Multi-Tech RASExpress software for CC4000 and CC9600 Contents -------- - Introduction - Hardware Description - How to upgrade - Revision History - Support Options - Copyrights and Trademarks Introduction ------------ To help your friendly installation, you can check it from the REAMDE.TXT files. Should there be any further recommendations, please contact with the Local Multi-Tech Systems office listed as below. Hardware Description -------------------- CC4000 Hardware description : ----------------------------- - Support standard analog and BRI CC9600 Hardware description : ----------------------------- - Support digital T1 and PRI How to Upgrade -------------- - extract the latest RAS upgrade and it should contain the UPGRADE.EXE file - FTP into RASExpress and upload the upgrade.exe to RASExpress - Telnet into RASExpress and select the upgrade option 4 - press return when prompting for the upgrade key - wait for RASExpress to upgrade, this might take few minutes - when RASExpress is running again, telnet into RASExpress and make sure it shows the new version number Revisions History ----------------- Version 5.63 (03/18/2005) ------------------------- - Fixed reset and lockup problem when a reset function is perform on a port belongs to ISI-HPxx card. - Fixed Authentication when using CHAP failed for PPP Dial-In users. Version 5.63 (12/23/2004) ------------------------- - Disabled the logging of PRILOG.DMP debug messages. - Fixed the problem in printing the idle timeout value for the PRI/Analog line. - Changes made to upgrade the version from 5.62 to 5.63. - Included sanity checks for the core-dump problem reported. - Included fix for the Duplicate Connection Problem - Included fix for the session timeout problem. - Extended max no. of configurable filters to 100 (Earlier only 16 could be configured) - Fixed up all the issues reated to the configuraton of filters through all interfaces - Fixed the problem with display of IP address for the secondary link in MLPPP Connection. - Fixed reboots with a core dump when using ASCEND RADIUS for authentication and the user name is longer than 18 characters. - Remove Additional Characters “ ^@ “ observed along with the password prompt when establishing a telnet session with a remote host (Linux / Solaris) through RASExpress - Fixed when using Telnet Auto Dial Out, the characters are not displayed until the CR key is hi - Fixed RAS Rebooting when Syslog is Enabled - Fixed RADIUS Accounting - Account Session Time (Attribute – 46) was always “0” in the accounting stop packet for dial out users. - Fixed callback problem when using RASExpress and IAS. - Fixed RAS Express Crashing during file transfer in RAW Mode. Also additional chars being transmitted in file some times: - Fixed Telnet Interface did not allow the supervisor password to be changed. - Fixed RASExpress did not restart after modifying the DNS Configuration and the modification came into effect only after a restart - Fixed Filters problems regarding INPUT/OUTPUT & OUTPUT and “FORWARD” operation of the Filters. New features added: ------------------- - Support new ISIxxxx-UPCI cards - Support for different orders of authentication - SYSLOG – A new menu option is provided to configure the Priority / Facility Value for the Syslog Message. The values supported are “Local Use 0 to Local use 7”. - RADIUS Authentication - Provided support for including Called Station ID (RADIUS Attribute – 30) as part of the Authorization process. - Display of the Called Station ID now included in the “Line Status Display” for both the Telnet and WEB Interface - Relaxed the validations for configuring the subnet mask. Version 5.62 (12/13/2002) ------------------------- - Fixed problem when using RAS AT command after RAS rebooted. RAS AT commands were not remember after RAS reboots. - Reduced the number of radius authentication retries. This prevent Windows domain from locking out the user when using IAS radius in Windows 2000 - Fixed the RAS reboot when adding filter entries. - Fixed the RAS reboot when radius authentication is done through Steel belted RADIUS with class attribute more than 48 Bytes. - Fixed the resetting problem in hybrid cards(2S/4S/2U/4U), where it was continuously switching between out of service, waiting for call and Init. - When an AG owned port was reset ,it was not available for reuse - Modified the Reset action to first disconnect and then reset. (Earlier when a PPP session was active, it had to be first disconnected and then reset. Now function has been modified to internally disconnect before resetting the line if a PPP Session is active). - Fixed the Crashing with Core Dump problem which occured when configuring through Telnet. - Modified Telnet Module to Prompt for User Name & Password for Dial out Clients using third party dial out applications (Tacticals - EZ-Dial Out) - Included Option in RASCON to enable / disable authentication when dialout via custom port (ie 8000) - Fix made to AG Server in order fix the problems with Z-Modem transfer when using MCSI Client (Disabled the updation of Del CTS signals) - Modified AG Server to update Status Signals (CTS) to MCSI Client based on buffer size. - Fixed Port 10 problems connecting when using DHCP server to assign address. Same MAC Address was being assigned to 1 & 10, hence the problem. - Fixed the problem related to Crashing with Core Dump. - Fixed the problem regarding Termination of Telnet Session after hanging up a dial out session. - Fixed problems with display of remote IP Addresses on Web Interface. - Fixed the improper display of date & time for all interfaces. - Fixed Callback Issue when using Win-2k Dial up Client. - Fixed the terminal login problem with commplete. - Fixed the problem with 16 port cards while sending the modem signals to AG. - Fixed throughput problems when using MLPPP MultiChassis bonding. - Fixed a bug in the FTP server, that caused problems for PASSIVE FTP Clients. - Fixed the IP Address assignment problem with DHCP for the Win2000 dial-up clients. - Fixed a problem in DHCP client when sending the lease renewal request to the DHCP Server. - Fixed a terminal connection problem when using DHCP Server to assign addresses. - Fixed a problem with the number of Accounting packets sent to the Accounting server during Telnet Dial-out & for PPP dial up connections where the IP Address assignment is through a DHCP server. - Fixed a problem with IP Assignment through DHCP server, when the authentication fails for the first time due to a bad Username/Password, and connects successfully in the subsequent attempts after entring a correct Username/Password. - Changed the version number displayed in the banner message of a terminal login. - Changed the default values of the RADIUS Authentication & Accounting port numbers from 1645 & 1646 to 1812 & 1813 respectively. - Changed AG & Telnet Dial-out for sending the authentication request to RADIUS only after receiving both the Username & Password. - Fixed the maximum password length validation for both PAP & CHAP. Please refer the table below. | Local DB | RADIUS ______|__________|_________ PAP | 47 | 48 CHAP | 47 | 255 - Changed RADIUS client to send packets with dynamic source port. - Changed RADIUS client to print a message for the "Vendor-Specific" (no 26) attribute. - Changed RADIUS Client to send the "CLASS" attribute (no 25) to the accounting server, received from MS-IAS Server in the Auth-Response packet. - Fixed an authentication problem with empty User Database, when the Win2000 dial-up client uses authentication protocols other than PAP & CHAP. - CHAP: Fixed the problem with CHAP authentication when using Win2k IAS NOTE: CHAP AUTHENTICATION IS NOT SUPPORTED WHEN USING WIN-NT IAS New features added: ------------------- - WINS: Added support for WINS (NBNS Negotiations) - WINS: Added support for WINS (NBNS Negotiations) Modified SNMP module to support WINS Configuration through Multi-Manager - Modified Telnet module to support Extended Telnet Options (RFC-2217) - Modified Telnet Module to Prompt for User Name & Password for Dial out Clients using third party dial out applications (Tacticals - EZ-Dial Out) - Included Remote Ip Address in Web display. - Recertified Secure ID Authentication with RSA/ACE Server using Radius - Included WINS parameters in the First-Time-Auto-Detect for MultiManager. - Administrative users are given access to perform FTP. - Added Syslog support. All messages can be redirected to a syslog server Version 5.61 (12/14/2001) ------------------------- - Fixed Configure Reject packets to include/display the CCP options rejected. - Fixed a crashing problem with FTP when the username exceeds the maximum limit(48). - Fixed a crash due to buffer overflow in FTP. - Fixed a crashing problem with FTP when junk characters are received. - Fixed a crashing problem with lan-to-lan port on dialout. - Fixed the caller / called party id problem for analog call on PRI. This is for Radius callback problem - Fixed a problem in sending the actual account terminate cause to radius server for accounting. - Fixed a crashing problem with autotelnet on a terminal dial-in. - Fixed a crashing problem with radius authentication for Win2k MCSI client. - Fixed an invalid radius accounting packet sent to radius server for MCSI client authentication which could crash the server. - Fixed a terminal authetication problem with hybrid card and "ppp detect enabled" for the ppp port. - Fixed an error in the ip address reported in the RADIUS accounting packet for a multilink connection. - Fixed a problem in saving the authentication option using telnet/web for ppp ports. - Fixed a connect problem in IPX AG Server while restarting RASExpress. - Fixed a TACACS accounting problem. - Fixed assignment of a stale static ip address of an earlier user for all subsequent users on that port. - Fixed a static IP address assignment problem on ISDN PRI where a user with a static ip address who called in is not able to call in again until the port occupied earlier is used by a different user with another ip address or a port assigned address. - Fixed a ppp chap authentication problem with local database. - Changed the area code in the telephone number in web interface. - Fixed an "IP not open" problem due to resetting an active PPP port. Problem fixed for server console, manager, telnet command line and menu interface, and web. - Fixed truncation error in setting session timeout from radius server. - Fixed proxy-arp problem when the port is not up. This solves a proxy-arp problem with lan-to-lan ports wherein the local/remote ip address is on the same subnet as the ethernet port. - Fixed a port number problem in radius accounting for telnet dialout which could crash during shutdown. - Reversed the fix for the ON LINE problem given on Nov 30, 2000. Now we do not wait for the idle timeout. On a terminal connection which is stuck in the authentication stage for more than 2 minutes we force a disconnect and reset the port. This means that the idle timeout would come into effect only after the authentication is done. - Fixed the ON LINE problem : upon disconnecting a modem does not drop carrier. Now we wait for the idle timeout, disconnect, and if the carrier is not dropped in 2 minutes time, again force disconnect and reset the port. - RASCON.EXE : Fixed a crashing problem in ISA card port testing. This feature disabled. - Modified the radius accounting session id to contain the port number. - Added two configurable strings in config.rn for the telnet and rlogin port numbers for autologin. These strings can be modified only by editing config.rn; rasexp and rascon would read and write back the same value. The strings added are : WAN Port AutoLogin Telnet Port Number = 00,23 WAN Port AutoLogin Rlogin Port Number = 00,513 where the wan port number is 0-relative and the tcp port number is in decimal. - Added message when putting a port OOS or putting back into service. - support custom port number for Radius protocol, need to manually edit config.rn. - RASCON.EXE : Read/write configuratble telnet & rlogin port numbers. - Modified ppp authentication mechanism : when radius fails, the authentication which was passed earlier is now failed on an empty local database. - Added support for the service type callback_login_user in radius authentication response. - Added flush buffer for telnet dialout to fix the extra LF seen by the telnet client for telnet auto dialout. - Added a port reset while putting an OOS port back into service. - Modified authentication sequence to fall back to local database for telnet/mcsi dialout when the authentiction is set to radius and the radius server is not responding. Also modified the authentication to fall back to local database for ppp client only if the radius is not responding (earlier we would allow checking with local database even if the name/password was rejected by the radius server). - Added calling station id to be passed to radius server for authentication. - Modified IP address assignment mechanism through address pool: Number of IP addresses required for 2S/2U and 4S/4U Hybrid Cards are 4 and 8, respectively. In case of insufficient IP addresses in address pool, IP is disabled for some of the ports. For example, if the address pool is short by 3 addresses, the last 3 ports would be disabled. - Telnet interface : Added option to set Server date. - Web interface : Added a link to redirect the page when server is restarted. - Modified PPP to reject CCP request from clients when CCP is disabled on the Server. This will speed up the authentication process. - RASCON.EXE : Modified to support 4 and 8 IP addresses for 2S/2U and 4S/4U cards, respectively. If the address pool is short of IP addresses, disabled IP on some of the ports. Support Options --------------- For technical support, you may contact your authorized Multi-Tech Systems distributor, dealer or the following Multi-Tech Systems branch offices. U.S.A. Web Site: www.multitecch.com FTP Site: ftp.multitech.com Tel: +1(763)785-3500 Fax: +1(763)785-9874 U.K. Tel: +44(118)959-7774 Fax: +44(118)959-7775 Europe Tel: +31(20)574-5910 Fax: +31(20)547-5911 France Tel: +33(1)6461-0981 Fax: +33(1)6461-0971 India Tel: +91(11)6174-634 Fax: +91(11)410-5968 Copyrights, Trademarks ---------------------- All documents and software provided herewith are Copyright (c) 2002 Multi-Tech Systems. All rights reserved. MS, Windows, Windows 95, Windows NT are tradenames of Microsoft Corporation. Other trademarks or tradenames used herein are properties of the respective owners.