![[Top]](../../images/home.jpg){kind=small}
![[Contents]](../../images/contents.jpg){kind=small}
![[Prev]](../../images/previous.jpg){kind=small}
![[Next]](../../images/next.jpg){kind=small}
![[Last]](../../images/index.jpg){kind=small}
Usage: The Usage text explains the values you can specify for the attribute.
Example: The Example text presents an example of how to use the attribute.
Dependencies: The Dependencies text tells you what other information you need in order to specify the proper value for the attribute.
See Also: The See Also text points you to related information.
The MAX sends Acct-Authentic in an Accounting-Request packet under these conditions:
This value indicates that RADIUS authenticated the incoming call. RADIUS is the default.
The MAX sends Acct-Delay-Time in an Accounting-Request packet under these conditions:
Usage: The MAX sends Acct-Input-Octets in an Accounting-Request packet at the end of a session (Acct-Status-Type=Stop) when both of these conditions are true:
The MAX sends Acct-Output-Octets in an Accounting-Request packet at the end of a session
(Acct-Status-Type=Stop) when both of these conditions are true:
The MAX sends Acct-Session-Id under these conditions:
Dependencies: Keep this additional information in mind:
The MAX sends Acct-Session-Time in an Accounting-Request packet at the end of a session (Acct-Status-Type=Stop) when both of these conditions are true:
When utilization exceeds the threshold for a period of time greater than the value of the Ascend-Add-Seconds attribute, the MAX attempts to add the number of channels specified by the Ascend-Inc-Channel-Count attribute. Using the Ascend-Add-Seconds attribute prevents the system from continually adding bandwidth, and can slow down the process of allocating bandwidth.
Usage: Specify a number between 1 and 300. The default value is 5.
Dependencies: Keep this additional information in mind:
Usage: Specify one of the following values:
Example: The following example shows a RADIUS user profile for a routed connection:
pipe50 Password="pipe50"The following is an example of a RADIUS user profile for a dial-in connection:
User-Service = Framed-User,
Framed-Protocol = PPP,
Ascend-Appletalk-Peer-Mode = Appletalk-Peer-Router,
Ascend-Route-Appletalk = Route-Appletalk-Yes,
Ascend-Idle-Limit = 0
mac1 Password = "mac1"Dependencies: Ascend-Route-Appletalk must be set to Yes.
User-Service = Framed-User,
Framed-Protocol = PPP,
Ascend-Appletalk-Peer-Mode = Appletalk-Peer-Dialin,
Ascend-Route-Appletalk = Route-Appletalk-Yes,
Ascend-Idle-Limit = 0
See Also: Ascend-Appletalk-Peer-Mode (117), Ascend-Appletalk-Route (116)
Usage: Create a pseudo-user profile with the first line in the following format:
appleroute-num Password="ascend', user-service=Dialout-Framed- Userwhere num is a number in a series starting at 1. Then enter one or more static AppleTalk route specifications in the following format:
Ascend-Appletalk-Route="net_start net_end zone_name profile_name"
Each static route must appear in a user profile. User profile entries for Appletalk static routes are identified by the special name appleroute-# and have the following format:
appleroute-# Password = "ascend" User-Service = Dialout-Framed-User
Address 1
Address 2
...
Address n
Address n is the actual route associated with this entry. An example of a static route with the associated connection profiles is:
appleroute-1 Password = "ascend" User-Service = Dialout- Framed-User Ascend-Appletalk-Route = "20 25 testzone1 pipe50"
Dependencies: Ascend-Route-Appletalk must be set to Yes.
pipe50 Password = "ascend" User-Service = Dialout-Framed-User,
User-Service = Framed-User,
Framed-Protocol = MPP,
Ascend-Appletalk-Peer-Mode = Appletalk-Peer-Router,
Ascend-Route-Appletalk = Route-Appletalk-Yes,
Ascend-Dialout-Allowed = Dialout-Allowed,
Ascend-Dial-Number = "83272",
Ascend-Send-Auth = Send-Auth-PAP,
Ascend-Send-Passwd = "MAX"
See Also: Ascend-Appletalk-Peer-Mode (117)
Usage: Specify an alphanumeric text string containing up to 20 characters. The default value is null. The password you enter for this attribute must be identical to the password you enter in the first line of the user profile. The MAX requires both entries.
Example: This example sets up a TCP connection through ARA with a dynamic IP address assignment:
Emma Password="pwd"
Framed-Protocol=ARA,
Ascend-Ara-PW="pwd",
Ascend-Route-IP=Route-IP-Yes,
Ascend-Assign-IP-Pool=1See Also: Password (2)
Usage: Specify an IP address in dotted-decimal notation. The default value is 0.0.0.0. You can specify multiple instances of this attribute. At present, the MAX does not use the list of radipad client units.
Dependencies: If no Ascend-Assign-IP-Client attribute is present, the list of client units defaults to those present in the RADIUS clients file.
See Also: Ascend-Assign-IP-Global-Pool (146)
Ascend-Assign-IP-Server (145)
Usage: Specify the name of the pseudo-user profile containing global IP pool definitions. The Ascend unit tries to allocate an address from the pools in order, and chooses an address from the pool with the first available IP address.
Dependencies: Do not set the Framed-Address attribute in the user profile. If you do, the MAX will require the caller to use the static IP address the attribute specifies.
See Also: Ascend-Assign-IP-Client (144)
Ascend-Assign-IP-Server (145)
Framed-Address (8)
A dynamic address comes from the pool of addresses set by the Pool #n Start and Pool #n Count parameters, by the Ascend-IP-Pool-Definition attribute, or both. An IP address pool you set up in RADIUS overrides an IP address pool you set up in the MAX configuration interface only if you designate the two pools by the same number.
If you need to define more than ten pools of addresses, you must use the RADIUS attribute Ascend-IP-Pool-Definition to configure the IP address pools.
Usage: Specify an integer corresponding to an address pool. The default value is 1. If you set Ascend-Assign-IP-Pool=0, RADIUS chooses an address from any pool that has one available.
Example: In this example, the user requests an address from pool #2:
Emma Password="m2dan", User-Service=Framed-User
Ascend-Assign-IP-Pool=2See Also: Ascend-IP-Pool-Definition (217)
Usage: Specify an IP address in dotted decimal notation. The default value is 0.0.0.0. Only one instance of this attribute can appear in the profile. The default value is a placeholder only. You must specify a valid IP address for radipad to work.
See Also: Ascend-Assign-IP-Client (144)
Ascend-Assign-IP-Global-Pool (146)
When the MAX places an outgoing call, it identifies itself by a login name and password. The login name is either its system name (as specified by the Name parameter in the System profile) or the value you specify for the Ascend-Authen-Alias attribute.
Usage: Specify a text string containing up to 16 characters. The default is the value of the Name parameter in the System profile.
Example: This example uses the Ascend-Authen-Alias attribute in an outgoing profile:
Homer-Out Password="Ascend", User-Service=Dialout-Framed-User
User-Name="Homer",
Ascend-Authen-Alias="myMAXcallingU",
Ascend-Send-Auth=Send-Auth-PAP,
Ascend-Send-Secret="passwrd1",
Ascend-Dial-Number="31",
Framed-Protocol=PPP,
Framed-Address=10.0.100.1,
Framed-Netmask=255.255.255.0,
Ascend-Metric=2,
Framed-Routing=None,
Framed-Route="10.5.0.0/24 10.0.100.1 1",
Ascend-Idle-Limit=30
When you use the backup connection, the MAX does not move routes to the backup profile. Therefore, the IP routes that appear in the terminal server display may be incorrect, although statistical counts reflect the change.
Usage: Specify the name of the profile that you want to act as the backup. The backup connection can be switched or nailed up. The default value is null.
Dependencies: Keep this additional information in mind:
BACP is the Internet standard protocol equivalent to the Ascend MP+ bandwidth allocation protocol. BACP functions similarly to MP+ and uses the same attributes as MP+.
Usage: You can specify one of these settings:
Usage: The maximum number of channels you can specify depends upon the nature of the link:
Dependencies: The Ascend-Base-Channel-Count attribute does not apply when all channels of the link are nailed up (Ascend-Call-Type=Nailed).
For optimum MP+ performance, both sides of a connection must set these values to the same number:
Your carrier determines the billing number, and uses it to sort your bill. If you have several departments, and each department has its own Ascend-Billing-Number, your carrier can separate and tally each department's usage.
Usage: Specify a telephone number. You can indicate up to ten characters, and you must limit those characters to the following:
1234567890()[]!z-*# |Dependencies: The MAX uses the Ascend-Billing-Number attribute differently depending on the type of line you use:
If the calling party uses the Ascend-Billing-Number attribute instead of its phone number as its ID, the CLID the answering side uses is not the true phone number of the caller. This situation presents a security breach if you use Id Auth.
Further, be aware that if you specify a value for the Ascend-Billing-Number attribute, there is no guarantee that the phone company will send it to the answering device.
Usage: You can specify one of these values:
This setting disables bridging for the link. Bridge-No is the default.
MAX1 Password="m2dan", User-Service=Framed-User
Ascend-Route-IPX=Route-IPX-No,
Ascend-Handle-IPX=Handle-IPX-Client,Ascend-Netware-timeout=30
See Also: Ascend-Bridge-Address (168)
Usage: The Ascend-Bridge-Address attribute has this format:
Ascend-Bridge-Address="MAC_address profile_name IP_address"Table 9-1 describes Ascend-Bridge-Address arguments.
Table 9-1. Ascend-Bridge-Address arguments
Dependencies: Each bridge entry must appear in a pseudo-user profile. You create a pseudo- user to store information that the MAX can query-in this case, in order to store bridging information. For a unit-specific bridge entry, specify the first line of a pseudo-user profile in this format:
Bridge-unit_name-num Password="Ascend", User-Service=unit_name is the system name of the MAX-that is, the name specified by the Name parameter in the System profile. num is a number in a sequential series, starting at 1.
Dialout-Framed-User
In each pseudo-user profile, you specify one or more Ascend-Bridge-Address attributes. Whenever you power on or reset the MAX, or when you select the Upd Rem Cfg command from the Sys Diag menu, RADIUS adds bridging entries to the bridge table in this way:
is the system name and num is a number in a sequential series, starting with
1.
Bridge-Ascend-1 Password="Ascend", User-Service=Dialout-Framed-User
Ascend-Bridge-Address="2:2:3:10:11:12 Prof1 1.2.3.4 1",
Ascend-Bridge-Address="2:2:3:13:14:15 Prof2 5.6.7.8 2"See Also: Ascend-Bridge (230)
Usage: You can specify one of these values:
This value indicates that the MAX answers in the normal manner after authentication.
This value indicates that the MAX hangs up and calls back the caller after authentication.
Usage: Specify a number corresponding to the type of service the MAX uses. The default value is 6. Table 9-2 lists the services available for each service provider.
Table 9-2. Ascend-Call-By-Call setting
Unlike the Filter profiles in the MAX configuration interface, RADIUS filters are part of the outgoing or incoming RADIUS user profile. The MAX uses a RADIUS filter only when the MAX places or answers a call with a RADIUS profile that includes the filter specification.
Usage: Filter entries apply on a first-match basis. Therefore, the order in you specify filter entries is significant. If you make changes to a filter in a RADIUS user profile, the changes do not take effect until a call uses that profile.
Ascend-Call-Filter="ip dir action
[dstip dest_ipaddr\subnet_mask][srcip src_ipaddr\subnet_mask]
[proto [dstport cmp value] [srcport cmp value] [est]]"
Table 9-3 describes each element of the syntax.
Table 9-3. IP call filter syntax elements
Ascend-Call-Filter="ipx <dir> <action>
[srcipxnet <srcipxnet> srcipxnode <srcipxnode>
[srcipxsoc <cmp> <value> ]]
[dstipxnet <dstipxnet> dstipxnode <dstipxnode>
[dstipxsoc <cmp> <value> ]]
Table 9-8 lists each keyword and argument.
Table 9-4. IPX filter syntax elements
Ascend-Call-Filter="generic dir action offset mask value compare [more]"
Table 9-5 describes each element of the syntax. None of the keywords are case sensitive.
Table 9-5. Generic call filter syntax elements
Example: These are examples of IP call filter entries:
Ascend-Call-Filter="ip in drop"
Ascend-Call-Filter="ip out forward tcp"
Ascend-Call-Filter="ip out forward tcp dstip 10.0.200.3/16 srcip 10.0.200.25/16 dstport!=telnet"
Ascend-Call-Filter="ip out forward tcp dstip 10.0.200.3/16 srcip 10.0.200.25/16 icmp"These are examples of generic call filter entries:
Ascend-Call-Filter="generic in drop 0 ffff 0080"
Ascend-Call-Filter="generic in drop 0 ffff != 0080 more"
Ascend-Call-Filter="generic in drop 16 ff aa"See Also: Ascend-Data-Filter (242)
Usage: You can specify one of these values:
Typically, the MAX dials a call when it receives a packet whose destination is the unit at the remote end of the Nailed/Mpp connection. The packet initiating the switched call must come from the caller side of the connection.
If a failed channel is in the group specified by the Ascend-Group attribute, the MAX replaces that channel with a switched channel, even if the call is online with more than the minimum number of channels. The MAX replaces failed nailed-up channels with switched channels, regardless of the Min Ch Count setting.
Use this setting if your telephone company charges for each incoming and outgoing connection attempt, but does not charge for connection time on local calls. Ascend's regular bandwidth-on-demand feature conserves connection time but causes many connection attempts. A permanent switched connection performs the opposite function-it conserves connection attempts but causes a long connection time.
For the answering device at the remote end of the permanent switched connection, we recommend that you configure the Connection profile to answer calls but not to originate them. If the remote device initiates a call, the MAX simply does not answer it. This situation could result in repeated charges for calls that have no purpose. To keep the remote device from originating calls, set AnsOrig=Ans Only for that device.
The DO Hangup command works only from the caller side of the connection when you choose Nailed/Mpp.
Usage: Specify one of the following settings:
Usage: Specify one of the following values:
See Also: Ascend-CBCP-Enable, Ascend-CBCP-Trunk-Group
Usage: You can specify a number between 4 and 9, inclusive. The default is 9.
Dependencies: Ascend-CBCP-Trunk-Group applies only if CBCP is negotiated for a connection.
See Also: Ascend-CBCP-Enable, Ascend-CBCP-Mode
Usage: Specify the IP address of the next hop router in dotted decimal notation. The default value is 0.0.0.0. If you accept this value, the Ascend unit routes packets as specified in the routing table, using the system-wide default route if it cannot find a more specific route.
The Ascend unit must have a direct route to the address you specify. The direct route can take place via a profile or an Ethernet connection. If the Ascend unit does not have a direct route, it drops the packets on the connection. When you diagnose routing problems with a profile using this feature, an error in a per-user gateway address is not apparent from inspection of the global routing table.
Example: If you specify Ascend-Client-Gateway=10.0.0.3 in the RADIUS user profile
Berkeley, IP packets from the user with destinations through the default route goes through the
router at 10.0.0.3.
The MAX includes Ascend-Connect-Progress in an Accounting-Request packet when both of these conditions are true:
Table 9-6. Ascend-Connect-Progress codes
Unlike the Filter profiles in the MAX configuration interface, RADIUS filters are part of the outgoing or incoming RADIUS user profile. The MAX uses a RADIUS filter only when the MAX places or answers a call with a RADIUS profile that includes the filter specification.
Usage: Filter entries apply on a first-match basis. Therefore, the order in you specify filter entries is significant. If you make changes to a filter in a RADIUS user profile, the changes do not take effect until a call uses that profile.
Ascend-Data-Filter="ip dir action
[dstip dest_ipaddr\subnet_mask][srcip src_ipaddr\subnet_mask]
[proto [dstport cmp value] [srcport cmp value] [est]]"
Table 9-7 describes each element of the syntax.
Table 9-7. IP data filter syntax elements
Ascend-Data-Filter="ipx <dir> <action>
[srcipxnet <srcipxnet> srcipxnode <srcipxnode>
[srcipxsoc <cmp> <value> ]]
[dstipxnet <dstipxnet> dstipxnode <dstipxnode>
[dstipxsoc <cmp> <value> ]]
Table 9-8 lists each keyword and argument.
Table 9-8. IPX filter syntax elements
Ascend-Data-Filter="generic dir action offset mask value compare [more]"
Table 9-9 describes each element of the syntax. None of the keywords are case sensitive.
Table 9-9. Generic data filter syntax elements
Example: These are examples of IP data filter entries:
Ascend-Data-Filter="ip in drop"
Ascend-Data-Filter="ip out forward tcp"
Ascend-Data-Filter="ip out forward tcp dstip 10.0.200.3/16 srcip 10.0.200.25/16 dstport!=telnet"
Ascend-Data-Filter="ip out forward tcp dstip 10.0.200.3/16 srcip 10.0.200.25/16 icmp"These are examples of generic data filter entries:
Ascend-Data-Filter="generic in drop 0 ffff 0080"
Ascend-Data-Filter="generic in drop 0 ffff != 0080 more"
Ascend-Data-Filter="generic in drop 16 ff aa"See Also: Ascend-Call-Filter (243)
The MAX includes Ascend-Data-Rate in an Accounting-Request packet when both of these conditions are true:
Usage: The data service you specify must be available end-to-end. You can set the Ascend- Data-Svc attribute to one of the values listed in
Dependencies: Keep this additional information in mind:
Usage: You can specify one of these values:
This setting indicates that the MAX does not monitor traffic over the link.
Usage: Specify a number between 1 and 32. The default value is 1.
Dependencies: Keep this additional information in mind:
Usage: Specify a value between 1 and 254. The default is 4.
See Also: Ascend-DHCP-Pool-Number (148)
Ascend-DHCP-Reply (147)
Usage: Specify an integer between 1 and the number of address pools defined on the MAX. The default value is 0 (zero), which specifies that the MAX uses the first defined IP address pool.
Dependencies: When the DHCP client requests an address, the MAX allocates an IP address from one of its IP address pools and assigns it to the client for 30 minutes. The client must renew the IP address assignment after the 30-minute period expires.
In its local memory, the MAX keeps track of all the IP addresses it has assigned. Therefore, it loses the entries for current, unexpired IP address assignments when you reset it. If a client holds an unexpired IP address assignment when you reset the MAX, the MAX may assign the same address to a new client. These duplicate IP addresses cause network problems until the first assignment expires or one of the clients reboots.
See Also: Ascend-DHCP-Maximum-Leases
Ascend-DHCP-Reply (147)
Usage: You can specify one of these settings:
Usage: You can specify one of these settings:
Usage: Specify a telephone number. You can enter up to 21 characters, and you must limit those characters to the following:
1234567890()[]!z-*#|The MAX sends only the numeric characters to place a call. The default value is null.
If Use Trunk Grps=Yes in the System\>Sys Config menu, the first digits in the Ascend-Dial-Number attribute have the meanings listed in Table 9-11.
Table 9-11. Ascend-Dial-Number digits
The MAX includes Ascend-Disconnect-Cause in an Accounting-Request packet when both of these conditions are true:
Table 9-12. Ascend-Disconnect-Cause codes
In a coldstart notification, the MAX sends values for NAS-Identifier, Ascend-Event-Type, and Ascend-Number-Sessions in an Ascend-Event-Request packet (code 33). The RADIUS accounting server must send back an Ascend-Event-Response packet (code 34) with the correct identifier to the MAX.
In a session event, the MAX sends values for Password, NAS-Identifier, Ascend-Event-Type, and Ascend-Number-Sessions in an Ascend-Event-Request packet (code 33) when Auth=RADIUS/LOGOUT in Ethernet>Mod Config>Auth. The authentication server must send back an Ascend-Event-Response packet (code 34) with the correct identifier to the MAX.
Usage: For a coldstart notification, Ascend-Event-Type=Ascend-Coldstart (1). For a session event, Ascend-Event-Type=Ascend-Session-Event (2)
See Also: Ascend-Number-Sessions (202)
NAS-Identifier (4)
When the remote device is set to call back (Ascend-Callback=Callback-Yes or Callback=Yes) and CLID authentication is not required, the remote device answers the call, verifies a name and password against a user profile, hangs up, and dials back to the caller using these values:
When you set Ascend-Expect-Callback=Expect-Callback-Yes, calls that dial out and do not connect (for any reason) appear on a list that disallows any further calls to that destination for 90 seconds. This delay gives the remote device an opportunity to complete the callback.
Usage: You can specify one of these values:
The MAX includes Ascend-First-Dest in an Accounting-Request packet when all of these conditions are true:
Dependencies: This attribute only applies if the session routes IP.
Usage: You can specify one of these values:
This setting specifies that the MAX should use only the 56-kbps portion of a channel.
Set Ascend-Force-56=Force=56-Yes when you place calls to European or Pacific Rim countries from within North America and the complete path cannot distinguish between the Switched-56 and Switched-64 data services. This feature is not required if you are placing calls only within North America.
Usage: Specify a text string containing up to 15 characters. The default value is null.
Dependencies: Keep this additional information in mind:
Usage: Specify an integer between 1 and 10. The default value is 3.
Dependencies: Keep this additional information in mind:
Usage: Specify a number between 1 and 10. The default value is 4.
Dependencies: This attribute does not apply if Ascend-FR-Type=Ascend-FR-DTE.
See Also: Ascend-FR-Type (159)
When the MAX receives IP packets from a caller that has a redirect specified in its local Connection profile or RADIUS user profile, it simply forwards the data stream out to the Frame Relay switch using the specified DLCI, effectively passing on the responsibility of routing those packets to a later hop on the Frame Relay network. The MAX never examines the destination address of redirect packets. This feature enables you to accept traffic from one link and send all traffic to a predetermined destination, eliminating any user concerns over security.
Usage: You can specify one of these values:
Usage: Specify an integer between 16 and 991. The default value is 16. Many redirect connections can use the same DLCI.
Dependencies: Ascend-FR-Direct-DLCI applies only if Ascend-FR-Direct=FR-Direct-Yes.
Example: This portion of a user profile shows a redirect connection that uses DLCI 21 and the Frame Relay profile called Montgomery.
Permconn-MAX-1 Password="Ascend", User-Service=Dialout-Framed-User
User-Name="Matt",
Ascend-FR-Direct=FR-Direct-Yes,
Ascend-FR-Direct-Profile="Montgomery",
Ascend-FR-Direct-DLCI=21,
Metric=2,
...See Also: Ascend-FR-Direct (219)
Usage: Indicate the name of a Frame Relay profile that connects to the Frame Relay switch handling the Data Link Connection Indicator (DLCI) specified by Ascend-FR-Direct-DLCI. You can specify up to 15 alphanumeric characters. The default value is null. Make sure that you enter the name exactly as it appears in the Name parameter of the Frame Relay profile.
Dependencies: Ascend-FR-Direct-Profile applies only if Ascend-FR-Direct=FR-Direct-Yes.
Example: This portion of a user profile shows a redirect connection that uses DLCI 21 and the Frame Relay profile called Montgomery.
Permconn-MAX-1 Password="Ascend", User-Service=Dialout-Framed-User
User-Name="Matt",
Ascend-FR-Direct=FR-Direct-Yes,
Ascend-FR-Direct-Profile="Montgomery",
Ascend-FR-Direct-DLCI=21,
Metric=2,
...See Also: Ascend-FR-Direct (219)
Usage: Specify an integer between 16 and 991. The default value is 16. You must assign each gateway connection its own DLCI.
Dependencies: Ascend-FR-DLCI applies only if Ascend-FR-Direct=FR-Direct-No.
Example: This portion of a user profile shows a gateway connection that uses DLCI 21 and the Frame Relay profile called Florence.
Permconn-MAX-1 Password="Ascend", User-Service=Dialout-Framed-User
User-Name="Matt",
Ascend-FR-Direct=FR-Direct-No,
Ascend-FR-Profile-Name="Florence",
Ascend-FR-DLCI=21,
Metric=2,
...See Also: Ascend-FR-Direct (219)
Usage: Specify an integer between 1 and 10. The default value is 3.
Dependencies: Keep this additional information in mind:
Usage: Specify a number between 1 and 10. The default value is 4.
Dependencies: This attribute does not apply if Ascend-FR-Type=Ascend-FR-DCE.
See Also: Ascend-FR-Type (159)
Usage: You can specify one of these values:
Usage: You can specify one of these values:
If you configure the Frame Relay link for link management, it regularly request updates on the status of the link. The Frame Relay unit at the other end of the link must respond to these requests. Otherwise, the MAX considers the link inactive. Furthermore, if the response to these requests indicates a DLCI failure, the MAX considers the link inactive.
Usage: Specify an integer between 1 and 255. The default value is 6.
Dependencies: This attribute does not apply if Ascend-FR-Type=Ascend-FR-DCE.
See Also: Ascend-FR-Type (159)
Usage: Specify a number between 1 and the maximum number of nailed-up channels that your MAX allows. The default value is 1.
Dependencies: Do not associate a group with more than one active Frame Relay profile.
Usage: Indicate the name of a Frame Relay profile that connects to the Frame Relay switch handling the Data Link Connection Indicator (DLCI) specified by Ascend-FR-DLCI. You can specify up to 15 alphanumeric characters. The default value is null. Make sure that you enter the name exactly as it appears in the Name parameter of the Frame Relay profile.
Dependencies: Ascend-FR-Profile-Name applies only if Ascend-FR-Direct=FR-Direct-No.
Example: This portion of a user profile shows a gateway connection that uses DLCI 21 and the Frame Relay profile called Florence.
Permconn-MAX-1 Password="Ascend", User-Service=Dialout-Framed-User
User-Name="Matt",
Ascend-FR-Direct=FR-Direct-No,
Ascend-FR-Profile-Name="Florence",
Ascend-FR-DLCI=21,
Metric=2,
...See Also: Ascend-FR-Direct (219)
Usage: You can specify a number of seconds between 5 and 30. The default value is 10.
Dependencies: This attribute does not apply if Ascend-FR-Type=Ascend-FR-DCE.
See Also: Ascend-FR-Type (159)
Usage: Specify a number of seconds between 5 and 30. The default value is 10.
Dependencies: This attribute does not apply if Ascend-FR-Type=Ascend-FR-DTE.
See Also: Ascend-FR-Type (159)
Usage: You can specify one of these values:
Usage: You can specify one of these values:
If you set the Ascend-Group attribute to a value that matches the settings of a Ch n Prt/Grp, B1 Prt/Grp, or B2 Prt/Grp parameter in a Line profile, the MAX uses the specified channels for this profile's link across the WAN. Similarly, if Ascend-Group has the same value as Nailed Grp in the Serial WAN profile, the MAX uses the serial WAN circuit for this profile's link.
Usage: Your usage depends upon the value you specify for the Ascend-Call-Type attribute:
Usage: You can specify one of these values:
The WAN interface is the port on the MAX that connects to a WAN line. RIP and SAP queries enable a client workstation to locate a NetWare server across the network. Choose Handle-IPX-Client when both these conditions are true:
This mode enables the MAX to bring down calls during idle periods without breaking
client/server or peer-to-peer connections.
Ordinarily, when a NetWare server does not receive a reply to the watchdog session
keepalive packets it sends to a client, it closes the connection. When you specify Handle-IPX-Server, however, the MAX replies to NCP watchdog requests on behalf of clients on the other side of the bridge. In other words, the MAX tricks the server watchdog process into believing that the link is still active. This process is called watchdog spoofing.
Choose this setting when both these conditions are true:
However, the MAX does not filter as though you had set Ascend-Handle-IPX=Handle-IPX-Server.
MAX1 Password="m2dan", User-Service=Framed-User
Ascend-Route-IPX=Route-IPX-No,
Ascend-Handle-IPX=Handle-IPX-Client,Ascend-Netware-timeout=30
See Also: Ascend-Bridge (230)
Ascend-Netware-timeout (223)
Usage: Figure 9-1 illustrates the differences among the algorithms you can choose.
Figure 9-1. Bandwidth algorithms for MP+ calls
The weighting grows at a quadratic rate. History-Quadratic is the default.
Example: The following is an example of a RADIUS accounting STOP record that includes the Ascend-Home-Agent-IP-Addr attribute:
Mon Apr 21 02:41:38 1997
User-Name = "JacobP75"Dependencies: Accounting-Request packets, generated by the foreign agent, send the Ascend-Home-Agent-IP-Addr attribute at the end of a session, under the following conditions:
NAS-Identifier = 1.1.1.1
NAS-Port = 10105
Acct-Status-Type = Stop
Acct-Delay-Time = 0
Acct-Session-Id = "111111111"
Acct-Authentic = RADIUS
Acct-Session-Time = 0
Acct-Input-Octets = 215
Acct-Output-Octets = 208
Acct-Input-Packets = 10
Acct-Output-Packets = 10
Ascend-Disconnect-Cause = 1
Ascend-Connect-Progress = 60
Ascend-Data-Rate = 56000
Ascend-PreSession-Time = 1
Ascend-Pre-Input-Octets = 215
Ascend-Pre-Output-Octets = 208
Ascend-Pre-Input-Packets = 10
Ascend-Pre-Output-Packets = 10
Framed-Protocol = PPP
Framed-Address = 2.2.2.2
Tunneling-Protocol = ATMP
Ascend-Home-Agent-IP-Addr = 3.3.3.3
Ascend-Home-Agent-UDP-Port = 5150
Ascend-Home-Network-Name = homenet
The RADIUS server passes the attributes in the mobile node's RADIUS user profile to the foreign agent. The foreign agent sends these attributes when connecting with the home agent.
A mobile node can also connect directly to the home agent. An ATMP-based RADIUS profile that is local to the home agent enables the mobile node to bypass a foreign agent connection, but does not preclude a foreign agent. If both the home agent and the foreign agent have local RADIUS profiles for the mobile node, the node can choose between a direct connection or a tunneled connection through the foreign agent.
Usage: Specify a text string containing up to 20 characters. The default value is null.
Example: The following RADIUS profile authenticates a mobile NetWare client that connects directly to the home agent. In this example, the home agent is in gateway mode. It forwards packets from the mobile node across a nailed-up WAN link to the home IPX network.
Mobile-IPX Password="unit"
User-Service=Framed-User,
Ascend-Route-IPX=Route-IPX-Yes,
Framed-Protocol=PPP,
Ascend-IPX-Peer-Mode=IPX-Peer-Dialin,
Framed-IPX-Network=40000000,
Ascend-IPX-Node-Addr=12345678,
Ascend-Primary-Home-Agent="max1.home.com:6001",
Ascend-Secondary-Home-Agent="max2.home.com:6001",
Ascend-Home-Network-Name="Dave's MAX",
Ascend-Home-Agent-Password="Pipeline"See Also: Ascend-Home-Agent-UDP-Port (186)
Usage: Specify a UDP port number between 0 and 65535. The default value is 5150.
Dependencies: If you specify a value for the udp_port argument of Ascend-Primary-Home- Agent or Ascend-Secondary-Home-Agent, or if you accept the default of 5150 for udp_port, you need not specify the Ascend-Home-Agent-UDP-Port attribute.
See Also: Ascend-Home-Agent-Password (184)
Ascend-Home-Network-Name (185)
Ascend-Primary-Home-Agent (129)
Ascend-Secondary-Home-Agent (130)
The RADIUS server passes the attributes in the mobile node's RADIUS user profile to the foreign agent. The foreign agent sends these attributes when connecting with the home agent.
A mobile node can also connect directly to the home agent. An ATMP-based RADIUS profile that is local to the home agent enables the mobile node to bypass a foreign agent connection, but does not preclude a foreign agent. If both the home agent and the foreign agent have local RADIUS profiles for the mobile node, the node can choose between a direct connection or a tunneled connection through the foreign agent.
Usage: Specify the name of the home agent's Connection profile. The default value is null.
Dependencies: You must specify a value for this attribute only if the home agent is a gateway (that is, only if Type=Gateway in the Ethernet>Mod Config>ATMP Options menu).
Example: The following RADIUS profile authenticates a mobile NetWare client that connects directly to the home agent. In this example, the home agent is in gateway mode. It forwards packets from the mobile node across a nailed-up WAN link to the home IPX network.
Mobile-IPX Password="unit"
User-Service=Framed-User,
Ascend-Route-IPX=Route-IPX-Yes,
Framed-Protocol=PPP,
Ascend-IPX-Peer-Mode=IPX-Peer-Dialin,
Framed-IPX-Network=40000000,
Ascend-IPX-Node-Addr=12345678,
Ascend-Primary-Home-Agent="max1.home.com:6001",
Ascend-Secondary-Home-Agent="max2.home.com:6001",
Ascend-Home-Network-Name="Dave's MAX",
Ascend-Home-Agent-Password="Pipeline"See Also: Ascend-Home-Agent-Password (184)
Usage: You can specify up to 10 Ascend-Host-Info entries in a user profile. Enter your attribute settings in this format:
Ascend-Host-Info="IP_address text"
Initial-Banner-Cal Password="Ascend", User-Service=Dialout-Framed-User
Reply-Message="Up to 16 lines of up to 80 characters each",
Reply-Message="will be accepted. Long lines will be truncated",
Reply-Message="Additional lines will be ignored.",
Reply-Message="",Ascend-Host-Info="1.2.3.4 Berkeley",
Ascend-Host-Info="1.2.3.5 Alameda",
Ascend-Host-Info="1.2.36 San Francisco",
Usage: Specify a number between 0 and 65535. If you specify 0 (zero), the MAX always clears a call when a session is inactive. The default value is 120 seconds. If you accept the default and an existing Answer profile specifies a value for the analogous Idle parameter, the MAX ignores the Idle value and uses the Ascend-Idle-Limit default.
Dependencies: Keep this additional information in mind:
Usage: Specify a subnet mask consisting of four numbers between 0 and 255, separated by periods. The default value is 0.0.0.0.
Usage: Specify a number between 1 and 32. The default value is 1.
Dependencies: Keep this additional information in mind:
Usage: Specify an IP address in dotted decimal notation. An IP address consists of four numbers between 0 and 255, separated by periods. The default value is 0.0.0.0. If you accept the default, the MAX does not redirect IP traffic.
Dependencies: Keep this additional information in mind:
Emma Password="m2dan", User-Service=Framed-User
Framed-Protocol=PPP,
Framed-Address=10.8.9.10,Framed-Netmask=255.255.252.0,
Ascend-Route-IP=Route-IP-Yes,
Ascend-Bridge=Bridge-No,
Ascend-IP-Direct=10.2.3.11,
Ascend-Metric=2,
Framed-Routing=None,
...See Also: Framed-Routing (10)
Usage: The Ascend-IP-Pool-Definition attribute has this format:
Ascend-IP-Pool-Definition="num first_ipaddr max_entries"Table 9-13 describes each Ascend-IP-Pool-Definition argument.
Table 9-13. Ascend-IP-Pool-Definition arguments
Dependencies: You specify one or more Ascend-IP-Pool-Definition attributes in a pseudo- user profile. You create a pseudo-user to store information that the MAX can query-in this case, in order to store IP address pool information. Specify the first line of a pseudo-user profile in this format:
Pools-unit_name Password="Ascend", User-Service=Dialout-Framed-Userunit_name is the system name of the MAX-that is, the name specified by the Name parameter in the System profile. On the next lines of the profile, specify one or more Ascend-IP-Pool-Definition attributes.
Example: In this example, the pseudo-user profile creates two IP address pools for the MAX to use. Address pool #1 contains a block of 7 IP addresses from 10.1.0.1 to 10.1.0.7. Address pool #2 contains a block of 48 IP addresses from 10.2.0.1 to 10.2.0.48.
Pools-MAX Password="Ascend", User-Service=Dialout-Framed-User
Ascend-IP-Pool-Definition="1 10.1.0.1 7",
Ascend-IP-Pool-Definition="2 10.2.0.1 48"See Also: Ascend-Assign-IP-Pool (218)
Usage: Specify an IPX network number. The default value is 0 (zero). RADIUS requires that this attribute have a decimal value (base 10), but IPX network numbers generally have hexadecimal values (base 16). In order to give this attribute a value, you must convert the hexadecimal IPX network number to a decimal value for use in the user profile.
See Also: Ascend-IPX-Peer-Mode (216)
Ascend-IPX-Route (174)
Ascend-Route-IPX (229)
Usage: Specify a 12-digit ASCII string enclosed in double-quotes. The RADIUS server passes the attributes in the mobile node's profile to the foreign agent. The foreign agent sends these attributes when connecting with the home agent.
See Also: Framed-IPX-Network (23)
Dial-in clients do not belong to an IPX network, so you must assign them an IPX network number. When you do so, a dial-in client can establish a routing connection with the MAX. To provide an IPX network number, you must define a virtual IPX network using the IPX Pool# parameter in the MAX configuration interface. The MAX advertises the route to this virtual network and assigns it as the network address for dial-in clients.
Usage: For the Ascend-IPX-Peer-Mode attribute, you can specify one of these values:
Usage: To configure a static IPX route to an internal network, use the following format:
Ascend-IPX-Route="profile_name network# [node#] [socket#] [server_type] [hop_count] [tick_count] [server_name]"Table 9-14 describes each Ascend-IPX-Route argument.
Table 9-14. Ascend-IPX-Route arguments
Ascend-IPX-Route="route-only [network #] [transit_network #]"
Table 9-15 describes each Ascend-IPX-Route argument.
Table 9-15. Ascend-IPX-Route arguments
Argument |
Description |
|---|---|
| network # | Indicates the unique external network number. The default value is 00000000. |
| transit_network # |
Indicates an intermediate network:
|
Dependencies: Each static route must appear in a pseudo-user profile. You create a pseudo- user to store information that the MAX can query-in this case, in order to store IPX routing information. You can configure pseudo-users for both global and MAX-specific configuration control of IPX dialout routes. The MAX loads the unit-specific dialout routes in addition to the global dialout routes.
For a unit-specific IPX dialout route, specify the first line of a pseudo-user profile in this format:
IPXRoute-unit_name-num Password="Ascend", User-Service=Dialout-Framed- UserFor a global IPX dialout route, specify the first line of a pseudo-user profile in this format:
IPXRoute-num Password="Ascend", User-Service=Dialout-Framed-Userunit_name is the system name of the MAX-that is, the name specified by the Name parameter in the System profile. num is a number in a sequential series, starting at 1.
In each pseudo-user profile, you can specify one or more routes using the Ascend-IPX-Route attribute. Limit each pseudo-user profile to about 25 routes. The MAX fetches information from each pseudo-user profile in order to gather routing information. Whenever you power on or reset the MAX, or when you select the Upd Rem Cfg command from the Sys Diag menu, RADIUS adds IPX dialout routes to the routing table in this way:
is the system name.
The variable num is a number in a sequential series, starting with 1.
IPXRoute-CA-1 Password="Ascend", User-Service=Dialout-Framed-User
Ascend-IPX-Route="def 6 7 8 9 10"This example defines a global IPX route:
IPXRoute-1 Password="Ascend", User-Service=Dialout-Framed-User
Ascend-IPX-Route="abc 1 2 3 4 5 "See Also: Ascend-IPX-Alias (224)
Usage: You can specify one of these values:
See Also: Framed-Compression (13)
Usage: You can specify an integer between 0 and 1440. The MAX checks the connection once per minute, so the actual time the call is connected is slightly longer than the actual time you set.
The default value is 0 (zero). If you accept the default, the MAX does not set a limit on the duration of an incoming call.
Usage: Specify an integer between 1 and the maximum number of channels your system supports. The default value is 1.
Dependencies: This attribute applies only to MP+ calls.
For optimum MP+ performance, both sides of a connection must set these values to the same number:
Usage: Specify an integer between 0 and 4,294,967,295. The default value is 0 (zero). When you accept the default, the MAX does not enforce a time limit.
Using this attribute, you can configure a profile to give the terminal server user a custom menu of items from which to choose. The server uses the custom menu to present the user with a subset of terminal server commands. The user does not have access to the regular menu or to the terminal server command line.
Usage: Enter your specifications using this format:
Ascend-Menu Item=command;text;match
Example: Suppose you set these attributes:
Emma Password="m2dan", User-Service=Login-User
Ascend-Menu-Item="show ip stats;Display IP Stats",
Ascend-Menu-Item="ping 1.2.3.4;Ping server",
Ascend-Menu-Item="telnet 10.2.4.5;Telnet to Ken's machine",
Ascend-Menu-Item="show arp;Display ARP Table",
Ascend-Menu-Selector=" Option:",
...The terminal server displays this text:
1. Display IP Stats 3. Telnet to Ken's machine
2. Ping server 4. Display ARP Table.
Option:Now, suppose you also enter specifications for the match option, as in this profile:
Emma Password="m2dan", User-Service=Login-User
Ascend-Menu-Item="show ip stats;ip=Display ip stats;ip",
Ascend-Menu-Item="ping 1.2.3.4;p=Ping server. Ctrl-C stops ping;p",
Ascend-Menu-Item="telnet 10.2.4.5;t=Telnet to Ken's machine;t",
Ascend-Menu-Item="show arp;dsp=Display arp table;dsp ",
Ascend-Menu-Selector=" Option:",
...The terminal server displays this text:
ip=Display ip stats p=Ping server. Ctrl-C stops ping
t=Telnet to Ken's machine dsp=Display arp table
Option:
Emma Password="m2dan", User-Service=Login-User
Ascend-Menu-Item="show ip stats;ip=Display ip stats",
Ascend-Menu-Item="ping 1.2.3.4;p=Ping server. Ctrl-C stops ping;p",
Ascend-Menu-Item="telnet 10.2.4.5;t=Telnet to Ken's machine;t",
Ascend-Menu-Item="show arp;dsp=Display arp table;dsp ",
Ascend-Menu-Selector=" Option:",
If you mix numbered selections and pattern matching, as in this example, the terminal server screen displays the following text:
1. ip=Display ip stats 3. t=Telnet to Ken's machine
2. p=Ping server. Ctrl-C stops ping 4. dsp=Display arp table
See Also: Ascend-Menu-Selector (205)
By default, when you create a custom menu with the Ascend-Menu-Item attribute, the terminal server displays this string when prompting the user to make a selection:
The num argument represents the last number in the list. The terminal server code automatically determines the value of num by determining the number of items in the menu. The only valid user input is in the range 1 through num, and q to quit.Enter Selection (1-num, q)
However, you can specify a different string for prompting the user to make a selection. The Ascend-Menu-Selector attribute enables you to specify a string that the terminal server displays when prompting a user for a menu selection. If you define this attribute, its value overrides the default of Enter Selection (1-num, q).
Usage: Specify a text string containing up to 31 characters. The terminal server displays this string when prompting the user for a menu selection.
Example: Suppose you set these attributes:
Emma Password="m2dan", User-Service=Login-User
Ascend-Menu-Item="show ip stats;Display IP Stats",
Ascend-Menu-Item="ping 1.2.3.4;Ping server",
Ascend-Menu-Item="telnet 10.2.4.5; Telnet to Ken's machine",
Ascend-Menu-Item="show arp;Display ARP Table"
Ascend-Menu-Selector=" Option:"The terminal server displays this text:
1. Display IP Stats 3. Telnet to Ken's machine
2. Ping server 4. Display ARP Table.
Option:Note that the valid user input in this example is still 1 through 4, or q to quit.
See Also: Ascend-Menu-Item (206)
If there are two routes available to a single destination network, you can ensure that the MAX uses any available nailed-up channel before using a switched channel. Simply set the Ascend-Metric attribute to a value higher than the metric of any nailed-up route. The higher the value you enter, the less likely that the MAX will bring the link online. The MAX uses the lowest metric.
Usage: You can specify a number between 1 and 15. This value is the virtual hop count. The default value is 7.
Dependencies: Keep this additional information in mind:
See Also: Ascend-Route-IP (228)
Framed-Route (22)
Usage: You can specify a number between 1 and 32. The default value is 1.
Dependencies: This attribute applies only to MP+ calls.
For optimum MP+ performance, both sides of a connection must set these values to the same number:
Usage: The MAX sends Ascend-Modem-PortNo as part of an accounting Stop record. The attribute does no appear in a user profile.
Dependencies: Because the MAX designates a modem by slot card and port, you must consider the value of Ascend-Modem-SlotNo.
Usage: The MAX sends Ascend-Modem-SlotNo as part of an accounting Stip record. The attribute does not appear in a user profile.
Dependencies: Because the MAX designates a modem by slot card and port, you must consider the value of Ascend-Modem-PortNo
Usage: Specify an integer between 0 and 99. The default value is 0 (zero). This setting causes the MAX to ignore bandwidth utilization when determining whether to clear a call.
Dependencies: Keep this additional information in mind:
Usage: You can specify one of these values:
This setting indicates that the user is not a multicast client of the MAX.
This setting indicates that the user is a multicast client of the MAX.
See Also: Ascend-Multicast-Rate-Limit (153)
Usage: Specify an integer. If you set the attribute to 0 (zero), the MAX does not apply rate limiting. The default value is 100. The MAX discards any subsequent packets it receives in the window you specify.
Dependencies: This attribute applies solely to the IP-only release of the MAX 4000.
See Also: Ascend-Multicast-Client (152)
The MAX sends Ascend-Multilink-ID in an Accounting-Request packet when all of these conditions are true:
See Also: Ascend-Num-In-Multilink (188)
Usage: Specify an integer between 0 and 65535. The default value is 0 (zero). This default allows the MAX to respond to watchdog requests without a time limit.
The timer begins counting down as soon as the WAN bridging link goes offline. At the end of the selected time, the MAX releases the client-server connections. If there is a reconnection of the WAN session, the MAX cancels the timeout.
Dependencies: Ascend-Netware-timeout applies to IPX bridging connections when the MAX
is on the server LAN and not on the client LAN-that is, when Ascend-Handle-IPX=
Handle-IPX-Server.
See Also: Ascend-Handle-IPX (222)
Usage: The Ascend-Number-Sessions attribute has a compound value. The first part specifies a user-session class. The second part reports the number of active sessions in that class.
In the MAX, you can set the Sess Timer parameter in the Ethernet>Mod Config>Accounting menu to send accounting requests at regular intervals. At the specified interval, the MAX reports the number of open sessions by sending an Ascend-Event-Request packet (code 33). This packet contains an NAS-Identifier attribute, an Ascend-Event-Type attribute, and one or more Ascend-Number-Sessions attributes. The authentication server must send back an Ascend-Event-Response packet (code 34) with the correct identifier to the MAX.
In addition, you can set the Sess Timer parameter in the Ethernet>Mod Config>Auth menu to send requests to the authentication server at regular intervals. In a session event when Auth=RADIUS/LOGOUT, the MAX sends values for Password, NAS-Identifier, Ascend-Event-Type, and Ascend-Number-Sessions in an Ascend-Event-Request packet (code 33). The authentication server must send back an Ascend-Event-Response packet (code 34) with the correct identifier to the MAX.
Dependencies: The MAX sends the Ascend-Number-Sessions attribute in Ascend-Event- Request packets. Only RADIUS daemons you customize to recognize this packet code respond these request packets from the MAX. Other daemons ignore it. Therefore, both the standard Livingston RADIUS daemon and the Ascend daemon ignore this attribute.
When modifying the daemon, make sure that it recognizes an Ascend-Event-Request packet in this format:
Code (8-bit)=33
Identifier (8-bit)
Length (16-bit)
Authenticator (48-bit for an accounting server, 64-bit for an
authentication server)
List of attributesExample: Suppose that the MAX has three classes of clients: Class-1, Class-2, and Class-3. At the time of the sessions report, there are eight active sessions: three Class-1 sessions, four Class-2 sessions, and one Class-3 session. The accounting packet the MAX sends back to the RADIUS accounting server has three Ascend-Number-Session attributes, one for each of these
See Also: Ascend-Event-Type (150)
Class (25)
The MAX sends Ascend-Num-In-Multilink in an Accounting-Request packet when all of these conditions are true:
See Also: Ascend-Multilink-ID (187)
Usage: Specify an IP address in dotted decimal notation. An IP address consists of four numbers between 0 and 255, separated by periods. The default value is 0.0.0.0. If you accept the default, IPCP negotiates with the value of the IP Adrs parameter in the Ethernet\>Mod Config\>Ether Options menu.
If you specify a valid IP address, IPCP negotiates with that IP address. If you specify 255.255.255.255, IPCP negotiates with the address 0.0.0.0.
Dependencies: You can assign Ascend-PPP-Address a value different from the MAX unit's true IP address, as long as the user requesting access understands that limitation.
Usage: Specify a 4-byte bitmap to one or more control characters. The async control character map is defined in RFC 1548 and specifies that each bit position represents its ASCII equivalent. The bits are ordered with the lowest bit of the lowest byte being 0. For example, bit 19 corresponds to Control-S (DC3) or ASCII 19.
Example: Your specification might look like this one:
Emma Password="m2dan", User-Service=Login-User
Ascend-PPP-Async-Map=19,
...The number 19 translates to 13 hex or 10011 binary. Therefore, NUL (00), SOH (01), and EOT (04) are mapped.
RFC 1172 section 5.2 contains an erroneous statement that the VJ compression type value is 0x0037. It should be 0x002d. However, many older PPP implementations use the 0x0037 value when negotiating VJ compression. If you do not specify a value for Ascend-PPP-VJ-1172, the VJ compression type is 0x002d.
Usage: Enter your specification using this format:
Ascend-PPP-VJ-1172=PPP-VJ-1172
When you turn on VJ compression, the MAX removes the TCP/IP header, and associates a TCP/IP packet with a connection by giving it a slot ID. The first packet coming into a connection must have a slot ID, but succeeding packets need not have one. If the packet does not have a slot ID, the MAX assumes that it uses the last slot ID. This scenario uses slot ID compression, because the slot ID does not appear in any packet but the first in a stream.
However, there may be times when you want each VJ-compressed packet to have a slot ID. The Ascend-PPP-VJ-Slot-Comp attribute exists for this purpose.
Usage: To specify that no slot compression occurs, set the Ascend-PPP-VJ-Slot-Comp attribute to VJ-Slot-Comp-No (1). If you do not specify a value for Ascend-PPP-VJ-Slot- Comp, and Framed-Compression=Van-Jacobson-TCP-IP, slot compression occurs.
See Also: Framed-Compression (13)
The MAX includes Ascend-Pre-Input-Octets in an Accounting-Request packet when all of these conditions are true:
The MAX includes Ascend-Pre-Input-packets in an Accounting-Request packet when all of these conditions are true:
The MAX includes Ascend-Pre-Output-Octets in an Accounting-Request packet when all of these conditions are true:
The MAX includes Ascend-Pre-Output-packets in an Accounting-Request packet when all of these conditions are true:
Usage: Specify an integer between 0 and 65535. The MAX never preempts a call if you enter 0 (zero). The default value is 60.
Dependencies: The Ascend-Preempt-Limit attribute does not apply to nailed-up links.
See Also: Ascend-Idle-Limit (244)
Ascend-MPP-Idle-Percent (254)
Usage: Specify an integer. The default value is 60. We recommend that you accept this default for dial-in and dial-out user profiles.
Dependencies: Make sure that more desirable routes have a lower preference number. In particular, make sure that routes for connections that are down have a higher preference number than routes for connections that are up. The following table lists the factory default values for route preferences.
Route type |
Default value |
|---|---|
| Interface | 0 |
| ICMP | 30 |
| RIP | 100 |
| OSPF ASE | 150 |
| OSPF Internal | 10 |
| Static | 60 |
| Down-WAN | 120 |
| Infinite | 225 |
The MAX includes Ascend-PreSession-Time in an Accounting-Request packet when both of these conditions are true:
The RADIUS server passes the attributes in the mobile node's RADIUS user profile to the foreign agent. The foreign agent sends these attributes when connecting with the home agent.
A mobile node can also connect directly to the home agent. An ATMP-based RADIUS profile that is local to the home agent enables the mobile node to bypass a foreign agent connection, but does not preclude a foreign agent. If both the home agent and the foreign agent have local RADIUS profiles for the mobile node, the node can choose between a direct connection or a tunneled connection through the foreign agent.
Usage: Specify the primary home agent using this syntax:
Ascend-Primary-Home-Agent="hostname | ip_address [:udp_port]"
Ascend-Primary-Home-Agent="max1.home.com:6001"
Ascend-Primary-Home-Agent="10.0.0.1:6001"The following RADIUS profile authenticates a mobile NetWare client that connects directly to the home agent. In this example, the home agent is in gateway mode. It forwards packets from the mobile node across a nailed-up WAN link to the home IPX network.
Mobile-IPX Password="unit"
User-Service=Framed-User,
Ascend-Route-IPX=Route-IPX-Yes,
Framed-Protocol=PPP,
Ascend-IPX-Peer-Mode=IPX-Peer-Dialin,
Framed-IPX-Network=40000000,
Ascend-IPX-Node-Addr=12345678,
Ascend-Primary-Home-Agent="max1.home.com:6001",
Ascend-Secondary-Home-Agent="max2.home.com:6001",
Ascend-Home-Network-Name="Dave's MAX",
Ascend-Home-Agent-Password="Pipeline"Dependencies: Keep this additional information in mind:
See Also: Ascend-Home-Agent-Password (184)
Ascend-Home-Agent-UDP-Port (186)
Ascend-Home-Network-Name (185)
Ascend-Secondary-Home-Agent (130)
Usage: You can specify one of these values:
This setting indicates that the MAX can dial any type of number.
This setting indicates that the MAX dials a number outside the U.S.
This setting indicates that the MAX dials a number inside the U.S. National-Number is the default.
This setting indicates that the MAX dials a number within your Centrex group.
This setting indicates that the MAX dials an abbreviated phone number.
When the MAX makes an authentication request, the RADIUS server checks the current date against the value of Ascend-PW-Expiration. If the date of the authentication request is the same date or a later date than the value of Ascend-PW-Expiration, the user receives a message saying that the password has expired.
You must specify Ascend-PW-Expiration when you first create a user.
Usage: Specify a month, day, and year.
The values 2, 02, 002, and 0021 are all valid, but 32 is not.
Dependencies: Keep this additional information in mind:
The resulting date becomes the new value for Ascend-PW-Expiration.
For example, suppose that Ascend-PW-Lifetime=30, Ascend-PW-Expiration=January 1, 1997, and today's date is March 1, 1997. If the user resets the password today, the value of Ascend-PW-Expiration becomes today's date + Ascend-PW-Lifetime, or March 31, 1997.
Emma Password="m2dan", User-Service=Login-User, Ascend-PW- Expiration="January 1, 1997"
...See Also: Ascend-PW-Lifetime (208)
Usage: Specify an integer to indicate the number of days for which the user's password is valid. You can set the Ascend-PW-Lifetime attribute on any line other than the first line of the user profile.
Dependencies: Keep this additional information in mind:
Emma Password="m2dan", User-Service=Login-User, Ascend-PW- Expiration="Jan 1, 1997"
Ascend-PW-Lifetime=30See Also: Ascend-PW-Expiration (21)
Usage: You can use the Ascend-Receive-Secret attribute for CACHE-TOKEN or PAP- TOKEN-CHAP authentication. In either case, you can specify up to 20 characters. The default value is null.
In PAP-TOKEN-CHAP authentication, you need to verify only the initial connection using a hand-held security card. CHAP verifies any additional channels. That is, whenever the MAX adds channels to a PPP or MP+ call using PAP-TOKEN-CHAP, the calling unit sends the encrypted value of Aux Send PW, and the answering unit checks this password against Ascend-Receive-Secret. The answering unit receives Ascend-Receive-Secret from the RADIUS server when the first channel of the call connects.
John Password="SAFEWORD", Ascend-Token-Expiry=90, Ascend- Token-Idle=80, Ascend-Token-Immediate=Tok-Imm-Yes
Ascend-Receive-Secret="shared-secret",
User-Service=Framed-User,
Framed-Protocol=MPP,
Framed-Address=200.0.5.1,
Framed-Netmask=255.255.255.0This example shows the settings necessary for a user called Emma to use an Enigma Logic server. Because this profile includes the attribute Ascend-Receive-Secret, the MAX can authenticate additional channels through CHAP without having to go to the SAFEWORD server for authentication.
Emma Password="SAFEWORD"
User-Service=Framed-User,
Framed-Protocol=MPP,
Framed-Address=200.0.5.1,
Framed-Netmask=255.255.255.0,
Ascend-Receive-Secret="b5XSAM"See Also: Ascend-Token-Expiry (204)
Usage: Specify the IP address of the numbered interface. An IP address consists of four numbers between 0 and 255, separated by periods. The default value is 0.0.0.0.
Dependencies: For Ascend-Remote-Addr to apply, you must enable IP for the user profile (Ascend-Route-IP=Route-IP-Yes).
See Also: Ascend-Route-IP (228)
When utilization falls below the threshold for a period of time greater than the value of the Ascend-Remove-Seconds attribute, the MAX attempts to remove the number of channels specified by the Ascend-Dec-Channel-Count attribute. Using the Ascend-Remove-Seconds attribute prevents the system from continually subtracting bandwidth, and can slow down the process of removing bandwidth.
Usage: Specify a number between 1 and 300. The default value is 10.
Dependencies: Keep this additional information in mind:
Usage: You can specify one of these values:
If you require additional authentication, you must configure a two-tiered dial-in setup.
For additional authentication after CLID authentication, the first-tier dial-in user profile has the following two-line format:
phonenum Password="Ascend-CLID"
Ascend-Require-Auth=Require-AuthFor additional authentication after called-number authentication, the first-tier dial-in user profile has the following two-line format:
phonenum Password="Ascend-DNIS"
Ascend-Require-Auth=Require-Auth
5551212 Password="Ascend-CLID"
Ascend-Require-Auth=Require-Auth
Emma Password="pwd" Caller-Id="5551212"
User-Service=Framed-User,
Framed-Protocol=PPP,
Framed-Address=200.11.12.10,
Framed-Netmask=255.255.255.248,
Ascend-Send-Secret="pwd",
...
Usage: Specify one of the following values:
Usage: You can specify one of these values:
Usage: You can specify one of these values:
Usage: Specify the secondary home agent using this syntax:
Ascend-Secondary-Home-Agent="hostname | ip_address [:udp_port]"
Ascend-Secondary-Home-Agent="max2.home.com:6002"
Ascend-Secondary-Home-Agent="10.0.0.2:6002"To specify a primary home agent and a secondary home agent, enter these lines in the RADIUS user profile:
Ascend-Primary-Home-Agent="max1.home.com:6001"
Ascend-Secondary-Home-Agent="max2.home.com:6002"The foreign agent first tries max1.home.com on UDP port 6001. If the name cannot be resolved, or if max1.home.com does not respond, the foreign agent then tries max2.home.com on UDP port 6002.
The RADIUS accounting Stop record will include Ascend-Home-Agent-IP-Addr when Ascend-Secondary-Home-Agent is present in the user profile.
Dependencies: If you specify the Ascend-Home-Agent-UDP-Port attribute on the line immediately following the Ascend-Secondary-Home-Agent attribute, you need not specify a value for udp_port. By the same token, if you specify a value for the udp_port argument of Ascend-Secondary-Home-Agent, or if you accept the default of 5150, you need not specify the Ascend-Home-Agent-UDP-Port attribute.
See Also: Ascend-Home-Agent-Password (184)
Ascend-Home-Agent-UDP-Port (186)
Ascend-Home-Network-Name (185)
Ascend-Primary-Home-Agent (129)
The number of seconds you choose for the Ascend-Seconds-Of-History attribute depends on your device's traffic patterns. For example, if you want to average spikes with normal traffic flow, you may want the MAX to establish a longer historical time period. If, on the other hand, traffic patterns consist of many spikes that are short in duration, you may want to specify a shorter period of time. Doing so assigns less weight to the short spikes.
Usage: Specify a number between 1 and 300. The default value is 15 seconds.
Dependencies: Keep this additional information in mind:
Usage: You can specify one of these values:
Usage: Specify a text string containing up to 20 characters. The default value is null.
Dependencies: In a user profile, you can specify either Ascend-Send-Passwd or Ascend-
Send-Secret, but not both. Use Ascend-Send-Passwd only if your version of the MAX does not
support Ascend-Send-Secret.
See Also: Ascend-Send-Auth (231)
Ascend-Send-Secret (214)
Usage: Specify a text string containing up to 20 characters. The default value is null.
Dependencies: In a user profile, you can specify either Ascend-Send-Passwd or Ascend- Send-Secret, but not both. Use Ascend-Send-Passwd only if your version of the MAX does not support Ascend-Send-Secret.
See Also: Ascend-Send-Auth (231)
Ascend-Send-Passwd (232)
The client sends Ascend-Session-Svr-Key to the RADIUS server in a Disconnect-Request or Change-Filter-Request packet when it initiates an operation. In addition, Ascend-Session-Svr-Key appears in a RADIUS Accounting-Start packet when a session starts.
Usage: Specify up to 16 characters. The default value is null.
Dependencies: The client sends the Ascend-Session-Svr-Key attribute only if Session Key=Yes in the Ethernet>Mod Config>RADIUS Server menu.
Usage: You can specify one of the following settings:
Usage: Specify an integer between 0 and 100. The default value is 70.When the value is 70%, the device adds bandwidth when it exceeds a 70 percent utilization rate, and subtracts bandwidth when it falls below that number.
Dependencies: Keep this additional information in mind:
Usage: The Ascend-Third-Prompt attribute can contain up to 80 characters and does not appear in a user profile. If the user enters more than 80 characters, the MAX truncates the input to 80. If the user does enter any characters, the MAX sets the attribute to null.
CACHE-TOKEN authentication uses a shared secret, and simplifies the authentication process by caching the user's token for the fixed length of time specified by the Ascend-Token-Expiry attribute.When the cached token is still alive, CHAP authenticates subsequent CACHE-TOKEN access requests from the same user without the use of a hand-held security card. When the cached token has expired, the ACE or SAFEWORD server authenticates CACHE-TOKEN access requests.
Usage: On the first line of the user profile, specify an integer representing the lifetime of the cached token in minutes. The default value is 0 (zero). If you accept the default, the MAX rejects subsequent CACHE-TOKEN requests from the same user.
Example: The following two-line example sets up CACHE-TOKEN authentication with a 90-minute token cache. Notice that the Ascend-Token-Expiry attribute must appear on the first line of the profile, along with the user name and ACE or SAFEWORD password:
Connor Password="ACE", Ascend-Token-Expiry=90
Ascend-Receive-Secret="shared-secret",
See Also: Ascend-Token-Idle (199)
Ascend-Token-Immediate (200)
Usage: On the first line of the user profile, specify an integer representing the maximum length of time in minutes that a cached token can remain alive. The default value is o (zero). If you accept this default, the cached token remains alive until the value of the Ascend-Token- Expiry attribute causes it to expire.
Dependencies: Typically, the value of Ascend-Token-Idle is lower than the value of
Ascend-Token-Expiry.
Example: The following two-line example sets up CACHE-TOKEN authentication with a 90-minute token cache and an 80-minute idle limit. Notice that the Ascend-Token-Idle attribute must appear on the first line of the profile:
Jim Password="ACE", Ascend-Token-Expiry=90, Ascend-Token-Idle=80
Ascend-Receive-Secret="shared secret"
See Also: Ascend-Token-Expiry (204)
Ascend-Token-Immediate (200)
Usage: You can specify one of these values:
Example: This example shows a portion of a user profile that requires the MAX to send the password to the ACE server. The login-user derives the password from a hand-held security card:
Connor Password="ACE", Ascend-Token-Immediate=Tok-Imm-Yes
Ascend-Receive-Secret="shared-secret",
User-Service=Login-User,
...See Also: Ascend-Token-Expiry (204)
Usage: Specify the same digits you use to prefix a phone number you dial over an ISDN BRI line, T1 access line, or voice interface:
Usage: You can specify a value between 0 and 65535.The default value is 120. A setting of 0 (zero) means that the line can be idle indefinitely.
Dependencies: Ascend-TS-Idle-Limit does not apply if you are using a Frame Relay or raw TCP connection, or if Ascend-TS-Idle-Mode=TS-Idle-None.
See Also: Ascend-TS-Idle-Mode (170)
Usage: You can specify one of these settings:
Default Password="UNIX"
User-Service=Login-User,
Ascend-TS-Idle-Limit=90,
Ascend-TS-Idle-Mode=TS-Idle-InputDependencies: Ascend-TS-Idle-Mode does not apply if you are using a Frame Relay or raw TCP connection.
See Also: Ascend-TS-Idle-Limit (169)
Usage: Specify one of these settings:
When you set Ascend-User-Acct-Base=Ascend-User-Acct-Base-16, the MAX presents the same session ID in this way:
Dependencies: Changing the value of Ascend-User-Acct-Base while sessions are active results in inconsistent reporting between the Start and Stop records.
See Also: Ascend-User-Acct-Host (139)
Ascend-User-Acct-Key (141)
Ascend-User-Acct-Port (140)
Ascend-User-Acct-Time (143)
Ascend-User-Acct-Type (138)
Usage: Specify an IP address in dotted decimal notation n.n.n.n, where n is an integer between 0 and 255. The default value is 0.0.0.0.
See Also: Ascend-User-Acct-Base (142)
Ascend-User-Acct-Key (141)
Ascend-User-Acct-Port (140)
Ascend-User-Acct-Time (143)
Ascend-User-Acct-Type (138)
Usage: Specify a text string. The default value is null.
See Also: Ascend-User-Acct-Base (142)
Ascend-User-Acct-Host (139)
Ascend-User-Acct-Port (140)
Ascend-User-Acct-Time (143)
Ascend-User-Acct-Type (138)
Usage: Specify the UDP port number you indicated for the authentication process of the daemon in /etc/services. Or, if you used the incr keyword to the -A option when starting the daemon, specify the number of the UDP port for authentication services +1. You can specify a number between 1 and 32767.
See Also: Ascend-User-Acct-Base (142)
Ascend-User-Acct-Host (139)
Ascend-User-Acct-Key (141)
Ascend-User-Acct-Time (143)
Ascend-User-Acct-Type (138)
Usage: Specify an integer between 1 and 10. The default value is 0 (zero).
See Also: Ascend-User-Acct-Base (142)
Ascend-User-Acct-Host (139)
Ascend-User-Acct-Key (141)
Ascend-User-Acct-Port (140)
Ascend-User-Acct-Type (138)
Usage: You can specify one of these settings:
Dependencies: The Ascend-Xmit-Rate attribute is sent in Accounting-Request packets at the end of a session under these conditions:
If a match is found, and no further authentication is required, the MAX accepts the call.
Example: This user profile specifies CLID authentication using name, password, and caller ID:
Emma Password="test", Caller-Id="123456789"
User-Service=Framed-User,
Framed-Protocol=PPP,
Framed-Address=255.255.255.254,
Framed-Netmask=255.255.255.255,
Ascend-Assign-IP-Pool=1,
Ascend-Route-IP=Route-IP-Yes,
Ascend-Idle-Limit=30
Usage: The MAX sets the Challenge-Response value and sends it in Access-Request packets. The default value is null.
When a user specifies an expired password, RADIUS prompts the user for a new password. When the user enters the new password, the MAX sends an Access-Password-Request packet that contains both the old password (as the value of the Change-Password attribute), and the new password (as the value of the Password attribute).
If the RADIUS server accepts the new password, it tries to edit the users file and replace the expired password with the new one. Note that the RADIUS server can make this change only in the flat file. It cannot make this change in the database version of the users file.
Usage: Change-Password does not appear in a user profile and has no default value.
If you include the Class attribute in the RADIUS user profile, the RADIUS server sends it to the MAX in the Access-Accept packet when the session begins. The MAX then includes Class in Accounting-Request packets sent to the RADIUS accounting server under these conditions:
In addition, suppose the MAX starts CLID authentication by sending an Access-Request packet and receives the Class attribute in an Access-Accept packet. If the MAX requires further authentication, it includes Class in the Access-Request packet.
Usage: Specify an alphanumeric text string containing up to 253 characters. The default value is null.
See Also: Ascend-Number-Sessions (202)
Usage: Specify the number the remote end dials to reach the MAX, limiting your specification to these characters:
You can specify up to 18 characters. The default value is null.
Typically, the phone numbers different callers can use to reach the MAX share a group of digits. For example, a local caller may dial 555-1234, while a long distance caller may dial 1-415-555-1234. In cases such as this, you need only specify the rightmost digits the calls have in common. In this case, you would need to specify only 1234.
Example: This user profile sets up called-number authentication in addition to name and password authentication:
Clara-p50 Password="Ascend", Client-Port-DNIS=1234
Framed-Netmask=255.255.255.248
Usage: You can specify any number of data filters and firewalls. Filter entries apply on a first- match basis, so the order in which you enter the filter entries is significant. If you make changes to a filter in a RADIUS user profile, the changes do not take effect until a call uses that profile.
Example: The following are examples of how a RADIUS user profile can be set up to refer to a filter profile defined on the MAX, and to refer to a firewall defined usingSAM.
Assume the following two filter profiles are already set up on the MAX are:
Filter-id=6
Name=DisAllowPing
Out filter 01...Valid=Yes
Out filter 01...Type=IP
Out filter 01...Ip...Forward=No
Out filter 01...Ip...Protoco1=6
Filter-id=9The RADIUS user profile is:
Name=DisAllowTelnet
Out filter 01...Valid=Yes
Out filter 01...Type=IP
Out filter 01...Ip...Forward=No
Out filter 01...Ip...Protocol=6
Out filter 01...Ip...Src Port Cmp-Eql
Out filter 01...Ip...Src Port #=23
someuser Password="ascend"
User-Service=Framed-User,
Filter-Id="6",
Filter-Id="9",
Ascend-Data-Filter="ip out forward",
Framed-Protocol=PPP,
Framed-Address=10.11.1.1,
Framed-Netmask=255.255.255.0,
State="p"
The first filter is applied, disallowing pings. The second filter disallows Telnet packets. The Ascend-Data-Filter entry allows all IP packets to be forwarded. All pings and Telnet packets will be blocked, but other IP data packets are allowed.The following is an example of a RADIUS user profile that specifies a firewall set up in SAM:
Example: someuser Password="ascend"
User-Service=Framed-User,
Filter-Id="101",
Framed-Protocol=PPP,
Framed-Address=10.11.1.1,
Framed-Netmask=255.255.255.0,
State="p"
See Also: Ascend-Data-Filter, Ascend-Call-Filter
RADIUS can authenticate an incoming call by matching its IP address to one you specify in the RADIUS user profile. In addition, if the remote end requires an IP address on an outgoing call, and does not assign one dynamically, you must specify it in the user profile.
Usage: Specify an IP address in dotted decimal notation n.n.n.n, where n is an integer between 0 and 255. The default value is 0.0.0.0. An answering user profile with this setting matches all IP addresses.
Dependencies: Every Connection profile and RADIUS user profile that specifies an explicit IP address is a static route.
Usage: To turn on TCP/IP header compression, specify Van-Jacobson-TCP-IP. This setting applies only to packets in TCP applications, such as Telnet, and turns on header compression for both sides of the link. By default, this attribute does not turn on header compression.
Dependencies: Turning on header compression is most effective in reducing overhead when the data portion of the packet is small.
See Also: Ascend-Link-Compression (233)
Usage: Specify the IPX network number of the IPX router at the remote end of the connection. The default value is null.
RADIUS requires that Framed-IPX-Network have a decimal value (base 10), but IPX network numbers generally appear as hexadecimal values (base 16). In order to give this attribute a value, you must convert the hexadecimal IPX network number to decimal format for use in the user profile. For example, if the IPX network number is 13870000, you must convert it to the decimal 49990000. This requirement does not apply for the IPX node address, which appears as a 12-digit string enclosed in double-quotes.
See Also: Ascend-IPX-Node-Addr (182)
Usage: The default value is 1524. You should accept this default unless the device at the remote end of the link cannot support it. If the administrator of the remote network specifies that you must change this value, specify a number between 1 and 1524 (for a PPP, EU-UI, or EU-RAW link) or between 128 and 1600 (for a Frame Relay link).
Usage: Specify an IP address in dotted decimal notation n.n.n.n, where n is an integer between 0 and 255. The default value is 0.0.0.0. If you accept this default, the MAX assumes a default subnet mask based on the class of the address
This attribute can appear in both an Access-Request and Access-Accept packet. However, it does not appear in an Access-Request packet if Auth Send Attr 6, 7=No in the Ethernet> Mod Config>Auth menu.
Usage: Table 9-17 lists the values you can specify for Framed-Protocol.
Table 9-17. Framed-Protocol settings
Dependencies: What Framed-Protocol does depends on how you set User-Service:
Ascend Password="Pipeline"
User-Service=Framed-User,
Framed-Protocol=PPP,
Framed-Address=10.0.200.225,
Framed-Netmask=255.255.255.0,
Ascend-Metric=2,
Framed-Routing=None,
Framed-Route="10.0.220.0 10.0.200.225 1",
Ascend-Idle-Limit=30The dial-in user in this example establishes an ARA connection to the Ethernet network:
Ascend Password="Pipeline"
User-Service=Framed-User,
Framed-Protocol=ARA,
Ascend-Idle-Limit=30,
...
Usage: The Framed-Route attribute has this format:
Framed-Route="host_ipaddr[/subnet_mask] gateway_ipaddr metricTable 9-18 describes each Framed-Route argument.
[private] [name] [preference]"
Table 9-18. Framed-Route arguments
Dependencies: Each static route must appear in a pseudo-user profile. You create a pseudo- user to store information that the MAX can query-in this case, in order to store IP routing information. You can configure pseudo-users for both global and MAX-specific configuration control of IP dialout routes. The MAX loads the unit-specific dialout routes in addition to the global dialout routes.
For a unit-specific IP dialout route, specify the first line of a pseudo-user profile in this format:
Route-unit_name-num Password="Ascend", User-Service=Dialout-Framed- UserFor a global IP dialout route, specify the first line of a pseudo-user profile in this format:
Route-num Password="Ascend", User-Service=Dialout-Framed-Userunit_name is the system name of the MAX-that is, the name specified by the Name parameter in the System profile. num is a number in a sequential series, starting at 1.
In each pseudo-user profile, you can specify one or more routes using the Framed-Route attribute. You should limit each pseudo-user profile to about 25 routes. The MAX fetches information from each profile in order to initialize its routing table. Whenever you power on or reset the MAX, or when you select the Upd Rem Cfg command from the Sys Diag menu, RADIUS adds IP dialout routes to the routing table in this way:
The variable num is a number in a sequential series, starting with 1.
Example: This example shows two RADIUS pseudo-user profiles defining global static IP routes:
Route-1 Password="Ascend", User-Service=Dialout-Framed-User
Framed-Route="10.0.200.33/29 10.0.200.37 1 n lala-gw-out ",
Framed-Route="10.0.200.50/29 10.0.200.37 1 n lala-gw-out ",
Framed-Route="10.0.200.47/29 10.0.200.49 1 n nana-gw-out "
Route-2 Password="Ascend", User-Service=Dialout-Framed-User
Framed-Route="11.0.200.33/29 11.0.200.37 1 n zzz-gw-out ",
Framed-Route="12.0.200.47/29 11.0.200.49 1 n kk-gw-out "See Also: Ascend-Route-IP (228)
If you enable RIP to both send and receive RIP updates on the WAN interface, the MAX broadcasts its routing table to the remote network and listens for RIP updates from that network. Gradually, all routers on both networks have consistent routing tables (all of which may become quite large).
Usage: You can specify one of these values:
Usage: Specify an IP address in dotted decimal notation n.n.n.n, where n is an integer between 0 and 255. The default value is 0.0. 0.0.This setting specifies that the Login-User does not automatically connect to a particular host.
If you do not specify a value for the Login-Host attribute, the user can access any remote host through the Telnet or raw TCP commands of the terminal server command-line interface. When the operator uses the menu-driven terminal server interface, he or she can only gain access to the hosts listed by the Ascend-Host-Info attribute.
Dependencies: When User-Service=Framed-User, RADIUS ignores the Login-Host attribute.
Usage: Specify one of these values:
If you specify this setting, the TCP-Clear must be set to Yes in the Ethernet>Answer> Encaps menu.
By default, the MAX does not grant immediate access to an IP host.
Dependencies: Keep this additional information in mind:
# This profile causes an auto-rlogin to 10.0.200.4 upon login.
Userx Password="xyzzy"
User-Service=Login-User,
Login-Service=Rlogin,
Login-Host=10.0.200.4Further, when you specify the following settings, a raw TCP session starts automatically for anyone using the User1 user name and Test1 password:
# This profile causes an auto-TCP to 4.2.3.1 port 9 upon login.
User1 Password="Test1"
User-Service=Login-User,
Login-Service=TCP-Clear,
Login-Host=4.2.3.1,
Login-TCP-Port=9See Also: Login-Host (14)
Usage: Specify an integer between 1 and 65535. The default value is 23.
Usage: In most cases, you never need to specify the NAS-Identifier attribute in a user profile.
However, you might want to specify it if multiple MAX units use a single RADIUS server, and you want to specify the MAX to which a particular user can connect. In this case, the NAS-Identifier value in the Access-Request packet and the NAS-Identifier value in the user profile must match for the RADIUS server to authenticate the connection.
Specify an IP address in dotted decimal notation n.n.n.n/nn, where n is an integer between 0 and 255, and nn is a subnet mask between 8 and 32. The default value is 0.0.0.0/0. The NAS-Identifier value must appear in the first line of the user profile.
Example: Suppose that the user Emma is allowed to dial into the MAX at IP address 200.65.212.46. The first line of the user profile might look like this one:
Emma Password="pwd", NAS-Identifier=200.65.212.46
Usage: You can specify two formats, one restricting the dial-in user to a service, line, and channel, and one restricting the dial-in user to a slot, line, and channel.
Specify NAS-Port in the first line of the user profile using this format :service line channel
The incoming authentication request must match the NAS-Port setting. The default value is 0 (zero).
FF SSSS LLLLL CCCCC
For an ISDN call:
Because the value you enter is zero-based, you must add 1 to each component to ascertain the actual slot, line, and channel number. The RADIUS daemon converts the NAS-Port number to decimal on most systems.
Example: To restrict a dial-in user to analog service on line 1, set up a user profile like this one:
Dave Password="password", NAS-Port=20100To restrict a dial-in user to channel 10 on line 2 for slot 1, set up a user profile like this one:
User-Name="Dave",
User-Service=Framed-User,
Framed-Protocol=PPP,
Ascend-Assign-IP-Pool=1,
Ascend-Route-IP=1,
Ascend-Idle-Limit=300,
Framed-Routing=None
Robin Password="password", NAS-Port=1098The value NAS-Port=1098 translates to the following NAS port:
User-Service=Framed-User,
Framed-Protocol=PPP,
Ascend-Assign-IP-Pool=1,
Ascend-Route-IP=1,
Ascend-Idle-Limit=300,
Framed-Routing=None
Some ISPs offer different levels of service based on connection type. To prevent a client from using a capability to which he or she has not subscribed, set the NAS-Port-Type attribute to an appropriate value.
Usage: You can specify one of these settings:
Usage: Specify an alphanumeric string containing up to 252 characters. The default value is null. The Password attribute must appear on the first line of the user profile. You can make any of these specifications:
For example, consider this first line in a user profile:
The user called Emma must specify the password Pwd in order to gain access to the MAX.
Setting the password to UNIX provides authentication through the normal UNIX authentication procedures, as for a user login.
Dependencies: Keep this additional information in mind:
When the MAX receives an Access-Terminate-Session packet, it starts a timer, displays any Reply-Message included in the packet, and terminates the session. For example, if a user's bill is past due, the Access-Terminate-Session packet could include the message Emma, you have not paid your connect charges.
The MAX then allows the user two additional attempts to enter the correct password. If the user does not supply the correct password in three attempts, the MAX terminates the session.
The MAX then uses a timer to terminate the login session. The RADIUS server discards all input it received before it terminated the session.
Initial-Banner-Cal Password="Ascend", User-Service=Dialout-Framed-User
Reply-Message="Up to 16 lines of up to 80 characters each",
Reply-Message="will be accepted. Long lines will be truncated",
Reply-Message="Additional lines will be ignored.",
Reply-Message="",Ascend-Host-Info="1.2.3.4 Berkeley",
Ascend-Host-Info="1.2.3.5 Alameda",
Ascend-Host-Info="1.2.36 San Francisco",
See Also: Ascend-Host-Info (252)
Dependencies: Keep this additional information in mind:
Dependencies: Keep this additional information in mind:
Usage: Specify ATMP if the connection uses the ATMP tunneling protocol.
Example: The following is an example of a RADIUS accounting record with the Tunneling- Protocol attribute.
Mon Apr 21 02:41:38 1997
User-Name = "JacobP75"Dependencies: The Tunneling-Protocol attribute is sent in Accounting-Request packets at the end of a session under the following conditions:
NAS-Identifier = 1.1.1.1
NAS-Port = 10105
Acct-Status-Type = Stop
Acct-Delay-Time = 0
Acct-Session-Id = "111111111"
Acct-Authentic = RADIUS
Acct-Session-Time = 0
Acct-Input-Octets = 215
Acct-Output-Octets = 208
Acct-Input-Packets = 10
Acct-Output-Packets = 10
Ascend-Disconnect-Cause = 1
Ascend-Connect-Progress = 60
Ascend-Data-Rate = 56000
Ascend-PreSession-Time = 1
Ascend-Pre-Input-Octets = 215
Ascend-Pre-Output-Octets = 208
Ascend-Pre-Input-Packets = 10
Ascend-Pre-Output-Packets = 10
Framed-Protocol = PPP
Framed-Address = 2.2.2.2
Tunneling-Protocol = ATMP
Usage: Tunnel-Medium-Type can have the following values
Usage: Specify the primary home agent in the following format:
Tunnel-Server-Endpoint="hostname | ip_address"where:
Specify an IP address if the network server does not have access to a DNS server.
Example: To specify the network server maxSF.home.com at IP address 10.10.10.10, specify one of the following lines in the RADIUS user profile:
Tunnel-Server-Endpoint=10.10.10.10
Tunnel-Server-Endpoint=maxSF.home.comDependencies: For the MAX to correctly create an L2TP tunnel, you must set Tunnel-Type to L2TP and Tunnel-Medium-Type to IP, in addition to specifying the IP address of an accessible LNS.
For the MAX to correctly create an PPTP tunnel, you must set Tunnel-Type to PPTP and Tunnel-Medium-Type to IP, in addition to specifying the IP address of an accessible PPTP Network Server (PNS).
See Also: Tunnel-Type (64), Tunnel-Medium-Type (65)
Usage: You can specify the following values for Tunnel-Type:
Dependencies: For the MAX to correctly create an L2TP tunnel, you must set Tunnel- Medium-Type to IP and set Tunnel-Server-Endpoint to the IP address of an accessible LNS, in addition to setting Tunnel-Type to L2TP.
For the MAX to correctly create an PPTP tunnel, you must set Tunnel-Medium-Type to IP and set Tunnel-Server-Endpoint to the IP address of an accessible PNS, in addition to setting Tunnel-Type to PPTP.
See Also: Tunnel-Medium-Type (65), Tunnel-Server-Endpoint (67)
Example: For example, consider this first line in a user profile:
Emma Password="pwd", Ascend-PW-Expiration="January 30 1997"The user name is Emma. The RADIUS server tests the user's name and password against the values the user provides when making a request for access. If the RADIUS server does not find a match, it denies the request for access.
Here is a sample user profile for CLID authentication using the incoming phone number as the User-Name:
5551212 Password="Ascend-CLID"
Ascend-Require-Auth=Not-Require-Auth,
User-Service=Framed-User,
Framed-Protocol=PPP,
Framed-Address=255.255.255.254,
Framed-Netmask=255.255.255.255,
Ascend-Assign-IP-Pool=1,
Ascend-Route-IP=Route-IP-Yes,
Ascend-Idle-Limit=30Finally, this example shows User-Name in a pseudo-user profile for a static route:
Route-1 Password="Ascend", User-Service=Dialout-Framed-User
Framed-Route="10.4.5.0/22 10.9.8.10 1 n inu-out"
If RADIUS authenticates an incoming call using the User-Name and Password attributes, and the type of call matches the value of the User-Service attribute, the MAX applies the attributes in the user profile to the call. If the type of call does not match the User-Service attribute, the MAX rejects the call.
This attribute can appear in both an Access-Request and Access-Accept packet. However, it does not appear in an Access-Request packet if Auth Send Attr 6, 7=No in the Ethernet> Mod Config>Auth menu.
Usage: You can specify one of these values:
Dependencies: Keep this additional information in mind:
Copyright © 1998, Ascend Communications, Inc. All rights reserved.