3Com 11.1 - Manuals

Part No. 86-0595-001Published July 1998 NETB UILDER S OFTWARE V ERSION 11.1 R ELEASE N OTES These release notes provide information on the following topics for NETBuilder ® software version 11.1: ■ Encryption Packages Notice ■ Supported platforms ■ New products ■ Supported PC flash memory cards ■ Ap...

10 NETB UILDER S OFTWARE V ERSION 11.1 R ELEASE N OTES Multi-protocol Router with 56-bit Encryption (DE) Multi-protocol Router with 128-bit Encryption (DS) ■ SuperStack ® II IP/IPX/AT Router with 56-bit Encryption (NE) (SI model) IP/IPX/AT Router with 128-bit Encryption (NS) (SI model) Multi-protoco...

Approved DRAM SIMMs 11 Approved DRAM SIMMs Table 2 lists 3Com–approved vendors of the 32 MB DRAM SIMM for upgrading the DPE 40 module. New Features This section describes new features in software version 11.1 for the NETBuilder II, SuperStack II, and OfficeConnect NETBuilder bridge/routers. VPN Feat...

12 NETB UILDER S OFTWARE V ERSION 11.1 R ELEASE N OTES Additional RAS Enhancements The RAS service has been enhanced in this release to add support for routers acting as RAS clients. Support was added for the RADIUS attributes “Framed_Route” and “Framed_Netmask.” Previous releases of software ignore...

New Features 13 < 56 bit support packages/kits contain: ■ A package identifier ending in ‘E’ (example, NE) ■ A 3CR number containing/ending in ‘91’ (examples, 3CR856791, 3CR6452P91FLASH) Table 3 contains a summary of the encryption strengths and the associated package ids. RSVP RSVP is a dynamic ...

14 NETB UILDER S OFTWARE V ERSION 11.1 R ELEASE N OTES of the queue policies, Priority Queuing, and Protocol Reservation are supported. In addition to the currently supported policies, a metering algorithm has been added. If the queue handler detects that the underlying bandwidth exceeds a certain t...

New Features 15 OSPF Not-So-Stubby-Area (NSSA) For inter-area routing, the Area Border Router (the only attachment to the backbone for leaf sites) advertised a default route. However, when fairly complex leaf sites are connected to the backbone via a Stub Area, inter-area routing into and out of the...

16 NETB UILDER S OFTWARE V ERSION 11.1 R ELEASE N OTES the two edge devices are both physically attached to the same ATM network fabric, then the edge devices should be able to communicate directly with each other, bypassing one or more intermediate routers in the data path. Multiprotocol Over ATM (...

New Features Application Notes 17 ■ Improved error handling ■ Help frame resizing now persists across page changes ■ A logout icon for improved security ■ Port list support ■ Support for user-level password changing Upgrade Management Utilities and NETBuilder Upgrade Link The remote upgrade process ...

18 NETB UILDER S OFTWARE V ERSION 11.1 R ELEASE N OTES needed to disable any echo cancellers on the line. Consult with the owner of the destination equipment to see whether it has this capability. In order to configure this feature, you must define the DialNoList entry with a type of BriV, by enteri...

20 NETB UILDER S OFTWARE V ERSION 11.1 R ELEASE N OTES 11.1 Software Packages The tables in this section list the features in the packages available in software version 11.1 for the NETBuilder bridge/router platforms. NETBuilder II Table 4 lists the software features of each package for NETBuilder I...

11.1 Software Packages 21 NETBuilder II Firmware Requirements The NETBuilder II I/O modules require firmware upgrades to support the NETBuilder software version 11.1 (see Table 5 for firmware requirements). You can determine your I/O module firmware version through the software by entering: SHow -SY...

22 NETB UILDER S OFTWARE V ERSION 11.1 R ELEASE N OTES SuperStack II SI Table 6 lists the software features of each package for SuperStack II SI bridge/routers. HSS 3-port (V.35) FW/HSS3-V35,1.1.9 HSS 3-port (RS449) FW/HSS3-449,1.1.9 HSS 3-port (RS232) FW/HSS3-232,1.1.9 HSS 4-port FW/4PORTWAN-FW,1.2...

11.1 Software Packages 23 RAS Traps X X X X X IPX X X X X X X X XNS X X X X OSI X X X X OSI connection services X VINES X X X DECnet X X X AppleTalk X X X X X X X BR Remote LAN Detection X WAN Protocols PPP/Multilink PPP X X X X X X X X PPTP X X X X X X X L2TP X X X X X X X EAP X X X X X Frame Relay...

24 NETB UILDER S OFTWARE V ERSION 11.1 R ELEASE N OTES SuperStack II Token Ring Table 7 lists software features for each package for the SuperStack II bridge/routers. Flash Load X X X X X X X X Virtual Ports (48 max.) X X X X X X X X Memory Requirements DRAM: 16 MB 16 MB 16 MB 16 MB 16 MB 16 MB 16 M...

11.1 Software Packages 25 OfficeConnect Table 8 and Table 9 list software features for each package for OfficeConnect bridge/routers. WAN Protocols PPP/Multilink PPP X X PPTP X X L2TP X X Frame Relay X X SMDS X X X.25 X X X.25 switching/tunneling X X IBM Protocols DLSw X X BRITSS X X LAA X X Polled ...

26 NETB UILDER S OFTWARE V ERSION 11.1 R ELEASE N OTES Routing Protocols IPv4 X X X X X IP services: Multicast IP X X X X X OSPF X X X X X Network Address Translation (NAT) X X X X X VRRP X X X X DHCP X X X X RIP/RIP v2/NTP X X X X X X DHCP Proxy X X X X IPCP X X X X IP security: IPsec X X X DES X X...

11.1 Software Packages 27 Table 9 Additional OfficeConnect NETBuilder Models Software Features SHDLC X X BSC conversion X QLLC/LLC2 conversion X X Other Features FTP X X X X X X Data over Voice X X X X X X CSU/DSU Loopback X X X X Zmodem X X X X X X Dial-on-demand X X X X X X Quick Step VPN applicat...

30 NETB UILDER S OFTWARE V ERSION 11.1 R ELEASE N OTES Item Not Supported The NETBuilder software version 11.1 does not support the following bridge/routers: ■ SuperStack II NETBuilder 227 Full Router (Ethernet) ■ SuperStack II NETBuilder 427 Router (Ethernet, ISDN) NETBuilder Upgrade Management Uti...

NETBuilder Upgrade Management Utilities 31 or http://infodeli.3com.com/infodeli/swlib For instructions on how to decompress and install the utilities, see the ruu111.txt file. The Windows files are as follows: Executing profile.bat When using the 11.1 NETBuilder Upgrade Management Utilities from a W...

32 NETB UILDER S OFTWARE V ERSION 11.1 R ELEASE N OTES Upgrade Management Known Issues This section contains known upgrade management issues. bcmdiagnose Error Message When you execute bcmdiagnose on HP-UX and the TFTP server is configured to use the Safe Directory method, the error message "No ...

Upgrade Management Known Issues 33 WARNING: Do not use the bcmfdinteg utility. The bcmfdinteg utility is used internally by the bcminstall utility. The bcmfdinteg utility should not be used by itself, because by default it removes all files from the current directory. File Conversion Considerations ...

34 NETB UILDER S OFTWARE V ERSION 11.1 R ELEASE N OTES or UpgradeLink -NA Otherwise, an error dialog box is returned with the message “Could not verify user.” If you use tftp, the “Verify Upgrade Services” step does not need the user or password to be verified, so those entries as well as the FTP Cl...

Notes and Cautions 35 Baud Rates for WAN Ports in DCE Mode The following baud rates are supported in DCE mode (synchronous, internal clocking): If you configure a baud rate that is different from those listed, the system will fall back to the nearest lower supported rate. Supported Modems Table 10 l...

Notes and Cautions 37 These messages do not indicate a problem and can be ignored. IBM-Related Services in Token Ring IBM-related services such as DLSw and APPN are affected by parameter settings in the BRidge, SR, and LLC2 Services. Table 12 shows the required settings in source route (SR), source ...

38 NETB UILDER S OFTWARE V ERSION 11.1 R ELEASE N OTES and route discovery are configured, bridge numbers must be unique for each bridge/router on the same ring, and LLC2 is enabled on token ring ports. Token Ring Frame Copy Errors For transparent bridge or source route transparent configurations, t...

Known Problems 39 LAN Network Manager with NETBuilder II Systems If you have previously configured your LAN Network Manager to use the NETBuilder II system as a virtual ring, and you want to use it as a physical ring, you must set your virtual ring number back to None. LLC2 Frames and PPP LLC2 frame...

Limitations 45 Limitations This section describes limitations of NETBuilder software version 11.1. Topics are in alphabetical order. ACCM Not Configurable The ACCM (Async Control Character Map) used for Async PPP cannot be configured. During LCP negotiation, the NETBuilder bridge/router always propo...

46 NETB UILDER S OFTWARE V ERSION 11.1 R ELEASE N OTES parameter settings. The practical limit may be lower and depends on the traffic load, CPU, and memory usage by other services. Number of TCP Connections 3Com LLC2 tunneling uses one TCP connection for each LLC2 session. DLSw scales to large netw...

Limitations 47 NetBIOS sessions occurs if the primary link fails and the redundant link is activated. If this happens, end users need to log on and initiate another session. Maximum BSC Line Speed For V.35 and RS-232 links, the maximum baud rate supported for BSC traffic is 38.4. If the baud rate is...

U SING NETB UILDER F AMILY S OFTWARE U PDATE P AGES This section includes update pages with changes and additions to Using NETBuilder Family Software , software version 11.1. Place the update pages at the front of each specified chapter.

17 C ONFIGURING IP SEC 11.1 Release Notes, Using NETBuilder Family Software Version 11.0 Replace Chapter 17 with this chapter. This chapter describes how to configure the IP Security Protocol (IPsec) on your IP router. IPsec provides security at the network layer. Because IPsec is integrated into IP...

52 C HAPTER 17: C ONFIGURING IP SEC <auth_algorithm> : MD5 | SHA <portlist >: 1-65535 | * | Archie | DNS | Finger | FTP | FTPData | Gopher | HTTP | NFS | NNTP | NTP | POP2 | POP3 | PortMap | RIP | SMTP | SNMP | SNMPTrap | Syslog | Telnet | TFTP | WAIS The default for encrypt_algorithms i...

Configuring IPsec 53 <encrypt_key> and <auth_key> can be 1 to 128 bytes entered as either ASCII text strings or as a series of hexadecimal digits. See “Configuring Manual Key Information” next for more information about key set usage. To delete a key set, use: DELete -IPSEC KeySet [<k...

54 C HAPTER 17: C ONFIGURING IP SEC When you specify a key that is too short, the policy binding operation generates an error message informing you of the key length discrepancy and the key is rejected. If this should occur you will need to delete the specified key and reenter a key of the appropria...

Configuring IPsec 55 Figure 1 VPN PPTP Tunnel On router 1, set up the tunnel from 170.0.0.1 to 180.0.0.1 by following these steps. 1 Set the system name to "router1" by entering: SETDefault scid = "router1" 2 Create a virtual port to accept connection requests from only router 2 by e...

56 C HAPTER 17: C ONFIGURING IP SEC On router 2, setup the PPTP tunnel from 170.0.0.1 to 180.0.0.1 by following these steps: 1 Set the system name of router 2 to "router2" by entering: SETDefault scid="router2" 2 Create a virtual port that will accept connection requests from only ro...

How IPsec Works 57 IPsec works with the existing Internet infrastructure using encapsulation. It secures a packet of data by encrypting it before sending it over the Internet. On the receiving end, an IPsec-compliant device decrypts the data. On each end of the link (systems at both ends comprise a ...

58 C HAPTER 17: C ONFIGURING IP SEC DES-CBC CANNOT be exported without a legal export license. See the release notes for your software for export restrictions. ESP can be applied alone or with authentication headers. Authentication Header (AH) AH is used to provide data integrity and data origin aut...

33 IPSEC S ERVICE P ARAMETERS 11.1 Release Notes, Reference for NETBuilder Family Software Replace Chapter 33 with this chapter. This chapter describes the IPSEC Service parameters. Table 1 lists the IPSEC Service parameters and commands. CONFiguration Syntax SHow -IPSEC CONFiguration Default No def...

62 C HAPTER 33: IPSEC S ERVICE P ARAMETERS Default No Default Description All keysets are encrypted and protected with the current KeyEncryptionKey and stored in the IPSEC configuration file. The value of the KeyEncryptionKey parameter which is stored in the EEPROM, can be updated by root, but is no...

ManualKeyInfo 63 When you specify a key that is too short, the policy binding operation generates an error message informing you of the key length discrepancy and the key is rejected. If this should occur you will need to delete the specified key and reenter a key of the appropriate length. Values M...

manualPOLicy 65 The mask is a number in the range of 0-32, which indicates the number of bits in the IP address that remain unchanged for the IP addresses in that block. The remaining bits in the IP address should be all 0s. The address block includes all addresses except for the first address and t...

60 RSVP S ERVICE P ARAMETERS 11.1 Release Notes, Reference for NETBuilder Family Software Replace Chapter 60 with this chapter. This chapter describes the Resource Reservation Protocol (RSVP) Service parameters. RSVP is used in multicasting applications like video conferencing, multimedia, and virtu...

68 C HAPTER 60: RSVP S ERVICE P ARAMETERS MaxFlowRate Syntax SETD !<port> -RSVP MaxFlowRate = <bytes/sec>(0-562500) SHow [ !<port> | !* ] -RSVP MaxFlowRate Default Amount of bandwidth reserved for RSVP. Description The MaxFlowRate parameter specifies the maximum amount of bandwidth...

69 SR S ERVICE P ARAMETERS 11.1 Release Notes, Reference for NETBuilder Family Software Place this page in front of Chapter 69. AllRoutes Syntax FLush [!<port> | !*] -SR AllRoutes [Dec | Hex] [<Transparent | Null | route segment>] [Discover | Static] SHow [!<port> | !*] -SR AllRout...

70 C HAPTER 69: SR S ERVICE P ARAMETERS ROUte Syntax ADD !<port> -SR ROUte <media address> [Override] [Dec | Hex] [ Transparent | {Null | <source route> [<largestframesize>]}] DELete !<port> -SR ROUte <media address> SHow [!<port> | !*] -SR ROUte [[Cmac | Nc...

71 SYS S ERVICE P ARAMETERS 11.1 Release Notes, Reference for NETBuilder Family Software Place this page in front of Chapter 71. CONFiguration Syntax SHow -SYS CONFiguration Description The CONFiguration parameter displays various SYS Service parameter values. The display generated with this paramet...

77 WEBL INK S ERVICE P ARAMETERS 11.1 Release Notes, Reference for NETBuilder Family Software Place this page in front of Chapter 77. StatPollInterval Syntax SETDefault -WEBLink StatPollInterval = <value> (0-120) SHow -WEBLink StatPollInterval Default 60 (minutes) Description The StatPollInter...