MAX System Administration

This chapter covers these topics:

Introduction to MAX administration

System and Ethernet profile configurations

Terminal server commands

SNMP administration support

Introduction to MAX administration
System and Ethernet profile configurations
Terminal server commands
SNMP administration support

Introduction to MAX administration

This chapter describes the following administration tasks:

Administrative configurations
Some system- or network-wide configurations are related to the unit itself. These are described in "System and Ethernet profile configurations" on page 13-3.
Administrative commands
The terminal server provides commands related to managing the system, its networks, and its calls. This chapter focuses on those related to the system itself, and tells you where to find information about the network and connection-oriented commands.
SNMP administration
MAX configurations control which classes of events will generate traps to be sent to an SNMP manager, which SNMP managers may access the unit, and community strings to protect that access. This chapter shows you how to set up the unit to work with SNMP.

Note: You can manage the MAX from your workstation by establishing a Telnet session and logging in with sufficient administrative privileges. You can also use Telnet to manage remote Ascend units, such as Pipeline or MAX units.

Where to find additional administrative information

The following administrative topics are documented in a separate guide or supplement.

Security profiles
For details on Security profiles, see the MAX Security Supplement.
RADIUS authentication and accounting
For details, see the MAX RADIUS Configuration Guide.
MIF (Machine Interface Format) interface
MIF is an Ascend-specific language that provides an alternative configuration interface for Ascend units. You can use a command-line or write a MIF program that sets Ascend parameters rather than use the configuration menus to change one parameter after another. MIF programs provide a batch-processing method of changing a configuration or performing a series of actions. For details on using it, see the MAX MIF Supplement.
Sys Diag and Line Diag commands
The Sys Diag commands enable you to reset the device, save or restore configuration information, and perform other administrative functions. The Line Diag commands enable loopbacks and other diagnostics on WAN lines. For details, see the MAX Reference Guide.
You can also reset the MAX, set the configuration state of a T1 line, and obtain configuration information information from RADIUS using SNMP. For details, see the Ascend Enterprise MIB. You can download the most up-to-date verson of the Ascend Enterprise MIB by logging in as anonymous to ftp.ascend.com. (No password is required.)
DO commands
Pressing Ctrl-D in the vt100 interface displays the DO menu, which contains commands for changing security levels in the MAX, or manually dialing or clearing a call. For details, see the MAX Reference Guide.
Status windows
The status windows in the vt100 interface provide information about what is currently happening in the MAX. You can also perform DO commands, for example, clear an active connection, using the status windows. For details, see the MAX Reference Guide.
Troubleshooting
For troubleshooting tips, see Appendix A, Troubleshooting.

Activating administrative permissions

Before you can use the administrative commands and profiles, you must login as super-user by activating a Security profile that has sufficient permissions, such as the Full Access profile. To do so:

Press Ctrl-D to open the DO menu, and then press P (or select P=Password).
In the list of Security profiles that opens, select Full Access.
The MAX prompts you for the Full Access password:
Type the password assigned to the profile and press Enter.
When you enter the correct password, the MAX displays a message informing you that the password was accepted and that the MAX is using the new security level.
If the password you enter is incorrect, the MAX prompts you again for the password.

Note: The default password for the Full Access login is Ascend. The first task you should perform after logging in as the super-user is to assign a new password to the profile. See the MAX Security Supplement for details.

System and Ethernet profile configurations

This section describes the following system administration configurations:

System
      Sys Config
            Name=gateway-1
            Location=east-bay
            Contact=thf
            Date=2/20/97
            Time=10:00:29
            Term Rate=9600
            Console=Standard
            Remote Mgmt=Yes
            Parallel Dial=5
            Single Answer=Yes
            Auto Logout=No
            Idle Logout=0
            DS0 Min Rst=Off
            Max DS0 Mins=N/A
            High BER=10 ** -3
            High BER Alarm=No
            No Trunk Alarm=No
            Edit=00-000
            Status 1=10-100
            Status 2=10-200
            Status 3=90-100
            Status 4=00-200
            Status 5=90-300
            Status 6=90-400
            Status 7=20-100
            Status 8=20-200

Ethernet
      Mod Config
            Log...
                  Syslog=Yes
                  Log Host=10.65.212.12
                  Log Port=514
                  Log Facility=Local0

For details on these parameters, see the MAX Reference Guide. For background information on additional parameters that appear in the System profile, see Chapter 2, Configuring the MAX for WAN Access.

            Date=2/20/97
            Time=10:00:29

Specify the data transfer rate of the MAX Control port.
Close the System profile.

Configuring the MAX to interact with syslog

To maintain a permanent log of MAX system events and send Call Detail Reporting (CDR) reports to a host that can record and process them, configure the MAX to report events to a syslog host on the local IP network. Note that the Ethernet interface sends out the syslog reports. To configure the MAX to send messages to a Syslog daemon:

Open Ethernet > Mod Config > Log.
Turn on Syslog.
Specify the IP address of the host running the Syslog daemon.
Specify the port at which the Syslog daemon listens for syslog messages from this MAX.

Set the log facility level.

Ethernet
      Mod Config
            Log...
                  Syslog=Yes
                  Log Host=10.65.212.12
                  Log Port=514
                  Log Facility=Local0

Close the Ethernet profile.

To configure the Syslog daemon, you need to modify /etc/syslog.conf on the log host. This file specifies which action the daemon will perform when it receives messages from a particular log facility number (which represents the MAX). For example, if you set Log Facility to Local5 in the MAX, and you want to log its messages in /var/log/MAX, add this line to /etc/syslog.conf:

local5.info<tab>/var/log/MAX

Note: The Syslog daemon must reread /etc/syslog.conf after it has been changed.

Configuring Finger support

You can configure the MAX to respond to Finger reqests, as specified in RFC 1288-The Finger User Informtion Protocol.

To enable the MAX to respond to Finger requests:

Open the Ethernet > Mod Config menu.
Set Finger to Yes.
Exit and save the changes.

Terminal server commands

This section describes the commands available in the terminal server command-line interface. To invoke the terminal server command-line interface, you must have administrative privileges. See Activating administrative permissions.

You can open the terminal server command-line interface using any of these methods:

Select System > Sys Diag > Term Serv, and press Enter.
Press Ctrl-D to open the DO menu in the Main Edit menu and select E=Termsrv.
Enter the following keystroke sequence (Escape key, left square bracket, Escape key, zero) in rapid succession:

If you have sufficient privileges to invoke the command line, you'll see the command-line prompt; for example:

** Ascend Terminal Server **

ascend%

Note: If you have a MAX running Multiband Simulation, you cannot use the following terminal server commands: close, ipxping, open, resume, rlogin, telnet.

Displaying terminal-server commands

To display the list of terminal server commands:

ascend% ?

Or:

ascend% help 



 ?

 Displays help information


 help

 Displays help information


 quit

 Closes terminal server session


 hangup

 Closes terminal server session


 test

 test <number> frame-count.] [ <optional fields>]


 local

 Go to local mode


 remote

 remote <station>


 set

 Set various items. Type `set ?' for help


 show

 Show various tables. Type `show ?' for help


 iproute

 Manage IP routes. Type `iproute ?' for help


 dnstab

 Displays help information about the DNS table. Type 'dnstab ?' for help


 slip 

 SLIP command


 cslip

 Compressed SLIP command


 ppp

 PPP command


 menu

 Host menu interface


 telnet

 telnet [ -a|-b|-t ] <host-name> [ <port-number> ]


 tcp

 tcp <host-name> <port-number>


 ping

 ping <host-name>


 ipxping

 ipxping <host-name>


 traceroute

 Trace route to host.  Type 'traceroute -?' for help


 rlogin

 rlogin [ -l user -ec ] <host-name> [ -l user ]


 open

 open < modem-number | slot:modem-on-slot >


 resume

 resume virtual connect session


 close 

 close virtual connect session


 kill

 terminate session

?	Displays help information
help	Displays help information
quit	Closes terminal server session
hangup	Closes terminal server session
test	test <number> frame-count.] [ <optional fields>]
local	Go to local mode
remote	remote <station>
set	Set various items. Type `set ?' for help
show	Show various tables. Type `show ?' for help
iproute	Manage IP routes. Type `iproute ?' for help
dnstab	Displays help information about the DNS table. Type 'dnstab ?' for help
slip	SLIP command
cslip	Compressed SLIP command
ppp	PPP command
menu	Host menu interface
telnet	telnet [ -a\|-b\|-t ] <host-name> [ <port-number> ]
tcp	tcp <host-name> <port-number>
ping	ping <host-name>
ipxping	ipxping <host-name>
traceroute	Trace route to host. Type 'traceroute -?' for help
rlogin	rlogin [ -l user -ec ] <host-name> [ -l user ]
open	open < modem-number \| slot:modem-on-slot >
resume	resume virtual connect session
close	close virtual connect session
kill	terminate session

Returning to the vt100 menus

The following commands close the terminal server command-line interface and return the cursor to the vt100 menus.

quit                Closes terminal server session

hangup                 "      "       "       "

local               Go to local mode

For example:

ascend% quit

When a dial-in user enters the Local command, a Telnet session begins.

Commands for monitoring networks

The following commands are specific to IP or IPX routing connections, and are described in the chapter that explains those connections:

iproute             Manage IP routes.  Type 'iproute ?' for help

ping                ping <host-name>

ipxping             ipxping <host-name>

traceroute          Trace route to host.  Type 'traceroute -?' for help

For information about IPXping, see Chapter 9, Configuring IPX Routing.

For details on IProute, Ping, and Traceroute, see Chapter 10, Configuring IP Routing.

Commands for use by terminal-server users

The following commands must be enabled for use in Ethernet > Mod Config > TServ Options. If they are enabled, login users can initiate a session by invoking the commands in the terminal-server interface.

slip                SLIP command

cslip               Compressed SLIP command

ppp                 PPP command

menu                Host menu interface

telnet              telnet [ -a|-b|-t ] <host-name> [ <port-number> ]

rlogin              rlogin [ -l user -ec ] <host-name> [ -l user ]

tcp                 tcp <hostname> <port-number>

open                open < modem-number | slot:modem-on-slot >

resume              resume virtual connect session

close               close virtual connect session

These commands initiate a session with a host or modem, or toggle to a different interface that displays a menu selection of Telnet hosts. For details on enabling these commands, see Chapter 3, Configuring WAN Links.

SLIP, CSLIP, and PPP commands

These commands initiate SLIP (Serial Line IP), CSLIP (Compressed SLIP), and PPP sessions from the terminal-server command line.

Menu command

You can use the Menu command to invoke the terminal-server menu mode which lists up to four hosts, which can be either Telnet hosts or raw TCP hosts. You can mix Telnet and raw TCP hosts in a menu.

Specifying Telnet hosts

The Menu command invokes the terminal-server menu mode, which lists up to four Telnet hosts as configured in Ethernet > Mod Config > TServ Options. For example:

Up to 16 lines of up to 80 characters each

will be accepted. Long lines will be truncated.

Additional lines will be ignored

         1. host1.abc.com

         2. host2.abc.com

         3. host3.abc.com

         4. host4.abc.com

           Enter Selection (1-4, q)

To return to the command-line, press 0. Terminal-server security must be set up to allow the operator to toggle between the command line and menu mode, or the Menu command has no effect.

Specifying raw TCP hosts

To specify IP addresses or DNS names of hosts to which you establish a raw TCP connection, proceed as follows:

Open the Ethernet > Mod Config > TServ options menu.
Select one of the Host # Addr fields and enter the following:
rawTcp is the required string that causes the MAX to establish a raw TCP connection when the user chooses this host number. This entry is case-sensitive and must be entered exactly as shown.
hostname can be the DNS name of the host or the IP address of the host. The total number of characters, including the rawTcp string, must not exceed 31.
portnumber is the number of the port on which the connection for this host is to be established.
Enter a description of the host on the Host # Text field.

Note: You cannot configure raw TCP hosts if you are using a RADIUS server to provide the list of hosts.

Example configuration combining Telnet hosts and raw TCP hosts

For example, suppose you configure the following values in the TServ Options menu:

Remote Conf=No           
Host #1 Addr=10.10.10.1
Host #1 Text=Cleveland 
Host #2 Addr=
Host #2 Text=            
Host #3 Addr=
Host #3 Text=            
Host #4 Addr=rawTcp corp-host 7
Host #4 Text=The Office - port 7  
Immed Service=None       
Immed Host=N/A           
Immed Port=N/A           
Telnet Host Auth=No

The Terminal Server menu displays the following:

** Ascend Pipeline Terminal Server **

     1. Cleveland
     2. The Office - port 7

     Enter Selection (1-2,q)

If you select 2, the a raw TCP connection is established to the host corp-host on port 7.

If a you select 1, the MAX establishes a Telnet connection to the host 10.10.10.1 on port 23, the default Telnet port.

Telnet command

The Telnet command initiates a login session to a remote host. It uses this format:

telnet [-a|-b|-t] <hostname> [<port-number>]

If DNS is configured in the Ethernet profile, you can specify a hostname:

ascend% telnet myhost

If you do not configure DNS, you must specify the host's IP address instead. There are also several options in Ethernet > Mod Config > TServ Options that affect Telnet; for example, if you set Def Telnet to Yes, you can just type a hostname to open a Telnet session to that host.

ascend% myhost

Another way to open a session is to invoke Telnet first, followed by the Open command at the Telnet prompt, for example:

ascend% telnet
telnet> open myhost

The Telnet prompt is telnet>. When you see that prompt, you can enter any of the Telnet commands described in Telnet session commands. You can quit the Telnet session at any time by typing quit at the Telnet prompt:

telnet> quit

Note: During an open Telnet connection, type Ctrl-] to display the telnet> prompt and the Telnet command-line interface. Any valid Telnet command returns you to the open session. Note that Ctrl-] does not function in binary mode Telnet. If you log into the MAX by Telnet, you might want to change its escape sequence from Ctrl-] to a different setting.

Telnet command arguments

The arguments to the Telnet command are:

<hostname>
If you conigureDNS, you can specify the remote system's hostname. Otherwise, hostname must be the IP address of the remote station.
-a | -b | -t
(Optional.) You can specify -a, -b, or -t on the Telnet command line to indicate ASCII, Binary, or Transparent mode. A specification on the command line overrides the setting of the Telnet Mode parameter.
- In ASCII mode, the MAX uses standard 7-bit mode.
- In Binary mode, the MAX tries to negotiate 8-bit Binary mode with the server at the remote end of the connection.
- In Transparent mode, the user can send and receive binary files, and use 8-bit file transfer protocols, without having to be in Binary mode.
<port-number>
(Optional.) You can specifies the port to use for the session. The default is 23, the well-known port for Telnet.

Telnet session commands

The commands in this section can be typed at the Telnet prompt during an open session. To display the Telnet prompt during an active login to the specified host, press Ctrl-] (hold down the Control key and type a right-bracket). To display information about Telnet session commands, use the Help or ? command. For example:

telnet> ?

To open a Telnet connection after invoking Telnet, use the Open command; for example:

telnet> open myhost

To send standard Telnet commands such as Are You There or Suspend Process, use the Send command. For example:

telnet> send susp

For a list of Send commands and their syntax, type:

telnet> send ?

To set special characters for use during the Telnet session, use the SET command. For example:

telnet> set eof ^D

To display current settings, type:

telnet> set all

To see a list of Set commands, type:

telnet> set ?

To quit the Telnet session and close the connection, use the Close or Quit command. For example:

telnet> close

Telnet error messages

The MAX generates an error message for any condition that causes the Telnet session to fail or terminate abnormally. These error messages may appear:

no connection: host reset (The destination host reset the connection.)
no connection: host unreachable (The destination host is unreachable.)
no connection: net unreachable (The destination network is unreachable.)
Unit busy. Try again later. (The host already has open the maximum number of concurrent Telnet sessions.)

Rlogin command

The Rlogin command initiates a login session to a remote host. It uses this format:

rlogin              rlogin [ -l user -ec ] <host-name> [ -l user ]

If you configure DNS, you can specify a hostname such as:

ascend% rlogin myhost

If DNS has not been configured, you must specify the host's IP address instead. Rlogin must also be enabled in Ethernet > Mod Config > TServ Options. The arguments to the Rlogin command are:

<hostname>
If you configure DNS, you can specify the remote system's hostname. Otherwise, hostname must be the IP address of the remote station.
-e<char>
(Optional.) This argument sets the escape character to <char>; for example:
The default for <char> is a tilde (~).
-l <username>
(Optional.) This argument specifies that you log into the remote host as <username>, rather than as the name you used to log into the terminal server. You can specify the -l option before or after <host-name>. For example, the following two lines perform identical functions:
If you did not log into the terminal server using RADIUS or TACACS, you can use this option on the command-line instead of being prompted for it by the remote host.

To terminate the remote login, use the Exit command at the remote system's prompt. Or, you can use the following escape sequence:

<CR><ESC-CHAR><PERIOD>

For example, to terminate a remote login that was initiated with the default escape character (a tilde), press Return and then type a tilde followed by a period.

~.

TCP command

The TCP command initiates a login session to a remote host. It uses this format:

tcp <hostname> <port-number>

For example:

ascend% tcp myhost

The arguments to the TCP command are:

<hostname>
If you configure DNS, you can specify the remote system's hostname. Otherwise, hostname must be the IP address of the remote station.
[<port-number>]
(Optional.) You can specifies the port to use for the session. The port number typically indicates a custom application that runs on top of the TCP session. For example, port number 23 starts a Telnet session. However, terminating the Telnet session does not terminate the raw TCP session.

When the raw TCP session starts running, the MAX displays the word connected. You can now use the TCP session to transport data by running an application on top of TCP. You can hang up the device at either end to terminate the raw TCP session. If you are using a remote terminal server session, ending the connection also terminates raw TCP.

If a raw TCP connection fails, the MAX returns one of the following error messages:

Cannot open session: <hostname> <port-number>

You entered an invalid or unknown value for <hostname>, you entered an invalid value for <port-number>, or you failed to enter a port number.

no connection: host reset (The destination host reset the connection.)
no connection: host unreachable (The destination host is unreachable.)
no connection: net unreachable (The destination network is unreachable.)

Open, Resume, and Close commands

If the MAX has V.34 digital modems installed and Modem Dialout is enabled in the TServ Options submenu, a local user can issue AT commands to the modem as if connected locally to the modem's asynchronous port. To set up a virtual connection to a V.34 mode, a user can enter the Open command in this format:

open [<modem number> | <slot>:<modemOnSlot>]

For example:

ascend% open 7:1

If the user is not sure which slot or item number to specify, the Show Modems command displays the possible choices. If the user enters the Open command without specifying any of the optional arguments, the MAX opens a virtual connection to the first available V.34 modem.

Once the user is connected to the V.34 modem, he or she can issue AT commands to the modem and receive responses from it.

To temporarily suspend a virtual connection, the user can press Ctrl-C three times. This control sequence causes the MAX to display the terminals server interface again. To resume a virtual connection suspended with Ctrl-C, the user can enter this command at the terminal server prompt:

ascend% resume

To terminate a virtual connection, the user enters this command at the terminal server prompt:

ascend% close

Administrative commands

The following commands are related to system administration:

test                test <number> frame-count> ] [ <optional fields> ]

remote              remote <station>

set                 Set various items. Type 'set ?' for help

show                Show various tables. Type 'show ?' for help

kill                terminate session

Test command

To run a self-test in which the MAX calls itself, the MAX must have two open channels: one for the placing the call, and the other for receiving it. The TEST command has this format:

test <phonenumber> [<frame-count>] [<optional fields>]

<phonenumber>
The phone number of the channel receiving the test call. This can include the numbers 0 through 9 and the characters ()[]-, but cannot include spaces.
[<frame-count>]
(Optional.) The number of frames to send during the test (a number from 1 to 65535.) The default is 100.
[data-svc=<data-svc>]
For data-svc, enter a data service identical to any of the values available for the Data Svc parameter of the Connection profile. For a list of valid values, see the MAX Reference Guide. If you do not specify a value, the default value is the one specified for the Data Svc parameter.
[call-by-call=<T1-PRI-service>]
For PRI-service, enter any value available to the Call-by-Call parameter of the Connection profile. The Call-by-Call parameter specifies the PRI service that the MAX uses when placing a PPP call. For a list of valid values, see the MAX Reference Guide. If you do not specify a value, the default is as specified for the Call-by-Call parameter.
[primary-number-type=<AT&T-switch>]
For AT&T-switch, specify any value available to the PRI # Type parameter of the Connection profile. The PRI # Type parameter specifies an AT&T switch. For a list of valid values, see the MAX Reference Guide. If you do not specify a value, the default value is the one specified for the PRI # Type parameter.
[transit-number=<IEC>]
For IEC, specify any value available to the Transit # parameter of the Connection profile. The Transit # parameter specifies the U.S. Interexchange Carrier (IEC) you use for long distance calls over a PRI line. For a list of valid values, see the MAX Reference Guide. If you do not specify a value, the default is as specified for the Transit # parameter.

For example:

ascend% test 555-1212

You can enter Ctrl-C at any time to terminate the test. While the test is running, the MAX displays the status, for example:

calling...answering...testing...end
200 packets sent, 200 packets received

If you enable trunk groups on the MAX, you can specify the outgoing lines used in the self test; if you do not, the MAX uses the first available T1 (or E1) line. For example, if you assign the trunk group 7 to line 1 on a Net/BRI module and a preceding "9" is required by your PBX to make an outgoing call, the following command places the outgoing call on line 1 of the Net/BRI module:

ascend% test 7-9-555-1212

The MAX generates an error message for any condition that causes the test to terminate before sending the full number of packets. These error messages may appear:

bad digits in phone number
The phone number you specified contained a character other than the numbers 0 through 9 and the characters ()[]-.
call failed
The MAX did not answer the outgoing call. This error can indicate a wrong phone number or a busy phone number. Use the Show ISDN command to determine the nature of the failure.
call terminated <N1> packets sent <N2> packets received
This message indicates the number of packets sent (<N1>) and received (<N2>).
cannot handshake
The MAX answered the outgoing call, but the two sides did not properly identify themselves. This error can indicate that the call was routed to the wrong MAX module, or that the phone number was incorrect.
frame-count must be in the range 1-65535
The number of frames requested exceeded 65535.
no phone number
You did not specify a phone number on the command-line.
test aborted
The test was terminated (Ctrl-C).
unit busy
You attempted to start another self-test when one was already in progress. You can run only a single self-test at a time.
unknown items on command-line
The command-line contained unknown items. Inserting one or more spaces in the telephone number can generate this error.
unknown option <option>
The command-line contained the option specified by <option>, which is invalid.
unknown value <value>
The command-line contained the value specified by <value>, which is invalid.
wrong phone number
A device other than the MAX answered the call; therefore, the phone number you specified was incorrect.

Remote command

After an MP+ connection has been established with a remote station (for example, by using the DO DIAL command), you can start a remote management session with that station by entering the Remote command in this format:

remote <station>

For example:

ascend% remote lab17gw

During the remote management session, the user interface of the remote device replaces your local user interface, as if you had opened a Telnet connection to the device. You can enter Ctrl-\ at any time to terminate the Remote session. Note that either end of an MP+ link can terminate the session by hanging up all channels of the connection.

The argument to the Remote command is the name of the remote station, which must match the value of a Station parameter in a Connection profile that allows outgoing MP+ calls, or the user-id at the start of a RADIUS profile set up for outgoing calls.

Note: A remote management session can time out because the traffic it generates does not reset the idle timer. Therefore, the Idle parameter in the Connection profile at both the calling and answering ends of the connection should be disabled during a remote management session, and restored just before exiting. Remote management works best at higher terminal speeds.

At the beginning of a remote management session, you have privileges set by the default Security profile at the remote end of the connection. To activate administrative privileges on the remote station, activate the appropriate remote Security profile by using the DO Password command (see Activating administrative permissions.)

The MAX generates an error message for any condition that causes the test to terminate before sending the full number of packets. These error messages may appear:

not authorized
Your current security privileges are insufficient for beginning a remote management session. To assign yourself the required privileges, log in with the DO PASSWORD command to a Security profile whose Edit System parameter is set to Yes.
cannot find profile for <station>
The MAX could not locate a local Connection profile containing a Station parameter whose value matched <station>.
profile for <station> does not specify MPP
The local Connection profile containing a Station value equal to <station> did not contain Encaps=MPP.
cannot establish connection for <station>
The MAX located a local Connection profile containing the proper Station and Encaps settings, but it could not complete the connection to the remote station.
<station> did not negotiate MPP
The remote station did not negotiate an MP+ connection. This error occurs most often when the remote station does not support MP+, but does support PPP.
far end does not support remote management
The remote station is running a version of MP+ that does not support remote management.
management session failed
A temporary condition, such as premature termination of the connection, caused the management session to fail.
far end rejected session
The remote station was configured to reject remote management; its Remote Mgmt parameter was set to No in the System profile.

Set command

The Set command takes several arguments. To see the Set commands:

ascend% set ?

set ?               Display help information
set all             Display current settings
set term            Sets the telnet/rlogin terminal type
set password        Enable dynamic password serving
set fr              Frame Relay datalink control
set circuit         Frame Relay Circuit control

The Set All command displays current settings.

ascend% set all

term = vt100
dynamic password serving = disabled

To specify a terminal type other than the default vt100, use the Set Term command.

The Set Password command puts the terminal server in password mode, where a third-party ACE or SAFEWORD server at a secure site can display password challenges dynamically in the terminal server interface. When the terminal server is in password mode, it passively waits for password challenges from a remote ACE or SAFEWORD server. This command applies only when using security card authentication. To enter password mode:

ascend% set password

Entering Password Mode...

[^C to exit] Password Mode>

To return to normal terminal server operations and thereby disable password mode, press Ctrl-C.

Note: Note that each channel of a connection to a secure site requires a separate password challenge, so for multichannel connections to a secure site, you must leave the terminal server in password mode until all channels have been established. The APP Server utility is an alternative way to allow users to respond to dynamic password challenges obtained from hand-held security cards. For details on dynamic password serving, see the MAX Security Supplement.

The Set FR commands enable you to bring down the nailed connection specified in the named Frame Relay profile. The connection will be reestablished within a few seconds. The Set Circuit commands let you activate or deactivate a frame relay circuit. For details, see Chapter 4, Configuring Frame Relay.

Show command

The Show command takes several arguments. To see the Show commands:

ascend% show ? 



 show ?

 Display help information


 show arp

 Display the arp cache


 show icmp

 Display ICMP information


 show if

 Display Interface info. Type `show if ?' for help


 show ip

 Display IP information. Type 'show ip ?' for help.


 show udp

 Display UDP information. Type 'show udp ?' for help


 show igmp

 Display IGMP information. Type 'show igmp ?' for help.


 show mrouting

 Display MROUTING information. Type 'show mrouting ?' f ?'


 show ospf

 Display OSPF information. Type 'show ospf ?' for help.


 show tcp

 Display TCP information. Type 'show tcp ?' for help


 show dnstab

 Display local DNS table. Type `show dnstab ?' for help


 show netware

 Display IPX information. Type 'show netware ? ' for help


 show isdn

 Display ISDN events.  Type 'show isdn <line number' for help


 show fr

 Display Frame relay info. Type 'show fr ?' for help


 show pools

 Display the assign address pools


 show modems

 Display status of all modems


 show calls

 Display status of calls


 show pad

 Display X25/PAD information


 show uptime

 Display system uptime


 show revision

 Display system revision


 show v.110s

 Display status of all v.110 cards


 show users

 Display concise list of active users


 show x25

 Display status of X.25 stack

show ?	Display help information
show arp	Display the arp cache
show icmp	Display ICMP information
show if	Display Interface info. Type `show if ?' for help
show ip	Display IP information. Type 'show ip ?' for help.
show udp	Display UDP information. Type 'show udp ?' for help
show igmp	Display IGMP information. Type 'show igmp ?' for help.
show mrouting	Display MROUTING information. Type 'show mrouting ?' f ?'
show ospf	Display OSPF information. Type 'show ospf ?' for help.
show tcp	Display TCP information. Type 'show tcp ?' for help
show dnstab	Display local DNS table. Type `show dnstab ?' for help
show netware	Display IPX information. Type 'show netware ? ' for help
show isdn	Display ISDN events. Type 'show isdn <line number' for help
show fr	Display Frame relay info. Type 'show fr ?' for help
show pools	Display the assign address pools
show modems	Display status of all modems
show calls	Display status of calls
show pad	Display X25/PAD information
show uptime	Display system uptime
show revision	Display system revision
show v.110s	Display status of all v.110 cards
show users	Display concise list of active users
show x25	Display status of X.25 stack

Note: Many of the Show commands are specific to a particular type of usage, for example, IP routing or OSPF. The chapters of this guide that relate to these types of connection and routing describe the relevant Show commands.

Show commands related to network information

The following Show commands are related to monitoring protocols and other network-specific information:

Table 14-1. Network-specific Show commands


Show command	Where described
show arp	See Chapter 10, Configuring IP Routing.
show icmp	See Chapter 10, Configuring IP Routing.
show if	See Chapter 10, Configuring IP Routing.
show ip	See Chapter 10, Configuring IP Routing.
show udp	See Chapter 10, Configuring IP Routing.
show igmp	See Chapter 12, Setting Up IP Multicast Forwarding.
show mrouting	See Chapter 12, Setting Up IP Multicast Forwarding.
show ospf	See Chapter 11, Configuring OSPF Routing.
show tcp	See Chapter 10, Configuring IP Routing.
show dnstab	See Chapter 10, Configuring IP Routing.
show netware	See Chapter 9, Configuring IPX Routing.
show fr	See Chapter 4, Configuring Frame Relay.
show pools	See Chapter 10, Configuring IP Routing.
show pad	See Chapter 6, Configuring X.25.
show x25	See Chapter 6, Configuring X.25.

Show ISDN

The Show ISDN command enables the MAX to display the last 20 events that have occurred on the specified ISDN line. Enter the command in this format:

show isdn <line-number>

where <line-number> is the number of the ISDN line. For details on how lines are numbered, see Chapter 2, Configuring the MAX for WAN Access. For example, to display information about the leftmost built-in WAN port:

ascend% show isdn 0

The MAX responds with one or more of these messages:

PH: ACTIVATED
PH: DEACTIVATED
DL: TEI ASSIGNED (BRI interfaces only)
DL: TEI REMOVED (BRI interfaces only)
NL: CALL REQUEST
NL: CLEAR REQUEST
NL: ANSWER REQUEST
NL: CALL CONNECTED
NL: CALL FAILED/T303 EXPIRY
NL: CALL CLEARED/L1 CHANGE
NL: CALL REJECTED/OTHER DEST
NL: CALL REJECTED/BAD CALL REF
NL: CALL REJECTED/NO VOICE CALLS
NL: CALL REJECTED/INVALID CONTENTS
NL: CALL REJECTED/BAD CHANNEL ID
NL: CALL FAILED/BAD PROGRESS IE
NL: CALL CLEARED WITH CAUSE

In some cases, the message can include a phone number (prefixed by #), a data service (suffixed by K for kbps), a channel number, TEI assignment, and cause code. For example, this information might display:

PH: ACTIVATED
NL: CALL REQUEST: 64K, #442
NL: CALL CONNECTED: B2, #442
NL: CLEAR REQUEST: B1
NL: CALL CLEARED WITH CAUSE 16 B1 #442

For information on each of the messages that can display, see the CCITTT Blue Book Q.931 or other ISDN specifications.

Show Modems

To display the status of the MAX unit's digital modems, enter the Show Modems command. For example, the following is output from a MAX with a V.34 modem slot card in slot 8::

ascend% show modems

slot:item    modem    status
   8:1         1       online
   8:2         2       online
   8:3         3       online
   8:4         4       idle
   8:5         5       idle
   8:6         6       idle
   8:7         7       idle
   8:8         8       idle

8-MOD and 12-MOD K56Flex modem slot cards are not numbered sequentially. This numbering does not affect functionality.

For example, if you have an 8-MOD modem card in slot 8 in a MAX, the Show Modems command in the Terminal Server displays the following output:

ascend% show modems

slot:item      modem    status
8:0         1      idle
8:1         2      idle
8:2         3      idle
8:3         4      idle
8:6         5      idle
8:7         6      idle
8:10        7      idle
8:11        8      idle

As another example, if you have an 12-MOD modem card in slot 8 in a MAX, the Show Modems command in the Terminal Server displays the following output:

ascend% show modems

slot:item      modem    status
8:0         1      idle
8:1         2      idle
8:2         3      idle
8:3         4      idle
8:4         5      idle
8:5         6      idle
8:6         7      idle
8:7         8      idle
8:8                  9            idle
8:9                10            idle
8:12              11            idle
8:13              12            idle

The output contains these fields:


Field	Description
slot item	The slot and port number of the modem. For example, 8:1 indicates the first port on the digital modem card installed in slot 8.
modem	The SNMP interface number of each modem.
status	Modem status, which may be one of the following strings: idle: The modem is not in use. awaiting DCD: The call is up and waiting for DCD. awaiting codes: DCD is up, and the call is waiting for modem result codes. online: The call is up. The modem can now send and receive data. initializing: The modem is being reset.

Show Calls

The Show Calls commands displays information about active calls on a German 1TR6 or Japan NTT switch type.

ascend% show calls

Call ID  Called Party ID Calling Party ID InOctets OutOctets

3        5104563434      4191234567        0        0
4        4197654321      5108888888        888888   99999

The output includes these fields:


Field	Description
CallID	An identifier for the call
CalledPartyID	The telephone number of the answering device (that is, this unit). This ID is obtained from layer 3 protocol messages during call setup.
CallingPartyID	The telephone number of the caller. This ID is obtained from layer 3 protocol messages during call setup.
InOctets	The total number of octets received by the user from the moment the call begins until it is cleared.
OutOctets	The total number of octets sent by the user from the moment the call begins until it is cleared.

Show Uptime

To see how long the MAX has been running:

ascend% show uptime

system uptime: up 2 days, 4 hours, 38 minutes, 43 seconds

If the MAX stays up 1000 consecutive days with no power cycles, the number of days displayed turns over to 0 and begins to increment again.

Show Revision

The Show Revision command displays the software load and version number currently running in the MAX.

ascend% show revision

techpubs-lab-17 system revision: ebiom.m40 5.0A

Show V.110s

To display the status of the MAX unit's v.110 cards:

ascend% show v.110s

slot:item    v.110s    status
   4:1         1       in use
   4:2         2       in use
   4:3         3       in use
   4:4         4       open issued
   4:5         5       carrier detected
   4:6         6       session closed
   4:7         7       idle
   4:8         8       in use

The output contains these fields:


Field	Description
slot item	The slot and port number of the V110 port. For example, 8:1 indicates the first port on the V110 card installed in slot 8
v.110s	The SNMP interface number of each V110 card.
status	V.110 port status, which may be one of the following strings: idle: The V.110 port is not in use. open issued: An open was issued, but the MAX has not synced up with the far end. carrier detected: A carrier was detected from the remote end. in use: A V.110 session is up.

Show Users

To display the number of active sessions:

ascend% show users

I  Session        Line:  Slot:  Tx        Rx        Service        Host                  User

O  ID                  Chan    Port    Data    Rate    Type[mpID]  Address            Name

O  231849873    1:1      9:1      56K      56K      MPP[1]          10.10.68.2      jdoe

I  231849874    1:3      3:1      28800  33600  Termsrv        N/A                    Modem  3:1

O 214933581    1:2      9:2      56K      56K      MPP[1]          10.10.4.9        arwp50

O 214933582    1:6      9:3      56K      56K      MPP[1]          MPP Bundle      arwp50

The output contains these fields:


Field	Description
IO	specify I (incoming call) or O (outgoing call)
Session ID	shows the unique session-ID. This is the same as Acct-Session-ID in RADIUS.
Line	Channel shows the line and channel on which the session is established.
Slot	Port shows the slot and port of the service being used by the session, which may be the number of a slot containing a modem card and the modem on that card, or the virtual slot of the MAX unit's bridge/router, with port giving the virtual interfaces to bridge/router starting with 1 for the first session of a multichannel session.
Tx Data Rate	shows the transmit data rate in bits per second.
Rx Data Rate	shows the receive data rate in bits per second.
Service Type	shows the type of session, which may be Termsrv or a protocol name. For MP and MPP, this shows the bundle ID shared by the calls in a multichannel session. The special values Initial and Login document the progress of a session. Initial identifies sessions that do not yet have a protocol assigned. Login identifies Termsrv sessions during the login process.
Host Address	shows the network address of the host originating the session. For some sessions this field is N/A. For outgoing MPP sessions only the first connection has a valid network address associated with it. All other connections in the bundle have the network address as listed as MPP Bundle
User Name	The station name associated with the session. Initially, this value is Answer. This is usually replaced with the name of the remote host. For terminal server sessions this is the login name. Prior to login completion this field will show the string "modem x:y" where x and y are the slot and port of them modem servicing the session.

Kill command

The Kill command enables you to disconnect a user who establishes a connection with the Ascend unit via Telnet. You can disconnect the user by session ID. The disconnect code that results is identical to the RADIUS disconnect code, allowing you to track all administrative disconnects. To terminate a Telnet session, use this format:

kill <session ID>

where <session ID> is the session ID as displayed by the Show Users command described in the preceding section. The reported disconnect cause is DIS_LOCAL_ADMIN. The active Security profile must have Edit All Calls=Yes. If Edit All Calls=No, this message displays when you issue the kill command:

Insufficient security level for that operation.

When the session is properly terminated, a message like this one displays:

Session 216747095 killed.

When the session is not terminated, a caution like this one displays:

Unable to kill session 216747095.

Dirdo commands to support Deutsche Telekom's ZGR

The following Dirdo commands enable you to show, add, or delete entries from the answer list or the subaddress list. The following table lists the new commands.To use them, you must have administrative authorization.


Command	Description
Dirdo show ans \| sub	Lists all the answer numbers (when you specify ans) or all the subaddresses (when you specify sub) on the RADIUS bootup server.
Dirdo add ans num \| sub num	Adds the answer number (when you specify ans) or subaddress (when you specify sub) that you enter as the num argument. For example, to add the subaddress 1234 to the list, enter the following command: Dirdo add sub 1234
Dirdo del ans num \| sub num	Deletes the answer number (when you specify ans) or subaddress (when you specify sub) that you enter as the num argument. For example, to delete the subaddress 1234 from the list, enter the following command: Dirdo del sub 1234

SNMP administration support

The MAX supports SNMP on a TCP/IP network. An SNMP management station that uses the Ascend Enterprise MIB can query the MAX, set some parameters, sound alarms when certain conditions appear in the MAX, and so forth. An SNMP manager must be running on a host on the local IP network, and the MAX must be able to find that host, either via static route or RIP.

SNMP has its own password security, which you should set up to protect the MAX from being reconfigured from an SNMP station.

Configuring SNMP access security

There are two levels of SNMP security: community strings, which must be known by a community of SNMP managers to access the box, and address security, which excludes SNMP access unless it is initiated from a specified IP address. These are the relevant parameters:

Ethernet
      Mod Config
            SNMP options...
                  Read Comm=Ascend
                  R/W Comm Enable=No
                  R/W Comm=Secret
                  Security=Yes
                  RD Mgr1=10.0.0.1
                  RD Mgr2=10.0.0.2
                  RD Mgr3=10.0.0.3
                  RD Mgr4=10.0.0.4
                  RD Mgr5=10.0.0.5
                  WR Mgr1=10.0.0.11
                  WR Mgr2=10.0.0.12
                  WR Mgr3=10.0.0.13
                  WR Mgr4=10.0.0.14
                  WR Mgr5=10.0.0.15

For complete information on each parameter, see the MAX Reference Guide.

Understanding the SNMP options

This section provides some background information on the SNMP profile settings.

enabling SNMP set commands
R/W Comm Enable disables SNMP set commands by default. Before you can use an SNMP set command, you must set R/W Comm Enable to Yes.
Note: Even you enable R/W Comm, you must still know the read-write community string to use a set command.
Setting community strings
The Read Comm parameter specifies the SNMP community name for read access (up to 32 characters), and the R/W Comm parameter specifies SNMP community name for read/write access.
Setting up and enforcing address security
If the Security parameter is set to No (its default value), any SNMP manager that presents the right community name will be allowed access. If you set this parameter to Yes, the MAX checks the source IP address of the SNMP manager and allows access only to those IP addresses listed in the RD MgrN and WR MgrN parameters, each of which specify up to five host addresses.
resetting the MAX and determining whether the MAX has reset
You can use SNMP (sysReset object) to reset a MAX from an SNMP manager. A one-minute timeout (not modifiable) after the reset command is issued permits the MAX to confirm the set rquest before the unit is reset.
Information held in the Ascend Events Group is erased and its values are initialized when the MAX is reset by software or by toggling the power off and on. sysAbsoluteStartupTime is the time in seconds since January 1, 1990, and is not modified. To determine whether the MAX has actually reset, you can retrieve the SNMP object sysAbsoluteStartupTime and compare this value against the previous poll's value for Ascend Events Group variables.

Example SNMP security configuration

This example sets the community strings, enforces address security, and prevents write access:

Open Ethernet > Mod Config > SNMP Options.
Set R/W Comm Enable to Yes.
Specify the Read Comm and R/W comm parameter strings.
Set Security to Yes.

Specify up to five host addresses in the RD MgrN parameters. Leave the WR MgrN parameters set to zero to prevent write access.

Ethernet
      Mod Config
            SNMP options...
                  Read Comm=Secret-1
                  R/W Comm Enable=Yes
                  R/W Comm=Secret-2
                  Security=Yes
                  RD Mgr1=10.0.0.1
                  RD Mgr2=10.0.0.2
                  RD Mgr3=10.0.0.3
                  RD Mgr4=10.0.0.4
                  RD Mgr5=10.0.0.5
                  WR Mgr1=0.0.0.0
                  WR Mgr2=0.0.0.0
                  WR Mgr3=0.0.0.0
                  WR Mgr4=0.0.0.0
                  WR Mgr5=0.0.0.0

Close the Ethernet profile.

Setting SNMP traps

A trap is a mechanism for reporting system change in real time, for example, reporting an incoming call to a serial host port. When a trap is generated by some condition, a traps-PDU (protocol data unit) is sent across the Ethernet to the SNMP manager.

These are the parameters related to setting SNMP traps:

Ethernet
      SNMP Traps
            Name=
            Alarm=Yes
            Port=Yes
            Security=Yes
            Comm=
            Dest=10.2.3.4

For details on each parameter and the events that generate traps in the various classes, see the MAX Reference Guide.

Understanding the SNMP trap parameters

This section provides some background information about setting traps.

The community string for communicating with the SNMP manager
The Comm field must contain the community name associated with the SNMP PDU.
Classes of traps to be sent to the specified host
The next three fields specify whether the MAX traps alarm events, security events, and port events and sends a trap-PDU to the SNMP manager.
Specifying the destination address for the trap-status report.
If DNS or YP/NIS is supported, the Dest field can contain the hostname of a system running an SNMP manager. The DNS or YP/NIS is not supported, the Dest field must contain the host's address.
Note: To turn off SNMP traps, set Dest=0.0.0.0 and delete the value for Comm.

Example SNMP trap configuration

In this example profile, a community name is specified and the host's IP address is specified in the Dest parameter.

Open an SNMP Traps profile and assign it a name.
Specify the community name (for example, Ascend).
Set the trap types to Yes.

Specify the IP address of the host to which the trap-PDUs will be sent.

Ethernet
      SNMP Traps
            Name=security-traps
            Alarm=Yes
            Port=Yes
            Security=Yes
            Comm=Ascend
            Dest=10.2.3.4