1999/08/03

			ComOS 4.1 Release Note


_______________ Introduction

The new Lucent Technologies ComOS(R) 4.1 software release is now
available for general availability (GA) for the PortMaster(R) 4
Integrated Access Server. This release note applies only to the
PortMaster 4.

This release is provided at no charge to all Lucent customers.
This GA release is recommended for any customer using a PortMaster 4.

This release note documents commands and features added between ComOS
4.0.3 and ComOS 4.1 on the PortMaster 4. This release contains the same
modem code as ComOS 4.0.3c2 for the PortMaster 4.

Before upgrading, thoroughly read "Limitations" and "Upgrade
Instructions."

NOTE: If you downgrade from ComOS 4.1 to ComOS 4.0.3c2 or earlier, you
must perform the downgrade process twice because of changes in the
nonvolatile memory layout in ComOS 4.1.


_______________ Contents

Introduction
Bugs Fixed in ComOS 4.1
New Features in ComOS 4.1
	Dual and Single Ethernet Boards
	Non-Facility Associated Signaling (NFAS)
	RIP Version 2
	Enhanced OSPF Area Range
	Signaling System 7 Intermachine Trunk (SS7 IMT)
	Layer 2 Tunneling Protocol (L2TP)
	Named IP Address Pools
	Crossbar IP
	Local IP Interface
	NAS Port Details
	Multilink Accounting Session ID
	Unique Accounting Session ID
	IPX Support
	Modem Enhancements
	Call-Check on MFR2
	MFR2 for Saudi Arabia
	IGMP Proxy
	Temperature Threshold Setting
	"show bootlog" Command
	"set Line0 off" Command
	"show isdn" and "reset D0" Commands
	"set M0 off" Command
	New Board Identifiers
	Enhanced "show" Commands
	"set chassis-type" Command
	New SNMP Trap Information
	Enhanced PMVision support
Configuring NFAS
Configuring RIP-2
Configuring SS7 IMT
Configuring L2TP
Configuring Named IP Address Pools
Configuring Crossbar IP
Limitations
Upgrade Instructions
Technical Support


_______________ Bugs Fixed in ComOS 4.1

The following bugs are fixed in ComOS 4.1.


_______	Multiple Dial-Ins Fixed

In ComOS 4.1b14, Point-to-Point Protocol (PPP) dial-in users 
sometimes had to dial in multiple times before obtaining a successful
connection. This problem is fixed in ComOS 4.1.


_______ Improved Modem Support

This release includes the modem code from ComOS 3.8.2c2 and 
ComOS 4.0.3c2, which fixes the following modem bugs:

* A NO EC (no error control) connection problem with Cirrus Logic
  modems is fixed.

* Performance with Cirrus Logic modems is improved.

* The number of rate renegotiations with USR/3Com and Cirrus Logic 
  modems has been reduced because ComOS now allows the client to 
  specify spectral shaping.

* Rate renegotiation and retrain problems with USR/3Com and
  Rockwell HCF clients are fixed.

* Connectability with USR/3Com and Rockwell HCF modems and LT 
  Winmodems is improved.

* A downward spiraling upstream rate caused by an incorrect 
  Link Access Procedure for Modems (LAPM) error check is fixed.

* The number of disconnections due to LAPM retrains within a retrain 
  is reduced.

* Rate reduction due to LAPM errors has been made less sensitive.

* Motorola SM56 modems can now connect with V.90.

* A V.90-to-V.34 fallback problem, which can result in a disconnection,
  is fixed by earlier V.34 detection.

* A-law V.90 connectability is improved.

* K56flex connectability is improved by an increase in a K56flex
  timeout.


_______ European PRI Net5 Layer 2 Bug Fixed

The Net5 Layer 2 bug fixed in ComOS 4.0.3 is also fixed in ComOS 4.1.

When using the Net5 ISDN Primary Rate Interface (PRI) switch type, 
the PortMaster 4 now attempts to activate Layer 2 if it is inactive during 
a dial-out attempt or when an inbound call arrives.

In ComOS 4.0, if a Net5 ISDN PRI switch initiated a Layer 2
inactive state, the PortMaster 4 did not activate Layer 2 again before
attempting an outbound call, and the call failed. Likewise, if Layer 2
was down and an inbound call arrived, the PortMaster 4 did not
activate Layer 2 and did not answer the call.


_______ "show sessions" Output Corrected

In a previous release the "show sessions" command sometimes incorrectly
displayed the start or idle timer as 99 days. This problem is fixed.


_______ RADIUS User-Password fixed

The RADIUS User-Password sent in an access-request packet is no longer
corrupted.


_______ Corrected E1 Numbering

Fractional E1 channel numbering is now correct.


_______ ICMP Message and the DF bit

The PortMaster 4 now sends an Internet Control Message Protocol
(ICMP) Destination Unreachable message to the source host when the
PortMaster cannot forward a packet with the Don't Fragment (DF) bit
set onto a interface that has a smaller maximum transmission unit (MTU).


_______________ New Features in ComOS 4.1

The following commands and features have been added in ComOS 4.1.

The following information is also available in the "PortMaster 4
Configuration Guide" and "PortMaster 4 Command Line Reference."


_______ Dual and Single Standalone Ethernet Boards

The dual-interface Ethernet module (PM4-100E-2P, Dual 10/100 
Ethernet Board) provides an additional two 10/100Mbps Ethernet 
interfaces. The dual-interface Ethernet module must be inserted 
into slot 3. The configuration is the same as for Ether0 or Ether1  
and supports the same routing protocols. Interface numbering for the 
dual-interface Ethernet module is Ether30 and Ether31.

The single-interface Ethernet board (PM4-100E-1P, Single 10/100 
Ethernet Board) provides an additional 10/100Mbps Ethernet interface. 
It can be inserted into any available slot except slot 4, which is reserved 
for the primary system manager module (SMM).

Interface numbering is as follows:

Ether00 	Single-interface Ethernet board in slot 0
Ether10 	Single-interface Ethernet board in slot 1
Ether20 	Single-interface Ethernet board in slot 2
Ether30 	Single-interface Ethernet board or dual-interface 
		Ethernet module in slot 3
Ether31 	Dual-interface Ethernet module in slot 3
Ether50 	Single-interface Ethernet board in slot 5
Ether60 	Single-interface  Ethernet board in slot 6
Ether70 	Single-interface Ethernet board in slot 7
Ether80 	Single-interface Ethernet board in slot 8
Ether90 	Single-interface Ethernet board in slot 9

Although physically installed in slot 3, the Ether31 interface is monitored
and reset through virtual slot 11.


_______Non-Facility Associated Signaling (NFAS)

Non-facility associated signaling (NFAS) is a service offered by
telephone companies that permits a single D channel to provide the
signaling for a group of PRIs. This service allows the channel that
is normally used for signaling on the remaining PRIs to be used as a 
B channel.

Because combining the signaling onto a single D channel increases the
consequences if communication with that channel fails, some telephone
companies use the D channel backup (DCBU) system. DCBU requires two 
D channels per NFAS group, one as a primary and one as a secondary.

The Lucent ComOS implementation of NFAS supports both standard NFAS and
NFAS with DCBU across up to 20 PRIs.

See the section titled "Configuring NFAS" for NFAS configuration
information.


_______ RIP Version 2

ComOS 4.1 adds support for RIP version 2 (RIP-2). RIP-2 adds
netmasks, next-hop information, and authentication to RIP. While OSPF
is often a better choice of routing protocol, some environments prefer
RIP-2.

See the section titled "Configuring RIP-2" for RIP-2 configuration
information.


_______ Enhanced OSPF Area Range

OSPF areas now support 16 OSPF range entries.


_______Signaling System 7 Intermachine Trunk (SS7 IMT)

ComOS 4.1 on the PortMaster 4 can communicate with a Signaling
System 7 (SS7) signaling gateway through Q.931+ protocol to receive
calls over an intermachine trunk (IMT).

See the section titled "Configuring SS7 IMT" for SS7 IMT configuration
information.


_______Layer 2 Tunneling Protocol (L2TP)

ComOS 4.1 on the PortMaster 4 supports Layer 2 Tunneling Protocol
(L2TP) as both an L2TP access concentrator (LAC) and an L2TP network
server (LNS).

A PortMaster 4 can support up to 100 tunnels. A Quad T1 board supports
up to 64 L2TP sessions when configured as a LNS. Note that the number
of L2TP tunnels is for the entire PortMaster 4, while the number of
L2TP sessions is for each board. Multiple sessions can be sent through
a single tunnel.

See the section titled "Configuring L2TP" for L2TP configuration
information.


_______Named IP Address Pools

The IP pool table allows for multiple dynamically assigned address
pools within the PortMaster. Each entry in the IP pool table contains
a name, a starting base IP address with a subnet mask, and a crossbar 
IP address. A RADIUS access-accept packet can indicate to the 
PortMaster which IP pool to assign a user's address from.

See the section titled "Configuring Named IP Address Pools" for 
configuration information.


_______Crossbar IP

Crossbar IP is a per-interface-directed gateway. Instead of comparing
the IP packet's destination address to the routing table for traffic
coming in on an interface, the PortMaster 4 instead looks up the
configured crossbar IP address in the routing table and sends the
packet to that next hop. The crossbar IP address affects the 
packet's routing to the next hop only.

The crossbar IP address can come from a user profile or from the 
IP pool table. When both are used, the crossbar IP setting in the user 
profile takes precedence over the gateway in the IP pool table. Crossbar IP 
can also be configured on Ethernet ports, network hardwired ports, dial-out
locations, the local user table, and in RADIUS.

See the section titled "Configuring Crossbar IP" for configuration
information.


_______Local IP Interface

The PortMaster 4 now supports up to four internal routable IP addresses.
When a local IP address is configured, it becomes the PortMaster 4's
global address used by all network handles such as RADIUS, the 
Domain Name System (DNS), the Simple Network Management Protocol
(SNMP), an IMT, and BOOTP. These IP addresses are host-based, with 
no configuration options other than the address itself. The "ifconfig"
command 
displays the logical interface(s) when local IP addresses are configured. The
interface names are local1, local2, local3, and local4.

Use the following command to globally assign to the PortMaster 4 IP
addresses that are not limited by network interface:

set local-ip-address [1|2|3|4] Ipaddress

1|2|3|4		Up to four local IP addresses can be set on the 
		PortMaster. The default is 1.

Ipaddress	IP address or hostname of up to 39 characters 
		used by the PortMaster to identify itself. Set 
		the IP address to 0.0.0.0 to clear the setting.

The local IP address feature has two main purposes. First, the
PortMaster can advertise its local IP addresses as host routes through
configured routing protocols. In this way, PortMaster services can be
referred to a particular IP address and are not dependent on any one
network interface.

The second use for local IP addresses is to determine how the
PortMaster identifies itself.

IPCP Negotiation:

During PPP negotiations for the IP Control Protocol (IPCP), the 
PortMaster 4 identifies itself with an address chosen in the following 
order:

1. The local IP address configured in the user profile, if set.
2. The global reported IP address, if set.
3. The first global local IP address, if set.
4. The second global local IP address, if set.
5. The third global local IP address, if set.
6. The fourth global local IP address, if set.
7. The IP address of Ether1, if set.
8. The IP address of Ether0.

Main IP Address: 

When the PortMaster creates an IP packet, it must identify itself by 
placing a source address in the IP header. To do so, the PortMaster 
chooses either the main IP address or the nearest IP address, 
depending on the service used. The main IP address is chosen
in the following order:

1. The first global local IP address, if set.
2. The second global local IP address, if set.
3. The third global local IP address, if set.
4. The fourth global local IP address, if set.
5. The IP address of Ether1, if set.
6. The IP address of Ether0.

The following services use the main IP address: 

* syslog
* traceroute
* telnet
* DNS
* RADIUS authentication and accounting
* ChoiceNet(R)
* Communicating with Signaling System 7 (SS7) for Intermachine Trunk (IMT)

The nearest IP address is the IP address of the interface on which the
packet exits the PortMaster. The following services use the nearest IP
address:

* ping
* OSPF
* RIP
* rlogin
* L2TP

The global local IP address settings can be displayed with the 
"show global" and "show routes" commands.

Examples:
Command> set local-ip-address 10.112.34.17
Local IP Address (1) changed from 0.0.0.0 to 10.112.34.17

Command> set local-ip-address 2 192.168.54.6
Local IP Address (2) changed from 0.0.0.0 to 192.168.54.6


_______NAS Port Details

The value reported by the PortMaster 4 for NAS-Port in RADIUS
accounting-request packets has been enhanced to encode the 
PortMaster 4 slot number (0-9), line number (0-31, although 
only 0-3 are used now), and channel number (0-31).

The NAS-Port Number Format in network byte order is as follows:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Channel |  Line   |  Slot |  All zero                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

So channel 4 of line 1 in slot 2 is, for example,
NAS-Port = 2084 (4 + 1 * 32 + 2 * 1024).


______Multilink Accounting Session ID

The PortMaster 4 now sends the Acct-Multi-Session-Id in RADIUS
accounting-request packets using attribute 50 as described in RFC
2139.  The Acct-Multi-Session-Id associates all the sessions comprising
a multilink connection. The PortMaster uses the Acct-Session-Id of the
first connection as the Acct-Multi-Session-Id for all connections in
the multilink session.

To account for all the sessions that make up a multilink connection, 
add the following line to your RADIUS dictionary file, and then stop 
and restart your RADIUS server:

ATTRIBUTE       Acct-Multi-Session-Id   50      string


_______Unique Accounting Session ID

The Acct-Session-Id that the PortMaster 4 sends in a RADIUS
Accounting-Request packet now includes the slot number of the board
where the session is running. The first 2 hexadecimal digits are
incremented on each reboot. The next hexadecimal digit is the number of
the slot the board is in, and the final 5 hexadecimal digits are
incremented for each user login on that board.

CAUTION! Because the encoding of the Acct-Session-Id is subject to
change in future releases, RADIUS server implementers must minimize
dependence on the format of the Acct-Session-Id and treat it only as a
string to be used when matching accounting start and stop records. In
particular, Lucent strongly discourages the practice of converting the
8 hexadecimal digits into a 32-bit integer because the length of the
string is likely to increase in a future release.


_______IPX Support

Novell's Internetwork Packet Exchange (IPX) protocol was not 
supported on the PortMaster 4 in ComOS 4.0 and ComOS 4.0.3, 
but is now supported in ComOS 4.1.


_______Modem Enhancements

Modem performance under high loads is improved through 
enhancements to the modem driver software.


_______Call-Check on MFR2

Call-check is now supported with multifrequency robbed bit (MFR2) 
signaling. Refer to the "PortMaster 4 Configuration Guide" for complete 
line configuration details.


_______MFR2 for Saudi Arabia

MFR2 profile 0 is now supported in Saudi Arabia. Refer to the
"PortMaster 4 Configuration Guide" for complete line configuration
details. Profile 0 is the ITU-T standard.

ITU Reference:

- Q.422       		Standard R2 signaling
- Q.441 & Q.442 	Multifrequency (MFR2) signaling


_______IGMP Proxy

The PortMaster 4 supports Internet Management Group Protocol version 2
(IGMP) multicast proxy as described in RFC 2236. The PortMaster 4 looks
like a multicast router to clients and like a multicast host to routers. To 
enable multicast IGMP, configure either Ether0 or Ether1 to have multicast 
proxy enabled. The single-interface Ethernet board and dual-interface
Ethernet module do not support multicast proxy in this release.

The following command starts the Ethernet interface listening for IGMP
traffic. It also sends out an IGMP member report for the ALL_SYSTEM
group.

  set Ether0 mproxy on

Users enable multicast by setting the RADIUS vendor-specific attribute
LE-Multicast-Client to 1. Add the following two lines to your RADIUS 
server dictionary file.  They are already included in RADIUS 2.1.

ATTRIBUTE	LE-Multicast-Client	23	integer Livingston
VALUE		LE-Multicast-Client	On	1 

When the PortMaster 4 creates the interface for this user, the
PortMaster 4 turns multicast on for that interface, and sends an IGMP
member report for the ALL_SYSTEM group. When the user joins a group,
the rest is handled by the IGMP protocol.

The "show igmp" command displays current dynamic multicast 
groups, including local and dial-in client group members. This is a 
dynamic group table only. Static groups cannot be added.

Command 1> show igmp
Multicast Source: ether1
Group: 224.0.0.1
       ether1
Group: 224.0.0.99
       ether1

IGMP Multicast Heartbeat:

You can monitor IGMP multicast traffic from a heartbeat group of
multicast routers. To do so, you set time slots during which a
multicast-enabled host must receive multicast traffic for the heartbeat
group. You can establish five time slots of 120 seconds each, for
example, and set the minimum number of time slots that must receive
traffic to three. The PortMaster 4 then keeps track of multicast
messages from the heartbeat group by checking five time slots every 
120 seconds. If the number of time slots receiving a heartbeat is less
than three out of five, the PortMaster 4 sends an SNMP trap to indicate
a problem with multicast traffic.

Example:
set ether1 mproxy addr 224.0.0.99		# Multicast heartbeat group.
set ether1 mproxy port 2000			# Port number to listen.
set ether1 mproxy src-add 192.168.20.1		# Source of heartbeat.
set ether1 mproxy src-netmask 255.255.255.255	# Netmask for source.

set ether1 mproxy slot 120			# Length of each time
						# slot (0 to 120).
set ether1 mproxy num 5				# Number of time slots
						# (1 to 6).
set ether1 mproxy timeout 360			# Timeout for IGMP clients
						# (60 to 600 seconds).
set ether1 mproxy alarm 3			# Minimum number of slots
						# to receive heartbeat
						# (1 to 6).

Example:
Command> show alarms
Alarm Id    Age    Severity   Alarm Message
--------   ------  ---------  ------------------------------------------
6263196*    16:10      0      No Multicast Heart beat 224.0.0.99


_______Temperature Threshold Setting

The following command sets the temperature (in degrees Celsius) above
which the system manager module starts to turn off boards. The 
"show global" command displays the current temperature threshold 
setting  in degrees Celsius and degrees Fahrenheit.

  set shutdown Temperature

Temperature	A temperature in degrees Celsius.

Example:
Command> set shutdown 60
Setting Shutdown Temperature to 60C

Command> show global
Shutdown Temp: 60C / 140F


_______ "show bootlog" Command

Reboots and stack traces on the system manager module and line boards
are now saved to a boot log file.

ComOS reserves an area in memory for storing stack traces and the last
process ID. When a board reboots, ComOS checks for information in the
reserved area and sends it to the console and the boot log. If power to 
the board is lost, memory is reset and the information in the reserved 
area is not logged.

The boot log is stored in the nonvolatile RAM file system in a file
named "bootlog", a circular buffer up to 64KB in length. You can
display the boot log with the "show bootlog" command.

Each entry in the boot log contains the following information:
 
Time stamp	Time elapsed since the board was last rebooted.
Slot		Slot in which the reboot occurred.
Description	Indicates if the unit is turned on, was soft 
		booted, or crashed. 
		- For soft boots and crashes, the last process to 
		  run before the crash is identified.
		- For crashes, the stack trace is displayed.
Version	For crashes, the version number of the running 
		ComOS is displayed.

The boot log can be erased with the "erase file bootlog" command.

If a board crashes, provide the stack trace to Lucent for analysis.

Example:

Command> show bootlog 
[000:00:00:00:25] Slot4 - Soft Boot - Last Process 0x138bc0
[000:00:00:00:25] Slot4 - Crash Boot @ 32:54 pm4OS: 4.1
 Crash type 3 - Last Proc 0x134a04 - IP 0x1d8e0c
 Regs: 0000000A 00000002 00000028 0023E160 00318B94 00000018 00000020 00318B80
  1d937f (1d0008 293 51 18 20 0 0 0)
  1d8e0c (18 318c44 0 0 0 0 0 0)
  1d821e (18 51 3bad18 e 0 0 e 0)
  136b6f (3bad18 0 0 318c44 0 0 0 0)
  1372c6 (0 318d54 0 318d84 1c3868 0 18 0)
  13423e (0 5 0 381930 0 246 0 0)
  1349da (3bcaf0 50 0 0 0 0 0 0)
  134a01 (3216cc 18599 0 0 0 0 0 0)
  134ad0 (0 40 ffff240 1 318dd8 8b4e 8b4c 70b7)
  1dba8c (1f4 137b27 0 0 0 0 0 0)


_______ "set Line0 off" Command

The following command allows the administrator to "busy out" a T1 
or E1 line by turning off the transmitter. The result is a yellow alarm,
which causes the switch to advance to the next line in the hunt group
if configured. The "show Line0" command shows the status of a disabled
port as ADMIN. The "show isdn" command never shows a disabled line as
ACTIVE. The result of "set Line0 off" is not saved by "save all."

  set Line0 on | off

Line0	line0, line1, line2, or line3.
on	Enables the transmitter on the specified line.
off	Disables the transmitter on the specified line. 


_______"show isdn" and "reset D0" Commands

The following command displays the current status of the D channels
and their associated B channels on a Quad T1 or Tri E1 board. Set the
view to the slot containing the board.

  show isdn

Example:

Command> set view 0
View changed from 4 to 0

Command 0> show isdn
D  Ports   State L1 L2   Change  init  Up    Down
-- ------- ------------- ------- ----- ----- -----
 0   S0-S22 UP   Active         2     3     3     0
 1  S24-S46 UP   Active         0     2     2     0
 2  S48-S70 UP   Active         0     2     2     0
 3  S72-S94 UP   Active         0     2     2     0

The following command resets individual D channels for troubleshooting
purposes. Set the view to the slot containing the Quad T1 or Tri E1
board.

  reset D0

D0	D channel d0, d1, d2 or d3.

Example:

Command> set view 0
View changed from 4 to 0
Command 0> reset d0
Send reset (9)
Board ISDN channel D0 RESET


_______	"set M0 off" Command

The following command disables and enables modems for troubleshooting
and maintenance. This command did not exist in ComOS 4.0 and 
ComOS 4.0.3 for the PortMaster 4.

  set M0 on | off

M0	A modem from m0 to m95.

Example:

Command> set m0 off
Modem M0 changed from on to off

Command> show modems
Mdm Port Status  Speed  Compression Protocol  Calls Retrain Disconnect
--- ---- ------  -----  ----------- -------- ------ ------- ------------
M0       	ADMIN	UNKNWN	NONE 	NONE	0	0	NORMAL
M1       READY	UNKNWN	NONE 	NONE	0	0	NORMAL

M0 now displays "ADMIN" under the "Status" column.

Command> set m0 on
Modem M0 changed from off to on


_______New Board Identifiers

The "show slots" and "show boards" commands show new board identifiers
for the single-interface Ethernet board and dual-interface Ethernet
module.


_______Enhanced "show" Commands

The "show sessions", "show all", and "show modems" commands have been
enhanced to search on a specified string. If entered from the manager
view (4), these commands show, by board, any output that matches
the specified string. If the command is entered from a particular slot
view, only output for the board in that slot is shown.

  show sessions [ String ]
  show all [ String ]
  show modems [ String ]


_______"set chassis-type" Command

The following command determines how PMVision(TM) displays the
chassis it is monitoring: as a PortMaster 4 or as another slot-based 
remote access concentrator (RAC) running ComOS 4.1:

  set chassis-type pm4 | msm

pm4	PortMaster 4 chassis.
msm	7R/E(TM) Packet Driver remote access concentrator---also
	known as a 5ESS(R) Switch MultiService Module (MSM) RAC.

The "show global" command displays the chassis type only when it is set
to "msm", because "pm4" is the default.


_______New SNMP Trap Information

The PortMaster now sends an SNMP "coldstart" trap if the system manager
module reboots.

Example:

Command> show alarms
Alarm Id    Age    Severity   Alarm Message
--------   ------  ---------  ------------------------------------------
3657108        40      99      ColdStart Host: 192.168.9.214


_______Enhanced PMVision Support

Additional support has been added to ComOS 4.1 to allow PMVision to
monitor and configure PortMaster 4 features. See the PMVision
release notes for details.


_______________Configuring NFAS

Non-facility associated signaling (NFAS) is a service offered by
telephone companies that permits a single D channel to provide the
signaling for a group of T1 ISDN PRIs. This service allows the channel 
that is normally used for signaling on the remaining PRIs to be used as a 
B channel.

Because combining the signaling onto a single D channel increases the
consequences if communication with that channel fails, some telephone
companies use the D channel backup (DCBU) system. DCBU requires two 
D channels per NFAS group, one as a primary and one as a secondary.
Upon failure of the primary channel, the secondary channel switches
roles and takes the signaling responsibility for the group. When the
failed primary channel returns to service, it becomes a backup for the
secondary.

The Lucent ComOS implementation of NFAS supports both standard NFAS and
NFAS with DCBU on T1 lines across up to 20 PRIs.


_______ Configuration

You must set the view to enter the NFAS configuration into the Quad T1
board. To configure a line for NFAS operation, use the following
command:

  set Line0 nfas primary | secondary | slave | disabled Identifier Group

Line0		line0, line1, line2, or line3.
primary		This PRI contains the primary D channel.
secondary	This PRI contains the secondary D channel.
slave		This PRI contains no D channel.
disabled	Clears this PRI's NFAS configuration.
Identifier     	Number between 0 and 19 that is unique among all PRIs
	 	in the same NFAS group.
Group          	Number between 1 and 99 identifying which NFAS group
		this PRI belongs to.

The following example is for a single PortMaster 4 with two NFAS
groups, one with DCBU and one without. Each group contains two Quad T1
boards. Use the following commands to configure the PortMaster 4:

NFAS bundle #1 (with DCBU)
  Slot0 (Line0 contains the primary D channel. Line1, line 2, and line3
  are slave lines.):
    set view 0
    set line0 nfas primary 0 1
    set line1 nfas slave   1 1
    set line2 nfas slave   2 1
    set line3 nfas slave   3 1
    save all
    reset slot0

  Slot1 (Line0 is a slave line, and line1 contains the secondary
  D channel.):
    set view 1
    set line0 nfas slave     4 1
    set line1 nfas secondary 5 1
    save all
    reset slot1

NFAS bundle #2 (without DCBU)
  Slot3 (Line0 contains the primary D channel, and line1 is a
  slave line.):
    set view 3
    set line0 nfas primary 0 2
    set line1 nfas slave   1 2
    save all
    reset slot3

  Slot6 (Line0 and line1 are slave lines.):
    set view 6
    set line0 nfas slave 2 2
    set line1 nfas slave 3 2
    save all
    reset slot6

See the "PortMaster 4 Configuration Guide" and the "PortMaster 4
Command Line Reference" for more information about NFAS configuration.


_______ Displaying NFAS Information

The following command displays statistics and information
specific to NFAS operation. Set the view to the appropriate slot before
using this command.

  show nfas

The "show nfas" command displays Quad T1 boards in the same NFAS group
as this slot and shows in-service D channel information and slave
status.


_______ Displaying NFAS Debugging Information

A new debug command has been added to aid in diagnosing problems that
might occur in testing. You must set the view to a Quad T1 board to
use this command.

  set debug nfas on | off

This command enables or disables the logging of NFAS events to the
console. Remember to use "set console" before using this command.


______________ Configuring RIP-2

ComOS 4.1 adds support for RIP version 2 (RIP-2). RIP-2 adds
netmasks, next-hop information, and authentication to RIP. While OSPF
is often a better choice of routing protocol, some environments prefer
RIP-2.


_______ RIP-2 Command Summary

The command split across three lines must be entered on one line.
It is split here for legibility.

set rip-password Password
set Ether0 | C0 | S0 | W1 | user Username | location Locname
	rip broadcast | listen | on | off |  
	v2 broadcast | v2 listen | v2 on | v2 v1-compatability
set Ether0 | C0 | S0 | W1 rip cost Cost
set user Username rip cost Cost
set location Locname rip cost Cost
set default broadcast | listen | on | off
set debug rip on | off
set debug rip-detail on | off

Password	A string 0 to 16 characters in length.
Ether0		ether0, ether1 or other Ethernet interface.
C0		c0 or c1.
S0		s0, s1, or another serial port.
W1		w1 or another synchronous serial port.
Username	A user in the user table.
Locname	A location in the location table.
Cost		A cost from 0 to 16.

See the "PortMaster 4 Command Line Reference" for detailed command
descriptions.


_______ RIP-2 Authentication

The following command sets up simple password authentication in each
RIP-2 packet:

    set rip-password Password | none

Password	String of up to 16 characters. The first character
		cannot be a question mark (?). If quotation marks
 		(" ") are used around the password, they are dropped.
none            	Removes the RIP-2 password. This is the default.

RIP authentication is used to administer an autonomous system using
RIP-2. The password is sent in the packet as clear text, so no
security is provided. The purpose of the authentication is to prevent
any RIP packets from being accepted unless the router they come from
has been explicitly configured to be part of the routing protocol. This
feature can help the administrator protect against misconfiguration,
but not intruders.

This feature adds an additional 20 bytes of overhead for every 24 routes
sent by RIP-2, because the authentication occupies the first route slot
in every RIP-2 packet sent.

The RIP-2 password takes effect as soon as it is set.

If authentication is configured, any RIP version 1 (RIP-1) packet and
any RIP-2 packet without a matching password are dropped on receipt.

Example: 

Command> set rip-password test
RIP Password Updated


_______ Propagating Default Route Information

Use the following command to set the way default route information is
propagated with RIP and OSPF:

  set default broadcast | listen | on | off

broadcast	Advertise default route information through OSPF or RIP.
listen         	Listen for default route information being received
		through OSPF or RIP.
on		The same as broadcast and listen.
off		Do not send or listen to default route information.

Example:

Command> set default on
Default routing changed from on (broadcast,listen) to on (broadcast,listen)


_______ RIP Interface Settings

You must configure RIP on an interface-by-interface basis. The
following command gives the syntax for configuring RIP on various
interface types. Enter the command on a single line, although it is
split across several lines here for legibility.

NOTE: Changed RIP settings take effect the next time the interface
comes up.

    set Ether0 | C0 | S0 | W1 | user Username | location Locname
	rip broadcast | listen | on | off | 
	v2 broadcast | v2 multicast | v2 listen | v2 on | v2 v1-compatability

Ether0		ether0, ether1 or other Ethernet interface.
C0		c0 or c1.
S0		s0, s1, or another serial port.
W0		w1 or another synchronous serial port.
Username	A user in the user table.
Locname		A location in the location table.
rip		Enables or disables RIP-1 or RIP-2 on the interface. Use 
		"rip" with one of the following options.
broadcast      	RIP-1 packets are sent to the interface's broadcast
		address every 30 seconds, and any RIP packets received
		are ignored.
listen         	RIP packets received on the interface are interpreted
		as RIP-1 updates. Any subnet mask or next-hop
		information is ignored.
off            	Turns RIP routing off on the interface. This is the
		default for all interfaces.
on             	Sets the interface to send RIP broadcasts and receive 
		RIP-1 updates.
v2 broadcast	Enables RIP-2 on the interface and sends RIP-2
		updates using the interface's broadcast
		address every 30 seconds. Any RIP packets received on
		the interface are ignored.
v2 multicast	Enables RIP-2 on the interface and sends RIP-2
		updates every 30 seconds using the multicast
		broadcast address 244.0.0.9. The PortMaster 4
		does not use IGMP to send RIP-2 packets because
		the updates are sent from router to router. Received
		RIP packets are ignored.
v2 listen      	Enables RIP-2 on the interface. No RIP updates are 
		sent, but RIP updates are listened for via the
		interface's broadcast address.
v2 on          	Enables RIP-2 on the interface. RIP-2 updates are 
		sent every 30 seconds via multicast, and RIP updates
		are listened for on the multicast address, or on the
		interface's broadcast address.
v2 v1-compatability     This compatibility switch enables RIP-2 on 
		the interface and sends RIP-2 updates
		on the broadcast address of the interface every 30
		seconds. RIP updates are listened for coming from the
		broadcast address.

Setting RIP Cost per Interface:

     set Ether0 | C0 | S0 | W1 | user User | location Locname
         rip cost Cost

Cost    A decimal value between 0 and 16 that is added to the metric of
	RIP routes sent over the interface.

Example:

Command> set ether1 rip cost 10
Routing for ether1 changed to RIP On (Broadcast, Listen) Cost 10


_______________Configuring SS7 IMT

ComOS 4.1 on the PortMaster 4 can communicate with a Signaling
System 7 (SS7) signaling gateway through Q.931+ protocol to receive
calls over an intermachine trunk (IMT).

set imt-parms Ipaddress Tport1 Tport2 [ default | 1a ]
set Line0 imt
set Line0 signaling rbs | norbs
show imt

_______Configuring IMT Settings 

The following command sets the SS7 signaling gateway address, 
the listening port on the SS7 gateway, the PortMaster 4 base port, 
and the switch type. These settings support an IMT that uses 
out-of-band signaling to control the channels on a trunk.

set imt-parms Ipaddress Tport1 Tport2  [1a | default] 

Ipaddress	The SS7 gateway IP address in dotted decimal notation.
		This address is provided by the SS7 gateway administrator.

Tport1         	The TCP port in the SS7 gateway that listens for SS7
		clients. This socket is provided by the SS7 gateway
		administrator.

Tport2          The local TCP port on slot 0 of the PortMaster 4, 
		used to communicate with the SS7 gateway. Use the same
		local port value for all slots on any single PortMaster 4. 
		Each Quad T1 or Tri E1 board derives its actual local port 
		number by adding its slot number to this Tport2 value.

1a              Sets the switch type to 1A ESS. This setting enables
		the PortMaster 4 to interpret the loopback command from
		the SS7 gateway as a 1A continuity check request.

default         Supports all other switch types. If no keyword is
		specified, this is the default.

NOTE: If you set the switch type to 1a, you must also set robbed bit
signaling (RBS) on the lines attached to the switch. Use the "set Line0
signaling rbs" command.

The PortMaster 4 supports only one SS7 gateway at this time. The
PortMaster 4 supports 96 modems per Quad T1 board when used with an
IMT. Because modem pools are managed on a slot-by-slot basis, each
slot on the PortMaster 4 connected to an SS7 gateway is an independent
SS7 client and establishes an independent session with the SS7
gateway.

To configure a line for IMT out-of-band signaling, you must first
select a Quad T1 board with the "set view" command. Then configure the
lines of the Quad T1 board using the "set Line0 imt" command. To save
the SS7 settings and activate them, use the "save all" and "reset slot"
commands.

Example:

Command> set view 0
View changed from 4 to 0
Command> set imt-parms 192.168.100.10 10000 7000
Changed gateway IP address from 192.168.100.10 to 192.168.100.10
Changed gateway port from 0 to 10000
Changed local port from 0 to 7000

If you configure any other slots on this PortMaster to use IMT, they
must also use port 7000 as the local port.


_______Configuring a Line for IMT  

The following command sets the line connected to an IMT to use 
the out-of-band IMT signaling provided by the SS7 gateway. This 
command requires that you configure the slot being used for this line 
with the "set imt-parms" command.

  set Line0 imt

Line0	line0, line1, line2, or line3.

Example:

Command> set view 0
View changed from 4 to 0
Command 0> set line1 imt
line1 changed to imt


_______Configuring IMT Signaling Recognition

The following command enables and disables recognition by the 
PortMaster 4 of robbed bit signaling on a line:

  set Line0 signaling rbs | norbs

Line0	line0, line1, line2, or line3.

rbs    	Sets the PortMaster 4 to recognize the IMT as a line with
	twenty-four 56Kbps channels using robbed bit signaling. This
	setting is used for 1A IMT lines only.

norbs  	Sets the PortMaster 4 for all other switch types, and is the
	default.

If the switch type is 1a, you must configure the line for robbed-bit
signaling using the "set Line0 signaling rbs" command. To save and
activate the new settings, you must use "save all", and reset every
slot affected.

Example:

Command> set view 0
View changed from 4 to 0
Command 0> set line0 signaling rbs
line0 signaling changed to rbs


_______Displaying IMT Information 

The "show imt" command displays settings for a slot configured for 
IMT signaling. You must select a slot using the "set view" command 
before using this command.

Example:

Command> set view 0
View changed from 4 to 0
Command 0> show imt
Gateway IP address: 192.168.100.10, gateway port: 10000, local port: 7000
Switch type: Default


_______________ Configuring L2TP

ComOS 4.1 supports Layer 2 Tunneling Protocol (L2TP) on the 
PortMaster 4. The entire PortMaster 4 or individual Quad T1 or Tri E1 
boards can function as an L2TP access concentrator (LAC) or an L2TP 
network server (LNS).

The implementation of L2TP in ComOS 4.1 is based on the latest IETF
L2TP draft (revision 12 and 13 as of this writing). For specific
details of operation and protocol implementation of L2TP, refer to the
IETF Internet-Drafts.

NOTE: To configure L2TP, you must be running RADIUS 2.1, or PortAuthority,
or an equivalent RADIUS server that supports call-checking.

A PortMaster 4 can support up to 100 tunnels. A Quad T1 board supports
up to 64 L2TP sessions when configured as an LNS. Note that the number
of L2TP tunnels is for the entire PortMaster 4, while the number of
L2TP sessions is for each board. Multiple sessions can be sent through
a single tunnel.

L2TP allows PPP frames to be tunneled from one PortMaster that answers
an incoming call (LAC) to another PortMaster that processes the PPP
frames (LNS):

End user--->incoming call--->LAC--->LNS--->network access


_______ Description and Applications

The Layer 2 Tunneling Protocol (L2TP) provides tunneling of PPP
connections, allowing for the separation of the functionality normally
provided by a single network access server (NAS) into two parts: 

 * The L2TP access concentrator (LAC) provides the "physical"
   connection point between the telephone network (and therefore the
   dial-in user) and the host network.

 * The L2TP network server (LNS) terminates the PPP sessions and
   handles the "server-side" of the connection, such as authentication
   of the user, routing network traffic to and from the PPP user, and
   so forth. The LNS does not have any actual physical ports, only
   virtual interfaces.

An outsourcer can use L2TP to provide dial-up ports to customers using
a central and "shared" common physical dial-up pool. The pool resides
in a shared access server (the LAC). The outsourcer's customers
maintain a home gateway (the LNS) and some type of IP connectivity to
the outsourcer. L2TP provides virtual dial-up ports to the outsourcer's
customers. This configuration is sometimes referred to as a virtual
private dial-up network (VPDN).

The service is transparent to the customer, because users still
terminate PPP sessions on the customer network via the LNS. RADIUS
authentication, accounting, and IP address assignment are all done by
the customer. The LAC does no PPP processing unless it is using
partial authentication for determining the tunnel end point. It only
accepts the call and establishes a tunnel to the LNS for that PPP
session. The tunnel can be established based upon Called-Station-Id or
User-Name (where partial authentication occurs on the LAC before tunnel
establishment).

For example, if you use Called-Station-Id (and Call-Check) with L2TP,
the session follows these steps:

1. First, the end user places a call.
2. The LAC detects the incoming call.
3. Using call-check, the LAC sends an access-request to a RADIUS server
   containing the Called-Station-Id and Calling-Station-Id before
   answering the call.
4. If the RADIUS server accepts the user, an access-accept message is
   returned to the LAC along with information on how to create the L2TP
   tunnel for this session: the type of tunnel, IP address of the LNS,
   and so on.
5. The LAC then creates a tunnel to the LNS by encapsulating the PPP
   frames into IP packets and forwarding those packets to the LNS.
6. The LNS negotiates PPP normally with the end user.


_______ RADIUS Dictionary Updates for L2TP

Add the following lines to your RADIUS dictionary. They are already
included in RADIUS 2.1.

VALUE         	Service-Type		Call-Check              10
VALUE		NAS-Port-Type		Virtual                 5

ATTRIBUTE	Tunnel-Type		64		integer
ATTRIBUTE	Tunnel-Medium-Type      65		integer
ATTRIBUTE	Tunnel-Server-Endpoint	67		string
ATTRIBUTE	Tunnel-Password		69		string
VALUE		Tunnel-Type		L2TP		3
VALUE		Tunnel-Medium-Type	IP		1

The RADIUS server must be stopped and restarted to read the new
dictionary.


_______ RADIUS User Profiles for L2TP

The user profiles for the LNS are the same as for your users who do not
use L2TP.

For the LAC, some new user profiles are required. Exactly which ones
are dependent on whether you are using Call-Check or partial
username-based tunneling on the LAC. The following profiles can be used
on the RADIUS server serving the LAC for each scenario:

# Uses Called-Station-Id with Call-Check to route callers that dial
# 555-1313 to the LNS "172.16.1.221".
# Note that the LNS address must be enclosed in double quotes because
# it is sent as a string, not as a 32-bit integer.

DEFAULT Called-Station-Id = "5551313", Service-Type = Call-Check
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Tunnel-Type = L2TP,
        Tunnel-Medium-Type = IP,
        Tunnel-Server-Endpoint = "172.16.1.221"

# Same as the previous profile, but uses a shared secret to authenticate
# the session to the LNS.

DEFAULT Called-Station-Id = "5551313", Service-Type = Call-Check
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Tunnel-Type = L2TP,
        Tunnel-Medium-Type = IP,
        Tunnel-Password = "mrsparkle",
        Tunnel-Server-Endpoint = "172.16.1.221"

In both these user profiles, the first line contains the RADIUS check
item, with the Called-Station-ID being used to match the entry before
the call is answered. The L2TP tunnel parameters from the matching
entry are then sent in the RADIUS access-accept message.

The Tunnel-Type specifies the tunneling protocol to be used. The
Tunnel-Medium-Type specifies the transport medium over which the tunnel
is created, IP for now. Tunnel-Server-Endpoint indicates the other end
of the tunnel, which is the LNS in the case of L2TP.

Note that the LNS address must be enclosed in double quotation marks
because it is sent as a string, not as a 32-bit integer.

If you are not using Call-Check and are instead providing partial
authentication based on User-Name, the following user profile works.
The user "bgerald" dials in to the LAC, which initiates a L2TP tunnel
on the user's behalf to LNS 172.16.1.55.

bgerald Password = "wackamole"
        Tunnel-Type = L2TP,
        Tunnel-Medium-Type = IP,
        Tunnel-Server-Endpoint = "172.16.1.55"


_______ L2TP and RADIUS Accounting

The LAC and LNS both log user sessions to RADIUS accounting, but
different accounting data is available from each.

If you are using call-check to establish the tunnel, the LAC's
accounting data shows the Calling-Station-Id, but not the user's name
because that information has not been passed over the link yet. The
LNS accounting data shows both the Calling-Station-Id and the User-Name
along with the assigned IP address.

If partial authentication (instead of call-check) is taking place on
the LAC, then the username might be available to it. In that case,
the username shows up in the RADIUS accounting logs for both the LNS
and the LAC.

In both cases, the LNS shows the NAS-Port-Type as "Virtual", while
the LAC shows the NAS-Port-Type set to the actual physical
interface's connection type.


_______ Redundant Tunnel Server End Points

To increase the robustness of L2TP, you can configure a user profile
to contain redundant tunnel server end points. If the primary LNS 
stops working, inbound L2TP tunnels can be redirected to other 
machines.

Up to three redundant tunnel server end points can be specified. Any more
than three are ignored by the LAC.

The following example shows a RADIUS user profile with multiple
redundant tunnel server end points. Each tunnel server end point is
preceded by the tunnel medium type for that tunnel.

DEFAULT Service-Type = Call-Check, Called-Station-Id = "5551234"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Tunnel-Type = L2TP,
        Tunnel-Medium-Type = IP,
        Tunnel-Server-Endpoint = "192.168.11.2",
        Tunnel-Medium-Type = IP,
        Tunnel-Server-Endpoint = "192.168.11.17",
        Tunnel-Medium-Type = IP,
        Tunnel-Server-Endpoint = "192.168.230.97"

This feature provides redundant LNS backup, not load balancing.


_______ L2TP Command Summary

set l2tp noconfig | disable | enable lac | enable lns
set l2tp authenticate-remote on | off
set l2tp secret [ Password | none ]
set l2tp-lac enable | disable
show l2tp global | sessions | stats | tunnels
reset l2tp [ stats | tunnel Number ]
create l2tp tunnel udp Ipaddress [ Password | none]
set l2tp choose-random-tunnel-endpoint on | off
set debug l2tp max | packets  [Bytes]  | rpc | setup | stats


_______Loading L2TP

Use the following command to have the PortMaster load the L2TP feature
on startup. You must first set the view to the board you are configuring.

  set l2tp noconfig | disable | enable lac | enable lns

noconfig       	Sets the board to have no configuration for L2TP.
		A PortMaster 4 board configured for "noconfig" inherits
		its configuration from the system manager module.
		A manager module configured for "noconfig" cannot 
		provide L2TP configuration to any line boards.

disable        	Sets L2TP off. On the system manager module, 
		L2TP is turned off for the entire PortMaster 4. On a 
		line board, L2TP configuration is not inherited 
		from the manager module.

enable lac	On the system manager module, enables the entire
		PortMaster 4 as a LAC. On a line board, sets the 
		board to be a LAC.

enable lns	On the system manager module, enables the entire
		PortMaster 4 as an LNS. On a line board, sets the 
		board to be an LNS.

When a Quad T1 board is configured to be an LNS, the line ports are
configured for T1 and cannot be used for dial-in. The virtual S0 ports
follow the W1 ports.

Example:

Command> set view 0
View changed from 4 to 0
Command 0> set l2tp enable lns
L2TP LNS will be enabled after next reboot

After using the "set l2tp" command, you must use the "save all" command
to save the configuration and the "reboot" or "reset slot" command for
the L2TP module to load. You reset the slot for a line board and
reboot the PortMaster 4 if the command is set on the manager board.

On a PortMaster 4 you can configure the global setting on the manager
board to be either LAC or LNS. This global setting is used by each
slot that is not configured individually. So if the manager board is
configured as an LNS and slot 0 has no setting, then slot 0 is an LNS.
If the manager board is configured as an LNS and slot 0 is configured
as a LAC, then slot0 is a LAC. Local slot configuration of LAC or LNS
overrides the global setting for that slot. If a slot is configured
with "set l2tp disable", then that slot does not inherit its
configuration from the manager board.


_______Configuring L2TP to Initiate Authentication

The following command configures L2TP to initiate tunnel authentication:

  set l2tp authenticate-remote on | off

on	The PortMaster initiates authentication with the other end point
	of the tunnel before a tunnel is established.

off	The PortMaster does not initiate authentication.

This command determines only whether the PortMaster initiates the
authentication. It does not determine how the PortMaster responds to
an authentication request. The "set l2tp authenticate-remote" command
functions the same on both a LAC and an LNS.


_______ Configuring an L2TP Secret

The "set l2tp secret" global command configures the L2TP password that
the PortMaster uses to respond to all L2TP tunnel authentication
requests.

set l2tp secret Password | none

Password	0-to-15-character string used as a password for
		responding the L2TP tunnel authentication requests.

none		Removes the L2TP secret. This is the default.

The "set l2tp secret" command sets the L2TP secret for the entire
PortMaster.

If a PortMaster configured as a LAC receives a tunnel authentication
request, it uses the Tunnel-Password from the RADIUS access-accept
packet, if present, instead of the global L2TP secret.


_______Displaying L2TP Information

The following command shows information on how L2TP is functioning:

  show l2tp global | sessions | stats | tunnels

The formats shown here are subject to change for the general
availability release of ComOS 4.1.

Examples:

Command> show l2tp global
debug packets debug stats debug setup  Tunnel Authentication Enabled
Initiation of Authentication Remote Tunnel Disabled
Default Board Configuration

Command> show l2tp sessions
Id	Assign-Id	Tunnel-Id	Portname
2305	1		1		S0

Command> show l2tp stats
NEW_SESSION 1
NEW_TUNNEL 4
TUNNEL_CLOSED 3
HANDLE_CLOSED 3
L2TP_STATS_MEDIUM_HANDLE 3
INTERNAL_ERROR 14
CTL_SEND    9
CTL_REXMIT  1
CTL_RCV     10
MSG_CHANGE_STATE   4
WRONG_AVP_VALUE 3
EVENT_CHANGE_STATE 3

Command> show l2tp tunnels
Id  Assign-Id  Hnd   State		Server-Endpoint	Client-Endpoint
1  1	        24	     L2T_ESTABLISHE	192.168.6.13	192.168.10.28


_______ Resetting L2TP

Use the "reset l2tp" command to reset an L2TP tunnel or the L2TP
statistic counters.

  reset l2tp [ stats | tunnel Number ]

stats		Resets the L2TP counters displayed by "show l2tp 
		stat" to zero.
tunnel Number	Destroys the specified tunnel. Number is an integer 
		between 1 and 100 that identifies the tunnel. The 
		"show l2tp tunnels" command displays a list of 
		active tunnel IDs.

CAUTION! Entering "reset l2tp tunnel" without a tunnel ID destroys ALL
L2TP tunnels created on this PortMaster 4. 


_______ Creating an L2TP Tunnel Manually

The following command manually brings up a L2TP tunnel for testing and
troubleshooting:

  create l2tp tunnel udp Ipaddress [ Password | none ]

Ipaddress	IP address of the L2TP tunnel end point.
Password	Password to use when responding to a tunnel
		authentication request from the peer. If none is
		specified, the global L2TP secret is used if
		configured.

Example:

Command> create l2tp tunnel udp 149.198.110.19
OK


_______ Selecting a Tunnel End Point

The following command determines in what order to choose an end point
when multiple tunnel end points are returned in a RADIUS access-accept
packet.

  set l2tp choose-random-tunnel-endpoint on | off

on              Causes the tunnel end point to be chosen randomly from
		the list of tunnel end points returned by RADIUS.

off		Selects the first tunnel end point that can be reached.

Normally, when L2TP is configured with multiple tunnel end points the
end points are chosen serially, always beginning with the first. If a
tunnel cannot be established with the first, then the second is tried,
and then the third. When this feature is on, a random tunnel end point
is selected from those returned in the RADIUS access-accept packet.


_______ Debugging L2TP

The following command is used to troubleshoot L2TP problems:

  set debug l2tp max | packets Size | rpc | setup | stats  on | off

max		Provides the same debugging as rpc, setup, and stats,
		combined.

packets	[Bytes]	Shows a representation of the L2TP packets, similar to
		the "ptrace dump" command. Bytes is an optional
		integer between 0 and 1500 that specifies the number of 
		bytes to display.

rpc		Shows L2TP remote procedure call communications between
		the system manager module and the line boards.

setup		Shows L2TP control messages and errors.

stats		Displays L2TP session statistics in detail.

When you are using debug commands on the PortMaster 4, the debug output
matches the current view. If your view is set to the manager module, you
see debug output for the entire PortMaster. If the view is set to one
Quad T1 board, for example, you see debug information for just that board.


_______________Configuring Named IP Address Pools

The IP pool table allows for multiple dynamically assigned address
pools within the PortMaster. Each entry in the IP pool table contains a
name, a starting base IP address with a subnet mask, and a crossbar IP
address.

This feature also introduces a new vendor-specific RADIUS attribute,
which takes a string that corresponds to a name in the IP pool table.
A user profile can be configured for IP pool only through RADIUS.
The local user table on the PortMaster does not support IP pools.

If the RADIUS access-accept packet indicates that the user receives a
dynamically assigned address and also includes the vendor-specific
LE-IP-Pool attribute, the PortMaster assigns an address for the user
from the specified IP pool. If no LE-IP-Pool is specified, the
PortMaster checks for a named IP pool called "default". If the
"default" pool exists, it is used. Otherwise, the PortMaster 4 uses
the line board pool settings to get its address, as configured by the
"set assigned-address" and "set pool" commands.


_______ Assigning and Reclaiming Addresses

The PortMaster assigns the address during IPCP negotiation for PPP.
Because the PPP negotiation might fail after the address has been
assigned from the address pool, the PortMaster waits one minute before
verifying that the address is in use. If the address is not in use, it
is recycled back into the address pool.

When an interface is destroyed, the IP address is reclaimed back into
the pool.


_______ Duplicate Addresses

If a nonmultilink user logs on multiple times and asks for a
dynamically assigned address, that user receives a different address
each time. The PortMaster never assigns the same address to two users
that are running at the same time. The PortMaster checks for duplicate
addresses only among the dynamically assigned users. If another
interface is using an address from within the address pool, a conflict
occurs when the PortMaster assigns that address.


_______ RADIUS for Named IP Pools

Add the following lines to the RADIUS dictionary to enable the
LE-IP-Pool feature.  The RADIUS 2.1 dictionary already includes this
line.

ATTRIBUTE       LE-IP-Pool              6       string  Livingston

The following example shows a RADIUS user profile with the IP pool
feature.

homers  Password = "kwyjibo"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 255.255.255.254,
        Framed-IP-Netmask = 255.255.255.255,
        LE-IP-Pool = "livermore"


_______ Command Summary for IP Pools

The following commands are used for configuring IP Pools.

  show table ippool
  add ippool Poolname
  set ippool Poolname address-range Ipaddress/Mask [ Gateway ]
  set ippool Poolname address-range Ipaddress Ipnetmask [ Gateway ]
  delete ippool Poolname address-range Ipaddress | all
  reset ippool
  set ippool Poolname default-gateway Gateway

Poolname	Name of the IP pool, up to 31 characters in length.
Ipaddress	The base address of the pool.
Mask		A subnet mask in bits, between 1 and 30.
Ipnetmask	A subnet mask expressed in dotted decimal form.
Gateway	A gateway address for addresses in this range.


_______Displaying IP Pools

The following command displays the IP pool table:

  show table ippool

Example:

Command> show table ippool

Name:  livermore                         Default Gateway: 10.23.45.56

Address/netmask      Gateway
------------------   --------------------
192.168.1.0/29       0.0.0.0
192.168.2.253/30     0.0.0.0
192.168.3.50/25      0.0.0.0
10.4.5.0/24          192.168.222.3


_______ Adding IP Pools

The following command adds a named IP pool. There is no preset limit to
the number of IP pool entries that can be configured.

  add ippool Poolname

Poolname	Name of the IP pool, up to 31 characters in length.

Example:

Command> add ippool livermore
IP pool livermore successfully added


_______ Setting Address Ranges

Address ranges represent the addresses that are assigned to users. Up
to eight ranges can be specified within a single IP pool. The first
ranges are preferred over the latter ranges. Each range has a base
address and netmask associated with it. The base address is incremented
to assign addresses. The number of addresses that are assigned is
determined by the netmask.

The first and last address in each range are not assigned
to avoid possible conflicts with broadcast addresses.

After creating an IP pool with the "add ippool" command, set address
ranges for the IP pool with the following command. The command can
be entered in either format:

  set ippool Poolname address-range Ipaddress/Mask [ Gateway ]
  set ippool Poolname address-range Ipaddress Ipnetmask [ Gateway ]

Poolname	Name of the IP pool.
Ipaddress	The base address of the pool.
Mask		A subnet mask in bits, between 1 and 30.
Ipnetmask	A subnet mask expressed in dotted decimal form.
Gateway	A gateway address for addresses in this range.

Example:

Command> set ippool livermore address-range 192.168.1.0/24
Range 192.168.1.0/24 256 with gateway 0.0.0.0 add to livermore

OR

Command> set ippool livermore address-range 192.168.1.0 255.255.255.0
Range 192.168.1.0/24 256 with gateway 0.0.0.0 add to livermore

The "256" in the previous output indicates that 256 addresses are
covered by the 24-bit mask. Of these 256 addresses, 254 are available
to be assigned. The first and last addresses are not assigned.

Each range can optionally be assigned a gateway address (also referred
to as a crossbar IP). When a packet comes in from a user assigned a
gateway address, the PortMaster forwards the packet to the gateway
address instead of checking the forwarding table. If a gateway address
is not assigned to a range, addresses in the range use the default
gateway of the IP pool. If neither the address range nor the IP pool
has a gateway, then the forwarding table is used.

Example:

Command> set ippool livermore address-range 192.168.1.0/24 10.34.56.78
Range 192.168.1.0/24 256 with gateway 10.34.56.78 add to livermore


_______ Deleting IP Pools

The following command removes an address range from an IP pool or
removes the IP pool entirely:

  delete ippool Poolname address-range Ipaddress | all

Poolname	Name of the IP pool.
Ipaddress	Specifies an address range to remove.
all             Removes the entire IP pool entry.

Examples:

Command> delete ippool livermore address-range 192.168.1.0
Range 192.168.1.0 in livermore successfully deleted

Command> delete ippool livermore all
Pool livermore successfully deleted


_______ Resetting IP Pools

Use the following command after making any changes to the IP pool
settings. Changes do not take effect until you use the "reset ippool"
command.

  reset ippool

The "reset ippool" command causes any new changes to take effect and
converts the address ranges into routes to be propagated through the
routing protocols.

NOTE: Even after the "reset ippool" command has been issued, the
routing protocols might take a while to replace the old routes with the
new changes.


_______ Setting the Default Gateway for an IP Pool

Use the following command to specify a default gateway for the named
IP pool:

  set ippool Poolname default-gateway Gateway

Poolname	Name of an IP pool.

Gateway		Specifies the gateway address (crossbar IP address)
		for the IP pool.

The default gateway functions as a crossbar IP. When a packet comes in
from a user assigned an address from this pool, the PortMaster forwards
the packet to the gateway address instead of consulting the forwarding
table. If a gateway address is not assigned to a range, the range
uses the default gateway of the IP pool. See the following section for
information about the crossbar IP feature.


_______________Configuring Crossbar IP

Crossbar IP is a per-user-directed gateway. Instead of comparing the IP
packet's destination address to the routing table, the PortMaster 4
instead looks up the configured crossbar IP address in the routing
table to determine the packet's next hop. The crossbar IP address
affects the packet's routing to the next hop only.

The crossbar IP address can come from a user profile or from the IP
pool table. When both are used, the crossbar IP setting in the user
profile takes precedence over the gateway in the IP pool table.
Crossbar IP can also be configured on Ethernet ports, network hardwired
ports, dial-out locations, the local user table, and in RADIUS.

The vendor-specific RADIUS attribute for crossbar IP is called
LE-IP-Gateway:

ATTRIBUTE       LE-IP-Gateway           7       ipaddr  Livingston

The following example shows a RADIUS user profile with crossbar IP:

kodos   Password = "kangroo"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 255.255.255.254,
        Framed-IP-Netmask = 255.255.255.255,
        LE-IP-Gateway = 192.168.72.3

The "ifconfig" command displays the keyword CROSSBAR for any interface
where crossbar IP is active.


_______ Command Summary for Crossbar IP

The following commands are for crossbar IP:

set Ether0 crossbar-ip Ipaddress
set S0 | W1 crossbar-ip Ipaddress
set location Locname crossbar-ip Ipaddress
set user User crossbar-ip Ipaddress


_______ Setting Crossbar IP on Ethernet

The following command configures an Ethernet interface to use the
specified IP address instead of the packet destination field to
determine the next hop to route the packet to:

  set Ether0 crossbar-ip Ipaddress

Ether0		ether0 or ether1, or other Ethernet interface.
Ipaddress	A dotted decimal IP address or a hostname of up to 39
		characters. An address of 0.0.0.0 removes the crossbar IP.

For the crossbar IP setting to take effect on the Ethernet
interface, the slot containing the Ethernet board must be reset.

Example:

Command> set ether1 crossbar-ip 192.168.96.78
Changing crossbar ip address from 0.0.0.0 to 192.168.96.78
Command> reset slot10


_______ Setting Crossbar IP on Dial-out Locations

The following command allows dial-out locations and Frame Relay
subinterfaces to use the crossbar IP feature:

  set location Locname crossbar-ip Ipaddress

Locname		A location name. 
Ipaddress	A dotted decimal IP address or a hostname of up to 39
		characters. An address of 0.0.0.0 removes the crossbar IP.

The crossbar IP setting takes effect the next time the location is
used.

Example:

Command> set location krabappel crossbar-ip 192.168.96.69
Changing crossbar ip address from 0.0.0.0 to 192.168.96.69


_______ Setting Crossbar IP for Network Users

The following command configures a user with the crossbar IP feature:

  set user Username crossbar-ip Ipaddress

Username	A user in the local user table.
Ipaddress	A dotted decimal IP address or a hostname of up to 39
		characters. An address of 0.0.0.0 removes the crossbar IP.

User profiles can be configured by RADIUS or from the local user table
of the PortMaster. The PortMaster always checks the local user table
before querying RADIUS.

The crossbar IP setting takes effect the next time the user connects.

Example:

Command> set user skinner crossbar-ip 192.168.1.2
Changing crossbar ip address from 0.0.0.0 to 192.168.1.2


_______ Setting Crossbar IP on Network Hardwired Ports

The following command configures a network hardwired port with the
crossbar IP feature[. You must first select the slot associated with
the port with the "set view" command.

  set S0 | W1 crossbar-ip Ipaddress

S0 | W1	s0, w1, or any other serial port configured as network
		hardwired.
Ipaddress	A dotted-decimal IP address or hostname of up to 39 
		characters. An address of 0.0.0.0 removes the crossbar IP.

The crossbar IP setting takes effect the next time the port is reset.

Example:

Command> set view 2
View changed from 4 to 2
Command 2> set w70 crossbar-ip 192.168.123.4
Changing crossbar ip address from 0.0.0.0 to 192.168.123.4


_______________ Limitations

* Multichassis PPP (MCPPP) is not supported in this release, but is
currently planned for a future release.

* The redundant system manager module is not supported in this release,
but is currently planned for a future release (ComOS 4.1.1).

* The "erase configuration", "erase comos", and "erase partition"
commands must not be used. The configuration is now stored in files in
subdirectories of the nonvolatile file system, not in partitions.

* When using a Quad T1 or Tri E1 line board, you must plug in any lines
from the telephone company that use telephone company clocking into the
lower-numbered line ports starting with Line0. Lines that do not have
telephone company clocking must be plugged into the higher-numbered
line ports starting with Line3 and counting down.

The line board uses the clock signal of the first line port that comes
up, starting with Line0, for its transmit clock signal which is shared
among all the line ports. If the frequency of the clock signal is
shifted, as it is in the case of clock generated by non-telephone
company sources, then analog modems encounter problems and 
might not answer calls.

ISDN and hardwired connections are mostly immune to shifts in clock
frequency.

* The PortMaster 4 system manager module reboots if an snmpwalk 
is done at the same time that BGP is loaded.

* Ethernet subinterfaces can be configured on Ether0 only.

* The modem table is not supported. This limitation affects only users 
who want to connect external modems to C0 or C1.

* You must reboot the PortMaster 4 after deleting an Ethernet
subinterface.

* Entering "reset l2tp tunnel" without a tunnel ID destroys ALL L2TP
tunnels created on a PortMaster 4.

* The "show l2tp stats" command works only from the manager view.
At this time, you cannot view L2TP status for boards other than the
system manager module.

* The "show l2tp sessions" command truncates output after about 58
sessions. Use the "show sessions" command to show all sessions 
including all the L2TP sessions.

* The output of the "show ospf neighbor" command on a single-interface
Ethernet board or a double-interface Ethernet module truncates the last 
character of the Ethernet interface.


_______________ Upgrade Instructions

You can upgrade your PortMaster 4 using PMVision 1.6, or pmupgrade 4.3
from PMTools. Alternatively, you can upgrade using the older programs
pminstall 3.5.3, PMconsole 3.5.3, or PMconsole for Windows 3.5.1.4, or
later releases. You can also upgrade using TFTP with the 
"tftp get" command from the PortMaster command line interface.

See ftp://ftp.livingston.com/pub/le/software/java/pmvision16.txt for
installation instructions for PMVision 1.6.

*** CAUTION!  If the upgrade fails, do NOT reboot!  Contact
*** Lucent Remote Access Technical Support without rebooting.

The upgrade process on the PortMaster 4 erases the configuration area
from nonvolatile memory and saves the current configuration into
nonvolatile memory. Never interrupt the upgrade process, or loss of
configuration information can result. This upgrade does not otherwise
affect your stored configuration in the PortMaster 4.

The installation software can be retrieved by FTP from
ftp://ftp.livingston.com/pub/le/software/, and the upgrade image
can be found at ftp://ftp.livingston.com/pub/le/upgrades/:

ComOS           Upgrade Image   Product
_________       _____________   _____________________________________
4.1            	pm4_4.1         PortMaster 4


________________________________________________________________________

	Copyright and Trademarks

Copyright 1999 Lucent Technologies. All rights reserved.

PortMaster, ComOS, and ChoiceNet are registered trademarks of Lucent
Technologies Inc. PMVision, IRX, and PortAuthority are trademarks of
Lucent Technologies Inc. PolicyFlow is a service mark of Lucent
Technologies Inc. All other marks are the property of their respective
owners.

	Notices

Lucent Technologies Inc. makes no representations or warranties with
respect to the contents or use of this publication, and specifically
disclaims any express or implied warranties of merchantability or
fitness for any particular purpose. Further, Lucent Technologies Inc.
reserves the right to revise this publication and to make changes to
its content, any time, without obligation to notify any person or
entity of such revisions or changes.

	Contacting Lucent Remote Access Technical Support

Lucent Technologies Remote Access Business Unit (previously Livingston
Enterprises) provides technical support via voice or electronic
mail, or through the World Wide Web at http://www.livingston.com/.
Specify that you are running ComOS 4.1 when reporting problems with
this release.

Internet service providers (ISPs) and other end users in Europe, the
Middle East, Africa, India, and Pakistan should contact their
authorized Lucent Remote Access sales channel partner for technical
support; see http://www.livingston.com/International/EMEA/distributors.html.

For North America, the Caribbean and Latin America (CALA), and Asia
Pacific customers, technical support is available Monday through Friday
from 7 a.m. to 5 p.m. U.S. Pacific Time (GMT -8). Dial 1-800-458-9966
within the United States (including Alaska and Hawaii), Canada, and
CALA, or 1-925-737-2100 from elsewhere, for voice support. Otherwise,
send email to support@livingston.com (asia-support@livingston.com for
Asia Pacific customers).

