[Top][Contents][Prev][Next][Last]Search


MAX System Administration


This chapter covers these topics:
Introduction to MAX administration
System and Ethernet profile configurations
Terminal server commands
SNMP administration support

Introduction to MAX administration

This chapter describes the following administration tasks:


Note: You can manage the MAX from your workstation by establishing a Telnet session and logging in with sufficient administrative privileges. You can also use Telnet to manage remote Ascend units, such as Pipeline or MAX units.

Where to find additional administrative information

The following administrative topics are documented in a separate guide or supplement.

Activating administrative permissions

Before you can use the administrative commands and profiles, you must login as super-user by activating a Security profile that has sufficient permissions, such as the Full Access profile. To do so:

  1. Press Ctrl-D to open the DO menu, and then press P (or select P=Password).

  2. In the list of Security profiles that opens, select Full Access.

    The MAX prompts you for the Full Access password:

  3. Type the password assigned to the profile and press Enter.

    When you enter the correct password, the MAX displays a message informing you that the password was accepted and that the MAX is using the new security level.

    If the password you enter is incorrect, the MAX prompts you again for the password.


Note: The default password for the Full Access login is Ascend. The first task you should perform after logging in as the super-user is to assign a new password to the profile. See the MAX Security Supplement for details.

System and Ethernet profile configurations

This section describes the following system administration configurations:

For details on these parameters, see the MAX Reference Guide. For background information on additional parameters that appear in the System profile, see Chapter 2, Configuring the MAX for WAN Access.

Understanding the administrative parameters

This section provides some background information on the administration options.

The system name

The system name can contain up to 16 characters. It is a good idea to keep the name simple (do not include special characters), because it is used in negotiating bridged PPP, AIM, and BONDING connections.

Specifying who to contact about problems and the location of the unit

The contact and location fields are SNMP readable and settable, and should indicate the person to contact about this unit, and its location. You can enter up to 80 characters.

Setting the system date and time

The date and time parameters set the system date and time. If you are using SNTP (Simple Network Time Protocol), the MAX can maintain its date and time by accessing the SNTP server. See Chapter 10, Configuring IP Routing.

Console and term rate

The Console parameter lets you change the configuration interface, for example, you can change it from Standard to MIF. If you set it to MIF, the Machine Interface Format interface comes up when you power up the MAX. "Limited" brings up simplified menus for operation with the serial host ports (but not for bridging and routing). See the MAX MIF Supplement for details.

You should also verify that the data rate of your terminal emulation program is set to 9600 baud or lower and that the term-rate parameter in the System profile is also set to 9600. Higher speeds might cause transmission errors.

Allowing remote management

You can set Remote Mgmt to Yes to enable management of the MAX from a WAN link.

Dial-in and dial-out parameters

The Parallel Dial parameter specifies the number of channels that the MAX can dial simultaneously over the T1 PRI line, or that the MAX can disconnect simultaneously. Although you can specify any number of channels, the initial number of channels in a connection never exceeds the value of the Base Ch Count parameter.

The Single Answer parameter specifies whether the MAX completes the answering and routing of one call before answering and routing the next call.

Logging out the console port

The Auto Logout parameter specifies whether to log out and go back to default privileges on loss of DTR from the serial port. Idle Logout specifies the number of minutes an administrative login can remain inactive before the MAX logs out and hangs up.

DS0 minimum and maximum resets

A DS0 minute is the online usage of a single 56-kbps or 64-kbps switched channel for one minute. For example, a 5-minute, 6-channel call uses 30 DS0 minutes.

The DS0 Min Rst parameter specifies when the MAX should reset accumulated DS0 minutes to 0 (zero). You can also use this parameter to specify that the MAX should disable the timer altogether.

The Max DS0 Mins parameter specifies the maximum number of DS0 minutes a call can be online. When the usage exceeds the maximum specified by the Max DS0 Mins parameter, the MAX cannot place any more calls, and takes any existing calls offline.

Setting a high-bit-error alarm

High BER specifies the maximum bit-error rate for any PRI line. The bit-error rate consists of the number of bit errors that occur per second. The number that comes after the double asterisks specifies the power of 10 for the current ratio of error bits to total bits.

High BER alarm specifies whether the back panel alarm relay closes when the bit-error rate exceeds the value specified by the High BER parameter.

Setting an alarm when no trunks are available

No Trunk Alarm specifies whether the back panel alarm relay closes when all T1 PRI lines (or trunks) go out of service.

Customizing the vt100 interface

The Edit and Status parameters customize the status windows in the vt100 interface so that particular screens appear at startup. For details, see the MAX Reference Guide.

Interacting with the syslog daemon to save ASCII log files

The sylog-enabled, host, and facility parameters relate to the sending of log messages to syslogd running on a UNIX host. To maintain a permanent log of MAX system events and send Call Detail Reporting (CDR) reports to a host that can record and process them, configure the MAX to report events to a syslog host on the local IP network. The host running a syslog daemon is typically a UNIX host, but it may also be a Windows system. If the log host is not on the same subnet as the MAX, the MAX must have a route to that host, either via RIP or a static route.


Note: Do not configure the MAX to send reports to a syslog host that can only be reached by a dial-up connection. That would cause the MAX to dial the log host for every logged action, including hang ups.

The facility parameter is used to flag messages from the MAX. After you set a log facility number, you need to configure the syslog daemon to write all messages containing that facility number to a particular log file. (That will be the MAX log file.)

Responding to Finger requests (RFC 1288)

The MAX supports Finger remote user information protocol (RFC 1288). You can use Finger to get information about users currently logged into the MAX. This includes the host address, name, port, and channel. For security reasons, the MAX does not forward Finger requests. Refer to RFC 1288 for complete details of the Finger protocol.

Example administrative configurations

This section shows some sample configurations.

Setting basic system parameters

To configure the system name and other basic parameters in the System profile:

  1. Open the System profile.

  2. Specify a system name up to 16 characters long, enter the physical location of the MAX unit, and indicate a person to contact in case of problems.

  3. If necessary, set the system date and time.

  4. Specify the data transfer rate of the MAX Control port.

  5. Close the System profile.

Configuring the MAX to interact with syslog

To maintain a permanent log of MAX system events and send Call Detail Reporting (CDR) reports to a host that can record and process them, configure the MAX to report events to a syslog host on the local IP network. Note that the Ethernet interface sends out the syslog reports. To configure the MAX to send messages to a Syslog daemon:

  1. Open Ethernet > Mod Config > Log.

  2. Turn on Syslog.

  3. Specify the IP address of the host running the Syslog daemon.

  4. Specify the port at which the Syslog daemon listens for syslog messages from this MAX.

  5. Set the log facility level.

  6. Close the Ethernet profile.

To configure the Syslog daemon, you need to modify /etc/syslog.conf on the log host. This file specifies which action the daemon will perform when it receives messages from a particular log facility number (which represents the MAX). For example, if you set Log Facility to Local5 in the MAX, and you want to log its messages in /var/log/MAX, add this line to /etc/syslog.conf:


Note: The Syslog daemon must reread /etc/syslog.conf after it has been changed.

Configuring Finger support

You can configure the MAX to respond to Finger reqests, as specified in RFC 1288-The Finger User Informtion Protocol.

To enable the MAX to respond to Finger requests:

  1. Open the Ethernet > Mod Config menu.

  2. Set Finger to Yes.

  3. Exit and save the changes.

Terminal server commands

This section describes the commands available in the terminal server command-line interface. To invoke the terminal server command-line interface, you must have administrative privileges. See Activating administrative permissions.

You can open the terminal server command-line interface using any of these methods:

If you have sufficient privileges to invoke the command line, you'll see the command-line prompt; for example:


Note: If you have a MAX running Multiband Simulation, you cannot use the following terminal server commands: close, ipxping, open, resume, rlogin, telnet.

Displaying terminal-server commands

To display the list of terminal server commands:

Or:

Returning to the vt100 menus

The following commands close the terminal server command-line interface and return the cursor to the vt100 menus.

quit                Closes terminal server session
hangup " " " "
local Go to local mode
For example:
When a dial-in user enters the Local command, a Telnet session begins.

Commands for monitoring networks

The following commands are specific to IP or IPX routing connections, and are described in the chapter that explains those connections:

iproute             Manage IP routes.  Type 'iproute ?' for help
ping ping <host-name>
ipxping ipxping <host-name>
traceroute Trace route to host. Type 'traceroute -?' for help
For information about IPXping, see Chapter 9, Configuring IPX Routing.

For details on IProute, Ping, and Traceroute, see Chapter 10, Configuring IP Routing.

Commands for use by terminal-server users

The following commands must be enabled for use in Ethernet > Mod Config > TServ Options. If they are enabled, login users can initiate a session by invoking the commands in the terminal-server interface.

slip                SLIP command
cslip Compressed SLIP command
ppp PPP command
menu Host menu interface
telnet telnet [ -a|-b|-t ] <host-name> [ <port-number> ]
rlogin rlogin [ -l user -ec ] <host-name> [ -l user ]
tcp tcp <hostname> <port-number>
open open < modem-number | slot:modem-on-slot >
resume resume virtual connect session
close close virtual connect session
These commands initiate a session with a host or modem, or toggle to a different interface that displays a menu selection of Telnet hosts. For details on enabling these commands, see Chapter 3, Configuring WAN Links.

SLIP, CSLIP, and PPP commands

These commands initiate SLIP (Serial Line IP), CSLIP (Compressed SLIP), and PPP sessions from the terminal-server command line.

Menu command

You can use the Menu command to invoke the terminal-server menu mode which lists up to four hosts, which can be either Telnet hosts or raw TCP hosts. You can mix Telnet and raw TCP hosts in a menu.

Specifying Telnet hosts

The Menu command invokes the terminal-server menu mode, which lists up to four Telnet hosts as configured in Ethernet > Mod Config > TServ Options. For example:

To return to the command-line, press 0. Terminal-server security must be set up to allow the operator to toggle between the command line and menu mode, or the Menu command has no effect.

Specifying raw TCP hosts

To specify IP addresses or DNS names of hosts to which you establish a raw TCP connection, proceed as follows:

  1. Open the Ethernet > Mod Config > TServ options menu.

  2. Select one of the Host # Addr fields and enter the following:

    rawTcp is the required string that causes the MAX to establish a raw TCP connection when the user chooses this host number. This entry is case-sensitive and must be entered exactly as shown.

    hostname can be the DNS name of the host or the IP address of the host. The total number of characters, including the rawTcp string, must not exceed 31.

    portnumber is the number of the port on which the connection for this host is to be established.

  3. Enter a description of the host on the Host # Text field.


Note: You cannot configure raw TCP hosts if you are using a RADIUS server to provide the list of hosts.

Example configuration combining Telnet hosts and raw TCP hosts
For example, suppose you configure the following values in the TServ Options menu:

The Terminal Server menu displays the following:

If you select 2, the a raw TCP connection is established to the host corp-host on port 7.

If a you select 1, the MAX establishes a Telnet connection to the host 10.10.10.1 on port 23, the default Telnet port.

Telnet command

The Telnet command initiates a login session to a remote host. It uses this format:

If DNS is configured in the Ethernet profile, you can specify a hostname:

If you do not configure DNS, you must specify the host's IP address instead. There are also several options in Ethernet > Mod Config > TServ Options that affect Telnet; for example, if you set Def Telnet to Yes, you can just type a hostname to open a Telnet session to that host.

Another way to open a session is to invoke Telnet first, followed by the Open command at the Telnet prompt, for example:

The Telnet prompt is telnet>. When you see that prompt, you can enter any of the Telnet commands described in Telnet session commands. You can quit the Telnet session at any time by typing quit at the Telnet prompt:


Note: During an open Telnet connection, type Ctrl-] to display the telnet> prompt and the Telnet command-line interface. Any valid Telnet command returns you to the open session. Note that Ctrl-] does not function in binary mode Telnet. If you log into the MAX by Telnet, you might want to change its escape sequence from Ctrl-] to a different setting.

Telnet command arguments
The arguments to the Telnet command are:

Telnet session commands
The commands in this section can be typed at the Telnet prompt during an open session. To display the Telnet prompt during an active login to the specified host, press Ctrl-] (hold down the Control key and type a right-bracket). To display information about Telnet session commands, use the Help or ? command. For example:

To open a Telnet connection after invoking Telnet, use the Open command; for example:

To send standard Telnet commands such as Are You There or Suspend Process, use the Send command. For example:

For a list of Send commands and their syntax, type:

To set special characters for use during the Telnet session, use the SET command. For example:

To display current settings, type:

To see a list of Set commands, type:

To quit the Telnet session and close the connection, use the Close or Quit command. For example:

Telnet error messages
The MAX generates an error message for any condition that causes the Telnet session to fail or terminate abnormally. These error messages may appear:

Rlogin command

The Rlogin command initiates a login session to a remote host. It uses this format:

If you configure DNS, you can specify a hostname such as:

If DNS has not been configured, you must specify the host's IP address instead. Rlogin must also be enabled in Ethernet > Mod Config > TServ Options. The arguments to the Rlogin command are:

To terminate the remote login, use the Exit command at the remote system's prompt. Or, you can use the following escape sequence:

For example, to terminate a remote login that was initiated with the default escape character (a tilde), press Return and then type a tilde followed by a period.

TCP command

The TCP command initiates a login session to a remote host. It uses this format:

For example:

The arguments to the TCP command are:

When the raw TCP session starts running, the MAX displays the word connected. You can now use the TCP session to transport data by running an application on top of TCP. You can hang up the device at either end to terminate the raw TCP session. If you are using a remote terminal server session, ending the connection also terminates raw TCP.

If a raw TCP connection fails, the MAX returns one of the following error messages:

Cannot open session: <hostname> <port-number>

You entered an invalid or unknown value for <hostname>, you entered an invalid value for <port-number>, or you failed to enter a port number.

Open, Resume, and Close commands

If the MAX has V.34 digital modems installed and Modem Dialout is enabled in the TServ Options submenu, a local user can issue AT commands to the modem as if connected locally to the modem's asynchronous port. To set up a virtual connection to a V.34 mode, a user can enter the Open command in this format:

For example:

If the user is not sure which slot or item number to specify, the Show Modems command displays the possible choices. If the user enters the Open command without specifying any of the optional arguments, the MAX opens a virtual connection to the first available V.34 modem.

Once the user is connected to the V.34 modem, he or she can issue AT commands to the modem and receive responses from it.

To temporarily suspend a virtual connection, the user can press Ctrl-C three times. This control sequence causes the MAX to display the terminals server interface again. To resume a virtual connection suspended with Ctrl-C, the user can enter this command at the terminal server prompt:

To terminate a virtual connection, the user enters this command at the terminal server prompt:

Administrative commands

The following commands are related to system administration:

test                test <number> frame-count> ] [ <optional fields> ]
remote remote <station>
set Set various items. Type 'set ?' for help
show Show various tables. Type 'show ?' for help
kill terminate session

Test command

To run a self-test in which the MAX calls itself, the MAX must have two open channels: one for the placing the call, and the other for receiving it. The TEST command has this format:

For example:

You can enter Ctrl-C at any time to terminate the test. While the test is running, the MAX displays the status, for example:

If you enable trunk groups on the MAX, you can specify the outgoing lines used in the self test; if you do not, the MAX uses the first available T1 (or E1) line. For example, if you assign the trunk group 7 to line 1 on a Net/BRI module and a preceding "9" is required by your PBX to make an outgoing call, the following command places the outgoing call on line 1 of the Net/BRI module:

The MAX generates an error message for any condition that causes the test to terminate before sending the full number of packets. These error messages may appear:

Remote command

After an MP+ connection has been established with a remote station (for example, by using the DO DIAL command), you can start a remote management session with that station by entering the Remote command in this format:

For example:

During the remote management session, the user interface of the remote device replaces your local user interface, as if you had opened a Telnet connection to the device. You can enter Ctrl-\ at any time to terminate the Remote session. Note that either end of an MP+ link can terminate the session by hanging up all channels of the connection.

The argument to the Remote command is the name of the remote station, which must match the value of a Station parameter in a Connection profile that allows outgoing MP+ calls, or the user-id at the start of a RADIUS profile set up for outgoing calls.


Note: A remote management session can time out because the traffic it generates does not reset the idle timer. Therefore, the Idle parameter in the Connection profile at both the calling and answering ends of the connection should be disabled during a remote management session, and restored just before exiting. Remote management works best at higher terminal speeds.

At the beginning of a remote management session, you have privileges set by the default Security profile at the remote end of the connection. To activate administrative privileges on the remote station, activate the appropriate remote Security profile by using the DO Password command (see Activating administrative permissions.)

The MAX generates an error message for any condition that causes the test to terminate before sending the full number of packets. These error messages may appear:

Set command

The Set command takes several arguments. To see the Set commands:

The Set All command displays current settings.

To specify a terminal type other than the default vt100, use the Set Term command.

The Set Password command puts the terminal server in password mode, where a third-party ACE or SAFEWORD server at a secure site can display password challenges dynamically in the terminal server interface. When the terminal server is in password mode, it passively waits for password challenges from a remote ACE or SAFEWORD server. This command applies only when using security card authentication. To enter password mode:

To return to normal terminal server operations and thereby disable password mode, press Ctrl-C.


Note: Note that each channel of a connection to a secure site requires a separate password challenge, so for multichannel connections to a secure site, you must leave the terminal server in password mode until all channels have been established. The APP Server utility is an alternative way to allow users to respond to dynamic password challenges obtained from hand-held security cards. For details on dynamic password serving, see the MAX Security Supplement.

The Set FR commands enable you to bring down the nailed connection specified in the named Frame Relay profile. The connection will be reestablished within a few seconds. The Set Circuit commands let you activate or deactivate a frame relay circuit. For details, see Chapter 4, Configuring Frame Relay.

Show command

The Show command takes several arguments. To see the Show commands:


Note: Many of the Show commands are specific to a particular type of usage, for example, IP routing or OSPF. The chapters of this guide that relate to these types of connection and routing describe the relevant Show commands.

Show commands related to network information
The following Show commands are related to monitoring protocols and other network-specific information:

Table 14-1. Network-specific Show commands

Show command

Where described

show arp
See Chapter 10, Configuring IP Routing.

show icmp
See Chapter 10, Configuring IP Routing.

show if
See Chapter 10, Configuring IP Routing.

show ip
See Chapter 10, Configuring IP Routing.

show udp
See Chapter 10, Configuring IP Routing.

show igmp
See Chapter 12, Setting Up IP Multicast Forwarding.

show mrouting
See Chapter 12, Setting Up IP Multicast Forwarding.

show ospf
See Chapter 11, Configuring OSPF Routing.

show tcp
See Chapter 10, Configuring IP Routing.

show dnstab
See Chapter 10, Configuring IP Routing.

show netware
See Chapter 9, Configuring IPX Routing.

show fr
See Chapter 4, Configuring Frame Relay.

show pools
See Chapter 10, Configuring IP Routing.

show pad
See Chapter 6, Configuring X.25.

show x25
See Chapter 6, Configuring X.25.

Show ISDN
The Show ISDN command enables the MAX to display the last 20 events that have occurred on the specified ISDN line. Enter the command in this format:

where <line-number> is the number of the ISDN line. For details on how lines are numbered, see Chapter 2, Configuring the MAX for WAN Access. For example, to display information about the leftmost built-in WAN port:

The MAX responds with one or more of these messages:

In some cases, the message can include a phone number (prefixed by #), a data service (suffixed by K for kbps), a channel number, TEI assignment, and cause code. For example, this information might display:

For information on each of the messages that can display, see the CCITTT Blue Book Q.931 or other ISDN specifications.

Show Modems
To display the status of the MAX unit's digital modems, enter the Show Modems command. For example, the following is output from a MAX with a V.34 modem slot card in slot 8::

8-MOD and 12-MOD K56Flex modem slot cards are not numbered sequentially. This numbering does not affect functionality.

For example, if you have an 8-MOD modem card in slot 8 in a MAX, the Show Modems command in the Terminal Server displays the following output:

As another example, if you have an 12-MOD modem card in slot 8 in a MAX, the Show Modems command in the Terminal Server displays the following output:

The output contains these fields:

Field

Description

slot item

The slot and port number of the modem. For example, 8:1 indicates the first port on the digital modem card installed in slot 8.

modem

The SNMP interface number of each modem.

status

Modem status, which may be one of the following strings:

    • idle: The modem is not in use.

    • awaiting DCD: The call is up and waiting for DCD.

    • awaiting codes: DCD is up, and the call is waiting for modem result codes.

    • online: The call is up. The modem can now send and receive data.

    • initializing: The modem is being reset.

Show Calls
The Show Calls commands displays information about active calls on a German 1TR6 or Japan NTT switch type.

The output includes these fields:

Field

Description

CallID

An identifier for the call

CalledPartyID

The telephone number of the answering device (that is, this unit). This ID is obtained from layer 3 protocol messages during call setup.

CallingPartyID

The telephone number of the caller. This ID is obtained from layer 3 protocol messages during call setup.

InOctets

The total number of octets received by the user from the moment the call begins until it is cleared.

OutOctets

The total number of octets sent by the user from the moment the call begins until it is cleared.

Show Uptime
To see how long the MAX has been running:

If the MAX stays up 1000 consecutive days with no power cycles, the number of days displayed turns over to 0 and begins to increment again.

Show Revision
The Show Revision command displays the software load and version number currently running in the MAX.

Show V.110s
To display the status of the MAX unit's v.110 cards:

The output contains these fields:

Field

Description

slot item

The slot and port number of the V110 port. For example, 8:1 indicates the first port on the V110 card installed in slot 8

v.110s

The SNMP interface number of each V110 card.

status

V.110 port status, which may be one of the following strings:

    • idle: The V.110 port is not in use.

    • open issued: An open was issued, but the MAX has not synced up with the far end.

    • carrier detected: A carrier was detected from the remote end.

    • in use: A V.110 session is up.

Show Users
To display the number of active sessions:

I  Session        Line:  Slot:  Tx        Rx        Service        Host                  User
O ID Chan Port Data Rate Type[mpID] Address Name
O 231849873 1:1 9:1 56K 56K MPP[1] 10.10.68.2 jdoe
I 231849874 1:3 3:1 28800 33600 Termsrv N/A Modem 3:1
O 214933581 1:2 9:2 56K 56K MPP[1] 10.10.4.9 arwp50
O 214933582 1:6 9:3 56K 56K MPP[1] MPP Bundle arwp50
The output contains these fields:

Field

Description

IO

specify I (incoming call) or O (outgoing call)

Session ID

shows the unique session-ID. This is the same as Acct-Session-ID in RADIUS.

Line

Channel shows the line and channel on which the session is established.

Slot

Port shows the slot and port of the service being used by the session, which may be the number of a slot containing a modem card and the modem on that card, or the virtual slot of the MAX unit's bridge/router, with port giving the virtual interfaces to bridge/router starting with 1 for the first session of a multichannel session.

Tx Data Rate

shows the transmit data rate in bits per second.

Rx Data Rate

shows the receive data rate in bits per second.

Service Type

shows the type of session, which may be Termsrv or a protocol name.

For MP and MPP, this shows the bundle ID shared by the calls in a multichannel session. The special values Initial and Login document the progress of a session. Initial identifies sessions that do not yet have a protocol assigned. Login identifies Termsrv sessions during the login process.

Host Address

shows the network address of the host originating the session.

For some sessions this field is N/A. For outgoing MPP sessions only the first connection has a valid network address associated with it. All other connections in the bundle have the network address as listed as MPP Bundle

User Name

The station name associated with the session. Initially, this value is Answer. This is usually replaced with the name of the remote host. For terminal server sessions this is the login name. Prior to login completion this field will show the string "modem x:y" where x and y are the slot and port of them modem servicing the session.

Kill command

The Kill command enables you to disconnect a user who establishes a connection with the Ascend unit via Telnet. You can disconnect the user by session ID. The disconnect code that results is identical to the RADIUS disconnect code, allowing you to track all administrative disconnects. To terminate a Telnet session, use this format:

where <session ID> is the session ID as displayed by the Show Users command described in the preceding section. The reported disconnect cause is DIS_LOCAL_ADMIN. The active Security profile must have Edit All Calls=Yes. If Edit All Calls=No, this message displays when you issue the kill command:

When the session is properly terminated, a message like this one displays:

When the session is not terminated, a caution like this one displays:

Dirdo commands to support Deutsche Telekom's ZGR

The following Dirdo commands enable you to show, add, or delete entries from the answer list or the subaddress list. The following table lists the new commands.To use them, you must have administrative authorization.

Command

Description

Dirdo show ans | sub

Lists all the answer numbers (when you specify ans) or all the subaddresses (when you specify sub) on the RADIUS bootup server.

Dirdo add ans num | sub num

Adds the answer number (when you specify ans) or subaddress (when you specify sub) that you enter as the num argument.

For example, to add the subaddress 1234 to the list, enter the following command:

Dirdo add sub 1234

Dirdo del ans num | sub num

Deletes the answer number (when you specify ans) or subaddress (when you specify sub) that you enter as the num argument.

For example, to delete the subaddress 1234 from the list, enter the following command:

Dirdo del sub 1234

SNMP administration support

The MAX supports SNMP on a TCP/IP network. An SNMP management station that uses the Ascend Enterprise MIB can query the MAX, set some parameters, sound alarms when certain conditions appear in the MAX, and so forth. An SNMP manager must be running on a host on the local IP network, and the MAX must be able to find that host, either via static route or RIP.

SNMP has its own password security, which you should set up to protect the MAX from being reconfigured from an SNMP station.

Configuring SNMP access security

There are two levels of SNMP security: community strings, which must be known by a community of SNMP managers to access the box, and address security, which excludes SNMP access unless it is initiated from a specified IP address. These are the relevant parameters:

For complete information on each parameter, see the MAX Reference Guide.

Understanding the SNMP options

This section provides some background information on the SNMP profile settings.

Example SNMP security configuration

This example sets the community strings, enforces address security, and prevents write access:

  1. Open Ethernet > Mod Config > SNMP Options.

  2. Set R/W Comm Enable to Yes.

  3. Specify the Read Comm and R/W comm parameter strings.

  4. Set Security to Yes.

  5. Specify up to five host addresses in the RD MgrN parameters. Leave the WR MgrN parameters set to zero to prevent write access.

  6. Close the Ethernet profile.

Setting SNMP traps

A trap is a mechanism for reporting system change in real time, for example, reporting an incoming call to a serial host port. When a trap is generated by some condition, a traps-PDU (protocol data unit) is sent across the Ethernet to the SNMP manager.

These are the parameters related to setting SNMP traps:

For details on each parameter and the events that generate traps in the various classes, see the MAX Reference Guide.

Understanding the SNMP trap parameters

This section provides some background information about setting traps.

Example SNMP trap configuration

In this example profile, a community name is specified and the host's IP address is specified in the Dest parameter.

  1. Open an SNMP Traps profile and assign it a name.

  2. Specify the community name (for example, Ascend).

  3. Set the trap types to Yes.

  4. Specify the IP address of the host to which the trap-PDUs will be sent.

  5. Close the SNMP Traps profile.

Ascend enterprise traps

This section gives a brief summary of the traps generated by alarm, port, and security events. For details, see the Ascend Enterprise MIB. For details on obtaining the Ascend MIB, see Supported MIBs.

Alarm events

Alarm events (also called "error events") use trap types defined in RFC 1215 and 1315, as well as an Ascend enterprise trap type. The following trap types from RFC 1215 are supported:

Port state change events

These traps are effective on a port-by-port basis for each port pointed to by ifIndex. The hostPort objects are used to associate a change with ifIndex objects.

Security events

Security events are used to notify users of security problems and track access to the unit from the console. The MIB-II event authenticationError is a security event. The other security events are Ascend-specific.

Supported MIBs

You can download the most up-to-date verson of the Ascend Enterprise MIB by logging in as anonymous to ftp.ascend.com. (No password is required.) In addition to the Ascend MIB, the MAX also supports objects related to Ascend functionality in the following Internet standard MIBs:

You can download the most recent version of these RFCs by logging in as anonymous to ftp.ds.internic.net. (No password is required.)



[Top][Contents][Prev][Next][Last]Search

techpubs@eng.ascend.com

Copyright © 1998, Ascend Communications, Inc. All rights reserved.