ComOS 3.5 Release Note Introduction The new Livingston Enterprises ComOS 3.5 software release is now available for the PortMaster 2, PortMaster 25, PortMaster IRX, and PortMaster Office Router. This release note documents commands and features in ComOS release 3.5 in addition to those described in the Command Line Administrator's Guide. All Livingston manuals are available in PostScript and Adobe Acrobat PDF format on ftp://ftp.livingston.com/pub/le/doc/manuals/. Note - You must use PMconsole 3.5.1 when upgrading to ComOS 3.5; see "Upgrade Instructions" after reading "Memory Requirements", below. Contents Introduction New Features in ComOS 3.5 Bug Fixes in ComOS 3.5 Memory Requirements Upgrade Instructions New Features in ComOS 3.5 ComOS 3.5 includes the following new features: Variable Length Subnet Masks. In previous releases ComOS required the same netmask to be used for all subnets of a network. In release 3.5, variable length subnet masks (VLSM) are supported. To ease the transition, the command "set user-netmask off" is available; see below for details. OSPF. See the OSPF chapter in the Command Line Administrator's Guide, which is available in printed form or in PostScript and Adobe Acrobat PDF format on ftp://ftp.livingston.com/pub/le/doc/manuals/. The "add route" command supports VLSM. The "show routes" command can show specific networks. RADIUS can now be used to authenticate administrative logins. Syslog messages can now be directed to facilities other than AUTH. Easier commands for erasing flash memory. Support for VLSM in RADIUS Framed-Route. RADIUS Accounting entries are retransmitted sooner. RADIUS now supports passwords up to 48 characters in length. The size of the Assigned Address Pool can be set with the "set pool" command. The ARP cache has been increased from 24 to 96 entries. Debug statements can now be timestamped. Variable Length Subnet Masks ComOS release 3.5 supports Variable Length Subnet Masks. In previous releases ComOS required the same netmask to be used for all subnets of a network. In release 3.5, variable length subnet masks (VLSM) are supported. To ease the transition, the command "set user-netmask off" treats all netmasks specified in the User Table or RADIUS as though they were 255.255.255.255, the way earlier releases did. The command "set user-netmask on" adds routes based on the specified netmask. The default is off. In ComOS 3.3.3 and earlier the PortMaster always used 255.255.255.255 for the user's Framed-IP-Netmask, regardless of the value of the attribute. ComOS 3.5 adds support for Variable Length Subnet Masks (VLSM), but by default ignores the Framed-IP-Netmask the same way earlier releases did. To have ComOS 3.5 accept the netmask value, issue the following commands on the PortMaster: set user-netmask on save all After user-netmask is set on, the PortMaster uses the actual value of the Framed-IP-Netmask to update the routing table when a user logs in. Use caution with this feature, because it affects both routing and Proxy ARP on the PortMaster. If you want to route to that one host, use the attribute Framed-IP-Netmask = 255.255.255.255 You should always use netmask 255.255.255.255 when using the PortMaster assigned address pool (or omit the attribute, which defaults to 255.255.255.255). If you want to route to an entire 24-bit subnet, you use Framed-IP-Netmask = 255.255.255.0 "add route" command supports VLSM Static Routes support VLSM. For example, to add a route to the 192.168.1.32/27 subnet through gateway 192.168.1.1 with metric 2 you would use the command add route 192.168.1.32/27 192.168.1.1 2 OSPF ComOS 3.5 supports the Open Shortest Path First (OSPF) routing protocol. See the OSPF Chapter in the Command Line Administrator's Guide, available in printed form or in PostScript and Adobe Acrobat PDF format on ftp://ftp.livingston.com/pub/le/doc/manuals/. Some additional commands were added after that manual went to press and are documented in ftp://ftp.livingston.com/pub/le/doc/notes/ospf and here. Virtual links are not supported, meaning that all PortMasters running OSPF must either be in one area, or have at least one interface in area 0. When injecting RIP routes into OSPF, ComOS 3.5 includes the RIP gateway as the gateway. Before configuring OSPF, you must enter the following commands. set ospf enable save all reboot reset ospf The "reset ospf" command resets the OSPF router engine in the PortMaster. You must enter this command after making changes to the PortMaster's OSPF configuration. OSPF cost, hello-interval, dead-time OSPF cost, hello-interval, and dead-time can be configured by interface. Note - The value for cost, hello-interval, and dead-time must be the same for all routers attached to a common network. set Ether0 ospf on cost Number This command sets the cost of sending a packet on the interface, expressed in the link state metric. Number is a number from 1 to 65535. The default value is1. Example: set ether0 ospf on cost 2 set Ether0 ospf on hello-interval Number This command sets how often the hello packet is transmitted; the interval can be any value from 10 to 120 seconds. The default value of hello-interval is 10 seconds. Example: set ether0 ospf on hello-interval 40 set Ether0 ospf on dead-time Number This command sets the number of seconds the PortMaster will wait after ceasing to receive a neighbor router's hello packets before marking the remote router as down. The range is 40 to 1200 seconds. The default value is 40 seconds. Example: set ether0 ospf on dead-time 60 "show routes" command can show specific networks The "show routes" command now accepts an optional argument to only display routes that match that argument. For example, "show routes 172.16" only shows routes that contain "172.16". RADIUS for administrative logins The PortMaster now supports Service-Type Administrative-User and NAS-Prompt-User. In previous releases, the !root administrative login granted full control to the PortMaster. While !root remains, ComOS 3.5 adds the ability to authenticate administrative logins with RADIUS to provide two classes of users: * administrative users with full configuration ability (everything that !root can do) * read-only administrative users who cannot change the configuration, but can reset ports, reboot, set debug flags, and show status. Now, rather than requiring everyone in a Network Operations Center (NOC) to know the global administrative passwords to all your PortMasters, you can create individual accounts to track access and limit configuration changes to appropriate personnel, if desired. In ComOS 3.5 and later, if a RADIUS Access-Accept returns a Service-Type of Administrative-User (6), the PortMaster treats it as a !root login. If a RADIUS Access-Accept returns a Service-Type of NAS-Prompt-User, a restricted administrative login is granted that has permission to use the following commands: * ifconfig * ping * ptrace * reboot * reset * set console * set debug * show * traceroute * Any other commands that do not affect the configuration A NAS-Prompt-User does not have access to the following commands: add, delete, erase, save, tftp, or any set commands other than "set debug" and "set console". To enable this feature on your RADIUS server: If running RADIUS 1.16, modify /etc/raddb/dictionary to include the following two lines; then kill and restart radiusd: VALUE User-Service-Type Administrative-User 6 VALUE User-Service-Type NAS-Prompt-User 7 If running RADIUS 2.0, modify /etc/raddb/dictionary to add the following line (it already has a definition for Administrative-User); then kill and restart radiusd: VALUE Service-Type NAS-Prompt-User 7 Here are two examples (for RADIUS 2.0) of /etc/raddb/users file entries to illustrate: !pmmon Password = "dontuseth1s" Service-Type = NAS-Prompt-User !pmconfig Auth-Type = System, Prefix = "!" Service-Type = Administrative-User Caution - If you are using your RADIUS server with a combination of Livingston products and other vendors' products, confirm that they either do not use these two Service-Types or that their use is compatible. Syslog messages can be redirected In releases prior to ComOS 3.5, packet filter logging went to the loghost at AUTH facility and NOTICE priority, and all other logging was done to the AUTH facility at INFO priority. In ComOS 3.5, the facility and priority can be set for each of five types of logged events. To display the current syslog settings, use the "show syslog" command. The default settings are displayed in this example: Command> show syslog Syslog Configuration Settings admin-logins: auth.info user-logins: auth.info packet-filters: auth.notice commands: disabled termination: disabled To change the syslog settings, use the "set syslog Logtype Where" command. Logtype is one of the following: admin-logins, user-logins, packet-filters, commands, or termination. Where is either the keyword "disabled", indicating not to send that type of message to syslog, or a facility and priority separated by a period. For example, to log all commands issued on the PortMaster to the LOCAL0 facility at DEBUG priority use the command Command> set syslog commands local0.debug The five areas you can set logging for are defined as follows: Logtype Description ______________ ___________________________________________________ admin-logins !root and administrative logins user-logins Non-administrative logins (You might want to disable this if you already use RADIUS Accounting.) packet-filters Packets that match rules with the "log" keyword commands Every command entered at the command line interface termination More detailed information on how user sessions terminate (See the ComOS 3.3.2 Release Notes.) The facilities and priorities are defined as follows. Livingston recommends that you use the AUTH facility or LOCAL0 through LOCAL7 facilities for receiving syslog messages from PortMasters, but all the facilities are provided. See your operating system documentation for information on configuring syslog on your host. Facility Number _______ ______ kern 0 user 1 mail 2 daemon 3 auth 4 syslog 5 lpr 6 news 7 uucp 8 cron 15 local0 16 local1 17 local2 18 local3 19 local4 20 local5 21 local6 22 local7 23 The following priorities are available: Pri Number Typically Used for ______ ______ ________________________________ emerg 0 system is unusable alert 1 action must be taken immediately crit 2 critical messages err 3 error messages warning 4 warning messages notice 5 normal but significant message info 6 informational message debug 7 debug-level messages Flash erasure commands For more information on these commands see the "General Commands" chapter of the Command Line Administrator's Guide. ComOS 3.5 has a set of commands for erasing all or part of the nonvolatile flash memory of the PortMaster. erase configuration does what "set register 0xffff 0x0102" used to do. Command Use ___________________ ________________________________________________ erase all-flash Erases all the nonvolatile memory in the PortMaster including the configuration and ComOS. erase comos Erases the ComOS that the PortMaster boots from. erase configuration Erases the configuration, returning the PortMaster to factory defaults after its next reboot. erase file String Erase the specified file from configuration nonvolatile memory, see "show files" for a list. erase partition Number Use this command only if told to do so by Livingston Technical Support. RADIUS Framed-Route supports VLSM ComOS release 3.5 supports the subnet length specifier in RADIUS Framed-Route attributes. For example: Framed-Route = "192.168.1.32/28 192.168.1.33 1" RADIUS Accounting retransmits sooner RADIUS Accounting packets are now retransmitted every 30 seconds. The Authenticator field in a retransmitted Accounting-Request is now calculated using the method specified in the current RADIUS specification. RADIUS now supports passwords up to 48 characters in length RADIUS now supports user passwords up to 48 characters in length. The RADIUS 1.16 and RADIUS 2.0 servers support passwords up to 16 characters in length; a future release of the Livingston RADIUS server will support passwords up to 48 characters long. Assigned pool size The PortMaster allocates a pool of IP addresses starting at the Assigned Address base value (set from the global menu or by the "set assigned" command) and counting up. The total number of addresses is equal to the number of ports configured for Network Dialin. If someone dials in and requests an unused address from the pool, that is assigned; if someone dials in and requests any address, the next address from the pool is assigned, if someone disconnects, their address is placed at the end of the pool for reuse. In ComOS 3.5, the size of the pool can also be set explicitly with the "set pool Number" command, where Number is the number of IP addresses to allocate for the pool. If the pool size is decreased, the PortMaster must be rebooted for the change to take effect. Increased ARP cache The Ethernet ARP cache has been increased from 24 entries to 96, to improve performance. Debug timestamps The command "set debug clock on" time-stamps console debug messages using the time since last reboot, specified in days, hours, minutes, seconds, and hundredths of a second. To turn the timestamps off use the command "set debug clock off". Bug Fixes in ComOS 3.5 The following bugs are fixed in ComOS 3.5: * Three small memory leaks are fixed. * In previous releases, if both B channels on a BRI were active and the BRI was provisioned for "Additional Call Offering" and a voice call came in, a B channel was set to idle. In ComOS 3.5, the PortMaster properly refuses the call. * In previous releases, if a synchronous PPP device called in and the PortMaster missed the first PPP packet, after one second the PortMaster sent a V.120 frame to wake up the device. Some devices treated the V.120 frame as an invalid protocol and hung up. In ComOS 3.5, the PortMaster waits five seconds before sending the V.120 frame, because the PPP specification requires the device to retransmit within three seconds. * The Omron ME2814BII modem drops CTS for less than 80 microseconds. In a previous release, the PortMaster detected the drop but not the rise 1/12500 second later, causing the PortMaster to flow control the port and hang the session. This behavior has not been detected on any other brand of modem, but ComOS 3.5 now handles it properly. Memory Requirements The following section discusses memory requirements for ComOS 3.5 in general terms; actual memory usage depends on the configuration and use of your PortMaster. For instructions on upgrading memory see the installation guide for the product. All installation guides are available on the Total Access CD, in PDF format on the Livingston web site www.livingston.com, and in PDF and PostScript format on the Livingston FTP site ftp.livingston.com. All models of the PortMaster Office Router have 1MB of nonupgradable memory, which is sufficient for ComOS 3.5L. All models of the PortMaster IRX have 1MB of memory, which is sufficient for ComOS 3.5R unless you are using OSPF with very large networks. For the PortMaster 2 and PortMaster 25 use the following guidelines to estimate memory usage. Model Async Sync ISDN Base Memory __________________ _____ ____ ____ ___________ PM-25 25 0 0 780KB PM-2E-30 30 0 0 800KB PM-2E-10 + 1 ISDN 10 0 10 860KB PM-2E-10 + 2 ISDN 10 0 20 910KB PM-2E-20 + 1 ISDN 20 0 10 935KB PM-2ER-10 + 1 ISDN 10 1 10 885KB PM-2ER-10 + 2 ISDN 10 1 20 935KB PM-2ER-20 + 1 ISDN 20 1 10 960KB If SNMP is used, an additional 50KB is required. If IPX is used, an additional 20KB is required, plus memory for SAP and RIP. If RIP is used, 5KB for every 100 RIP routes should be added. If OSPF is used, an additional 50KB is required, plus 5KB for every 40 routes. If any other tables are used, such as the User Table or Location Table, those require additional memory. The PortMaster auto-detects the physical installed memory. Four 30-pin 70ns parity SIMMs are required, either 256KB, 1MB, or 4MB. Mixing of SIMMs is not supported. They can be either 3-chip or 9-chip SIMMs. Upgrade Instructions WARNING! YOU MUST USE PMINSTALL VERSION 3.5.1 OR LATER TO PERFORM THIS UPGRADE! If you are upgrading using PMconsole for Windows, you must use PMconsole for Windows version 3.5.1.1 or later. If you are upgrading from ComOS 2.3 or 2.4 to ComOS 3.5, you must first upgrade to ComOS 3.0.4, reboot, then upgrade to ComOS 3.5. If you have any port speeds set to 115200 and upgrade to ComOS release 3.5. and then downgrade to any release before 3.3.2, you must set the port speeds again after downgrading. The installation software can be retrieved by FTP from ftp://ftp.livingston.com/pub/le/software/system/tarfile.tar.Z, replacing system and tarfile.tar.Z with the actual names of the files. /pub/le/software/ Operating System ________________________________ ________________________________ bsdi/pm_3.5.1_BSDOS_2.0.tar.Z BSD/OS 2.0 and 2.1 sgi/pm_3.5.1_IRIX_5.2.tar.Z SGI Irix 5.2 linux/pm_3.5.1_Linux.tar.Z Linux 1.2.13 ELF rs6000/pm_3.5.1_RS6000_4.1.tar.Z RS6000 AIX 4.1 (no longer 3.2.5) alpha/pm_3.5.1_alpha_T3.0.tar.Z Digital Alpha OSF/1 T3.0 hp/pm_3.5.1_hp9000_10.01.tar.Z HP 9000 HP/UX 10.01 sun4/pm_3.5.1_sun4.tar.Z SunOS 4.1.4, 5.5.1 on Sparc sun86/pm_3.5.1_sun86_5.5.tar.Z Solaris/X86 2.5.1 pc/pmw3511.exe Windows 95 and Windows NT 4.0 You can FTP the upgrade image at the same time. This example shows an administrator retrieving the SunOS pminstall and PortMaster 2 upgrade image. umask 22 mkdir /usr/portmaster cd /usr/portmaster ftp ftp.livingston.com (Enter anonymous) (Enter your e-mail address; it will not echo.) binary cd /pub/le/software/sun4 get pm_3.5.1_sun4.tar.Z pm.tar.Z cd /pub/le/upgrades get pm2_3.5 quit tar xvf pm.tar rm pm.tar mv pm2_3.5 data ./pminstall PMconsole 3.5.1.1 for Windows 95 and Windows NT 4.0 is available on ftp://ftp.livingston.com/pub/le/software/pc/pmw3511.exe in a self-extracting file. FTP that file, run the file to install PMconsole for Windows, move the upgrade file into the data directory, run PMconsole for Windows, and click on the Upgrade button. The upgrade images are at ftp://ftp.livingston.com/pub/le/upgrades/. ComOS Upgrade Image Product _______ _____________ _____________________________________ 3.5 pm2_3.5 PortMaster 2, 2E, 2ER, 2R, 2i, 2E-10I 3.5 pm25_3.5 PortMaster 25 3.5R irx_3.5R IRX-111, 112, 114, 211 3.5L or_3.5L OR-M, U, ST, LS and HS ComOS 3.5 uses the same RADIUS dictionary file as ComOS 3.3.3, with the addition of the NAS-Prompt-User. An updated dictionary file is available for RADIUS 1.16 and RADIUS 2.0 at ftp://ftp.livingston.com/pub/le/radius/dictionary. The upgrade does not affect your stored configuration in the PortMaster. If you would like to backup your PortMaster configuration before upgrading, run pmreadconf: cd /usr/portmaster ./pmreadconf pmname pmpassword data/pmname.conf chmod 600 data/pmname.conf Copyright and Trademarks Copyright 1996 Livingston Enterprises, Inc. All rights reserved. The names Livingston, PortMaster, ComOS, RADIUS, ChoiceNet, PMconsole, IRX, True Digital, and RAMP are trademarks belonging to Livingston Enterprises, Inc. All other marks are the property of their respective owners. Notices Livingston Enterprises, Inc. makes no representations or warranties with respect to the contents or use of this manual, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Livingston Enterprises, Inc. reserves the right to revise this publication and to make changes to its content, any time, without obligation to notify any person or entity of such revisions or changes. Contacting Livingston Technical Support Livingston Enterprises provides technical support via voice, FAX, and electronic mail. Technical support is available Monday through Friday 6am-5pm Pacific Time (GMT-8). To contact Livingston Technical Support by voice, dial 1-800-458-9966 within the US or 1-510-426-0770 outside the US; by FAX, dial 1-510-426-8951; by electronic mail, send mail to support@livingston.com; and through the World Wide Web at http://www.livingston.com/.