1999/10/7 (revised 10/11)

		ComOS 3.9b22 Open Beta Release Note

________________ Introduction

The new Lucent Technologies ComOS(R) 3.9b22 software release is now
available for open beta for the PortMaster(R) 3 Integrated Access Server.

This open beta release is provided at no charge to all Lucent
customers, but is recommended only for customers who wish to test the
new functionality before the general availability (GA) release of 
ComOS 3.9.

Command syntax for new commands might change between this open beta
release and the general availability release of ComOS 3.9.

This release note documents commands and features added between 
ComOS 3.9b12 and ComOS 3.9b22 on the PortMaster 3. The modem code in
ComOS 3.9b22 is an upgrade to the modem code included in ComOS 3.9b12
for the PortMaster 3.

This release note applies only to the PortMaster 3.

Before upgrading, thoroughly read "Limitations" and "Upgrade
Instructions."

WARNING! The amount of nonvolatile RAM (NVRAM) available for saving
configurations has been reduced from 128KB to 64KB. PortMaster
products with configurations greater that 64KB will lose some of
their configuration. For this reason, be sure to back up your
PortMaster configuration before upgrading to this release.

WARNING! The PortMaster 3 must be running ComOS 3.5 or later to upgrade
to ComOS 3.9b22.  If you are running an earlier release of ComOS,
upgrade to ComOS 3.5 first, reboot, then upgrade to ComOS 3.9b22.

NOTE: Any PortMaster running ComOS 3.9b22 requires 4MB of dynamic RAM
(DRAM).  Use 16MB if you are running the Border Gateway Protocol
(BGP).

 
_______________ Export Restrictions

Although this open beta release of ComOS 3.9b22 is available to any
Lucent customer worldwide, it does not include support for the Data
Encryption System (DES) and Triple DES (3DES) encryption methods.

However, the Authentication Header (AH) RSA Data Security, Inc.  MD5
Message-Digest Algorithm (MD5) authentication feature of the IPSec
encryption ("coprocessor") card is available worldwide and is included
in ComOS 3.9b22.

Because of export restrictions, the DES and 3DES features for ComOS
3.9b22 will be handled on a case-by-case basis outside the standard
beta release process. Any US-owned or Canadian-owned company wishing to
participate in the beta release of this feature must call Cary Hayward
at 1-925-730-2637. The restricted release ComOS 3.9b22enc168, which
supports DES and 3DES, is available in open beta form to Lucent
customers in the United States and Canada. To use DES or 3DES for
encrypting data payloads, you must install the IPSec ("coprocessor")
card (PM3-VPN).

Versions of ComOS 3.9 supporting DES and 3DES on the IPSec encryption
card will be made available to customers in other countries as export
licensing permits. Licensing approval is being sought at this time.

For more information, see the sections "IP Security(IPSec)" and
"Coprocessor Card for PortMaster 3" in the ComOS 3.9b8 release note.


_______________ Contents

Introduction
Export Restrictions
New Features
Bugs Fixed in ComOS 3.9b22
Limitations
Troubleshooting Modems
Upgrade Instructions
Technical Support


_______________ New Features

This release includes two new features, which are explained in the
following text :

* RADIUS Authentication failover
* RADIUS Accounting failover

_____RADIUS Authentication Failover

This feature is supported for the PortMaster 3 in ComOS 3.9b20 and
later releases. Authentication failover allows the PortMaster to
dynamically switch primary and alternate RADIUS authentication servers
according to their response.  Use the following commands:

  set authentication interval Seconds
  set authentication failover on | off

The first command sets the response interval. The PortMaster sends a
RADIUS access-request packet every "interval" number of seconds. If no
response is received from the primary RADIUS server, the PortMaster
switches or "fails over" to the secondary authentication server. The
secondary RADIUS server then is treated as the primary, and is marked
with an asterisk (*) in "show global"output.

  set authentication interval Seconds

Seconds         A value between 1 and 255. The number of seconds that
		must elapse between RADIUS access-request
		retransmissions if the PortMaster receives no response.
		The default is 3 seconds, and 0 resets the value to the
		default. If the primary server does not respond,
		failover occurs after two times the Seconds value. For
		example, if "set authentication interval 6" is used,
		failover occurs in 12 seconds.

The second command enables the failover feature on the PortMaster 3:

  set authentication failover on | off

on      If the primary server fails to respond three times in a row,
	the PortMaster sends the packet to both the primary and
	secondary servers for the next seven retransmissions. If the
	secondary server replies before the primary server, the
	PortMaster switches the primary and secondary servers. Then on
	the next login attempt, the PortMaster tries the secondary
	server first.  If the secondary server fails to respond three
	times in a row, the PortMaster sends the packet to both servers
	and designates the server that replies first as the new primary
	server.

off    	The PortMaster 3 always tries the primary server first, same as
	the current behavior. This is the default.


_____RADIUS Accounting Failover

This feature is new to the PortMaster 3 in ComOS 3.9b22.

The PortMaster attempts to send each RADIUS accounting packet every
"interval" seconds, and sends it the "count" number of times before
giving up. If an acknowledgement is received from the RADIUS accounting
server, the PortMaster no longer tries to resend the accounting
packet.  If no acknowledgment is sent from the primary server in
response to the first packet, the PortMaster sends the packet to both
the primary and secondary RADIUS accounting servers.

   set accounting count Number
   set accounting interval Seconds

Number 		A decimal number between 1 and 99. The number of times 
		the PortMaster sends a RADIUS accounting packet 
		without acknowledgement from a RADIUS server. 

Seconds		A decimal number between 1 and 255. The number of 
		seconds that must elapse between RADIUS accounting
		packet retransmissions if not acknowledged by the
		accounting server. The default is 30 seconds.

Use the "show global" command to view the Accounting Count and the
Accounting Interval settings.

Examples:

Command> set accounting count 45
Accounting retry count changed from 23 to 45

Command> set accounting interval 60
Accounting retry interval changed from 30 to 60 sec


_______________ Bugs Fixed in ComOS 3.9b22

* The "set maximum pmconsole" command now takes effect immediately.
Previously, active connections on port 1643 had to be reset before
changes would take effect.

* Output for the "set debug ?" command has been enhanced.

* The command "set user protocol ppp" no longer deletes the Point-to-
Point Protocol (PPP) asynchronous map.

* A RADIUS Login-User with the telnet login service no longer generates
a Framed-User start record erroneously.

* The AH and Encapsulating Security Payload (ESP) protocols now work
together.

* An administrative reset of a Layer 2 Tunneling Protocol (L2TP)
session now generates only one stop record instead of two.

* Accounting records for a RADIUS Administrative-User logging in to
port S0 now show the correct service type.

* Administrative logins logged to syslog no longer have the password
sent in clear text.

* Modem code fixes:

   - 3Com modem connections are now more reliable.

   - U.S. Robotics (USR) Telepath V.34 modems can now establish Link Access
     Procedure for Modems (LAPM) error correction. Previously under certain
     conditions, the modem was choosing too high a connection rate and was
     unable to establish LAPM error correction. The modem code now detects
     these conditions and forces the connection speed down by one rate to 
     allow LAPM to be negotiated.

   - For modems with Rockwell Semiconductor Systems (RSS) K56flex chipsets, 
     fast rate changes now work properly. Previously, a retrain was forced
     after a rate change. (RSS is now Conexant Systems Inc.)

   - For all modems, retrain detection has been improved to prevent some
     client disconnections.

   - In the presence of LAPM retransmission errors, the modem code retrains to
     allow the link to adjust to a lower speed and improve throughput.

  - The modem code now suspends LAPM transactions during any rate changes
     or retrains and thereby eliminates some connection failures,
     connections without error control, and some disconnections.

* The authentication packet sent for telnet logins now reports the
correct user type to the access log. Previously, the authentication
packet erroneously reported a user type of Outbound-User.

* Startup and shutdown accounting packets are now resent like other
accounting packets.

* When the PortMaster 3 receives an incoming V.110 setup request, it
now returns the message "Cause 88 Incompatible Destination".
Previously, the message "Release Complete with the Cause 17 User Busy"
was erroneously returned.

* The "show session" command no longer returns garbage characters at
the end of a 12-character location name.

* When the call-check feature has been enabled ("set call-check on"),
callback users specified through RADIUS are now authenticated.

* If a RADIUS menu user fails over a telnet connection, an
administrative user is now allowed to telnet in.  Previously, the
administrative user was rejected until the PortMaster 3 was rebooted.

* RADIUS accounting records for the L2TP access concentrator (LAC) now
include the Tunnel-Server-Endpoint information. This information was
not provided in previous releases.

* When routing is disabled on a WAN port, the port status now reflects
this condition.

* BGP summarization settings that are configured with the "set bgp
summarization" command are now saved after you enter "save all" and
"reset bgp." Previously, only settings configured with the "add bgp
summarization" command were saved.

* Subnets included as part of an OSPF area range are now advertised as
internal OSPF routes.  If not included as part of the range, they are
advertised as OSPF/E2 or external routes.  In previous releases, the
Portmaster 3 advertised routes this way when they were part of an
assigned address pool, but not if they were subnets used to assign
static ip addresses.

* OSPF configuration information is now saved during an upgrade from
ComOS 3.7 to ComOS 3.9.


_______________ Limitations

* The PortMaster 3 must be running ComOS 3.5 or later to upgrade to
ComOS 3.9b22.  If you are running an earlier release of ComOS, upgrade
to ComOS 3.5 first, reboot, then upgrade to ComOS 3.9b22.

* Lucent is still fixing some problems with Rockwell HCF and Cirrus
Logic modems. If you experience any difficulties with modems, verify
that the client modem is running the latest firmware, and then refer to
http://www.livingston.com/tech/bulletin/comos-modem.html.  If these
instructions do not help, contact Lucent NetCare(R) technical support.

* An L2TP network server (LNS) can support only 94 L2TP sessions in
this release.

* Support for the obsolete "True Digital V.34 Card" (MDM-PM3-8 and
MDM-PM3-10) has been removed from this release, except for support of
the V.110 protocol. The "True Digital 56K Card" (MDM-56K-8 and
MDM-56K-10) is still supported.

* Downgrading a PortMaster 3 from ComOS 3.9b22 to a previous release
requires two successful downgrades. After the first successful
downgrade the PortMaster is operational, but without system messages.
The second downgrade applies the system messages.

* The PortMaster 3 can support either the Stac compression card or the
IPSec encryption ("coprocessor") card, but not both. Both cards use the
same interface on the PortMaster 3 motherboard.

* Neither the Internet Key Exchange (IKE) protocol nor the Internet
Security Association Key Management Protocol (ISAKMP) is supported in
this release.

* IPSec passive profiles are not supported in this release.

* The network address translator (NAT) and IPSec cannot be configured
to work together on the same port in this release.

* This release does not support mixing of non-facility associated
signaling (NFAS) and non-NFAS ISDN Primary Rate Interfaces (PRIs) in
the same chassis. If one line is used for NFAS, the other line must be
used for NFAS or left empty.

* NFAS operates only on National ISDN-2 (NI-2) switch types.

* Configuring NFAS settings on a line that is not configured for ISDN
or is unable to perform ISDN functions makes the line behave
strangely.

* When you are using NFAS and a problem occurs on the physical PRI line
with the D channel, the line sometimes does not return to service until
you reset the D channel.

* When a PortMaster running NFAS is rebooted, you must sometimes reset
the D channel to return the PRI to service.

* You must NOT downgrade from ComOS 3.9b10 to any other ComOS 3.9
version without first disabling IPX and OSPF. To do so, enter the
following commands:

set ospf disable
set ipx off
save all
reboot

* Downgrading from ComOS 3.9b10 to ComOS 3.5 might change the Ether0 IP
address.

* You cannot use Inverse Address Resolution Protocol (ARP) on a Frame 
Relay interface with subinterfaces. The primary Frame Relay interface does not
automatically map IP addresses to data link connection identifiers (DLCIs). 
When you enter a "show arp frm1" command, no ARP tables appear, and the 
PortMaster cannot ping across the Frame Relay cloud.

* Inbound NAT maps are restricted to static address maps and/or static
TCP/UDP port maps only. Outbound NAT maps do not have this limitation.

* A ComOS online help file is not included. The "help" command is not
supported.


_______________ Troubleshooting Modems

As part of modem troubleshooting, confirm that the client modem is
running the latest firmware before submitting a modem trouble report.

When making a report of a new modem problem, send the following
information to Lucent NetCare technical support:

* ComOS version
* Client modem manufacturer
* Client modem model
* Results on the client modem of commands ATI0 through ATI11
* Whether the problem is reproducible

Lucent might want to monitor your PortMaster while the client modem 
reproduces the problem.


_______________ Upgrade Instructions

You can upgrade your PortMaster 3 using PMVision 1.6 or later, or
pmupgrade 4.0 or later from PMTools. Alternatively, you can upgrade
using the older programs pminstall 3.5.3, PMconsole 3.5.3, or PMconsole
for Windows 3.5.1.4, or later releases. You can also upgrade using TFTP
with the "tftp get comos" command from the PortMaster command line
interface.

See ftp://ftp.livingston.com/pub/le/software/java/pmvision17.txt for
installation instructions for PMVision 1.7.

*** CAUTION!  If the upgrade fails, do NOT reboot!  Contact
*** Lucent NetCare technical support without rebooting.

The upgrade process on the PortMaster 3 erases the configuration area
from nonvolatile memory and saves the current configuration into
nonvolatile memory. Never interrupt the upgrade process, or loss of
configuration information can result.

WARNING! The amount of NVRAM available for saving configurations has
been reduced from 128KB to 64KB. PortMaster products with
configurations greater than 64KB will lose some of their configuration.
For this reason, be sure to back up your PortMaster configuration
before upgrading to this release. You can check the amount of memory
used for your configuration with the "show files" command. Ignore any
files that also include an uncompressed size.

WARNING! The PortMaster 3 must be running ComOS 3.5 or later
to upgrade to ComOS 3.9b22.  If you are running an earlier release
of ComOS, upgrade to ComOS 3.5 first, reboot, then upgrade to 
ComOS 3.9b22.

IMPORTANT: Any PortMaster running ComOS 3.9b22 requires 4MB 
of RAM. If you are running BGP, 16MB of RAM is required.

The installation software can be retrieved by FTP from
ftp://ftp.livingston.com/pub/le/software/, and the upgrade image
can be found at ftp://ftp.livingston.com/pub/le/upgrades:

ComOS           Upgrade Image   Product
_________       _____________   _____________________________________
3.9b22          pm3_3.9b22      PortMaster 3

________________________________________________________________________

	Copyright and Trademarks

Copyright 1999 Lucent Technologies. All rights reserved.

PortMaster, ComOS, ChoiceNet, and NetCare are registered trademarks 
of Lucent Technologies. PMVision, IRX, and PortAuthority are trademarks 
of Lucent Technologies. PolicyFlow is a service mark of Lucent
Technologies. All other marks are the property of their respective
owners.

	Notices

Lucent Technologies makes no representations or warranties with
respect to the contents or use of this publication, and specifically
disclaims any express or implied warranties of merchantability or
fitness for any particular purpose. Further, Lucent Technologies
reserves the right to revise this publication and to make changes to
its content, any time, without obligation to notify any person or
entity of such revisions or changes.

	Contacting Lucent NetCare Technical Support

Lucent NetCare Professional Services provides PortMaster 
technical support via voice or electronic mail, or through the World 
Wide Web at http://www.livingston.com/. Specify that you are running 
ComOS 3.9b22 when reporting problems with this release.

Internet service providers (ISPs) and other end users in Europe, the
Middle East, Africa, India, and Pakistan should contact their
authorized Lucent sales channel partner for technical support; see
http://www.livingston.com/International/EMEA/distributors.html.

For North America, the Caribbean and Latin America (CALA), and Asia
Pacific customers, technical support is available Monday through Friday
from 7 a.m. to 5 p.m. U.S. Pacific Time (GMT -8). Dial 1-800-458-9966
within the United States (including Alaska and Hawaii), Canada, and
CALA, or 1-925-737-2100 from elsewhere, for voice support. Otherwise,
send email to support@livingston.com (asia-support@livingston.com for
Asia Pacific customers).

