
			ComOS 3.5 Release Note

		Introduction

The new Livingston Enterprises ComOS 3.5 software release is now
available for the PortMaster 2, PortMaster 25, PortMaster IRX, and
PortMaster Office Router.

This release note documents commands and features in ComOS release 3.5
in addition to those described in the Command Line Administrator's
Guide.  All Livingston manuals are available in PostScript and Adobe
Acrobat PDF format on ftp://ftp.livingston.com/pub/le/doc/manuals/.

Note - You must use PMconsole 3.5.1 when upgrading to ComOS 3.5;
see "Upgrade Instructions" after reading "Memory Requirements", below.



		Contents

Introduction
New Features in ComOS 3.5
Bug Fixes in ComOS 3.5
Memory Requirements
Upgrade Instructions



		New Features in ComOS 3.5

ComOS 3.5 includes the following new features:

Variable Length Subnet Masks. In previous releases ComOS required the
same netmask to be used for all subnets of a network. In release 3.5,
variable length subnet masks (VLSM) are supported. To ease the
transition, the command "set user-netmask off" is available; see below
for details.

OSPF. See the OSPF chapter in the Command Line Administrator's Guide,
which is available in printed form or in PostScript and Adobe Acrobat
PDF format on ftp://ftp.livingston.com/pub/le/doc/manuals/.

The "add route" command supports VLSM.

The "show routes" command can show specific networks.

RADIUS can now be used to authenticate administrative logins.

Syslog messages can now be directed to facilities other than AUTH.

Easier commands for erasing flash memory.

Support for VLSM in RADIUS Framed-Route.

RADIUS Accounting entries are retransmitted sooner.

RADIUS now supports passwords up to 48 characters in length.

The size of the Assigned Address Pool can be set with the "set pool"
command.

The ARP cache has been increased from 24 to 96 entries.

Debug statements can now be timestamped.


	Variable Length Subnet Masks

ComOS release 3.5 supports Variable Length Subnet Masks. In previous
releases ComOS required the same netmask to be used for all subnets of
a network. In release 3.5, variable length subnet masks (VLSM) are
supported. To ease the transition, the command "set user-netmask off"
treats all netmasks specified in the User Table or RADIUS as though
they were 255.255.255.255, the way earlier releases did. The command
"set user-netmask on" adds routes based on the specified netmask. The
default is off.

In ComOS 3.3.3 and earlier the PortMaster always used 255.255.255.255
for the user's Framed-IP-Netmask, regardless of the value of the
attribute. ComOS 3.5 adds support for Variable Length Subnet Masks
(VLSM), but by default ignores the Framed-IP-Netmask the same way
earlier releases did. To have ComOS 3.5 accept the netmask value, issue
the following commands on the PortMaster:

set user-netmask on
save all

After user-netmask is set on, the PortMaster uses the actual value of
the Framed-IP-Netmask to update the routing table when a user logs in.

Use caution with this feature, because it affects both routing and
Proxy ARP on the PortMaster.

If you want to route to that one host, use the attribute

  Framed-IP-Netmask = 255.255.255.255

You should always use netmask 255.255.255.255 when using the PortMaster
assigned address pool (or omit the attribute, which defaults to
255.255.255.255).

If you want to route to an entire 24-bit subnet, you use

  Framed-IP-Netmask = 255.255.255.0


	"add route" command supports VLSM

Static Routes support VLSM. For example, to add a route to the
192.168.1.32/27 subnet through gateway 192.168.1.1 with metric 2 you
would use the command

add route 192.168.1.32/27 192.168.1.1 2


	OSPF

ComOS 3.5 supports the Open Shortest Path First (OSPF) routing protocol.

See the OSPF Chapter in the Command Line Administrator's Guide,
available in printed form or in PostScript and Adobe Acrobat PDF format
on ftp://ftp.livingston.com/pub/le/doc/manuals/.  Some additional
commands were added after that manual went to press and are documented
in ftp://ftp.livingston.com/pub/le/doc/notes/ospf and here.

Virtual links are not supported, meaning that all PortMasters running 
OSPF must either be in one area, or have at least one interface in area 0.

When injecting RIP routes into OSPF, ComOS 3.5 includes the RIP gateway
as the gateway.

Before configuring OSPF, you must enter the following commands.

set ospf enable
save all
reboot


	reset ospf

The "reset ospf" command resets the OSPF router engine in the
PortMaster. You must enter this command after making changes to the
PortMaster's OSPF configuration.


	OSPF cost, hello-interval, dead-time

OSPF cost, hello-interval, and dead-time can be configured by
interface.

Note - The value for cost, hello-interval, and dead-time must be the
same for all routers attached to a common network.

set Ether0 ospf on cost Number

This command sets the cost of sending a packet on the interface,
expressed in the link state metric. Number is a number from 1 to
65535.  The default value is1. Example: set ether0 ospf on cost 2

set Ether0 ospf on hello-interval Number

This command sets how often the hello packet is transmitted; the
interval can be any value from 10 to 120 seconds. The default value of
hello-interval is 10 seconds. Example: set ether0 ospf on
hello-interval 40

set Ether0 ospf on dead-time Number

This command sets the number of seconds the PortMaster will wait
after ceasing to receive a neighbor router's hello packets before
marking the remote router as down. The range is 40 to 1200 seconds. The
default value is 40 seconds. Example: set ether0 ospf on dead-time 60


	"show routes" command can show specific networks

The "show routes" command now accepts an optional argument to only
display routes that match that argument. For example, "show routes
172.16" only shows routes that contain "172.16".


	RADIUS for administrative logins

The PortMaster now supports Service-Type Administrative-User and
NAS-Prompt-User.

In previous releases, the !root administrative login granted full
control to the PortMaster. While !root remains, ComOS 3.5 adds the
ability to authenticate administrative logins with RADIUS to provide
two classes of users:

* administrative users with full configuration ability
  (everything that !root can do)

* read-only administrative users who cannot change the
  configuration, but can reset ports, reboot, set debug flags, and show
  status.

Now, rather than requiring everyone in a Network Operations Center
(NOC) to know the global administrative passwords to all your
PortMasters, you can create individual accounts to track access and
limit configuration changes to appropriate personnel, if desired.

In ComOS 3.5 and later, if a RADIUS Access-Accept returns a
Service-Type of Administrative-User (6), the PortMaster treats it as a
!root login. If a RADIUS Access-Accept returns a Service-Type of
NAS-Prompt-User, a restricted administrative login is granted that has
permission to use the following commands:

* ifconfig
* ping
* ptrace
* reboot
* reset
* set console
* set debug
* show
* traceroute
* Any other commands that do not affect the configuration

A NAS-Prompt-User does not have access to the following commands: add,
delete, erase, save, tftp, or any set commands other than "set debug"
and "set console".

To enable this feature on your RADIUS server:

If running RADIUS 1.16, modify /etc/raddb/dictionary to include the
following two lines; then kill and restart radiusd:

VALUE	User-Service-Type	Administrative-User	6
VALUE	User-Service-Type	NAS-Prompt-User		7

If running RADIUS 2.0, modify /etc/raddb/dictionary to add the
following line (it already has a definition for Administrative-User);
then kill and restart radiusd:

VALUE	Service-Type		NAS-Prompt-User		7

Here are two examples (for RADIUS 2.0) of /etc/raddb/users file entries
to illustrate:

!pmmon  Password = "dontuseth1s"
	Service-Type = NAS-Prompt-User

!pmconfig	Auth-Type = System, Prefix = "!"
	Service-Type = Administrative-User

Caution - If you are using your RADIUS server with a combination of
Livingston products and other vendors' products, confirm that they
either do not use these two Service-Types or that their use is
compatible.


	Syslog messages can be redirected

In releases prior to ComOS 3.5, packet filter logging went to the
loghost at AUTH facility and NOTICE priority, and all other logging was
done to the AUTH facility at INFO priority. In ComOS 3.5, the facility
and priority can be set for each of five types of logged events.

To display the current syslog settings, use the "show syslog" command.
The default settings are displayed in this example:

Command> show syslog

   Syslog Configuration Settings

    admin-logins: auth.info
     user-logins: auth.info
  packet-filters: auth.notice
	commands: disabled
     termination: disabled

To change the syslog settings, use the "set syslog Logtype Where"
command. Logtype is one of the following: admin-logins, user-logins,
packet-filters, commands, or termination. Where is either the keyword
"disabled", indicating not to send that type of message to syslog, or a
facility and priority separated by a period. For example, to log all
commands issued on the PortMaster to the LOCAL0 facility at DEBUG
priority use the command

Command> set syslog commands local0.debug

The five areas you can set logging for are defined as follows:

Logtype		Description
______________  ___________________________________________________
admin-logins	!root and administrative logins
user-logins	Non-administrative logins (You might want to disable
		this if you already use RADIUS Accounting.)
packet-filters	Packets that match rules with the "log" keyword
commands	Every command entered at the command line interface
termination     More detailed information on how user sessions
		terminate (See the ComOS 3.3.2 Release Notes.)

The facilities and priorities are defined as follows. Livingston
recommends that you use the AUTH facility or LOCAL0 through LOCAL7
facilities for receiving syslog messages from PortMasters, but all the
facilities are provided. See your operating system documentation for
information on configuring syslog on your host.

Facility Number
_______  ______
kern	 0
user	 1
mail	 2
daemon	 3
auth	 4
syslog	 5
lpr	 6
news	 7
uucp	 8
cron	15
local0	16
local1	17
local2	18
local3	19
local4	20
local5	21
local6	22
local7	23

The following priorities are available:

Pri	Number	Typically Used for
______  ______  ________________________________
emerg	0	system is unusable
alert	1	action must be taken immediately
crit	2	critical messages
err	3	error messages
warning	4	warning messages
notice	5	normal but significant message
info	6	informational message
debug	7	debug-level messages


		Flash erasure commands

For more information on these commands see the "General Commands"
chapter of the Command Line Administrator's Guide. ComOS 3.5 has a set
of commands for erasing all or part of the nonvolatile flash memory of
the PortMaster.  erase configuration does what "set register 0xffff 0x0102"
used to do.

Command			Use
___________________     ________________________________________________
erase all-flash         Erases all the nonvolatile memory in the
			PortMaster including the configuration and ComOS.
erase comos             Erases the ComOS that the PortMaster boots from.
erase configuration     Erases the configuration, returning the
			PortMaster to factory defaults after its 
			next reboot.
erase file String       Erase the specified file from configuration
			nonvolatile memory, see "show files" for a list.
erase partition Number  Use this command only if told to do so by
			Livingston Technical Support.


	RADIUS Framed-Route supports VLSM

ComOS release 3.5 supports the subnet length specifier in RADIUS
Framed-Route attributes. For example:

  Framed-Route = "192.168.1.32/28 192.168.1.33 1"


	RADIUS Accounting retransmits sooner

RADIUS Accounting packets are now retransmitted every 30 seconds.
The Authenticator field in a retransmitted Accounting-Request is
now calculated using the method specified in the current RADIUS
specification.


	RADIUS now supports passwords up to 48 characters in length

RADIUS now supports user passwords up to 48 characters in length. The
RADIUS 1.16 and RADIUS 2.0 servers support passwords up to 16
characters in length; a future release of the Livingston RADIUS server
will support passwords up to 48 characters long.


	Assigned pool size

The PortMaster allocates a pool of IP addresses starting at the
Assigned Address base value (set from the global menu or by the "set
assigned" command) and counting up. The total number of addresses is
equal to the number of ports configured for Network Dialin. If someone
dials in and requests an unused address from the pool, that is
assigned; if someone dials in and requests any address, the next
address from the pool is assigned, if someone disconnects, their
address is placed at the end of the pool for reuse.

In ComOS 3.5, the size of the pool can also be set explicitly with the
"set pool Number" command, where Number is the number of IP addresses
to allocate for the pool. If the pool size is decreased, the PortMaster
must be rebooted for the change to take effect.


	Increased ARP cache

The Ethernet ARP cache has been increased from 24 entries to 96, to
improve performance.


	Debug timestamps

The command "set debug clock on" time-stamps console debug messages
using the time since last reboot, specified in days, hours, minutes,
seconds, and hundredths of a second. To turn the timestamps off use the
command "set debug clock off".



		Bug Fixes in ComOS 3.5

The following bugs are fixed in ComOS 3.5:

* Three small memory leaks are fixed.

* In previous releases, if both B channels on a BRI were active and the
  BRI was provisioned for "Additional Call Offering" and a voice call
  came in, a B channel was set to idle. In ComOS 3.5, the PortMaster
  properly refuses the call.

* In previous releases, if a synchronous PPP device called in and the
  PortMaster missed the first PPP packet, after one second the
  PortMaster sent a V.120 frame to wake up the device. Some devices
  treated the V.120 frame as an invalid protocol and hung up. In ComOS
  3.5, the PortMaster waits five seconds before sending the V.120
  frame, because the PPP specification requires the device to
  retransmit within three seconds.

* The Omron ME2814BII modem drops CTS for less than 80 microseconds. In
  a previous release, the PortMaster detected the drop but not the rise
  1/12500 second later, causing the PortMaster to flow control the port
  and hang the session. This behavior has not been detected on any
  other brand of modem, but ComOS 3.5 now handles it properly.



		Memory Requirements

The following section discusses memory requirements for ComOS 3.5 in
general terms; actual memory usage depends on the configuration and use
of your PortMaster. For instructions on upgrading memory see the
installation guide for the product. All installation guides are
available on the Total Access CD, in PDF format on the Livingston web
site www.livingston.com, and in PDF and PostScript format on the
Livingston FTP site ftp.livingston.com.

All models of the PortMaster Office Router have 1MB of nonupgradable
memory, which is sufficient for ComOS 3.5L.

All models of the PortMaster IRX have 1MB of memory, which is
sufficient for ComOS 3.5R unless you are using OSPF with very large
networks.

For the PortMaster 2 and PortMaster 25 use the following guidelines to
estimate memory usage.

Model			Async	Sync	ISDN	Base Memory
__________________      _____   ____    ____    ___________
PM-25			25	0	0	780KB
PM-2E-30		30	0	0	800KB
PM-2E-10 + 1 ISDN	10	0	10	860KB
PM-2E-10 + 2 ISDN	10	0	20	910KB
PM-2E-20 + 1 ISDN	20	0	10	935KB
PM-2ER-10 + 1 ISDN	10	1	10	885KB
PM-2ER-10 + 2 ISDN	10	1	20	935KB
PM-2ER-20 + 1 ISDN	20	1	10	960KB

If SNMP is used, an additional 50KB is required.

If IPX is used, an additional 20KB is required, plus memory for SAP and RIP.

If RIP is used, 5KB for every 100 RIP routes should be added.

If OSPF is used, an additional 50KB is required, plus 5KB for every 40 routes.

If any other tables are used, such as the User Table or Location Table,
those require additional memory.

The PortMaster auto-detects the physical installed memory. Four 30-pin
70ns parity SIMMs are required, either 256KB, 1MB, or 4MB. Mixing of
SIMMs is not supported. They can be either 3-chip or 9-chip SIMMs.



		Upgrade Instructions

WARNING! YOU MUST USE PMINSTALL VERSION 3.5.1 OR LATER TO PERFORM
THIS UPGRADE! If you are upgrading using PMconsole for Windows, you
must use PMconsole for Windows version 3.5.1.1 or later.

If you are upgrading from ComOS 2.3 or 2.4 to ComOS 3.5, you must
first upgrade to ComOS 3.0.4, reboot, then upgrade to ComOS 3.5.

If you have any port speeds set to 115200 and upgrade to ComOS release
3.5. and then downgrade to any release before 3.3.2, you must set
the port speeds again after downgrading.

The installation software can be retrieved by FTP from
ftp://ftp.livingston.com/pub/le/software/system/tarfile.tar.Z,
replacing system and tarfile.tar.Z with the actual names of the files.

/pub/le/software/			Operating System
________________________________	________________________________
bsdi/pm_3.5.1_BSDOS_2.0.tar.Z		BSD/OS 2.0 and 2.1
sgi/pm_3.5.1_IRIX_5.2.tar.Z		SGI Irix 5.2
linux/pm_3.5.1_Linux.tar.Z		Linux 1.2.13 ELF
rs6000/pm_3.5.1_RS6000_4.1.tar.Z	RS6000 AIX 4.1 (no longer 3.2.5)
alpha/pm_3.5.1_alpha_T3.0.tar.Z		Digital Alpha OSF/1 T3.0
hp/pm_3.5.1_hp9000_10.01.tar.Z		HP 9000 HP/UX 10.01
sun4/pm_3.5.1_sun4.tar.Z		SunOS 4.1.4, 5.5.1 on Sparc
sun86/pm_3.5.1_sun86_5.5.tar.Z		Solaris/X86 2.5.1
pc/pmw3511.exe				Windows 95 and Windows NT 4.0

You can FTP the upgrade image at the same time. This example shows an
administrator retrieving the SunOS pminstall and PortMaster 2 upgrade
image.

umask 22
mkdir /usr/portmaster
cd /usr/portmaster
ftp ftp.livingston.com
 (Enter anonymous)
 (Enter your e-mail address; it will not echo.)
  binary
  cd /pub/le/software/sun4
  get pm_3.5.1_sun4.tar.Z pm.tar.Z
  cd /pub/le/upgrades
  get pm2_3.5
  quit
tar xvf pm.tar
rm pm.tar
mv pm2_3.5 data
./pminstall

PMconsole 3.5.1.1 for Windows 95 and Windows NT 4.0 is available on
ftp://ftp.livingston.com/pub/le/software/pc/pmw3511.exe in a
self-extracting file.  FTP that file, run the file to install PMconsole
for Windows, move the upgrade file into the data directory, run
PMconsole for Windows, and click on the Upgrade button.

The upgrade images are at ftp://ftp.livingston.com/pub/le/upgrades/.

ComOS	Upgrade	Image 	Product
_______ _____________   _____________________________________
3.5	pm2_3.5	PortMaster 2, 2E, 2ER, 2R, 2i, 2E-10I
3.5	pm25_3.5	PortMaster 25
3.5R	irx_3.5R	IRX-111, 112, 114, 211
3.5L	or_3.5L	OR-M, U, ST, LS and HS

ComOS 3.5 uses the same RADIUS dictionary file as ComOS 3.3.3, with the
addition of the NAS-Prompt-User. An updated dictionary file is
available for RADIUS 1.16 and RADIUS 2.0 at
ftp://ftp.livingston.com/pub/le/radius/dictionary.

The upgrade does not affect your stored configuration in the
PortMaster. If you would like to backup your PortMaster configuration
before upgrading, run pmreadconf:

cd /usr/portmaster
./pmreadconf pmname pmpassword data/pmname.conf
chmod 600 data/pmname.conf


	Copyright and Trademarks

Copyright 1996 Livingston Enterprises, Inc. All rights reserved.

The names Livingston, PortMaster, ComOS, RADIUS, ChoiceNet, PMconsole,
IRX, True Digital, and RAMP are trademarks belonging to Livingston
Enterprises, Inc. All other marks are the property of their respective
owners.

	Notices

Livingston Enterprises, Inc. makes no representations or warranties
with respect to the contents or use of this manual, and specifically
disclaims any express or implied warranties of merchantability or
fitness for any particular purpose. Further, Livingston Enterprises,
Inc. reserves the right to revise this publication and to make changes
to its content, any time, without obligation to notify any person or
entity of such revisions or changes.

	Contacting Livingston Technical Support

Livingston Enterprises provides technical support via voice, FAX, and
electronic mail. Technical support is available Monday through Friday
6am-5pm Pacific Time (GMT-8).

To contact Livingston Technical Support by voice, dial 1-800-458-9966
within the US or 1-510-426-0770 outside the US; by FAX, dial
1-510-426-8951; by electronic mail, send mail to
support@livingston.com; and through the World Wide Web at
http://www.livingston.com/.

