This chapter explains some important concepts about IP addressing, configuration, and routing. This information is only necessary for those using the IP protocol.

To configure IP for remote networking, see Chapter 3 - Basic Remote Networking and Chapter 4 - Additional Remote Networking. For specific IP commands, see Chapter 12 - Command Reference.

5.2 IP Addresses

Each TCP/IP node on a network has a unique IP address. This address provides the information needed to forward packets on the local network and across multiple networks if necessary.

IP addresses are specified as xxx.xxx.xxx.xxx, where each xxx is a number from 0 to 254; for example, 192.0.1.99. The LRS must be assigned a unique IP address in order to use any TCP/IP functionality.

5.2.1 Overview

IP addresses contain three pieces of information: the network, the subnet, and the host.

5.2.1.1 Network Portion

The network portion of the IP address is determined by the network type: Class A, Class B, or Class C.

Table 5-1: Network Portion of IP Address

Network Class Network Portion of Address
Class A First byte (2nd, 3rd, and 4th bytes are the host)
Class B First 2 bytes (3rd and 4th bytes are the host)
Class C First 3 bytes (4th byte is the host)

Network Class	Network Portion of Address
Class A	First byte (2nd, 3rd, and 4th bytes are the host)
Class B	First 2 bytes (3rd and 4th bytes are the host)
Class C	First 3 bytes (4th byte is the host)

In most network examples, the host portion of the address is set to zero.

Table 5-2: Available IP Addresses

Class Reserved Available
A 0.0.0.0
127.0.0.0

1.0.0.0 to 126.0.0.0

B 128.0.0.0
191.255.0.0

128.1.0.0 to 191.254.0.0

C 192.0.0.0
223.255.255.0

192.0.1.0 to 223.255.254.0
D, E 224.0.0.0 to 255.255.255.254
255.255.255.255

None
For example, consider the IP address 36.1.3.4. This address is a class A address, therefore, the network portion of the address is 36.0.0.0 and the host portion is 1.3.4.

Class	Reserved	Available
A	0.0.0.0 127.0.0.0	1.0.0.0 to 126.0.0.0
B	128.0.0.0 191.255.0.0	128.1.0.0 to 191.254.0.0
C	192.0.0.0 223.255.255.0	192.0.1.0 to 223.255.254.0
D, E	224.0.0.0 to 255.255.255.254 255.255.255.255	None

5.2.1.2 Subnet Portion

The subnet portion of the IP address represents which subnetwork the address is from. Subnetworks are formed when an IP network is broken down into smaller networks using a subnet mask.

Subnetworks and subnet masks are discussed in Subnet Masks

A router is required between all networks and all subnetworks. Generally, hosts can send packets directly only to hosts on their own subnetwork. All packets destined for other subnets are sent to a router on the local network.

5.2.1.3 Host Portion

The host portion of the IP address is a unique number assigned to identify the host.

5.2.2 Setting the LRS IP Address

To set the IP address, the following methods can be used: the front-panel menus (LRS2 only), an ARP entry and the Ping command, a BOOTP or RARP reply, or a terminal connected to the serial console port. All methods of setting the address are discussed in the following sections; choose the method that is most convenient for you.

To access the LRS, hosts must know the LRS IP address. This is typically configured in the host's /etc/hosts file (UNIX) or via a nameserver. For configuration instructions, refer to the host's documentation.

5.2.2.1 Using the LRS2 Front-panel Menus

LRS2 users should refer to the LRS2 Installation Guide for details on using the front panel.

5.2.2.2 Using an ARP Entry and the Ping Command

If the LRS has no IP address, it will set its address from the first directed IP ICMP (ping) packet it receives. To generate such a packet, create an entry in a UNIX host's ARP table. The entry should specify the intended LRS IP address and its current Ethernet address, located on the bottom of the unit.

Figure 5-1: Adding to the ARP Table

# arp -s 192.0.1.228 00:80:a3:xx:xx:xx

Creating an ARP entry requires superuser privileges on the host.

Ping the server using the following command:

Figure 5-2: Ping Command

unix% ping 192.0.1.228
When the server receives the ping packet, it will notice that its own IP address is not currently set and will send out broadcasts to see if anyone else is using this address. If no duplicates are found, the server will use this IP address and will respond to the ping packet. The LRS will not save this learned IP address permanently. It is intended as a temporary measure to allow an administrator to Telnet to the LRS remote console port.

The remote console port is discussed in Remote Console Connections .

The remote console port is a virtual port, designated as port 7000. This port is typically when there isn't another way to telnet to the LRS (for example, Telnet logins are disabled), or when a consistent prompt is required. To telnet to this port, use the telnet command, specifying the LRS IP address and 7000 as the port number.

The LRS will display the remote console port prompt ( # ). In order to successfully log into the port, the login password must be entered at this prompt. The default login password is access. To change this password, see Set/Define Server Login Password .

To make the IP address permanent, use the Define IP IPaddress command. Note that this command requires privileged status.

Table 5-3:
% telnet xxx.xxx.xxx.xxx 7000
Trying xxx.xxx.xxx.xxx
Connected to xxx.xxx.xxx.xxx
Escape character is '^]'
# access (not echoed)

Lantronix LRS2 Version n.n/n (yymmddd)
Type Help at the 'Local>' prompt for assistance.

Enter Username> bob
Local> SET PRIVILEGED
Password> system (not echoed)
Local>> DEFINE IP IPADDRESS 192.0.1.99
Telnetting to Console Port

5.2.2.3 Using a BOOTP or RARP Reply

The LRS's IP address can be configured when the unit boots using information supplied by a host-based RARP or BOOTP server. For configuration information, see the host-based man pages.

Many BOOTP daemons will not reply to a BOOTP request if the download filename in the configuration file does not exist. To get the BOOTP daemon to respond, create a file with the same pathname specified in the configuration file.

5.2.2.4 From the Serial Console Port

To define the IP address from the serial console port, connect a terminal to the LRS and press the Return key.

If the LRS is booting when you press the Return key, a Boot> prompt will be displayed. This prompt enables you to enter a special set of commands, the Boot Configuration Program (BCP) commands. To configure the IP address at this prompt, enter the following command:

Figure 5-3: Configuring IP Address Using BCP

Boot> SET SERVER IPADDRESS 192.0.1.221

For more information on Boot Configuration Program commands, refer to Appendix D of your Installation Guide.

If the LRS is running when you press the Return key, a Local_1> prompt will be displayed. The 1 represents port 1, the serial console port. To set the IP address at this prompt, you will need to become the privileged user by issuing the following commands:

Figure 5-4: Becoming Privileged User

Local_1> SET PRIVILEGED
Password> SYSTEM (not echoed)
Once you've obtained privileged access, use the Set/Define IP IPaddress command:

Figure 5-5: Set/Define IP IPaddress

Local_1>> SET IP IPADDRESS 192.0.1.221
Local_1>> DEFINE IP IPADDRESS 192.0.1.221

5.3 Subnet Masks

IP networks can be divided into several smaller networks by subnetting. When a network is subnetted, some of the host portion of each address is given to the network portion of the address. The amount is governed by the subnet mask. All hosts must agree on the subnet mask for a given network.

For example, IP address 128.1.150.35 is on a class B network. The network portion of this address is 128.1. This large network can be broken down into 254 networks using a subnet mask of 255.255.255.0, which makes the network portion 128.1.150.

It is not always necessary to divide a network into subnetworks. To determine whether subnetting is required, a number of factors should be considered, including the network size and whether or not network traffic needs to be isolated in a particular area.

When the IP address is configured, a default subnet mask will be created. The default subnet mask depends on the class of the LRS IP address; for example, if you assigned the LRS a class B IP address, the default subnet mask will be 255.255.0.0.

If your network is divided into subnetworks, you will need to create a custom subnet mask; the default subnet mask will not be correct for your network.

To override the default subnet mask, use the Set/Define IP Subnet Mask command.

Figure 5-6: Setting Subnet Mask

Local>> SET IP SUBNET MASK 255.255.0.0
Local>> DEFINE IP SUBNET MASK 255.255.0.0
It is also possible to learn a subnet mask from BOOTP, though not all BOOTP server implementations support sending subnet masks. Check the BOOTP server's documentation.

To display the subnet mask, use the Show IP command:

Figure 5-7: Show IP Output

Local>> SH0W IP
LRS16 Version B1.1/102int(951128) Name: DOC_SERVER
Hardware Addr: 00-80-a3-0b-00-5b Uptime: 1 Day 22:49
IP Address: 192.0.1.221 Subnet Mask: 255.255.255.0
The LRS will not change the subnet mask once it is set. If the LRS IP address is changed to a different class , for example, from a class B to a class C address, the subnet mask will remain a class B address.

The LRS supports CIDR (classless routing). CIDR allows Internet Service Providers (ISPs) to group blocks of class C networks into larger networks. Your ISP will provide you with the appropriate subnet mask. If you enter a CIDR subnet mask with the Set/Define IP Subnet Mask command, the LRS will display a reminder that classless routing is being used.

Figure 5-8: Using Classless Routing

Local>> DEFINE IP IPADDRESS 192.0.1.1
Local>> DEFINE IP SUBNET 255.255.240.0
%Info: Supernet (CIDR) mask set.

5.4 Name Resolving

TCP/IP hosts generally have an alphanumeric host name, such as athena, as well as a numeric IP address, such as 192.0.1.35. As a text host name may be easier to remember than an IP address, users may use this name to refer to the host, for example, during a Telnet connection attempt.

Network hosts do not understand alphanumeric host names. When a text name is used, the LRS must translate it into its corresponding IP address. This translation process is called name resolution.

To resolve a name, the LRS can use one of two resources: its local name table, or the Domain Name Service (DNS). For example, suppose user Bob wishes to Telnet to athena.com. The LRS will consult its local host table; if the name doesn't exist, the LRS will attempt to resolve the name using the DNS. If the name cannot be resolved, the IP address must be entered in order to access the host.

Some host names and IP addresses are added to the local host table by rwho packets, periodically broadcasted by UNIX hosts that support the rwho protocol. If addresses are not learned from rwho packets and DNS is not available, hosts may be manually added to the table.

To use the DNS, the LRS must know the IP address of the DNS server, called the Domain Name Server.

5.4.1 Specifying a Default Domain Name

A default domain name may be configured using the Set/Define IP Domain command. This domain name will be automatically appended to any host name during name resolution.

Figure 5-9: Configuring Default Domain Name

Local>> DEFINE IP DOMAIN ctcorp.com
In the example above, the default domain name is ctcorp.com. If user Bob typed telnet athena, the LRS would automatically append the domain suffix and attempt to resolve athena.ctcorp.com.

If a host name is entered that ends with a period (".") the LRS will not add the domain suffix to the hostname for resolution.

5.4.2 Using the Domain Name Service (DNS)

To use the DNS for name resolution, use the Set/Define IP Nameserver command:

Figure 5-10: Setting Domain Name Server

Local>> SET IP NAMESERVER 192.0.1.166
Local>> DEFINE IP NAMESERVER 192.0.1.166
To specify a backup nameserver, use the Set/Define IP Secondary Nameserver command. If the first nameserver isn't available, requests will be sent to the secondary server.

Figure 5-11: Setting Backup Nameserver

Local>> SET IP SECONDARY NAMESERVER 192.0.1.167
Local>> DEFINE IP SECONDARY NAMESERVER 192.0.1.167

5.4.3 Adding Hosts to the LRS Host Table

If the DNS is not available on your network, hosts may be manually entered in the local host table using the Set/Define Hosts command.

Figure 5-12: Adding Host to Local Host Table

Local>> DEFINE HOST athena 192.0.1.15
To display the current entries in the host table, use the Show Hosts command.

Figure 5-13: Displaying Host Table Entries

Local>> SHOW HOSTS
IP Address Host TTL
192.0.1.15 ATHENA 8 min (Rwho)
192.0.1.123 MERCURY 8 min (Rwho)
192.0.1.66 HERCULES 7 min (Rwho)
To remove an entry from the host table, use the Clear/Purge Host command.

Figure 5-14: Deleting a Host From the Host Table

Local>> PURGE HOST mercury

5.5 Sessions

When you log into an LRS port to connect to a network service, your connection is referred to as a session. A network service may be an interactive login to a TCP/IP host, a connection to a modem on the LRS, another server, etc. (Sessions describe interactive connections; PPP or SLIP connections are not referred to as sessions.)

The Break key or local switch can be used to exit a session and return to character (Local>) mode. While in character mode, commands may be entered to display the current sessions, switch to another session, or edit port characteristics.

Switching sessions is discussed in Switching Between Sessions . Editing port characteristics is discussed in Chapter 8 - Ports.

To display the current sessions, use the Show Sessions command.

Figure 5-15: Displaying the Current Sessions

Local>> SHOW SESSIONS
Port 17: bob Telnet Login Current: 2
Session 1 Telnet:ATHENA Interactive (Cr,Del)
Session 2 Telnet:HERCULES Interactive (Cr,Del)
The port number and username will be displayed, along with the connection type and current number of sessions.

To return to a session after pressing the Break key, use the Resume command, specifying the session number.

Figure 5-16: Returning to a Current Session

Local>> RESUME SESSION 2

5.5.1 Establishing Sessions

5.5.1.1 Telnet and Rlogin

Telnet is an industry-standard network protocol that enables users anywhere on a network to access a remote host and start a terminal session. Telnet connections do not require that either end of the connection know the hardware/software used on the other end; for example, if user Bob connects to host athena [Figure 5-17 ], athena doesn't know what terminal type Bob is using, and Bob doesn't know athena's platform or operating system.

Figure 5-17: Telnet Connections

Rlogin connections are similar to Telnet connections, however, Rlogin enables trusted users to log into a host without password verification.

5.5.1.1.1 Outgoing Telnet/Rlogin Connections

To establish an outgoing Telnet connection, use the Telnet command. To establish an outgoing Rlogin connection, use the Rlogin command. A text host name or an IP address may be specified.

Figure 5-18: Outgoing Telnet/Rlogin Connections

Local>> TELNET athena
Local>> TELNET 192.0.1.15
Local>> RLOGIN 192.0.1.15

For information on resolving host names, see Name Resolving .

By default, Telnet and Rlogin connections will be made to a preset port number. To connect to a different port number, use the Telnet/Rlogin commands in conjunction with a port number (prefaced by a colon).

Figure 5-19: Telnetting to a Specific Port Number

Local>> TELNET athena:145
If the LRS port used has been configured with a terminal type (for example, VT100), this information will be sent to the remote host during the session. To configure the terminal type, use the Set/Define Port Termtype command:

Figure 5-20: Setting Term Type

Local>> DEFINE PORT 2 TERMTYPE VT100
Rlogin can be a security problem. When an outgoing Rlogin connection is attempted, the LRS will send the username specified when the user logged into the LRS. If a user is not authenticated during the LRS login process, an unauthorized username may be used to Rlogin to remote hosts.

The easiest way to avoid this problem is to disable outgoing Rlogin connections:

Figure 5-21: Disabling Outgoing Rlogin Connections

Local>> DEFINE SERVER RLOGIN DISABLED
Another way to secure your network is to ensure that the LRS is not a trusted host on any UNIX host on the network. This solution is not foolproof, however, a user could still add the LRS to a UNIX hosts's .rhost file.

5.5.1.1.2 Incoming Telnet/Rlogin Connections

By default, the LRS will permit incoming Telnet and Rlogin connections. If this poses a security problem on your network, these connections can be disabled, restricted with a password requirement, or restricted using the IP security table.

To disable incoming Telnet/Rlogin connections, use the Set/Define Server Incoming command:

Figure 5-22: Disabling Incoming Telnet/Rlogin Connections

Local>> DEFINE SERVER INCOMING NONE
To require the login password for incoming Telnet/Rlogin connections, use the following command:

Figure 5-23: Requiring the Login Password

Local>> DEFINE SERVER INCOMING PASSWORD

To set the login password, see Login Password .

To restrict incoming Telnet and Rlogin connections using the IP security table, see IP Security .

5.5.1.2 Remote Console Connections

The remote console port, designated as port 7000, provides users with a "fail-safe" way to log into the LRS. Remote console logins cannot be disabled, therefore, if incoming logins are disabled, a remote console login will be the only way to remotely access the LRS.

The remote console prompt cannot be changed, even with the Set/Define Server Prompt command. If your configuration requires that a script be used to communicate with the LRS, the script can depend on receiving the same prompt from the LRS each time that it runs.

EZCon uses the remote console port to configure the LRS. To display the remote console prompt within EZCon, see the EZCon online help.

5.5.1.2.1 Logging Into the Remote Console Port

To telnet to the remote console port, use the telnet command.

Figure 5-24: Telnetting to Remote Console Port

% telnet xxx.xxx.xxx.xxx 7000
Trying xxx.xxx.xxx.xxx
Connected to xxx.xxx.xxx.xxx
Escape character is '^'
#
At the # prompt, type the login password. The default login password is access.

Figure 5-25: Entering Login Password

# access (not echoed)
Version n.n/n (yymmdd)
Type HELP at the 'Local>' prompt for assistance.
Enter username> bob

To change the login password, see the Set/Define Server Privileged Password command.

5.5.1.2.2 Configuring the Remote Console Port

Remote console connections are associated with a virtual (rather than physical) port. For virtual port configuration instructions, see Virtual Ports .

The remote console port cannot be associated with preferred or dedicated services or protocols. To ensure that the remote console port is always accessible, it cannot be restricted using IP security or username/password authentication.

5.5.2 Managing Sessions

Session configurations may apply only to the current session, or to all sessions run on a particular port. Session-specific configurations meet needs that apply only to an active session; for example, if binary files were being transferred, interpretation of the switch characters, XON/XOFF flow control characters, and messages could be disabled.

Port-specific session configurations include the number of sessions permitted on a port, the keys used to switch backward and forward between sessions, and the key used to exit from a session to character mode. The commands used to make these configurations are discussed in the following sections.

5.5.2.1 Multiple Sessions

Each port may have a number of sessions running at once. By default, each port is configured to permit up to 4 simultaneous sessions. The maximum number of simultaneous sessions, called the session limit, may be changed; up to 8 sessions may be run on each port.

To change the session limit, use the Set/Define Port Session Limit command.

Figure 5-26: Changing Session Limit

Local>> DEFINE PORT 2 SESSION LIMIT 6

Only one session at a time will be displayed.

5.5.2.2 Switching Between Sessions

The sessions are organized in the order that they were created; commands or keyboard equivalents are used to switch back and forth between active sessions. Switching to a session with an earlier creation date is called switching backward; conversely, switching to a later session is called switching forward. Sessions are arranged in a circular list; switching forward from the last session created will switch to the first session in the list, and vice-versa.

The command used to switch to the previous session is Backwards. Its keyboard equivalent is called the backward switch. To define a backward switch, use the following command:

Figure 5-27: Defining Backward Switch

Local>> DEFINE PORT 2 BACKWARD SWITCH ^O
The Forwards command is used to switch to the next session. Its keyboard equivalent, the forward switch, is specified as follows:

Figure 5-28: Specifying Forward Switch

Local>> DEFINE PORT 2 FORWARD SWITCH ^N
The backward switch and forward switch characters cannot conflict with each other or with characters used for editing commands (see Entering and Editing Commands ). In addition, the characters should not conflict with characters used on the host.

5.5.2.3 Setting Session Characteristics

There are two ways to configure sessions: when a connection is made, or within the session once it is running.

5.5.2.3.1 Configuring a Session When a Connection is Made

To configure a session when a connection is made, an environment string may be specified. This string may be used in conjunction with the Connect command, or saved as part of a preferred or dedicated hostname.

The environment string consists of a series of key letters:

D +D = Backspace mode, -D = Delete mode
E +E = Local Echo mode, -E = Remote Echo mode
I I = Interactive mode
P +P = Passall mode, -P = Passthru mode
C +C = CR = CRLF, -C = CR = LF

The following key letters may be used specifically for Telnet sessions:

T TCP mode (i.e. uninterpreted data stream)
R Rlogin protocol (sets port # to 513 if not already set)
Q Queued (i.e. RTEL) connection
nnn Optional port number

To use an environment string with the Connect command, specify the host, TCP port, or service to connect to, then specify the environment string prefaced by a colon. For example, to telnet to host athena in Backspace and Passall mode, use the following command:

Figure 5-29: Using Environment String with Connect

Local>> CONNECT TELNET athena:+D+P
Figure 5-30:

To set an environment string to use with a preferred or dedicated host/service, use the following syntax:

Figure 5-31: Using Environment String with Preferred/Dedicated Host

Local>> DEFINE PORT 2 DEDICATED RLOGIN athena:480+E

For more information on preferred and dedicated hosts/services, see Preferred/Dedicated Services and Protocols .

Key letters are not case-sensitive, and white space is not permitted in environment strings.

5.5.2.3.2 Configuring a Session Once it's Running

The Set Session command enables users to configure a currently-running session. Areas that may be configured include:

The character sent as the delete character
Local echoing
LRS interpretation of messages and server-specific keys
The character sent to the remote device when the Return key is pressed
LRS interpretation of switch characters, messages, and flow control

For the complete syntax of the Set Session command, click here.

5.5.2.4 Monitoring Session Activity

When the Verification characteristic is enabled, messages will be issued whenever a session on that port is connected, disconnected, or switched. Use the following command to enable this characteristic:

Figure 5-32: Enabling Verification

Local>> DEFINE PORT 3 VERIFICATION ENABLED

5.5.2.5 Suspending Sessions

The Break key is used on the LRS serial ports to suspend a session. If logged into a virtual port (for example, during a Telnet session) or your keyboard doesn't have a Break key, sessions can be suspended using the Local Switch. See Break Key Equivalent .

When a session is exited, the Local> prompt will be displayed. LRS commands can be entered at this prompt to configure the unit, start a new session, or display information.

5.5.2.5.1 Break Key Equivalent

If a Break key isn't available, an equivalent can be specified with the Set/Define Port Local Switch command.

Figure 5-33: Specifying Local Switch

Local>> DEFINE PORT 2 LOCAL SWITCH ^\

5.5.2.5.2 Effect of Break Key

When the Break key is pressed, the port will do one of three things: suspend the session and display the Local> prompt, pass the character to the remote service, or ignore it all together (pressing the key will have no result).

To configure the processing of the Break key, use the Set/Define Port Break command. Break can be set to one of the following: Local, Remote, or Disabled.

Figure 5-34: Configuring Break Key Processing

Local>> DEFINE PORT 3 BREAK LOCAL

5.5.2.6 Disconnecting Sessions

To disconnect the current session, use the Disconnect command. To disconnect a particular session, specify the session number; to disconnect all sessions, use the All parameter.

Figure 5-35: Disconnecting Sessions

Local>> DISCONNECT
Local>> DISCONNECT SESSION 2
Local>> DISCONNECT ALL

5.6 IP Security

IP security allows an administrator to restrict incoming and outgoing TCP/IP sessions, access to ports, and print jobs. Connections are allowed or denied based upon the source IP address for incoming connections and the destination IP address for outgoing connections.

By default, there aren't any IP security restrictions.

IP security will not affect the remote console port. To secure the remote console port, ensure that the login password has been changed from the default login password (see Set/Define Server Login Password ).

5.6.1 Configuring the Security Table

To add an entry to the table, specify an IP address (or IP address range), a list of affected ports, and whether connections to incoming, outgoing, both, or neither direction are affected. Table entries can be set or defined, and can be saved once the table is complete. Figure 5-35 displays an example:

Figure 5-36: Setting Server Access

Local>> DEFINE IP IPSECURITY 192.0.1.255 OUTGOING DISABLED PORT 3

Set is valid wherever Define is shown in Figure 5-35 and Figure 5-36.

This command affects addresses from 192.0.1.1 through 192.0.1.254 using the 255 "wildcard" network address segment. It then prevents port 3 from beginning sessions to hosts with these addresses.

A few notes should be made about configuring table entries:

The IP address must be four segments of 0-255 each; for example, the address 131.67 is not valid. A 255 in any segment applies to all numbers in that range-- 192.0.1.255 includes 192.0.1.1, 192.0.1.2, etc.
A trailing zero in any address segment is shorthand for "all addresses in this range, both incoming and outgoing disabled, for all ports." For example, the following two commands are equal:

Figure 5-37: Set IPsecurity Command

Local>> DEFINE IP IPSECURITY 192.0.1.0
Local>> DEFINE IP IPSECURITY 192.0.1.255 OUTGOING DISABLED INCOMING DISABLED

Port number 0 corresponds to the virtual ports (that is, users who log into the server from the network). If no ports are specified on the command line, the command will affect all local and virtual ports.

For a description of virtual ports, see Virtual Ports .

IPsecurity can be set to Incoming Enabled/Disabled, Outgoing Enabled/Disabled, or Both. Outgoing refers to local users connecting to other TCP/IP hosts; Incoming refers to users on other hosts attempting to log into the LRS. The Both parameter enables or disables both Incoming and Outgoing connections.
Individual entries can be cleared by doing a Clear (or Purge) IPsecurity with no parameters other than the address:

Figure 5-38: Clear IPsecurity Command

Local>> CLEAR IPSECURITY 192.0.1.102

The entire security table can be cleared with the following command:

Figure 5-39: Clearing Security Table

Local>> CLEAR IPSECURITY ALL

5.6.2 Using the Table

Applying the entries in the table may look confusing at first, but the process is rather straightforward. There are two basic rules for checking a TCP/IP connection for legality. First, a more specific rule takes precedence over a less specific one. For example, if connections to 192.0.1.255 are disabled but connections to 192.0.1.78 are enabled, a connection to 192.0.1.78 will succeed. Second, in the absence of any rule that applies to a connection, access is allowed. If this is not desired, include an entry of the following form:

Figure 5-40: Using the IP Security Table

Local>> SET IP IPSECURITY 255.255.255.255 INCOMING DISABLED OUTGOING DISABLED
This is the least specific rule in the table, and will ensure that connections fail unless otherwise allowed by another entry (recall that all ports are included in the rule by default).

If no entries are defined in the table, all connection attempts will succeed. Also, if the user making the connection is the privileged user (see the Set Privileged command) the connection will be allowed regardless of the entries in the table.

5.7 IP Routing

TCP/IP internets are usually broken down into networks. Each host on a particular network can only see hosts on its network; to transfer network traffic to other networks, routers (also called gateways) are required. Routers are typically connected to two or more networks.

The LRS serves as a router for the networks that it is directly connected to. To determine the path to other routers on the network, the LRS will listen to network broadcast packets (for example, RIP); routers will advertise themselves in these packets.

The LRS must be positioned between two networks in order for routing to work correctly. If two or more LRSs are used, the units cannot be on the same network (as in Figure 5-40).

Figure 5-41: Two LRSs Used to Link the Same Network

5.7.1 How Packets are Routed

When an IP host tries to send a packet, it looks to see if the destination address is on the same network as the host's IP address. If it is, the host sends the packet directly to its destination. If the packet is destined for a different network, the host sends it to a router (in this case, the LRS).

When the LRS receives the packet, it examines the packet's destination address, determines the most efficient route to this address, and forwards the packet to this location. The "most efficient route" is determined using two factors: the network that the address is part of and the LRS routing table (see Routing Tables ).

5.7.2 Routing Tables

The LRS uses a routing table to keep track of which networks are reachable, and the shortest route to each network. A typical routing table entry consists of the destination network, and which router is the best path to that network. Routing tables also keep track of the cost or metric required to get to a given network.

5.7.2.1 Types of Routes

There are three types of routes: host, network, and default.

5.7.2.1.1 Host Routes

A Host Route is a route to a single host. Generally a host route is entered for each Remote Node that logs into the LRS.

5.7.2.1.2 Network Routes

A network route is a route to a network. A network route is used if a host route to the destination doesn't exist.

5.7.2.1.3 Default Routes

A default route is used if a more specific host or network route isn't available. It is used to cut down on the size of routing tables and dynamic routing protocol updates. If, for example, the LRS is the only path for network packets to reach a much larger group of networks, the LRS can be configured to advertise itself as the default route.

See Set/Define IP Route Default and Define Site IP Default.

A LRS in a small sales office might have a default route that points to the corporate headquarters. The LRS doesn't need to know about all of the routes on the headquarters network. It only knows to send all traffic to the central location, where it will be routed to the final destination.

5.7.2.2 How Routes are Added to the Table

Entries may be added to the routing table in three ways: locally, statically, or dynamically.

5.7.2.2.1 Locally

When a route is added locally, it is automatically determined from the LRS's IP address and network mask. The LRS always keeps a local route to the Ethernet that it is attached to; this route is never deleted.

5.7.2.2.2 Statically

Statically-entered routes are entered and removed by the administrator. These routes are used when dynamic routes cannot be.

To add a static route to the routing table, use the Set/Define IP Route command. A destination and a path to that destination must be specified. The destination may be an IP network, subnetwork, or host.

The path may be another router on the Ethernet or a site. To specify that the route is to another router, use the Nextrouter parameter. To specify that the route is to a site, use the Site parameter.

When the Site parameter is used, it indicates that a particular site should be started to forward the packet. The site will handle any remote connections necessary to forward the packet (for example, dialing another LAN).

A metric will be associated with the route to indicate its "cost". The LRS will use the route to determine the most efficient route; routes with a lower cost will be chosen over routes with a higher cost. If a metric is not specified, the LRS will assign a metric of 1 to the route.

Figure 5-42: Adding Static Routes

Local>> DEFINE IP ROUTE 192.5.4.0 NEXTROUTER 192.0.1.1 4
Local>> DEFINE IP ROUTE 192.5.3.0 SITE dallas
In the above example, the first command specifies that the route to network 192.5.4.0 is through another router, 192.0.1.1. The route was assigned a metric of 4.

The second command specifies that the route to network 192.5.3.0 is through site dallas. As a metric is not specified, the LRS will assign this route a metric of 1. When LRS receives traffic destined for network 192.5.3.0, if this route is determined to be the most efficient route, site dallas will be started and will forward the packet.

To enter a static default route, use the Set/Define IP Route Default command:

Figure 5-43: Adding Default Routes

Local>> DEFINE IP ROUTE 192.0.1.0 DEFAULT SITE internet
Local>> DEFINE IP ROUTE 192.0.2.0 DEFAULT NEXTROUTER 192.0.1.1 2

5.7.2.2.3 Dynamically

These routes are automatically learned from other routers on the network, and are managed by a dynamic routing protocol. The LRS currently supports one dynamic routing protocol, RIP. Routes are automatically entered when new networks come on line, and automatically removed if the networks are no longer reachable.

Dynamic routes learned via sites are the exception; they are never timed out. The LRS assumes that these networks are reachable by bringing up a link. This allows the LRS to learn about extended networks at the remote site without the administrator's intervention.

5.7.3 RIP

RIP is the Routing Information Protocol, the dynamic routing protocol supported by the LRS.

RIP is described in RFC-1721.

5.7.3.1 Configuring RIP

RIP is automatically enabled on all LRS interfaces (including sites). For a complete discussion of RIP options, including disabling RIP, see RIP .

5.7.3.2 Trusted Routers

Normally RIP will listen to routing table updates from any source. This can lead to problems if a misconfigured host accidentally begins sending incorrect information via RIP. It may also lead to security or denial of service attacks by a malicious user who is capable of sending false RIP messages.

The LRS can be configured to only listen to RIP updates from a list of trusted IP addresses. A sophisticated attacker could send RIP updates as one of the trusted addresses and potentially defeat the system. See Set/Define IP Trusted for details.

5.7.4 Proxy ARP

Proxy ARPing enables the LRS to respond to ARP requests for other addresses. When Proxy ARPing is enabled, the LRS will respond to ARP requests for all addresses in its routing table.

Proxy ARPing allows remote nodes to appear as if they were on the same Ethernet segment as the LRS. This feature is particularly useful for hosts that do not support RIP; the Ethernet hosts will not need to use routing information to forward traffic destined for these hosts.

To enable proxy ARP, use the Set/Define IP All/Ethernet Proxy-ARP command:

Figure 5-44: Enabling Proxy ARP

Local>> DEFINE IP ETHERNET PROXY-ARP ENABLED
The LRS will not respond to ARP requests for routes learned from the Ethernet, or for routes that aren't explicitly listed in the LRS routing table.

5.7.5 Remote Networking IP Address Assignment

By default, all sites use "unnumbered" IP interfaces. The IP address of the LRS's Ethernet will be used as the LRS's IP address on all serial ports. This reduces the amount of required configuration, in addition, it eliminates the need to allocate a separate IP network for each port.

For an example of IP address assignment setup, see IP Address Assignment for Remote Networking .

5.7.5.1 Incoming Connections

When the LRS receives an incoming connection request (remote node or LAN to LAN), an IP address is negotiated for the caller. The address agreed upon depends on the caller's requirements; some don't have a specific address requirement, while others must use the same IP address each time they log into the LRS.

PPP negotiation is covered in Chapter 7 - PPP

If an incoming caller does not require the same address for each login, a dynamic address can be assigned from an address pool. See IP Address Pools for configuration instructions.

Some remote nodes or remote routers cannot be dynamically assigned an IP address. For example, a remote node may offer a service to other hosts on its network. If the other hosts are statically configured to use that IP address to contact the remote node, the node's IP address must not change.

In this situation, two courses of action may be taken: the caller may be permitted to choose any address, or may be restricted to a specific address or range of addresses.

Permitting the caller to choose an address presents a number of risks. If the caller chooses an unacceptable IP address (for example, the address of a server), it could affect the accuracy of routing tables elsewhere on the network. In addition, the caller could choose an IP address intended for another host, compromising network security.

To avoid routing and security problems, the LRS should restrict incoming callers to a particular address or range of addresses. This restriction may be defined in each site to force each caller to use an unique IP address; see Specifying IP Address Range for a Site for configuration instructions.

5.7.5.1.1 IP Address Pools

An address pool is a range of IP addresses that have been reserved for allocation to incoming callers. The range is defined for the entire server; in other words, an address pool cannot be defined for each site.

To define an address pool, use the Set/Define IP Ethernet Pool command. The beginning and end of the address range must be specified.

Figure 5-45: Defining IP Address Pool

Local>> DEFINE IP ETHERNET POOL 192.0.1.50 192.0.1.59

Set/Define IP All Pool is not a valid command. The Ethernet parameter must be used.

Ensure that the address pool is at least as large as the number of serial ports that can accept incoming connections. If all addresses in the pool are in use, incoming callers will not be assigned an IP address.

The LRS will automatically add host routes to the routing table for all addresses in the pool. When an address from the pool is assigned to an incoming caller, the route to the address will be announced in RIP broadcasts.

Addresses in the pool are automatically added to the LRS ARP table. If proxy ARPing is enabled (see Proxy ARP ), the LRS will respond to ARP requests for these addresses, even when they aren't currently assigned. This enables the LRS to defend the addresses in the pool; other hosts will not be able to use them.

5.7.5.1.2 Specifying IP Address Range for a Site

Each site may specify a particular range of acceptable IP addresses. When an incoming caller requests to use a specific address, it will be compared to this range. If the address falls within this range, the connection will be permitted, if not, the connection attempt will fail.

To specify the beginning and end of the range, use the Define Site IP Remoteaddress command. Two addresses must be specified: the beginning of the range, and the end of the range.

Figure 5-46: Specifying Range of Addresses

Local>> DEFINE SITE irvine IP REMOTEADDRESS 192.0.1.110 192.0.1.250
Callers will not be permitted to use IP addresses with the host part of the address set to zero or -1. These addresses are reserved to identify broadcast packets. If the range that you specify includes such an address (for example, 192.4.5.0 or 192.4.5.255) and a caller requests this address, the connection will not be permitted.

5.7.5.1.3 Specifying Specific IP Address for a Site

To require that incoming callers to a particular site use a specific IP address, use the Define Site IP Remoteaddress command. Specify only one address. (If two addresses were specified, a range would be defined.)

Figure 5-47: Specifying Specific IP Address

Local>> DEFINE SITE irvine IP REMOTEADDRESS 192.0.1.108
When an incoming caller requests an IP address, it will be compared to this address. If there's a match, the caller will use the address. If the addresses do not match, the LRS will terminate the call (hang up).

5.7.5.2 Outgoing Connections

By default, when a new site is defined, the LRS IP address on that interface will be the IP address defined with the Define Site IP Address command.

Communication with a particular remote host may require that the LRS have a certain IP address on that interface. For example, a remote host may require that RIP updates be received from a particular IP address, or an address within a certain range. In these cases, a site-specific IP address may configured for a particular interface. For example, site irvine may configure the LRS IP address on its interface as 193.20.339.2, and site dallas may configure the LRS address on its interface as 193.20.338.0.

The LRS cannot be assigned an IP address by the remote host.

To change the IP address for a particular site's interface, use the Define Site IP Address command:

Figure 5-48: Defining IP Address For Site

Local>> DEFINE SITE irvine IP ADDRESS 192.0.1.220

5.7.5.3 SLIP

SLIP does not support negotiation of IP addresses.

If a SLIP user requires the same IP address for each login, the user may enter the address using the Set SLIP command.

Figure 5-49: Specifying IP Address with Set SLIP Command

Local>> SET SLIP irvine 192.0.1.35
If the port receiving the incoming call is dedicated to SLIP, a specific IP address may be assigned via a custom site. To define the address for the site, use the Define Site IP Remoteaddress command.

Figure 5-50: Specifying IP Address for a Custom Site

Local>> DEFINE SITE irvine IP REMOTEADDRESS 192.0.1.108
If the user does not require the same address for each login, an address may be dynamically assigned from the address pool. To configure the range of addresses in the pool, use the Set/Define IP Ethernet Pool command. The beginning and end of the address range must be specified.

Figure 5-51: Defining IP Address Pool

Local>> DEFINE IP ETHERNET POOL 192.0.1.50 192.0.1.59
All incoming SLIP users that do not use a custom site will use the default site for the connection. To require that default site users use an IP address from the pool, use the Define Site Default IP Remoteaddress command:

Figure 5-52: Using the Address Pool for the Default Site

Local>> DEFINE SITE DEFAULT IP REMOTEADDRESS 192.0.1.100 192.0.1.105

5.7.6 Routing Implementations Not Supported by the LRS

5.7.6.1 Discontiguous Subnetworks

When dividing a network into subnetworks, ensure that subnetworks are contiguous. The LRS uses RIP to learn routing information; if subnetworks are not contiguous, RIP cannot correctly inform the LRS of the route to a particular network.

Figure 5-52 gives an example of discontiguous subnetworks.

Figure 5-53: Discontiguous Subnetworks

5.7.6.2 Variable Length Subnet Masks

Variable length subnet masks divide networks into subnetworks of different sizes. For example, if network 128.1.0.0 used variable length subnet masks, the subnet 128.1.4.0 might have subnet mask 255.255.255.0, and subnet 128.1.224.0 might have subnet mask 255.255.255.240.

When the LRS is used, each network may have a subnet mask of a different length, however, all subnetworks within a particular network must use the same subnet mask.

5.8 Displaying the IP Configuration

The Show IP commands display IP configuration information, including information about the IP router, IP interfaces, and IP address of the remote host.

To display the basic IP router configuration, use the Show IP command.

Figure 5-54: Show IP Output

Local>> SHOW IP
LRS16 Version B1.1/102int(951128) Name: DOC_SERVER
Hardware Addr: 00-80-a3-0b-00-5b Uptime: 3 Days 02:07

IP Address: 192.0.1.53 Subnet Mask: 255.255.255.0
Nameserver: (undefined) Backup Nameserver: (undefined)
Domain Name: (undefined) Host Limit: 200
Timeserver: (undefined) Backup Timeserver: (undefined)
IP Routing: Enabled

Received Sent Seconds since zeroed: 270144
IP Frames: 431535 13520 Errors: 0
Fragments: 0 0
TCP Frames: 4616 4046 Connect Failure Reasons: 0000
Invalid Frames: 1 0 Invalid Packet Reasons: 0030
Retransmissions: 0

ICMP Frames: 5 3 ICMP Reasons: 0045

The Show IP Interface command displays a one-line summary for each interface that the router has. There will always be an interface for the Ethernet, as displayed in Figure 5-54. When sites are active, interfaces to these sites will be displayed.

The Uptime field displays how long (in days:hours:minutes format) each interface has been active. The Lastin field displays the duration since the last packet arrived on a particular interface. The Lastout field displays the duration since the interface sent outgoing traffic.

Figure 5-55: Show IP Interface Output

Local>> SHOW IP INTERFACE
LRS16 Version B1.1/102int(951128) Name: DOC_SERVER
Hardware Addr: 00-80-a3-0b-00-5b Uptime: 3 Days 02:07
Name IP Address Remote IP Address Uptime Lastin Lastout
Ethernet 192.0.1.221 74:07:04 0:00 0:00
When used in conjunction with a particular site name, the Show IP Interface command displays information about the site's interface, including its IP address, subnet mask, IP address of the remote host, and RIP statistics.

Figure 5-56: Show IP Interface for a Particular Site

Local>> SHOW IP INTERFACE irvine
LRS16 Version B1.1/102int(951128) Name: DOC_SERVER
Hardware Addr: 00-80-a3-0b-00-5b Uptime: 3 Days 02:07
20:42:54
Name: bob Type: Dialup
Netstate: Running Device/RefCount: lm0:/002
IP Address: 192.0.1.221 Remote Address: 192.0.1.245
Netmask: 255.255.255.0 Network: 192.0.1.0
TimeToLive Cost: 0 Largest Packet (MTU): 1500
Pool Range Start: (undefined) Pool Range End: (undefined)
Pool Status: Invalid Pool Addresses In Use 0
Listen to RIP packets: Enabled Send RIP packets: Enabled
Rip Update Time (seconds): 30 Rip Metric: 1
Default Interface: Disabled Trusted Routers: Disabled
Proxy Arp: Disabled
Packets In: 622 Packets Out: 1190
Packets In Filtered: 0 Packets Out Filtered: 0
Packet Errors: 0 Uptime: 04:03
Last Packet In: 0:00 Last Packet Out: 0:00
Last Routed Packet In: 0:00 Last Routed Packet Out: 0:00

The Show IP Route command [Figure 5-56 ] displays the routes currently in the LRS routing table.

The Source field indicates how the route was added to the table; statically, locally, or from RIP.

The Timer field displays how long (in minutes:seconds format) the LRS will continue to use this route. For static and local routes, this field will display a series of dashes ( ----- ); these routes are never timed out.

If a T is displayed to the right of the Timer value, the value represents the route's time-to-live. If a RIP update for the route is not received within this time period, the route will be marked as unreachable, and the T will be changed to a D. The D denotes that the route is invalid, but isn't ready to be deleted yet. If Exp is displayed, the route is about to be deleted from the table.

The Interface field displays the interface used to forward packet traffic.

Figure 5-57: Show IP Route Output

Local>> SHOW IP ROUTE
LRS16 Version B1.1/102int(951128) Name: DOC_SERVER
Hardware Addr: 00-80-a3-0b-00-5b Uptime: 3 Days 02:07
Destination Next Router Metric Source Timer Interface
Default-Route 192.0.1.70 2 Rip 02:31T Ethernet
192.4.4.0 192.0.1.202 3 Rip 02:51T Ethernet
192.0.1.0 192.0.1.57 1 Local ------ Ethernet
192.3.5.0 192.0.1.238 2 Rip 02:48T Ethernet

5.9 Examples

5.9.1 IP Address Assignment for Remote Networking

An LRS handles incoming calls from a series of remote node users. Two of these users, Bob and Frank, have special IP address requirements.

The LRS must be configured to do the following:

Assign the same IP address to Bob each time he logs in .
Permit Frank to select his own IP address. (Note: in general, this is not recommended. It poses some security risks and could result in duplicate IP addresses.)
Dynamically assign IP addresses to the remaining remote node users from an IP address pool. Only 5 LRS ports have been configured to accept incoming calls, therefore, only five IP addresses must be included in the pool.

Bob will use site bob when he logs into the LRS. To authenticate Bob, he will be prompted for the site's local password, badger. He will be assigned IP address 192.0.1.108.

Figure 5-58: Configuring Site bob

Local>> DEFINE SITE bob IP REMOTEADDRESS 192.0.1.108
Local>> DEFINE SITE bob AUTHENTICATION LOCAL "badger"
When Frank logs into the LRS, he will use site frank, which requires that he enter the wallaby password. No remote IP address is defined for this site, therefore, Frank may use any IP address he wishes.

Figure 5-59: Configuring Site frank

Local>> DEFINE SITE frank AUTHENTICATION LOCAL "wallaby"
To create the IP address pool, the following command is used:

Figure 5-60: Creating IP Address Pool

Local>> DEFINE IP ETHERNET POOL 192.0.1.100 192.0.1.105
All incoming callers that do not specify a particular site (such as bob or frank) will use the default site for the connection. To require that default site users use an IP address from the pool, the Define Site Default IP Remoteaddress command is used:

Figure 5-61: Using the Address Pool for the Default Site

Local>> DEFINE SITE DEFAULT IP REMOTEADDRESS 192.0.1.100 192.0.1.105

5.9.2 General IP Setup

The following figure illustrates the commands required for the average IP setup:

Figure 5-62: General IP Configuration

Local>> DEFINE IP IPADDRESS 192.0.1.11
Local>> DEFINE IP SUBNET 255.255.255.0
Local>> DEFINE IP NAMESERVER 192.0.1.45
Local>> DEFINE IP SECONDARY NAMESERVER 192.0.1.184
Local>> DEFINE IP DOMAIN "ctcorp.com"
Local>> DEFINE IP TIMESERVER 192.0.1.45
Local>> DEFINE IP SECONDARY TIMESERVER 192.0.1.455

5.9.3 Adding Static Routes

All IP packets to unknown networks must be forwarded to Internet gateway router 192.0.1.110. A default route to this router must be configured on the LRS, and the route must be included in RIP updates to other routers. The route must have a metric of 2.

Figure 5-63: Default Route to Router

Local>> DEFINE IP ROUTE DEFAULT NEXTROUTER 192.0.1.110 2
Another router, 192.0.1.99, provides access to the network 192.1.1.0. This route must also be assigned a metric of 2.

Figure 5-64: Static Route to Router

Local>> DEFINE IP ROUTE 192.1.1.0 NEXTROUTER 192.0.1.99 2

5.9.4 Default Routes to a Site

All IP packets to an unknown network must be forwarded to the Internet access provider. Site internet is used to manage connections to this location.

A default route to internet must be configured on the LRS. The route must be included in RIP updates to other routers; it must have a metric of two.

Figure 5-65: Default Route to Site

Local>> DEFINE IP ROUTE DEFAULT SITE internet 3

5.10 Troubleshooting

If you've configured IP and you're experiencing problems, check the following:

Ensure that the IP address is unique. Duplicate IP addresses (the number one IP problem) can cause a number of problems, including failed connections, inconsistent results, and crashes.
Ensure that the LRS's IP address is in the same network range as the other hosts on the network.
Ensure that the LRS's subnet mask matches those of the other hosts on the network.

The table below discusses some common problems, their causes, and possible remedies:

Table 5-4: Troubleshooting

Problem Possible Cause Remedy
An IP address has been defined for the unit, but the unit doesn't respond. Duplicate addresses on the network. Use the List IP command. If the address is displayed, but doesn't appear when the Show IP command is used (after a reboot), check for duplicate addresses on your system.
The IP address doesn't seem to work. Use of a restricted IP address. Some network ranges are reserved. Table 5-2 lists the reserved and available IP addresses.
The LRS cannot contact hosts on the same IP network. Incorrect subnet mask. Make sure that subnet mask is set correctly.
Make sure that the LRS's IP address is in the same IP network as the target.
The LRS cannot contact hosts on another IP network. A route to the other network may not exist. Ensure that all routers between the LRS and the remote host are functioning properly. Use Show IP Route to see all of the routes and routers the unit knows.

5.11 Quick Reference

Setting the IP Address
To	Use This Command	Example(s)	What Example Does
Use the LRS2 Front-panel Menus	Refer to the LRS2 Installation Guide.
Use an ARP Entry and the Ping Command	See Using an ARP Entry and the Ping Command.
Use a BOOTP or RARP Reply	See the host-based man pages.
Use the Serial Console Port	1. Connect a terminal to the serial console port and press the Return key.
	2. If the unit is booting when the Return key is pressed, use the Set Server IPaddress command.	Boot> SET SERVER IPADDRESS 192.0.1.221	Sets the server's IP address to 192.0.1.221. See From the Serial Console Port for more information.
	If not, use Set/Define IP IPaddress.	DEFINE IP IPADDRESS 192.0.1.221	Sets the server's IP address to 192.0.1.221.
Subnet Mask
To	Use This Command	Example(s)	What Example Does
Override the Default Subnet Mask	Set/Define IP Subnet Mask	DEFINE IP SUBNET MASK 255.255.255.0	Creates a custom subnet mask of 255.255.255.0.
Name Resolving
To	Use This Command	Example(s)	What Example Does
Set the Default Domain Name	Set/Define IP Domain	DEFINE IP DOMAIN ctcorp.com	Appends "ctcorp.com" to host names during name resolution. See Specifying a Default Domain Name for more information.
Configure the Domain Name Server	Set/Define IP Nameserver	DEFINE IP NAMESERVER 192.0.1.166	Designates host at 192.0.1.166 as the IP nameserver. See Using the Domain Name Service (DNS) for more information.
Configure a Backup Nameserver	Set/Define IP Nameserver	DEFINE IP SECONDARY NAMESERVER 192.0.1.167	If the primary nameserver isn't available, nameserver requests will be sent to host 192.0.1.167 See Using the Domain Name Service (DNS) for more information.
Host Table
To	Use This Command	Example(s)	What Example Does
Add Hosts to the Local Host Table	Set/Define IP Host.	DEFINE IP HOST Betty 192.0.1.67	Adds host "Betty" at IP address 192.0.1.67 to the local host table. See Adding Hosts to the LRS Host Table for more information.
Display the Host Table Entries	Show/Monitor/List Hosts	SHOW HOSTS	Displays the current entries in the host table. See Adding Hosts to the LRS Host Table for more information.
Remove an Entry from the Host Table	Clear/Purge Hosts	PURGE HOST mercury	Removes host "mercury" from the LRS host table. See Adding Hosts to the LRS Host Table for more information.
Establishing Sessions
To	Use This Command	Example(s)	What Example Does
Display the Current Sessions	Show/Monitor Sessions	SHOW SESSIONS	Displays all current sessions. See Sessions for more information.
Establish an Outgoing Telnet/Rlogin Session	Connect Telnet or Connect Rlogin	TELNET athena	Establishes a Telnet connection to host "athena". See Outgoing Telnet/Rlogin Connections for more information.
		RLOGIN 192.0.1.15	Establishes an Rlogin connection to host 192.0.1.15.
		TELNET athena:145	Establishes a Telnet connection to host "athena" using port 145.
Configure the Terminal Type of the LRS Port	Set/Define Port Termtype	DEFINE PORT 2 TERMTYPE VT100	Sends termtype "VT100" to remote host during sessions. See Outgoing Telnet/Rlogin Connections for more information.
Disable Outgoing Rlogin Connections	Set/Define Server Rlogin	DEFINE SERVER RLOGIN DISABLED	Disables outgoing Rlogin connections. See Outgoing Telnet/Rlogin Connections for more information.
Disable Incoming Telnet/Rlogin Connections	Set/Define Server Incoming None	DEFINE SERVER INCOMING NONE	Disables incoming Telnet and Rlogin connections. See Incoming Telnet/Rlogin Connections for more information.
Require the Login Password for Incoming Telnet/Rlogin Connections	Set/Define Server Incoming Password	DEFINE SERVER INCOMING PASSWORD	Requires the login password for incoming Telnet and Rlogin connections. See Incoming Telnet/Rlogin Connections for more information.
Connect to the Remote Console Port	Connect Telnet <IP address> 7000	TELNET 192.0.1.345 7000	Connects to the remote console port (port 7000) of LRS 192.0.1.345. See Logging Into the Remote Console Port for more information.
Managing Sessions
To	Use This Command	Example(s)	What Example Does
Change the Maximum Number of Sessions Permitted on a Port	Set/Define Port Session Limit	DEFINE PORT 2 SESSION LIMIT 6	Sets port 2's session limit to 6. Up to 6 simultaneous session may be run on port 2. See Multiple Sessions for more information.
Designate a Key to Switch to a Previous Session	Set/Define Port Backward Switch	DEFINE PORT 2 BACKWARD SWITCH ^O	On port 2, the Ctrl-O key combination may be used to switch to a previous session. See Switching Between Sessions for more information.
Designate a Key to Switch to the Next Session	Set/Define Port Forward Switch	DEFINE PORT 2 FORWARD SWITCH ^N	On port 2, the Ctrl-N key combination may be used to switch to the next session. See Switching Between Sessions for more information.
Configure a Break Key Equivalent	Set/Define Port Local Switch	DEFINE PORT 2 LOCAL SWITCH ^\	Suspends the current session when the Ctrl-\ key combination is pressed. See Break Key Equivalent for more information.
Configure the Processing of the Break Key	Set/Define Port Break	DEFINE PORT 2 BREAK LOCAL	On port 2, the Break key will be processed locally. See Effect of Break Key for more information.
Set Session Characteristics Before a Session is Started	See Setting Session Characteristics.
Configure a Session Once it's Running	Set Session	SET SESSION DELETE BACKSPACE	Sends a backspace character (ASCII 0x8, or Ctrl-H) when the Delete key is pressed. See Configuring a Session Once it's Running for more information.
Monitor Session Activity	Set/Define Port Verification	DEFINE PORT 2 VERIFICATION ENABLED	Sends messages whenever a session on port 2 is established, disconnected, or switched. See Monitoring Session Activity for more information.
Disconnect a Session	Disconnect	DISCONNECT SESSION 2	Disconnects session 2. See Disconnecting Sessions for more information.
Security
To	Use This Command	Example(s)	What Example Does
Add an Entry to the IP Security Table	Set/Define IP Security	DEFINE IP SECURITY 192.0.1.254 OUTGOING DISABLED PORT 3	Adds an entry to the IP security table; this entry prevents the LRS from initiating connections on port 3 to host 192.0.1.254. See IP Security for more information.
Delete an Entry From the Security Table	Clear/Purge IP Security	PURGE IP SECURITY 192.0.1.102	Deletes the security table entry associated with 192.0.1.102.
Clear the Entire Security Table	Clear/Purge IP Security All	PURGE IP SECURITY ALL	Clears all entries in the IP security table.
Prevent All Connections Unless Specifically Enabled in the Table	Set/Define IP Security Incoming Disabled Outgoing Disabled	DEFINE IP SECURITY 255.255.255.255 INCOMING DISABLED OUTGOING DISABLED	Prevents all connections unless an entry is in the IP security table that specifically permits a particular type of connection. See Using the Table for more information.
Routing
To	Use This Command	Example(s)	What Example Does
Define a Static Route	Set/Define IP Route	DEFINE IP ROUTE 192.5.4.0 NEXTROUTER 192.0.1.1 4	Specifies that the route to network 192.5.4.0 is through router 192.0.1.1. Assigns a metric of 4 to this route. See Statically for more information.
		DEFINE IP ROUTE 192.5.3.0 SITE dallas	Specifies that the route to network 192.5.3.0 is through site "dallas".
Routing, cont.
To	Use This Command	Example(s)	What Example Does
Designate a Default Route	Set/Define IP Route Default	DEFINE IP ROUTE 192.0.1.0 DEFAULT SITE internet	If the LRS receives a packet destined for a network that it cannot find a route for, it will route the packet through site "internet". See Statically for more information.
RIP
To	Use This Command	Example(s)	What Example Does
Configure the LRS to Only Listen to RIP Updates From Trusted Addresses	1. Set/Define IP Trusted	DEFINE IP TRUSTED 192.0.1.67 DEFINE IP TRUSTED 192.0.1.254	Adds 192.0.1.67 and 192.0.1.254 to the list of trusted routers. See Trusted Routers for more information.
	2. Set/Define IP All/Ethernet Trusted	DEFINE IP ALL TRUSTED ENABLED	IP interfaces will only listen to RIP updates from the routers in the trusted router list. See Trusted Routers for more information.
Reply to ARP requests for Non-local Networks	Set/Define IP All/Ethernet Proxy-ARP Enabled	DEFINE IP ALL PROXY-ARP ENABLED	When the LRS receives ARP requests for routing information, it will send an ARP reply in response. See Proxy ARP for more information.
Proxy ARPing
To	Use This Command	Example(s)	What Example Does
Enable Proxy ARPing	Set/Define IP All/Ethernet Proxy-ARP Enabled	DEFINE IP ALL PROXY-ARP ENABLED	Enables proxy ARPing for all addresses in the LRS routing table. See Proxy ARP for more information.
Remote Networking IP Address Assignment
To	Use This Command	Example(s)	What Example Does
Define an IP Address Pool	Set/Define IP All/Ethernet Pool	DEFINE IP ETHERNET POOL 192.0.1.50 192.0.1.59	The addresses 192.0.1.50 through 192.0.1.59 will be dynamically assigned to incoming callers. See IP Address Pools for more information.
Define an IP Address Range for a Site's Incoming Callers	Define Site IP Remoteaddress	DEFINE SITE irvine IP REMOTEADDRESS 192.0.1.110 192.0.1.250	Requires that incoming callers to site "irvine" use an IP address within the range 192.0.1.110-192.0.1.250. See Specifying IP Address Range for a Site for more information.
Define a Specific IP Address for a Site's Incoming Callers	Define Site IP Remoteaddress	DEFINE SITE irvine IP REMOTEADDRESS 192.0.1.108	Requires that incoming callers to site "irvine" use IP address 192.0.1.108. See Specifying Specific IP Address for a Site for more information.
Change the IP Address for a Site's Interface (for Outgoing Connections)	Define Site IP Address	DEFINE SITE irvine IP ADDRESS 192.0.1.220	Assigns IP address 192.0.1.220 to site "irvine". See Outgoing Connections for more information.
Use a Particular IP Address During a SLIP Connection (Port in Character Mode)	Set SLIP	SET SLIP irvine 192.0.1.35	Starts SLIP from character mode, using site "irvine" and assigning address 192.0.1.35 to the incoming caller. See Outgoing Connections for more information.
Displaying IP Information
To	Use This Command	Example(s)	What Example Does
Display the Basic IP Configuration	Show/Monitor/List IP	SHOW IP	Displays basic IP configuration information, including information about the IP router, interfaces, and the IP address of the remote host. See Displaying the IP Configuration for more information.
Display Summary Information About Each IP Interface	Show/Monitor/List IP Interface	SHOW IP INTERFACE	Displays a one-line summary for each interface that the router has. See Displaying the IP Configuration for more information.
Display the Routes Currently in the LRS Routing Table	Show/Monitor/List IP Route	SHOW IP ROUTE	Displays all routes currently in the LRS routing table. See Displaying the IP Configuration for more information.

LRS Reference Manual - 4 MARCH 1996

Generated with Harlequin WebMaker

D	+D = Backspace mode, -D = Delete mode
E	+E = Local Echo mode, -E = Remote Echo mode
I	I = Interactive mode
P	+P = Passall mode, -P = Passthru mode
C	+C = CR = CRLF, -C = CR = LF

T	TCP mode (i.e. uninterpreted data stream)
R	Rlogin protocol (sets port # to 513 if not already set)
Q	Queued (i.e. RTEL) connection
nnn	Optional port number


Local>> SHOW IP
	LRS16 Version B1.1/102int(951128)			Name:	DOC_SERVER
	Hardware Addr: 00-80-a3-0b-00-5b			Uptime:	3 Days 02:07

	IP Address:	192.0.1.53		Subnet Mask:	255.255.255.0
	Nameserver:	(undefined)		Backup Nameserver:	(undefined)
	Domain Name:	(undefined)		Host Limit:	200
	Timeserver:	(undefined)		Backup Timeserver:	(undefined)
	IP Routing:	Enabled

		Received	Sent	Seconds since zeroed:	270144
IP	Frames:	431535	13520	Errors:	0
	Fragments:	0	0
TCP	Frames:	4616	4046	Connect Failure Reasons:	0000
	Invalid Frames:	1	0	Invalid Packet Reasons:	0030
	Retransmissions:		0

ICMP	Frames:	5	3	ICMP Reasons:	0045

Problem	Possible Cause	Remedy
An IP address has been defined for the unit, but the unit doesn't respond.	Duplicate addresses on the network.	Use the List IP command. If the address is displayed, but doesn't appear when the Show IP command is used (after a reboot), check for duplicate addresses on your system.
The IP address doesn't seem to work.	Use of a restricted IP address.	Some network ranges are reserved. Table 5-2 lists the reserved and available IP addresses.
The LRS cannot contact hosts on the same IP network.	Incorrect subnet mask.	Make sure that subnet mask is set correctly. Make sure that the LRS's IP address is in the same IP network as the target.
The LRS cannot contact hosts on another IP network.	A route to the other network may not exist.	Ensure that all routers between the LRS and the remote host are functioning properly. Use Show IP Route to see all of the routes and routers the unit knows.