How to Set Delay and Throughput for a Slow Link
To set delay and throughput on an interface, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > a network interface > Expert Bind Options
2. Select Delay Override , then enter a value.
By default, this parameter is set to 0, which means the router uses the default value for LANs or the value estimated by IPXWAN. The valid range is from 1 to 5,000,000 microseconds. One tick equals 55,000 microseconds, or about 1/18 of a second.
The value you enter overrides the default delay for this interface.
NetWareRouter
NetWareWorkstation
Bridge Bridge
56-KBSatellite Links
NetWareLAN
NetWareWorkstation
NetWareLAN
NetWareRouter
IPXInternetwork
IPXInternetwork
Set Throughput Override to 56,000and
Delay Override to 800,000
174 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
3. Select Throughput Override , then enter a value.
By default, this parameter is set to 0, which means the router uses the value reported by the LAN driver or estimated by IPXWAN. The valid range is from 300 to 4,294,967,295 bps.
The value you enter overrides the default throughput for this interface.
4. Press Esc and save your changes.
5. Press Esc to return to the Internetworking Configuration menu.
6. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
Chapter 8: Configuring IPX 175
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
176 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
9 Con
figuring IPX for Wireless ConnectivityIn addition to the standard IPX routing software for wired LANs and WANs,
get ction
Novell® Internet Access Server 4.1 routing software provides wireless connectivity for portable NetWare® workstations through NetWare Mobile IPXTM software.
NetWare Mobile IPX consists of router and mobile client software that work in concert to shield network users from the protocol and Network-layer interruptions that occur when a user changes network interfaces or locations during a network session.
This chapter contains the following sections:
• “NetWare Mobile IPX Configuration Decisions”
• “Configuring a Home Router” on page 182
• “Configuring a Mobile Client” on page 184
Configuring the NetWare Mobile IPX Home Router and client software is straightforward and simple. The only decision you need to make before youstarted is where to locate the Home Router on your network. The next sehelps you determine the best location.
NetWare Mobile IPX Configuration Decisions
Each of the following is key to the success of NetWare Mobile IPX configuration:
• The selection of an appropriate driver for your mobile client
• Informed planning for the most efficient use of your mobile client
• The identification of the best network location for your home router
Chapter 9: Configuring IPX for Wireless Connectivity 177
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
IPX do
IA
ure ter
ves. ent,
Mobile Client Driver Selection
When selecting your driver for the mobile client, verify with the vendor that the driver is written specifically with mobile operations in mind and that it supports the following:
• PCMCIA card in/card out capability
• In-range and out-of-range capability
• The NetWare Event Service Layer (NESL)
Planning for Efficient Use of Your Mobile Client
Planning ahead and knowing the appropriate ways to use NetWare Mobilewill help you to use your mobile client efficiently. We recommend that you the following:
• Disable background products such as E-mail that poll the network.
• Use only data from the network. Keep your executable files on the mobile client.
• Complete operations such as saving files before removing the PCMCcard.
Deciding Where to Locate a Home Router
This section helps you choose the best location on your network to configthe Home Router software. It also explains why more than one Home Roucan provide more efficient network operation in certain environments.
A Home Router forwards every packet destined for the mobile clients it serIf the Home Router is located far from both the file server and the mobile cliand if the mobile client is close to the file server, a packet destined for themobile client travels more hops than necessary before arriving at the destination, as shown in Figure 9-1 .
178 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Figure 9-1
Inferior Home Router Placement
The request from the mobile client takes the shortest route to the server. The response from the server is first forwarded to the Home Router, because the destination address is the internal network configured for the server on which the Home Router resides. The router then patches the response with the mobile client’s actual address and forwards the packet to the mobile client. In this topology, the response takes an inferior path to the mobile client because of the extra hops taken.
HomeRouter
Mobile Client
Server
Mobile client request to server
Server response to mobile client through Home Router
Request
Response
Router
Redirected server response to mobile client
Router
LAN 1
LAN 2
LAN 3
AccessPoint
Chapter 9: Configuring IPX for Wireless Connectivity 179
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
In general, you should install the Home Router in the middle of the network so that most clients are only a few hops away, as shown in Figure 9-2 . The Home Router should be located somewhere on the path between the file server and the mobile clients.
Figure 9-2
Better Home Router Positioning
The best place to install the NetWare Mobile IPX Home Router software is on the file server that the mobile clients use most, as shown in Figure 9-3 . In this way, when mobile clients access the file server, the responses from the file server are patched with the mobile client’s actual location before they ever leave the server. Therefore, the responses do not travel an extra hop before reaching the client.
HomeRouter
Server 2 Router
Mobile Client
LAN 1
LAN 2
LAN 3
AccessPoint
Server 1
180 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
9-4
Figure 9-3
Best Home Router Positioning
Hint We recommend having a Home Router in each operating area. For example, in a large corporation, you should have a Home Router in marketing, finance, manufacturing, and so on. This enables mobile client users to connect to a preferred Home Router.
If the server and mobile clients are located on one side of a WAN link and the Home Router is on the other side of the link, costly WAN bandwidth is used unnecessarily. If both networks on each side of a WAN link require NetWare Mobile IPX, you should have two Home Routers—one on each side of theWAN link. Mobile clients use the closest Home Router, as shown in Figure.
HomeRouter
onServer 1
Server 3 Router
LAN 1
LAN 2
LAN 3
AccessPoint
Server 2
Chapter 9: Configuring IPX for Wireless Connectivity 181
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
sing
Figure 9-4
Home Router Positioning over WAN Links
Important When a mobile client is transferred between the two sites over the WAN and not restarted, the client still uses the original Home Router for communications—crosthe WAN if necessary—until the mobile client is restarted.
Configuring a Home Router
The Home Router serves as the central connection point between mobile clients and NetWare servers. To enable mobile clients to establish and maintain network connections, the Home Router allocates an address from the server’s IPX internal network for use by the mobile clients.
For more information about the Home Router, refer to Novell Internet Access Server 4.1 Routing Concepts .
How to Configure a Home Router
To configure a Home Router, complete the following steps:
Router
Mobile Client 2
AccessPoint
Server 2
Router
Home Router 1
WAN Link
Server 1
HomeRouter 2
Server 3
AccessPoint
Mobile Client 1
Router
182 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > IPX
2. Select Mobile IPX Support , then select Enabled .
Note Selecting Enabled automatically causes client validation on remote access servers to be disabled. Remote access systems check whether packets received from a WAN client have the same source IPX node address that was assigned to the client during the IPXWANTM negotiation phase. Because NetWare Mobile IPX uses a different filtering method, client validation is turned off to prevent NetWare Mobile IPX packets being discarded by remote access servers.
3. Select Mobile IPX Configuration and configure the Home Router parameters.
3a. Select Time To Live Override and enter a value, in minutes, from 1 to 10080.
Time To Live Override overrides the mobile client’s HR Time To Live parameter, which defines how long the Home Router serves the mobile client without receiving a response from the client. Each time the Home Router receives information from the mobile client, the Time To Live Override counter is reset to the value you enter here. A value of 0, the default, disables the override.
A mobile client cannot obtain a Time To Live value longer than the one you specify here.
3b. The Watchdog Spoofing parameter is enabled by default; to disable watchdog spoofing on the Home Router, select Disabled .
Watchdog Spoofing controls whether the Home Router answers NetWare Core ProtocolTM (NCPTM ) watchdog packets on behalf of a mobile client. If Watchdog Spoofing is enabled, users do not lose their connections to file servers as they roam out of wireless range.
3c. Configure the Broadcast to Virtual Network parameter.
Broadcast to Virtual Network directs the Home Router to forward or discard broadcast packets destined for the virtual network that the router uses to communicate with its mobile clients.
If a large number of broadcast packets are being directed at mobile clients, or if a mobile client’s application does not require broadcast, select Discard . By directing the Home Router to
Chapter 9: Configuring IPX for Wireless Connectivity 183
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
are
discard broadcast packets, you reduce the amount of bandwidth used on the network.
4. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
5. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
Configuring a Mobile Client
To configure a mobile client, you modify the client’s STARTNET.BAT and NET.CFG files. The changes you make to STARTNET.BAT are required for NetWare Mobile IPX connectivity. Changes to NET.CFG are optional; they are required only if you want to customize the client’s NetWare Mobile IPX configuration.
For more information about mobile clients, refer to Novell Internet Access Server 4.1 Routing Concepts .
How to Configure a Mobile Client
Before you begin, you must complete the following tasks:
• Install the standard client software. For instructions, refer to the NetWclient documentation.
• Install the Novell Internet Access Server 4.1 mobile IPX client.
• Configure a mobile client board that is mobile aware and supports PCMCIA card in/card out capability, in-range and out-of-range capability, and NESL.
To configure a mobile client, complete the following steps:
1. Open the client’s STARTNET.BAT file using a text editor.
A typical STARTNET.BAT file looks something like this:
@ECHO OFF
184 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
SET NWLANGUAGE=ENGLISH
CD NWCLIENT
LSL
driver
IPXODI
VLM /ps=server_name
CD \
2. Add the following changes, indicated in bold, in the order shown:
@ECHO OFF
SET NWLANGUAGE=ENGLISH
CD NWCLIENT
LSL
NESL
driver
IPXODI /M
VLM /ps=server_name
CD \
NESL must be loaded for the mobile client to be activated. NetWare Mobile IPX reacts to changes in the system, such as location and the client’s adapter board. The MAC driver is the system module that knows of these events (for example, out of range of access point coverage, card insertion or removal, and so on) and notifies IPX of such changes through NESL.
The IPXODI /M switch enables the NetWare Mobile IPX client software.
A STARTNET.BAT file configured for NetWare Mobile IPX operation looks something like this:
@ECHO OFF
CD C:\NWCLIENT
SET NWLANGUAGE=ENGLISH
LH C:\NWCLIENT\LSL.COM
LH C:\NWCLIENT\NESL.COM
LH C:\NWCLIENT\NE2000.COM
LH C:\NWCLIENT\IPXODI.COM /M
C:\NWCLIENT\VLM.EXE /ps=MY_SERVER
Chapter 9: Configuring IPX for Wireless Connectivity 185
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
n a
me e
r, or d to go
e w ires
a
te
3. Restart the client.
How to Customize Your Mobile Client
This section describes the optional parameters you can add to the Mobile IPX section of a mobile client’s NET.CFG file. The parameters enable you to customize your NetWare Mobile IPX configuration.
An example of how these parameters are used is provided in “Example NET.CFG File” on page 189
Customizing Home Router Parameters
The following parameters enable you to customize the interaction betweemobile client and its Home Router:
• Preferred HR=Home_Router_Name
This command causes IPXODI to attempt to attach to the specified HoRouter (HR). If the router does not exist or is not specified, the HomRouter closest to the client is used.
This command enables some level of routing optimization to be achieved. Specifying a Home Router that is the user's preferred servespecifying one in an inline routing path between the mobile client anmost of its logged-in servers, causes packets sent back to the clienttake a more direct path because all packets being sent to the client through the Home Router first.
• HR Time To Live=x (where x = 5 to 10,080 minutes)
HR Time To Live specifies the time-to-live interval, in minutes, that thIPXODI module attempts to use with the Home Router. It defines holong the Home Router serves the mobile client before the router requan update from the mobile client. If this is not defined, IPXODI usesdefault value of 30 minutes.
Note HR Time To Live can be overridden by the Home Router’s Time To Live Override parameter.
If the client does not update the Home Router after the HR Time To Live value runs out, the Home Router stops serving the mobile client. Nothat only NCP watchdog packets, not Sequenced Packet ExchangeTM (SPXTM ) watchdog packets, are handled by the Home Router. If the
186 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
e
.
n ate ht be
an eters
be (=)
mobile client roams out of range and comes back within the amount of time set by HR Time To Live , the timer is reset automatically; otherwise, if the client is not back within range when the timer runs out, the mobile client is dropped.
It is especially important to set HR Time To Live to a large value if the mobile client is out of network range for a long time. While the time-to-live value is still active in the Home Router, the router responds to server NCP watchdogs on behalf of the client so that client sessions do not time out while network connectivity is lost. If this value is too small, the Home Router stops serving the mobile client before it returns within network range, and all server connections are lost.
The only reasons the Home Router might not see a NetWare Mobile IPX watchdog packet from a mobile client are that the client is off, in sleep mode, or out of range.
• Allow HR Change=[On|Off]
This command determines what IPXODI does when the current HomRouter is no longer reachable.
If you set Allow HR Change to On , IPXODI tries to sign on with the first available Home Router, even if it is not the same as the current one
If you set Allow HR Change to Off , IPXODI continues trying to reestablish a connection to the Home Router to which the client is currently attached.
If Allow HR Change is not defined, IPXODI assumes Allow HR Change is set to Off ; if it is set to On , and the current Home Router stops operating, IPXODI obtains a different virtual address while signing owith a different router. Most applications available today cannot opergracefully through the address change; as a result, connections migterminated.
Specifying an Alternate Board
The NET.CFG parameters described in this section enable you to specifyalternate board to be used in the portable computer. Alternate board paramenable IPXODI to use a second board for mobile communications if the primary board loses connectivity. The driver for the alternate board must specified in the Mobile IPX section of NET.CFG. Note that the equal sign is optional; however, it can be used to quickly find the parameter values.
Chapter 9: Configuring IPX for Wireless Connectivity 187
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ard.
er of d the
and
e
le,
r.
ary
d
Important The first three parameters (Alt Name , Alt Board Number , and Alt Frame ) must all be specified; if one is missing, no alternate board setting is used. Additionally, the frame type specified by the Alt Frame parameter must be set under the Link Driver heading for the desired alternate board.
• Alt Name=Alternate_Driver_Name
Alt Name specifies the name of the driver supporting the alternate bo
• Alt Board Number=Alternate_Board_Number
Alt Board Number specifies the Link Support LayerTM (LSLTM ) board number of the alternate board displayed when the driver loads.
The board number of a driver changes if there is a change in the ordMAC driver load commands. Therefore, it is important to always loathe primary driver first, followed by the alternate driver, to ensure that Alt Board Number parameter always refers to the alternate board.
After the MAC drivers have been loaded, you can get board numbersother information by entering the following command:
MAC_Driver_Name /s
This command displays information about all Open Data-Link InterfaceTM (ODITM ) drivers currently loaded. The information you seis similar to the following example:
The following LAN drivers are loaded in memory:
MAC driver name and version information
IRQ 5, Port 300, Mem D0000, Node Address 4096003F53 L
Max Frame 1514 bytes, Line Speed 2 Mbps
Board 1, Frame ETHERNET_II, LSB Mode
• Alt Frame=Alternate_Frame_Type
Alt Frame specifies the frame type for the alternate board (for exampETHERNET_802.2).
The driver loaded first in STARTNET.BAT becomes the primary driveIf IPXODI cannot locate the alternate driver during initialization, an error is issued and only the primary board is used. If there is no primboard either, IPXODI issues an error and fails to load.
The drivers for both the primary and alternate boards must be loadebefore IPXODI. The driver load order is not important; however, it is
188 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
harder to determine the LSL board numbers to enter for the IPX BIND statement or alternate board configurations if the primary driver is not loaded first. If PCMCIA adapters are used and the card vendor’s drivers are written to support card in/card out events, or driver initialization without the PCMCIA card inserted, the PCMCIA cards need not be inserted into the system until network connectivity is needed.
Here is an example STARTNET.BAT file that shows the load order of the primary driver, alternate driver, and IPXODI:
@ECHO OFF
SET NWLANGUAGE=ENGLISH
CD NWCLIENT
LSL
NESL
primary driver
alternate driver
IPXODI /M
VLM /ps=server_name
CD \
Specifying Watchdog Protocol Operation
The NET.CFG file allows you to specify whether the SPX Watchdog protocol will be run to validate SPX connections periodically. The one-line entry to specify the SPX Watchdog protocol behavior follows the heading PROTOCOL IPX and has the following format:
SPX WATCHDOGS = ON|OFF
where ON specifies that the Watchdog protocol will be run to validate SPX connections periodically and OFF specifies that it will not. For more information on the use of the Watchdog protocol, refer to Novell Internet Access Server 4.1 Routing Concepts .
Example NET.CFG File
This section provides an example NET.CFG file that shows the format of mobile client customization parameters.
LINK DRIVER Wireless
FRAME = ETHERNET_802.2
Chapter 9: Configuring IPX for Wireless Connectivity 189
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
LINK DRIVER Wireless2
FRAME = ETHERNET_802.2
NETWARE DOS REQUESTER
NETWARE PROTOCOL = NDS BIND
FIRST NETWORK DRIVE = F
SHOW DOTS = ON
USE DEFAULTS = ON
VLM = AUTO.VLM
MOBILE IPX
PREFERRED HR = Home_Router_Name
ALT NAME = Wireless2
ALT BOARD NUMBER = 2
ALT FRAME = ETHERNET_802.2
PROTOCOL IPX
SPX WATCHDOGS = OFF
190 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
10 Con
figuring the MacIPX GatewayThe Novell® Internet Access Server 4.1 routing software includes
he
to
MACIPXGW.LAN, a LAN driver that enables your router to operate as a gateway between Internetwork Packet ExchangeTM (IPXTM ) networks and Macintosh* clients running MacIPX® applications on AppleTalk networks. Macintosh clients use the MacIPX gateway to exchange data with NetWare® clients and to use the resources available on IPX networks.
Note MacIPX provides support for the IPX protocol on Macintosh computers. It does not enable Macintosh users connected to the IPX network to log in to a NetWare server or print documents on NetWare printers. Users and developers must rely on NetWare for Macintosh software for NetWare file and print services.
This chapter contains the following sections:
• “Configuring and Binding the Gateway Driver” on page 192
• “Restricting Gateway Service to Selected Networks” on page 194
• “Viewing the MacIPX Gateway Configuration” on page 196
• “Viewing MacIPX Gateway Statistics” on page 196
You can use the MacIPX gateway if your networks have the following characteristics:
• You have IPX and AppleTalk networks that you want to connect andthese networks are part of a LAN running NetWare 3.11 or later, or tNetWare MultiProtocol RouterTM 2.0 software or later. The MacIPX gateway must run on one of these networks.
• Your AppleTalk networks support MacIPX clients.
• One or more of the networks use only the AppleTalk protocol familyconnect Macintosh clients to the network.
Chapter 10: Configuring the MacIPX Gateway 191
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ay.
From a user perspective, the MacIPX gateway is required only for Macintosh users who select the AppleTalk icon in the MacIPX Control Panel. If all Macintosh users select either the Ethernet or Token Ring icon, and if IPX traffic is permitted on those networks, then you do not need a MacIPX gateway.
MacIPX applications automatically select an IPX gateway only when the gateway is in the zone that contains the Macintosh client running MacIPX. If this is not the case, use the MacIPX Control Panel to configure MacIPX to look for IPX gateways in specific zones.
You should locate a MacIPX gateway so that the amount of configuration required by MacIPX is minimized. For example, if you have an AppleTalk network for dial-in users that provides service for AppleTalk Remote Access (ARA), you should ensure that a MacIPX gateway serves the AppleTalk zone that includes the ARA network so that Macintosh clients using ARA do not require MacIPX configuration.
For more information about the MacIPX gateway, refer to Novell Internet Access Server 4.1 Routing Concepts .
Configuring and Binding the Gateway Driver
Configuring the MacIPX gateway is similar to configuring a typical LAN board and binding a network protocol to the board.
Before you begin, you must complete the following tasks:
• Ensure that your router has at least 65 KB of RAM available.
• Ensure that APPLETLK.NLM is loaded and configured.
• Ensure that IPX packet forwarding is turned on.
• Know the network number of the IPX network to which the gateway interface is attached.
• Know the number of MacIPX clients that will be served by the gatew
To configure the MacIPX gateway, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
192 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Select Configure NIAS > Protocols and Routing > Boards > Press Ins > MACIPXGW
2. Configure the MACIPXGW driver.
2a. Select Board Name and assign a name to the gateway driver.
2b. Select Gateway Name and assign a name to the MacIPX gateway.
This name is used to advertise the MacIPX gateway on the AppleTalk network. Because the name appears in the MacIPX Control Panel, it should be one that users recognize easily.
If you do not provide a name, the MacIPX gateway uses the name of the router on which the MacIPX gateway is installed.
2c. Select Unicast Threshold and enter a value between 1 (the default value) and 4294967295.
This parameter controls how the MacIPX gateway propagates IPX broadcast packets to AppleTalk networks.
If you want to send IPX broadcast packets to all AppleTalk networks with MacIPX clients, enter a number less than the number of MacIPX clients served by the gateway.
Macintosh systems not running MacIPX applications do not understand IPX broadcast packets and discard them. When this option is used, unnecessary packets are distributed to non-MacIPX clients on the network.
If you want to send IPX broadcast packets to each MacIPX client, enter a number equal to or higher than the number of MacIPX clients served by the gateway.
If the number of clients exceeds this threshold, the MacIPX gateway starts sending broadcast packets. Using this option can increase network traffic because a single IPX broadcast packet could become many AppleTalk unicast packets, depending on the number of MacIPX clients.
2d. If you want to enter a note or comment about the gateway, select Comment and enter the information.
2e. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
3. Bind IPX to the gateway.
Chapter 10: Configuring the MacIPX Gateway 193
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ot x:
s
o
Binding IPX to the gateway causes the MacIPX Gateway icon to appear in the MacIPX Control Panel.
3a. Select the following parameter path:
Select Bindings > Press Ins > IPX > the MacIPX interface
3b. Select IPX Network Number and enter the network number of the IPX network to which the interface is attached.
4. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
5. If you want these changes to take effect immediately, select Reinitialize System .
If you want to configure other parameters, do so now, then reinitialize the system when you are finished.
Restricting Gateway Service to Selected Networks
The MacIPX gateway, by default, serves all AppleTalk networks that make up the AppleTalk cloud. If you want the gateway to serve only selected AppleTalk networks, you must use a configuration file called MACIPXGW.DAT, which resides in SYS:SYSTEM.
You indicate the AppleTalk networks you want the gateway to serve—or nserve—by placing commands in MACIPXGW.DAT with the following synta
[exclude | include] <net_number >[–net_number ] . . . ]
The first line in the preceding example is a keyword that specifies the following modes of inclusion:
• exclude —Directs the MacIPX gateway to serve all AppleTalk networkexcept those whose numbers are listed on the following lines.
• include —Directs the MacIPX gateway to serve only networks whosenumbers are listed on the following lines; this is the default mode if nkeyword is specified.
194 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
The AppleTalk networks can appear as a number or range. You specify additional network numbers or ranges by placing each network on its own line. For example, a MACIPXGW.DAT file can contain the following command:
exclude 10–20
This directs the gateway to serve all AppleTalk networks except 10–20 and 100. Alternatively, the MACIPXGW.DAT file can contain the following command:
include 10–20
This directs the gateway to serve only AppleTalk networks 10–20 and 100, excluding all others.
Note The network numbers in these examples are AppleTalk network numbers, not IPX network numbers.
If no MACIPXGW.DAT file is found in SYS:SYSTEM, the MacIPX gatewayserves all AppleTalk networks.
To restrict gateway service to selected AppleTalk networks, complete thefollowing steps:
1. Use a DOS ACSII text editor to create a file called MACIPXGW.DAT in the router’s SYS:SYSTEM directory.
2. Place commands in the file using the following syntax:
[exclude | include] <net_number >[–net_number ] . . . ]
3. Save and close the file.
4. To put your changes into effect, enter
UNLOAD MACIPXGWREINITIALIZE SYSTEM
Chapter 10: Configuring the MacIPX Gateway 195
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ay
r
ng
Viewing the MacIPX Gateway Configuration
To view information about the configuration and operation of a MacIPX gateway, enter the following command at the server prompt:
LOAD MACIPXGW SHOW=YES
This command does not reload the MacIPX gateway, but instead displays information about the MacIPX gateway and the AppleTalk networks that it serves, as in the following example:
MACIPXGW:
Unicast threshold set at 1.
AppleTalk nets this gateway is configured to serve:
10-20 111 2222-2223 3333-3335
AppleTalk nodes registered for IPX broadcasts:
IPX node: 0xffffffffffff
Socket: 0x452
10.238 1501.138 1502.168
Socket: 0x453
The information in the preceding example includes the following items:
• The unicast threshold
• The network numbers of all AppleTalk networks served by this gatew
• All AppleTalk nodes currently registered with the MacIPX gateway fobroadcasts and identified by the IPX socket
Viewing MacIPX Gateway Statistics
To view MacIPX gateway statistics, load MONITOR and select the followiparameter path:
Select LAN/WAN Information > MACIPXGW
A screen displays the statistics explained in Table 10-1 .
196 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Table 10-1MacIPX Gateway Custom Statistics
Statistic Explanation
Received Tickle Packets Number of tickle packets sent by MacIPX clients served by the gateway. MacIPX clients send tickle packets to the MacIPX gateway; the gateway sends IPX broadcast packets back to the clients.
IPX Broadcast Requests from IPX Stack
Number of IPX broadcast packets sent to the MacIPX gateway by the IPX stack in the NetWare server +79595or Novell router.
IPX Broadcast Requests from MacIPX Clients
Number of IPX broadcast packets sent to the MacIPX gateway by the MacIPX clients that the MacIPX gateway is servicing.
DDP Packets Broadcasted for IPX Broadcasts
Number of AppleTalk packets sent out as broadcast packets carrying IPX broadcast packets.
DDP Packets Unicasted for IPX Broadcasts
Number of AppleTalk packets sent out as unicast packets carrying IPX broadcast packets.
Received DDP Packets with Unknown Options
Number of AppleTalk packets received by the gateway that include unrecognized encapsulation demultiplexing options. This indicates corrupted packets or incompatible client software. Ensure that your network cabling is working correctly and that software on the Macintosh clients is compatible with this version of the MacIPX gateway.
Received DDP Packets with Wrong Type
Number of AppleTalk packets received by the gateway that include an incorrect AppleTalk packet type. This indicates the presence of corrupted packets or incompatible client software. Ensure that your network cabling is working correctly and that software on the Macintosh clients is compatible with this version of the MacIPX gateway.
Received Service Requests Number of requests received by the gateway to provide service to MacIPX clients.
Transmitted Service Grants Number of times the gateway granted service to MacIPX clients.
Transmitted Service Refusals Number of times the gateway refused service to MacIPX clients.
Memory Allocation Failure Number of times the gateway could not allocate memory. You might need to add memory to the NetWare server or Novell router to fix this problem.
Chapter 10: Configuring the MacIPX Gateway 197
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
198 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
11 Con
figuring IPThe Novell® Internet Access Server 4.1 routing software provides a set of
configurable parameters with which you can modify operational characteristics of the Internet Protocol (IP). You can select its routing protocol and configure it to run over a LAN or WAN connection.To configure IP for Novell Internet Access Server 4.1 routing software, you enable the protocol, set its parameters, and bind it to a network interface. You configure all IP parameters from the Novell Internet Access Server Configuration utility (NIASCFG).
Note The configuration you specify with NIASCFG does not take effect automatically. To activate the configuration, save your changes and press Esc until you see the Internetworking Configuration menu. You can then select Reinitialize System and Yes to activate your changes.
This chapter describes advanced IP concepts and configuration procedures in the following sections:
• “IP Configuration Decisions” on page 200
• “Configuring IP for a WAN Connection” on page 204
• “Configuring RIP” on page 227
• “Configuring OSPF” on page 231
• “Configuring Static Routes for LANs” on page 238
• “Configuring Router Discovery” on page 241
• “Configuring ARP and Proxy ARP” on page 242
• “Configuring Directed Broadcast Forwarding” on page 244
• “Configuring Source Route Packet Forwarding” on page 244
Chapter 11: Configuring IP 199
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
, rate node
• “Configuring BOOTP Forwarding” on page 245
• “Configuring EGP” on page 246
• “Configuring Multiple Logical Interfaces” on page 248
• “Multihoming” on page 250
• “Configuring Network Address Translation” on page 251
Note Novell Internet Access Server 4.1 routing software uses IP to encapsulate Internetwork Packet ExchangeTM (IPXTM ) packets and AppleTalk packets. This is called IP tunneling and is covered in Chapter 13, “Configuring IP Tunnels for IPX and AppleTalk,” on page 283
IP Configuration Decisions
How you configure IP beyond the most basic configuration depends on the following decisions:
• Whether to use the computer as a router or an end node (that is, a host)
The IP Packet Forwarding parameter, which controls IP packet routingis enabled by default. This parameter permits your computer to opeas an IP router. When you want your computer to operate as an end only, disable this parameter.
• If you are configuring a WAN connection, whether to configure any of the following:
• Permanent or on-demand calls
• WAN network mode, which can be unnumbered point-to-point,numbered single point-to-point, or multiaccess
• Individual WAN calls
• Static routes
• TCP/IP header compression
• Binding IP to an interface group
• Dynamic address assignments
200 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
s in If
n
F”
, ters.
tes es
How you configure a WAN connection depends on how you want to use it and whether you use ATM (Asynchronous Transfer Mode), PPP (Point-to-Point Protocol), PPP/ISDN (Integrated Services Digital Network), X.25, or frame relay.
To configure a WAN connection, refer to “Configuring IP for a WAN Connection” on page 204
• Whether to use Routing Information Protocol (RIP), Open Shortest Path First (OSPF), or a mixed RIP-OSPF environment
RIP and OSPF are IP routing protocols. If you already have IP routeryour network environment, use the same routing protocol they use. your network currently has no other routers, use OSPF.
To configure your router as a RIP router, refer to “Configuring RIP” opage 227
To configure your router as an OSPF router, refer to “Configuring OSPon page 231
To configure a mixed RIP-OSPF environment, refer to both of the preceding procedures.
• Whether to use static routes on a router
Static routes are useful for reducing routing traffic, providing securityaccessing isolated networks, and operating as backup routes on rouStatic routes are required for on-demand connections.
To configure static routes on a router, refer to “Configuring Static Roufor WAN Connections” on page 218 and to “Configuring Static Routfor LANs” on page 238
• Whether to filter routes or various TCP/IP packets
Enable filters when you want to do either of the following:
• Control access to any services, such as File Transfer Protocol(FTP), on your network
• Reduce the bandwidth consumed by routing traffic
To configure TCP/IP filters, you must enable the Filtering Support parameter in NIASCFG and then load the Filter Configuration utility (FILTCFG). For more information, refer to Chapter 15, “Configuring Filters,” on page 317
Chapter 11: Configuring IP 201
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ork.
e, it
”
ation
d to
fer
of
ed
artup
red
n IP
• Whether to configure router discovery
Router discovery enables end nodes to find an IP router on their netwIf your computer is operating as a router, it can advertise itself periodically as a router. If your computer is operating as an end nodcan send queries to locate a router.
To configure router discovery, refer to “Configuring Router Discoveryon page 241
• Whether to disable Address Resolution Protocol (ARP) or enable Proxy ARP
ARP is a LAN protocol that maps Internet addresses to physical addresses. IP routers and end nodes use ARP to determine a destinnode's physical address.
An IP router using Proxy ARP replies to ARP requests it receives through an interface on behalf of an end node on a network attacheanother interface.
To change the default settings of the ARP or Proxy ARP features, reto “Configuring ARP and Proxy ARP” on page 242
• Whether to enable the router to forward directed broadcasts
A directed broadcast is a broadcast intended only for a specific group nodes rather than all nodes on the network.
To enable directed broadcast forwarding, refer to “Configuring DirectBroadcast Forwarding” on page 244
• Whether to configure the router or end node as a BOOTP forwarder
The BOOTP protocol enables end nodes to obtain an IP address at sttime. If there is a BOOTP or Dynamic Host Configuration Protocol (DHCP) server on your internetwork, any IP routers that are configuto act as a BOOTP forwarder accept and forward BOOTP or DHCP requests to the server. The BOOTP or DHCP server then assigns aaddress to the end station.
To configure BOOTP forwarding, refer to “Configuring BOOTP Forwarding” on page 245
• Whether to configure multiple logical interfaces on a single board
202 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
g
es und e or the veral by a tem ames.
n
f the n ork
ion. that ,
es ss
h,
Using multiple logical interfaces enables you to bind more than one IP network to a LAN or WAN board. Each binding operates as a separate logical interface.
To configure multiple logical interfaces on a board, refer to “ConfigurinMultiple Logical Interfaces” on page 248
• Whether to use Multihoming
Multihoming enables an interface to be bound to multiple IP addresson the same network. Multihoming can be used for all IP networks boto a router, whether the networks are bound to on the same interfacdifferent interfaces. The most common use of multiple addresses onsame network is to enable a Web server to operate as though it is seWeb servers. In this application, each secondary IP address is useddifferent virtual host on the same Web server. The Domain Name Sys(DNS) can be used to access these virtual hosts using unique host n
Multihoming is also commonly used with Network Address Translatio(NAT), the proxy server, and the Virtual Private Network (VPN).
To configure multihoming, refer to “Multihoming” on page 250
• Whether to use Network Address Translation (NAT) when accessing the Internet
To access the Internet, you must use a globally unique IP address. IIP addresses of your private network are not globally unique, you caavoid assigning new addresses to each IP host on your private netwby configuring a router interface to perform network address translatNAT automatically assigns a globally unique address to any IP host accesses the Internet through a NAT-enabled interface. AdditionallyNAT can be used to provide other benefits, such as proxy server functionality and enhanced network security.
Like the Novell IP Gateway, NAT enables you to hide the IP addressof your private network from the Internet. However, using NAT to accethe Internet has the following advantages over using the Novell IP Gateway:
• NAT does not require special client software.
• NAT can be used by hosts on any platform, including MacintosUNIX*, OS/2*, Windows* 3.1, Windows 95*, and Windows NT*.
Chapter 11: Configuring IP 203
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
se the
rk
out ate
a s
To d
• NAT operates more efficiently than the Novell IP Gateway becauNAT operates at the Network layer with less overhead, whereasNovell IP Gateway operates at the Session layer.
To configure network address translation, refer to “Configuring NetwoAddress Translation” on page 251
• Whether to use the Novell IP Gateway
The Novell IP Gateway is used to enable IPX and IP clients on yourprivate network to access the Internet (or other TCP/IP services) withbeing required to assign globally unique IP addresses to all your privsystems.
Configuring IP for a WAN Connection
This section explains the advanced features available for running IP overWAN connection. To configure an individual WAN call, use the procedureprovided under the following topics:
• Configuring IP for permanent and on-demand calls
• Configuring the WAN network mode
• Configuring individual WAN calls
• Configuring static routes for WAN routers
• Enabling TCP/IP header compression
This section also provides procedures that apply to WAN calls in general.configure additional advanced WAN features, use the procedures provideunder the following topics:
• Binding IP to an interface group
• Assigning OSPF neighbors
• Configuring dynamic address assignments
Note Before you can configure IP for a WAN connection, you must configure the following information: the WAN board, the network interface, and the WAN Call Directory.
204 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
one ext
eer ol rd. all
calls
call. ils
N
Configuring IP for Permanent and On-Demand Calls
When you installed Novell Internet Access Server 4.1 routing software, you probably accepted the default configuration for the WAN interfaces on your router. This default configuration specified the numbered single point-to-point mode; however, it did not specify the following:
• Permanent call
• On-demand call
• Static routes
You can continue using this default configuration, or you can change it onor more interfaces according to the requirements of the connection. The ntwo sections discuss permanent and on-demand calls and explain the configuration options available for each call type.
Configuring Permanent Calls
A permanent call is always active between the local router and the remote prouter associated with a WAN call destination. When IP is the only protocactive on this call, the call remains active until IP is unbound from the boaOr, the call remains active until the call is disconnected manually from the CManager utility (CALLMGR).
A routing protocol, such as RIP or OSPF, is commonly configured to sendrouting traffic across a permanent WAN connection.
There are two types of permanent calls, automatic and manual. Automatic are brought up when a router comes up. If the connection fails when an automatic call is in process, the router immediately tries to reestablish theManual calls must be brought up through CALLMGR. If the connection fawhen a manual call is in process, the router does not reestablish the call.
The permanent call configuration for IP is presented in “Configuring Individual WAN Calls” on page 215
Hint Some network modes are not suitable for multiple permanent calls over some WAN media. To decide which network mode is appropriate, refer to “Configuring the WANetwork Mode” on page 208
You can also configure the following features for permanent calls:
Chapter 11: Configuring IP 205
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
re on. ver
ly
up t to
”
s ls are ns
a and.
and ted.
ted.
a g
• Static routes —Static routes are optional for permanent calls. They amost often used when you do not want routing traffic on the connectiIn this case, you would disable the routing protocol on the interface owhich the call operates.
The static routes for a permanent call are put in the routing table onwhen the call is up.
To configure static routes for a permanent call, refer to “ConfiguringStatic Routes for WAN Connections” on page 218
• Call type —Permanent WAN connections can be configured to comeautomatically when the router is restarted or to require manual inpucome up.
To configure the call type, refer to “Configuring Individual WAN Callson page 215
Configuring On-Demand Calls
An on-demand call is a WAN connection between two routers that becomeactive only when one router has data to send to the other. On-demand calwell-suited for use with connections that use expensive telecommunicatiocarriers who charge based on the amount of time the link is up.
Note On-demand calls are activated by OSPF and Exterior Gateway Protocol (EGP) packets, but not by RIP packets. To avoid keeping the connection up unnecessarily, disable OSPF and EGP on the WAN interface.
The on-demand call configuration for IP is presented in “Configuring Individual WAN Calls” on page 215 To use an on-demand call instead of permanent call, change the call type of the WAN call destination to on-demIn addition, you can configure the following features:
• Static routes —Static routes are required for on-demand calls regardless of the call type (described in the next bullet). Static routes for on-demcalls are added to the routing table whether or not the call is connecAs a result, when the router receives a packet that is destined for a network that is defined in a static route, the on-demand call is activa
• Call type —On-demand WAN connections can be configured to usedynamic routing protocol to exchange routes or to use a static routintable.
206 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
”
ce o be t keep r the
nd
rd.
rver
To configure the call type, refer to “Configuring Individual WAN Callson page 215
For on-demand WAN calls, IP considers only data to be traffic. Maintenandata (for example, RIP updates and ICMP messages) is not considered tdata. Because maintenance data is not considered to be traffic, it does nothe on-demand WAN link active. When only maintenance data is sent ovelink, the link is brought down after the idle-timer value expires.
For each on-demand connection, you configure this time period in the Idle Connection Timeout parameter in the WAN call destination configuration, which has a default of 10 minutes.
To configure the Idle Connection Timeout parameter for an on-demand call, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > WAN Call Directory > an on-demand WAN call destination
2. Select Idle Connection Timeout .
Select a time, between 0 and 18 hours.
3. Select Outbound Authentication .
Specify PAP (Password Authentication Protocol), CHAP (Challenge Handshake Authentication Protocol), or PAP or CHAP . This field determines the type of authentication protocol used with the outbouconnection. You cannot select NONE for on-demand calls because it prevents an authentication protocol from being used.
4. Select Password .
Enter 1 to 47 ASCII characters to specify the authentication passwoThis value is offered to the remote system during outbound authentication.
5. Select Local System ID .
Enter 1 to 47 ASCII characters to specify the symbolic name of this system when you place an outbound call. The default is the local sename.
Chapter 11: Configuring IP 207
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
n,
IP
lable ode the
peer
6. Select Remote System ID .
Enter 1 to 47 ASCII characters to specify the symbolic name of the remote system when you place an outbound call. Usually, this value is the name of the remote server.
7. Press Esc , then select Yes to save your changes.
8. Press Esc to return to the Internetworking Configuration menu.
9. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Configuring the WAN Network Mode
The WAN network mode governs how IP operates over a WAN connection. Depending on which WAN medium you use—PPP (including ISDN over PPP), X.25, frame relay, or ATM—and how you want to use the connectioyou can use any of the following network modes:
• Unnumbered point-to-point
Use this mode if you do not want the connection to occupy an entirenetwork or subnet address.
• Numbered single point-to-point
Use this mode when you have an IP network or subnet address avaiand you want a single, dedicated connection to a peer router. This mis usually used only when the unnumbered mode is not supported byremote router.
• Multiaccess
Use this mode when you want to use multiple connections to several routers through a single interface or an interface group.
Table 11-1 indicates the modes that can operate over each WAN media.
208 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
ing
Table 11-1WAN Media and Compatible Network Modes
Use this table as a guide when you are choosing a network mode for your WAN connections.
Important If you are configuring interfaces that are part of a PPP interface group, you must bind to the interface group to configure the WAN network mode.
The rest of this section provides additional information about each network mode and explains how to configure them for permanent and on-demand calls.
Important If you are configuring your router to act as an ISP router or to connect to an ISP router, refer to “Configuring Dynamic Address Assignments” on page 223 before configurthe WAN network mode.
Understanding Unnumbered Point-to-Point Mode
Unnumbered point-to-point mode is so named because the router’s WAN interfaces do not use IP addresses. This mode is useful when you do not want the connection to occupy an entire IP network or subnet address.
You can use unnumbered point-to-point mode with any WAN medium that supports multiple connections to remote peer routers, such as X.25, frame relay, or ATM. If you are using unnumbered point-to-point mode over X.25 or ATM, you can select several WAN call destinations for simultaneously active permanent calls.
With PPP as a single interface, you can configure either one permanent call or multiple on-demand calls. A permanent call is always active when IP is bound to the interface. Because PPP supports only a single call on an interface, an on-demand call cannot be made when a permanent call is configured. You can
WAN Network Mode
WAN Medium Unnumbered Point-to-Point
Numbered Single Point-to-Point
Multiaccess
PPP (including ISDN over PPP)
Yes Yes Can be used only with interface groups.
X.25 Yes Limited to one connection Yes
Frame relay Yes Limited to one connection Yes
ATM Yes Limited to one connection Yes
Chapter 11: Configuring IP 209
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
configure multiple on-demand calls on a PPP interface; however, only one call can be active at a time.
With PPP as an interface group, you can configure multiple permanent and on-demand calls as long as there are enough interfaces for each of the calls.
Note If any of the remote peers is a third-party router, make sure it supports unnumbered point-to-point mode for IP. Some third-party routers do not.
How to Configure Unnumbered Point-to-Point Mode
To configure unnumbered point-to-point mode, complete the following steps:
Note All interface-specific configurations, such as routing protocol and header compression, apply to all connections through the same unnumbered interface.
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > Press Ins > TCP/IP from the list of configured protocols
2. Select Network Interface or Each Interface in a Group .
Select Network Interface to bind to a specific interface. Select Each Interface in a Group to bind to an interface group.
Either option can be selected for unnumbered point-to-point mode.
3. Select a configured network interface or an interface group.
The Binding TCP/IP to a WAN Interface menu is displayed.
4. Select the WAN Network Mode field.
The default, Numbered Point-to-Point , is displayed.
5. Press Enter , then select Unnumbered Point-to-Point .
Because unnumbered point-to-point mode does not use IP addresses, you cannot select the Local IP Address and Subnetwork Mask of Connected Network fields.
Important Each router must have an IP address configured on at least one LAN or WAN interface.
210 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
tes
6. Press Esc until you are prompted to save your changes, then select Yes .
7. Press Esc to return to the Internetworking Configuration menu.
8. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Note When configuring an on-demand or permanent X.25 or ATM call, if either end of the connection can initiate the call, enable inbound authentication on the network interface as described in Chapter 17, “Configuring NetWare Link/ATM,” on page 391 and Chapter 19, “Configuring NetWare Link/X.25,” on page 407 This automatically creaan authentication entry for an inbound call from the other end of the connection.
9. Configure a WAN call destination as described in “Configuring Individual WAN Calls” on page 215
Understanding Numbered Single Point-to-Point Mode
Numbered single point-to-point mode is typically used with PPP, which supports either a single permanent or single on-demand dedicated connection to a remote peer router. You can also use this mode with WAN media that support multiple connections, such as X.25, frame relay, or ATM, but you are limited to having only one dedicated connection. Numbered single point-to-point mode is well-suited for a connection that has just one destination, such as a link between a local branch office and the main office.
Numbered single point-to-point mode uses a single IP address for the connection; therefore, you can bind IP only once to the interface.
How to Configure Numbered Single Point-to-Point Mode
To configure numbered single point-to-point mode, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > Press Ins > TCP/IP from the list of configured protocols
2. Select Network Interface or Each Interface in a Group .
Select Network Interface to bind to a specific interface. Select Each Interface in a Group to bind to an interface group.
Chapter 11: Configuring IP 211
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
k
Either option can be selected for Numbered Single Point-to-Point mode.
3. Select a configured network interface or an interface group.
The Binding TCP/IP to a WAN Interface menu is displayed. The WAN Network Mode field is displayed with a default value of Numbered Point-to-Point .
Note The Remote Router Will Dynamically Assign the IP Address parameter should be left at the default value of No .
4. Configure the following parameters:
• Local IP Address —Enter the IP address of the local interface.
• Subnetwork Mask of Connected Network —Enter the subnet maskof the IP network to which the interface is connected. This masshould match the mask on the remote router.
5. Press Esc until you are prompted to save your changes, then select Yes .
6. Press Esc to return to the Internetworking Configuration menu.
7. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
8. Configure a WAN call destination as described in “Configuring Individual WAN Calls” on page 215
Understanding Multiaccess Mode
Multiaccess mode is typically used with X.25, frame relay, and ATM, which support multiple, simultaneous connections to remote peer routers. You can also use multiaccess mode with PPP interface groups to accept calls for a group of interfaces.
Multiaccess mode supports multiple logical networks; that is, you can bind IP to the local WAN interface for each IP network represented on the connection. Figure 11-1 shows an example of two logical networks, 1.0.0.0 and 2.0.0.0, each supporting two remote peer routers, which are attached to a local router interface through an X.25 WAN.
212 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
d
calls.
or und an on-ed. only
r the
g ou e
Figure 11-1
Two Logical IP Networks on an X.25 WAN
When you bind IP to the local address 1.0.0.1, you add the remote peer routers, 1.0.0.2 and 1.0.0.3, to the WAN Call Destination List. In the same way, when you bind IP to the local address 2.0.0.1, you add the remote peer routers, 2.0.0.2 and 2.0.0.3, to the WAN Call Destination List. For this configuration, you have two bindings—one for each logical network—and two remote peers per network, each mapped to a WAN call destination.
With X.25 and ATM, you can configure multiple, simultaneous permanentcalls. Additionally, you can configure multiple on-demand calls for X.25 anATM. You do not have to use the same call type for these multiaccess connections; you can use any combination of permanent and on-demand
With a PPP single interface, you can configure either one permanent call multiple on-demand calls. A permanent call is always active when IP is boto the interface. Because PPP supports only a single call on an interface, demand call cannot be made when a permanent call is active or establishYou can configure multiple on-demand calls on a PPP interface; however, one call can be active at a time.
With frame relay, because all calls are incoming calls, you do not need toconfigure any WAN call destinations unless you are using static routes oveWAN.
Broadcasts are not supported on multiaccess interfaces. Therefore, routininformation must be sent directly to each peer router on the interface. If ywant to run a routing protocol over one of the connections, you must do thfollowing:
X.25 Network
IP Address = 1.0.0.1
IP Address = 1.0.0.2
IP Address = 1.0.0.3
IP Address = 2.0.0.2
IP Address = 2.0.0.3
IP Address = 2.0.0.1
Chapter 11: Configuring IP 213
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
the ss t t or
ure
rver ter g for rver
• Enable RIP or OSPF at the local interface.
• Provide the IP address of the remote peer OSPF router in the OSPFneighbor list.
• Enable RIP under the WAN call destination to the remote peer.
On an incoming connection, the local router must have a way to discoverIP address of the remote peer router. Frame relay uses the Inverse AddreResolution Protocol (Inverse ARP) for this purpose. PPP uses the InterneProtocol Control Protocol (IPCP). If a remote peer router does not supporInverse ARP or IPCP for an incoming call, or if you are using X.25 or ATM fan incoming or outgoing call, you must map the WAN call destination associated with the remote peer router to its IP address using the proceddescribed in “Configuring Individual WAN Calls” on page 215 Although frame relay does not use WAN call destinations, Novell Internet Access Se4.1 routing software enables you to configure them if the remote peer roudoes not support Inverse ARP. You are not required to provide this mappinframe relay if the remote peer router is running Novell Internet Access Se4.1 routing software, unless you are using static routes over the WAN.
Important Multiaccess mode operates best when all routers are connected in a mesh topology. If the routers are not connected in a mesh topology, use unnumbered point-to-point mode for each connection between the local router and a remote peer router. For configuration instructions, refer to “How to Configure Unnumbered Point-to-Point Mode” on page 210
How to Configure Multiaccess Mode
To configure multiaccess mode, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > Press Ins > TCP/IP from the list of configured protocols
2. Select Network Interface or Each Interface in a Group .
Select Network Interface to bind to a specific interface. Select Each Interface in a Group to bind to an interface group.
Either option can be selected for multiaccess mode.
3. Select a configured network interface or an interface group.
214 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
his
ls are less
ect ed
The Binding TCP/IP to a WAN Interface menu is displayed.
4. Select the WAN Network Mode field. Press Enter , then select Multi-Access .
5. Configure the following parameters:
• Local IP Address —Enter the IP address of the local interface.
• Subnetwork Mask of Connected Network —Enter the subnet maskof the IP network to which the interface is connected.
6. Press Esc until you are prompted to save your changes, then select Yes .
7. Press Esc to return to the Internetworking Configuration menu.
8. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Configuring Individual WAN Calls
Use this procedure to configure individual WAN calls. The parameters in tprocedure apply only to one WAN call. Depending on how you have configured the WAN network mode, you might or might not see all the parameters that appear in this procedure. With frame relay, because all calincoming calls, you do not need to configure any WAN call destinations unyou are using static routes over the WAN.
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > an existing binding with the WAN network mode configured
2. Select WAN Call Destinations , then press Ins .
The parameters in this menu apply only to this WAN call. You can selone or more WAN call destinations, depending on how you configurthe WAN Network Mode parameter as described in “Configuring the WAN Network Mode” on page 208
Configure the following parameters:
• WAN Call Destination —Name of the WAN call destination that you want to configure.
Chapter 11: Configuring IP 215
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
h re
his
ter ns.
)
s
RIP
he
• Type —Select Automatic or Manual for permanent calls. Select Routed On Demand or Static On Demand for on-demand calls. The Automatic value enables the WAN call to be brought up witthe router. Also, if the WAN call connection is broken, the softwaautomatically tries to reestablish the call. The Manual value requires that the WAN call is brought up manually from CALLMGR. When you select Routed On Demand , RIP is automatically enabled. When you select Static On Demand , RIP is automatically disabled.
Important If multiaccess mode is used for X.25 or ATM, you must assign a value to the Remote IP Address field.
• Remote IP Address —Enter an IP address that is associated withthe WAN call destination. When TCP/IP sends an IP packet to taddress, it uses this mapping to determine the WAN call destination for the packet.
• Verify Remote Address —Select Yes to verify that the remote IP address, specified previously, is announced by the remote rouduring IPCP negotiations. This option is only for PPP connectio
• Header Compression —Select Enabled to compress the Transmission Control Protocol (TCP) and Internet Protocol (IPheaders on serial point-to-point connections. This parameter applies only to PPP interfaces.
• Static Routing Table —Select this option to configure static routefor this WAN call. Refer to “Configuring Static Routes for WAN Connections” on page 218
3. If you want to customize RIP parameters for this WAN call, complete the following steps:
3a. Select RIP Bind Options. You must configure these parameters for each WAN call.
The RIP parameters in this menu apply to the WAN call destination. The RIP parameters configured here override the parameters configured under the Binding TCP/IP to a WAN Interface menu, except Status. For example, if you enable RIP under WAN Call Destination, you also must set Status to Enabled under the Binding TCP/IP to a WAN Interface menu. Configure tfollowing parameters:
216 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
s
e
run
ny that I ask ts
ll
rs
s rd null
th
ot ther
ute.
is
• Status —The default is Enabled . If this system is configured as a router, this parameter allows RIP to exchange routinginformation with other routers. If this system is configured aa host, this parameter allows RIP to discover routers on thassigned WAN call destination. As a host, it listens to RIP messages, but it does not send them. If you do not want toRIP over this connection, select Disabled .
• RIP Version —Select the version of RIP that is used on thisWAN call destination. RIP I is the standard RIP used by maend nodes and routers. If there are nodes on your network support only RIP I, select either RIPI or RIPI & RIPII. RIP Iis an enhanced version of RIP I that includes the subnet min the routing information. If your network consists of subneof varying sizes, RIP II improves reachability.
• RIP Mode —Select the RIP mode that is used on this WAN cadestination. Select Normal to send and receive RIP packets (RIP I, RIP II, or both). Select Send Only to send RIP packets.Select Receive Only to receive RIP packets.
• RIP II Options —Select this option to view or modify RIP II options.
Authentication —Enable authentication when there are routethat you do not want this router to exchange RIP II routing information with.
Authentication Password —Enter a password to allow accesto your router. Authentication works only when this passwomatches the password on another router. The default is the string.
• Cost of Interface —Specifies the cost that RIP associates withis network. It is used when advertising a path to other routers. RIP allows a maximum cost of 15. Usually, you do nneed to change the default unless you want to discourage orouters from using this path.
• Originate Default Route —Select Enable to cause RIP packets sent on this interface to contain only the default ro
• Poison Reverse —Select Enable to allow RIP to use poison reverse in RIP updates. If you disable this field, RIP traffic reduced a small amount at a small cost in stability.
Chapter 11: Configuring IP 217
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
cast ter,
.
alls, t te hat t has tion.
the red
• Split Horizon —Select Enable to reduce loops between two routers. Split horizon prohibits a router from propagating a route over the same port that supplied the route.
• Update Time —Enter the number of seconds that the routersends RIP update messages. The default value is to broadan update message every 30 seconds. If a router does notreceive an update within six times the value of this paramethe route is invalidated.
• Expire Time —Enter the time after which the route is invalidated.
• Garbage Time —Enter the time an invalidated route is savedAfter the value of the Garbage Time parameter expires, theroute is discarded.
3b. If you have enabled RIP on this WAN call destination, make sure RIP is enabled at the remote interface and uses the same RIP version.
Note You cannot configure OSPF for individual WAN calls. If you do not want to run OSPF over this WAN connection, disable OSPF by selecting OSPF Bind Options on the Binding TCP/IP to a WAN Interface menu.
4. Press Esc until you are prompted to save your changes, then select Yes .
5. Press Esc to return to the Internetworking Configuration menu.
6. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Configuring Static Routes for WAN Connections
Static routes can be configured for both on-demand and permanent WAN cbut they are most commonly used with on-demand links. When you do nowant routing traffic to cross a WAN link, you can manually configure remoroutes on the local router as static routes . With the static route configured, anon-demand link can remain inactive until data needs to cross it. IP hosts tneed to reach remote destinations send packets to their local IP router thathe static routes configured, assuming the packets can reach their destinaThe local router stores the packets and tries to establish a connection to remote router. After the local router completes the call, it forwards the sto
218 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
h his
packets to the remote router, which then forwards them to their destination. Static routes for on-demand calls are always present in the routing table.
You can also configure static routes for permanent connections to provide access to isolated networks, reduce routing traffic, provide security, and operate as backup routes. In addition, using static routes and disabling dynamic routing protocols, such as RIP, over slow links improves performance. Static routes for permanent calls are in the routing table only when the permanent calls are established.
Note Use this procedure to specify static routes for any WAN connection.
How to Configure Static Routes
To configure one or more static routes for an on-demand or permanent call, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > an existing binding with the WAN network mode configured
2. Select WAN Call Destinations , then press Ins or select an existing call destination.
The parameters in this menu apply only to this WAN call. Configure WAN call destination parameters if you want to override the WAN interface parameters.
Configure the following parameters:
• WAN Call Destination —Select the name of the WAN call destination that you want to configure.
• Type —Select Automatic or Manual for permanent calls. Select Routed On Demand or Static On Demand for on-demand calls. When you select Routed On Demand , RIP is automatically enabled. When you select Static On Demand , RIP is automatically disabled.
• Remote IP Address —Enter an IP address that is associated witthe WAN call destination. When TCP/IP sends an IP packet to taddress, it uses this mapping to determine the WAN call destination for the packet.
Chapter 11: Configuring IP 219
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
, a
n
the
e
n. n er-
the
e
for
s ects ops no
t ute es
3. Select Static Routing Table , then press Ins .
4. Configure the following static route parameters:
• Route to Network or Host —Enter the destination that can be reached through WAN connection, which can be a default routesingle IP host, or an IP network (that is, a group of hosts).
• IP Address of Network/Host —Enter the address of the destinationetwork or host. To select from a list of symbolic network or hostnames and addresses, press Ins . The list of symbolic network names and addresses comes from the SYS:\ETC\NETWORKSfile. The list of symbolic host names and addresses comes fromSYS:\ETC\HOSTS file.
• Subnetwork Mask —Enter the subnet mask of the destination if thdestination is an IP network. If you do not specify a value, the natural mask is used.
• Metric for this route —Enter the number of hops to the destinatioThis metric is directly proportional to the cost of the route. Givetwo routes to the same destination, the router chooses the lowcost route.
If you want to use the static route as a backup route to a dynamic route, select a value that is higher than the cost associated withdynamic route so that the dynamic route remains the preferredroute under typical conditions.
Do not set this metric value to 16 unless you want to disable throute.
• Type of route —Specify whether the static route is Active or Passive . This parameter specifies whether the next hop router this route actively advertises the route to this network.
Usually, static routes are not advertised and are categorized apassive routes. When a route is marked as active, TCP/IP expthe next hop router to advertise the route regularly. If a router stadvertising an active static route, TCP/IP assumes the route islonger available and deletes it from the routing table.
If the static route is active and the router discovers a lower-cosdynamic route to the same destination, it uses the lower-cost roinstead of the active static route. If the lower-cost route becomunavailable, the router returns to using the active static route.
If you want to use the static route as a backup route, select Active .
220 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
A passive static route is always used, regardless of whether the router discovers a lower-cost route to the same destination.
5. Press Esc until you are prompted to save your changes, then select Yes .
6. Press Esc to return to the Internetworking Configuration menu.
7. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Enabling TCP/IP Header Compression
When used on a PPP interface, TCP/IP header compression increases the effective throughput of TCP/IP packets. Header compression reduces the size of the combined TCP/IP packet headers to just a few bytes. UDP/IP packet headers are not compressed.
Note TCP/IP header compression can be used only on PPP interfaces.
Enabling TCP/IP Header Compression at the Interface Level
To enable TCP/IP header compression on this interface, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > an existing binding > Expert TCP/IP Bind Options
2. Select the Header Compression field, then select Enabled .
3. Press Esc until you are prompted to save your changes, then select Yes .
4. Press Esc to return to the Internetworking Configuration menu.
5. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Chapter 11: Configuring IP 221
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Enabling TCP/IP Header Compression on Individual WAN Calls
To enable TCP/IP header compression for a WAN call, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > an existing WAN binding > WAN Call Destinations > an existing WAN call destination
2. Select the Header Compression field, then select Enabled .
This value overrides the value configured for header compression under the Binding TCP/IP to a WAN Interface menu.
3. Press Esc until you are prompted to save your changes, then select Yes .
4. Press Esc to return to the Internetworking Configuration menu.
5. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Binding IP to an Interface Group
An interface group is a grouping of several PPP or X.25 interfaces with similar characteristics. Interface groups are defined during configuration. Interfaces that belong to a group can be used interchangeably by a WAN call. To configure an interface group, load NIASCFG and select Configure NIAS > Protocols and Routing > Network Interfaces > Group and enter the same group name for each interface that you want to belong to the group.
Defining an interface group lets you make an on-demand call on any of several network interfaces without creating an individual WAN call destination for each interface. By specifying an interface group name in place of the interface name in the WAN call destination, an available interface is selected automatically from the group when a call is made. Interface groups are most commonly used for asynchronous on-demand connections.
To create a WAN connection, you can bind to an interface group as a whole without binding to an individual interface. For an interface group, only the unnumbered and multiaccess modes are practical options for a WAN network.
222 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
n
ed to
e
n an rs
Assigning OSPF Neighbors
Use this procedure to run OSPF on a multiaccess frame relay, X.25, or ATM WAN connection. It allows you to assign remote IP addresses to OSPF neighbors when you have configured the network mode as multiaccess. Before assigning OSPF neighbors, enable OSPF. Refer to “Configuring OSPF” opage 231 then complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > a multiaccess WAN binding > OSPF Bind Options > Neighbor List > Press Ins
2. Enter the IP address of the OSPF router at the other end of the connection, then press Enter .
For X.25 and ATM, this is the same IP address as the one you mappthe WAN call destination associated with this connection.
2a. Make sure OSPF is enabled at the local interface.
Press Esc until you return to the OSPF Bind Options menu. Maksure the Status field is set to Enabled . If it is not, select the field, then select Enabled .
2b. Make sure OSPF is enabled at the remote interface.
3. Press Esc until you are prompted to save your changes, then select Yes .
4. Press Esc to return to the Internetworking Configuration menu.
5. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Configuring Dynamic Address Assignments
Use this procedure to configure your router so that it can dynamically obtaiIP address from your Internet Service Provider (ISP), or to configure yourrouter with a range of IP addresses to dynamically assign to dial-up routethrough IPCP. This procedure is valid only on a PPP connection.
Chapter 11: Configuring IP 223
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
to- y
,
t
tes
s the
the rk re et of the of
How to Configure Your Router to Connect to a Remote Router or ISP Router
To configure your router to connect to a remote router or ISP router, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > press Ins > TCP/IP > a WAN network interface or interface group
2. Select Remote Router will Dynamically Assign the IP Address.
If you need an IP address for your WAN link for use with Network Address Translation (NAT) or the IP gateways, you have the following two options:
• Select Yes for this parameter to configure your local router to obtain an IP address from the ISP router. In this case, the WANnetwork mode is automatically set to dynamic numbered point-point. Note that this WAN network mode is not suitable for usewith the proxy server, the Virtual Private Network (VPN), or another feature that requires static addresses.
• Select No for this parameter. After you complete this procedureset the WAN network mode to numbered point-to-point as described in “How to Configure Numbered Single Point-to-PoinMode” on page 211
If you do not need an IP address on the WAN link and the ISP allocaa block of IP addresses to you for your hosts, select No for this option. After you complete this procedure, set the WAN network mode to unnumbered point-to-point as described in “How to Configure Unnumbered Point-to-Point Mode” on page 210 The block of IP addresses is then used by the hosts on your LAN segment to accesInternet.
If you need an IP address on the WAN link and want to use the rest ofblock of IP addresses the ISP allocated to you for your hosts, selectNo for this option. After you complete this procedure, set the WAN netwomode to numbered point-to-point as described in or “How to ConfiguNumbered Single Point-to-Point Mode” on page 211 You must subnthe addresses as described in RFC 1918, as determined by the size block of IP addresses given to you by the ISP. For a brief descriptionRFC 1918, refer to the description of subnetting in Novell Internet Access Server 4.1 Routing Concepts .
224 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
3. Select WAN Call Destinations and press Ins .
4. Configure the WAN call destination as described in “Configuring Individual WAN Calls” on page 215
5. Select Static Routing Table and press Ins .
6. If you have only one WAN link to the ISP, set Route to Network or Host to Default Route . Otherwise, configure any needed network or host routes as described in “Configuring Static Routes for WAN Connections” on page 218
We strongly recommend that you use static routes instead of a dynamic routing protocol. Because ISPs tend to assign addresses that belong to a subnet or network that is different from its WAN address, the local and remote routers do not accept RIP packets from the other side of the WAN connection to update their routing tables. Therefore, you should configure static routes to reach hosts on the Internet.
7. Press Esc until you are prompted to save your changes, then selectYes .
8. Press Esc to return to the WAN Call Destination to IP Address Mapping Configuration menu.
9. Select RIP Bind Options and set Status to Disabled .
We recommend that you disable RIP for a WAN call to the ISP for the following reasons:
• To avoid maintaining a large routing table
• To avoid RIP updates every 30 seconds over the WAN
10. Press Esc until you are prompted to save your changes, then select Yes .
11. Press Esc to return to the Internetworking Configuration menu.
12. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
13. After successfully connecting to the ISP, you can use TCPCON, PPPCON, or the CONFIG command to determine the IP address that is bound to your WAN interface.
Chapter 11: Configuring IP 225
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
18
How to Configure Your Router to Assign IP Addresses
To configure your router to dynamically assign IP addresses using IPCP, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > press Ins > TCP/IP > a WAN network interface or interface group
2. Select Remote Router will Dynamically Assign the IP Address.
To configure your router to act as an ISP router and dynamically assign IP addresses to dial-up routers, select No . If you have only one incoming interface for this router, leave the WAN network mode at the default value of numbered single point-to-point. If you are using interface groups to allow multiple connections to the router, set the WAN network mode to multiaccess as described in “How to Configure MultiaccessMode” on page 214
3. Set Local IP Address to the address that will be used for the WAN link.
4. Set Subnetwork Mask of Connected Network to the appropriate value the IP address used for the WAN link.
5. Select WAN Call Destinations and press Ins .
6. Configure the WAN call destination with Type set to Manual as described in “Configuring Individual WAN Calls” on page 215
7. If you are not using a dynamic routing protocol on both the local and remote routers, select Static Routing Table and press Ins .
Configure static network or host routes on your router for the dial-up router’s networks or hosts. To configure a static network or host routes, refer to “Configuring Static Routes for WAN Connections” on page 2
8. Press Esc until you are prompted to save your changes, then select Yes .
9. Select RIP Bind Options , set Status to Enabled , and set Originate Default Route to Enabled .
226 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
10. Press Esc until you are prompted to save your changes, then select Yes .
11. Select Expert TCP/IP Bind Options.
12. Select IPCP Address Assignment Range.
13. Select Range Start.
The IP addresses you assign to Range Start must be within the local network address and network mask for the interface. The value you enter here must be less than the value in the Range End field.
You can include the local address in the range; however, it will not be used for address assignment.
14. Select Range End.
The IP addresses you assign to Range End must be within the local network address and network mask for the interface. The value you enter here must be greater than the value in the Range Start field.
15. Press Esc until you are prompted to save your changes, then select Yes .
16. Press Esc to return to the Internetworking Configuration menu.
17. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Configuring RIP
RIP is probably the most common IP routing protocol in use. It is widely available and presents few obstacles to interoperability with other IP internetworks, most notably the Internet.
RIP performs sufficiently well in small IP internetworks that have simple architectures and few routers. However, RIP reveals its limitations in the large, complex internetworks that have become common in government and private-sector organizations throughout the world. Its most apparent limitations are the following:
• All subnets must be contiguous.
Chapter 11: Configuring IP 227
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
nity that the II,
t t gh ach
e
slow link.
.
ou n
es er, ver a bout
IP,
• The entire network must use the same subnet mask.
• RIP routes are limited to 15 hops.
To overcome or ease some of these limitations, the internetworking commudeveloped various enhancements to RIP. RIP II , for example, is an enhancedversion of RIP that supports variable-length subnet masks. It carries a fieldcontains the subnet mask of the destination network. RIP II also supportsuse of subnet zero, whose addresses were reserved under the original IPspecification. When configuring RIP on your router, you can run RIP, RIP or both on a single interface.
Note Not all third-party routers support RIP II.
You can also enable poison reverse on an interface. This is a mechanism thacauses RIP to advertise a route back through the same path from which ilearned the route, but with a hop count of 16—that is, unreachable. Althoupoison reverse prevents routing loops, the unreachable routes carried in eRIP packet increase the bandwidth consumed by RIP traffic. This increasbecomes significant in large internetworks.
RIP enables you to assign a cost value between 1 and 15 to each network interface you configure. This enables you to establish a preferred route according to the type of network media connected to the interface. For example, you might want to increase the cost of an interface that uses a link so that, given the choice, RIP uses the interface to a faster, less costlyThe default cost for each interface is 1. Do not increase this value on an interface unless you want to discourage its use as an eligible routing path
RIP can run over most WAN connections, depending on which call type yuse. On-demand calls, for example, typically use static routes instead of aactive routing protocol. While using RIP over on-demand calls, RIP updatwill not activate the call. Permanent calls on an IP network typically use arouting protocol, such as RIP, to communicate routing information. Howevthey can also use static routes to conserve bandwidth. RIP can also run ononbroadcast multiaccess network, such as X.25. For more information ausing RIP over WAN connections, refer to “Configuring IP for a WAN Connection” on page 204
When choosing an IP routing protocol, consider the following guidelines:
• If the IP internetwork is small and uses no routing protocol besides Rcontinue using RIP.
228 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
art
fer
ters
nd
To configure RIP on the router, refer to “How to Configure RIP” on page 229
However, if the network will continue to grow and perhaps become pof a larger IP internetwork, you should consider migrating the network from RIP to OSPF. For information about RIP-to-OSPF migration, reto Novell Internet Access Server 4.1 Routing Concepts .
• If the internetwork uses variable-length subnets or has third-party routhat support RIP II, use RIP II or OSPF.
To configure RIP II, refer to “How to Configure RIP” on page 229 Toconfigure OSPF, refer to “How to Configure OSPF” on page 233
• If the internetwork has some third-party routers that support RIP II aothers that do not, use RIP I and RIP II.
For instructions on enabling RIP I and RIP II simultaneously on a network interface, refer to “How to Configure RIP” on page 229
• If you are currently building a large IP internetwork, use OSPF.
You can also run RIP and OSPF concurrently; for more information,refer to “How to Configure OSPF” on page 233
For additional information about RIP and related topics, refer to Novell Internet Access Server 4.1 Routing Concepts .
How to Configure RIP
To enable RIP routing on the router and to configure RIP on a network interface, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > TCP/IP
2. Make sure RIP routing is enabled globally. Set the RIP field to Enabled .
This is the default setting.
If you want to disable RIP routing on a single interface, set the Status parameter in the RIP bind options to Disabled . This action is described in Step 3 .
Chapter 11: Configuring IP 229
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
,
e
nd
IP I,
ly
s so
3. Press Esc twice to return to the Internetworking Configuration menu, then select the following parameter path:
Select Bindings > an existing binding > RIP Bind Options
Configure the following parameters:
• Status —Status of RIP routing on this interface. RIP routing is enabled by default; to disable RIP routing only on this interfaceselect this parameter, then select Disabled .
• RIP Version —Version of RIP to use on this interface. Select onof the following options:
RIPI —Standard version of RIP used by most IP routers and enodes. This is the default option.
RIPI & RIPII —Both versions of RIP. Select this option if your internetwork has nodes that support both RIP I and RIP II.
RIPII —Enhanced version of RIP that supports variable-lengthsubnet masks.
• RIP Mode —Mode of the RIP version you selected in RIP Version .
Normal —Causes the router to send and accept RIP packets, RRIP II, or both.
Receive Only —Causes the router to only receive RIP packets.
Send Only —Causes the router to broadcast, in RIP packets, onthe entries in its own routing table.
Some end nodes learn routes only by listening to RIP, even if portions of the internetwork run OSPF. Select Send Only if you want the router to broadcast the OSPF routes in its RIP I packetthat every end node can learn all available routes.
The RIP Bind Options menu also includes the following parameters:
• Cost of Interface
• Originate Default Route
• Poison Reverse
• Split Horizon
• Update Time
• Expire Time
230 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
N
uting
r es
nect
• Garbage Time
• RIP II Options
Important Because the default settings for these parameters are suitable for most IP networks, you should change them only for a specific purpose. Incorrectly configuring these parameters can increase routing traffic or cause loss of connectivity on your network. If you are unfamiliar with these parameters, refer to Novell Internet Access Server 4.1 Routing Concepts .
For a WAN interface, you can configure the parameters for each WAcall. Refer to Step 3 of “Configuring Individual WAN Calls” on page 215
4. Press Esc until you are prompted to save your changes, then select Yes .
5. Press Esc to return to the Internetworking Configuration menu.
6. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Configuring OSPF
OSPF was developed to satisfy the need for a scalable, open-standards roprotocol for large IP internetworks. It is a link state protocol that provides highly efficient routing and fast convergence.
OSPF makes large internetworks more manageable by enabling you to partition them into administrative domains called areas . Areas impose a hierarchy to the internetwork. All OSPF areas are connected to a central backbone area by an Area Border Router (ABR). The ABR shares OSPF routing information between the area and the backbone.
When configuring an OSPF area, you assign to it a 4-byte decimal numbecalled the Area ID . You also indicate which of the router's network interfacbelong to the area and whether the area is a stub area .
Novell Internet Access Server 4.1 routing software supports the use of virtual links between OSPF routers. A virtual link patches together a partitioned backbone. It creates a direct point-to-point link between the ABRs that conthe partitioned backbone areas through the transit area .
Chapter 11: Configuring IP 231
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
r uter
t for e
type t to oice,
call tead
Warning Because of the complexity and high probability of misconfiguring virtual links, we recommend against using them on your network.
Most IP internetworks in use today are not pure OSPF networks; that is, portions of these internetworks still employ other routing protocols, such as RIP. OSPF uses an Autonomous System Boundary Router (ASBR) to import and propagate routing information from these protocols. ASBRs are always located on the border of an OSPF domain. When configuring OSPF, you can enable your router to operate as an ASBR. For an ASBR to import RIP routes learned through an interface, RIP must be enabled on that interface.
Each OSPF router has its own Router ID , a 4-byte number that uniquely identifies the router and enables it to participate in informational exchanges with neighboring routers. The default Router ID is the IP address of the first interface bound to IP on the router. Although NIASCFG enables you to change the Router ID, you should use the default unless you need a simpler numbering scheme for administrating several hundred routers on an internetwork.
Warning If you are using an unnumbered point-to-point interface, we recommend that you configure a unique router ID.
Optionally, OSPF can be configured to authenticate its packets by providing an authentication key —an 8-byte, alphanumeric password—in each OSPFpacket header. OSPF authentication gives you administrative control ovewhich routers participate in link state exchanges on the internetwork. A rowithout proper authentication is excluded from these exchanges and, essentially, from performing any OSPF routing whatsoever. Novell InterneAccess Server 4.1 routing software enables you to provide authenticationan area and to provide an authentication key for each network to which throuter is connected. By default, authentication is turned off.
OSPF enables you to assign a cost value to each network interface you configure. This enables you to establish a preferred route according to theof network media connected to the interface. For example, you might wanincrease the cost of an interface that uses a slow link so that, given the chOSPF uses the interface to a faster, less costly link.
Like RIP, OSPF can run over most WAN connections, depending on whichtype you use. On-demand calls, for example, typically use static routes insof an active routing protocol.
Warning An active routing protocol, such as OSPF, should not be used on an on-demand link because it will periodically bring up the link and will cause the link to continue to stay up.
232 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
stics IP sary,
rk
to
Permanent calls on an IP network typically use a routing protocol, such as OSPF or RIP, to communicate routing information. However, they can also use static routes to conserve bandwidth. OSPF can also run over a nonbroadcast multiaccess network, such as X.25 or frame relay, but you must provide the IP address of the peer OSPF router at the other end of each connection. For more information about configuring OSPF for use over WAN connections, refer to “Assigning OSPF Neighbors” on page 223
Warning Novell Internet Access Server 4.1 routing software enables you to run OSPF and RIP on the same router, but under normal circumstances, you should run them separately on different interfaces. Although an ASBR must run both protocols so that it can import RIP routes and propagate them to other OSPF routers, you should not run both on too many other routers in your OSPF domain. Doing so consumes additional network bandwidth and router memory, and might even create routing loops.
For additional information about OSPF and related topics, refer to Novell Internet Access Server 4.1 Routing Concepts .
How to Configure OSPF
The extent to which you must configure OSPF depends on the characteriof your network, such as its size and topology, and whether it uses other routing protocols besides OSPF. To help you configure only what is necesthis section provides the following procedures:
• Basic OSPF configuration
• Advanced OSPF configuration
Basic OSPF Configuration
To enable OSPF routing on the router and to configure OSPF on a netwointerface, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > TCP/IP
2. Select the OSPF field, then select Enabled .
This action enables OSPF routing globally on the router. If you wantdisable OSPF routing on a single interface, set the Status parameter to Disabled as described in Step 3 .
Chapter 11: Configuring IP 233
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
er
3. Press Esc repeatedly to return to the Internetworking Configuration menu, then select the following parameter path:
Select Bindings > an existing binding > OSPF Bind Options
The Status field indicates whether OSPF routing is active on this interface. OSPF routing is enabled by default; to disable OSPF routing only on this interface, select Status , then select Disabled .
The OSPF Bind Options menu also includes the following parameters:
• Cost of Interface
• Area ID
• Priority
• Authentication Password
• Hello Interval
• Router Dead Interval
• Neighbor List
Important Because the default settings for these parameters are suitable for most IP networks, you should change them only for a specific purpose. Misconfiguring these parameters can increase routing traffic or cause loss of connectivity on your network. If you are unfamiliar with these parameters, refer to Novell Internet Access Server 4.1 Routing Concepts .
The Neighbor List parameter is used when you want to run OSPF ova WAN connection that uses multiaccess mode. Configuring this parameter is explained in “Assigning OSPF Neighbors” on page 223
4. Press Esc until you return to the Internetworking Configuration menu. Select Yes if you are prompted to save your changes.
5. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Advanced OSPF Configuration
To configure advanced OSPF features, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > TCP/IP
234 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
this erated SPF
PF. n
u d is
or es
2. Select OSPF Configuration .
The OSPF Configuration menu is displayed. This menu includes the following parameters:
• Router ID
• Virtual Link Configuration
• IP Load Sharing
Important Most network configurations do not require you to change these parameters. To learn how the parameters are used, refer to Novell Internet Access Server 4.1 Routing Concepts .
3. To configure an ASBR, select Autonomous System Boundary Router , then select Enabled .
Enabling this parameter enables the router to operate as an ASBR. Incapacity, the router advertises non-OSPF routes, such as those genby RIP and EGP. In addition, static routes and direct routes to the Odomain are advertised. This is necessary to preserve connectivity throughout an internetwork that uses routing protocols other than OSThis parameter should be configured only on routers that connect aOSPF area to an area that uses a different routing protocol.
Note Do not enable this parameter on an internetwork that uses only OSPF. Doing so causes unwanted traffic on the route. Refer to Novell Internet Access Server 4.1 Routing Concepts for more information about when to enable this parameter.
4. To configure an OSPF area, select Area Configuration . Otherwise, go to Step 11 .
The OSPF Areas menu is displayed.
This menu lists the IDs of all areas to which the router belongs. If yohave not configured an OSPF area on this router, the only area liste0.0.0.0, the backbone area .
5. Select an existing area or press Ins to create a new area.
The OSPF Area Configuration menu is displayed.
6. Configure the following area parameters:
• Area ID —Four-byte decimal number that identifies the area. Fexample, a valid Area ID is 85.8.0.11. However, the Area ID do
Chapter 11: Configuring IP 235
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
or
es
t
the
a.
not have to be an IP address. You can enter any number, but it must be in the format of an IP address. If you enter a hexadecimal number, NIASCFG converts it to decimal.
For the router to belong to an area, the Area ID that identifies that area must be assigned to at least one of the router’s interfaces. You assign an Area ID to an interface in Step 8 .
• Authentication —Switch that enables or disables authentication fthe area.
If you enable authentication on this router, you must enable authentication on all other routers in the area. Also, all interfacbelonging to that area must have an authentication key . You provide the authentication key in Step 8 .
• Route Aggregation —Network number of a group of networks thais aggregated into one network number. Press Ins to assign the Network and Mask values of this network number. Because supernetting is not supported, the aggregated network must besame length as the natural mask of the network class.
• Area Type —Type of OSPF area, which can be Normal or Stub . All routers in the same area must agree on the area type.
Note The backbone area (0.0.0.0) cannot be a stub area.
• Stub Cost —Cost of the default route advertised to the stub areThis parameter is used only if the Area Type is set to Stub .
7. Press Esc until you are prompted to save your changes, then select Yes .
8. Press Esc until you return to the Internetworking Configuration menu, then select the following parameter path:
Select Bindings > an existing binding > OSPF Bind Options
9. If you are configuring an OSPF area, configure the following area parameters:
• Area ID —ID of the area to which this interface belongs. PressEnter to determine the list of available areas. Use the Up-arrow and Down-arrow keys to select an area, then press Enter to select it.
236 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
his
ter to s ide sult,
ual-
• Authentication Password —Eight-byte password that authenticates the router's OSPF packets to the area to which tinterface belongs. Valid characters are 0 to 9, A to Z, a to z, underscore, and dash.
This parameter is required only if you enabled the Authentication parameter for the area you select, as described in Step 6 on page 235 .
Important Not all interfaces within the same area are required to have the same authentication key; however, all interfaces connected to the same network must have the same authentication key.
10. Press Esc until you are prompted to save your changes, then select Yes .
11. Press Esc to return to the Internetworking Configuration menu.
12. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Configuring Load Sharing over Equal-Cost OSPF Routes
IP maintains multiple equal-cost OSPF routes. Load sharing enables a roudivide traffic over equal-cost routes. The router can have several next hopavailable toward any destination. With this configuration, the router can divthe traffic among the various equal-cost routes to the destination. As a reload sharing increases the effective bandwidth of an end-to-end path. In addition, it can improve the traffic distribution on an internetwork.
Note Load sharing is performed only on equal-cost routes learned from OSPF.
You enable load sharing within OSPF. IP maintains a maximum of four eqcost routes to each destination network. The OSPF equal-cost routes aremaintained internally and are not displayed in TCPCON.
Important Because OSPF networks tend to be large and complex, we recommend that you do not manually adjust the cost of the interface to create equal-cost routes. It is best to let OSPF automatically determine the equal-cost routes to the destination network.
How to Configure Load Sharing
To configure load sharing on the router, complete the following steps:
Chapter 11: Configuring IP 237
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
tic
ng
8
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > TCP/IP
2. Select OSPF .
Select Enabled to enable OSPF.
3. Select OSPF Configuration .
4. Select IP Load Sharing , then select Enabled .
This action activates the load-sharing feature.
5. Press Esc until you are prompted to save your changes, then select Yes .
6. Press Esc to return to the Internetworking Configuration menu.
7. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Configuring Static Routes for LANs
Static routes are useful if you want to do any of the following on your network:
• Eliminate routing traffic, which increases the bandwidth available fordata.
• Limit user access to one portion of the network. For example, if a staroute for a network is configured on a router, any packets that are received by the router are forwarded only to the destination networkspecified by that static route.
• Gain access to isolated areas of the network, which is useful if dealiwith legacy network topologies.
• Gain access to a network more than 15 hops away.
• Use a static route as a backup route to dynamic routes.
Important Use this procedure to configure static routes when the next hop router is on the same LAN as the router you are configuring. When the next hop router is across a WAN connection, refer to “Configuring Static Routes for WAN Connections” on page 21
238 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
t is,
e
ps
n st
the
t
t of
o ost
How to Configure a LAN Static Route
To configure a static route for a LAN, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > TCP/IP
2. Configure the following static route parameters:
• LAN Static Routing —Enables LAN static routing on the router.
Select this field, then select Enabled .
• LAN Static Routing Table —Entry point to the LAN static route configuration parameters.
Press Ins and configure the following parameters:
Route to Network or Host —Destination at the other end of the static route, which can be a single IP host or an IP network (thaa group of hosts). Or, you can select Default Route . If the router must forward a packet for which it can find no destination in itsrouting table, it sends the packet to the address specified by thnext hop for the default route. This type of blind forwarding keea packet on the network until a router can forward it to its final destination.
IP Address of Network/Host —Enter the address of the destinationetwork or host. To select from a list of symbolic network or honames and addresses, press Ins . The list of symbolic network names and addresses comes from the SYS:\ETC\NETWORKSfile. The list of symbolic host names and addresses comes fromSYS:\ETC\HOSTS file.
Subnetwork Mask —If the destination is an IP network, the subnemask of that network.
Next Hop Router on Route —Explicit destination of the next hop.
Enter the IP address of the next-hop router. To select from a lissymbolic hostnames and addresses, press Ins .
Metric for this route —Number of hops to the destination. This metric is directly proportional to the cost of the route. Given twroutes to the same destination, the router chooses the lower-croute.
Chapter 11: Configuring IP 239
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
for
s ects ops ger
t ute es
e
If you want to use the static route as a backup route to a dynamic route, select a value that is higher than the cost associated with the dynamic route. This selection ensures that the dynamic route remains the preferred route under typical conditions.
Do not set this metric value to 16 unless you want to disable the route.
Type of route —Specify whether the static route is Active or Passive . This parameter specifies whether the next hop router this route actively advertises the route to this network.
Usually, static routes are not advertised and are categorized apassive routes. When a route is marked as active, TCP/IP expthe next hop router to advertise the route regularly. If a router stadvertising an active route, TCP/IP assumes the route is no lonavailable and deletes it from the routing table.
If the static route is active and the router discovers a lower-cosdynamic route to the same destination, it uses the lower-cost roinstead of the active static route. If the lower-cost route becomunavailable, the router returns to using the active static route.
If you want to use the static route as a backup route, select Active .
A passive static route is always used, regardless of whether throuter discovers a lower-cost route to the same destination.
3. Press Esc twice, then select Yes to save your changes.
4. If you want to disable the routing protocol on this interface to reduce routing traffic, complete the following steps:
4a. Select the following:
Select Bindings > an existing binding
4b. Select RIP Bind Options .
Select Status > Disabled
4c. Press Esc, then select OSPF Bind Options .
Select Status > Disabled
5. If your router has multiple interfaces and you want to disable them, repeat Step 4 .
240 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
t ast
6. Press Esc until you are prompted to save your changes, then select Yes .
7. Press Esc to return to the Internetworking Configuration menu.
8. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Configuring Router Discovery
Both IP routers and end nodes can use the ICMP Router Discovery Protocol. Routers use it to advertise themselves as an IP router and to answer queries from end nodes. End nodes use it to locate an IP router on their network. Your system acts as a router when Packet Forwarding is enabled for IP, and acts as an end node when Packet Forwarding is disabled for IP.
Note For an end node to locate an IP router by this method, it must also support the ICMP Router Discovery Protocol.
How to Configure Router Discovery
To configure router discovery on an interface, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > an existing binding > Expert TCP/IP Bind Options > Router Discovery Options
2. Select the Status field, then select Enabled .
3. Select Destination Address .
This is the method by which the IP router or end node sends router discovery packets. Select one of the following options:
• Broadcast —Sends the packets to all nodes on the network.
• Router Discovery Multicast —Sends the packets to an IP multicasaddress used specifically for router discovery exchanges. Thepackets are received only by nodes that understand this multicaddress.
Chapter 11: Configuring IP 241
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
4. Press Esc until you are prompted to save your changes, then select Yes .
5. Press Esc to return to the Internetworking Configuration menu.
6. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Configuring ARP and Proxy ARP
IP routers and end nodes use ARP to determine the physical address of a node to which they want to send a packet. ARP is enabled by default. For one node to send a packet to another, the sending node must know the physical address of the destination node. The sending node, knowing only the destination IP address, first checks its ARP table for an entry that maps the destination IP address to the destination physical address. If the sending node finds the entry, it inserts the physical address into the packet and sends it. If the sending node does not find the entry in its ARP table, it broadcasts an ARP address request to the network. The destination node replies to the request with its own physical address, which the sending node uses to send the packet and adds to its ARP table for future use.
An IP router uses Proxy ARP when devices attached to one of its interfaces do not support IP subnetting and are unaware that they must go through the router to reach devices on other subnets of the same IP network. A router using Proxy ARP replies to ARP requests intended for devices on other subnets, but does so only if the device is reachable through the router. To determine whether the device is reachable, the router examines its own routing table.
Proxy ARP is required on the parent network of a stub subnet. The parent network has an IP address range that includes the IP address range of the stub subnet. The router responds to ARP requests sent on the parent network on behalf of devices on the stub subnet.
When both the parent and stub subnet are bound to IP interfaces, the router can detect the parent/stub subnet and automatically enable Proxy ARP for the appropriate interfaces. Even if Proxy ARP is not required, and not automatically enabled, you can still force it to be enabled with the Force Proxy ARP parameter.
You must enable Force Proxy ARP on each LAN interface on which the router must reply to ARP requests for destinations it can reach.
242 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Force Proxy ARP is disabled on each interface by default. For more information, refer to Novell Internet Access Server 4.1 Routing Concepts .
How to Disable ARP
To disable ARP on a LAN network interface, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > an existing binding > Expert TCP/IP Bind Options
2. Select Use of ARP , then select Disabled .
3. Press Esc until you are prompted to save your changes, then select Yes .
4. Press Esc to return to the Internetworking Configuration menu.
5. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
How to Enable Proxy ARP
To enable Proxy ARP on a network interface, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings > an existing binding > Expert TCP/IP Bind Options
2. Select Force Proxy ARP , then select Enabled .
3. Press Esc until you are prompted to save your changes, then select Yes .
4. Press Esc to return to the Internetworking Configuration menu.
5. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Chapter 11: Configuring IP 243
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
d—
rd the
lete
takes
Configuring Directed Broadcast Forwarding
A directed broadcast is a broadcast intended for all nodes on a non-local network. For example, the broadcast address 255.255.255.255 reaches all nodes on a network; the directed broadcast address 128.1.255.255 is intended for all nodes whose network address is 128.1.0.0. A router not directly attached to 128.1.0.0 simply forwards the directed broadcast packet to the next hop. A router on network 128.1.0.0—if it has directed broadcast forwarding enableaccepts and forwards the packet to all nodes whose network address is 128.1.0.0. Routers connecting subnets of 128.1.0.0 also accept and forwapacket to the nodes on their respective subnets.
Important For all nodes on network 128.1.0.0 to receive the directed broadcast, each router attached to network 128.1.0.0 must have Directed Broadcast Forwarding enabled.
How to Enable Directed Broadcast Forwarding
To enable the router to forward directed broadcasts for its network, compthe following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > TCP/IP > Expert Configuration Options
2. Select Directed Broadcast Forwarding , then select Enabled .
3. Press Esc until you are prompted to save your changes, then select Yes .
4. Press Esc to return to the Internetworking Configuration menu.
5. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Configuring Source Route Packet Forwarding
Using source route packets enables you to determine the route a packet to reach its destination. This feature is disabled by default.
244 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
How to Enable Forwarding Source Route Packets
To permit forwarding source route packets, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > TCP/IP > Expert Configuration Options
2. Select Forward Source Route Packets .
Select Enabled to permit forwarding IP source route packets.
3. Press Esc until you are prompted to save your changes, then select Yes .
4. Press Esc to return to the Internetworking Configuration menu.
5. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Configuring BOOTP Forwarding
BOOTP is a protocol that enables end nodes to receive their IP addresses from a BOOTP server at startup time. If your internetwork has a BOOTP or DHCP server, you can configure your IP router to accept and forward BOOTP or DHCP requests to that server.
How to Configure the Router as a BOOTP Forwarder
To configure the router as a BOOTP forwarder, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > TCP/IP > Expert Configuration Options > BOOTP Forwarding Configuration
2. Select BOOTP Server List , then press Ins .
3. Enter the IP address of the BOOTP or DHCP server at the prompt, or press Ins to display a list of symbolic hostnames and addresses from the SYS:\ETC\HOSTS file.
Chapter 11: Configuring IP 245
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
itor en
s
he ing
The server address appears in the BOOTP Servers screen.
4. Press Esc .
5. Select BOOTP Packet Forwarding , then select Enabled .
6. If you want to record the activity of the BOOTP forwarder, select Log Operation , then select one of the following options:
• Log to BOOTP Screen —Logs BOOTP activity to the BOOTP screen. This is a separate screen that you can select and monfrom the NetWare console. The information logged to this screis not saved to a file.
• Log to File —Logs BOOTP activity to the SYS:\ETC\BOOTP.LOG file by default.
To use a different file, type its full path name in the Log File field.
7. If you do not want to record the activity of the BOOTP forwarder, select Do Not Log .
8. Press Esc until you are prompted to save your changes, then select Yes .
9. Press Esc to return to the Internetworking Configuration menu.
10. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Configuring EGP
The Exterior Gateway Protocol (EGP) is an exterior routing protocol that isupported by the TCP/IP software. Exterior routing protocols exchange information between different Autonomous Systems (ASs). The local EGPgets the information about its own AS from the local Interior Gateway Protocols (IGPs). Usually, exterior routing protocols are used only when different companies or commercial services are being connected.
The information EGP receives from the IGP must be explicitly configured. Texterior routing protocol shares only the information specified in the outgoroute filters. This is desirable because you generally want to limit the information exchanged between different ASs.
246 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
he
e
the
or
e
To enable the EGP, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > TCP/IP > Expert Configuration Options
2. Select EGP , then select Enabled .
3. Select EGP Configuration . Configure the following parameters:
• Autonomous System —Enter the autonomous system number. Itidentifies the autonomous system to which the router belongs. Trouter establishes an EGP neighbor relationship with routers inother autonomous systems.
• Maximum Neighbors to Acquire —Enter the maximum number ofconcurrent EGP neighbors with which this router can exchangEGP network reachability information.
• Neighbor List —Select this field to add, modify, or delete EGP neighbors. This router attempts to establish a relationship with configured EGP neighbors to exchange network reachability information. Press Ins . Configure the following parameters:
Neighbor’s Address —Press Ins to display a list of symbolic hostnames from the SYS:\ETC\HOSTS file. Select a host hereenter the address.
Neighbor’s Autonomous System —Enter the number of the autonomous system to which this EGP neighbor belongs. Therouter is able to be a neighbor with the EGP peer only when throuter and the EGP peer are in different autonomous systems.
4. Press Esc until you are prompted to save your changes, then select Yes .
5. Press Esc to return to the Internetworking Configuration menu.
6. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Chapter 11: Configuring IP 247
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
rk
ng
e each
o the
s. For t be
Configuring Multiple Logical Interfaces
Novell Internet Access Server 4.1 routing software enables you to bind more than one IP network to a LAN board—or a WAN board with the WAN netwomode set to multiaccess. The networks can operate as separate logical interfaces. The ability to configure multiple logical interfaces simplifies thetask of managing a growing network in the following ways:
• You can merge network when a there is a router failure.
For a description, refer to “Merging Two Networks When the ConnectiRouter Fails” on page 248
• You can move hosts from one IP network to another without losing connectivity.
For a description, refer to “Reassigning IP Addresses” on page 249
• You can add new nodes to a nearly full subnet.
For a description, refer to “Adding New Nodes to a Full Subnet” on page 250
To attach more than one IP network to a LAN or WAN board, bind IP to thboard as many times as necessary; then supply a different IP address fornetwork.
Important To attach more than one IP network to a WAN board, the WAN network mode must be set to Multi-Access .
Configuring multiple logical interfaces is different from multihoming, whichenables you to bind multiple addresses belonging to the same IP network tsame interface or different interfaces. To configure multihoming, refer to “Multihoming” on page 250
Merging Two Networks When the Connecting Router Fails
Suppose a router that connects IP networks 130.81.0.0 and 167.10.0.0 failsimplicity, assume that the physical medium is Ethernet. If the router cannorepaired quickly, you can temporarily fix the problem by completing the following steps:
1. Join the two networks into a single network segment using a barrel connector, a repeater, or other appropriate means.
248 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
2. Find an operating Novell Internet Access Server 4.1 system connected to the joined network.
3. Load NIASCFG and select the following path:
Select Configure NIAS > Protocols and Routing > Protocols > TCP/IP
4. Set IP Packet Forwarding to Enabled (Router) .
5. Press Esc until you are prompted to save your changes, then select Yes .
6. Press Esc to return to the Internetworking Configuration menu.
7. Select Bindings , then bind IP to the joined network twice.
7a. Select an existing binding to an interface connected to the joined network.
7b. Set Local IP Address to an available host address on the first network.In this example, enter an available host address on the 130.81.0.0 network.
7c. Press Esc , then save your change when prompted.
7d. Press Ins to create a new binding and select the same interface connected to the joined network.
7e. Set Local IP Address to an available host address on the second network.In this example, enter an available host address on the 167.10.0.0 network.
8. Press Esc until you are prompted to save your changes, then select Yes .
9. Press Esc to return to the Internetworking Configuration menu.
10. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
Reassigning IP Addresses
Suppose you must change network number 89 to 130.57. If the system does not have multiple logical interfaces, you must change all IP addresses on network 89 at the same time or lose connectivity to any host that did not have its address
Chapter 11: Configuring IP 249
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
changed. With multiple logical interfaces, you can assign the new IP addresses gradually. Networks 89 and 130.57 can coexist on the same network segment until the transition is complete. The router interfaces, attached to both logical networks, forward packets for each network and route packets between the two.
Adding New Nodes to a Full Subnet
Suppose you want to add several new nodes to a subnet that has no more available IP addresses. Assume that the network has enough free connectors available to physically attach the nodes.
First, you assign a new subnet number to the cable so that both subnets share the cable. Then to add new nodes, you bind their IP address to the new logical subnet. The router whose interface is bound to both subnet addresses provides connectivity between the two subnets and to the rest of the internetwork.
Multihoming
Multihoming enables a system to assume multiple IP addresses on the same network. A secondary IP address can be configured on the same interface that has the primary IP address, or a secondary address can be configured on a different interface. When multiple interfaces exist, the secondary address is associated with the interface that is bound to an address that is on the same network. If the secondary address is not valid on any of the networks bound to existing interfaces, the address is rejected and an error message is produced.
When multihoming is used with the proxy server, Virtual Private Network (VPN), or Network Address Translation (NAT), the secondary addresses must be configured manually as described in this section.
To configure secondary IP addresses, complete the following steps:
1. Load NIASCFG and select the following path:
Select Configure NIAS > Protocols and Routing
2. If you have not done so previously, configure TCP/IP under Protocols and assign one IP address to an interface under Bindings .
3. Press Esc until you are prompted to save your changes, then select Yes .
250 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
ave
to
ed by .
your
ique.
e to ses
your
4. Select the following parameter path:
Select Manage Configuration > Edit AUTOEXEC.NCF
5. Add a secondary IP address by entering the following command at the end of the file:
add secondary IPAddress x.x.x.x
6. To delete or display secondary IP addresses, press Alt + Esc to display the server console prompt.
You can delete the secondary IP address by entering the following command:
del secondary IPAddress x.x.x.x
You can display the secondary IP addresses by entering the following command:
display secondary IPAddress
Configuring Network Address Translation
Network Address Translation (NAT) has two main applications:
• It can be used to allow IP clients on your private network that do not hglobally unique registered addresses to access the Internet.
• It can be used to limit the access clients on the public network haveresources on your private network.
To access the Internet, a client must have a globally unique address assignthe Internet Assigned Numbers Authority (IANA) or other Internet registryHowever, because the depletion of registered IP addresses, it might be impractical to reassign globally unique IP addresses to all the systems onprivate network. NAT solves this problem by automatically reassigning a globally unique address to any client that accesses the Internet through aparticular router interface. Using NAT enables the clients on your private network to access the Internet even if their IP addresses are not globally un
NAT can also be used to limit the access clients on the public network havresources on your private network. By configuring NAT to translate addresonly for the private hosts that you want to be accessed from clients outsideprivate network, access to all other resources on your network is denied.
Chapter 11: Configuring IP 251
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ing on
its
erent
er
NAT can be configured to operate in one of three modes: dynamic only, static only, and a combination of dynamic and static. Dynamic mode is used to allow clients on your private network to access the Internet. Static mode is used to allow clients on the public network to access selected resources on your private network or is used to allow certain private hosts to access public hosts. The combination mode is used when all three functions are required. For more information about the NAT operating modes, refer to Novell Internet Access Server 4.1 Routing Concepts .
In addition to IP address translation, using NAT has the following advantages:
• In dynamic mode, NAT enables you to access the Internet without havto obtain and reassign a globally unique IP address for each systemyour private network.
• NAT enhances the level of security of your private network by hiding private addresses.
• In dynamic mode, NAT permits an almost unlimited number of usersaccess to the Internet using just one network address because a diffport number is used for each user who is connected to the Internet.
• NAT acts as a filter, allowing only certain outbound and inbound connections. The type of filtering that occurs is determined by whethNAT is configured to operate in dynamic or static mode. For more information about NAT filtering , refer to Novell Internet Access Server 4.1 Routing Concepts .
• NAT provides the functionality of a proxy server without the extra administrative overhead and the need for special client software.
Note Multicast and Broadcast packets are not translated by NAT.
How to Configure Network Address Translation
To enable and configure NAT on a LAN or WAN interface, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Bindings
252 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
2. Select the LAN or WAN interface that connects your router to the Internet or other public network.
3. Select Expert TCP/IP Bind Options .
4. Select Network Address Translation .
5. Set Status to Dynamic Only , Static Only , or Static and Dynamic .
Dynamic Only mode is used to map private network addresses to a well-known public network address. In this mode, all TCP, UDP, and ICMP packets have their source or destination address (depending on the direction) translated. The public address used for this translation is primary IP address of the NAT interface, which is specified in the Local IP Address parameter.
Static Only mode is used for permanent one-to-one mapping of the public registered IP addresses to local IP addresses inside the private network. Static address translations are recommended for internal network service hosts, such as an FTP server or World Wide Web server.
The combination mode (Static and Dynamic) is used if some hosts on your network require dynamic address translation and other hosts require static address translation. You can use both methods concurrently by selecting Static and Dynamic .
For more information about the dynamic, static, and combination modes, refer to Novell Internet Access Server 4.1 Routing Concepts .
6. If you selected Static Only or Dynamic and Static , select Network Address Translation Table , and press Ins .
Enter the IP address of a private host that you want to be accessed by public hosts through this interface. Next, enter the public addresses to which the private address is mapped. Repeat this process for each private host necessary.
The public addresses can be on the same network or subnetwork as the primary IP address, or they can be on a different network or subnetwork.
Each private host address can be mapped to only one public host address, in their direction. To access IP hosts using the public address within the private network, the static address pair should specify the same address for both the public and private addresses.
Chapter 11: Configuring IP 253
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
For addresses that are on a different network or subnetwork, static routes should be added to enable inbound packets to reach their destinations on the private network. Also, you must add static routes on your external router so that packets that are destined to one of the public addresses can be routed to the NAT interface.
7. Press Esc until you are prompted to save your changes, then select Yes .
8. Press Esc to return to the Internetworking Configuration menu.
9. If you want these changes to take effect immediately, select Reinitialize System and select Yes to activate your changes.
254 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
12 Con
figuring AppleTalkThe AppleTalk for NetWare® protocol offers a set of configurable parameters
64
k for col rface
r a our
you can use to modify the default characteristics of the protocol, to configure it to run over a WAN connection, or to configure it to run over an IP tunnel.
To configure AppleTalk for the Novell® Internet Access Server 4.1 routing software, you must enable the protocol, set its various options, and bind the protocol to a network interface. To configure or change any AppleTalk options, run the Novell Internet Access Server Configuration utility (NIASCFG).
This chapter covers advanced configuration concepts and procedures for AppleTalk, and includes the following sections:
• “AppleTalk Configuration Decisions” on page 255
• “Configuring Basic AppleTalk Parameters” on page 259
• “Configuring Your PC Router as an AppleTalk End Node” on page 2
• “Configuring AppleTalk for LAN Connections” on page 265
• “Configuring AppleTalk for WAN Connections” on page 267
This chapter helps you configure basic and advanced options for AppleTalNovell Internet Access Server 4.1. During basic configuration, default protoparameters were set and the network protocols were bound to network inteboards.
For information about general AppleTalk concepts, refer to Novell Internet Access Server 4.1 Routing Concepts .
AppleTalk Configuration Decisions
This section provides you with the information you need to decide whethefeature is useful in your environment and how to configure a feature to fit y
Chapter 12: Configuring AppleTalk 255
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
k de.
Talk
”
e
such ing.
on
. For ace
needs. How you configure AppleTalk beyond the most basic configuration depends on the following decisions:
• Whether to use the computer as a router or as an end node
The Packet Forwarding parameter controls AppleTalk routing. Enablethis parameter if you want your computer to operate as an AppleTalrouter. Disable it if you want your computer to operate as an end no
Select an end node configuration only if you are using AppleTalk forNetWare to support applications and you already have another Applerouter that provides connectivity to other networks.
For more information, refer to “Enabling Expert Configuration Optionson page 263
• Whether your network supports Phase 1 or Phase 2 routing
The Type of Packet Forwarding option you select depends on the typeof AppleTalk routing your network supports. The default is Phase 2 . Select Transition (Phase 1 and Phase 2) if you need to connect to Phase1 routers.
The type of AppleTalk routing your network supports depends on thtype of media used. An extended network, such as EtherTalk 2.0, supports both Phase 1 and Phase 2 routing. Nonextended networks,as LocalTalk, ARCnet, and EtherTalk 1.0, support only Phase 1 rout
For more information, refer to “Configuring Basic AppleTalk Parameters” on page 259
• Whether to use an internal network
The Internal Network , Network Number , and Network Zone(s) List parameters let you configure an internal network to enable applicatisupport on the internal network.
For more information, refer to “Configuring an Internal Network” on page 261 and Novell Internet Access Server 4.1 Routing Concepts .
• If you are configuring a WAN connection, whether to use a permanent or an on-demand link .
Determine whether the interface to which you are binding AppleTalkshould bring up a permanent or an on-demand link to the remote peerpermanent connections, specify WAN call destinations for the interfduring binding configuration. For on-demand calls, specify an on-
256 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
nt
ame ent er
g:
,
the
y,
ses the n.
but The tion
ust
demand WAN call destination for the interface during binding configuration, then specify the static route configuration for that call destination.
Advantages of using on-demand connections include the following:
• On-demand WAN connections usually cost less than permaneWAN connections.
• After an on-demand connection terminates, you can use the sinterface to establish another on-demand connection to a differlocation. Unlike permanent WAN connections, no service providinvolvement is necessary to connect to a different destination.
Disadvantages of using on-demand connections include the followin
• On-demand connections are configuration-intensive; thereforethey are more prone to operator errors. You must list all the networks (through static routes) that users might need to get toother end of the connection.
• To prevent periodic routing traffic from keeping the on-demandconnection active continuously, static route configuration is required. Because static routes do not get updated dynamicallpackets are sent to a destination even if the actual network is disconnected or down temporarily.
• If, while using the Macintosh Chooser, a user accidentally browa zone located at the other end of an on-demand connection, connection will be brought up to retrieve the service informatioAs a result, unexpected cost is incurred.
• If a user connects to a file server over an on-demand connectionsends no data, the connection will not time out and disconnect. file server constantly sends tickle packets, keeping the connecactive.
To configure AppleTalk to run over an on-demand connection, you menable the Static Routes for On Demand Calls in the AppleTalk protocol configuration, and enter static routes for your on-demand call in Static Routes Configuration when configuring the WAN call destination during the binding configuration.
For more information, refer to “Configuring AppleTalk for LAN Connections” on page 265
Chapter 12: Configuring AppleTalk 257
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
r a ire
in
t es.
low
to
you ange
seed ork uter
ork
• If you are configuring a permanent WAN connection, whether to use an unnumbered point-to-point link, a numbered point-to-point link, or a multiaccess link
Unnumbered point-to-point links do not require a network number ozone name. Numbered point-to-point links and multiaccess links requa network number (or network range), zone(s) list, and peer addressconfiguration. AppleTalk for NetWare supports on-demand links onlythe unnumbered point-to-point mode.
Use unnumbered point-to-point when connecting two Novell InterneAccess Server 4.1 peers together. Select numbered point-to-point toconnect to third-party routers that do not support unnumbered schemSelect multiaccess to connect with a third-party router that requires multiaccess configuration using ATM, frame relay, or X.25 links.
Numbered and multiaccess link configurations are created only to alinteroperability with other AppleTalk router vendors that do not implement unnumbered point-to-point links.
For more information, refer to “Configuring Basic AppleTalk Parameters” on page 259
• Whether your router will be a seed router
A seed router propagates network and zone configuration informationother routers in the network. A non-seed router learns its configuration information from the seed router. The seeding state is configured individually for each interface.
At least one router on an AppleTalk network must be a seed router. If have more than one seed router on a network, the network number/rand zone(s) list configuration must be the same for all seed routers.
Non-seed routers learn the network number and zone name from a router on the network. Therefore, if you need to reconfigure the netwaddressing, you need to change the configuration only on the seed roand restart all the directly connected non-seed routers, rather than reconfiguring all the routers.
However, before restarting the routers with new configuration information, you must wait 10 minutes to make sure the changed netwand zone names are aged out from the internetwork.
258 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Configuring Basic AppleTalk Parameters
AppleTalk can be routed over a LAN or WAN by use of Novell Internet Access Server 4.1. You can configure AppleTalk to run over permanent or on-demand WAN connections, and provide application support through the internal network or on a bound LAN interface. The basic AppleTalk configuration parameters modify the default behavior of the protocol and how it is used for LAN or WAN connections.
Enabling AppleTalk
AppleTalk addressing consists of a network number and a node number. Each node dynamically acquires a unique 8-bit node number when it connects to the network. The node tries to use the same address when it connects to the network again. If that address is not available, it tries other numbers until it finds a unique address.
The network portion of the address, as well as the zone assignments, can be of two forms, depending on whether the network is an extended or a nonextended network.
When a nonextended network is used, you assign a single network number and a single zone name to each network. This limits the total number of nodes per network to 254 (nodes 0 and 255 are reserved).
When an extended network is used, you assign a network number range and a zone(s) list to each network. You can assign any contiguous range of network numbers between 1 and 65279 to a network segment. Each network number within the assigned range can support up to 253 nodes, which increases the theoretical limit of the number of nodes per network to greater than 16 million (nodes 0, 254, and 255 are reserved).
An AppleTalk zone is a logical grouping of devices that enables users to locate and access network services, such as printing. A zone name is a logical name associated with some or all of the services on a network or set of networks.
To enable AppleTalk and configure the basic AppleTalk parameters, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > AppleTalk
Chapter 12: Configuring AppleTalk 259
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
2. Select AppleTalk Status .
Select Enabled .
If you disable the AppleTalk Status parameter, the configuration of the protocol is saved, but AppleTalk is not active.
3. Select Packet Forwarding .
Select Enabled (Router) .
When the Packet Forwarding parameter is disabled, the system behaves like an end node and does not forward AppleTalk packets from one network to another.
Note Changing Packet Forwarding from Enabled to Disabled , or Disabled to Enabled , will cause all AppleTalk bindings to be deleted. As a precaution, you should write down the binding parameters for all AppleTalk bindings so that you can reconfigure them if necessary.
4. Select Type of Packet Forwarding .
AppleTalk for NetWare is a Phase 2 router. Select Transition mode if you must support Phase 1 AppleTalk routers. Otherwise, leave the default, Phase 2 , selected.
Once you select Transition , each extended network number must have a range of one and can have only one associated zone name.
If you want to configure other parameters, do so now. When you are finished, complete Step 5 and Step 6 .
5. If you want to save these changes, press Esc to exit AppleTalk, select Yes to save your changes, then press Esc again to return to the Internetworking Configuration menu.
6. If you want these changes to take effect immediately, select Reinitialize System from the Internetworking Configuration menu. Select Yes when prompted.
Enabling Packet Error Detection
Use this procedure to detect packet errors. We recommend that you leave DDP Checksum disabled under most circumstances.
To enable DDP Checksum , complete the following steps:
260 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
1. Follow the steps in “Enabling AppleTalk” on page 259
2. Select DDP checksum .
Select Enabled .
If you want to configure other parameters, do so now. When you are finished, complete Step 3 and Step 4 .
3. If you want to save these changes, press Esc to exit AppleTalk, select Yes to save your changes, then press Esc again to return to the Internetworking Configuration menu.
4. If you want these changes to take effect immediately, select Reinitialize System from the Internetworking Configuration menu. Select Yes when prompted.
Configuring an Internal Network
An internal network is a virtual network contained within the AppleTalk module. It has no physical components and it appears to the router as if it were one of a number of networks to which the router is connected. The internal network supports two nodes, the AppleTalk stack (node 1 on the internal network) and the AppleTalk router (node 2 on the internal network).
Packets must be routed from an external network interface to the internal network. Because the internal network requires an address, it takes up a network number. If you configure AppleTalk without configuring an internal network, to allow application support you must configure one of the bound LAN interfaces.
This procedure enables you to create an internal network; however, AppleTalk can operate without an internal network.
To configure an internal network, complete the following steps:
1. Follow the steps in “Enabling AppleTalk” on page 259
2. Select Internal Network .
Select Enabled .
3. Select Network Number .
Chapter 12: Configuring AppleTalk 261
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Assign a unique network number between 1 and 65279 to your internal network.
4. Select Network Zones List .
To add a zone to the list, press Ins and enter the name of desired network zones. You can enter up to 255 zone names. If your router uses transitional routing, it is allowed to use only one zone name. Each zone name can be up to 32 characters.
If you want to configure other parameters, do so now. When you are finished, complete Step 5 and Step 6 .
5. If you want to save these changes, press Esc to exit AppleTalk, select Yes to save your changes, then press Esc again to return to the Internetworking Configuration menu.
6. If you want these changes to take effect immediately, select Reinitialize System from the Internetworking Configuration menu. Select Yes when prompted.
Enabling Static Routes for On-Demand Calls
This procedure lets you set up static route configurations that AppleTalk recognizes.
To enable static routes for on-demand calls, complete the following steps:
1. Follow the steps in “Enabling AppleTalk” on page 259
2. Select Static Routes for On Demand Calls .
Select Enabled .
If you want to configure other parameters, do so now. When you are finished, complete Step 3 and Step 4 .
3. If you want to save these changes, press Esc to exit AppleTalk, select Yes to save your changes, then press Esc again to return to the Internetworking Configuration menu.
4. If you want these changes to take effect immediately, select Reinitialize System from the Internetworking Configuration menu. Select Yes when prompted.
262 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Enabling Expert Configuration Options
The Expert Configuration options allow you to configure advanced AppleTalk features, such as identifying the Protocol ID (PID) for third-party WAN router vendors. Use this option if your configuration involves a WAN connection connecting AppleTalk for NetWare with another vendor’s implementation of AppleTalk, such as the following:
• AppleTalk over frame relay
• AppleTalk over X.25
• AppleTalk over ATM
To enable the Expert Configuration options, complete the following steps:
1. Follow the steps in “Enabling AppleTalk” on page 259
2. Select the Expert Configuration Options menu.
Select Vendor Providing AppleTalk over X.25 on the Other Peer when you want to make an X.25 connection with another vendor. Depending on the vendor to whom you will connect, select Cisco , Novell , or Other . When you select Other , you are prompted to enter the vendor’s Protocol ID. Use the default (Novell ) unless the vendor does not use the standard Protocol ID.
Select Vendor Providing AppleTalk over X.25 on the Other Peer when you want to make this type of connection. Depending on the vendor to whom you will connect, select 3Com/Cisco , Novell , or Other . When you select Other , you are prompted to enter the vendor’s Protocol ID. Use the default (Novell ) unless the vendor does not use the standard Protocol ID.
Select Configure other WAN Media Type PID when you want to make a connection other than X. 25 or frame relay. The Other WAN media PIDs screen is displayed. Press Ins , then select a WAN media type.
Note It is not possible to configure more than one Protocol ID for each WAN media type. That is, the same Novell Internet Access Server 4.1 router cannot connect to routers using different Protocol IDs for X.25 at the same time.
If you want to configure other parameters, do so now. When you are finished, complete Step 3 and Step 4 .
Chapter 12: Configuring AppleTalk 263
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
nce er
tion. the
uld
ort
3. If you want to save these changes, press Esc to exit AppleTalk, select Yes to save your changes, then press Esc again to return to the Internetworking Configuration menu.
4. If you want these changes to take effect immediately, select Reinitialize System from the Internetworking Configuration menu. Select Yes when prompted.
Configuring Your PC Router as an AppleTalk End Node
The Novell Internet Access Server 4.1 routing software allows you to turn off, or disable, AppleTalk routing on a dedicated router or NetWare file server. A NetWare system with AppleTalk routing disabled operates as an AppleTalk end node. If you are using AppleTalk for NetWare only to support applications on a LAN, and you already have another AppleTalk router that provides connectivity to other networks, an end node configuration has the following characteristics:
• An end node does not periodically broadcast routing table maintenaprotocol packets. More network bandwidth can be used for data raththan for routing traffic.
• An end node does not require any network number or zone configuraIt assumes the network number and zone from the network to whichAppleTalk interface is connected.
For AppleTalk to support file and print services, NetWare for Macintosh shobe installed before Novell Internet Access Server 4.1.
Features such as filtering, WAN support, AURP, and internal network suppare available only if AppleTalk for NetWare is configured as a router.
How to Configure Your PC Router as an AppleTalk End Node
To turn off AppleTalk routing and configure AppleTalk as an end node, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing
2. Configure the LAN board.
264 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
e,
For information about configuring boards, refer to Chapter 2, “Configuring Drivers and Board Parameters,” on page 29
3. Select the following parameter path:
Select Protocols > AppleTalk > Packet Forwarding > Disabled
When packet forwarding is disabled, the system does not route AppleTalk packets from one network to another.
Note Because all previous AppleTalk bindings will be deleted after changing Packet Forwarding to Disabled , make sure AppleTalk is bound to a network interface. When you configure AppleTalk as an end node, you can bind AppleTalk to only one LAN interface. If you want the application services to be registered in a zone other than the default zone, in the binding menu enter the name of the zone in which you want the services to be registered.
Configuring AppleTalk for LAN Connections
To configure AppleTalk for a LAN connection and bind it to a LAN interfaccomplete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing
2. Configure the LAN board.
For information about configuring boards, refer to Chapter 2, “Configuring Drivers and Board Parameters,” on page 29
3. Configure the basic AppleTalk options, including Type of Packet Forwarding , Filtering Support , and Internal Network , if necessary.
For information about these AppleTalk options, refer to “ConfiguringBasic AppleTalk Parameters” on page 259
4. Select the following parameter path:
Select Bindings > press Ins > a network interface
Note You must enable and configure AppleTalk before you can bind AppleTalk to an interface.
5. Configure the following options:
Chapter 12: Configuring AppleTalk 265
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
5a. Select Network Range and Zone configuration to establish whether this is a seed or non-seed router.
Note At least one router on the network must be a seed router. The seeding state is configured individually for each interface.
The network and zone configuration is propagated through seed routers . A seed router can teach other routers on a network about the network number or range and zone configuration. A non-seed router (or learning router ) learns its configuration information from the seed router.
For a nonextended network, the seed router is configured with the network number and zone name for the network. For an extended network, the seed router is configured with a network range and a zone(s) list for the network.
For more information about seeding, refer to Novell Internet Access Server 4.1 Routing Concepts .
5b. Select the type of AppleTalk network.
An extended network supports a network range and multiple zones. A nonextended network supports one network number and one zone.
On an extended network, such as EtherTalk 2.0, each network number within the assigned range can support up to 253 nodes. (Node numbers 0, 254, and 255 are reserved.)
On a nonextended network, such as LocalTalk, ARCnet, and EtherTalk 1.0, the total number of nodes is limited to 254. (Node numbers 0 and 255 are reserved.)
Note AppleTalk supports nonextended networks only for ARCnet networks. The user must ensure that AppleTalk is bound to an ARCnet interface using only the nonextended network type.
5c. Select Provide Applications on this Interface and Applications Zone Name if you want application support through the interface when the internal network is disabled.
You can provide application support through the internal network or the LAN interface. You can configure application support through the interface only when the internal network is disabled. You can select only one LAN interface to provide AppleTalk application support.
266 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
int-
the
r to and 7,
For more information about internal networks, refer to Novell Internet Access Server 4.1 Routing Concepts .
If you want to configure other parameters, do so now. When you are finished, complete Step 6 and Step 7 .
6. If you want to save these changes, press Esc to exit AppleTalk, select Yes to save your changes, then press Esc again to return to the Internetworking Configuration menu.
7. If you want these changes to take effect immediately, select Reinitialize System from the Internetworking Configuration menu. Select Yes when prompted.
Configuring AppleTalk for WAN Connections
AppleTalk supports the following WAN connections:
• Permanent and on-demand unnumbered point-to-point links
• Permanent numbered point-to-point links
• Permanent multiaccess links
We recommend selecting unnumbered point-to-point WAN connections. Multiaccess and numbered point-to-point links are offered mainly to allowinteroperability with other router vendors that do not offer unnumbered poto-point mode.
To configure AppleTalk to run over a WAN connection, you must complete following tasks:
1. Configure the WAN interface you are using for your connection.
For information about setting up PPP and PPP/ISDN interfaces, refeChapter 3, “Configuring Permanent PPP Connections,” on page 51 Chapter 4, “Configuring On-Demand PPP Connections,” on page 69For information about configuring WAN protocols, refer to Chapter 1“Configuring NetWare Link/ATM,” on page 391 ; Chapter 18, “Configuring Frame Relay Network Access,” on page 397 ; and Chapter 19, “Configuring NetWare Link/X.25,” on page 407
2. Configure the WAN call destination for your WAN connection.
Chapter 12: Configuring AppleTalk 267
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
1
)
o
-
d nd
st cted
For information about setting up permanent WAN call destinations, refer to Chapter 3, “Configuring Permanent PPP Connections,” on page 5
For information about setting up on-demand WAN call destinations, refer to Chapter 4, “Configuring On-Demand PPP Connections,” on page 69
3. Configure the basic AppleTalk options, such as Type of Packet Forwarding , Filtering Support , and Internal Network , if necessary.
For information about these AppleTalk options, refer to “ConfiguringBasic AppleTalk Parameters” on page 259
4. Configure the following AppleTalk options, if necessary:
a. Static Routes for On-Demand Calls , if you are setting up AppleTalk over an on-demand WAN connection.
b. Expert Configuration Options , if your configuration involves a WAN connection (frame relay, X.25, ATM, or other WAN mediaover which AppleTalk for NetWare interoperates with another vendor's AppleTalk implementation.
5. Bind AppleTalk to a WAN interface, including the following options:
a. WAN Network Mode , to establish whether this is a numbered point-to-point, unnumbered point-to-point, or multiaccess interface. Numbered point-to-point and multiaccess modes areoffered mainly to allow interoperability with other vendors that dnot offer unnumbered point-to-point mode.
b. AppleTalk Network Type , which is required for numbered point-topoint and multiaccess interfaces. Select NonExtended or Extended , depending on the other vendor's implementation of AppleTalkover that WAN media.
c. Network Range/Number , to specify the network range for extended networks or a single network number for nonextendenetworks. This parameter is used for numbered point-to-point amultiaccess configuration.
d. Local AppleTalk Address and Zone List , to identify this WAN interface. Each numbered point-to-point or multiaccess link muhave a unique address. This parameter is active only if you selenumbered point-to-point or multiaccess as the WAN Network Mode .
268 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
e. WAN Call Destinations , which can be any one of three types: permanent automatic, permanent manual, or on-demand. If the link is permanent automatic, the list includes WAN call destinations that should make the call automatically when the router comes up and/or the remote node address of the WAN call destination peer. For on-demand calls, the list includes WAN call destinations and static routes for the WAN call destinations for unnumbered point-to-point interfaces.
f. Negotiation , to negotiate the RTMP updates interval for this interface. If set to Yes , this interface will negotiate all incoming calls using the Routing Update Timer value specified in the next field. Any manual calls that are not configured in this interface’s peer list, but are executed through the Call Manager utility (CALLMGR), will use the setting of the Negotiation and Routing Update Timer fields as defined here.
If this is a link to a remote Novell Internet Access Server 4.1 peer, set the Negotiation value to Yes . In most cases, third-party vendors might not understand our negotiation packet; therefore, setting the Negotiation value to No and specifying a value for the Routing Update Timer will force this interface to transmit RTMP packets within the specified time without going through the negotiation process.
g. Routing Update Timer , to specify the number of seconds between updates of the routing table. The called and calling routers should be configured to use the same value. If they have different values, the shorter time is used. Note that using a long time value results in a prolonged route convergence time.
Configuring AppleTalk for a Permanent Connection
A permanent call is always active between the local router and the remote peer router associated with a WAN call destination. The call remains active until AppleTalk is unbound from the board, or until the call is disconnected using CALLMGR from the calling router. If the disconnect is initiated from the called router, the calling router will try to reestablish the call if the call’s Retry Mode parameter is set to Retry All Failures . For a detailed discussion of the options for the Retry Mode parameter in the WAN Call Destination configuration menu, refer to the previous WAN Call Destination chapter. If the connection fails at the initial call attempt, the calling router immediately tries to establish the call again.
Chapter 12: Configuring AppleTalk 269
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
s s are
st
To configure AppleTalk for a permanent WAN connection, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing
2. Configure the basic AppleTalk options.
For information about the basic AppleTalk configuration options, refer to “Configuring Basic AppleTalk Parameters” on page 259
3. Bind AppleTalk to a WAN interface or a group interface.
For information about binding AppleTalk for a permanent WAN connection, refer to “Binding AppleTalk to a WAN Interface” on page 276
If you want to configure other parameters, do so now. When you arefinished, complete Step 4 and Step 5 .
4. If you want to save these changes, press Esc to exit AppleTalk, select Yes to save your changes, then press Esc again to return to the Internetworking Configuration menu.
5. If you want these changes to take effect immediately, select Reinitialize System from the Internetworking Configuration menu. Select Yes when prompted.
Configuring AppleTalk for an On-Demand Connection
An on-demand call is a WAN connection between two routers that becomeactive only when one router must send data to the other. On-demand callwell-suited for occasional use, to save money on connections that use expensive telecommunications carriers and for slow links over which it is undesirable to exchange routing traffic.
If you want to use an on-demand call instead of a permanent call, you mucomplete the following tasks:
• Enable Static Routes for On-Demand Calls in the AppleTalk Protocol Configuration menu.
• Select a WAN call destination of call type on-demand.
270 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
on.
tatic -
red d
oint r to
to
ure
• Configure at least one static route for the on-demand WAN connecti
AppleTalk does not send routing traffic across an on-demand call. Instead, you must configure static routes to run an on-demand WANconnection. Static routes inform AppleTalk which networks are reachable and how to forward packets to those destinations.
When AppleTalk receives a packet for a destination specified as a sroute, it initiates the on-demand call and forwards the packet. For ondemand calls to work successfully, both ends of the link for a configucall must configure a call to each other. Each call must be configurewith enough static route information to send and receive AppleTalk packets between the routers at both ends.
On-demand connections are supported only on the unnumbered point-to-pWAN network mode. To select and configure the WAN network mode, refe“Configuring the WAN Network Mode” on page 272
Note You cannot configure on-demand connections for frame relay.
To configure AppleTalk for an on-demand WAN connection, complete thefollowing steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing
2. Configure the basic AppleTalk options.
For information about the basic AppleTalk configuration options, refer“Configuring Basic AppleTalk Parameters” on page 259
3. Enable Static Routes for On Demand Calls .
This selection activates static routes for AppleTalk. It lets you configstatic routes for each WAN call destination in the binding menu.
4. Press Esc to exit the AppleTalk Protocol menu. Save your changes when prompted.
5. Select WAN Call Directory .
6. Press Ins . Enter a Call Destination Name .
Chapter 12: Configuring AppleTalk 271
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
51
to
y,
7. In the Call Type field in the WAN Call Destination configuration menu, select On-Demand .
Note When configuring an on-demand call or a permanent call that can be initiated by either end of the connection, enable inbound authentication on the network interface as described in the chapter that explains how to configure the WAN protocol you are using. This allows AppleTalk to identify the remote system making the inbound call and to associate that call with the outbound WAN call destination.
Depending on the type of WAN connection, consult one of the following chapters for more information about WAN call destination configuration:
• For more information about PPP or PPP/ISDN, refer to either Chapter 3, “Configuring Permanent PPP Connections,” on pageor Chapter 4, “Configuring On-Demand PPP Connections,” onpage 69
• For more information about ATM, refer to Chapter 17, “Configuring NetWare Link/ATM,” on page 391
• For more information about X.25, refer to Chapter 19, “Configuring NetWare Link/X.25,” on page 407
8. Bind AppleTalk to a WAN interface or an Interface Group.
For information about binding AppleTalk for an on-demand WAN connection and configuring static routes, refer to “Binding AppleTalka WAN Interface” on page 276
If you want to configure other parameters, do so now. When you arefinished, complete Step 9 and Step 10 .
9. If you want to save these changes, press Esc to exit the WAN Call Directory menu, select Yes to save your changes, then press Esc again to return to the Internetworking Configuration menu.
10. If you want these changes to take effect immediately, select Reinitialize System from the Internetworking Configuration menu. Select Yes when prompted.
Configuring the WAN Network Mode
The WAN network mode governs how AppleTalk operates over a WAN connection. Depending on which WAN medium you use—ATM, frame rela
272 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
can
ty Talk -
are o-tion the
o-ote
this
X.25, PPP, or PPP/ISDN—and how you want to use the connection, you use any of the following network modes:
• Unnumbered point-to-point
We recommend this mode, unless you are connecting to a third-parrouter that does not support it. This mode does not require an Applenetwork address for the interface. You can use unnumbered point-topoint mode with any WAN medium that supports single or multiple connections to remote peer routers.
• Numbered point-to-point
Numbered point-to-point is used with PPP and PPP/ISDN when youconnecting to other vendors that do not support unnumbered point-tpoint. Numbered point-to-point supports a single permanent connecto a remote system, such as a link between a local branch office andmain office.
• Multiaccess
Multiaccess is used with ATM, frame relay, and X.25 when you are connecting to other vendors that do not support unnumbered point-tpoint. Multiaccess supports multiple simultaneous connections to rempeer routers.
Table 12-1 indicates the supported mode for each network medium. Usetable as a guide when you are choosing a network mode for your WAN connections.
Chapter 12: Configuring AppleTalk 273
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Table 12-1WAN Media, Call Types, and Compatible WAN Network Modes
Table 12-2 lists the vendors and WAN media with which AppleTalk WAN connections can interoperate.
WAN Network Mode
WAN Medium WAN Call Type Unnumbered Point-to-Point
Numbered Point-to-Point
Multiaccess
ATM Permanent X X
On-Demand X
PPP Permanent X X
On-Demand X
PPP/ISDN Permanent X X
On-Demand X
X.25 Permanent X X
On-Demand X
Frame relay Permanent X X
274 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Table 12-2AppleTalk WAN Vendor Interoperability
WAN Medium WAN Network Mode AppleTalk Network Type
Vendor Interoperability
PPP Unnumbered point-to-point
Nonextended # 3Com, NetWare MultiProtocol Router 3.1, NetWare MultiProtocol Router 3.0
Numbered point-to-point
Nonextended Bay Networks, NetWare MultiProtocol Router 3.1, NetWare MultiProtocol Router 3.0
Extended Cisco, 3Com
X.25 Unnumbered point-to-point
Nonextended # 3Com, NetWare MultiProtocol Router 3.1, NetWare MultiProtocol Router 3.0
Multiaccess Nonextended Cisco, NetWare MultiProtocol Router 3.1, NetWare MultiProtocol Router 3.0
Extended Cisco, 3Com
Frame relay Unnumbered point-to-point
Nonextended # 3Com, NetWare MultiProtocol Router 3.1, NetWare MultiProtocol Router 3.0
Multiaccess Nonextended Cisco
Extended Cisco, 3Com
Chapter 12: Configuring AppleTalk 275
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
o
Note The latest releases of router software from third-party router vendors might have better interoperability than is indicated in Table 12-2 .
Binding AppleTalk to a WAN Interface
To configure the WAN network mode and bind AppleTalk to a WAN interface, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing
2. Configure the basic AppleTalk options.
For information about the basic AppleTalk configuration options, refer to “Configuring Basic AppleTalk Parameters” on page 259
3. Select Bindings from the Internetworking Configuration menu, then press Ins .
The Protocol-to-Interface/Group Bindings menu displays a list of theconfigured bindings that includes the following information:
• Protocol —Name of the protocol.
• Interface/Group —Name of the interface or the interface group twhich the protocol is bound.
# If Unnumbered Point-to-Point WAN Network mode is selected, the nonextended AppleTalk network type is automatically configured.
WAN Medium WAN Network Mode AppleTalk Network Type
Vendor Interoperability
276 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
d
or
de
ted
an
ore
• Status —Current status of the binding. The status can be togglebetween Enabled and Disabled by pressing Tab .
• Identifier —Network address, type of network, type of interface, type of connection associated with the interface to which the protocol is bound.
If you are changing an existing binding, select that entry, press Enter , then continue with Step 7 .
If you are creating a new binding to a WAN interface, press Ins . A new screen displays a list of the configured protocols, which should incluAppleTalk. Continue with Step 4 .
4. Select AppleTalk from the list, then press Enter .
A screen is displayed that asks if you want to bind AppleTalk to a particular network interface or to each interface in a group.
5. Select A Network Interface , then press Enter .
A new screen displays a list of the configured WAN interfaces.
6. Select a WAN interface from the list, then press Enter .
A new menu displays parameters for binding AppleTalk to the selecWAN interface.
7. Select WAN Network Mode. Then select the mode for this connection.
Select Unnumbered Point to Point, unless you must allow interoperability with a system that does not support this mode. You cselect Multiaccess only if you are using ATM, frame relay, or X.25.
Refer to Table 12-1 on page 274 and Table 12-2 on page 275 for minformation about when each WAN network mode can be used.
If you select Numbered Point to Point or Multiaccess , configure the AppleTalk Network Type , Network Range/Number, Local AppleTalk Address , and Zone Name parameters for the interface as follows:
7a. Select AppleTalk Network Type and press Enter . Select NonExtended or Extended , depending on the other vendor’s implementation of AppleTalk over the WAN media used, then press Enter .
Chapter 12: Configuring AppleTalk 277
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
7b. Select Network Range/Number and press Enter . Enter your network number, then press Enter .
The network range/number must be the same for all peers, and the node number must be unique among peers. Select Yes to save your changes.
7c. Select Local AppleTalk Address and press Enter . Enter the AppleTalk address and node number for this WAN interface, then press Enter .
7d. Select Zone List and press Enter . Press Ins , enter a zone name, then press Enter .
Repeat this step to enter additional zone names as required.
8. Skip WAN Call Destinations for now, select Negotiation , and press Enter . Select No and press Enter again.
Setting this value to No , and specifying a value for the Routing Update Timer parameter that follows, forces this interface to transmit RTMP packets within the specified time without going through the negotiation process. Any manual calls that are not configured in this interface’s peer list, but executed through CALLMGR will use the setting of the Negotiation and Routing Update Timer fields as defined here.
9. Select Routing Update Timer , enter a value, and press Enter .
This value specifies the number of seconds between updates of the routing table. The called and calling routers should be configured to use the same value. If they have different values, the shorter time is used. Note that using a long time value results in a prolonged route convergence time. The range of values is 10 through 1,800 seconds. The default value is 10 seconds.
10. Select WAN Call Destinations , then press Enter to specify the WAN call destination that you want this interface to establish.
Note You do not need to configure WAN call destinations for routers that receive only permanent calls. For on-demand call configuration, each router must have a call configured to the other router with static routes for the packets to go out and return.
For permanent calls using numbered point-to-point, unnumbered point-to-point, or multiaccess interfaces, press Ins, then configure the following parameters for the WAN destination peer with which you want to establish a connection:
278 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
lls
r
s
ou
n uld es, lts
nly
on-
• WAN Call Type —select Automatic or Manual . Automatic calls are placed automatically when the router is started. Manual caare placed through CALLMGR.
Note The Network Number and Node Number are required only for numbered point-to-point interfaces.
• Network Number —enter the network number of the remote peefor this WAN interface.
For an extended network, enter a network number within the Start of Network Range and the End of Network Range as specified in the Binding AppleTalk to a WAN Interface menu Step 7b on page 278 .
For a nonextended network, enter the same network number aspecified in the Binding AppleTalk to a WAN Interface menu.
• Node Number —enter the node number of the peer.
• Configure the Negotiation and Routing Update Timer parameters for the WAN call destination, if necessary. We recommend that yleave these values at their default settings.
Set Negotiation to No when the peer on the other side of the connection is not an AppleTalk for NetWare router.
• Routing Update Timer —specify the number of seconds betweeupdates of the routing table. The called and calling routers shobe configured to use the same value. If they have different valuthe shorter time is used. Note that using a long time value resuin a prolonged route convergence time.
For on-demand calls using an unnumbered point-to-point interface, configure the following parameters for the WAN call destination that you want this interface to establish:
You must first pick an on-demand call destination from the list of configured WAN call destinations. On-demand calls are supported oon unnumbered point-to-point WAN links to a remote peer. For on-demand connections, you must enable static route configuration andconfigure the appropriate static routes.
• Press Ins in the Unnumbered Point-to-Point WAN Call Destination screen to select a WAN call destination of call type demand, then press Enter .
Chapter 12: Configuring AppleTalk 279
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
nd
ded
you
ces
ure
The WAN Call Type is automatically set to on-demand when you select an on-demand WAN call destination.
• Select Static Routes , then press Enter .
Press Ins to enter a static route. The Static Routes for On-DemaCalls screen is displayed. Configure the following static route parameters:
AppleTalk Network Type —Press Enter , select Extended or NonExtended depending on the network type of the destinationnetwork that you are configuring, then press Enter again.
Network Range/Number —Press Enter , specify the network rangefor extended networks or a single network number for nonextennetworks, then press Enter again.
Hops to Network —Press Enter , specify the number of hops between this router and the destination network, then press Enter again.
Each router the packet goes through is one hop.
Network Zone(s) List —Press Enter , then press Ins , add a zone, then press Enter again. Repeat this procedure until you have entered all the zones on the destination network.
To add more static routes, press Ins in the Static Routes for On-Demand Calls screen and repeat the above procedure. When are finished, complete Step 11 and Step 12 .
11. If you want to save these changes, press Esc , select Yes to save your changes, then press Enter .
You must do this four times to return to the Internetworking Configuration menu.
12. If you want these changes to take effect immediately, select Reinitialize System from the Internetworking Configuration menu. Select Yes when prompted.
Using Interface Groups
An interface group is a grouping of several PPP, PPP/ISDN, or X.25 interfawith similar characteristics. Interfaces that belong to a group can be usedinterchangeably by a WAN call. Interface groups are defined during configuration of PPP or X.25 interfaces that belong to the group. To config
280 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
WAN interfaces, load NIASCFG and select Configure NIAS > Protocols and Routing > Network Interfaces .
Defining an interface group lets you make a permanent or an on-demand call on any of several network interfaces without creating an individual WAN call destination for each interface. When an interface group name is specified in place of the interface name in the WAN call destination, an available interface is selected automatically from the group when a call is made.
Interface groups are used for permanent or on-demand connections for X.25, PPP, and PPP/ISDN. You can bind AppleTalk to interfaces that belong to an interface group only for the unnumbered point-to-point network mode.
Backup calls can be configured with interface groups. However, all backup calls that are part of an interface group must be configured as permanent calls using PPP. The primary call associated with each backup call must also be permanent but can use any WAN medium supported by Novell Internet Access Server 4.1. For information about configuring backup calls, refer to Chapter 5, “Configuring Backup Calls,” on page 85
Important All AppleTalk bindings to interfaces in the same group must have the same configuration. When you bind AppleTalk to an interface in a group, you must make sure that the settings for that binding are the same as the settings for every other binding to interfaces that belong to that group. The WAN network mode must be set to Unnumbered Point-to-Point .
Chapter 12: Configuring AppleTalk 281
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
282 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
13 Con
figuring IP Tunnels for IPX and AppleTalkThis chapter describes IP tunneling , the method by which two or more
P/IP he
TCP/
cess
n
e
AppleTalk or Internetwork Packet ExchangeTM (IPXTM ) networks exchange packets through an IP network. This chapter contains the following sections:
• “IP Tunneling for IPX” on page 283
• “IP Tunneling for AppleTalk” on page 291
IP Tunneling for IPX
IPX uses the Open Data-Link InterfaceTM (ODITM ) interface to pass packets through the IP tunnel. The IP tunnel sends each IPX packet across the TCnetwork by encapsulating it in a User Datagram Protocol (UDP) packet. Ttunnel driver at the destination router removes the UDP header from eachincoming packet and passes it through ODI to IPX.
Encapsulating IPX packets in IP packets enables them to go through any IP supported media, such as Ethernet or token ring.
The TCP/IP network is the medium . The IP address is the immediate address , which performs the same function in the TCP/IP medium as the media accontrol (MAC) address performs in the Ethernet medium.
The Novell® Internet Access Server 4.1 routing software provides the following IP tunnel drivers:
• IPRELAY —WAN driver that models the IP internetwork as a collectioof point-to-point permanent virtual circuits (PVCs) to tunnel IPX packets.
• IPTUNNEL —LAN driver that models the IP internetwork as a singlIPX LAN to tunnel IPX packets.
Chapter 13: Configuring IP Tunnels for IPX and AppleTalk 283
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
-
n can for
ork
ate s a al
To configure your router to use an IP tunnel, IP must be loaded and bound to the interfaces you plan to use. The IP tunnel requires local IP addressing information and can fail if IP is not bound to the network interface. For basic IP configuration procedures, refer to “Configuring IP” on page 199
The IPRELAY Driver
The IPRELAY driver is a WAN driver that simulates a collection of point-topoint PVCs between routers. Each end point of each connection is an IP address. To establish a connection, only one side of the PVC must be configured. As long as one of the routers is aware of its peers, a connectiobe made with those peers. A WAN call destination is created automaticallyeach IP peer.
The IPTUNNEL Driver
You can also use the IPTUNNEL driver to enable IPX to use a TCP/IP netwto communicate with other IPX nodes. You configure IPTUNNEL from theNovell Internet Access Server Configuration utility (NIASCFG) or from thecommand line.
The IPTUNNEL driver enables IPX to use a TCP/IP network to communicwith other IPX nodes. The IPTUNNEL driver models the IP internetwork asingle IPX LAN. To IPX, IPTUNNEL performs the same functions as a typicNetWare® LAN driver. The TCP/IP network operates as if it were a hardware network, passing packets among the IPX nodes connected to it.
IPTUNNEL is compatible with the Schneider & Koch SK-IPX/IP Gateway, which provides NetWare 2 compatibility. IPTUNNEL also serves workstations using either the Novell IP tunnel workstation driver, a component of the LAN WorkPlace® for DOS software, or the Schneider & Koch end node product for DOS.
When configuring the IP tunnel, you supply the IP addresses of other IPX routers that you plan to include in the tunnel. These other IPX routers are known as peers . Whenever IPX broadcasts a packet, the IP tunnel duplicates the packet and sends a copy to each peer.
To exchange routing and service information between IPX routers, IPX depends on broadcasting messages to every other NetWare server connected to the medium. However, because broadcast facilities are limited in TCP/IP
284 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
networks, IPTUNNEL must handle broadcast traffic by duplicating the packet and sending a copy to each peer router.
IPTUNNEL presents a standard ODI driver interface to the NetWare system and handles IPX traffic like any other driver. You load the driver like any other, and then bind IPX to it to instruct IPX to receive and route packets over the TCP/IP network.
Important You should configure any connected group of peers so that all servers in the group have the IP addresses of all other servers in the group. Other configurations are possible but not recommended; they frequently create confusing—and often surprising—IPX routing topologies.
Compatibility Between IPTUNNEL and IPRELAY
IPRELAY is compatible with IPTUNNEL. IPRELAY accepts packets from a LAN set up with IPTUNNEL as long as one of the routers on the LAN is running RIP.
Because IPRELAY allows point-to-point connectivity with the NetWare Link Services ProtocolTM (NLSPTM ) software, NLSP operates more efficiently with IPRELAY than with IPTUNNEL. NLSP operates reliably over point-to-point connections; therefore, it has lower periodic traffic requirements.
Because IPRELAY works like any WAN driver, you can initiate and terminate IPRELAY connections from the Call Manager utility (CALLMGR). You can also use CALLMGR to reestablish lost IPRELAY connections. Additionally, CALLMGR identifies IPRELAY-to-IPTUNNEL connections with a (T) next to the remote peer IP address.
How to Configure IPRELAY
Before you begin, you must make sure TCP/IP is enabled and bound to the interface.
To configure the IPRELAY tunnel, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > IPX
2. Set the Tunnel IPX Through IP parameter to Enabled .
Chapter 13: Configuring IP Tunnels for IPX and AppleTalk 285
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
3. Select Tunnel Configuration .
4. Add remote peers to the tunnel by selecting Remote Peers, then pressing Ins .
The Insert New Remote Peer Address screen is displayed.
5. Type the remote peer IP address.
This parameter adds an IP address to the peer list. If this parameter is not set, no peer is added. This is the most important parameter for a router that initiates connections.
6. Press Esc to return to the Tunnel Configuration menu.
7. If needed, configure the Transport Time parameter.
If workstation connections fail because a server does not respond, increase this parameter. Select any value between 1 and 65535.
Warning Do not change the User Datagram Protocol (UDP) port number. If the remote peer router is running IPTUNNEL, the local router automatically uses 213, an officially assigned UDP port number for IPX packets. If both routers are running IPRELAY, the local router automatically uses 2010. If you enter your own port number, the routers might not be able to communicate over the tunnel.
The UDP Checksum should also not be changed from the default option (Enabled ). The UDP checksum improves data reliability.
8. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
9. If you want these changes to take effect immediately, restart the router.
If you want to configure other parameters, do so now, then restart the router when you are finished.
How to Configure IPTUNNEL from NIASCFG
Before you configure IPTUNNEL, you must make sure that TCP/IP is enabled and bound to the interface.
To configure the IPTUNNEL driver, complete the following steps:
286 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
hat
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Boards > Press Ins
2. Select IPTUNNEL from the list.
The Board Configuration menu is displayed.
3. Configure the Board Name parameter.
4. Enter a valid address for the Peer IP Address parameter.
If this parameter is not present, no peer is added. This is the most important parameter.
5. If needed, enter a value for the Local IP Address parameter.
For IPX routing to work correctly, the IP tunnel must use a single local IP address consistently. The default value is the IP address of the first interface to which TCP/IP was bound.
6. Set the UDP Checksum parameter to Yes .
Enabling this parameter improves data reliability.
7. If needed, enter a value for the UDP Port parameter.
If you must communicate with nodes using products prior to Schneider & Koch SK-IPX/IP version 1.3, you can use port=59139. Otherwise, use the default value of 213, which is the officially assigned UDP port for IPX packets.
8. Press Esc .
The new board appears at the end of the list on the Configured Boards screen.
9. Press Esc to return to the Internetworking Configuration menu.
10. Configure IPX and bind it to IPTUNNEL.
For information about configuring various IPX functions, refer to Chapter 8, “Configuring IPX,” on page 121 Perform the procedures tapply to your situation.
Chapter 13: Configuring IP Tunnels for IPX and AppleTalk 287
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
, IP
11. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
12. If you want these changes to take effect immediately, restart the router.
If you want to configure other parameters, do so now, then restart the router when you are finished.
How to Configure IPTUNNEL for Multiple Peers
Figure 13-1 shows how IPTUNNEL enables three NetWare servers—A, Band C—to communicate over IPX network 95 as an IP tunnel through an internetwork.
Important IPTUNNEL duplicates and transmits every IPX broadcast packet in a UDP packet to each remote peer in a peer group. Because this can create a large amount of traffic on the network, you should have no more than 10 peers for any one node. We recommend that you use IPRELAY with NLSP for situations with more than 10 peers.
To configure IPTUNNEL for multiple peers, you must use LOAD and BINDcommands from the command line as described below. The following commands are for the configuration example shown in Figure 13-1 .
288 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Figure 13-1
IPTUNNEL Configuration for Three Peers
To configure IPTUNNEL on Server A, you enter the following commands at the Server A console:
LOAD IPTUNNEL PEER=129.1.0.7LOAD IPTUNNEL PEER=192.1.1.96BIND IPX to IPTUNNEL NET=95
The first two commands load IPTUNNEL and add entries on Server A for peer IP addresses 129.1.0.7 (Server B) and 192.1.1.96 (Server C). The third command binds IPX to IPTUNNEL.
To configure IPTUNNEL on Server B, you enter the following commands at the Server B console:
LOAD IPTUNNEL PEER=1.0.0.3LOAD IPTUNNEL PEER=192.1.1.96BIND IPX to IPTUNNEL NET=95
The preceding commands are almost identical to those in the Server A configuration. These commands add entries for peer IP addresses 1.0.0.3 (Server A) and 192.1.1.96 (Server C) and bind IPX to IPTUNNEL.
IPX NetworkNetwork Number = 96
Server AIP Address = 1.0.0.3
IP Tunnel
IPX NetworkNetwork Number = 97
Server CIP Address = 192.1.1.96
Server BIP Address = 129.1.0.7
IP Internetwork
IPX Network: Network Number = 95
Chapter 13: Configuring IP Tunnels for IPX and AppleTalk 289
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
on, h s, d.
To configure IPTUNNEL on Server C, you enter the following commands at the Server C console:
LOAD IPTUNNEL PEER=1.0.0.3LOAD IPTUNNEL PEER=129.1.0.7BIND IPX TO IPTUNNEL NET=95
The preceding commands are almost identical to those in the Server B configuration. These commands add entries for peer IP addresses 1.0.0.3 (Server A) and 129.1.0.7 (Server B) and bind IPX to IPTUNNEL.
If needed, you can configure additional parameters with the LOAD IPTUNNEL command using the following format:
LOAD IPTUNNEL [PEER=remote IP address ][LOCAL=local IP address ] [CHKSUM={YES|NO}][PORT=UDP port number ] [SHOW={YES|NO}]
The NIASCFG parameters that are equivalent to the PEER , LOCAL , CHKSUM , and PORT parameters are explained in “How to Configure IPTUNNEL from NIASCFG” on page 286
The PEER parameter is equivalent to the Peer IP Address NIASCFG parameter.
The LOCAL parameter is equivalent to the Local IP Address NIASCFG parameter. If you configure IPTUNNEL from the command line, use the LOCAL parameter only with the first LOAD IPTUNNEL command.
The CHKSUM parameter is equivalent to the UDP Checksum NIASCFG parameter.
The PORT parameter is equivalent to the UDP Port NIASCFG parameter. If you configure IPTUNNEL from the command line, use the PORT parameter only with the first LOAD IPTUNNEL command.
Note If you configure IPTUNNEL for multiple peer routers, use the LOCAL and PORT parameters only with the first LOAD IPTUNNEL command.
The SHOW parameter, available only with the command-based configuratidisplays an IPTUNNEL configuration summary. If you load IPTUNNEL witSHOW set to YES (the default), the command displays the local IP addresthe UDP port used, the peer list, and whether UDP checksums are enable
290 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
rk
nk, ty ing
be lk,
P et in
rs
IP Tunneling for AppleTalk
The AppleTalk Update-Based Routing Protocol (AURP) provides two features:
• Tunneling AppleTalk packets through an IP internetwork
• Exchanging routing information only when a change occurs in netwotopologies
If you need to connect two sites using a low bandwidth and costly WAN liusing AURP is the more economical way to provide AppleTalk connectivibetween the two sites. Because less bandwidth is used to exchange routinformation, more bandwidth can be used to carry user data.
To configure AppleTalk to use the IP tunnel, AppleTalk and TCP/IP must enabled. For more information about configuring IP tunneling for AppleTarefer to Chapter 11, “Configuring IP,” on page 199 and Chapter 12, “Configuring AppleTalk,” on page 255
Tunneling AppleTalk Packets
AppleTalk for NetWare uses AURP to encapsulate AppleTalk packets in Ipackets. The forwarding AURP router encapsulates each AppleTalk packUDP and forwards it to the next AURP router (using UDP port 387 with checksums). The receiving AURP router removes the UDP and IP headefrom the packet, then forwards it, like any other AppleTalk packet, to the destination AppleTalk network. For more information about AURP, refer toNovell Internet Access Server 4.1 Routing Concepts .
Figure 13-2 shows two isolated AppleTalk networks connected by an IP tunnel.
Chapter 13: Configuring IP Tunnels for IPX and AppleTalk 291
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Figure 13-2
IP Tunnel Connecting Two AppleTalk Networks
When configuring the IP tunnel for AURP, you supply the IP addresses of the AURP routers with which you plan to communicate. Generally, all AURP routers on an IP tunnel can communicate with one another. Each AURP router on a tunnel sends routing information about its local AppleTalk network to each of its peers on the tunnel. Because each AURP router is responsible for distributing its local network routing information, the receiving AURP routers on the tunnel do not need to forward the information to any of their AURP peer routers. This is similar to the operation of IPTUNNEL for IPX.
A fully connected tunnel is one in which all AURP routers on the tunnel are aware of and can communicate with one another. On a fully connected tunnel, the same number of routes should be reachable from each AURP router.
A partially connected tunnel is one in which not all AURP routers are aware of and can communicate with one another. A partially connected tunnel can provide network-level security. In a partially connected tunnel configuration, the routing tables on the different AURP routers can have different numbers of entries, and not all networks connected to these AURP routers are reachable by one another.
Important Partially connected tunnels can also be created accidentally if the router is not configured properly. For example, a network manager might create a partially connected tunnel accidentally by making an error when entering the list of peers with which the router should communicate.
IPX NetworkNetwork Number = 96
Server AIP Address = 1.0.0.3
IP Tunnel
IPX NetworkNetwork Number = 97
Server CIP Address = 192.1.1.96
Server BIP Address = 129.1.0.7
IP Internetwork
IPX Network: Network Number = 95
292 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
How to Configure AURP
When you enable AppleTalk, you can use the AppleTalk Configuration menu in NIASCFG to configure AURP to use the IP tunnel.
Before you begin, you must make sure TCP/IP is configured, enabled, and bound to at least one LAN or WAN interface before configuring AURP.
To configure AURP to use the IP tunnel, complete the following steps:
1. Load NIASCFG, then select the following path:
Select Configure NIAS > Protocols and Routing > Protocols > AppleTalk
2. Enable the Tunnel AppleTalk Through IP (AURP) parameter.
3. Select AURP Configuration .
The AURP Configuration menu is displayed.
The UDP Port is always set to 387, and the UDP Checksum is always enabled.
4. Enter a value for the Local IP Address parameter.
You select a unique address from a list of addresses with which other routers can establish connections.
5. Configure remote peers to which the router can tunnel AppleTalk packets.
5a. Select Remote Peers List and do one of the following:
If you are adding a new remote peer, press Ins.
If you are modifying an existing remote peer, select the peer from the list.
5b. Enter a valid address for the Remote IP Address parameter.
5c. Select Expert Options and configure the following parameters for each peer: Transmit Timeout , Maximum Transmit Retries , and Last Heard From Timeout Interval .
These parameters apply only to the peer being configured.
Chapter 13: Configuring IP Tunnels for IPX and AppleTalk 293
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
6. Press Esc until you return to the AURP Configuration menu.
7. Select Expert Options .
8. Configure the Routing Update Interval parameter.
This parameter applies to both configured and unconfigured peers.
9. If you want the router to accept connections from any peers that were not configured in Step 5 , configure the following Expert Options :
9a. Set the Connections From Unconfigured Peers parameter to Accept .
9b. Configure the Last Heard From Timeout Interval parameter.
This parameter applies to all unconfigured peers.
9c. Check the value of the Routing Update Interval parameter.
Verify that the value set for this parameter in Step 8 is acceptable for all unconfigured peers (and configured peers).
10. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
11. If you want these changes to take effect immediately, restart the router or select Reinitialize System .
Important If you make changes to any of the parameters for AURP peers, reinitializing the system will cause all AURP peers connected to the router to disconnect and reconnect.
If you want to configure other parameters, do so now, then restart the router or reinitialize the system when you are finished.
Note Do not bind AppleTalk to the interface you want to use as the IP tunnel. AURP uses the interface to which TCP/IP is bound as the IP tunnel. You can, however, bind AppleTalk to other interfaces.
294 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
14 Con
figuring Source Route BridgingNovell® Internet Access Server 4.1 includes source route bridging software
that enables you to link token ring networks and create an extended network. This functionality is compatible with the source route bridging mechanism used by IBM to handle the flow of data between token ring networks. Source route bridging allows end stations to discover routes dynamically and determine which one to use when sending data to a destination.Novell Internet Access Server 4.1 supports concurrent routing and bridging of all major protocols. Novell Internet Access Server 4.1 can be configured to route or bridge the TCP/IP, AppleTalk, and Internetwork Packet ExchangeTM (IPXTM ) protocols, and to bridge unroutable protocols such as IBM’s NetBIOS and SNA. Because you cannot bridge and route the same protocol on the same interface, Novell Internet Access Server 4.1 also provides a mechanism for automatically disabling bridging when routing is enabled.
Novell Internet Access Server 4.1 can also bridge over Point-to-Point Protocol (PPP), frame relay, and X.25 wide area telecommunications links. Multiple WAN links can be used to connect multiple remote sites or to create backup links between two locations, providing fault tolerance if one link fails.
The use of source route bridging prevents packets sent between end stations on the same ring from passing on to other connected rings. This prevents extraneous traffic across networks, increasing the available bandwidth on all networks. Performance can be further enhanced by limiting traffic through the use of custom filters that permit packets from certain stations to pass while blocking packets from others. Filters can also increase network security by not allowing users on one ring to access another ring that contains sensitive information.
As token ring networks have grown, they have become increasingly difficult to manage; the Novell source route bridge software supports the bridging Management Information Base (MIB) defined in RFC 1286. The standards-based Simple Network Management Protocol (SNMP) allows organizations to install equipment from multiple vendors and manage the entire network from one centralized monitoring console. Novell Internet Access Server 4.1 supports
Chapter 14: Configuring Source Route Bridging 295
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
of
ion ll
uses
the SNMP MIB variables as defined in RFC 1219, which can be managed using the Novell ManageWise® product or any other SNMP-based management console. When configured as a two-port local bridge, it can also be managed by IBM LAN Manager or IBM LAN Network Manager (which are different versions of the same product, both abbreviated as LNM).
This chapter includes the following sections:
• “Source Route Bridging Configuration Decisions” on page 296
• “Configuring Local Two-Port Bridging” on page 297
• “Configuring Remote Bridging” on page 299
• “Configuring Multiport Bridging” on page 303
• “Configuring Server-Based Bridging” on page 306
• “Configuring the Spanning Tree Protocol” on page 310
• “Configuring Source Route End Stations” on page 311
• “Configuring the Novell LNM Agent” on page 314
Source Route Bridging Configuration Decisions
Configuration decisions for source route bridging are determined by whichthe applications described in this chapter you need to implement. Each application of the source route bridge requires that certain configuration decisions must be made. Once you choose an application, the configuratinstructions describe the decisions that are required for that application. Adecisions about the virtual WAN ring, internal virtual ring, and SRBRIDGE.LAN driver are determined by the applications you choose.
It is likely that you will need to implement more than one application. To determine which applications to use, read the introductory information provided for each application. This information describes the benefits and of the applications.
296 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
sers
e of een d ou
l to
ork
, as
peed. en e a
e
Configuring Local Two-Port Bridging
When configured as a standalone two-port token ring bridge, Novell Internet Access Server 4.1 works like an IBM bridge. Local two-port bridging enables you to perform the following services:
• Replace existing bridges while adding a migration path to an environment with simultaneous bridging, routing, and NetWare® print and file services.
• Physically extend the length of a network or increase the number of ua network can support.
Token ring LANs are limited in the network's physical length and thenumber of supported nodes. Source route bridging limits only the sizthe network by the maximum number of allowed bridges (hops) betwany given source and destination nodes. Novell supports the IBM anIEEE 802.5 bridging standards for a seven-hop limitation and allows yto extend a Novell-bridged network up to a 13-hop limit.
• Partition your network into segments so that most traffic remains locathe segment.
This reduces the overall bandwidth used on all segments of the netwwhile still providing access to the rest of the bridged network. Segmentation can also be used to control access to certain rings ordepartments.
• Connect PC users on both 4-Mbps and 16-Mbps token ring networksshown in Figure 14-1 .
PC users on the same network segment must operate at the same sLinking LANs operating at different speeds is especially important whorganizations install newer 16-Mbps token ring networks but still havlarge number of 4-Mbps token ring networks.
• Enable the Novell LAN Network Manager (LNM) Agent to support thfollowing management server functions:
• LAN Reporting Mechanism (LRM)
• Ring Error Monitor (REM)
• Configuration Report Server (CRS)
• Ring Parameter Server (RPS)
Chapter 14: Configuring Source Route Bridging 297
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
• LAN Bridge Server (LBS)
Figure 14-1
Local Bridging Between 4-Mbps and 16-Mbps Token Ring Networks
For more information about two-port bridging, refer to Novell Internet Access Server 4.1 Routing Concepts or Novell Internet Access Server 4.1 Troubleshooting .
How to Configure Local Two-Port Bridging
Before you begin, you must configure two token ring boards.
To configure local two-port bridging, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > Source Route Bridge
2. Set the Bridge Status parameter to Enabled .
3. Assign a value to the Bridge Number parameter, press Enter , then press Esc to return to the Internetworking Configuration menu.
4. Bind the source route bridge software to each interface.
4a. Select Bindings and do one of the following:
If you are adding a new binding:
• Press Ins .
• Select Source Route Bridge .
• Select the interface to which you are binding the protocol.
4-MbpsToken Ring
16-MbpsToken Ring
Source Route Bridge
298 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
l
are
lly is ure
If you are modifying an existing binding, select the interface to which you are binding the protocol.
4b. Set the Ring Number parameter to the correct value for the token ring connected to the interface.
5. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
6. If you want these changes to take effect immediately, restart the router.
If you want to configure other parameters, do so now, then restart the router when you are finished.
Configuring Remote Bridging
Novell Internet Access Server 4.1 supports WAN bridging over PPP, frame relay, or X.25, allowing you to connect geographically dispersed LANs and further extend the distances over which devices can communicate.
Novell Internet Access Server 4.1 provides two methods of attaching to another bridge over a WAN link:
• Configuring the WAN link to function like a token ring network (virtuaWAN ring). This approach is used for the following reasons:
• To ensure interoperability of Novell Internet Access Server 4.1with another vendor's bridge over a WAN link
• To avoid configuring two half-bridges when both bridges run Novell Internet Access Server 4.1 software
The use of the virtual WAN ring in this case is optional, but it iseasier to configure than two half-bridges. Half-bridges must shthe same bridge number.
When a virtual WAN ring is used, both sides of the link must be configured with the same ring number. NIASCFG displays this manuaconfigured parameter. The main disadvantage of the virtual WAN ringthat it adds one hop to the route (half-bridges do not add a hop). Fig14-2 shows this extra hop.
• Configuring each side of the WAN link to operate as a half-bridge.
Chapter 14: Configuring Source Route Bridging 299
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
e
Because there is no standard for half-bridges, each vendor’s implementation is proprietary. Therefore, Novell’s half-bridge configuration option can be used only when both bridges run Novell Internet Access Server 4.1 software.
Figure 14-2
Remote Bridging Using the Virtual WAN Ring
For more information about remote bridging, refer to Novell Internet Access Server 4.1 Routing Concepts or Novell Internet Access Server 4.1 Troubleshooting .
Connecting a Bridge to Another Vendor’s Bridge
You can also use this procedure when both bridges run Novell Internet Access Server 4.1 software, but you do not want to configure two half-bridges.
How to Configure a Connection to Another Vendor’s Bridge
Before you begin, you must complete the following tasks:
• Configure a WAN board and interface.
• Configure and bind LAN interfaces as needed (refer to “How to Configure Local Two-Port Bridging” on page 298 ).
To configure bridging over a WAN to another vendor's bridge, complete thfollowing steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > Source Route Bridge
2. Set the Bridge Status parameter to Enabled .
Token Ring Source Route Bridge Token RingSource Route Bridge Virtual WANRing
300 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
e
e
3. Assign a value for the Bridge Number parameter, press Enter , then press Esc to return to the Internetworking Configuration menu.
4. Bind the source route bridge software to the WAN interface.
4a. Select Bindings and do one of the following:
If you are adding a new binding:
• Press Ins .
• Select Source Route Bridge .
• Select the interface to which you are binding the protocol.
If you are modifying an existing binding, select the interface to which you are binding the protocol.
4b. Set the Ring Number parameter to the correct value for the virtual WAN ring connected to the bridge.
4c. Set Virtual WAN Ring to On .
4d. Select the WAN call destination that connects the bridge to the other bridge (through the virtual WAN ring).
For information about defining WAN call destinations, refer to “Configuring Permanent PPP Connections” on page 51
5. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
6. If you want these changes to take effect immediately, restart the router.
If you want to configure other parameters, do so now, then restart throuter when you are finished.
Connecting a Bridge to Another Novell Source Route Bridge
To configure bridging over a WAN to another system running Novell sourcroute bridge software, it is usually easier to use half-bridges.
Note Because there is no standard for half-bridges, each vendor’s implementation is proprietary. Therefore, Novell’s half-bridge configuration option can only be used when both bridges run Novell source route bridge software.
Chapter 14: Configuring Source Route Bridging 301
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
How to Configure a Connection to Another Novell Source Route Bridge
Before you begin, you must complete the following tasks:
• Configure a WAN board and interface for each bridge.
• Configure and bind LAN interfaces as needed (refer to “How to Configure Local Two-Port Bridging” on page 298 ).
To configure bridging over a WAN to another Novell source route bridge, complete the following steps for each bridge:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > Source Route Bridge
2. Set the Bridge Status parameter to Enabled .
3. Assign a value to the Bridge Number parameter, press Enter , then press Esc to return to the Internetworking Configuration menu.
Both half-bridges must have the same bridge number.
4. Bind the source route bridge software to the WAN interface.
4a. Select Bindings and do one of the following:
If you are adding a new binding:
• Press Ins .
• Select Source Route Bridge .
• Select the interface to which you are binding the protocol.
If you are modifying an existing binding, select the interface to which you are binding the protocol.
4b. Set the Ring Number parameter to the correct value for the virtual WAN ring connected to the bridge.
4c. Set Virtual WAN Ring to On .
4d. Select the WAN call destination that connects the bridge to the other bridge.
302 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
e
n te ber,
ort
igure
For information about defining WAN call destinations, refer to “Configuring Permanent PPP Connections” on page 51
5. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
6. If you want these changes to take effect immediately, restart the router.
If you want to configure other parameters, do so now, then restart throuter when you are finished.
Configuring Multiport Bridging
Presently, most source route bridges support only two-port bridging. The reason is that the interface boards that specifically support source route bridging typically provide only for two-way bridging. In other words, they cabridge from only one source ring to a single destination ring. In source roubridging, each bridge hop is specified by a source ring number, bridge numand destination ring number. Because more than one destination ring is possible in a multiport bridge, the hardware cannot be configured to suppmultiport bridging directly. To overcome this limitation, Novell Internet Access Server 4.1 supports the use of a virtual internal ring, as shown in F14-3 .
Note Some vendors might provide boards without this limitation. If this is the case, and as long as all boards are from the same vendor, the source route bridge does not require the virtual internal ring.
Chapter 14: Configuring Source Route Bridging 303
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Figure 14-3
Using the Virtual Internal Ring to Support Three or More Interfaces
With the internal ring, any receiving interface has a virtual internal bridge associated with it (labeled virtual source route bridge in Figure 14-3 ). Each virtual internal bridge can pass packets from the external source ring to one destination ring (the virtual internal ring). Each forwarding interface can then bridge from the virtual internal ring to a single external destination.
Although virtual internal rings and virtual internal bridges have no corresponding physical devices, they appear in the routes specified in a frame’s routing information field. From the point of view of the software, they are treated as if they were actual rings and bridges. The additional logic needed to implement the virtual internal ring with multiple virtual internal bridges does not impact performance. In fact, by using the virtual internal ring, the bridging logic can take advantage of the hardware support on the interface boards and significantly improve overall bridge performance. However, configuring a virtual internal ring adds one hop to the route.
Token Ring Token RingVirtual InternalRing
Virtual Source Route Bridge
Virtual Source Route Bridge
Token Ring
Virtual Source Route Bridge
304 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
AN
or the
For more information about multiport bridging, refer to Novell Internet Access Server 4.1 Routing Concepts or Novell Internet Access Server 4.1 Troubleshooting .
How to Configure Multiport Bridging
Before you begin, you must complete the following tasks:
• Configure some combination of three or more token ring boards or Winterfaces.
• Configure a WAN call destination if you are using a WAN interface. Fmore information, refer to the chapter that describes how to configureWAN protocol that you are using.
To load the virtual internal ring, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > Source Route Bridge
2. Set the Bridge Status parameter to Enabled .
3. Assign a value to the Bridge Number parameter.
4. Assign a value to the Virtual Ring Number parameter to enable the internal virtual ring, press Enter , then press Esc to return to the Internetworking Configuration menu.
Warning If no ring number is configured for the virtual internal ring, binding to the board has no effect. Although NIASCFG allows you to bind to the board, the binding does not actually occur.
5. Bind the source route bridge software to each interface.
5a. Select Bindings and do one of the following:
If you are adding a new binding:
• Press Ins .
• Select Source Route Bridge .
• Select the interface to which you are binding the protocol.
Chapter 14: Configuring Source Route Bridging 305
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
e
al e
ach tocol hen
for
arate tual AN
X.
If you are modifying an existing binding, select the interface to which you are binding the protocol.
5b. For LAN interfaces, set the Ring Number parameter to the correct value for the token ring connected to the interface.
5c. For WAN interfaces, select the WAN call destination that connects the bridge to the other bridge.
For information about defining WAN call destinations, refer to “Configuring Permanent PPP Connections” on page 51
6. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
7. If you want these changes to take effect immediately, restart the router.
If you want to configure other parameters, do so now, then restart throuter when you are finished.
When the bridge protocol is attached to a LAN or WAN interface, the virtuinternal ring is automatically attached to the bridge. Each attachment of thbridge protocol to an interface essentially causes the creation of a virtual internal bridge for that interface.
Configuring Server-Based Bridging
Access to a NetWare application, such as print or file services or networkmanagement, usually requires that the appropriate protocol is routed on einterface that provides access to use that application. However, when a prois bridged on an interface, it cannot be routed on that interface. Therefore, wbridging is used, alternate access to the application is provided through avirtual internal ring. This principle applies to all NetWare applications andservices, including RCONSOLE, SNMP, NetWare for Macintosh, NetWare SAA*, and NetWare for NFS*.
The virtual internal ring is attached to each bridged interface through a sepvirtual internal bridge (as described in “Configuring Multiport Bridging” onpage 303 ). In this case, the required protocol must be attached to the virinternal ring through a virtual token ring board that uses the SRBRIDGE.Ldriver. The virtual board is then attached to the virtual internal ring automatically. Figure 14-4 shows an example of this configuration using IPNote that the two token rings might be part of a larger looped topology.
306 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Figure 14-4
Server-Based Bridging
Ensure that the necessary frame types are configured in NIASCFG when making attachments (bindings). The virtual token ring board uses the same two frame types that physical boards use:
• TOKEN_RING for IPX, NetWare for SAA, and NetBIOS
• TOKEN_RING-SNAP for TCP/IP, AppleTalk, and IPX
For more information about server-based bridging, refer to Novell Internet Access Server 4.1 Routing Concepts or Novell Internet Access Server 4.1 Troubleshooting .
How to Configure Server-Based Bridging
Before you begin, you must complete one of the following tasks:
• Configure any required token ring boards.
• Configure a WAN call destination if you are using a WAN interface.
Token Ring Token RingRing Virtual Source Route Bridge
Virtual Source Route Bridge
SRBRIDGE.LAN
IPX
Chapter 14: Configuring Source Route Bridging 307
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
wo
To configure bridging with access to applications, complete the following steps:
1. Load NIASCFG and configure the SRBRIDGE.LAN driver.
1a. Select Configure NIAS > Protocols and Routing > Boards and do one of the following:
If you are adding a new virtual board:
• Press Ins .
• Select SRBRIDGE from the Available Drivers list.
If you are modifying an existing virtual board, select the interface to which you are binding the protocol.
Note The SRBRIDGE.LAN driver replaces the VBRIDGE.LAN driver from previous NetWare routing software releases.
1b. Enter a name in the Board Name field that identifies the network interface, press Enter , then press Esc to return to the Internetworking Configuration menu.
Note Use of a SRBRIDGE virtual board adds only one node address to the source route bridge node table.
2. Select the following parameter path:
Select Protocols > Source Route Bridge
3. Set the Bridge Status parameter to Enabled .
4. Assign a value to the Bridge Number parameter.
5. If necessary, assign a value to the Virtual Ring Number to enable the internal virtual ring, press Enter , then press Esc to return to the Internetworking Configuration menu.
The internal virtual ring does not need a number unless more than tinterfaces are attached.
6. Bind each protocol you need to access applications to the SRBRIDGE driver by selecting Bindings and doing one of the following for each protocol:
If you are adding a new binding:
308 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
k
e
• Press Ins .
• Select the protocol.
• Select the SRBRIDGE driver from the list of configured networinterfaces.
If you are modifying an existing binding, select the SRBRIDGE driver to which you are binding the protocol.
Note SRBRIDGE automatically configures source route end station support.
7. Bind the source route bridge software to each LAN interface.
7a. Select Bindings and do one of the following:
If you are adding a new binding:
• Press Ins .
• Select Source Route Bridge .
• Select the interface to which you are binding the protocol.
If you are modifying an existing binding, select the interface to which you are binding the protocol.
7b. For LAN interfaces, set the Ring Number parameter to the correct value for the token ring connected to the interface.
7c. For WAN interfaces, select the WAN call destination that connects the interface to the token ring network.
For information about defining WAN call destinations, refer to “Configuring Permanent PPP Connections” on page 51
8. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
9. If you want these changes to take effect immediately, restart the router.
If you want to configure other parameters, do so now, then restart throuter when you are finished.
Chapter 14: Configuring Source Route Bridging 309
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Configuring the Spanning Tree Protocol
The Spanning Tree Protocol is used only when single-route explorer frames are used for route discovery. Novell’s default end station implementation originates a route discovery session by issuing a single-route explorer frame. When a bridge sends out a single-route explorer frame, it travels over a single route that is manually configured or automatically determined by the Spanning Tree Protocol.
The automatic mode provides the most efficient and dynamic way to determine a single route, because bridge interfaces reconfigure themselves automatically when other bridges fail. By configuring source route bridge interfaces in this way, they can automatically take advantage of the best available single route as other bridges go down or come up.
If you configure your network manually, you must ensure that there are no loops in the topology and that there is only one single-route path to any particular ring. Also, at least one single-route path must be configured for each ring to maintain connectivity. However, by carefully configuring the bridge interfaces in the network, you can create preferred routes for route determination, freeing rings whose operation is most sensitive from most explorer frame traffic.
By definition, a single-route explorer frame travels a single route to the destination. A forwarding interface passes all-routes explorer frames, single-route explorer frames, and specifically routed frames. A blocking interface passes all-routes explorer frames and specifically routed frames.
We strongly recommend that you use the Spanning Tree Protocol to configure your bridge interfaces automatically. For more information about the Spanning Tree Protocol, refer to Novell Internet Access Server 4.1 Routing Concepts .
How to Configure the Spanning Tree Protocol
Before you begin, you must configure one of the source route bridge application scenarios described in this chapter.
To configure the Spanning Tree Protocol, complete the following steps:
1. Load NIASCFG and configure the Spanning Tree Protocol for each source route bridge as follows:
1a. Select the following parameter path:
310 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
.
e
.1 is virtual
and . m
when
ing
Select Bindings > an existing binding to a source route bridged interface
1b. From the Binding Source Route Bridge to an Interface menu, configure the Spanning Tree Mode parameter by selecting one of the following modes:
• Select Automatic to configure your bridge interfaces automatically. This is the recommended and default setting
• Select Manual (Block) to disable the forwarding of single-route explorer frames.
• Select Manual (Forward) to enable the forwarding of single-route explorer frames.
• Select No Bridging to disable bridging between an interfaceand other interfaces. This is relevant only when the SRBRIDGE driver is loaded.
2. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
3. If you want these changes to take effect immediately, restart the router.
If you want to configure other parameters, do so now, then restart throuter when you are finished.
Configuring Source Route End Stations
Source route end stations are used when Novell Internet Access Server 4also used as a server to which source route clients are attached and the ring is not used. They are also used with a two-port bridge and IBM LNM support.
Source route bridging enables end stations to discover routes dynamicallydetermine which one to use when sending data to a particular destinationDepending on your network configuration and the route selection algorithused, several routes can be discovered for each destination. The source examines the available routes and then determines the best route to use sending data.
An end station can be configured to begin the route discovery process useither of the following methods:
Chapter 14: Configuring Source Route Bridging 311
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ame n its
o
hed
his utes
out at is ree
er the he
• Originating an all-routes explorer frame
When the source device sends out an all-routes explorer frame, the frrecords the numbers of all the rings and bridges it passes through oway to the destination.
When a bridge receives an all-routes explorer frame, it examines it tdetermine whether the frame has already been on any of the rings attached to the bridge. If the frame has not been on one of the attacrings, it is forwarded to that ring.
Because frames are not transmitted on rings on which they have previously traveled, no frame can follow the same route twice. With tmechanism, a frame is propagated in such a way that all possible roto a destination are discovered, but no routes containing loops are received by the destination.
For more information about all-routes explorer frames, refer to Novell Internet Access Server 4.1 Routing Concepts .
• Originating a single-route explorer frame
By default, Novell's end station implementation originates route discovery using single-route explorer frames. When the bridge sendsa single-route explorer frame, the frame travels over a single route thmanually configured or automatically determined by the Spanning TProtocol. This protocol uses the configuration of each bridge in the network to determine a single route.
With this method, the destination receives only one explorer frame, resulting in considerably less traffic than the use of all-routes explorframes. The destination replies with an all-routes explorer frame, andsource then chooses the best route from all the frames it receives. Tcriteria used are determined by the end station implementation.
For more information about single-route explorer frames, refer to Novell Internet Access Server 4.1 Routing Concepts .
For more information about source route end stations, refer to Novell Internet Access Server 4.1 Routing Concepts or Novell Internet Access Server 4.1 Troubleshooting .
How to Configure Source Route End Stations
Before you begin, you must configure any required token ring boards.
312 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
To configure a source route end station, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > Source Route End Stn
2. Select Enabled to enable the source route end station, press Enter , then press Esc to return to the Internetworking Configuration menu.
3. Bind the source route end station software to each interface.
3a. Select Bindings and do one of the following:
If you are adding a new binding:
• Press Ins .
• Select Source Route End Station .
• Select the interface to which you are binding the protocol.
If you are modifying an existing binding, select the interface to which you are binding the protocol.
3b. Select the type of route explorer frames (single or all) for the Send Frames with Unknown Address parameter.
Select Single Route Explorer Frame to limit explorer frame traffic.
3c. Select the type of route explorer frames (single or all) for the Send Broadcast Frames parameter.
Select Single Route Explorer Frame to limit explorer frame traffic.
3d. Select the type of route explorer frames (single or all) for the Send Multicast Frames parameter.
Select Single Route Explorer Frame to limit explorer frame traffic.
3e. Select the type of frame (all-routes explorer or specifically routed) for the Respond to Broadcast Request parameter.
Select Specifically Routed Frame to limit explorer frame traffic.
4. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
Chapter 14: Configuring Source Route Bridging 313
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
g the n
idge or
5. If you want these changes to take effect immediately, restart the router.
If you want to configure other parameters, do so now, then restart the router when you are finished.
Configuring the Novell LNM Agent
IBM LAN Network Manager and IBM LAN Manager (which are different versions of the same product, both abbreviated as LNM) are IBM’s proprietary network management solution for token ring source route bridges. The Novell LAN Network Manager (LNM) Agent supports the use of IBM LNM. The Novell LNM Agent supports the following functions:
• Source route bridge management through IBM LNM
• Communication between a Novell LNM Agent and an IBM NetView host
• SNMP support using the bridging MIB defined in RFC 1286
You can link controlling and observing IBM LNMs to a bridge. A controllinIBM LNM, or IBM NetView host through the IBM LNM, can issue any IBMLNM command for the local segment, including commands to reconfigurebridge. Only controlling IBM LNMs log and transport alerts from applicatioprograms.
An observing IBM LNM can issue only query and status commands, and therefore cannot reconfigure bridges.
Note Only one controlling IBM LNM can be linked to the bridge at any time. Up to three observing IBM LNMs can be linked to the bridge as well.
The source route bridge enables the Novell LNM Agent as soon as the brrecognizes two token ring interfaces. If the bridge detects that it has moreless than two active ports, it deactivates the Novell LNM Agent.
For more information about the Novell LNM Agent, refer to Novell Internet Access Server 4.1 Routing Concepts or Novell Internet Access Server 4.1 Troubleshooting .
314 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
How to Configure the Novell LNM Agent
Before you begin, you must configure one of the source route bridge application scenarios described in this chapter.
To configure the Novell LNM Agent, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > Source Route Bridge
2. Set the LAN Network Management Status parameter to Enabled .
3. Press Esc to return to the Internetworking Configuration menu; save your changes when prompted.
4. If you want these changes to take effect immediately, restart the router.
If you want to configure other parameters, do so now, then restart the router when you are finished.
Chapter 14: Configuring Source Route Bridging 315
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
316 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
15 Con
figuring FiltersYou use the Filter Configuration utility (FILTCFG) to configure filters that
selectively control which packets will be sent or received by a router. Filters let you control the service and route information that is accepted or advertised by a router.Filters can be useful when you want to limit specific kinds of traffic to certain parts of your network topology, or when you want to provide a certain level of security.
This chapter describes the different types of filters and how to configure them, and contains the following sections:
• “Filter Configuration Decisions” on page 317
• “Configuring IPX Filters” on page 320
• “Configuring TCP/IP Filters” on page 337
• “Configuring AppleTalk Filters” on page 351
• “Configuring Source Route Bridge Filters” on page 362
Filter Configuration Decisions
How you configure filters depends on the following decisions:
• Whether you want to control access to services on your network
You should enable filtering support if you want to control access to services on your network. Filters increase security by limiting the visibility of selected services. Packet forwarding filters provide the highest level of security.
Chapter 15: Configuring Filters 317
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ary
• Whether you want to reduce the bandwidth consumed by unnecessrouting traffic
Enabling filtering reduces network traffic caused by periodic serviceinformation messages sent by routers.
How to Run FILTCFG
Before you begin, make sure that the Filter Support option is enabled in the Novell® Internet Access Server Configuration utility (NIASCFG) for each protocol that needs filtering.
Note When Filter Support is disabled, the protocol operates as if the filter module is not loaded, and no filtering occurs. However, the changes you make will have no effect until you enable Filter Support. When Filter Support is enabled, any changes you make to the filter configurations take effect immediately. It is not necessary to use the REINITIALIZE SYSTEM command.
To set up and modify filters, complete the following steps:
1. Load FILTCFG.
The Filter Configuration Available Options menu is displayed.
2. Select the protocol for which you want to configure filters.
The main filter menu for the protocol you selected is displayed.
3. Optionally, for IPX and IP filtering, select Global Logging and select Enabled to log packets that match the Filters or Exceptions definitions.
The header of packets that match the Filters or Exceptions definitions are logged as long as the global logging status and the filters or exceptions logging status are both enabled. The logs are viewed using the NetWare Administrator utility.
4. Select the type of filter you want.
The corresponding option menu is displayed.
5. For each option you select, you can configure the following general parameters:
318 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
ed d),
the
any
e/
e/
ets
r
eps
• Status —Specifies the status of the selected filters. Any configurfilters immediately become active (enabled) or inactive (disabledepending on your choice.
• Action —Permits or denies the packet, route, or service listed in filter list.
When the action is permitted, the specified filters are accepted; filters that are not explicitly permitted are denied. One of the following occurs:
Packets matching the entries in the Packet Forwarding List areallowed through.
Services or routes matching the entries in the Outgoing ServicRouting Information Filter Lists are advertised.
Services or routes matching the entries in the Incoming ServicRouting Information Filter Lists are accepted.
If the action is denied, the specified filters are denied (the packare discarded); any filters that are not explicitly denied are permitted.
• Filters —Displays a list of filters that are accepted (permitted) ofiltered (denied) on an interface.
You can select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter.
Refer to the corresponding section later in this chapter for the styou use to define a filter if you are modifying or adding a filter.
• Exceptions —Displays a list of exceptions to the Filters list, to which the Action parameter setting—permit or deny—does not apply.
The Exceptions list is examined before the Filters list. If there is a conflict between the two lists, the Exceptions list is used. The action taken on the Exceptions list is always the opposite of the action taken on the Filters list.
You select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter. For example, you could use a filter to hide all Marketing file servers from Engineering, except the server named MKTG-DEMO.
6. Press Esc to exit.
Chapter 15: Configuring Filters 319
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
n
Note All filters affecting a primary call are automatically mapped to a configured backup call. Optionally, the automatic mapping of filtering can be disabled with the LOAD FILTSRV NOBACKUP command. With automatic mapping of filtering disabled, you can configure a selective filtering scheme that is specific to the needs of a backup link. The primary call and its associated backup call should use the same remote system ID. For information on configuring backup calls, refer to “Configuring Backup Calls” opage 85
How to Save Filters to a Text File
To save your filter information to a text file, complete the following steps:
1. Load FILTCFG.
The Filter Configuration Available Options menu is displayed.
2. Select Save Filters to a Text File , then press Enter .
3. Enter the pathname for the filter file.
For example, enter SYS:\ETC\TEMP . You can also save the filter file to a floppy disk (for example, A:\filename ).
Configuring IPX Filters
The Internetwork Packet ExchangeTM (IPXTM ) protocol supports the following types of filters:
• SAP (service information) filters
• Outgoing SAP filters (services advertised)
• Incoming SAP filters (services accepted)
• RIP (routing information) filters
• Outgoing RIP filters (routes advertised)
• Incoming RIP filters (routes accepted)
• NetBIOS and packet forwarding filters
Refer to Novell Internet Access Server 4.1 Routing Concepts for more information.
320 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Note When you configure a filter for a primary WAN call, an equivalent filter is automatically generated for the backup call. If the primary call should fail, the backup call is automatically connected.
How to Configure IPX SAP Filters
Before you begin, make sure that filtering support is enabled for IPX in NIASCFG.
To configure IPX incoming (or outgoing) SAP filtering, complete the following steps:
1. Load FILTCFG, then select the following parameter path:
Select Configure IPX Filters > Incoming SAP Filters (or Outgoing SAP Filters )
2. Select Status and toggle the choice to read Enabled or Disabled .
Any configured filters immediately become active (enabled) or inactive (disabled).
Note It might be easier to configure filters while they are disabled. Otherwise, you might experience temporary service loss while you are adding and setting up wildcard filters.
3. Select Action and toggle the choice to permit or deny the services on the filter list.
This specifies the action taken when an incoming (or outgoing) service (SAP packet) matches a filter in the filter list. If you select to permit the services, the SAP information is received from (or broadcast to) the local networks. If you select to deny the services, the SAP information is not received from (or broadcast to) the local networks.
Note Changing a filter to permit the services on the filter list when the filter list is empty denies all services and might produce undesirable results.
4. Select Filters .
This lists the incoming (or outgoing) SAP services that are currently permitted or denied, according to the Action parameter setting.
5. Modify the service list.
Chapter 15: Configuring Filters 321
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
this
e.
it.
You can select a service from the list and press Enter to modify the service or Del to remove it. Press Ins to add a new service.
If you are modifying an existing filter, or adding a new filter, modify the following parameters from the Define Filter menu:
• Logging —Optionally select Enabled to log packets that match theFilters or Exceptions definitions.
The header of packets that match the Filters or Exceptions definitions are logged as long as the global logging status and logging status are both enabled. The logs are viewed using theNetWare Administrator utility.
• Service Name —Press Ins , then select from a list of unfiltered NetWare® services known to the router, or enter a service name.
Note You can use the asterisk (*) and question mark (?) wildcards. The * wildcard is equal to zero or more character matches. The ? wildcard is equal to precisely one character match. For example, SERVER-A* matches Server-A, SERVER-A2, and SERVER-A-MKTG, whereas SERVER-A? matches only SERVER-A2. You can enter several wildcard characters in a string. We recommend that you enter exceptions to wildcards first when working with an enabled filter list.
• Service Type —Enter a hexadecimal SAP number, or press Ins, then select from a list of defined IPX service types.
You can use FFFF as a wildcard for any or all types.
• Source (or Destination ) Type —Press Enter , then select Interface or Interface Group .
• Source (or Destination )—Press Enter and specify the source (ordestination) for the filter.
If you specified Interface as the Source (or Destination ) Type , select a specific interface on which you want to filter the servicYou can select a LAN interface, a WAN interface, the internal network, or all interfaces. The default is All Interfaces .
• Source (or Destination ) Circuit —If you selected a WAN source (or destination), press Enter to define optional circuit information:
Local Frame Relay DLCI # (for frame relay)—The DLCI circuit number used for calls.
Remote System ID (for PPP, X.25, or ATM)—The name of the remote system server or remote peer associated with this circu
322 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
a the
ters bles
he
Circuit Parameter Type (for X.25 or ATM)—The type of virtual circuit used to establish a connection.
Remote DTE Address (for X.25)—The X.121 DTE address assigned to the specific remote DTE.
Remote ATM Address (for ATM)—The address assigned to the specific remote ATM.
Note If the optional fields are left blank, the filter will match all WAN calls on the interface. If authentication is not enabled and the optional fields are specified, the filter will not work.
• Comment —Enter an optional short description.
6. Press Esc and save the information.
7. Select Exceptions .
This displays a list of exceptions to the incoming (or outgoing) SAP filters. Depending on the Action parameter setting, services that matchfilter on this list are always or are never accepted (or advertised) byrouter, even if another filter is configured to do the opposite.
8. Modify the exceptions list.
Select a service from the list and press Enter to modify the service or Del to remove it. Press Ins to add a new service. Refer to Step 5 andStep 6 to modify or add an exception.
9. Press Esc to save the information and return to the Configure IPX Filters menu.
IPX SAP Filter Example
In this example, two departmental networks are connected to a corporatenetwork through a WAN link between Router 1 and Router 2. The two rouuse the RIP/SAP routing protocol to communicate with each other. RIP enarouters to send out periodic updates of service and routing information. Tinternetwork topology is shown in Figure 15-1 .
Note Either Router 1 or Router 2 can be set up to do the following: RIP/SAP can be run over the WAN link with an outbound SAP filter and with the NetWare Link Services ProtocolTM (NLSPTM ) software on the LAN. RIP/SAP can be run on the LAN with an inbound filter and with NLSP on the WAN. RIP/SAP can be run on the LAN and WAN
Chapter 15: Configuring Filters 323
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
links, and both inbound and outbound filtering is enabled. On the WAN, both ends need to be consistently configured.
Figure 15-1
IPX SAP Filter Example
To minimize the load on the WAN link, an IPX SAP filter is configured on Router 1 and Router 2. This filter cuts down the periodic service information updates across the WAN link by advertising only a few selected servers. The clients across the WAN link can access the servers on the other network by first attaching to these selected servers.
When configuring this example, set the parameters as shown in Table 15-1 .
Department 1Network
CorporateNetwork
Department 2Network
ServerSRV-DEPT2
ServerCORP-MAIL
ServerSRV-DEPT1
Advertise onlySRV-DEPT1 and SRV-DEPT2
NetWareRouter 1
WAN Link
WAN-1 WAN-1
Advertise onlyCORP-MAIL
NetWareRouter 2
324 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Table 15-1Parameters for IPX SAP Filter Example
How to Configure IPX RIP Filtering
Before you begin, make sure that filtering support is enabled for IPX in NIASCFG.
To configure IPX incoming (or outgoing) RIP filtering, complete the following steps:
1. Load FILTCFG, then select the following parameter path:
Select Configure IPX Filters > Incoming RIP Filters (or Outgoing RIP Filters )
2. Select Status and toggle the choice to read Enabled or Disabled .
Parameter Value
Router 1 Action Permit Services
Router 1 Filters:
Filter 1: Service Name Service Type Destination Type Destination Destination Circuit
Filter 2: Service Name Service Type Destination Type Destination Destination Circuit
.
. SRV-DEPT1 FFFF (All Types) Interface WAN-1 All Circuits
SRV-DEPT2 FFFF (All Types) Interface WAN-1 All Circuits
Router 2 Action Permit Services
Router 2 Filters:
Service Name Service Type Destination Type Destination Destination Circuit
.
CORP-MAIL FFFF (All Types) Interface WAN-1 All Circuits
Chapter 15: Configuring Filters 325
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
this
Any configured filters immediately become active (enabled) or inactive (disabled).
Note It might be easier to configure filters while they are disabled. Otherwise, you might experience temporary service loss while you are adding and setting up wildcard filters.
3. Select Action and toggle the choice to permit or deny the networks on the filter list.
This specifies the action taken on an incoming (or outgoing) network (RIP packet) in the filter list. If you select to permit networks, the RIP information is received from (or advertised to) local networks. If you select to deny networks, the RIP information is not received from (or advertised to) local networks.
Note Changing a filter to permit the routes on the filter list when the filter list is empty denies all routes.
4. Select Filters .
This lists the incoming (or outgoing) RIP routes that are permitted or denied, according to the Action parameter setting.
5. Modify the network list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new network filter.
If you are modifying an existing filter or adding a new filter, modify the following parameters from the Define Filter menu:
Note Whenever the internal network number of a server is filtered, the SAPs from the server are also filtered automatically.
• Logging —Optionally select Enabled to log packets that match theFilters or Exceptions definitions.
The header of packets that match the Filters or Exceptions definitions are logged as long as the global logging status and logging status are both enabled. The logs are viewed using theNetWare Administrator utility.
• Network Number —Enter a 4-byte hexadecimal number that identifies the IPX network.
326 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
es
A r
e.
it.
• Network Mask —Enter a 4-byte hexadecimal number that definthe range of network numbers you want to filter.
A network number/mask pair of 0/0 matches all IPX networks.1 bit in the network mask means that bit must be matched. Foexample, C9000000/FFFFFF00 matches C90000XX network numbers.
Note Bit masks do not need to be contiguous for filters.
• Source (or Destination ) Type —Press Enter , then select Interface or Interface Group .
• Source (or Destination )—Press Ins and specify the source (or destination) of the route information.
If you specified Interface as the Source (or Destination ) Type , select a specific interface on which you want to filter the servicYou can select a LAN interface, a WAN interface, the internal network, or all interfaces. The default is All Interfaces .
If you specified Interface Group as the Source (or Destination ) Type , select the specific interface group on which you want to filter the service.
• Source (or Destination ) Circuit —If you selected a WAN source(or destination), press Enter to define optional circuit information:
Local Frame Relay DLCI # (for frame relay)—The DLCI circuit number used for calls.
Remote System ID (for PPP, X.25, or ATM)—The name of the remote system server or remote peer associated with this circu
Circuit Parameter Type (for X.25 or ATM)—The type of virtual circuit used to establish a connection.
Remote DTE Address (for X.25)—The X.121 DTE address assigned to the specific remote DTE.
Remote ATM Address (for ATM)—The address assigned to the specific remote ATM.
Note If the optional fields are left blank, the filter will match all WAN calls on the interface. If authentication is not enabled and the optional fields are specified, the filter will not work.
• Comment —Enter an optional short description.
Chapter 15: Configuring Filters 327
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
6. Press Esc and save the information.
7. Select Exceptions .
Displays a list of exceptions to the incoming (or outgoing) RIP filters. Depending on the Actions parameter setting, routes that match a filter on this list are always or are never accepted (or advertised) by the router, even if another filter is configured to do the opposite.
8. Modify the exceptions list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new network filter. Refer to Step 5 and Step 6 to add or modify a filter.
9. Press Esc to save the information and return to the Configure IPX Filters menu.
IPX RIP Filter Example
In this example, network clouds are connected to each other through a T1 WAN link and a 256-Kbps WAN link. Packets from specific network ranges in each cloud take longer to be transmitted through the T1 link than the 256-Kbps link because their proximity to the links are different.
To restrict access to the 256-Kbps link to those network ranges that benefit from it most, and to prevent other networks from accessing this slower link, outbound filters are configured in the routers attached to the 256-Kbps link. In this case, Router 1 permits only packets sent to network range 010159xx to be transmitted through the 256-Kbps link. Router 2 permits only packets sent to network range 020267xx to be transmitted through the 256-Kbps link.
The internetwork topology is shown in Figure 15-2 .
328 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Figure 15-2
IPX Routing Information Filter Example
When configuring this example, set the parameters as shown in Table 15-2 .
Table 15-2Parameters for IPX Outgoing Filter Example
IPX NetBIOS and Packet Forwarding Filters
IPX packet forwarding filters allow the router to filter a packet according to the source and destination address fields and the packet type. NetBIOS filters allow the router to forward NetBIOS broadcast packets only on selected interfaces.
Parameter Value
Router 1 Actions Permit Networks
Filters: Network Number Network Mask Destination Type Destination Interface Destination Circuit
. 02026700 FFFFFF00 Interface WAN-1 All Circuits
Router 2 Actions Permit Networks
Filters: Network Number Network Mask Destination Type Destination Interface Destination Circuit
. 01015900 FFFFFF00 Interface WAN-1 All Circuits
020267xx 010159xx
02029xxx
Router 1 256-KbpsWAN Link
WAN-1 WAN-1
Router 2
T1 WAN Link
NetworkRanges
01013xxx
NetworkRanges
01014xxx
Permit only020267xx
Permit only010159xx
Chapter 15: Configuring Filters 329
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Note IPX NetBIOS and packet forwarding filters work while using either NLSP or RIP/SAP routing modes.
Configuring IPX Packet Forwarding
Before you begin, make sure that filtering support is enabled for IPX in NIASCFG. Otherwise, filtering will not work.
To configure IPX packet forwarding filters, complete the following steps:
1. Load FILTCFG, then select the following parameter path:
Select Configure IPX Filters > NetBIOS and Packet Forwarding Filters
2. Select Status and toggle the choice to read Enabled or Disabled .
Note It might be easier to configure filters while they are disabled. Otherwise, you might experience temporary service loss while you are adding and setting up wildcard filters.
3. Select NetBIOS Broadcast Filters Action and toggle the choice to permit or deny the IPX NetBIOS packets on the listed interfaces.
4. Select NetBIOS Broadcast Filters Interfaces, then press Enter .
This displays a list of interfaces that are permitted or denied for NetBIOS broadcast. Press Ins to add an interface to the list, or select an interface and press Del to remove it from the list. You can select a LAN interface, a WAN interface, the internal network, or all interfaces.
5. Select Interface Groups , then press Enter .
This displays a list of interface groups that are permitted or denied for NetBIOS broadcast. Press Ins to add an interface to the list, or select an interface and press Del to remove it from the list.
6. Select Packet Forwarding Filters Action and toggle the choice to permit or deny the packet forwarding filters on the filter list.
7. Select Filters .
This lists the NetBIOS filters that are permitted or denied, according to the Action parameter setting.
8. Modify the filter list.
330 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
t
n or
e
it.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter.
If you are modifying an existing filter or adding a new filter, modify the following parameters from the Define Filter menu:
• Source Interface Type —Press Enter and select Interface or Interface Group as the incoming IPX packet source.
• Source Interface —Press Enter and select the source from the lisof network interfaces or interface groups.
If you specified Interface as the Source Interface Type , select a specific interface on which you want to filter the service. You caselect a LAN interface, a WAN interface, the internal network, all interfaces. The default is All Interfaces .
If you specified Interface Group as the Source Interface Type , select the specific interface group on which you want to filter thservice.
• Source Circuit —If the source is a WAN interface, press Enter to modify the following optional circuit information:
Local Frame Relay DLCI # (for frame relay)—The DLCI circuit number used for calls.
Remote System ID (for PPP, X.25, or ATM)—The name of the remote system server or remote peer associated with this circu
Circuit Parameter Type (for X.25 or ATM)—The type of virtual circuit used to establish a connection.
Remote DTE Address (for X.25)—The X.121 DTE address assigned to the specific remote DTE.
Remote ATM Address (for ATM)—The address assigned to the specific remote ATM.
Note If the optional fields are left blank, the filter will match all WAN calls on the interface. If authentication is not enabled and the optional fields are specified, the filter will not work.
• Destination Interface Type —Press Enter and select Interface or Interface Group as the IPX packet destination.
• Destination Interface —Press Enter and select a destination fromthe list of network interfaces or interface groups.
Chapter 15: Configuring Filters 331
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
it.
t
al.
If you specified Interface as the Source (or Destination ) Interface Type , select a specific interface on which you want to filter the service. You can select a LAN interface, a WAN interface, the internal network, or all interfaces. The default is All Interfaces .
If you specified Interface Group as the Destination (or Source ) Interface Type , select the specific interface group on which you want to filter the service.
• Destination Circuit —If the destination is a WAN interface, pressEnter to modify the following optional circuit information:
Local Frame Relay DLCI # (for frame relay)—The DLCI circuit number used for calls.
Remote System ID (for PPP, X.25, or ATM)—The name of the remote system server or remote peer associated with this circu
Circuit Parameter Type (for X.25 or ATM)—The type of virtual circuit used to establish a connection.
Remote DTE Address (for X.25)—The X.121 DTE address assigned to the specific remote DTE.
Remote ATM Address (for ATM)—The address assigned to the specific remote ATM.
• Packet Description —Press Enter and select from a list of definedIPX packet types, or press Ins to define a packet type.
Enter the following information to define the type of IPX packeyou can filter:
Name —Enter a name for the packet.
Packet Type —Enter a 1-byte packet type number in hexadecimThe FF wildcard matches all packet numbers.
Destination Socket —Enter a 2-byte socket number in hexadecimal. The wildcard FFFF matches all socket numbers.
Comment —Enter an optional short description.
• Source Address Type —Press Enter and select Any Address , Network , or Node as the source address type.
• Source IPX Address —Enter the address if you selected Network or Node .
• Destination Address —Press Enter and select Any Address , Network , or Node as the destination address.
332 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
A r
this
e are
the r, the . To n to s are
• Destination IPX Address —Enter the address if you selected Network or Node .
A network numbers/mask pair of 0/0 matches all IPX networks.1 bit in the network mask means that bit must be matched. Foexample, C9000000/FFFFFF00 matches C90000XX network numbers.
• Comment —Enter an optional short description.
• Logging —Optionally select Enabled to log packets that match theFilters or Exceptions definitions.
The header of packets that match the Filters or Exceptions definitions are logged as long as the global logging status and logging status are both enabled. The logs are viewed using theNetWare Administrator utility.
9. Press Esc and save the filter information.
10. Select Exceptions .
This lists the exceptions to the IPX forwarding filters. According to thAction parameter specified, the packets that match a filter on this listalways or are never forwarded by the router, even if another filter is configured to do the opposite.
11. Modify the exceptions list.
Press Ins to add a new filter, or select a filter from the list and press Enter to modify the filter or Del to remove it. Refer to Step 8 on page 330 and Step 9 on page 333 to modify or add a filter.
12. Press Esc to save the information and exit to the Configure IPX Filters menu.
IPX Packet Forwarding Filter Example
In this example, an FDDI backbone connects several departments in an organization. Routers A, B, and C connect the departmental networks to backbone. Within the organization, users can access all servers. HoweveHuman Resources (HR) servers can be accessed only by HR employeesmake the HR servers secure, packet forwarding filters are used in additiothe usual NetWare password security. Note that some of the HR employee
Chapter 15: Configuring Filters 333
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
connected to different networks than the one HR servers are connected to. Figure 15-3 shows the internetwork topology.
Figure 15-3
IPX Packet Forwarding Filter Example
Routers B and C do not require filters because users can access all corporate servers (except for the HR server). Packet forwarding filters are installed on Router A to block packets from the FDDI interface to the HR servers, except when the packets are from the nodes 59:00001B2700F3 and 55:00001B2700F0.
When configuring this example, set the parameters as shown in Table 15-3 .
HR Employee 1IPX Node = 59:00001B2700F3
HR Employee 2IPX Node = 55:00001B2700F0
HR File Server 1Internal Net = 10
HR File Server 2Internal Net = 12
Router B
Router A
Router C
LAN 2
IPX Network 59
LAN 1
IPX Network 53
LAN 3IPX Network 55
Corporate FDDI BackboneIPX Network 50
334 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Table 15-3Parameters for IPX Packet Forwarding Filter Example
Parameter Value
Action Deny Packets
Filter List: Source Interface Type Source Interface Source Circuit Destination Interface Type Destination Interface Destination Circuit Packet Source Address Type Source IPX Address Destination Address Destination IPX Address
Source Interface Type Source Interface Source Circuit Destination Interface Type Destination Interface Destination Circuit Packet Source Address Type Source IPX Address Destination Address Destination IPX Address
. Interface FDDI All Circuits Network 10/FFFFFFFF All Circuits<Any> Network FDDI Network 10/FFFFFFFF
Interface FDDI All Circuits Network 12/FFFFFFFF All Circuits<Any> Network FDDI Network 12/FFFFFFFF
Chapter 15: Configuring Filters 335
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Exceptions: Source Interface Type Source Interface Source Circuit Destination Interface Type Destination Interface Destination Circuit Packet Source Address Type Source IPX Address Destination Address Destination IPX Address
Source Interface Type Source Interface Source Circuit Destination Interface Type Destination Interface Destination Circuit Packet Source Address Type Source IPX Address Destination Address Destination IPX Address
Source Interface Type Source Interface Source Circuit Destination Interface Type Destination Interface Destination Circuit Packet Source Address Type Source IPX Address Destination Address Destination IPX Address
. Node 59:00001B2700F3 All Circuits Network 10/FFFFFFFF All Circuits<Any> Node 59:00001B2700F3 Network 10/FFFFFFFF
Node 55:00001B2700F0 All Circuits Network 10/FFFFFFFF All Circuits<Any> Node 55:00001B2700F0 Network 10/FFFFFFFF
Node 59:00001B2700F3 All Circuits Network 12/FFFFFFFF All Circuits<Any> Node 59:00001B2700F3 Network 12/FFFFFFFF
Parameter Value
336 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
n)
Configuring TCP/IP Filters
TCP/IP supports the following filters:
• Incoming RIP filters (routing information)
• Outgoing RIP filters (routing advertisement)
• Packet forwarding filters
• Incoming Exterior Gateway Protocol (EGP) filters (routing informatio
• Outgoing EGP filters (routing advertisement)
• Open Shortest Path First (OSPF) external route filters
Refer to Novell Internet Access Server 4.1 Routing Concepts for more information.
Note When you configure a filter for a primary WAN call, an equivalent filter is automatically generated for the backup call. If the primary call should fail, the backup call is automatically connected.
How to Configure IP Routing Information Filters
Before you begin, make sure that filtering support is enabled for IP in NIASCFG under the TCP/IP Protocol menu. Otherwise, filtering will not work.
Source Interface Type Source Interface Source Circuit Destination Interface Type Destination Interface Destination Circuit Packet Source Address Type Source IPX Address Destination Address Destination IPX Address
Node 55:00001B2700F0 All Circuits Network 12/FFFFFFFF All Circuits<Any> Node 55:00001B2700F0 Network 12/FFFFFFFF
Parameter Value
Chapter 15: Configuring Filters 337
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
al
To configure IP incoming (or outgoing) RIP filters, complete the following steps:
1. Load FILTCFG, then select the following parameter path:
Select Configure TCP/IP Filters > Incoming RIP Filters (or Outgoing RIP Filters )
2. Select Status and toggle the choice to read Enabled or Disabled .
Any configured filters immediately become active (enabled) or inactive (disabled).
3. Select Action and toggle the choice to permit or deny the routes in the filter list.
This specifies the action taken when an incoming (or outgoing) RIP packet matches a filter on the filter list.
If you select to permit the routes, the matching RIP routes are accepted (or advertised) by the router. If you select to deny the routes, the matching RIP routes are not accepted (or advertised) by the router.
4. Select Filters .
This lists the incoming (or outgoing) RIP filters that are permitted or denied, according to the Action parameter setting.
5. Modify the route list.
You can select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter.
If you are modifying an existing filter or adding a new filter, modify the following parameters from the Define Filter menu:
• Route to Network or Host —Specify All Routes , Host , or Network as the type of route to be filtered.
• IP Address of Network/Host —Enter a 4-byte IP address in dotteddecimal notation. You do not need to enter this if you selected All Routes for the Route to Network/Hosts parameter.
• Subnetwork Mask —Enter a 4-byte mask address in dotted decimor hexadecimal notation. Do this only if you selected Network for the Route to Network/Hosts parameter.
338 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
r or
ou
it.
this
• Source (or Destination ) Type —Select Interface , Interface Group , or Network as the source (or destination) type.
• Source (or Destination )—Press Enter , then select the source (ordestination) that the route is advertised to or blocked from.
If you specified Interface for the Source (or Destination ) Type parameter, select a specific interface on which you want to filtethe service. You can select a LAN interface, a WAN interface, all interfaces. The default is All Interfaces .
If you specified Interface Group for the Source (or Destination ) Type parameter, select the specific interface group on which ywant to filter the service.
If you selected Network for the Source (or Destination ) Type parameter, type the TCP/IP address and the subnet mask.
• Source (or Destination ) Circuit —If you selected a WAN source(or destination), press Enter to define optional circuit information:
Local Frame Relay DLCI # (for frame relay)—The DLCI circuit number used for calls.
Remote System ID (for PPP, X.25, or ATM)—The name of the remote system server or remote peer associated with this circu
Circuit Parameter Type (for X.25 or ATM)—The type of virtual circuit used to establish a connection.
Remote DTE Address (for X.25)—The X.121 DTE address assigned to the specific remote DTE.
Remote ATM Address (for ATM)—The address assigned to the specific remote ATM.
• Advertised Hop Count —Enter a number from 1 to 16.
This option is enabled if the filter is configured to permit or advertise the route. If you leave this option blank, the TCP/IP routing table is consulted automatically for the required information. A value of 16 disables the route.
• Comment —Enter an optional short description.
• Logging —Optionally select Enabled to log packets that match theFilters or Exceptions definitions.
The header of packets that match the Filters or Exceptions definitions are logged as long as the global logging status and
Chapter 15: Configuring Filters 339
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
logging status are both enabled. The logs are viewed using the NetWare Administrator utility.
6. Press Esc and save the filter information.
7. Select Exceptions .
This displays a list of exceptions to the configured filters. Depending on the Action parameter setting, packets that match a filter on this list are always or are never accepted (or advertised), even if another filter is configured to do the opposite.
Note The Exceptions list filters always takes a higher priority than other filters.
8. Modify the exceptions list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter. Refer to Step 5 and Step 6 if you are adding or modifying a filter.
9. Press Esc to save the information and return to the Configure TCP/IP Filters menu.
How to Configure EGP Filters
Important No routes are accepted by EGP unless EGP filters are configured.
Before you begin, make sure that filtering support is enabled for IP in NIASCFG. Otherwise, filtering will not work.
To configure IP incoming (or outgoing) EGP filters, perform the following steps:
1. Load FILTCFG, then select the following parameter path:
Select Configure TCP/IP Filters > Incoming EGP Filters (or Outgoing EGP Filters )
2. Select Status and toggle the choice to read Enabled or Disabled .
Any configured filters immediately become active (enabled) or inactive (disabled).
340 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
ed
ed
h
3. Select Action and toggle the choice to permit or deny the routes in the filter list.
This specifies the action taken when an incoming (or outgoing) EGP packet matches a filter on the filter list. If you select to permit the routes, the matching EGP routes are accepted (or advertised) by the router. If you select to deny the routes, the matching EGP routes are not accepted (or advertised) by the router.
4. Select Filters .
This lists the incoming (or outgoing) EGP routes that are permitted or denied, according to the Action parameter setting.
5. Modify the route list.
You can select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter.
If you are modifying an existing filter or adding a new filter, modify the following parameters from the Define Filter menu:
• Route to Network or Host —Press Enter and specify All Routes or Network as the type of route to be filtered.
• IP Address of Network/Host —Enter an IP address in dotted decimal notation if you selected Network .
• Subnetwork Mask —Enter a 4-byte subnet mask address in dottdecimal or hexadecimal notation.
• Source (or Destination ) Type —Select Autonomous System , Host , Interface , Interface Group , or Network .
• Source (or Destination )—Fill in the following information, based on what you selected for the Source (or Destination ) Type :
Autonomous System —Press Enter , then type the autonomous system number (from 0 to 65535) from which the route is learn(source) or advertised (destination).
Host —Press Enter , then type the TCP/IP address in dotted decimal notation.
Interface —Press Enter , then select a specific interface on whicyou want to filter the service. You can select a LAN interface, aWAN interface, or all interfaces. The default is All Interfaces .
Chapter 15: Configuring Filters 341
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
et
it.
r
this
r are the
Interface Group —Press Enter , then select an interface group from the list.
Network —Press Enter , then type the TCP/IP address and subnmask numbers in dotted decimal notation.
• Source (or Destination ) Circuit —If you selected a WAN source (or destination), press Enter to define optional circuit information:
Local Frame Relay DLCI # (for frame relay)—The DLCI circuit number used for calls.
Remote System ID (for PPP, X.25, or ATM)—The name of the remote system server or remote peer associated with this circu
Circuit Parameter Type (for X.25 or ATM)—The type of virtual circuit used to establish a connection.
Remote DTE Address (for X.25)—The X.121 DTE address assigned to the specific remote DTE.
Remote ATM Address (for ATM)—The address assigned to the specific remote ATM.
• Metric Value —Enter a number to be associated with the route.
This option is enabled only if the filter is configured to permit oadvertise the route. If you leave this option blank, the TCP/IP routing table is consulted automatically for the required information.
• Comment —Enter an optional short description.
• Logging —Optionally select Enabled to log packets that match theFilters or Exceptions definitions.
The header of packets that match the Filters or Exceptions definitions are logged as long as the global logging status and logging status are both enabled. The logs are viewed using theNetWare Administrator utility.
6. Press Esc and save the filter information.
7. Select Exceptions .
Lists the exceptions to the configured filters. Depending on the Action parameter setting, packets that match a filter on this list are always onever advertised (or hidden), even if another filter is configured to doopposite.
342 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
8. Modify the exceptions list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter. Refer to Step 5 and Step 6 if you are adding or modifying a filter.
9. Press Esc to save the information and return to the Configure TCP/IP Filters menu.
How to Configure OSPF External Route Filters
Note OSPF external route filters apply only to routes learned from RIP, EGP, or static routes.
Before you begin, make sure that filtering support is enabled for IP in NIASCFG. Otherwise, filtering will not work.
To configure OSPF external route filters, complete the following steps:
1. Load FILTCFG, then select the following parameter path:
Select Configure TCP/IP Filters > OSPF External Route Filters
2. Select Status and toggle the choice to read Enabled or Disabled .
Any configured filters immediately become active (enabled) or inactive (disabled).
3. Select Action and toggle the choice to permit or deny the routes in the filter list.
If permitted, all matching routes are forwarded by the router. If denied, all matching routes are not forwarded by the router.
4. Select Filters.
This lists the routes that are permitted or denied, according to the Action parameter setting.
5. Modify the route list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter.
If you are modifying an existing filter or adding a new filter, modify the following parameters from the Define Filter menu:
Chapter 15: Configuring Filters 343
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
al
r
this
on re
u
• Route to Network or Host —Press Enter to specify All Routes , Host, or Network as the type of route to be filtered.
• IP Address of Network Host —Enter a 4-byte IP address in dotteddecimal notation if you specified Network or Host for the Route to Network or Host parameter.
• Subnetwork Mask —Enter a 4-byte mask address in dotted decimor hexadecimal notation if you specified Network for the Route to Network or Host parameter.
• Metric Value —Enter a metric or cost associated with the route.
This option is enabled only if the filter is configured to permit oadvertise the route. If you leave this option blank, the TCP/IP routing table is consulted automatically for the required information.
• Comment —Enter an optional short description.
• Logging —Optionally select Enabled to log packets that match theFilters or Exceptions definitions.
The header of packets that match the Filters or Exceptions definitions are logged as long as the global logging status and logging status are both enabled. The logs are viewed using theNetWare Administrator utility.
6. Press Esc and save the filter information.
7. Select Exceptions .
This lists the exceptions to the configured route filter list. Dependingthe Action parameter setting, packets that match a filter on this list aalways or are never permitted or denied, even if another filter is configured to do the opposite.
8. Modify the exceptions list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter. Refer to Step 5 and Step 6 if yoare adding or modifying a filter.
9. Press Esc to save the information and return to the Configure TCP/IP Filters menu.
344 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
IP Routing Information Filter Example
In this example, the Accounting department is connected to the FDDI backbone by Router C. One of the networks within Accounting is 151.1.0.0 (subnet mask of 255.255.255.0). Because access to this network from outside the Accounting department is not required, the administrator has selected not to propagate a route to this network outside the Accounting department.
To hide network 151.1.0.0 from the rest of the organization, an outgoing RIP filter is configured on Router C.
Because IP supports RIP, OSPF, and EGP, routing filters must always specify the routing protocol for which the filter applies. In this case, RIP is used by all routers in the organization, and a RIP routing information filter is configured. The route being hidden from the rest of the network is defined by the Accounting department network with IP network address 151.1.0.0. Router C’s connection to the departments outside Accounting is through the FDDI backbone. The destination from which network 151.1.0.0 is hidden is most easily defined as the FDDI interface to the backbone. Figure 15-4 shows the internetwork topology.
Note that Router C has the route to network 151.1.0.0 in its routing table. If Router C receives a packet from the FDDI backbone that is destined for network 151.1.0.0, it forwards the packet.
Chapter 15: Configuring Filters 345
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Figure 15-4
IP Routing Information Filter Example
When configuring this example, set the parameters as shown in Table 15-4 .
Table 15-4Parameters for IP Outgoing Routing Information Filter Example
IP Packet Forwarding Filters
IP packet forwarding filters let the router filter packets selectively, according to their type, source, and destination.
Parameter Value
Action Deny Routes
Filters: Route to Network or Host IP Address of Network Host Subnet Mask Destination Type Destination
. Network 151.1.0.0 255.255.255.0 Interface FDDI Interface
Router C
IP Network 149.1.0.0(FDDI Backbone)
IP Network 151.1.0.0
Mail Server
NE2000
External InternetworkRouter BRouter A
IP Network 153.5.0.0
346 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
e
n
Configuring IP Packet Forwarding Filtering
Before you begin, make sure that filtering support is enabled for IP in NIASCFG. Otherwise, filtering will not work.
To configure IP packet forwarding filtering, complete the following steps:
1. Load FILTCFG, then select the following parameter path:
Select Configure TCP/IP Filters > Packet Forwarding Filters
2. Select Status and toggle the choice to read Enabled or Disabled .
Any configured filters immediately become active (enabled) or inactive (disabled).
3. Select Action and toggle the choice to permit or deny the packets in the filter list.
If denied, matching packets are not forwarded by the router. If permitted, matching packets are forwarded by the router.
4. Select Filters .
This lists the packets that are permitted or denied, according to the Action parameter setting.
5. Modify the packet list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new packet filter.
If you are modifying an existing filter or adding a new filter, specify the following parameters from the Define Filter menu:
Note You cannot modify a predefined packet type.
• Source Interface Type —Press Enter and select Interface or Interface Group as the source type.
• Source Interface —Press Enter and select an interface or interfacgroup from the list.
If you specified Interface as the Source Interface Type , select a specific interface on which you want to filter the service. You caselect a LAN interface, a WAN interface, or all interfaces. The default is All Interfaces .
Chapter 15: Configuring Filters 347
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
it.
an
he
,
it.
If you specified Interface Group as the Source Interface Type , select the specific interface group on which you want to filter the service.
• Source Circuit —If you selected a WAN interface source, press Enter to define optional circuit information:
Local Frame Relay DLCI # (for frame relay)—The DLCI circuit number used for calls.
Remote System ID (for PPP, X.25, or ATM)—The name of the remote system server or remote peer associated with this circu
Circuit Parameter Type (for X.25 or ATM)—The type of virtual circuit used to establish a connection.
Remote DTE Address (for X.25)—The X.121 DTE address assigned to the specific remote DTE.
Remote ATM Address (for ATM)—The address assigned to the specific remote ATM.
• Destination Interface Type —Select Interface or Interface Group as the interface type.
• Destination Interface —Press Enter and select an interface or interface group from the list.
If you specified Interface as the Destination Interface Type , select a specific interface on which you want to filter the service. You cselect a LAN interface, a WAN interface, or all interfaces. The default is All Interfaces .
If you specified Interface Group as the Destination Interface Type , select the specific interface group on which you want to filter tservice.
• Destination Circuit —If you selected a WAN interface destinationpress Enter to define optional circuit information:
Local Frame Relay DLCI # (for frame relay)—The DLCI circuit number used for calls.
Remote System ID (for PPP, X.25, or ATM)—The name of the remote system server or remote peer associated with this circu
Circuit Parameter Type (for X.25 or ATM)—The type of virtual circuit used to establish a connection.
Remote DTE Address (for X.25)—The X.121 DTE address assigned to the specific remote DTE.
348 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
t.
f
k
this
on re
u
Remote ATM Address (for ATM)—The address assigned to the specific remote ATM.
• Packet Type —Press Enter and select a packet type from the lis
The Protocol and Port(s) fields are automatically filled in, according to your packet type selection.
• Source Address Type —Press Enter and select Any Address , Host , or Network .
• Source TCP/IP Address —Enter the address and subnet mask othe network or host.
• Destination Address Type —Press Enter and select Any Address , Host , or Network .
• Destination TCP/IP Address —Enter the address and subnet masof the network or host.
• Comment —Enter an optional short description.
• Logging —Optionally select Enabled to log packets that match theFilters or Exceptions definitions.
The header of packets that match the Filters or Exceptions definitions are logged as long as the global logging status and logging status are both enabled. The logs are viewed using theNetWare Administrator utility.
6. Press Esc and save the filter information.
7. Select Exceptions to display a list of exceptions to the permitted or denied packets.
This lists the exceptions to the configured packet filter list. Dependingthe Action parameter setting, packets that match a filter on this list aalways or are never permitted or denied, even if another filter is configured to do the opposite.
8. Modify the exceptions list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter. Refer to Step 5 and Step 6 if yoare adding or modifying a filter.
9. Press Esc to save the information and return to the Configure TCP/IP Filters menu.
Chapter 15: Configuring Filters 349
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
IP Packet Forwarding Filter Example
In this example, an organization has an FDDI backbone connecting several departments within the organization and a link to external networks. Routers A and C connect the departmental networks to the backbone. Router B connects the external networks to the backbone. Within the organization, users can communicate freely across the internetwork. External access is limited to electronic mail. The internetwork topology is shown in Figure 15-5 .
Figure 15-5
IP Packet Forwarding Filter Example
Because internal communication is not restricted, packet forwarding filters are not required on Routers A or C.
Two packet forwarding filters are required on Router B. The first filter ensures that any packet originating within the organization’s internal networks are forwarded by Router B. The second filter provides access to the corporate mail server and allows external users to send and receive electronic mail to and from internal users.
To configure the first filter, the source identifies the packets that originate in the internal networks. The simplest way to do this on Router B is to identify all packets received from the FDDI backbone interface. Because internal users can
Router C
IP Network 149.1.0.0(FDDI Backbone)
IP Network 159.3.0.0
Mail Server
NE2000_B
External InternetworkRouter BRouter A
IP Network 153.5.0.0
153.5.3.1
FDDI_B
350 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
use any service at any location, the remaining fields in the filter can be specified as ANY.
The source of the second filter is all packets originating from external networks. Because the interface NE2000_B is the only connection that Router B has to the external networks, this can be used to specify the source field for this filter. SMTP (Simple Mail Transfer Protocol) is selected from the predefined services list. The allowable destinations are limited to the corporate mail servers. Host 153.5.3.1 is the only mail server defined.
When configuring this example, set the parameters as shown in Table 15-5 .
Table 15-5Parameters for IP Packet Forwarding Filter Example
Configuring AppleTalk Filters
AppleTalk supports the following types of filters:
Parameter Value
Action Permit Packets
Filters List
Filter 1: Source Interface Type Source Interface Destination Interface Type Destination Interface Packet Type Source Address Type Destination Address Type
.
. Interface FDDI backbone Interface All Interfaces Any Any Address Any Address
Filters List
Filter 2: Source Interface Type Source Interface Destination Interface Type Destination Interface Packet Type Source Address Type Destination Address Type Destination TCP/IP Address
.
. Interface NE2000_B Interface All Interfaces SMTP Any Address Host 153.5.3.1
Chapter 15: Configuring Filters 351
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
in
s:
filter er u lies
the
• Device hiding filters
• Outgoing route filters (routes advertised)
• Incoming route filters (routes accepted)
Note When you configure a filter for a primary WAN call, an equivalent filter is automatically generated for the backup call. If the primary call should fail, the backup call is automatically connected. You can only view primary filters using FILTCFG. Backup filters do not appear in FILTCFG.
Refer to Novell Internet Access Server 4.1 Routing Concepts for more information.
How to Configure AppleTalk Device Hiding Filtering
Before you begin, make sure that filtering support is enabled for AppleTalkNIASCFG. Otherwise, filtering will not work.
To configure AppleTalk device hiding filtering, complete the following step
1. Load FILTCFG, then select the following parameter path:
Select Configure AppleTalk Filters > Device Hiding Filters
2. Select Action and toggle the choice to show or hide the devices listed in the filter list.
This specifies the action taken when an NBP reply packet matches a in the filter list. If you specify to show the devices, the AppleTalk routforwards only the NBP replies that match a filter in the filter list. If yospecify to hide the devices, the AppleTalk router discards all NBP repthat match a filter in the filter list.
3. Select Filters .
This displays a list of filters that hide or show devices, depending onsetting of the Action parameter. The name, type, device location, anduser location are listed for each device filter.
4. Modify the filter list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter.
352 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
ice
h lt
d
e n
start
ded 11-
If you are modifying an existing filter or adding a filter, specify the following parameters in the Define Filter menu:
• Device Name —Enter an NBP name of up to 32 characters.
Keep the default (=) to select all NBP names. An AppleTalk devadvertises itself on the network according to the Device Name and Device Type values.
• Device Type —Press Enter and select from a list of defined AppleTalk NBP device types, or press Ins to add a new NBP type with the following information:
Device Type —Enter a text string of up to 32 characters.
Comment —Enter an optional short description.
• Device Location Type —Specify where the filtered device is located from the following choices: <Any> (the default), Interface , Interface Group , Non-extended Network , Multiple/Extended Network, Zone , or AURP Tunnel .
Select <Any> to select all device locations to show or hide all devices to the user location.
• Device Location —Specify the following parameters, based on what you selected for Device Location Type :
<Any > or AURP Tunnel —This field cannot be edited.
Interface —Press Enter , then select a specific interface on whicyou want to filter the service. You can select a LAN interface, aWAN interface, the internal network, or all interfaces. The defauis All Interfaces .
Interface Group —Press Enter , then select a network interface group from the list.
Non-extended Network —Press Enter , then type a network number to identify the nonextended network in which the filteredevice is located.
Multiple/Extended Networks —Press Enter , then type the start and end network numbers for the extended network in which thfiltered device is located. The start number must be greater thazero, and the end number must be greater than or equal to thevalue.
You can enter a specific extended network, or a range of extenand nonextended networks. For example, for networks 1-9, 10,
Chapter 15: Configuring Filters 353
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
n
r.
to ed
h lt
d
20, 21-30, specifying an extended range of 1-30 will filter all devices in the 1-9, 10, 11-20, and 21-30 extended networks.
Zone —Press Enter , then type the name of the AppleTalk zone iwhich the filtered device is located.
• Device Circuit —If you selected a WAN circuit, press Enter to modify the following optional circuit information:
Local Frame Relay DLCI # (for frame relay)—The DLCI circuit number used for calls.
Remote System ID (for PPP, X.25, ISDN, or ATM)—The name ofthe remote system server or remote peer associated with this circuit.
Circuit Parameter Type (for X.25 or ATM)—The type of virtual circuit used to establish a connection.
Remote DTE Address (for X.25)—The X.121 DTE address assigned to the specific remote DTE.
Remote ATM Address (for ATM)—The address assigned to the specific remote ATM.
• User Location Type —Select a location type from one of the following choices: <Any> (the default), Interface , Interface Group , Non-extended Network , Multiple/Extended Network , Zone , or AURP Tunnel . Select <Any> if you do not know the location of the device or if the network location does not matte
• User Location —Specify the locations of the users whose accessthe devices must be controlled. Specify one of the following, bason what you selected for User Location Type :
<Any > or AURP Tunnel —This field cannot be edited.
Interface —Press Enter , then select a specific interface on whicyou want to filter the service. You can select a LAN interface, aWAN interface, the internal network, or all interfaces. The defauis All Interfaces .
Interface Group —Press Enter , then select a network interface group from the list.
Non-extended Network —Press Enter , then type a network number to identify the nonextended network in which the filteredevice is located.
354 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
e n
start
ded 11-
n
r are he
Multiple/Extended Networks —Press Enter , then type the start and end network numbers for the extended network in which thfiltered device is located. The start number must be greater thazero, and the end number must be greater than or equal to thevalue.
You can enter a specific extended network, or a range of extenand nonextended networks. For example, for networks 1-9, 10,20, 21-30, specifying an extended range of 1-30 will filter all devices in the 1-9, 10, 11-20, and 21-30 extended networks.
Zone —Press Enter , then type the name of the AppleTalk zone iwhich the filtered device is located.
• User Circuit —If you selected a WAN interface, press Enter to modify the following optional circuit information:
Local Frame Relay DLCI # (for frame relay)—The DLCI circuit number used for calls.
Remote System ID (for PPP, X.25, ISDN, or ATM)—The name ofthe remote system server or remote peer associated with this circuit.
Circuit Parameter Type (for X.25 or ATM)—The type of virtual circuit used to establish a connection.
Remote DTE Address (for X.25)—The X.121 DTE address assigned to the specific remote DTE.
Remote ATM Address (for ATM)—The address assigned to the specific remote ATM.
• Comment —Enter an optional short description.
5. Press Esc and save the filter information.
6. Select Exceptions .
This lists the exceptions to the device filter list. Depending on the Action parameter setting, devices that match a filter on this list are always onever permitted or denied, even if another filter is configured to do topposite.
7. Modify the exceptions list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter. Refer to Step 4 and Step 5 tomodify or add a filter to the exceptions list.
Chapter 15: Configuring Filters 355
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
8. Select Status and toggle the choice to read Enabled or Disabled .
All configured filters immediately become active (enabled) or inactive (disabled).
9. Press Esc to save the information and return to the Configure AppleTalk Filters menu.
Example AppleTalk Device Hiding Filter
Figure 15-6 shows the internetwork topology for an organization with an FDDI backbone connecting several departments within the organization and a link to external networks. Routers A and C connect the departmental networks to the backbone. In general, users can communicate freely across the internetwork. However, access to printers within the Accounting department is restricted.
356 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Figure 15-6
AppleTalk Device Hiding Filter Example
All networks within the Accounting department are in Zone Accounting. A device hiding filter on Router C stops access from specific areas to the LaserWriter* printers within the Accounting zone.
When configuring this example, set the parameters as shown in Table 15-6 .
Router C
AppleTalk ExtendedNetwork 165–170
Zone = Accounting
AppleTalk Extended Network 41–45
Zone FDDI BackboneAppleTalk Extended Network 1–5
AppleTalk Extended Network 21–25Zone Corporate Servers
Router A
Chapter 15: Configuring Filters 357
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Table 15-6Parameters for AppleTalk Device Hiding Filter Example
How to Configure AppleTalk Route Filtering
Before you begin, make sure that filtering support is enabled for AppleTalk in NIASCFG. Otherwise, filtering will not work.
To configure AppleTalk routing information filtering for incoming (or outgoing) route filters, complete the following steps:
1. Load FILTCFG, then select the following parameter path:
Select Configure AppleTalk Filters > Incoming Route Filters (or Outgoing Route Filters )
2. Select Action and toggle the choice to permit or deny the routes listed in the filter list.
This specifies the action taken with a route that appears in the filter list. If you select to permit routes, the AppleTalk router accepts (or advertises) only the routes from (or to) the networks in the filter list. If you select to deny routes, the AppleTalk router does not accept (or advertise) specific routes from (or to) specific networks in the filter list, but does accept (or advertise) all other entries in the routing table.
3. Select Filters .
Parameter Value
Action Deny
Device Name = (for all NBP names)
Device Type LaserWriter
Device Location Type Zone
Device Location Accounting
User Location Type Interface
User Location FDDI Backbone–Interface connecting to FDDI
User Circuit All Circuits
358 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
n
t a
This lists the filters that are permitted or denied, according to the Action parameter setting.
4. Modify the filter list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter.
If you are modifying an existing filter or adding a filter, specify the following parameters in the Define Filter menu:
• Route to Network (or Route to Network or Zone )—Select All Routes , Non-extended Network , Multiple/Extended Network , or Zone as the type of route or network to be filtered.
• Network Number/Range —Enter a network number or a networkrange, depending on whether you selected a nonextended or aextended network. If you select an extended network, you canenter a single extended network or a range of extended and nonextended networks.
• Zone Name (Outgoing only)—Enter the zone name of the AppleTalk zone to be filtered.
• Source (or Destination ) Type —Press Enter and select Interface , Interface Group , or AURP Tunnel .
• Source (or Destination )—Press Enter and select the interface orinterface group from the list. This option does not apply for an AURP tunnel.
If you specified Interface as the Source Type , select a specific interface on which you want to filter the service. You can selecLAN interface, a WAN interface, the internal network, or all interfaces. The default is All Interfaces .
• Source (or Destination ) Circuit —If you selected a WAN circuit, press Enter to modify the following optional circuit information:
Local Frame Relay DLCI # (for frame relay)—The DLCI circuit number used for calls.
Remote System ID (for PPP, X.25, ISDN, or ATM)—The name ofthe remote system server or remote peer associated with this circuit.
Circuit Parameter Type (for X.25 or ATM)—The type of virtual circuit used to establish a connection.
Chapter 15: Configuring Filters 359
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
are he
ve
DI is
e a ws
Remote DTE Address (for X.25)—The X.121 DTE address assigned to the specific remote DTE.
Remote ATM Address (for ATM)—The address assigned to the specific remote ATM.
• Comment —Enter an optional short description.
5. Press Esc and save the filter information.
6. Select Exceptions .
This lists the exceptions to the filter list. Depending on the Action parameter setting, routes that match a filter on this list are always ornever permitted or denied, even if another filter is configured to do topposite.
7. Modify the exceptions list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter. Refer to Step 4 and Step 5 tomodify or add a filter.
8. Select Status and toggle the choice to read Enabled or Disabled .
Any configured filters immediately become active (enabled) or inacti(disabled).
9. Press Esc to save the information and return to the Configure AppleTalk Filters menu.
AppleTalk Outgoing Routing Information Filter Example
In the following example, the Accounting department is connected to the FDbackbone by Router C. One of the AppleTalk networks within Accounting165-170. Because access to this network from outside the Accounting department is not required, the administrator has chosen not to propagatroute to this network outside the Accounting department. Figure 15-7 shothe internetwork topology.
Note When you configure a filter for a primary WAN call, an equivalent filter is automatically generated for the backup call. If the primary call should fail, the backup call is automatically connected.
360 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Figure 15-7
AppleTalk Routing Information Filter Example
Extended network 165-170 can be hidden from the rest of the organization if an outgoing route filter is configured on Router C.
The route being hidden from the rest of the network is extended network 165-170. Router C’s connection to the departments outside Accounting is through the FDDI backbone. The destination from which to hide the Accounting network is most easily defined as the interface to the backbone. Note that no node or server in the internetwork can see the Accounting network 165-170. However, nodes in Accounting can see the internetwork routes, but cannot see any devices on the internetwork.
When configuring this example, set the parameters as shown in Table 15-7 .
Router CAppleTalk Extended
Network 165–170
AppleTalk ExtendedNetwork 1–10
AppleTalk Extended Network 21–30
Router B
Router A
External Internetwork
Zone = AccountingDepartment FDDI
Chapter 15: Configuring Filters 361
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
list. the
Table 15-7Parameters for AppleTalk Routing Information Filter Example
Configuring Source Route Bridge Filters
Source route bridge supports the following two types of filters:
• Protocol ID filters
• Ring number filters
Refer to Novell Internet Access Server 4.1 Routing Concepts for more information.
Note When you configure a filter for a primary WAN call, an equivalent filter is automatically generated for the backup call. If the primary call fails, the backup call is automatically connected.
Configuring Protocol ID Filters
To configure protocol ID filters, complete the following steps:
1. Load FILTCFG, then select the following parameter path:
Select Configure Source Route Bridge Filters > Protocol ID Filters
2. Select Action and toggle the choice to permit or deny the packets in the filter list.
This specifies the action taken with a packet that appears in the filterIf you select to permit packets, the bridge accepts only the packets in
Parameter Value
Action Deny
Filtered Route:
Route to Network or Zone
.
Multiple/Extended Network
Network Number/Range 165-170
Destination Type
Destination
Interface
FDDI
362 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
, d P
l
.
filter list. If you select to deny packets, the bridge does not accept the packets in the filter list.
3. Select Filters .
This lists the packets that are permitted or denied, according to the Action parameter setting.
4. Modify the packet list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new packet.
If you are modifying an existing filter or adding a new filter, specify the following parameters from the Define Filter menu:
• Source Interface —Press Enter and select an interface from the list of configured network interfaces. This specifies the networkinterface at which incoming data packets are filtered.
• Protocol ID —Press Enter and select a protocol ID from the list.
Press F3 to modify a protocol ID. Press Ins to define a new protocol ID and supply the following information:
Note You cannot modify predefined protocol ID entries.
Select Protocol ID Type —Select either LLC SAP or 802.2 SNAPwhere LLC SAP is the original IEEE 802.2 1-byte protocol ID, an802.2 SNAP is an expanded 5-byte protocol ID used with SNASAP.
Name —Specify a unique name for the protocol ID.
Value —For LLC SAP, enter a 1-byte (up to two hexadecimal digits) ID. For SNAP SAP, enter up to a 5-byte (10 hexadecimadigits) ID with a minimum value of 600 (hexadecimal).
Comment —Enter an optional short description for the protocol ID
Note All changes to the filter list take place immediately.
• Comment —Enter an optional short description.
5. Press Esc and save the filter information.
6. Select Status and toggle the choice to read Enabled or Disabled to specify the status of the protocol ID filters.
Chapter 15: Configuring Filters 363
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Any configured filters immediately become active (enabled) or inactive (disabled).
7. Press Esc to return to the Configure Source Route Bridge Filters menu.
Configuring Ring Number Filters
To configure ring number filters, complete the following steps:
1. Load FILTCFG, then select the following parameter path:
Select Configure Source Route Bridge Filters > Ring Numbers Filters
2. Select Status and toggle the choice to read Enabled or Disabled to specify the status of the ring number filters.
This displays the action taken when a packet matches a filter in the filter list. The only action possible is to select Deny Packets .
3. Select Filters .
This lists the packets that are permitted or denied, according to the Action parameter setting.
4. Modify the filter list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter.
If you are modifying an existing filter or adding a new filter, specify the following parameters from the Define Filter menu:
• Source Ring Number —Enter a number in the range of 1 to FFF(hexadecimal).
• Comment —Enter an optional short description.
5. Press Esc and save the filter information.
Note All changes to the filter list take place immediately.
6. Press Esc to return to the Configure Source Route Bridge Filters menu.
364 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
16 Plan
ning WAN ProtocolsThe Novell® Internet Access Server 4.1 routing software enables a NetWare®
your
not rates
server to route traffic over wide area networks (WANs). The routing software includes three WAN services: the NetWare Link/ATMTM service, the NetWare Link/Frame RelayTM service, and the NetWare Link/X.25TM service.
Each of these wide area services are installed when you install the routing software. For information about configuring these services, refer to “Configuring NetWare Link/ATM” on page 391 ; “Configuring Frame RelayNetwork Access” on page 397 ; and “Configuring NetWare Link/X.25” on page 407
This chapter describes how you can plan for each service by diagrammingconnections to the network and completing the appropriate configuration worksheets.
This chapter includes the following sections:
• “Wide Area Networks” on page 365
• “Planning for WAN Connections” on page 366
• “NetWare Link/Frame Relay” on page 367
• “NetWare Link/X.25” on page 374
Wide Area Networks
Wide area networks differ from local area networks in that they typically do have the same distance limitations; however, WANs are limited in the data that they can accommodate.
Two basic types of links are used in WANs:
• Point-to-point connections
Chapter 16: Planning WAN Protocols 365
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ions. the
ay
,
ce
tes
, onal
for
rvice
nd nd
• Packet-switched networks
Point-to-Point Connections
Point-to-point WAN connections can be permanent or on-demand connectNovell provides an implementation of the Point-to-Point Protocol (PPP) in basic Novell Internet Access Server 4.1 package. Refer to Novell Internet Access Server 4.1 Routing Concepts for more information.
Packet-Switched Networks
Two common packet-switched networks are currently available: frame reland X.25.
Frame relay is a relatively new service aimed at reducing network delaysutilizing the available communications bandwidth more efficiently, and lowering equipment costs. The frame relay service might eventually replathe X.25 service, but it does not currently offer the same embedded error protection capabilities that X.25 provides.
X.25 is the predominant packet-switching protocol in use in the United Staand most of Europe. X.25 was developed by the ITU-T (International Telecommunications Union, Telecommunications Standardization sector)previously CCITT, in the late 1970s and was later adopted by the InternatiStandards Organization (ISO).
Planning for WAN Connections
Planning is the key to easy installation of WAN connections. Basic planningWAN connections involves the following:
• Deciding what type of links you want
• Learning what requirements the service provider imposes on the se
Time spent in planning your network, coordinating with service providers, agathering the information you will need saves time during the installation aconfiguration procedures.
366 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
the s
an by ice.
rce
me
Contacting Service Providers
If you have difficulty in finding a service provider for packet-switched networks, contact your local telephone company for assistance in finding the type of service you want.
Using NIASCFG
The Novell Internet Access Server Configuration utility (NIASCFG) is a menu-driven utility used to configure the Novell Internet Access Server 4.1 WAN protocols. It is installed during the installation of Novell Internet Access Server 4.1.
NIASCFG uses a series of menus to configure related sets of parameters. This configuration interface allows you to define LAN and WAN adapter boards, configure LAN and WAN protocols, and bind the protocols to be used for a specific link or connection to the appropriate adapters. You can enter names for new interfaces, specify parameters, and override defaults without using a command line.
Items in NIASCFG correspond to the steps used to configure Novell Internet Access Server 4.1 protocols and routing software. These items should be configured in the order presented in the procedures provided in this guide.
NetWare Link/Frame Relay
The NetWare Link/Frame Relay software is a streamlined, connection-oriented frame-mode data service based on frame-switching/relaying technology—process of quickly transporting High-level Data Link Control (HDLC) framethrough a network.
NetWare Link/Frame Relay is based on frame relay, a WAN telecommunications protocol standard specified by the ITU-T and AmericNational Standards Institute (ANSI). Frame relay was originally specified ITU-T as an Integrated Services Digital Network (ISDN) frame-mode serv
NetWare Link/Frame Relay supports AppleTalk, TCP/IP, IPX, and the souroute bridge software of the Novell Internet Access Server 4.1.
For more information about features, functions, and how NetWare Link/FraRelay works, refer to Novell Internet Access Server 4.1 Routing Concepts .
Chapter 16: Planning WAN Protocols 367
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
I,
(a re tive ed
Frame Relay Networks
Private line networks permanently allocate dedicated transmission resources between communications end points, regardless of traffic conditions. The frame relay network uses statistical multiplexing; therefore, transmission resources are not allocated until active communications exist. Network resources are shared dynamically among participating end points.
Frame relay networks provide the best features of time division multiplexing (TDM) high-speed, low-delay circuit switching and the statistical multiplexing and port sharing of X.25 packet-switching technologies. This guarantees bandwidth according to the set committed information rate (CIR) and allows bandwidth-on-demand bursts.
The frame relay network consists of frame relay switches, which usually are owned and administered by the carriers. The access connection to the frame relay network is typically provided by a Local Exchange Carrier (LEC); it can also be bundled into the frame relay provider’s service. A network provider can be an LEC; a metropolitan frame relay service; an interexchange carrier (IXC); or an interstate, national, or global frame relay service.
NetWare Link/Frame Relay encapsulates data frames and routes them through the frame relay network based on the Data-Link Connection Identifier (DLCI), which identifies the local permanent virtual circuit (PVC) end point of the router. DLCIs are defined through the configuration process or learned through the NetWare Link/Frame Relay link management protocol.
A frame relay network has the following characteristics:
• Transports frames transparently. The network modifies only the DLCcongestion bits, and frame check sequence (FCS).
• Detects transmission, format, and operational errors.
• Preserves the order of the frame transfer on individual PVCs.
• Does not acknowledge or retransmit frames.
Using NetWare Link/Frame Relay, you can have a logical end-to-end link virtual private line) between communications end points. Although NetWaLink/Frame Relay appears as a dedicated private network to the user, thevirtual circuits and high-speed internode trunking make it a more cost-effecservice than a dedicated line service, with similar performance. It is intend
368 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
CI the
a time
bits
er
izes
ink/ch,
l d ed
primarily for high-speed, bursty data communications applications, such as WAN interconnections.
NetWare Link/Frame Relay Parameters
NetWare Link/Frame Relay network service parameters, which are determined at subscription time, are in effect on a per-virtual-circuit basis. To set up and use NetWare Link/Frame Relay, the following parameters must be configured before frame relay link activation:
• DLCIs are the PVC numbers that you need for data transfer (one DLdenotes one end of a virtual circuit). Two DLCIs, one at each end ofconnection, are required to form one end-to-end virtual circuit. The DLCI is also known as the virtual circuit number.
• Committed burst size (Bc) is the maximum number of data bits that network agrees to transfer under normal conditions over a measuredinterval.
• Excess burst size (Be) is the maximum number of uncommitted datathat the network attempts to deliver over a measured time interval.
• Committed information rate (CIR) is the user information rate, in bits psecond, at which the network agrees to transfer data on a particularvirtual circuit under typical operating conditions.
• The physical access rateaccess rate (AR) of the user channel is thethroughput rate, in bits per second, that limits the load offered to theframe relay network.
• The measurement interval (T) is the time over which rates and burst sare measured.
When a client workstation needs access to a remote node, the NetWare LFrame Relay router sends the frame to the local frame relay network switwhich then sends the frame through the network to the remote end node.
Minimum committed bandwidth access is enforced using the CIR protocofeature. If a user exceeds the specified CIR limit, there is a risk of droppepackets; however, users working within their set CIR are usually guarantedelivery by the service provider.
Chapter 16: Planning WAN Protocols 369
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
The frame relay network switch monitors the access rate and size of data frames transferred through the mesh network. The data throughput CIR is guaranteed by the network, but allows for excess bursts (Be) of data not to exceed the access rate (AR) of the connection. The committed burst size (Bc) sets the maximum amount of data that the network agrees to transfer in a specified time period.
Bursting above the set CIR is allowed, however, only if the connection is configured for it and the actual bandwidth is available on an end-to-end basis. This means that the entrance edge node into the frame relay network, the transit nodes within the network, and the exiting edge node from the network must be available before excess bursting can occur.
Diagramming Your Frame Relay Network
To ensure that all the desired connections to the frame relay network are properly diagrammed, complete the following steps:
1. Diagram the existing frame relay network showing all Novell Internet Access Server 4.1 routing access points.
Figure 16-1 shows a simple example of a planning diagram.
2. Draw each connection from the local NetWare router to its corresponding partner.
Indicate the DLCI number assigned by the network for each connection (PVC).
370 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
s)
t
e st 3
Figure 16-1
Frame Relay Planning Diagram
Planning Your Frame Relay Network
To ensure that all aspects of your connections to the frame relay network are covered, complete the following steps:
1. For each location where a router attaches to the frame relay network, specify the following parameters:
• Interface speed required (for example, 256 Kbps or 1.544 Mbp
The interface speed should support the type of applications thawill be communicating using NetWare Link/Frame Relay software.
For example, if you have an application that must communicatwith three remote sites using a minimum of 32 Kbps sustainedbandwidth, the physical interface must be able to support at leax 32 Kbps, or 96 Kbps.
Frame RelayNetwork
Frame RelaySwitches
NetWare Link/Frame RelayRouter A
NetWare Link/Frame RelayRouter B
Ethernet
DLCI 16
DLCI 17
NetWare Link/Frame RelayRouter C
PVC
Router C Router ADLCI 17
Router C Router BDLCI 16
Chapter 16: Planning WAN Protocols 371
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
lay
d
You should also consider traffic pattern characteristics (bursty or sustained) when specifying interface speed.
• Physical interface required (for example, V.35 or RS-232)
• Number of partner routers that will be connected using frame re
2. Contact your frame relay network service provider and request the specific parameter values you require.
These values should correspond to those defined in Step 1.
The frame relay network service provider will set up your service anassign DLCI numbers to each PVC.
3. Using the information from Step 1 and Step 2, fill in the NetWare Link/Frame Relay worksheet.
Figure 16-2 shows a template of the NetWare Link/Frame Relay configuration worksheet.
372 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Figure 16-2
NetWare Link/Frame Relay Worksheet
The following fields are included in the NetWare Link/Frame Relay configuration worksheet:
Complete a copy of this worksheet for each NetWare router.
Network Access
Physical Type (circle one): V35 RS-232 RS-422 RS-423 X.21
Interface Speed (circle one): External Internal =
Encoding (circle one): NRZ NRZ
Connections
Destination (Partner) DLCI Number
NetWare Link/Frame Relay Worksheet Local Router ID:
Chapter 16: Planning WAN Protocols 373
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ay
at
ne
and
n
PC
the
• NetWare Link/Frame Relay Local Router ID (at top of page)—Symbolic name assigned by the system administrator to identify a particular NetWare Link/Frame Relay router. The ID is arbitrary. It provides a wto track or reference a particular NetWare Link/Frame Relay router.
• Physical Type —Physical connection type to the frame relay switch ththe NetWare Link/Frame Relay router is to be connected to.
• Interface Speed —External or internal. Internal speeds vary with the driver used.
• Encoding Option —Corresponds to the encoding set on the physical lithat the NetWare Link/Frame Relay router is attached to. It can be NRZI (nonreturn to zero inverted) or NRZ (nonreturn to zero).
• Destination (Partner) —Destination name at the remote end of a PVCthat connects communications partners.
• DLCI Number —Data Link Connection Identifier number assigned bythe frame relay network service provider for each PVC.
Where to Go from Here
When you have completed all the planning steps for your frame relay connections, verify that the appropriate WAN interface boards are installedconfigured as described in Chapter 2, “Configuring Drivers and Board Parameters,” on page 29
After the WAN interface boards are installed and configured, refer to “Configuring Frame Relay Network Access” on page 397 for configuratioinformation.
NetWare Link/X.25
NetWare Link/X.25 operates in a NetWare server or NetWare router/bridgeenvironment and provides services for NetWare products and other applications (including independent developer applications) requiring widearea connectivity.
NetWare Link/X.25 uses the ITU-T Recommendation X.25, which defines interaction between data terminal equipment (DTE) and data circuit-
374 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
hich e ends,
terminating equipment (DCE) of a packet-switching network. The most recent ITU-T Recommendation X.25 is the 1992 revision.
DTE is a generic term for any network-attached, customer-premises, or end-user equipment operating in packet mode. DCE can be any one of the devices that is not a DTE but is associated with a single network port and is responsible for establishing, maintaining, and terminating the connection with a DTE. The X.25 protocol requires a DTE/DCE pair to operate.
NetWare Link/X.25 implements the X.25 protocol as described in these recommendations, including the physical level, frame level, and packet level, along with several library modules used in interfacing with the user applications.
The wide area connectivity products that NetWare Link/X.25 supports include Novell Internet Access Server 4.1 routing and remote access functionality, and SNA/QLLC (NWSAA product).
For more information about features, functions, and how NetWare Link/X.25 works, refer to Novell Internet Access Server 4.1 Routing Concepts .
Virtual Circuit Service
X.25 provides for two types of virtual circuits: switched virtual circuits (SVCs) and permanent virtual circuits (PVCs). An SVC is a dynamically established virtual circuit using call setup and call clearing procedures. A PVC is a permanent, network-assigned virtual circuit that requires no call setup or clearing.
A virtual circuit provides a connection-oriented service, similar to that of circuit switching but with the following exceptions:
• It is limited to a connection between two end points.
• It has the advantage of economical statistical multiplexing for establishing a logical path through the network.
This logical path can be provided either on a permanent basis by a PVC, wis equivalent to a leased circuit, or on a request basis by an SVC. Once thlogical path is established, the packets are transferred between connectedas desired.
Chapter 16: Planning WAN Protocols 375
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
The packets are statistically multiplexed with packets of other users, optimizing the transmission media of the network.
Each packet is associated with a logical channel, which is mapped to the appropriate destination of the virtual circuit. This enables a more effective use of the access circuit for the available bandwidth and the traffic density for each logical channel.
The router can manually maintain IPX, IP, and AppleTalk connections using SVCs between multiple sites. You can set up SVCs that can be connected manually or automatically. Links that are set up manually are easy to install and maintain because they use routing table updates to discover end-user stations and hosts for each X.25 destination automatically. The router can automatically establish and disconnect on-demand IP connections using SVCs.
The types of connections supported by NetWare Link/X.25 for various protocols are shown in the following table.
A permanent SVC is established at initialization and is left in a connected state until the user or application brings it down. An on-demand SVC is established only when data is present for the associated virtual circuit and is brought down after the data has been transmitted and the configured idle timer has expired. An on-demand SVC remains down until more data is queued up to be sent, then the connection is reestablished.
The procedure for setting up a virtual call is to establish a logical path, then the data packets are automatically sent to the appropriate destination.
The packet level provides the virtual circuit service of PVCs and SVCs. Logical channels differentiate the virtual circuits supported by the packet level. Multiple connections are provided simultaneously by multiplexing virtual circuits over the access line. Only one PVC or SVC can be established at a time on each logical channel.
Protocol PVC Permanent SVC On-Demand SVC
IPX X X X
IP X X RFC 1356
AT X X X
Source route bridge X X
376 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Logical Channel Numbers
The identification of a logical channel is present in every packet flowing across the X.25 interface. This identification is in the form of a field within the packet consisting of 12 bits. For SVCs, the association between a logical channel identifier and a particular virtual circuit is accomplished at call setup time when the identifier is chosen from a pool of unused identifiers. For PVCs, this association is by network subscription.
At network subscription time, the user specifies the number of logical channels needed for both SVCs and PVCs by designating ranges of logical channel numbers. NetWare Link/X.25 configuration uses the decimal equivalent of the complete 12-bit Logical Channel Identifier in terms of two subfields: the Logical Channel Group (4 bits) and the Logical Channel Number (8 bits).
Within any of the following categories, the range of available logical channels must be contiguous. Each successive range of logical channel numbers must be numerically higher than the previous range.
In increasing order, the logical channel ranges include the following:
1. PVCs
2. SVCs supporting only calls from the network (inbound SVCs)
3. SVCs supporting calls from and to the network (two-way SVCs)
4. SVCs supporting only calls to the network (outbound SVCs)
NetWare Link/X.25 User Facilities
The ITU-T Recommendation X.25 addresses users’ needs for versatility in their network requirements through a set of optional user facilities . These facilities give X.25 the capability of being tailored to meet varied network and user requirements, and allow a network installer to fine-tune the network’s handling of such areas as security, accounting, routing, and performance. These facilities can be selectively and incrementally specified to the needs of the users on that network.
Many user facilities can be used within an X.25 connection to a PDN. The user facilities available with NetWare Link/X.25 include the following:
Chapter 16: Planning WAN Protocols 377
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
d on
nge
s for
er ess ke ber ore
has G G,
s is ble.
a
h n, all
• Flow Control Negotiation —Allows negotiation, on a per-call basis, ofthe window size and maximum user data field length that can be usethe call in each direction.
• Throughput Class Negotiation —Specifies, on a per-call basis, the throughput of data that can be transferred on a virtual circuit. The rais 75 bps to 64 Kbps.
• Fast Select —Expands the Call and Clear user data fields from the normal 16 octets to 128 octets, enhancing the data field's usefulnesshort-duration, low-volume, transaction-oriented applications. This facility is often used in the retail point-of-sale and credit card authorization terminal environment.
• Reverse Charging —Offers the equivalent of a collect call. It is allowedon a per-call basis and is specified in the Call Request packet by thecalling DTE.
• Closed User Group (CUG) —Allows the configuration of one or more virtual private networks within a larger public network. It allows a usto collect a number of DTEs into a single logical group and restrict accto the group having the ability to receive incoming calls from or to maoutgoing calls to the restricted open portion of the network. The numof CUGs is network-dependent. A single DTE can belong to one or mCUGs.
Within the CUG category, you can specify whether a user connectionincoming access (CUG with Incoming Access), outgoing access (CUwith Outgoing Access), or both. If a DTE belongs to more than one CUyou must also specify a preferred (or primary) CUG.
• Bilateral Closed User Group (BCUG) —Offers a finer degree of accesscontrol than the CUG offers. Bilateral signifies a CUG relationship thathas been limited to a pair of DTEs. Access between the pair of DTEunrestricted; however, access to or from any other DTE is not possi
A DTE subscription with a PDN can include a provision to allow or disallowremotely originated, reverse-charged call from reaching that DTE (Reverse Charging Acceptance ). Additionally, a DTE subscription with a PDN can include a provision to disallow any locally charged calls; that is, all locallygenerated call requests must specify reverse charging.
NetWare Link/X.25 additionally provides local configurable options for botof the preceding items; that is, regardless of a customer's PDN subscriptio
378 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
inbound reverse-charged calls can be rejected and all outbound call attempts that do not specify reverse charging can be disallowed.
Diagramming Your X.25 Network
To ensure that all connections to the X.25 network are properly diagrammed, complete the following steps:
1. Diagram the existing X.25 network showing all Novell Internet Access Server 4.1 routing access points and mark the X.25 addresses.
Figure 16-3 shows a simple example of a planning diagram.
2. Draw in and show each type of connection from the local Novell Internet Access Server 4.1 router to its corresponding partner.
For PVC-type connections, show the LCN assigned by the X.25 network service provider and the partner name.
For SVC-type connections, list the partner names.
Chapter 16: Planning WAN Protocols 379
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
)
Figure 16-3
X.25 Planning Diagram Example
Planning Your X.25 Network
To ensure that all aspects of your planned connections to the X.25 network are covered, complete the following steps:
1. For each location that a router attaches to the X.25 network, specify the following parameters:
• Physical interface required (for example, V.35 or RS-232)
• Internal interface speed required (for example, 9,600 or 19,200
This value is required only when the clocking is generated internally. Otherwise, clocking comes from the modem.
• Number of partner routers that will be connected using X.25
• For each partner, whether a PVC or an SVC is required
X.25Network
X.25Switches
NetWare Link/X.25Router A
NetWare Link/X.25Router B
Ethernet
Modems
Local DTEAddress
PVCLCN:_____________Partner:___________
NetWare Link/X.25Router C
Partners Reachedby SVC:_____________________________________________
380 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
et.
ed
n a
• Packet size required (for example, 128 bytes or 256 bytes)
2. Using the information from Step 1, fill in the NetWare Link/X.25 Network Access Worksheet.
Figure 16-4 shows the NetWare Link/X.25 Network Access Workshe
The NetWare Link/X.25 Network Access Worksheet fields are describfollowing the worksheet.
3. Contact your X.25 network service provider and request the specific parameter values you require.
These values correspond to those specified on the worksheet.
The X.25 network service provider will set up your service and assigrange of virtual circuit numbers to meet your requirements.
4. Using the information from Step 3, fill in the NetWare Link/X.25 Connections Worksheet.
Figure 16-5 shows the NetWare Link/X.25 Connections Worksheet.
Chapter 16: Planning WAN Protocols 381
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
y he ter.
Figure 16-4
NetWare Link/X.25 Network Access Worksheet
The following list describes the fields in the NetWare Link/X.25 Network Access Worksheet:
NetWare Link/X.25 Router ID (at top of page)—Symbolic name assigned bthe system administrator to identify a particular NetWare Link/X.25 router. TID provides a way to track or reference a particular NetWare Link/X.25 rou
NetWare Link/X.25 Network Access Worksheet Router ID:
Complete a copy of this worksheet for each NetWare router.
Frame-Level Parameters
Sequencing Modulo (circle one) 8 | 128 Window Size (k) __________________________ Maximum Frame Size (N1) __________________________ Retry Count (N2) __________________________ Retry Timeout (T1) __________________________ Disconnect Timeout (T3) __________________________ Idle Timeout (T4) __________________________
Packet-Level Parameters
Local DTE Address __________________________Version (circle one) 1980 | 1980 Min | 1984 | 1988
Role (circle one) DTE | DCE Default Inbound Packet Size __________________________ Default Outbound Packet Size __________________________ Packet Sequencing Modulo (circle one) 8 | 128 Default Inbound Window Size __________________________ Default Outbound Window Size __________________________
T20 ______ T21 ______ T22 ______ T23 ______ T24 ______ T25 ______ T26 ______ R20 ______ R22 ______ R23 ______
Logical Channel Numbers
Lowest LCN Number of LCNsPVC ____________________ ____________________Inbound SVC ____________________ ____________________Two-way SVC ____________________ ____________________ Outbound SVC ____________________ ____________________
User Facilities
Allow Flow Control Negotiation (circle one) Yes | No
Maximum Inbound Packet Size ____________________ Maximum Outbound Packet Size ____________________ Maximum Inbound Window Size ____________________ Maximum Outbound Window Size ____________________ Fast Select (circle one) Yes | No
382 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
s (or
e r
ster
ent tatus
sion r
r
for eset
Frame-Level Parameters
• Sequencing Modulo —Specifies the numbering of sequential frames allowed in a Data-Link layer window. For most networks, Modulo 8 should be used. For special networks, Modulo 128 can be used; thisallows users to select a larger window size.
Note The Default Window Size field is dependent on which Modulo method you select here.
• Window Size (k) —Determines the maximum number of sequential frames that can be received or sent before the server or router sendwaits for) an acknowledgment.
• Maximum Frame Size (N1) —Determines the maximum frame size allowed to be received on the link (in octets).
• Retry Count (N2) —Determines the maximum number of times a framshould be retransmitted because of the expiration of the Retry Time(T1). A large value for this parameter increases the probability of a correct transfer between the DTE and DCE. A small value permits fadetection of a permanent error condition.
• Retry Timeout (T1) —Determines the time, in seconds, to wait for an acknowledgment of the oldest transmitted frame. If no acknowledgmis received within this set time, an attempt is made to determine the sof the remote device.
Set this parameter to a value slightly greater than twice the transmistime of the longest frame, including anticipated delay time to the peenode.
• Disconnect Timeout (T3) —Displays the value of the T3 timer. After attempting to connect the link by sending N2 Set Asynchronous Balanced Mode (SABM) frames on T1 expiration, the Data-Link layecontinues sending SABM frames when the T3 timer expires.
• Idle Timeout (T4) —Specifies the amount of time the local DTE waits(when a link becomes idle) before attempting to poll the partner nodestatus. If the partner node does not respond to the polls, the link is rand all current virtual calls are cleared or reset.
Chapter 16: Planning WAN Protocols 383
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
e
ket-
is
is l is pond
al uld
e an
e at
Packet-Level Parameters
• Local DTE Address —Specifies the X.121 address (up to 15 digits) of thlocal DTE. It should match the address assigned by your attached network. This address in included in the Calling Address field of theoutbound Call Request packets.
• Version —Determines the specific conformance year for the X.25 specification you use for this port.
• Role —Determines whether you use DTE or DCE procedures for paclevel operation in the logical channel number (LCN) assignment.
When establishing a connection to an X.25 network, you must set thparameter to DTE (the default value) to avoid call collisions.
• Default Inbound Packet Size —Determines the default packet size that used for a call. Unless another packet size is specified when the calmade, the default packet size value is used. Set this value to corresto your network subscription.
• Default Outbound Packet Size —Determines the maximum outgoing data packet size when a call is established without the Flow Control Negotiation parameter. The Default Outbound Packet Size should be a value that is agreed on by the PDN and the remote DTE.
• Sequencing Modulo —Provides control over the numbering of sequentidata packets allowed in a window. For most networks, Modulo 8 shobe used.
Note The Default Window Size field is dependent on which Modulo method you select here.
• Default Inbound Window Size —Specifies the default number of sequential incoming or outgoing data packets that can be sent beforacknowledgment is required.
Note The Packet Sequencing Modulo and Window Size fields are independent of the Frame Sequencing Modulo and Window Size parameters.
• Default Outbound Window Size —Specifies the default value of the maximum number of sequentially numbered data packets that can btransmitted by the local DTE without receiving an acknowledgment any given time.
384 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
acket
itted.
, ket.
,
,
a
er
ent
t rupt
pon C
When a virtual circuit is established without flow control negotiation, this value is used as an outbound window size. You should set this parameter to the value agreed on by the PDN.
• T20 (Restart Response Timer) —Determines the amount of time, in seconds, that the local DTE waits when it issues a Restart Request pto receive a restart confirmation or restart indication.
When the time limit expires, the Restart Request packet is retransm
• T21 (Call Response Timer) —Specifies the amount of time, in secondsthat the DTE waits for a response to an outbound Call Request pac
• T22 (Reset Response Timer) —Specifies the amount of time, in secondsthat the DTE waits for a response to a Reset Request packet.
• T23 (Clear Response Timer) —Specifies the amount of time, in secondsthat the DTE waits for a response to a Clear Request packet.
• T24 (Ack-Send Timer) —Specifies the amount of time, in seconds, thatDTE waits when a packet carrying a valid acknowledgment is sent.
This timer is used to ensure that no acknowledgment is lost. If the timexpires, an RR (Receiver Ready) packet is sent.
• T25 (Data Packet Retransmission Timer) —Specifies the amount of time, in seconds, that the DTE waits for the appropriate acknowledgmafter transmitting a data packet.
If the T25 timer expires, the packet layer resets the virtual circuit.
• T26 (Interrupt Timer) —Specifies the amount of time, in seconds, thathe DTE waits when an Interrupt Request packet is sent for an interconfirmation to be received.
If the T26 timer expires, the packet layer resets the virtual circuit.
• R20 (Restart Retransmission Timer) —Specifies the maximum numberof times the local DTE retransmits, upon expiration of the T20 timer,before notifying the user that the associated link is inoperative.
• R22 (Restart Retransmission Count) —Determines the maximum number of times the local DTE retransmits a Reset Request packet, uexpiration of the T22 timer, before initiating a Clear procedure for SVor a Restart procedure for PVC.
Chapter 16: Planning WAN Protocols 385
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
he
a
and
d
• R23 (Clear Retransmission Count) —Determines the maximum numberof times the local DTE retransmits a Clear Request packet, upon expiration of the T23 timer, before initiating a Restart procedure on tassociated link.
Logical Channel Numbers
• PVC, Lowest LCN —Determines the lowest LCN that can be used forPVC.
• PVC, Number of LCNs —Determines the number of logical channels supporting PVCs.
This number must agree with your network subscription.
• Inbound SVC, Lowest LCN —Determines the lowest LCN that can be used for one-way incoming logical channels for SVCs.
This value must be greater than or equal to the Lowest PVC LCN parameter value.
• Inbound SVC, Number of LCNs —Determines the number of incomingchannels assigned for inbound-only SVCs.
This number must agree with your network subscription.
• Two-Way SVC, Lowest LCN —Determines the lowest number of two-way channels assigned for SVCs that can be used for both inboundoutbound calls.
• Two-Way SVC, Number of LCNs —Determines the lowest LCN that canbe used for two-way SVCs.
This number must agree with your network subscription.
• Outbound, Lowest LCN —Determines the lowest LCN that can be usefor outgoing logical channels for SVCs.
The value must be greater than or equal to the Lowest Two-Way SVC LCNs value plus the Number of Two-Way LCNs value.
• Outbound, Number of LCNs —Determines the number of logical channels reserved for outbound-only SVCs.
This number must agree with your network subscription.
386 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
t
t
l
User Facilities
• Allow Flow Control Negotiation —If set to Yes , negotiates (downgrades)incoming calls containing either Window Size or Packet Size facility values that are greater than those specified.
If set to No , rejects incoming calls containing either Window Size or Packet Size facility values that are greater than those specified.
• Maximum Inbound Packet Size —Specifies the largest incoming packesize that can be negotiated on a per-virtual-circuit basis.
• Maximum Outbound Packet Size —Specifies the largest outgoing packesize that can be negotiated on a per-virtual-circuit basis.
• Maximum Inbound Window Size —Specifies the largest value, per virtuacircuit, to be negotiated in a Window Size facility parameter field.
The maximum value for this parameter is dependent on which Packet Sequencing Modulo method you selected.
• Maximum Outbound Window Size —Specifies the largest value, per virtual circuit, to be negotiated in a Window Size facility parameter field.
The maximum value for this parameter is dependent on which Packet Sequencing Modulo method you selected.
• Fast Select —If set to Yes , allows up to 128 bytes of user data to be included in Call Request packets. If set to No , user data is not includedin Call Request packets.
Chapter 16: Planning WAN Protocols 387
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Figure 16-5
NetWare Link/X.25 Connections Worksheet
Where to Go from Here
When you have completed all the planning steps for your frame relay connections, verify that the appropriate WAN interface boards are installed and configured as described in Chapter 2, “Configuring Drivers and Board Parameters,” on page 29
NetWare Link/X.25 Connections Worksheet Local Router ID:
Destination (Partner) Type (SVC/PVC) DTE Address (SVC) / LCN (PVC)
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
___________________________ ______________ ___________________________
388 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
n.
After the WAN interface boards are installed and configured, refer to “Configuring NetWare Link/X.25” on page 407 for configuration informatioChapter 16: Planning WAN Protocols 389
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
390 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
17 Con
figuring NetWare Link/ATMAsynchronous Transfer Mode (ATM) networks use a standard form of cell
rs
”
s
switching based on a 53-byte cell to provide low-latency, scalable virtual-circuit-multiplexed connectivity. Novell® Internet Access Server 4.1 includes the NetWare® Link/ATMTM software feature and the ATM LAN Emulation Client (LEC). To configure the LEC, refer to Chapter 2, “Configuring Driveand Board Parameters,” on page 29
This chapter contains configuration information for the following ATM network components and features:
• “How to Configure NetWare Link/ATM Network Interface Parameterson page 391
• “How to Configure NetWare Link/ATM WAN Call Destination Parameters” on page 393
To configure the logical adapter board for NetWare Link/ATM, refer to Chapter 2, “Configuring Drivers and Board Parameters,” on page 29
How to Configure NetWare Link/ATM Network Interface Parameters
Before you begin, you must complete the following tasks:
• Familiarize yourself with exactly what your ATM service provider hadone to provision the connection medium.
You should have values for the following service classes:
ABR (Available Bit Rate)
VBR (Variable Bit Rate)
UBR (Unspecified Bit Rate)
Chapter 17: Configuring NetWare Link/ATM 391
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ur
re
the
ty,
can ize
an mly
• Be aware of the physical limitations of the adapter board used for yoATM interface.
• Verify that both physical and logical boards are configured for NetWaLink/ATM.
The logical interface for NetWare Link/ATM is called ATMWAA. Separate logical boards (ATMWAA1, ATMWAA2, and so forth) are configured for each ATMWAA module.
To configure NetWare Link/ATM network interface parameters, complete following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Network Interfaces > a logical board
2. In the Interface Status field, press Enter .
3. Select Enabled .
4. In the Physical Board Name field, press Enter .
A list of all configured physical ATM boards appears. If the list is empmake sure that you have configured an ATM adapter board.
5. In the User Data Size field, accept the default value or enter a new value.
This field specifies the largest user packet data size that applicationssend and receive. The size is also limited by the maximum packet sconfigured for the system.
Range: 1–18,200
Default: 4188
6. In the Send Queue Limit field, accept the default value or enter a new value.
This field specifies the maximum number of outbound packets that cbe queued for the interface. When the queue limit is reached, randoselected packets are removed from the queue and discarded.
Range: 1–512
392 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Default: 100
7. In the Authentication Options field, press Enter .
The Link/ATM Inbound Authentication Options menu appears. This feature allows you to configure a list of remote ATM addresses from which incoming calls can be accepted.
The Interface Name field shows the interface for which authentication is configured.
8. In the Inbound Authentication field, press Enter .
9. Select Enabled .
10. In the Authentication Database Name field, accept the name shown or enter a new name.
This field specifies the symbolic name of the inbound authentication database for the interface. Multiple interfaces can share a single database.
11. In the Authentication Database field, press Enter .
The Link/ATM Inbound Authentication Database screen appears.
12. To create a new entry in the database, press Ins .
13. Select the desired remote system ID from the list of configured remote IDs.
14. To exit this configuration procedure and save your changes, press Esc and select Yes when prompted.
How to Configure NetWare Link/ATM WAN Call Destination Parameters
To configure NetWare Link/ATM WAN call destination parameters, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > WAN Call Directory > Press Ins
Chapter 17: Configuring NetWare Link/ATM 393
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
2. Type the new WAN call destination name.
3. Select ATMWAA from the supported wide area media list.
4. In the Call Type field, accept Permanent or press Enter to select On Demand .
5. In the Interface Name field, select the logical board name used for this ATMWAA interface.
6. In the Connection Type field, accept SVC or press Enter to select PVC .
When you set the connection type to SVC, you must enter a destination ATM address in the field provided.
When you set the connection type to PVC, you must enter a virtual connection identifier in the field provided.
7. In the PVC VCI field, for PVC connection type, enter the PVC identifier.
The PVC identifier consists of a 1-byte virtual path identifier, followed by a 2-byte virtual channel identifier.
The valid range is 0x000020 through 0xFFFFFF.
8. In the Destination ATM Address field, for SVC connection type, enter the destination ATM address.
9. In the Multiplex Protocols field, accept Yes or press Enter to select No .
10. In the Retry Mode field, accept Retry Self-Correcting Failures or press Enter to select another value.
11. In the Retry Limit Handling field, accept Continuous At Limit or press Enter to select another value.
12. In the Retry Interval Limit field, accept 00:10:00 or press Enter to enter another value.
13. In the Retry Line Timeout field, accept 00:10:00 or press Enter to enter another value.
394 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
14. In the Remote System ID field, enter the name of the target remote system.
15. In the Service Class field, accept UBR or press Enter to enter another value.
The service class specifies the service parameters to be used during connection setup:
ABR (Available Bit Rate)
VBR (Variable Bit Rate)
UBR (Unspecified Bit Rate)
16. In the Peak Rate field, accept the default value, or enter the value given by your ATM service provider.
17. In the Sustained Rate field, if service class is set to VBR , accept the default value, or enter the value given by your ATM service provider.
18. In the Minimum Rate field, if service class is set to ABR , accept the default value, or enter the value given by your ATM service provider.
19. In the Rate Adjustment field, accept Nearest or press Enter to select Nearest Lower .
This parameter specifies how the bit rate is rounded off when it is converting to cell rate.
20. In the Inbound Authentication Update field, accept Enabled or press Enter to select Disabled .
21. To exit this configuration procedure and save your changes, press Esc and select Yes when prompted.
Chapter 17: Configuring NetWare Link/ATM 395
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
396 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
18 Con
figuring Frame Relay Network AccessThis chapter provides the following sections for configuring the NetWare®
pe of
rk red
u t; it
Link/Frame RelayTM software:
• “Frame Relay Configuration Decisions” on page 397
• “Configuring a Frame Relay Network Interface” on page 398
• “Configuring the WAN Call Directory” on page 403
Frame Relay Configuration Decisions
How you configure NetWare Link/Frame Relay beyond the most basic configuration depends on the following decisions:
• Interface speed required. The interface speed should support the tyapplications that will be communicating with NetWare Link/Frame Relay.
• Physical interface required.
• Number of partner routers that will be connected by frame relay.
Setting Up and Using NetWare Link/Frame Relay
When you set up and use NetWare Link/Frame Relay, the following netwoservice information is determined at subscription time, are statically configubefore link activation, and are in effect on a per-virtual-circuit basis:
• Data-Link Connection Identifiers (DLCIs)—The PVC numbers that yoneed for data transfer. (One DLCI denotes one end of a virtual circuitakes two DLCIs to form one end-to-end virtual circuit.) The DLCI isalso known as the virtual circuit number .
Chapter 18: Configuring Frame Relay Network Access 397
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
hat red
d
n
. The r.
d
rd, you
. nts
,
• Bc—The committed burst size, or the maximum number of data bits ta network agrees to transfer under normal conditions over a measutime interval.
• Be—The excess burst size, or the maximum number of uncommittedata bits that the network attempts to deliver over a measured time interval.
• CIR—The committed information rate, or the user information rate, ibits per second, at which the network agrees to transfer data on a particular virtual circuit under typical operating conditions.
• AR—The physical access rate of the user channel, in bits per secondoffered load to the frame relay network is bounded by this paramete
• T—A measurement interval, or the time interval over which rates anburst sizes are measured.
For more information about NetWare Link/Frame Relay, refer to Novell Internet Access Server 4.1 Routing Concepts .
Configuring a Frame Relay Network Interface
After you have configured a NetWare Link/Frame Relay WAN interface boaas described in “Configuring Drivers and Board Parameters” on page 29 need to configure a frame relay network interface.
How to Configure a Frame Relay Network Interface
Before you begin, make sure you have planned your frame relay networkRefer to “Planning WAN Protocols” on page 365 for frame relay checkpoiand planning information.
To configure network interface parameters for NetWare Link/Frame Relaycomplete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Network Interfaces
2. Select an unconfigured port on a WAN interface board, then press Enter .
398 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
The Select A Medium screen is displayed.
3. Select Frame Relay , then press Enter .
The Frame Relay Network Interface Configuration menu is displayed. The Interface Name field is a read-only field. It displays the name defined in the Configured Boards screen.
4. In the Interface Status field, accept Enabled by pressing the Down-arrow key to skip to the next field, or press Enter to select Disabled from the pop-up menu.
This field is most often used to test a particular board configuration: by disabling other boards, it prevents them from loading.
5. In the Physical Type field, accept V.35 by pressing the Down-arrow key to skip to the next field, or press Enter to select a new value from the pop-up menu.
The possible physical interface types are RS-232 , RS-422 , V.35 , or X.21 . Select the one you are using.
6. In the Interface Speed field, accept External , or press Enter to select a new value from the pop-up menu.
Internal speeds vary with the driver selected.
7. In the Data Encoding field, accept NRZ , or press Enter to select NRZI from the pop-up menu.
8. Select Expert Configuration , then press Enter .
The Frame Relay Expert Configuration menu is displayed.
The default values for the frame relay expert parameters should be adequate for most applications. You should accept these values.
9. Enter a valid value in the User Data Size field, then press Enter .
This value specifies the largest amount of data, in bytes, that this interface supports. This is the maximum size of user data frame that can be received on this link. The range of values is 1 to 4,520 bytes; the default value is 4,202 bytes.
This size should be smaller than the frame size that the network can accommodate. The data size you specify here should not be larger than
Chapter 18: Configuring Frame Relay Network Access 399
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
the Maximum Physical Packet Receive Size value in the STARTUP.NCF file. Make sure that both sides of the link have the same configured Maximum Physical Packet Receive Size value in their respective STARTUP.NCF files.
Warning If you choose to increase the user data size, you must also use the INSTALL utility to edit the STARTUP.NCF file and change the Packet Receive Size to a value greater than the value of the User Data Size .
When communicating between a Novell Internet Access Server 4.1 system and a NetWare MultiProtocol RouterTM 2.11 system (without the 81466.ETF patch), you must set the NetWare Link/Frame Relay User Data Size to a value 1 byte larger than that of NetWare MultiProtocol Router 2.11.
When communicating between a Novell Internet Access Server 4.1 system and a NetWare MultiProtocol Router 2.11 system with the 81466.ETF patch (the RFC 1490 upgrade), you must set the NetWare Link/Frame Relay User Data Size to the same value on both sides. In all cases, the NetWare Link/Frame Relay User Data Size value must be less than or equal to the Physical Packet Size value (the system ECB size).
10. Enter a valid value in the Send Queue Limit field, then press Enter .
This value specifies the maximum number of outbound data packets that can be queued to this port for transmission. When the queue limit is exceeded, the most recently queued outbound packets are dropped.
The range of values is 0 through 512 packets; the default value is 100 packets (0 = disable, allowing unlimited queue depth).
11. Highlight the Parameter Group field, then press Enter . The available options are displayed in a pop-up menu.
This value specifies the type of link management used. LMI and Annex D both provide the same types of management, but with different parameter settings. The only difference is that Annex D enables an unrequested status from the network.
The Point-to-Point Test allows you to test two routers or servers using frame relay in a point-to-point test procedure. The default option is Annex D Parameters .
12. Press Enter to view or change the Parameter Group Configuration parameters.
This menu shows the configurable parameters of the specific parameter group you selected (LMI or Annex D).
400 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
The LMI or Annex D parameters have defaults that should be adequate for most applications. You should accept these values.
12a. Enter a valid value in the Full Status Enquiry Counter field, then press Enter .
This value specifies the number of status inquiries that are exchanged before a full status inquiry of the network is issued.
The network responds with a full status message, and the router updates its network informational status.
The range of values is 1 through 255 inquiries. The default value is 6.
12b. Enter a valid value in the Error Threshold Counter field, then press Enter .
This value specifies the maximum number of error events detected within the most recent monitored events (specified by the Monitored Event Counter parameter). An alarm is generated if this counter is exceeded.
This counter must be less than or equal to the Monitored Event Counter value.
The range of values is 1 through 10. The default values are 2 events for LMI and 3 events for Annex D.
12c. Enter a valid value in the Monitored Event Counter field, then press Enter .
This value specifies the number of most recent consecutive exchanges to be monitored by the router.
This counter must be greater than or equal to the Error Threshold Counter value.
The range of values is 1 through 10 events. The default is 4.
12d. Enter a valid value in the Status Polling Timer field, then press Enter .
This value specifies the number of seconds between consecutive status inquiries initiated by the router to the network. At the specified time interval, the router requests a sequence number exchange status. An error is detected if the router does not receive a status message response within the specified polling time.
The range of values is 5 through 30 seconds. The default values are 10 seconds for LMI and 15 seconds for Annex D.
Chapter 18: Configuring Frame Relay Network Access 401
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
13. Press Esc , select Yes when prompted to save your changes, then press Enter .
14. In the Enterprise Specific Traps field, press Enter to view or modify the SNMP traps.
The Frame Relay Enterprise Specific Traps Configuration menu is displayed.
14a. In the Interface Status Change Trap field, accept the default value, Disabled , or press Enter to select Enabled from the pop-up list.
Enabling this parameter causes frame relay to generate Simple Network Management Protocol (SNMP) traps when a frame relay interface link status is changed (up or down).
14b. In the DLCI Status Change Trap field, accept the default value, Disabled , or press Enter to select Enabled from the pop-up list.
Enabling this parameter causes frame relay to generate SNMP traps when a DLCI status is changed (active, inactive, or valid).
14c. In the Physical Bandwidth Threshold Trap field, accept the default value, Disabled , or press Enter to select Enabled from the pop-up list.
Enabling this parameter causes the WAN Hardware Specific ModuleTM (WHSM) software to generate SNMP traps while the Physical layer’s send or receive utilization exceeds the Bandwidth Upper Threshold value, and to continue to generate SNMP traps until the Physical layer’s send or receive utilization falls below the Bandwidth Lower Threshold value.
14d. In the Bandwidth Lower Threshold field, set the value to any number greater than or equal to zero, but less than the Bandwidth Upper Threshold value.
Once the Physical layer’s send or receive utilization exceeds the Bandwidth Upper Threshold value, the WAN driver continues to generate SNMP traps until the utilization falls below this value.
14e. In the Bandwidth Upper Threshold field, set the value to any number less than 100 and greater than the Bandwidth Lower Threshold value.
402 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Once the Physical layer’s send or receive utilization exceeds this value, the WAN driver generates SNMP traps until the utilization falls below the Bandwidth Lower Threshold value.
15. Press Esc as many times as necessary to return to the Internetworking Configuration menu.
Configuring the WAN Call Directory
The WAN Call Directory is a list of the WAN call destination configurations that you want to use for each virtual circuit. You must create at least one WAN call destination configuration for each destination you want to communicate with. WAN call destination configurations contain the parameters that NetWare Link/Frame Relay applies when it is establishing and maintaining calls to the destination.
Only permanent call configurations are supported in the current frame relay implementation. You can specify permanent calls for switched or dial-up circuits, as well as for leased lines. If the connection fails, it is retried at periodic intervals. This type of connection is suited for use with dynamic routing protocols such as RIP or the NetWare Link Services ProtocolTM (NLSPTM ) software.
For more information, refer to Novell Internet Access Server 4.1 Routing Concepts .
How to Configure WAN Call Destinations
Before you begin, make sure you have installed a WAN board and configured a NetWare Link/Frame Relay interface.
Note This procedure is optimal for TCP/IP and source route bridge only. You only need to define WAN call destinations for TCP/IP if you are using a numbered link and the remote router does not support inverse ARP. You do not need to define WAN call destinations for the Internetwork Packet ExchangeTM (IPXTM ) protocol or AppleTalk protocol.
To configure WAN call destinations for frame relay interfaces, complete the following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > WAN Call Directory
Chapter 18: Configuring Frame Relay Network Access 403
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
2. Press Ins to configure a new WAN call destination.
3. Enter a name of up to 37 alphanumeric characters for the new WAN call destination, then press Enter .
The WAN call destination name you enter here is used in other menu options when a WAN call destination name needs to be identified. You should use a descriptive name, such as the name of the remote destination or a branch office or store number.
A list of supported wide area media is displayed. These media are available on previously configured interfaces. Frame relay is not available if you have not yet configured a frame relay interface.
Note If you did not install a WAN board and configure an interface before you attempt to configure a WAN call destination, the following message is displayed:
WAN network interfaces must be configured before WAN Call Destinations may be created.
Note You must install a WAN board and configure a NetWare Link/Frame Relay interface, as described in the previous section.
4. Select Frame Relay as the wide area medium, then press Enter .
The Frame Relay Call Destination Configuration menu is displayed.
The Call Destination Name field is a read-only field. It displays the name you entered in the Configured WAN Call Destinations screen.
5. Select Interface Name , then press Enter .
The Select Interface screen displays a list of the configured frame relay interfaces. Using this menu, select the name of the interface through which this WAN call destination can be accessed.
6. Select a configured frame relay interface, then press Enter .
7. Circuit Type is selected; just press the Down-arrow key.
Only permanent virtual circuits are used in the current implementation of frame relay.
8. In the DLCI Number field, type the circuit number and press Enter .
404 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
This field specifies the DLCI number to be used for calls to this destination.
9. Press Esc ; if prompted, select Yes to save the changes to the WAN call destination, then press Enter .
The WAN call destination you just configured appears in the list of configured WAN call destinations.
10. To configure another WAN call destination, repeat Step 2 through Step 9 .
11. Press Esc to return to the Internetworking Configuration menu.
Chapter 18: Configuring Frame Relay Network Access 405
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
406 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
19 Con
figuring NetWare Link/X.25This chapter contains the following sections for configuring the NetWare®
ses
ur uch an be twork.
lic re
d on
nge
s for
Link/X.25TM server software:
• “X.25 Configuration Decisions” on page 407
• “Configuring the Network Interface” on page 408
• “Configuring the WAN Call Directory” on page 415
X.25 Configuration Decisions
The ITU-T (International Telecommunications Union, TelecommunicationsStandardization sector), previously CCITT, Recommendation X.25 addresusers' needs for versatility in their network requirements through a set of optional user facilities. With these facilities, you can tailor X.25 to meet yonetwork and user requirements, and fine-tune how the network handles sareas as security, accounting, routing, and performance. These facilities cselectively and incrementally adapted to the needs of the users on the ne
You can use many of the user facilities within an X.25 connection to a pubdata network (PDN). The following user facilities are available with NetWaLink/X.25:
• Flow Control Negotiation —Allows negotiation, on a per-call basis, ofthe window size and maximum user data field length that can be usethe call in each direction.
• Throughput Class Negotiation —Specifies, on a per-call basis, the throughput of data that can be transferred on a virtual circuit. The rais 75 bps to 64 Kbps.
• Fast Select —Expands the Call and Clear user data fields from the normal 16 octets to 128 octets, enhancing the data field's usefulnesshort-duration, low-volume, transaction-oriented applications. This
Chapter 19: Configuring NetWare Link/X.25 407
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
er ess Gs s.
has G G,
at s is ble.
a
tion,
facility is often used in the retail point-of-sale and credit card authorization terminal environment.
• Reverse Charging —Offers the equivalent of a collect call. It is allowedon a per-call basis and is specified in the Call Request packet by thecalling data terminal equipment (DTE).
• Closed User Group (CUG) —Allows the configuration of one or more virtual private networks within a larger public network. It allows a usto collect a number of DTEs into a single logical group and restrict accto the group's ability to receive incoming calls from or make outgoingcalls to the restricted open portion of the network. The number of CUis network-dependent. A single DTE can belong to one or more CUG
Within the CUG category, you can specify whether a user connectionincoming access (CUG with Incoming Access), outgoing access (CUwith Outgoing Access), or both. If a DTE belongs to more than one CUyou must also specify a preferred (or primary) CUG.
• Bilateral Closed User Group (BCUG) —Offers a finer degree of accesscontrol than the CUG offers. Bilateral signifies a CUG relationship thhas been limited to a pair of DTEs. Access between the pair of DTEunrestricted; however, access to or from any other DTE is not possi
A DTE subscription with a PDN can include a provision to allow or disallowremotely originated, reverse-charged call from reaching that DTE (Reverse Charging Acceptance ). Additionally, a DTE subscription with a PDN can include a provision to disallow any locally charged calls; that is, all locallygenerated call requests must specify reverse charging.
NetWare Link/X.25 also provides additional local configurable options for both of the above items; that is, regardless of a customer's PDN subscripall inbound reverse-charged calls can be rejected.
For more information about NetWare Link/X.25, refer to Novell Internet Access Server 4.1 Routing Concepts .
Configuring the Network Interface
After you have configured a NetWare Link/X.25 board, as described in “Configuring Drivers and Board Parameters” on page 29 you need to configure an X.25 network interface.
408 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
g
te
sor
port
t
up. call
How to Configure the Network Interface
Before you begin, make sure you have planned your X.25 network. Refer to “Planning WAN Protocols” on page 365 for X.25 checkpoints and plannininformation.
To configure network interface parameters for NetWare Link/X.25, complethe following steps:
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Network Interfaces
2. Select an unconfigured port on a WAN interface board, then press Enter .
The Select A Medium screen is displayed.
3. Select X.25-Host , then press Enter .
The X.25 Network Interface configuration menu is displayed. The curis positioned in the Profile field, but you should first consider the information in the two fields that precede it.
The Interface Name field is a read-only field. It displays an interface name that is a combination of the board name defined in the Board Configuration menu, underline characters used as separators, and anumber (typically 1 through 4).
The Interface Group field initially displays a value of None . You can use this field to assign this interface to a defined group of WAN interfaces. WAN call destinations can be configured to use interfacegroups, which allow protocols such as the IP or Internetwork PackeExchangeTM (IPXTM ) protocols to request that an on-demand X.25 virtual circuit be made through any available interface within the groThe interface actually used for the call is determined at the time theis made.
4. If you decide to assign this interface to a group, select the Interface Group field, then press F3 or Enter to display a list of configured groups.
5. Select an interface group from the list, then press Enter , or press Ins to create a new interface group.
Chapter 19: Configuring NetWare Link/X.25 409
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
lds to ut
All network interfaces in a group must have the same configuration characteristics.
6. In the Interface Status field, accept Enabled by pressing the Down-arrow key to skip to the next field, or press Enter to select Disabled from a pop-up menu.
This field is most often used to test a particular board configuration by disabling other boards, which prevents them from loading.
7. In the Profile field, press Enter to display a list of standard profiles for X.25 service providers.
8. Select the standard profile for your X.25 service provider from the list, then press Enter to use the values in the standard profile, or press F2 to make a copy of the profile.
We recommend that you use the standard profiles whenever possible. Standard profiles are read-only; you cannot modify the values in them.
You can modify the values in a copy of a standard profile to match any custom requirements imposed by your local X.25 network service provider. If you make a copy of a standard profile, you must give the copy a unique (local) name.
9. If you make a copy of a standard profile and you need to modify the values assigned to one or more parameters, press Ins or F3 to display the X.25 Profile Configuration menu and access menus for the following:
• Frame-level parameters
• Packet-level parameters
• Virtual circuit setup
• User facility setup
• Conformance options
The parameters found in these menus correspond to many of the fiefound on the NetWare Link/X.25 Network Access Worksheet. Refer “Planning WAN Protocols” on page 365 for detailed information abosetting the values of these parameters.
10. In the Local DTE Address field, enter the address assigned by your local X.25 network service provider, then press Enter .
410 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
d.
e
f rd
Note You can exit the configuration at this point by accepting the default values for the remaining parameters. To save this configuration and return to the Internetworking Configuration menu, press Esc , select Yes when prompted, then press Enter . Otherwise, continue with Step 11 .
11. In the Statistics Period field, accept the default value or enter a new value.
This value specifies the interval, in seconds, at which the interface board is polled by the driver to gather statistical data. The range of values is 1 to 1,024 seconds; the default value is 1 second.
12. In the User Data Size field, accept the default value or enter a new value.
This value specifies the maximum user data size, in bytes, that the interface supports. The range of values is 500 to 4,096 bytes; the default value is 1,500 bytes.
13. In the Interface Queue Limit field, accept the default value shown or enter a new value.
This value specifies the maximum number of data packets that can be queued to this port. The range of values is 0 (unlimited) through 1,024 packets. The default value is 100 packets.
The Interface Queue Limit value should be less than the configured Maximum Packet Receive Buffers value.
14. In the Physical Options field, press Enter to view or modify the following parameters:
• Interface Name —Specifies the name of the interface.
• Physical Type —Specifies this port's electrical interface standarThis parameter must reflect the actual port type installed. The possible physical interface types are RS-232 , RS-422 , V.35 , and X.21.
• Port Connection —Specifies the physical connection between thlocal DTE and the remote end. The options are Hard-wired , DTR Dialed , and Pseudo-Switched . The default value is Hard-wired .
• Interface Speed —Specifies the line speed, in bits per second, othis port if the clocking is generated internally. The internal boarates vary, depending on the driver.
Chapter 19: Configuring NetWare Link/X.25 411
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
n.
.
.
ject you
.
• Simulate DSR On —Specifies whether to simulate DSR signal o
• Simulate DCD On —Specifies whether to simulate DCD signal on
• Simulate CTS On —Specifies whether to simulate CTS signal on
15. Press Esc to return to the X.25 Network Interface menu.
16. In the Authentication Options field, press Enter to view or modify the X.25 authentication options.
The X.25 Authentication Options menu is displayed. The Interface Name field is a read-only field. It displays an interface name that is a combination of the board name defined in the Board Configuration menu, underline characters used as separators, and a port number (typically 1 through 4).
17. In the Inbound Authentication field, accept the default value, Disabled , by pressing the Down-arrow key to skip to the next field, or press Enter to select Enabled from a pop-up menu.
The setting of this parameter specifies whether incoming calls are subto authentication. If you cannot control access to this X.25 interface, should enable authentication.
If Inbound Authentication is set to Enabled , only incoming calls with a DTE address specified in the authentication database are accepted
If Inbound Authentication is set to Disabled , the interface will accept all inbound calls.
Note If Inbound Authentication is set to Disabled , the values of the other parameters in this menu are irrelevant. To return to the Internetworking Configuration menu, press Esc and skip to Step 22. Otherwise, continue with Step 18 .
18. In the Authentication Database Name field, accept the name shown or enter a new name, then press Enter .
This field allows you to enter the name of an existing authenticationdatabase or supply the name for a new authentication database.
19. In the Authentication Database field, press Enter to view or modify the entries in the authentication database specified in the previous field.
412 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
The X.25 Inbound Authentication Database screen displays a list of currently defined valid partners and their DTE addresses. If this is a new database, the list will be empty.
You can add new entries, or you can edit or delete existing entries.
20. To add a new entry to an authentication database, press Ins . To edit an existing entry, select the entry and press Enter .
In either case, the X.25 Inbound Authentication Entry menu is displayed. The Interface Name field is a read-only field. It displays an interface name that is a combination of the board name defined in the Board Configuration screen, underline characters used as separators, and a port number (typically 1 through 4).
The Database Name field is also a read-only field. It displays the database name that you specified in Step 18 .
21. In the Remote System ID field, press Enter to display a list of existing remote system IDs. With the list displayed, press Ins to enter a new ID or Del to delete an existing ID.
The Remote System ID parameter specifies the local handle for a partner system (such as another Novell router). It is not verified or exchanged with the remote system. The remote system ID is used by protocols such as IP and IPX to identify a connection to a partner system.
22. Press Enter to select a remote system ID, then enter a valid DTE address for the system in the Remote DTE Address field.
The Remote DTE Address parameter specifies the 15-digit X.121 DTE address assigned to the remote system. This address must correspond exactly to the calling DTE address, included in the Incoming Call packet received from the remote system. Otherwise, authentication fails and the incoming call is rejected.
23. In the X.25 Enterprise Specific Traps field, press Enter to view or modify the SNMP traps.
The X.25 Enterprise Traps Configuration menu is displayed.
23a. In the Physical Bandwidth Threshold Trap field, accept the default value, Disabled , or press Enter to select Enabled from the pop-up list.
Enabling this parameter causes the WAN driver to generate SNMP traps while the Physical layer’s send or receive utilization exceeds
Chapter 19: Configuring NetWare Link/X.25 413
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
the Bandwidth Upper Threshold value. SNMP traps continue being generated until the Physical layer’s send or receive utilization falls below the Bandwidth Lower Threshold value.
23b. In the Bandwidth Lower Threshold field, set the value to any number greater than or equal to zero, but less than the Bandwidth Upper Threshold value.
Once the Physical layer’s send or receive utilization exceeds the Bandwidth Upper Threshold value, the WAN driver continues to generate SNMP traps until the utilization falls below this value.
23c. In the Bandwidth Upper Threshold field, set the value to any number greater than the Bandwidth Lower Threshold value.
Once the Physical layer’s send or receive utilization exceeds this value, the WAN driver generates SNMP traps until the utilization falls below the Bandwidth Lower Threshold value.
23d. In the Link State Trap field, accept the default value, Disabled, or press Enter to select Enabled from the pop-up list.
Enabling this parameter causes the WAN driver to generate SNMP traps when the Data-Link layer initialization is completed or a link failure is detected.
23e. In the Packet Layer Restart Trap field, accept the default value, Disabled , or press Enter to select Enabled from the pop-up list.
Enabling this parameter causes the WAN driver to generate SNMP traps when the Packet layer receives or transmits a Restart Indication or Restart Request packet.
23f. In the Packet Layer Reset Trap field, accept the default value, Disabled , or press Enter to select Enabled from the pop-up list.
Enabling this parameter causes the WAN driver to generate SNMP traps when the Packet layer receives or transmits a Reset Indication or Reset Request packet.
23g. In the Call Setup Failure Trap field, accept the default value, Disabled , or press Enter to select Enabled from the pop-up list.
Enabling this parameter causes the WAN driver to generate SNMP traps when an X.25 call setup fails.
414 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
23h. In the Virtual Circuit Cleared Trap field, accept the default value, Disabled , or press Enter to select Enabled from the pop-up list.
Enabling this parameter causes the WAN driver to generate SNMP traps when an X.25 call is terminated.
24. Press Esc and save your changes.
25. Press Esc to return to the Internetworking Configuration menu.
Configuring the WAN Call Directory
The WAN Call Directory is a list of WAN call destination configurations that you want to use for each virtual circuit. You must create at least one WAN call destination configuration for each destination you want to communicate with. WAN call destination configurations contain parameters that NetWare Link/X.25 applies when establishing and maintaining calls to the destination.
Two basic types of call configurations are possible: permanent and on-demand . You can specify permanent calls for switched or dial-up circuits, as well as for leased lines. If the connection fails, it is retried at periodic intervals. This type of connection is suited for use with dynamic routing protocols, such as RIP or the NetWare Link Services ProtocolTM (NLSPTM ) software.
On-demand calls specify that the connection should be established only when needed. Maintenance data, such as routing updates, is suppressed. These types of connections are terminated when the link is void of network data longer than the configured Idle Line Timeout value. A connection failure is retried only when more network data is directed to the remote destination.
For more information, refer to Novell Internet Access Server 4.1 Routing Concepts .
How to Configure the WAN Call Directory
Before you begin, make sure you have installed a WAN board and configured a NetWare Link/X.25 interface.
To configure WAN call destinations for X.25 interfaces, complete the following steps:
Chapter 19: Configuring NetWare Link/X.25 415
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
1. Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > WAN Call Directory
2. Press Ins to configure a new WAN call destination.
3. Enter a name of up to 47 alphanumeric characters for the new WAN call destination, then press Enter .
The WAN call destination name you enter here is used in other menu options when a WAN call destination name needs to be identified. You should use a descriptive name such as the name of the remote destination or a branch office or store number.
A list of supported wide area media is displayed. These media are available on previously configured interfaces. X.25 is not available if you have not yet configured an X.25 interface.
Note If you did not install a WAN board and configure an interface before attempting to configure a WAN call destination, the following message is displayed:
WAN network interfaces must be configured before WAN Call Destinations may be created.
You must install a WAN board and configure an X.25 interface, as described in the previous section.
4. Select X.25-Host as the wide area medium, then press Enter .
The X.25 Call Destination Configuration menu is displayed. The Call Destination Name field is a read-only field. It displays the name you entered in the WAN Call Destination menu.
5. In the Call Type field, accept the default value, Permanent, or press Enter to select On-Demand from a pop-up list.
Permanent calls can be specified for switched or dial-up circuits, as well as for leased lines. If the connection fails, it is retried at periodic intervals.
On-demand calls specify that the connection is established only when needed. The connection is terminated when the link is void of network data longer than the configured Idle Line Timeout value. A connection failure is retried only when more network data is directed to the remote destination.
416 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
ou his
hed
Permanent calls can be placed only through a specific interface; they cannot be directed to an interface group.
On-demand calls can be placed through either a specific interface or an interface group, but not both.
Note For on-demand calls, the Interface Group and Interface Name parameters are mutually exclusive. If you specify an interface group, you cannot specify an interface name.
If you specify On-Demand as the Call Type and have defined an interface group, do the following:
• Press Enter to display a list of interface group names.
The X.25 Interface Group pop-up menu is displayed, listing theconfigured X.25 interface groups, if any. This is a read-only listthat allows you to select the name of the X.25 interface group through which this WAN call destination can be accessed.
• Select an X.25 interface group from the list, then press Enter . Continue with Step 6 .
If you specify On-Demand as the Call Type but you have not specified an Interface Group name, or if you specify Permanent as the Call Type, do the following:
• Select Interface Name , then press Enter to display a list of X.25 interfaces.
The Select Interface pop-up menu is displayed, listing the configured X.25 interfaces. This is a read-only list that allows yto select the name of the specific X.25 interface through which tWAN call destination can be accessed.
• Select an X.25 interface from the list, then press Enter .
6. In the Circuit Type field, accept the default value, Switched Virtual Circuit , or press Enter to select Permanent Virtual Circuit from a pop-up list.
The pop-up list allows you to select the type of virtual circuit used toestablish a connection to the destination: permanent (PVC) or switc(SVC).
PVCs are active whenever the interface is active. SVCs must be explicitly established by a call request or by an incoming call.
Chapter 19: Configuring NetWare Link/X.25 417
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Note The source route bridge software does not support PVCs.
The PVC Number and Destination DTE Address parameters that follow are mutually exclusive.
If you specify a permanent virtual circuit, then you must specify a PVC number. You cannot specify a destination DTE address because it is not required.
If you specify a switched virtual circuit, then you must specify a destination DTE address. You cannot specify a PVC number because it is not required.
7. In the PVC Number field (if Circuit Type is permanent), enter the circuit number.
The PVC number must match the logical channel number (LCN) assigned by the X.25 network service provider at subscription time.
8. In the Destination DTE Address field (if Circuit Type is switched), enter the address.
This is the X.121 DTE address (up to 15 digits, 0 through 9) assigned to the specific destination DTE.
9. In the Retry Mode field, accept the mode shown, or press Enter to select another option from a pop-up list.
This parameter specifies the conditions under which a failed connection is retried. All connection failures are reported to the system console and to the Call Manager utility (CALLMGR).
The available options are Never Retry , Retry All Failures , and Retry Self-Correcting Failures . The default is Retry Self-Correcting Failures .
Retry All Failures attempts successive connections with an increasing delay between attempts. The retry interval is initially set to 8 seconds and increases exponentially to the limit.
The maximum delay is set by the Retry Interval Limit parameter (described in Step 11 ). Depending on the Call Type status (permanent or on-demand), the Retry Limit Handling parameter (described in Step 10 ) allows retries to either continue at the maximum retry interval or stop when the Retry Interval Limit is reached.
If you select Retry Self-Correcting Failures , X.25-supplied error information is used to differentiate between errors that are self-correcting, such as a busy telephone number, and errors that require user intervention, such as a call authentication failure.
418 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Self-correcting errors are retried, as described for the Retry All Failures option. Errors that require user intervention are not retried.
10. In the Retry Limit Handling field, press Enter to select the appropriate option from a pop-up list.
This parameter specifies the action taken when the connection retry interval exceeds the Retry Interval Limit (described in Step 11 ).
For permanent calls, connection retries can either continue indefinitely at the maximum retry interval (which supports unattended operation) or be terminated (the connection fails).
On-demand calls can accept only Stop At Limit , which means that the connection fails when the retry interval reaches the limit.
11. In the Retry Interval Limit field, accept the displayed value or press Enter to change it.
This parameter specifies the maximum delay between attempts to establish a connection (the retry interval). The delay is set initially to 8 seconds and increases exponentially until the maximum retry interval is reached.
The range of time intervals is 00:00:00 to 23:59:59 (hh:mm:ss). For permanent calls, the default value is 10 minutes (00:10:00). For on-demand calls, the default value is 2 minutes (00:02:00).
12. In the Idle Line Timeout field (if Call Type is set to On-Demand ), accept the value shown or press Enter to change it.
This parameter specifies the time, in hh:mm:ss format, that an on-demand call can be inactive before closing the connection.
The range of values is 00:00:00 through 23:59:59. The default value is 10 minutes (00:10:00).
13. In the Remote System ID field, press Enter to display a list of X.25 remote system IDs.
This parameter specifies the symbolic name (from 1 to 47 ASCII characters) of the remote peer system associated with this WAN call destination entry. This name is typically the remote system server name.
14. Use the arrow keys to select a remote system ID, then press Enter , or press Ins to create a new remote system ID.
Chapter 19: Configuring NetWare Link/X.25 419
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
If you pressed Ins , enter the symbolic name (from 1 to 47 ASCII characters) of the remote peer system associated with this WAN call destination entry in the screen that is displayed, then press Enter and repeat the first part of this step.
The remote system ID value is accessed by the X.25 protocol stack to identify the proper WAN call destination needed to restore an on-demand connection to a remote system that previously initiated a connection to this system.
15. In the Expert Call Configuration field (if Circuit Type is SVC), press Enter to view or modify the Expert Call Configuration parameters.
The X.25 Expert Call Configuration menu is displayed. The parameters in this menu are applicable only for SVCs.
The Call Destination Name field is a read-only field. It displays the name of the WAN call destination you entered in Step 3 .
16. In the Request Reverse Charging field, accept the default value, No , or press Enter to change it.
This parameter specifies whether reverse charging is requested for calls to and from this destination. The default, No , prevents reverse charging.
17. In the Window Size field, accept the default value, 0 (no Window Size Negotiation packet layer), or press Enter to change it.
This parameter specifies the size of the window that is negotiated for calls to or from this destination. This value overrides the inbound or outbound window size specified in the X.25 Packet Level Parameters menu. The range of values is 1 to 7 (Modulo 8) or 1 to 127 (Modulo 128).
18. In the Packet Size field, accept the default value, Not Selected , or press Enter to change it.
This parameter specifies the size of the packet that is negotiated for calls to or from this destination. If this parameter is used, it overrides the inbound and outbound packet sizes specified in the X.25 Packet Level Parameters menu. The optional values are 16 , 32 , 64 , 128 , 256 , 512 , 1024 , 2048 , 4096 , and Not Selected .
19. In the Throughput Class field, accept the default value, Not Selected , or press Enter to change it.
420 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
This parameter specifies the throughput, in bits per second, that is negotiated for calls to or from this destination. The optional values are 75 , 150 , 300 , 600 , 1200 , 2400 , 4800 , 9600 , 19200 , 48000 , 64000 , and Not Selected .
20. In the CUG Facility field, accept the default value, Not Selected , or press Enter to change it.
This parameter specifies the type of Closed User Group (CUG) used for calls to or from this destination. A CUG permits DTEs belonging to the group to communicate with each other, but precludes communication with all other DTEs. The options are Bilateral , Incoming , Outgoing , and Not Selected .
21. In the CUG Number field, accept the default value, Not Selected , or press Enter to change it.
This parameter specifies a one- or four-digit hexadecimal number for a specific CUG. If the CUG Facility parameter is set to Incoming or Outgoing , you can enter a two-digit number. If the CUG Facility parameter is set to Bilateral , you can enter up to four digits.
Warning Refer to the ITU-T Recommendation X.25 before you set this parameter.
22. In the Fast Select field, accept the default value, No , or press Enter to change it.
This parameter specifies an optional parameter that a DTE can request for a virtual circuit to allow the use of up to 128 bytes of user data in Call Request packets. You can specify whether the Fast Select option is used for calls to this destination. The options are Yes and No .
23. In the With Restriction field, accept the default value, No , or press Enter to change it.
This is an addition to the Fast Select parameter that is available only if the Fast Select parameter is set to Yes . This parameter specifies whether the called DTE can accept a call with the Fast Select option. The options are Yes and No .
If this parameter is set to Yes and a call is made using Fast Select with the restriction on, the called DTE must clear the incoming call.
24. In the Call User Data field, accept the default value, None , or press Enter to change it.
Chapter 19: Configuring NetWare Link/X.25 421
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
This parameter specifies the actual user data that is sent in the Call Request packet user data field. The length of the user data field depends on whether you use Fast Select .
The following table shows the field lengths, in bytes, that are available, depending on two aspects: whether you are using Fast Select and the specific protocol being used.
25. In the Generic ITU-T Facilities Entry field, accept the default value or press Enter to change it.
This parameter lets you add new facilities codes to your current configuration in addition to the facilities already specified.
Warning Enter this parameter in hexadecimal format. Refer to the ITU-T Recommendation X.25 before setting this parameter.
26. In the Generic National Facilities Entry field, accept the default value or press Enter to change it.
This parameter is provided as a convenience for customers requiring the specification of National or Proprietary facilities. A provision for a Facilities Parameter Marker value is also included. This field is convenient for use across an X.25 gateway.
Warning Enter this parameter in hexadecimal format consistent with the ITU-T Recommendation X.25. Consult your network representative or technical support for further information.
27. In the Suppress Calling DTE Address field, accept the default value or press Enter to change it.
This parameter determines whether the calling DTE address is included in the outgoing Call Request packets. The options are Yes and No .
Protocol With Fast Select Without Fast Select
IPX 122 bytes 10 bytes
AppleTalk 122 bytes 10 bytes
CLNS 124 bytes 12 bytes
IP 124 bytes 12 bytes
422 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
If set to Yes , the called DTE address is not included in the Call Request packet (it is suppressed).
28. When you have completed all changes to the X.25 Expert Call Configuration parameters, press Esc to return to the X.25 Call Destination Configuration menu.
29. In the Inbound Authentication Update field, accept the default value, Enabled , or press Enter to select Disabled .
When this parameter is enabled, an update of the inbound authentication database for the X.25 interface (or interface group) associated with this WAN call destination is automatic.
30. Press Esc ; if prompted, select Yes to save the changes to the WAN call destination, then press Enter .
The WAN call destination you just configured appears in the list of configured WAN call destinations.
31. To configure another WAN call destination, repeat Step 2 through Step 30 .
32. Press Esc to return to the Internetworking Configuration menu.
Chapter 19: Configuring NetWare Link/X.25 423
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
424 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Chapter
20 Con
figuring Router ManagementThe Manage Configuration menu within the Internetworking Configuration
y a
MIB).
P
menu provides options to copy and transfer common configuration files, configure server access, and perform other network management tasks. Sets of preconfigured files can be imported or exported to specified server destinations. These files can also be loaded as part of the Novell® Internet Access Server 4.1 installation process.
Manage Configuration menu options are
• Configure SNMP Parameters
• Configure SNMP Information
• Export Configuration
• Import Configuration
• Configure Remote Access to This Server
• Edit AUTOEXEC.NCF
The Simple Network Management Protocol (SNMP) enables network management clients to exchange information about the configuration andstatus of nodes on an internetwork. The information available is defined bset of managed objects referred to as the Management Information Base (
The Manage Configuration menu provides two options for configuring SNMparameters and information: Configure SNMP Parameters and ConfigureSNMP Information.
Configuring SNMP Parameters
To configure SNMP parameters, complete the following steps:
Chapter 20: Configuring Router Management 425
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
1. From the Internetworking Configuration menu, select Manage Configuration .
The Manage Configuration menu is displayed.
2. From the Manage Configuration menu, select Configure SNMP Parameters to configure SNMP for this server only.
The SNMP Parameters menu is displayed.
3. From the SNMP Parameters menu, select Monitor State .
The following options allow you to indicate how the SNMP agent handles SNMP read operations coming from outside this node.
4. Select one of the options previously listed.
5. If you selected Specified Community May Read , enter a name in the Monitor Community field.
Enter the name of the community that is permitted to read management information. SNMP management stations that belong to this community can read the network management database.
6. Select Control State .
The following options enable you to indicate how the SNMP agent handles SNMP write operations coming from outside this node.
Option Description
Any Community May Read
Allows all read operations, no matter what community name is provided in the incoming read request.
Leave as Default Setting
Avoids changing the Monitor Community name from its default (which is usually public). The default Monitor Community can still be changed manually through SNMP command-line options.
No Community May Read
Disables all read operations, no matter what community name is provided in the incoming read request.
Specified Community May Read
Allows only read operations that contain the name specified in the Monitor Community field.
426 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
7. Select one of the options previously listed.
8. If you selected Specified Community May Write , enter a name in the Control Community field.
Enter the name of the community that is allowed to read and write management information. SNMP management stations that belong to this community can read or modify (write) any value in the network management database.
9. Select Trap State .
The following options allow you to indicate how the SNMP agent handles SNMP trap operations coming from outside this node.
10. Select one of the options previously listed.
Option Description
Any Community May Write
Allows all set operations, no matter what community name is provided in the incoming set request.
Leave as Default Setting
Avoids changing the Control Community from its default, which usually is to not allow any set requests. The default can be changed manually through SNMP command-line options.
No Community May Write
Disables all set operations, no matter what community name is provided in the incoming set request.
Specified Community May Write
Allows only set operations that contain the name specified in the Control Community field.
Option Description
Do Not Send Traps Disables all SNMP traps.
Leave as Default Setting
Avoids changing the Trap Community from its default, which is usually public. The default can still be changed manually through SNMP command-line options.
Send Traps with Specified Community
Specifies the community name that is included in trap messages in the Trap Community field.
Chapter 20: Configuring Router Management 427
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
11. If you selected Send Traps with Specified Community , enter a name in the Trap Community field.
Enter the community name to be included in trap messages.
12. Select Other SNMP Parameters and press Enter .
The SNMP Other Parameters window is displayed.
13. Enter the following SNMP command-line parameters in the window that is displayed.Enter
13a. Verbose=Yes/No
Entering Verbose=Yes enables SNMP parameter configuration messages to the console.
13b. Enter AuthenticationTraps=Yes/No
Entering AuthenticationTraps=Yes causes SNMP to send traps to trap targets when an authentication failure occurs in GET, GET-NEXT, or SET operations. These targets are configured using the SYS:\ETC\TRAPTARG.CFG file.
Enter SNMP parameters in the same format in which they appear when entered on the LOAD SNMP command line. For more information, refer to Novell Internet Access Server 4.1 Routing Configuration .
14. When you are finished, press Esc ; if prompted, select Yes to save changes, then press Enter .
The Manage Configuration menu is displayed.
15. Select another option from the Manage Configuration menu to continue, or press Esc to return to the Internetworking Configuration menu.
Configuring SNMP Information
To configure SNMP information, complete the following steps:
1. From the Internetworking Configuration menu, select Manage Configuration .
The Manage Configuration menu is displayed.
428 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
2. From the Manage Configuration menu, select Configure SNMP Information to configure SNMP for this server only.
3. Select Node Name for SNMP and press Enter .
4. Enter the name SNMP reports to the management client for this node, then press Esc .
By convention, this is the IP hostname for the node. If the node does not have an IP hostname, we recommend that you use the NetWare® file server name for this node.
5. Select Hardware Description and press Enter .
6. Enter the hardware description for this node, then press Esc .
The hardware description can include the CPU type; bus speed; size of memory; and size and type of disks, printers, tape drives, and so on. This description, combined with the information about the software taken from the system, makes up the SNMP system description.
7. Select Physical Location and press Enter .
8. Enter the location description for this node, then press Esc .
9. Select Human Contact and press Enter .
10. Enter the contact information for the person (or persons) responsible for this node, then press Esc .
The contact information should include phone numbers and mailing addresses.
11. When you are finished, press Esc ; if prompted, select Yes to save the changes to the SNMP parameters, then press Enter .
The Manage Configuration menu is displayed.
12. Select another option from the Manage Configuration menu to continue, or press Esc to return to the Internetworking Configuration menu.
Chapter 20: Configuring Router Management 429
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Export Configuration
To move configuration files among network servers, NIASCFG provides an option to export files to diskette or a specified server destination. Exported routing configuration files can be used as a set of preconfigured files for product installation on another system, product reinstallation on this system, or as a routing configuration backup. To copy files to a remote destination, remote server access and adequate disk space are required.
To create and transfer a routing configuration file set to a specified server volume, complete the following steps:
1. From the Internetworking Configuration menu, select Manage Configuration .
The Manage Configuration menu is displayed.
2. From the Manage Configuration menu, select Export Configuration .
The Configuration Export window is displayed.
3. Indicate the export destination by specifying a DOS device or NetWare volume.
4. Select Export Entire Server Configuration and press Enter . Select Yes and press Enter to export the entire server configuration.
You can select No and specify a partial export by selecting from the X.25 Profiles, Call Destinations, or PPP Authentication Files menu options. Not all files are exported for some configurations.
Note If you export an entire server configuration, information specific to that server is exported (for example, IPX addresses). This information must be modified when imported to another server.
5. Select Export to copy the routing configuration files to the specified destination.
The exported routing configuration file can be used during installation as a preconfigured file set or it can be imported, as explained in the section that follows.
430 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Import Configuration
To move routing configuration files among network servers, NIASCFG provides an option to import files from diskette or a NetWare volume. To copy routing configuration files from a remote destination, remote server access and adequate disk space are required. The Import Configuration option backs up the original routing configuration before transferring new files.
To import a routing configuration file set, complete the following steps:
1. From the Internetworking Configuration menu, select Manage Configuration .
The Manage Configuration menu is displayed.
2. From the Manage Configuration menu, select Import Configuration .
The Configuration Import window is displayed.
3. Specify the location of the files to be imported.
Note If you import an entire server configuration, use NIASCFG to modify information specific to this server (for example, IPX addresses).
4. Select Import and press Enter to copy routing configuration files from the specified source.
The original routing configuration is backed up to the SYS:\ETC.BAK directory. This configuration can be restored using the Import Configuration option and specifying SYS:\ETC.BAK as the source.
Configuring Server Access
To configure a server for RCONSOLE access, complete the following steps:
1. From the Internetworking Configuration menu, select Manage Configuration .
The Manage Configuration menu is displayed.
2. From the Manage Configuration menu, select Configure Remote Console Access To This Server .
Chapter 20: Configuring Router Management 431
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
The Configure Remote Console Access To This Server window is displayed.
3. Configure the remote parameters as described below.
4. When you are finished, press Esc . If prompted, select Yes to save the changes to the remote server access configuration, then press Enter .
Option Description
Remote Console Access
Enables RCONSOLE access to this server. This option must be enabled to provide access to any of the other options listed in this table.
Password Enter a password to secure remote communications. When enabled, this node requires the password of any user accessing this node through RCONSOLE, ACONSOLE, or XCONSOLE.
RCONSOLE Connection (SPXTM)
Enables remote console access to this node through RCONSOLE.
RCONSOLE allows access to the file server console from a workstation.
ACONSOLE Connection (ASYNC)
Enables remote console access to this node through ACONSOLE or RCONSOLE Async (4.x RCONSOLE).
COM Port Baud Rate
ACONSOLE allows access to the file server console through a modem. When you enable this option, you also need to specify the communications port and baud rate used by the system.
Expert Modem Setup
You might also have to set up special commands for modems that do not respond to the standard modem AT command set through the Expert Modem Setup option.
TELNET Connection Enables remote administration from a remote workstation running an X Window System* interface or a remote workstation that has VT100* or VT220* terminal emulation.
Maximum Sessions When you enable the TELNET connection, you also need to specify the maximum number of concurrent TELNET sessions you want this node to support.
Timeout Specifies an interval for the ASCII Esc key to take effect.
432 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
5. Press Esc to return to the Internetworking Configuration menu.
Edit AUTOEXEC.NCF
This option displays the View or Edit AUTOEXEC.NCF window, which contains the AUTOEXEC.NCF file.
As stated in this file, the LOAD and BIND commands are contained in the NETINFO.CFG file.
Chapter 20: Configuring Router Management 433
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
434 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Appendix
A Cus
tomizing PPP Login ScriptsFor users or systems dialing up and logging in to asynchronous service
providers, login scripts facilitate the process by defining a command/response dialog that takes place between a router and a remote server during the dial-up sequence. Login scripts can also be used to convey additional information, such as a request to connect to a specific destination.This appendix provides information about how you can create or customize login scripts to dial in to other types of networks. It contains the following sections:
• “Customizing a PPP Login Script” on page 435
• “Login Script Operation” on page 436
• “Login Script Syntax” on page 437
Customizing a PPP Login Script
The Novell® Internet Access Server 4.1 routing software provides a Windows-based utility that enables you to create a customized PPP login script. To create, edit, or install a PPP login script, start the WMDMMGR utility the same way you would start any Windows 3.1, Windows 95, or Windows NT utility. This utility can be run only at a Windows workstation and cannot be run from the DOS prompt.
WMDMMGR is located in the SYS:\SYSTEM\UTILS directory on your server. A sample PPP login script, called ISPLOGIN.LSC, is provided in the SYS:\SYSTEM directory of your router. This sample file can be modified to meet your requirements. Multiple scripts can be stored in one .LSC file. WMDMMGR lists all scripts in the selected .LSC file. The name defined in the utility is the script name used by the Novell Internet Access Server 4.1 routing software and has no relation to the filename.
Appendix A: Customizing PPP Login Scripts 435
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
All scripts from earlier releases of the Novell routing software are saved in SYS:\SYSTEM\BACKUP during installation. These old scripts can be converted to the new format using WMDMMGR. In some cases, warning messages might occur if the old script has syntax errors. After the errors are corrected, the script can be modified or used as is. The conversion process is described in the online help.
To create a new login script, select New from the File menu. To modify an existing login script, select Open from the File menu. After editing the login script as described in the online help, save your changes by selecting Save or Save As from the File menu. To edit existing files, copy the files to the SYS:\SYSTEM directory.
Your login script must contain at least one of the words contained in the login prompt received from your Internet Service Provider (ISP). For example, if the prompt from your ISP is Enter user name, then your login script must have at least one of these words in the expected input string from the remote system.
The remaining sections in this appendix provide the background information you need to understand the operation of PPP login scripts.
Login Script Operation
Login scripts define a command/response dialog that takes place between a router and a remote server at dial-up.
The syntax of the Novell Internet Access Server 4.1 login script allows you to define specific strings to be interpreted as output to be sent by the router (a command to the remote server) or as input to be listened for by the router (an expected response from the remote server). Delays can also be specified to ensure that commands complete successfully.
This design allows any string to be designated as a command from router to server and any other string to be designated as a response. It provides a flexibility that will enable you to create new login scripts or to modify existing ones to meet your site’s specific needs. The customization you will need to do is determined by the specifications provided by the ISP.
436 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
d
is
Login Script Syntax
Login scripts consist of a series of one-line entries that define the script name, certain script parameters, and the dialog of expected interaction between the router and the remote server.
WMDMMGR allows for multiple login scripts to be put in one .LSC file. The login script file must contain the name of the login script so that NIASCFG can list it as an available login script when you select Login Script Name at configuration. The maximum length of the script name is 39 characters. The script name can be multiple words separated by spaces (for example, SILICON VALLEY NET).
Each script contains a series of script prompts labeled Param[1] through Param[5]. These tags represent up to five placeholders to define arguments that can be embedded in output lines. For instance, a typical login script might use these parameters to define a user ID, a password, and a service to be selected. These three pieces of information can then be treated as three arguments in the login script that supply the rest of the information specific to the router/server dialog. With generic parameters such as these, one common login script can be used for all users and configured in the PPP WAN call destination.
When a login script is configured in the PPP WAN call destination, you are shown the prompts that are defined in the Param[1] through Param[5] fields in the script. You are then prompted to enter a value for each parameter. For example, if Param[1] is defined as username and Param[2] is defined as password, you are prompted to enter values for the username and password. The values are stored in the WAN call destination configuration and are substituted into the login script when the call is made and the script is executed. The maximum tag length is 25 characters.
The login script file consists of a series of script operations. These are the lines in a login script that specify the command/response exchanges to take place between the router and the remote server. The following are examples of operations used in a typical login script:
• OUTPUT
This operation signifies the beginning of an output string, a commansent by the router to the remote server.
STRING is a command string that the remote server recognizes. Thcommand string can contain the following:
Appendix A: Customizing PPP Login Scripts 437
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ter
ote ript.
s an
is
nt
• A literal command known to the remote host
• ASCII control characters \1 through \0x1a
These are specified with entries of ‘A through ‘Z (the letters A through Z preceded by a back-quote character [‘ ]).
Common control characters to embed in the output operationsinclude ‘I or \0x9 (the Tab character), ‘M or \0xd (the Carriage Return character), and ‘J or \0xA (the Line Feed character).
• [1] . . . [5]
Any of the parameters specified in the login script can be embedded in an output string. For instance, if [1] is specified as equal to the prompt for the username in the script, [1] can be entered as part of the output string. This entry instructs the routo substitute the value for the User Name entered during the configuration of the PPP call destination and sends it to the remserver. No more than five tags can be defined and used in the scAny defined parameter, however, can be embedded more thanonce, if necessary.
• WAIT FOR INPUT
This operation signifies the beginning of an expected input string, a response from the remote server that the router will listen for.
STRING is a remote server response that the router recognizes. It iinput line terminated by Enter (‘M ).
• Pause
This operation signifies a delay, or pause. The interval for the delay specified as N tenths of a second.
• Quiet Wait
This operation signifies a quiet period, an interval of no input. The interval for the quiet period is specified as N tenths of a second.
Quiet periods are generally the interval of time required for the curreinput to conclude.
438 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
95g_tpl.fm Temp. Rev 2.0 25 August 98
Appendix
B Mod
em Description FilesThis appendix discusses the use of modems with the Novell® Internet Access
ns
s
in
Server 4.1 routing software. It contains the following sections:
• “Customizing a Modem Description File” on page 439
This section describes the utility used to create or modify modem description files for the Novell Internet Access Server 4.1 routing software.
• “Limited Public-Switched Telephone Support” on page 440
This section describes using dial-up synchronous modem connectiofor limited public-switched telephone support.
• “Modem Description Files” on page 444
This section describes modem description files, modem-specific filethat enable modem support in the Novell Internet Access Server 4.1routing software. This section describes the information provided bythese files. It also explains file syntax and provides sample files.
• “Environments” on page 460
This section describes how Novell's modem control is implemented the NetWare® server environment.
Customizing a Modem Description File
The Novell Internet Access Server 4.1 routing software provides a Windows-based utility that enables you to create a customized modem description file. To create, edit, or install a modem description file, start the WMDMMGR utility the same way you would start any Windows 3.1, Windows 95, or Windows NT utility. This utility can be run only at a Windows workstation and cannot be run from the DOS prompt.
Appendix B: Modem Description Files 439
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
WMDMMGR is located in the SYS:\SYSTEM\UTILS directory on your server. Three sample modem description files, with an .MDC extension, are provided in the SYS:\SYSTEM directory of your router. These files contain modem scripts that are certified by the Novell LabsTM group (NIASCERT.MDC), as well as scripts for commonly used modems (NIASMDM1.MDC and NIASMDM2.MDC). You can modify these modem scripts to meet your requirements, although this is not recommended for scripts in the NIASCERT.MDC file.
To create a new modem description file, select New from the File menu. To modify an existing login script, select Open from the File menu. After editing the modem description file as described in the online help, save your changes by selecting Save or Save As from the File menu. To edit existing files, copy the files to the SYS:\SYSTEM directory. If you have any problems editing or using existing modem description files, refer to Novell Internet Access Server 4.1 Management and Optimization .
The remaining sections in this chapter provide the background information you need to understand the operation of modem description files.
Limited Public-Switched Telephone Support
This section describes the pseudopermanent connection feature supported by the router using dial-up synchronous modems. The dial-up synchronous connection is established automatically by the modems when the routers at both ends are turned on. The connection is terminated when either of the two routers is turned off or otherwise stopped.
Pseudopermanent Link Operation
The pseudopermanent link is a dial-up link established over the Public Switched Telephone Network (PSTN) using a pair of synchronous modems. By its very nature, this connection is asymmetrical because one modem originates the call and the other modem answers the call. Therefore, the calling end needs to be programmed to automatically dial the stored telephone number of the remote modem, and the remote modem needs to be programmed to automatically answer the incoming call.
440 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Initial Connection Establishment
When the routers are turned off, the Data Terminal Ready (DTR) signal is set low, thereby prohibiting any connection between the modems. When the router at the calling end is turned on, it turns on the DTR, triggering the modem to automatically dial and establish a connection. When the calling modem detects the DTR off-to-on transition, it goes off-hook, dials the remote modem, and waits for the connection to occur. If, after a certain programmed period (in units of number of rings), the connection fails to materialize, the modem goes on-hook and terminates the connection. If the connection does occur (that is, the remote end answers), the modem turns on the carrier, exchanges a training sequence, and reaches a ready state. These events are indicated by the modem turning on the Data Set Ready (DSR), Data Carrier Detect (DCD), and Clear-to-Send (CTS) signals, in that order.
The answering modem waits for an incoming call and answers it, if the local router has set the DTR signal high. Here again, the modem turns on DSR, DCD, and CTS signals to indicate call connection, carrier detect, and ready state.
Call Disconnection and Reconnection
Call disconnection can occur because of telephone line failure, because one of the routers was turned off or was taken down, or because of a power failure. Each modem detects the call disconnection by the absence of the carrier. Following this detection, the modem disconnects the call and turns off the DSR, DCD, and CTS signals.
The modem signals DSR, DCD, and CTS are tracked by the router, and the router, in turn, turns off the DTR when any of these signals are off. The router keeps the DTR low for a few seconds to allow the modem to complete the actions needed for terminating the call, and raises the DTR to trigger redialing. When the modem detects the DTR off-to-on transition, it goes through the procedure for reconnection; on successful reconnection, the modem raises the DSR, DCD, and CTS signals. Should the reconnection attempt fail, the modem resets any signals it might have raised during the reconnection.
Even when the reconnection attempt fails, the router has the DTR on for approximately two minutes before taking it down. This delay spaces the reattempts to connect two minutes apart, preventing excessive telephone traffic. If the connection does occur, the DTR remains on indefinitely, and the dialed connection then simulates a permanent connection.
Appendix B: Modem Description Files 441
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
s
the
the gram
ly if the em
d his
es ,
the
The router actions remain the same, whether the router is connected to a calling modem or an answering modem. Hence, the router code is unaware of the asymmetry in the dialed connection.
Note that although the preceding description is based on the experience gained from using Hayes* smart modems, it is valid for a wide variety of compatible modems.
Modem Requirements
Following are the dial-up synchronous modem requirements:
• The modem should hold the configuration for the autodial of stored numbers in nonvolatile memory. The configuration for the modem isprogrammed offline using an asynchronous terminal in asynchronoumode.
• The modem should dial the stored number when the DTR off-to-on transition occurs, connect to the remote modem, and switch to the synchronous mode. The modem should terminate the connection if DTR is turned off by the router.
• Both modems should be programmed to establish the connection atuser-defined rate rather than at the asynchronous speed used to prothe modem.
• The answering modem should be programmed to answer the call onthe DTR is turned on. Therefore, even if the modem is turned on, if router has not turned on the DTR (indicating its readiness), the modshould ignore the call.
• After the modems are programmed, both modems should be disablefrom recognizing synchronous data as modem control commands. Tis done by forcing the modem into dumb mode.
Modem Programming Example
The following example illustrates the programming needed to set the HayULTRA* 14,400-bps modem for dialed synchronous operation. To do thisconnect the modem to a terminal device or PC with a terminal emulation program. The router provides a method of addressing the modem through
442 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
s
data,
CPECFG program (refer to “Configuring Modems and DTR-Controlled Devices” on page 111 for information about using CPECFG).
Dip Switch Setting
The left dip switch (sw 1 , seen when the front cover is removed) has the following settings:
• UP—Puts the modem in smart mode (command recognition mode ienabled)
• DOWN—Puts the modem in dumb mode (characters are treated as not commands)
This switch is set to DOWN after the modem is configured for autodial/ autoanswer. This prevents the synchronous data from accidentally being interpreted as commands (for example, when the DTR is turned off).
Modem Script for Call Originating Modem
AT&F; &F - Recall Factory settings
AT&Z0=<dest tel no>; &Z0 - store no to be called
AT&Q2&C1&D2; &Q2 - Stored No redial on DTR OFF -> ON
; &C1 - Track status of DCD
; &D2 - Track DTR, DTR ON -> OFF go to cmd state
ATS37=11 S37=11 - Connect to remote modem at 14400bps speed
ATE0Q1&Y0&W0 E0 - Disable character echoing
; Q1 - DO not return result codes
; &Y0 - Select profile `0' as power on config
; &W0 - store as profile `0'
Modem Script for Call Answering Modem
AT&F; &F - Recall Factory settings
AT&Q1&C1&D2S0=2; &Q1 - Sync mode 1 (async to sync on connect)
; &C1 - Track status of DCD (don't ignore)
; &D2 - Monitor DTR, DTR ON -> OFF enter cmd state
Call automatically answered only if DTR is ON
; S0=2 Auto Answer after 2 rings
ATS37=11; S37=11 - Connect to remote modem at 14400bps speed
Appendix B: Modem Description Files 443
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
ATE0Q1&Y0&W0; E0 - Disable character echoing
; Q1 - DO not return result codes
; &Y0 - Select profile ‘0’ as power on config
; &W0 - store as profile ‘0’
Reprogramming the Modem
Should the need arise to reprogram the modem (for example, to change the destination telephone number), the following procedure should be adopted. Because character echoing and result code returns have been disabled, the modem does not respond to a user’s attempt to communicate with it (in asynchronous mode). To reprogram the modem, complete the following steps:
1. Turn off the modem.
2. Set dip switch 1 to the UP (smart mode) position.
3. Turn on the modem.
4. Enter the following modem command:
ATE1Q0; E1 - Enable character echoing; Q0 - Enable returning of result codes
Modem Description Files
Novell’s most recent products, and those in development, are designed to be modem independent . This enables new modems to be supported by these Novell products without a new version of the software being released. All that is required is to load the appropriate modem description file onto the specified system.
Novell products can interpret modem description files and execute script commands in the files to perform modem operations as the application requires. Neither the modem control components nor the software products themselves are specific to any one modem or set of modems. Any details specific to modems are contained in the modem description files.
When Novell products are installed, modem description files are copied along with other product files. As users configure the software, they identify the modems to be used from lists of modem names. Any modem that has a modem description is presented in these lists for the user to select.
444 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
When a port is configured from the Network Interfaces screen of the Novell Internet Access Server Configuration utility (NIASCFG), the type of modem attached to the port is specified in the Modem/DCE Device field. This option enables you to select a modem initialization script that is specified in the compiled NIASCERT.MDC, NIASMDM1.MDC, and NIASMDM2.MDC files in the SYS:SYSTEM directory.
Because these files are compiled, they require a special modem script editing tool, WMDMMGR, to read them and make changes to them. Multiple *.MDC (Modem Definition Compiled) files can exist in SYS:SYSTEM; however, if a description of a particular type of modem appears in multiple *.MDC files, there is no guarantee as to which description is used. To avoid confusion, a modem description should appear in only one *.MDC file. When Novell Internet Access Server 4.1 is installed, any previously installed *.MDC files are moved to the SYS:SYSTEM\BACKUP directory. Only files included in Novell Internet Access Server 4.1 remain in the SYS:SYSTEM directory.
If you create new modem description files, copy them to the SYS:SYSTEM directory so that they are available to the routing software. If the routing software is running, issue the REINITIALIZE SYSTEM command to have the modem script changes take effect
This section discusses the format and content of the information present in the modem description files. The method of defining the capabilities of a modem is specified, and the process of constructing scripts to accomplish modem operations is outlined. Several examples illustrate uses of the details presented.
Modem Description File Information
A modem description file includes information describing both a modem vendor and individual modems. The information about the modem vendor is specified first, with from one to many descriptions of modems following.
One way to organize modem descriptions is to collect information about all modems from one vendor into a single file. This makes it easy to register the single filename with Novell. Another possibility is to group modems by family, as might be done with all the XYZ Xxxx sample models. We suggest that all modems manufactured by a vendor be located in a small number of files.
A typical modem description file includes the following:
• Vendor description
Appendix B: Modem Description Files 445
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
of of
is
e
. ple
gs rs an en
rol all.
iption
The vendor information begins with the vendor’s name, which identifies the company creating the description file. A copyright notice can be included to protect the company’s rights. Version information should be added to allow tracking of additions or corrections to description information.
• Modem description
• Modem name
Modem-specific information begins with a line specifying the modem name. This name must be unique within the entire setmodem names known to Novell and should include some formthe vendor's name to avoid conflicting with any other vendor's descriptions.
• Modem options
Modem option lines supply information regarding the features,capabilities, and default values of the modem. This informationneeded by the modem control components to determine whichlogical operations can be performed. The information would include the highest interface bit rate possible for the modem, thlink types the modem can use (analog, ISDN, and so on), and whether the modem supports a fixed rate.
• Modem scripts
Modem scripts that perform particular operations are specifiedThese scripts are simply strings encoding suboperations to beexecuted that together accomplish the desired operation. Multisequences of commands can be combined, if required.
• Modem responses
The final section of a modem description file contains the strinused to decode a modem's responses when the modem answeincoming call. For example, the string returned by a modem wha call is successful might be associated with the CONNECT response. Additional response recognition allows modem contcomponents to record the options that are negotiated for this c
Modem Description File Components
This section describes the components that can be used in modem descrfiles.
446 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
long. e
nique
riate ons s it for
as
m.
he
Vendor Description
The following fields are part of the vendor description:
• MANUFACTURER : A descriptive name of the modem vendor.
• COPYRIGHT : A vendor's copyright notice.
• VERSION : A version number of the modem descriptions.
The manufacturer and copyright string values can be up to 80 characters The version numbers can have numeric values from 0 to 99. Currently, thvalues are not used directly by modem control components, but they are provided for use by modem vendors.
Modem Description
This section explains the modem keywords and how to use them.
Modem Name
The modem name string value can be up to 39 characters and must be uwithin the entire set of modem names known to Novell.
There can be multiple descriptions for the same modem, with each appropfor distinct circumstances. For instance, it might be found that most revisiof a particular modem can be initialized quickly, but that some ROM levelrequire delays between output characters. Rather than force all users to waa lengthy initialization operation, it is possible to create two descriptions, follows:
XYZ Modem Xxxx
XYZ Modem Xxxx (Slow Init)
Rate Options
The following rate options require values to be defined:
• DEFAULT : Best typical bit rate used to communicate with the mode
When a modem operation specifies the use of fixed rate mode, the FIXED rate option supplies the bit rate used to communicate with t
Appendix B: Modem Description Files 447
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
s the
ith
m.
the the lue
s
e y the .
trol tions t
modem. When that mode is not selected, modem control uses this option to determine the default bit rate for the interface to the modem.
• FIXED : Best bit rate for use with fixed rate usage.
Modems can be initialized to use one unchanging bit rate between themselves and the data terminal equipment (DTE). This bit rate is usually set to a value high enough to permit use of compression, nomatter what line speed is used on a connection. The numeric value ibit rate to be used when the modem is put into fixed rate mode.
Note This option also implies that fixed rates are supported by the modem.
• SINGLE FIXED RATE : Modem can use only one bit rate.
Some modems permit the use of the FIXED DTE RATE feature, but wonly one allowable bit rate, as specified by the FIXED option. This option specifies that this restriction is true for this modem.
• MAXIMUM : Maximum bit rate used to communicate with the mode
The set of interface bit rates that can be used to communicate from DTE to a modem usually has an upper bound. This option supplies maximum interface bit rate to be used with a modem. The numeric vafor this option is the maximum rate in bits per second.
Other Options
Depending on how your modem is being used, two of the following optionmight have to be configured. The first two of the following options are configurable; the last two options are not configurable. These options aredescribed as follows:
• OUTPUT DELAY : Delay between command characters.
Some modems require a greater amount of time to process complexcommands. Complex commands that are sent to these modems oncharacter at a time are successful. This option enables you to specifamount of time to insert between characters of selected commands
The numeric value is the time, in tenths of a second, that modem conshould wait between sending characters. There are two script operafor output: one inserts delays between characters; the other does noinsert delays between characters. If this option is not specified, the default delay is zero (no delay).
448 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
icular that
ter e:
ach
g n
ion
• LINK TYPE : Connection method used by the modem to establish alink.
Possible values are as follows:
• ANALOG for asynchronous modems
• ISDN-Synchronous for ISDN adapters
• ISDN-Asynchronous for ISDN terminal adapters
• X.25 for X.25 connection types such as AIOPAD
• TCP for TCP/IP connection types such as AIOPPTP
• VERSION : Version of this modem script entry.
• NOVELL CERTIFIED : Indication that this modem script has been certified by Novell Labs.
Modem Scripts (Control Strings)
Modem scripts are text strings that are sent to the modem to cause a partbehavior. They are associated with a particular modem capability and aretransmitted to the modem when the application software wants to invoke operation.
More information on the content and creation of modem scripts is given lain “Script Operations” on page 452 Individual scripts are summarized her
• ERROR CORRECTION : Enable error control protocols.
This script enables the use of any of the error correcting protocols implemented by a modem when the next data connection is begun. Because which protocols might be activated depends on the remotemodem, this script only specifies that the best possible protocol for econnection be used. Through monitoring the negotiation progress responses, the modem control components can be informed of the characteristics of the protocol activated.
• AUTO ANSWER : Place modem into autoanswer mode.
This script places the modem in the mode of automatically answerinincoming telephone calls. A connection can begin without interventioby modem control. Modem control monitors the progress of connect
Appendix B: Modem Description Files 449
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
.
ly on be
the
on the t
.
d for he
cify
initiation and detects when the connection is complete and data transfer can begin.
• COMPRESSION : Enable data compression method.
This script enables the use of any of the data compression methodsimplemented by the modem when the next data connection is begunBecause the particular compression method employed depends partthe remote modem, this script specifies only the preferred method toused. Through monitoring the negotiation progress responses, the modem control components can be informed of the characteristics ofmethod activated.
• DIAL : Make an outgoing call.
This script is executed when a call origination operation is requesteda switched line. The operation request parameters include whether dialing should use pulse or touch-tone signaling, and the destinationtelephone number. These parameters are inserted into the dial scripstring using the substitution tags [T] and [P] . These tags are describedin detail in “Script Operations” on page 452
• FIXED DTE RATE : Place modem into fixed interface bit rate mode
This script places the modem into fixed interface bit rate mode. Thisallows the interface to be programmed to one bit rate that can be useall subsequent connections. The actual rate used is determined by tassociated FIXED rate value and SINGLE FIXED RATE rate flag.
• HANGUP : Disconnect any call in progress.
This script causes the modem to disconnect any call that might be inprogress (that is, place the modem on-hook). This script should speall required operations that ensure that the call is disconnected, irrespective of the current modem state.
• ESCAPE : First string sent to the modem to initiate a hangup.
This string is part of the overall HANGUP script for the modem. To change only the ESCAPE output string, you can type directly into theedit box. To modify the overall HANGUP script and sequence, select the HANGUP button.
• FLOW CONTROL : Place modem into hardware flow-controlled mode.
450 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
. IT
tate
res
vious ore,
de, ust nized.
line y script
a dem
This script places the modem into a hardware flow-controlled mode. In this mode, data transfer between modem and interface is controlled through the use of the Request-to-Send (RTS) and Clear-to-Send (CTS) RS-232 signals. Each signal controls data transfer in one direction.
• RESET : String send to the modem to reset it.
This string is part of the overall INIT script for the modem. To changeonly the RESET output string, you can type directly into the edit boxTo modify the overall initialization script and sequence, select the INbutton.
• INIT : Initialize the modem to a known state.
This script causes the modem to be initialized to a known state. This smust have all optional features disabled. That is, the purpose of the INIT script is to put the modem into a state in which any of the other featucan then be added by individually executing scripts.
The INIT script is usually the first script executed when a modem operation is begun; the only script that could precede it is the HANGUP script to disconnect a call in progress. The INIT script can make no assumptions about the previous state of the modem. Indeed, the preuser of a modem might not have been Novell's modem control; therefnot even modem control knows the state of a modem.
The script must reset everything that can be affected by modem commands. This includes features like echo, call progress, result comodem signal usage, flow control modes, and so forth. The script mset the correct modes so that modem response strings can be recog
• LEASED INIT : Place modem into leased-line mode.
When a modem initialization operation is requested and the leased-feature is requested, this script is executed to place the modem intoleased-line mode. In some cases, this feature is not under control bcommands, but rather, some switches must be set. In this case, the might be absent.
• LEASED ANSWER : Accept a leased-line connection.
This script is executed when a call answer operation is requested onleased line. The modem should attempt to connect to the remote mousing answering frequencies. Once this script is completed, modemcontrol monitors the local modem's responses to detect when a connection has begun.
Appendix B: Modem Description Files 451
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
line.
ol has
sted.
ol has
e tion the
s
em CII so
d by or
• LEASED DIAL : Originate a leased-line connection.
This script is executed when call origination is requested on a leased The modem should attempt to connect to the remote modem using origination frequencies. Once this script is completed, modem contrmonitors the local modem's responses to detect when a connectionbegun.
• MANUAL ANSWER : Accept manually answered switched connection.
This script is executed when a manual call answer operation is requeThe modem should attempt to connect to the remote modem using answering frequencies. Once this script is completed, modem contrmonitors the local modem's responses to detect when a connectionbegun.
• MANUAL DIAL : Originate manually dialed switched connection.
This script is executed when manual call origination is requested. Thmodem should attempt to connect to the remote modem using originafrequencies. Once this script is completed, modem control monitorslocal modem's responses to detect when a connection has begun.
• SYNCHRONOUS : Initialize modem for a synchronous connection.
This script is executed when a modem is initialized for a synchronouconnection. Certain modems allow synchronous mode connections,especially when trying to connect to mainframes and UNIX-based systems.
Script Operations
A modem script contains a sequence of nano-operations that inform modcontrol about which actions to perform. These actions include output of AScharacters, controlling interface signals, checking for expected input, andforth. There is no facility for conditional execution of nano-operations; theentire script is executed unless an error occurs.
Each nano-operation consists of an alphabetic character optionally followeparameters for that operation. These values can be string or time values,other modifiers for that basic operation.
Following are the operations summaries:
452 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
. and
e on.
l is nal
r
hen tput
al
ved t re
5
one ed, t
• Toggle Break— Control asynchronous break signal
This operation turns on the asynchronous break signal momentarilyToggling the break signal can be used to switch a modem into commmode.
The break operation can be qualified by a decimal number giving thlength of time, in tenths of a second, for which break is to be turnedIf a time value is not given, the default break of 0.5 second is used.
• Toggle DTR— Control the DTR signal
This operation controls the DTR signal to the modem. The DTR signaturned off momentarily and then turned on again. Turning off this sigcan be used to switch a modem out of data transfer mode.
An optional parameter, TIME is the duration, in tenths of a second, fothe DTR signal to be turned off.
If a time value is not given, the default DTR off time of 0.5 second isused.
• Flush Buffers— Flush Transmit/Receive buffers
Characters that have been buffered for output or input but not yet processed can be discarded by this operation. This might be useful wmodem responses, up to a point, can safely be ignored, or if prior oushould be discarded when new commands are entered.
The flush operation must specify which streams should be flushed.
• Input String—Wait for input (must match) or conditional input (optionmatch)
This operation allows a script to check for a specific string to be receifrom a modem. For example, after most modem commands, a scripshould check for the returned indication of success, usually OK. Theare two variants: must match or optional match .
The operation can optionally be qualified by a decimal number specifying the maximum time to wait for this response. This value isspecified in tenths of a second. If it is not given, the default value ofseconds is used.
Modem control continues receiving characters from the modem until of two occurrences. If a matching string from the modem is completthe nano-operation finishes and the script continues. If a match is no
Appendix B: Modem Description Files 453
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
II
ay
the
uld em
-
use tag the
completed and the timeout period has elapsed since the last character was received from the modem, an input timeout is declared.
If this was a must match input string operation, the timeout causes the script to be terminated with a bad modem response error code. Otherwise, the timeout simply terminates the optional match operation and continues with the rest of the script.
• Output String—Output or output with delay
This operation allows output of character strings from the script to amodem. The output string can contain any non-null, noncontrol ASCcharacters.
If a delay must be inserted between characters, the Output with Deloperation uses the delay time specified by the OUTPUT DELAY option value.
The string to be output is bounded by a delimiter character chosen byscript creator. The script creator should choose a string delimiter character that is not used for any interactions with the modem. Thischaracter should not be an alphanumeric character because this womake reading descriptions difficult. A survey of several modems hasidentified the many punctuation characters that are used within modcommands and responses. The following set of characters is recommended for use:
‘ < ^ _ { } | : ’ ,
By convention, a colon (:) is used.
Control characters can be inserted into output strings using the backquote character (‘ ).
Variable strings can be substituted in output or input strings with the of a substitution marker. A substitution is indicated by a substitution name surrounded by brackets ([ ]). For example, the substitution of tone or pulse modifier and the phone number in a dial-out commandmight be coded as follows:
ATD[T][N]
where [T] is replaced with T or P , and [N] is replaced with a dial number.
454 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
es not
to
. te
If ime
fore
If ime
0. the the um the
Only a limited number of substitution tags are defined, and the substituted strings are not variable by modem type. The predefined tags are as follows:
• T : dial tone/pulse modifiers: T or P
• N : dial phone number: supplied by application
• R : ring count: used on initialization
• W : seconds to wait for a connection
Care should be taken that the longest command sent to a modem doexceed what the modem can handle. Many modems are limited to amaximum of 40 command characters, excluding the leading AT , spaces, hyphens, and final carriage return. The input command can be usedbreak up long command-output sequences.
• Pause— Pause script execution
This operation allows a script to pause execution for a period of timeThis is useful when modems might require additional time to complecomplicated modem commands.
An optional parameter, TIME is the pause time in tenths of a second. a time value is not given, the default time value of 1 second is used (t= 10).
• Quiet Wait— Wait for end of input
This operation skips all the responses from a previous command beissuing a new command. It causes a wait until the modem remains continuously quiet for the specified time.
An optional parameter, TIME is the pause time in tenths of a second. a time value is not given, the default time value of 1 second is used (t= 10).
This nano-operation discards any data received from the modem. Whenever a character is received, the elapsed time timer is reset toWhen the elapsed time timer reaches the specified wait time value, nano-operation completes successfully. An additional timer records total time since the nano-operation began. If this timer reaches the sof the specified wait time plus 5 seconds, a timeout is declared and nano-operation completes unsuccessfully, causing the script to be terminated with an error.
Appendix B: Modem Description Files 455
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
t k to
he lush es.
d.
must nse
put of the
. An ring
t as
is
til a
atch
• Change Data Rate— Set new interface rate
This operation allows scripts to change the data rate used to communicate with the modem. This is used with modems that do noautomatically resynchronize interface data rates after switching baccommand mode from data transfer mode.
After execution of this operation, any further output or input through tinterface uses this data rate. Some asynchronous equipment must fone or both of the input and output streams when changing data rat
Modem Responses
The response strings in a modem description allow recognition and interpretation of data sent from the modem to the DTE. Response stringsinform the modem control software of the success or failure of a commanThese strings also let modem control detect when a call is arriving.
As the responses generated differ between modems, the modem vendor supply information to allow modem control to recognize responses. Respostrings contain from one to many pairs of substrings, the first giving the instring to be recognized and the second representing the standard meaningstring.
With the ever more complex responses found in newer modems, it is sometimes necessary to perform multistage matching of response stringsexample would be when the modem is using negotiation progress monitoto capture added information about connections. When the PROTOCOL response is received, the first stage of recognition would identify the inputhe PROTOCOL message. The second stage of recognition would then identify the particular substrings that might be present in this message. Thprogression from one stage to the next is called chaining.
Modem control accumulates ASCII characters received from a modem uncarriage return character (\x0D or decimal 13 ) is received; all other control characters are ignored. The accumulated string is then compared to the mstrings in the RESPONSES keyword string. When a match is found, the meaning is interpreted and the appropriate action is taken.
Modem Response Strings
Modem response strings can comprise two string elements: the match string and the meanings string .
456 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
s, rn is ings itive
a ch
t.
se
o are
: es are l alue
• Match string
The first of each pair of strings in the RESPONSES string is known as the match string . When modem control is monitoring modem responsecharacters received from a modem are collected until a carriage retureceived. The input string is then compared against all the match strfound in Modem Responses. This matching operation is case-insensand proceeds in the same order in which the string occurred in the description file.
Match strings do not need to be the entire response string to declarematch. Only the initial characters of a response must match the matstring. Thus, the match string ERR matches both the response stringsERROR and ERRONEOUS , but not ERASE . However, this might make the order in which match strings are tried even more importan
• Meanings string
The second string of each pair of strings is known as the meanings string . The interpretation of this string defines what the recognized responmeans to modem control. This includes whether the response is a success, a failure, or some intermediate indication. When certain optional connection features are recognized, they can be signaled tmodem control by this method. Finally, this is the way that bit rates given to modem control.
There are four types of meanings information, as shown in Table 2-1status, rate, feature, and match chaining. The status and feature valudecimal indices into tables used by modem control. The rate decimavalue is the actual data rate in bits per second. The match chaining vis described in “Match Chaining” on page 459
Appendix B: Modem Description Files 457
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
Table 2-1Meanings String Types
Status Meaning
Status information is used to notify modem control when something of significance has been discovered in a response, or to report that scanning should continue. Possible status types are as follows:
Rate Meaning
The rate meaning tells modem control what the current line data rate is in bits per second. For most modems that implement negotiation progress messages, this rate value can be captured from the CARRIER response by using the <R> construct, as in CARRIER <R> or CONNECT <R> . This construct matches any speed response from the modem and captures that value to return it in the rate definition command.
Type Meaning
STATUS Reports a status; might terminate scanning.
RATE Reports a data rate.
FEATURE Reports an enabled feature for this connection.
CHAINING Continues scanning using another string.
NONE CONNECT
RESERVED 1 BUSY
RESERVED 2 NO_ANSWER
RESERVED 3 NO_CARRIER
RESERVED 4 ERROR
RESERVED 5 NO_DIALTONE
OK VOICE
RING UNKNOWN
RRING
458 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
Feature Meaning
The feature values indicate to modem control when optional connection features have been enabled on the current connection. Information about which features are enabled or disabled is made available to applications. Applications can use this information to determine whether they must independently perform error control or data compression for a connection. The features are as follows:.
Match Chaining
The match chaining directs modem control to continue matching using the remainder of the input string (after the initially matched portion) and using a different modem response string. This permits the multistage matching that is so useful with complex sets of responses, such as negotiation progress messages. The following example illustrates this approach:
RESPONSE = PROTOCOL
RESPONSES STRING 1 = ERROR-CONTROL
Input from modem: PROTOCOL: ERROR-CONTROL/LAP-B
The first string is part of the first stage matching string formed from all the RESPONSES keyword strings. Modem control interprets it to mean that the response beginning with PROTOCOL is not a final response; rather, that additional matching must be performed using RESPONSES STRING 1 .
Modem control begins checking the remainder of the input string repeatedly against the RESPONSES STRING 1 match strings. Each time the match strings are used up, modem control advances to the next character in the input string and tries again. This process continues until all the characters in the input string have been exhausted. In this manner, modem control finds the ERROR-CONTROL substring and notes that feature one, ERROR CONTROL , is enabled for this connection.
NONE V.42BIS
ERROR_CONTROL UNBALANCED
MNP5 SYNCHRONOUS
Appendix B: Modem Description Files 459
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
are
Environments
Novell’s modem control is implemented in multiple environments. This section briefly describes how modem description files are used in each environment.
Modem description files on a NetWare server are placed in a subdirectory accessible to NetWare Loadable ModuleTM (NLMTM ) files. The files for both the routing and the remote access components of Novell Internet Access Server 4.1 are located in the SYS:SYSTEM directory. You should work in this directory when adding new scripts, editing existing scripts, and compiling scripts. Novell Internet Access Server 4.1 uses all compiled scripts with the .MDC extension that exist in the SYS:SYSTEM directory.
Novell Internet Access Server 4.1 Remote Access Software
The modem control components of the remote access software exist in a subdirectory called SYS:SYSTEM. All files containing compiled modem descriptions are copied to this subdirectory. When NetWare Asynchronous I/O (AIO) is loaded, it searches this subdirectory for files with the extension .MDC. AIO then creates a list of all modem names defined in these files and indicates which file contains the description for each modem. When one of the remote access services attempts a modem operation on a port, AIO determines which modem is attached to that port and ensures that the modem’s description has been read into memory. AIO then starts the execution of the operation using the service’s request parameters and the modem description.
The standard set of scripts that are included in the remote access software are contained in the following three files:
• SYS:SYSTEM\NIASCERT.MDC (scripts certified by Novell Labs)
• SYS:SYSTEM\NIASMDM1.MDC and NIASMDM2.MDC (scripts for commonly used modems)
Novell Internet Access Server 4.1 Routing Software
The routing software uses modem definition files that are placed in the SYS:SYSTEM directory. It interprets these files as required for modem control. The standard set of scripts that are included in the routing softwarecontained in the following three files:
• SYS:SYSTEM\NIASCERT.MDC (scripts certified by Novell Labs)
460 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential
chapter.enu Temp. Rev 2.0 25 August 98
• SYS:SYSTEM\NIASMDM1.MDC and NIASMDM2.MDC (scripts for commonly used modems)
Appendix B: Modem Description Files 461
March 24, 1999Novell Confidential
Temp. Rev 2.0 25 August 98
462 Novell Internet Access Server 4.1 Routing Configuration
March 24, 1999Novell Confidential