Enterprise OS Softw are
Version 11.4 Release Notes
3Com provides a CD-ROM that includes all Enterprise OS software version 11.4
software manuals plus version 11.4 new installation and upgrade manuals. To
obtain a hardcopy version of the 11.4 documentation, order part number
C36460T.
You can order the documentation CD-ROM using part number 3C6461T.
Additionally, all documentation for Enterprise OS software version 11.4 is
located on the 3Com website:
http://w w w .3com.com/
Part No. 86-0621-000
Published January 2000
CONTENTS
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES
Encryption Packages Notice
Supported Platforms
OfficeConnect NETBuilder and SuperStack II NETBuilder SI Release
Platforms Not Supported
New Features and Feature Enhancements
7
8
9
9
9
JAVA Runtime Environment
VPN and Security Features
9
9
Routing Support Features 11
Traffic Shaping & QoS Features 14
Dial Service Features 17
Voice & Multiservice Features 17
Network Management Features 18
Transcend VPN Application Suite 21
11.4 Software Packages 23
NETBuilder II Bridge/Router 23
SuperStack II NETBuilder SI 26
PathBuilder S5xx Series Switch 29
PathBuilder S400 Series Switches 32
OfficeConnect NETBuilder Bridge/Routers 34
OfficeConnect NETBuilder 10/ST 37
SuperStack II NETBuilder Token Ring 40
Upgrade Management Utilities 43
Downloading Upgrade Management Utilities 43
UNIX Files 43
Windows Files 43
Executing
profile.bat 44
Version 11.4 Upgrade Management Utilities 44
Upgrading to 11.4 Utilities with Transcend Upgrade Manager 44
Transcend Enterprise Manager 44
Upgrade Management Notes 45
bcmdiagnose Error Message 45
SuperStack II NETBuilder Token Ring Upgrades 45
bcmdiagnose and HP-UX 45
bcmfdinteg 45
File Conversion Considerations 46
UNIX Platform Symbolic Links 46
Upgrading From Release 8.3 or Earlier 46
Upgrade Link and Netscape Browser Scroll Bars 46
Upgrade Link Window Resizing 47
IBM Protocols and Services Notes 47
APPN 47
APPN Connections to 3174 through Token Ring 47
APPN CP-CP Sessions and SNA Boundary Routing 47
APPN CP-CP Sessions on Parallel TGs 47
APPN DLUr Connections to 3174 Systems 47
BSC and Leased Lines 47
Boundary Routing and NetView Service Point 48
Configuring BSC and NCPs 48
DLSw Circuit Balancing 48
DLSw and CONNectUsage Parameter Default Change 48
DLSw Prioritization 48
DLSw and IBM Boundary Routing in Large Networks 48
Front-End Processor/Frame Relay Access for LLC2 Traffic 49
HPR and ISR Configurations 49
IBM Boundary Routing Topology Disaster Recovery 49
IBM-Related Services in Token Ring 50
LAN Network Manager with NETBuilder II Systems 51
LLC2 Frames and PPP 52
Maximum BSC Line Speed 52
SHDLC Half-Duplex Mode 52
SDLC 52
SDLC Adjacent Link Stations for APPN 52
Source Route Transparent Bridging Gateway (SRTG) Interoperability 52
SDLC Ports and NetView Service Point 52
UI Response Time With Large SDLC configuration 52
VTAM Program Temporary Fixes 52
ATM Services Notes 53
ATM Emulated LANs 53
ATM LAN Emulation Clients and Large 802.3 Frames 53
ATM Connection Table 53
Deleting ATM Neighbors 53
Source-Route Transparent Gateway 53
WAN Protocols and Services Notes 53
ACCM Not Configurable 53
Asynch Tunnelling on Serial Ports 53
Automatic Line Detection 53
Auto Start-up Does Not Include Async 54
Bandwidth-on-
Demand Timer Precedence 54
Baud Rates for WAN Ports in DCE Mode 54
BSC Cabling and Clocking 54
Changing the Transfer Mode Parameter Default Value 54
Compression Requirements 54
Dial Idle Timer 55
Disaster Recovery on Ports Without Leased Lines 55
DTR Modems 55
Dynamic Paths 55
Frame Relay Congestion Control 55
History-Based Compression Negotiation Failure 55
History Compression Not Allowed With Async PPP 55
Multilink PPP Configurations 55
SPID Wizard Detection Errors 56
STP AutoMode Does Not Select the Right Mode 56
Supported Modems 56
Routing Protocols and Services Notes 56
BGP Configuration Files 56
CPU Utilization with XNS Protocol 57
IPX to Non-IPX Configuration Error 57
IPX Routing, Route Receive and Route Advertisement Policies 57
Managing IP Address Assignment 57
NAT Service - Many to One Outbound Translation 57
NAT Service - TCP/UDP Port Mappings 57
OSPF Route Advertisement 57
PIM-Sparse Mode 57
PIM-SM Enterprise OS/Cisco Incompatibility 57
PIM-SM Register Checksum Formats 57
PM-SM Not Supported Over NBMA Media 58
RouteDiscovery 58
VRRP Configuration 58
Network Management System and Services Notes 58
ASCII Boot 58
Boot Cycle Continuous Loop 58
BootP Server and Autostartup 58
Bootptab File 58
Capturing Commands to boot.cfg File 59
Change Configuration and Diagnostic Menu 59
CPU Utilization Statistic 59
File System Error 59
Firmware Configuration 59
Firmware Update 59
IP Quality of Service Bandwidth 59
IP Quality of Service Configuration 59
Multiple Paths to BootP Server 59
Remote Access Default Change 60
Scheduler RunOnBootFail Completion 60
V.25bis Modem Setup 60
Web Link Documentation Path 60
Web Link Login Support 60
Zmodem Time Out 60
VPN Protocols and Services Notes 60
ACE Security Server 60
Total Control Security and Accounting Server Availability 60
Microsoft MPPE Patches and Updates 61
PKI: Entrust CA Installation Notes 61
PPTP Tunnel Security Validation 62
RSA Signature for Phase 1 Authentication 62
Windows NT MS-CHAP Authentication 62
Platform Notes 63
OfficeConnect NETBuilder and SuperStack II NETBuilder SI Additional Memory
Requirements 63
Approved DRAM SIMMs 63
Supported PC Flash Memory Cards 64
Line Error Reporting on PathBuilder S5xx Series Switch Statistics Display 64
T3 Bandwidth Limitation 64
MBRI Ownership During Board Swapping 64
Multiport MBRI Module SNMP Management 64
Token Ring+ Modules 64
Token Ring Auto Start-up 64
ENTERPRISE OS SOFTWARE VERSION
11.4 RELEASE NOTES
These release notes provide information on the following topics for Enterprise OS
software version 11.4:
■
■
■
■
■
■
■
■
■
■
■
■
■
■
Encryption Packages Notice
Supported Platforms
Platforms Not Supported
New Features and Feature Enhancements
11.4 Software Packages
Upgrade Management Utilities
Upgrade Management Notes
IBM Protocols and Services Notes
ATM Services Notes
WAN Protocols and Services Notes
Routing Protocols and Services Notes
Network Management System and Services Notes
VPN Protocols and Services Notes
Platform Notes
If you have questions about the software, the guides, or these release notes,
contact 3Com or your network supplier.
For information on the command syntax used in these release notes, see “About
This Guide” in Using Enterprise OS Software.
Encryption
Packages
Notice
The Enterprise OS softw are version 11.4 may contain strong data
encryption that cannot be exported outside the United States or Canada.
It is unlaw ful to export/re-export or transfer, either physically or
electronically, the encryption softw are or accompanying documentation
(or copies thereof) or any product(s) utilizing the encryption softw are or
such documentation w ithout obtaining w ritten authorization from the US
Department of Commerce.
Do not place Enterprise OS version 11.4 packages w ith encryption on
netw orks or servers that are accessible to users outside of the U.S. and
Canada.
Software packages with encryption include the following:
■
PathBuilder™ S5xx series switch
Part No. 86-0621-000
Published January 2000
8
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES
Multiprotocol Router with 40-bit Encryption (PL)
Multiprotocol Router with 56-bit Encryption (PE)
Multiprotocol Router with 128-bit Encryption with 3DES (PS)
PathBuilder S400 switch
■
Multiprotocol Router with 40-bit Encryption (ML)
Multiprotocol Router with 56-bit Encryption (ME)
Multiprotocol Router with 128-bit Encryption with 3DES (MS)
IP/IPX/AT Router with 40- and 56-bit Encryption (XE)
IP/IPX/AT Router with 128-bit Encryption with 3DES (XS)
■
■
NETBuilder II®
Multiprotocol Router with 40-bit Encryption (DL)
Multiprotocol Router with 56-bit Encryption (DE)
Multiprotocol Router with 128-bit Encryption with 3DES (DS)
SuperStack® II NETBuilder® SI
IP/IPX/AT Router with 40- and 56-bit Encryption (NE) (SI model)
IP/IPX/AT Router with 128-bit Encryption with 3DES (NS) (SI model)
Multiprotocol Router with 40-bit Encryption (CL) (SI model)
Multiprotocol Router with 56-bit Encryption (CE) (SI model)
Multiprotocol Router with 128-bit Encryption with 3DES (CS) (SI model)
■
■
SuperStack II NETBuilder
Multiprotocol Router with 56-bit Encryption (TE) (Token Ring
models 327 and 527)
OfficeConnect® NETBuilder
IP/IPX Router (JW)
IP/IPX Router with 56-bit Encryption (JE)
IP/IPX Router with 128-bit Encryption with 3DES (JS)
IP/IPX/AT Router with 40- and 56-bit Encryption (NE)
IP/IPX/AT Router with 128-bit Encryption with 3DES (NS)
Multiprotocol Router with 56-bit Encryption (OE)
Multiprotocol Router with 128-bit Encryption with 3DES (OS)
■
OfficeConnect 10 NETBuilder
Router (RW)
Router with 56-bit Encryption (RE)
Router with 128-bit Encryption with 3DES (RS)
Supported Platforms
Enterprise OS software version 11.4 is available for the following platforms:
■
■
■
■
NETBuilder II
SuperStack II NETBuilder models 327 and 527
SuperStack II NETBuilder SI models 43x, 44x, 45x, 46x, 53x, 54x, 55x, and 56x
OfficeConnect NETBuilder models 11x, 12x (K and T variants),13x,
14x (U and ST variants) and 10/ST
Platforms Not Supported
9
■
■
PathBuilder S5xx series switch models S500, S580, S593, S594, S598 and S599
PathBuilder S400
OfficeConnect Due to increased memory requirements, the OfficeConnect NETBuilder and
NETBuilder and SuperStack II NETBuilder SI will be released after the general release of Enterprise
SuperStack II OS Software version 11.4. The general release will include support for the
NETBuilder SI Release following platforms: NETBuilder II, SuperStack II NETBuilder Token Ring,
PathBuilder S50x, S58x, S59x, and PathBuilder S400 devices. Watch for special
release announcements for the OfficeConnect NETBuilder and SuperStack II
NETBuilder SI devices.
See “OfficeConnect NETBuilder and SuperStack II NETBuilder SI Additional
Memory Requirements” on page 63 for details about memory requirements for
the OfficeConnect NETBuilder and SuperStack II NETBuilder SI devices.
Platforms Not
Supported
The Enterprise OS software version 11.4 does not support the following
bridge/routers:
■
Model 227 SuperStack II NETBuilder Router (Ethernet)
■
Model 427 SuperStack II NETBuilder Router (Ethernet, ISDN)
■
■
Model 120 OfficeConnect NETBuilder (FRAD)
Model S574 and S578 PathBuilder Switch
New Features and
Feature
Enhancements
Enterprise OS is the system software that operates within the NETBuilder and
PathBuilder WAN products. Enterprise OS devices supported by this release include
the NETBuilder II, SuperStack II NETBuilder, OfficeConnect NETBuilder
bridge/router, PathBuilder S5xx tunnel switch (models S500, S580, S593, S590,
S594, S598, S599), and the PathBuilder S400 WAN convergence switch.
This section highlights the new features and enhancements contained within
Enterprise OS software version 11.4.
JAVA Runtime With 3Com Enterprise OS software version 11.4, in the /tools/jre subdirectory is
Environment the MS Windows 95/98/NT version of JRE (Java Runtime Environment) written by
Sun Microsystems. This JRE archive file is a self-extracting executable that contains
the Java virtual machine, runtime class libraries, and Java application launcher that
are necessary to run programs written in the Java programming language. The JRE
is needed to run the following Enterprise OS applications:
■
Voice Wizard in Web Link (embedded web interface) on the PathBuilder S400
devices
■
PKI Manager (part of the Transcend VPN Application Suite)
For more information or to download the UNIX version, see Sun's website:
VPN and Security VPN and Security features provide Public-Key Infrastructure, Non-Broadcast,
Features Multi-Access (NHRP) for VPN Tunnels, IP Payload Compression Protocol (IPComp),
and Tunnel Switching Between Different Tunnel Types.
10
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES
Public-Key Infrastructure (PKI) Implementation
Applications like IP Security (IPsec) and Internet Key Exchange (IKE) employ
public-key technology for such security purposes as identifying oneself to remote
entities, verifying a remote entity's identity, or initiating secure communications
with remote peers. Such applications require a public-key infrastructure (PKI) to
securely manage public keys for widely-distributed users or systems. The
implementation of PKI is based on the X.509 standard.
New also is PKI Manager, a graphical management application to aid Enterprise OS
devices in obtaining PKI certificates and Certificate Revocation Lists (CRLs) from
various Certificate Authorities (CAs). PKI Manager works as a proxy between the
device and the CA. It is responsible for collecting the certificate requests from the
devices and generating the CA-specific certificate request syntax (CRS), which in
turn is sent to the CA. After the CA issues the certificate, PKI Manager retrieves it
from the CA and send it to the Enterprise OS device. The CAs that are supported
with this first release are Verisign and Entrust. The application is currently
supported only on Windows NT. See the “Transcend VPN Application Suite”
section of this release note for more information.
Non-Broadcast, Multi-Access (NHRP) for VPN Tunnels
With the Non-Broadcast, Multi-Access (NBMA) characteristics of a
Point-To-Multi-Point (P2MP) VPN tunnel (also called IP-Over-IP tunnel), an IP packet
must be forwarded via a routed tunnel path. These tunnel paths must be
configured statically between each pair of neighbors. All VPN traffic is allowed to
flow only through the configured neighboring paths. This makes routing
inefficient since data forwarding may not always be using the best route with the
shortest hops. To solve this, the user would have to go to the trouble of
configuring a fully-meshed VPN so packets could be forwarded with one hop.
With the Next Hop Resolution Protocol (NHRP) implemented in 11.4, tunnels are
now established dynamically. NHRP enhances the Point-To-Multi-Point (P2MP) VPN
tunnel by eliminating the need to statically configure each and every end-point
virtual port on the device. NHRP resolves the next hop when forwarding data
through tunnels. The Enterprise OS device will “automatically” discover its short
cut path for routing, without having to manually configure every neighboring
path.
IP Payload Compression Protocol (IPComp or IPPCP)
Enterprise OS software supports data compression to ease bandwidth problems.
However, in previous software releases the compression mechanism was not
effective when a data stream was encrypted at layer 3. With 11.4, by using IP
Payload Compression Protocol (IPComp), RFC 2393, to first reduce the size of the
IP datagram by compressing the data, then performing encryption, the size of IP
datagrams has been reduced. This is extremely useful when IPsec encryption is
applied to IP datagrams, since compression of outbound IP datagrams is done
before any IP security processing, and the decompression of inbound IP datagrams
is applied after the completion of all IP security processing. Only dynamic
negotiations of the IPComp Association (IPCA) via IKE and one compression
algorithm (LZS) is supported for 11.4. Any negotiation of IPComp is always
combined with a negotiation of ESP, AH, or both.
New Features and Feature Enhancements
11
Tunnel Sw itching Betw een Different Tunnel Types
So that tunnel switching between two sessions of different tunnel types can be
easily implemented and maintained, Enterprise OS software version 11.4 has been
re-structured to support tunnel switching from PPP over Ethernet (PPPoE) to PPTP,
and from PPPoE to L2TP. Users can now dial-in through a PPPoE tunnel and
“switch out” through a PPTP or L2TP tunnel. This enables the Enterprise OS device
to have the flexibility of switching between tunnels of different tunnel types.
Routing Support Routing support features include OSPF External Route Aggregation, Protocol
Features Independent Multicast-Sparse Mode (PIM-SM), Multicast Border Router (MBR),
IGMPv2 Enhancements, PPP over Ethernet (PPPoE), Virtual Router Redundancy
Protocol (VRRP) for ATM Ethernet LAN Emulation, Virtual Router Redundancy
Protocol (VRRP) for Virtual LAN (VLAN), Many-to-One NAT Enhancement, BGP-4 &
IPv6 added to multiprotocol packages for OfficeConnect NETBuilder and
SuperStack II NETBuilder SI, PathBuilder S400 devices, and RSVP and RSVP Proxy
added to software packages for OfficeConnect NETBuilder and SuperStack II
NETBuilder SI and PathBuilder S400 devices.
OSPF External Route Aggregation
With OSPF, the user can import routes from external routing sources (for example,
BGP, RIP, static routes, and directly connected networks). These imported routes
become OSPF external routes. In some networks, the number of external routes to
be advertised can cause traffic congestion on the backbone and subsequently to
all areas.
Because version 11.4 aggregates the type5 external routes, the user can define
external route ranges. With user-defined external route ranges, if the external
route is within the defined range, only then will the network be advertised. This
reduces the number of external routes advertised in the backbone and regular
areas.
Protocol Independent Multicast-Sparse Mode (PIM-SM)
The periodic broadcasting of information by DVMRP and MOSPF to identify the
location of interested receivers for a specific multicast session is only useful in
networks where bandwidth is plentiful or when there is a large number of senders
and receivers for a multicast session. When senders and receivers to multicast
sessions are distributed sparsely across a wide area such schemes are not efficient.
They waste bandwidth on expensive WAN links and require the maintenance of
“routing-state” on routers that are not on the forwarding tree for the multicast
session. Protocol Independent Multicast-Sparse Mode (PIM-SM), implemented in
11.4, is an intra-domain multicast routing protocol designed to resolve some of
the inadequacies with these other multicast protocols.
PIM-SM is “protocol independent” in that it can work with any unicast routing
protocol. It builds a per-group (or per multicast session) shared multicast
distribution tree centered at a rendezvous point, and requires receivers to explicitly
join to this shared distribution tree prior to receiving data traffic. Since a
“shared-tree” mechanism could result in suboptimal paths for data traffic from a
source to the receivers of a multicast session, PIM-SM also supports the ability to
switch to a source specific distribution tree if the data traffic warrants it. The
implementation of PIM-SM supports IPv4 in this release (IPv6 is not supported in
this release).
12
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES
Multicast Border Router (MBR)
To allow sources and receivers inside multiple autonomous multicast routing
domains (each running a different multicast routing protocol -- DVMRP, MOSPF, or
PIM-SM) to communicate, the regions must be connected by multicast border
routers (MBRs). The primary role of the MBR is to pull down the traffic from one
domain to the another domain. This MBR functionality is implemented in the
Enterprise OS device to allow the efficient interoperation among independent
multicast routing protocols. A common forwarding cache to forward the multicast
data packets has been implemented. MBR makes it easier to have a unified
forwarding table for multicast data traffic. The multicast routing protocols will
maintain protocol specific routing states and create forwarding entries in the
unified forwarding table for multicast traffic.
IGMPv2 Enhancements
Adding to the IGMPv1 support, 11.4 will be adding support for IGMPv2 (RFC
2236). Feature enhancements include the following:
■
■
■
Allowing a host to inform a multicast router when it no longer wants to receive
traffic for a given multicast group.
Defines a new procedure for electing the multicast querier on a LAN; the
multicast router with the lowest IP address is always chosen as the querier.
Defines a new type of Query message, called the Group-Specific Query. This
type of message allows a router to transmit a query to a specific multicast
group rather than all groups that reside on a directly attached subnet.
PPP over Ethernet (PPPoE)
With 11.4, PPP over Ethernet (PPPoE) is available to offer a seamless integration of
broadband access technology into the existing infrastructure and operational
model of remote access. As specified in the informational RFC 2516, PPPoE
encapsulates PPP packets over Ethernet. It is intended for use by a host PC to
interact with a broadband modem (e.g. xDSL, cable, and wireless access devices)
to achieve access to high-speed data networks. The PPPoE offering is targeted at
Carriers, ISPs, and NSPs with an ATM backbone for use in a VPN environment for
broadband access.
Ethernet is the most proven, familiar, and cost effective LAN technology that exists
today. PPP is the most popular dial-up transport, created to define negotiating
connectivity parameters, authenticate users, dynamically assign IP addresses, and
support multiprotocol environments. In a remote dial-up environment, besides the
traditional analog and ISDN modems, there are server other high-speed,
broadband CPEs being rapidly deployed (for example, xDSL, cable, and wireless
access devices). All high-speed, broadband access equipment requires end users to
be knowledgeable in their technologies, connectivity, and configuration
characteristics. With PPPoE, much of the complexity of these broadband devices is
hidden from the user. In addition to ease of configuration and use for the end
user, PPPoE also simplifies provisioning, installation, and management for the
service provider.
Advantages of PPPoE:
■
Supports multiple hosts and users across a dedicated broadband connection
and a single ATM or Frame Relay PVC with the same Ethernet infrastructure.
New Features and Feature Enhancements
13
■
■
■
Provides end users with ease of installation and configuration; no special
configuration of the PC or modem is needed.
Provides services providers with ease of provisioning, services, and
management.
Operates independent of access device (that is, works for xDSL, cable, or
wireless devices) which shields end users from the need to learn complicated
technologies (for example, ATM).
■
Preserves the applications that have been built around Microsoft Windows
Dial-Up Networking (DUN). A simple PPPoE client driver is used with an
interface and functionality familiar to the user.
Virtual Router Redundancy Protocol (VRRP) for ATM Ethernet LAN
Emulation
In addition to supporting Virtual Router Redundancy Protocol (VRRP) on Enterprise
OS platforms with Ethernet, Fiber Distributed Data Interface (FDDI), and Token
Ring interfaces, 11.4 now supports ATM Ethernet LAN Emulation (ATM LANE).
LANE operates by maintaining a set of mappings from MAC addresses to ATM
addresses. When running VRRP on a LANE network, the LANE protocol must be
notified when a new master router is elected so that it can update the MAC
address to ATM address mapping within the ELAN for the virtual router's MAC
address. In essence, while running VRRP over LANE, a virtual MAC address may
change location from one LEC to another.
For more information regarding VRRP, consult the Internet Drafts for VRRP
(draft-ietf-vrrp-spec-v2-03.txt) and VRRP Operation over ATM LAN Emulation
(draft-ietf-vrrp-lane-01.txt).
Virtual Router Redundancy Protocol (VRRP) for Virtual LAN (VLAN)
In addition to supporting Virtual Router Redundancy Protocol (VRRP) over a
physical LAN, with 11.4 comes support for VRRP for the Virtual LAN (VLAN).
A VLAN can be seen as a group of end-stations, perhaps on multiple physical LAN
segments that are not constrained by their physical location and can communicate
as if they were on a common LAN. With VRRP for VLAN, network operation is
ensured since dynamic responsibility for a virtual router is transmitted to one of
the VRRP routers on a VLAN.
When VRRP is used over a physical LAN, an owner of the Virtual Router ID (VRID)
may change the MAC address to the Virtual MAC (VMAC) address without
transitioning to promiscuous mode. For the VLAN implementation, when a VRRP
router becomes the master (the router that is forwarding the virtual IP packets),
the VLAN interface will always be in promiscuous mode.
Many-to-One NAT Enhancement
When executing large file transfers with a block size that is greater than the
underlying media can handle, IP will fragment the UDP packet. Since only the first
fragment contains the UDP header (which indicates the source and destination
port required by NAT to map to a NAT IP address), the subsequent fragmented
packets do not contain the UDP header. This results in NAT not having the UDP
ports to map to the NAT IP address. In previous releases, this condition would
14
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES
occur during, for example, TFTP file transfers using Large Blocksize Negotiation
(RFC 1783).
Each fragmented packet contains an IP Identification (ID) number that is used for
re-assembly. When the first fragment arrives, the ID is stored in the NAT session
that has already been setup for the TFTP file transfer, so when subsequent
fragment’s arrive with no UDP header, a search is made for the session by ID and
the relevant IP address. After the session is found, the destination and source ports
are known and NAT can translate.
BGP-4 & IPv6 added to Multiprotocol Packages for OfficeConnect
NETBuilder & SuperStack II NETBuilder SI & PathBuilder S400 devices
Previously, BGP-4 & IPv6 was available only on the NETBuilder II and PathBuilder
S5xx devices. Starting with 11.4, BGP-4 and IPv6 are supported on the
OfficeConnect NETBuilder and SuperStack II NETBuilder SI (Ethernet only)
bridge/routers, as well as on the PathBuilder S400 WAN convergence switch.
BGP-4 and IPv6 will be available only on the multiprotocol packages for these
platforms.
RSVP & RSVP Proxy added to Softw are Packages for OfficeConnect
NETBuilder & SuperStack II NETBuilder SI & PathBuilder S400 devices
Previously, RSVP was available only on the NETBuilder II and PathBuilder S5xx
devices. Starting with 11.4, RSVP and RSVP Proxy are supported on the
OfficeConnect NETBuilder and SuperStack II NETBuilder SI (Ethernet only)
bridge/routers, as well as on the PathBuilder S400 wAN convergence Switch.
Traffic Shaping & QoS Traffic shaping and Quality of Service (QoS) features include Bandwidth on
Features Demand with Incoming Traffic, and IP Quality of Service (IPQoS).
Bandw idth on Demand w ith Incoming Traffic
Bandwidth on Demand is a facility that provides supplementary bandwidth above
the normal bandwidth levels specified by the user whenever traffic congestion is
detected. In previous releases, only the transmitted traffic load was used to control
this feature; with the 11.4 release, incoming traffic is also monitored. The need to
monitor incoming traffic for Bandwidth on Demand appears in such situations as
when a router that is connected to an ISP downloads a web-page. The incoming
traffic bandwidth consumption would be high; it would be desirable at this point
to add more bandwidth to accommodate the desired burst in traffic.
IP Quality of Service (IPQoS)
With the enormous growth in network traffic, robust QoS is required to ensure
mission-critical and real-time application traffic will get adequate network
resources to traverse the network regardless of the competing demands for
bandwidth by other applications.
Policy-based QoS management will enable network managers to control
bandwidth allocation and service levels on IP traffic flows. Traffic flows can be
metered and policed on a per policy base to ensure its bandwidth consumption
does not exceed the defined rate limits. When multiple flows are aggregated into
a service class, rate limiting protects conforming flows from the aggressive flows
hogging network resources that may lead to a denial of service. Flows can also be
policed to ensure correct marking of the IP/TOS-byte in the IP header as per policy.
New Features and Feature Enhancements
15
Given the scalability problems associated with RSVP, the emerging IETF standard
for scalable end-to-end QoS–IP Differentiated Service is supported. Incoming
traffic flows can be classified into service classes for each defined QoS policy with
the routers providing the service level that corresponds to the Differentiated
Services Code Point (DSCP), bits 0-5 in the TOS-byte, via the Class-Based Queue
(CBQ) packet scheduler and Random Early Detection (RED) congestion avoidance
mechanisms. These queue management policies will only be supported over the
slower FR and PPP WAN links.
Brief descriptions of additional QoS features are listed below. For further
information on IPQoS, consult RFC 2474 (Definition of Differentiated Service Field
in IP Headers) and RFC 2309 (Recommendations on Queue Management &
Congestion Avoidance in the Internet).
■
Policy-based QoS Management
Flexible QoS control is configured via the IPQoS Service as port specific policies.
QoS policies can be applied to the inbound traffic at the ingress port and/or the
outbound traffic at the egress port. QoS policies are associated with flows.
Policies are stored in the user-defined precedence order in the QoS policy
database. The policy action associated with the first matching policy found for
the packet will be applied. Flow can be defined as either an aggregated flow or
a specific application flow between two end systems. Flows are classified via
the generic packet classification service provided by IP.
A network manager can define the following types of QoS policy:
■
Bandwidth control - If rate limiting is specified in a QoS policy, the associated
traffic flow will be metered and policed. Rate limiting can be applied to traffic
transmitted or received on an interface. User may also define actions, such as
forward/discard/remark TOS-byte, to handle traffic that conforms to or exceeds
the rate limit.
■
TOS control - TOS can be set to a specified TOS value. This allows incoming
packets to be classified into a small number of DSCP-based classes.
TOS-byte can also be remarked for forwarding to another administration
domain with a different IP/TOS convention.
■
■
Service class control - A specific service class can be assigned to a flow
independent of the DSCP value in the TOS byte. By default, the 6-bit DSCP
value is mapped into a CBQ service class at the outgoing WAN port.
Traffic redirect - traffic can be redirected at the ingress port.
■
IEEE 802.1P Prioritization
When the ingress port is connected to a VLAN-aware switch that does the
layer-2 packet classification and 802.1P user priority support is enabled on the
ingress VLAN port, the 802.1P user priority of the incoming IP packet will
determine the IP/TOS value based on the default or user-configured mapping.
When the egress port is connected to a layer-2 VLAN-aware switch that does
not support packet classification and 802.1P support is enabled on the egress
VLAN port, the IP/TOS value will determine the 802.1P priority of the outgoing
packet based on the default or user-configured mapping
IP traffic can also be classified via a QoS policy to be tagged with a specific
802.1P priority.
16
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES
■
Class-Based Queuing (CBQ) Management
Class-Based Queuing (CBQ) is a link-sharing packet scheduler which is an
enhanced version of the existing Protocol Reservation queuing policy. It
performs priority scheduling and supports specific traffic class characteristics,
such as the average transfer rate. It supports a hierarchy of service classes, each
associated with a set of QoS attributes (such as, average rate, priority, and max
delay) and a packet queue to hold packets marked for the service class.
CBQ provides weighted (based on the allocated bandwidth) round robin
scheduling when the class is not congested, but switches to the link sharing
mode during periods of congestion. It regulates each class queue to its
allocated bandwidth, but allows a congested class to borrow bandwidth from
its under-utilized parent class.
When a class queue builds up due to packet arriving at higher rate than the
class’s allocated bandwidth, CBQ employs a packet drop policy to manage the
queue length/latency. By default, the simple “tail drop” is invoked to discard
the most recently arrived packet for the congested queue/class. The more
effective RED dropper can also be optionally enabled on a CBQ class queue.
CBQ also supports traffic prioritization. Higher priority classes are serviced first,
classes with the same priority are then serviced based on weighted round
robin. Borrowing is allowed only if a class is configured to allow borrowing
from its parents.
The network manager may define any number of CBQ classes. Policies can be
defined that map the DSCP in the TOS-byte to a specific service class to provide
the desired QoS. Initial RSVP support will restrict RSVP flows to the well-known
“RSVP” service class.
Given the significant per packet overhead, CBQ does not scale well with
multi-level class hierarchies and would perform best with a small number of
classes in a shallow tree structure on lower speed WAN links.
CBQ will be supported on PPP/FR ports only.
RED Congestion Avoidance
■
Random Early Discard (RED) actively manages the queue size by dropping
arriving packets using probability as follows. The probability of packet drops
increases as the estimated average queue size grows. The average queue size is
computed using a simple exponentially weighted moving average estimator.
RED starts dropping arriving packets when the queue size exceeds the defined
minimum threshold in number of packets), and the drop probability increases
linearly with the queue size until the defined maximum threshold (in number of
packets) is reached - at which point all arriving packets are dropped.
Weighted Random Early Discard (WRED) implements an additional
drop-precedence based preferential discard mechanism. The drop-precedence
value is used to determine the minimum and maximum thresholds–such that
packets tagged with a higher drop-precedence value has a higher drop
probability. The drop-precedence value is determined by the amount of traffic
in excess of the rate limit.
RED congestion avoidance scheme actively manages the queue length to
efficiently reduce both packet drops and queue latency, resulting in lower delay
and better service. The random packet drop also effectively breaks up the
traffic synchronization due to TCP’s “slow start than speed up” behavior, which
New Features and Feature Enhancements
17
may cause some flows to be locked out of bandwidth if a simple tail drop is
employed when the queue becomes full. However, RED works well only with
compliant TCP implementations that backs off when network congestion is
detected. It has no effect on non-IP or UDP traffic.
RED is supported on CBQ class queues only.
Dial Service Features Dial service features include increased asynchronous baud rate for the all
Enterprise OS platforms.
In releases prior to 11.3, the maximum baud rate for asynchronous ports was
57.6 kbps. With the 11.3 release, the maximum baud rate has been increased to
115.2 kbps only for the OfficeConnect NETBuilder platform. With the 11.4
release, this feature is expanded to support all other platforms with FlexWAN
interfaces. This includes the NETBuilder II with the 4-port HSS module, SuperStack
II NETBuilder SI, PathBuilder S5xx, and PathBuilder S400 devices.
Voice & Multiservice Voice and multiservice features include voice over Frame Relay, and voice over
Features VPN. These features are currently available on the PathBuilder S400 platform only.
Voice Over Frame Relay (VoFR)
With Frame Relay already providing a flexible and efficient means of transferring
data, Voice Over Frame Relay (VoFR) consolidates voice and voice-band data (for
example, analog modems and fax messages) with data services. VoFR lowers the
cost of calls while increasing the utilization of network resources and maintaining
the reliability of an existing Frame Relay network.
With 11.4, VoFR is available in the PathBuilder S400 WAN convergence switch.
The VoFR capabilities will handle peer-to-peer (end-user to end-user) VoFR voice
call signaling across the network, providing real-time delivery of voice signals
without excessive delay.
Features of the 3Com implementation of VoFR:
■
All voice payloads are encapsulated in the FRF.11 formats. Voice and data share
the same virtual circuit (VC) based on the FRF.11 Annex J (The Use of Reserved
Subchannels) capabilities as authored by 3Com.
■
Fragmentation can consume CPU processing power resulting in degraded
system performance. Unlike other vendors implementation of VoFR, 3Com's
proprietary Fragmentation Control Protocol (FCP) is designed to support
dynamic fragmentation control to turn on-and-off fragmentation at each
communicating endpoint.
■
3Com proprietary VoFR signaling based on Q.931allows dynamic call
connection and teardown.
■
VoFR recovery is built into VoFR signaling to handle system or network
outage.
■
Voice call establishment is regulated by bandwidth requirements of voice
compression between two communicating DSP peers, as well as by the
available bandwidth (CIR) of the VC at each end.
■
Voice calls between remote offices can be switched through central site
VoFR.
18
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES
■
Up to 250 calls can be supported within each VC subject to available
bandwidth.
■
■
Support for FXS and FXO voice ports.
Support for FAX data over the voice call.
Voice Over VPN (VoVPN)
Due to the interaction between VPN (L2TP or PPTP) and VoIP when they are
sharing the same system IP (sysip) address, voice calls do not get tunneled over
L2TP or PPTP. The reason for this is when a VPN tunnel is established with the sysip
address, the endpoint's sysip address is in each endpoints routing table. If an
application subsequently uses the same address that is used by the tunnel, the
routing table would force the packet out on the interface, and not through the
tunnel. The packet would leave the device unencapsulated.
To overcome this, voice calls originating from the system will continue to use the
sysip address as before (in order to utilize the redundancy feature of the sysip). In
addition, the voice call will also have an option to use a different
source-destination pair for those calls that need to be tunneled via VPN. After the
source address is defined, it is linked to the virtual port that represents the VPN
tunnel, allowing the voice call to get tunneled across the VPN.
Netw ork Management Network management features include Upgrade Utilities and Upgrade Link, Web
Features Link Enhancements, Autotargeting for SLA Monitoring/Remote Polling, Console
Output in Telnet Sessions, Multiple SYSLOG Server Support, Audit Log Messaging
Enhancements. and Domain Name Use in FTP and TFTP Commands.
Upgrade Utilities & Upgrade Link
With the upgrade utilities, you will be able to perform upgrades of all your
Enterprise OS devices (NETBuilder, PathBuilder S5xx, and PathBuilder S400 devices)
from an older version of software to a newer version. The version you can upgrade
to will match your version of the upgrade utilities (for example, with the Upgrade
Management Utilities version 11.4, you will be able to upgrade a device running
8.x, 9.x, 10.x, 11.0, 11.1, or 11.2 to any version 9.x, 10.x, 11.0, 11.1, 11.2, 11.3
or 11.4). Engineered to be reliable and simple to use, the utilities can be executed
via command line, via the GUI-interface in Transcend® Upgrade Manager, or the
GUI-interface in Upgrade Link, or via user-defined scripts.
Enhancements to Upgrades Utilities version 11.4:
■
■
File Transfers via HTTP
Faster installation of Enterprise OS software images into Upgrade Manager for
Windows95
■
■
Flexibility of installing the upgrade files into a directory besides /usr/3Com
Added support for PathBuilder S400 WAN convergence switches
Web Link Enhancements
Web Link is an embedded Web-based interface for management of the
NETBuilder bridge/router (or PathBuilder S5xx tunnel switch starting with 11.1.1).
Web Link is available on all router platforms running version 11.0 or later. To
access Web Link, use Netscape 4.08 or later, or Internet Explorer 4.x or later.
New Features and Feature Enhancements
19
■
Voice Wizard
Starting with 11.2.2 and with enhancements made in 11.4 for the PathBuilder
S400 WAN convergence switch, Web Link provides a new Wizard
configuration tool to aid in the configuration of the voice parameters. The
Voice Wizard eases the task of configuration by creating a dial plan that can be
viewed and later edited.
■
Performance Management
Currently available statistics are:
■
System Performance
■
Interface Performance: physical path statistics and port and virtual port
statistics
■
■
■
Protocol Performance: Routing protocols
IP Routing Protocol: Total IP packets and IP packets per interface
IPX Routing Protocol: Total IPX packets
■
■
IPX Packets Per Interface
Frame Relay WAN Protocol
New Statistics for 11.4
■
■
VPN Performance: VPN tunnels and total active tunnels
■
IPsec Performance: Encrypted packets, authenticated packets,
encrypted-authenticated, packets and discarded packets
■
Voice Performance
■
Total Successful Calls
■
Total Packets
Total Bytes
■
Autotargeting for SLA Monitoring/Remote Polling
In 11.2, Remote Polling was introduced which provided a mechanism to
periodically poll a list of up to 100 target devices. By pinging a target list of devices
for connectivity, logs could be generated and statistics gathered to measure
latency between devices and to determine service levels. Statistics could also be
gathered using the 3Com remote polling MIB (3com0019.mib), which can give
the statistical result of each poll. The MIB variables can be used with 3rd party
applications, like InfoVista to provide service level monitoring, analysis, and
reporting. A maximum of 100 target devices can be polled.
In 11.4, the requirement to manually configure up to 100 target devices that the
administrator remotely polls has been eliminated. Four predefined “target groups”
will be used:
■
■
■
■
RAS targets are automatically added when a RAS user session is established
VLL targets are automatically added when a virtual leased line is configured
Tunnel Peers including PPTP/L2TP/IPIP/DNL are automatically added
Static targets can still be manually configured, if desired
20
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES
Console Output in Telnet Sessions
With 11.4, all system messages can be displayed to a Telnet session as well as
through a terminal attached to the local console port. Administrators will be able
to view all important status messages from the Telnet session improving
manageability.
Audit Log Messaging Enhancements
Many enhancements are added in the 11.4 release regarding the logging of
events. These include:
■
■
■
In previous releases, only one SYSLOG server on the network could be sent the
audit log messages from an Enterprise OS device. With 11.4, the administrator
can configure each Enterprise OS device to send it's audit log messages to up
to six SYSLOG servers.
In previous releases, only one SYSLOG server on the network could be sent the
audit log messages from an Enterprise OS device. With 11.4, the administrator
can configure each Enterprise OS device to send it's audit log messages to up
to six SYSLOG servers.
Persistent logging of events across reboots now available across all platforms.
Previously this feature was available only for NETBuilder II and PathBuilder S5xx
devices (those devices which could support the partial dump feature). With
11.4, the partial dump feature is extended to the stackable devices
(OfficeConnect NETBuilder, SuperStack II NETBuilder SI, and PathBuilder S400
devices), so reasons for spontaneous failures will be logged both on the device
and within audit log messages sent to the SYSLOG server(s).
■
To provides a clearer understanding of audit log messages, the format of the
messages has been changed. There is a different format for those messages
sent to a SYSLOG server vs those saved on the device's local audit log buffer.
Redundant information was removed and comprehensive definitions are
provided. A field was added to indicate message severity (0-7 indicating
Emergency, Alert, Critical, Error, Warning, Notice, Info, and Debug).
Changes to audit log messages sent to SYSLOG server(s):
■
For the SYSLOG messages, a unique message identifier (starting with 100)
has been added. Specific services have been assigned a range of identifying
numbers. For example, 100-199 identifies audit log file access status
messages … dial history messages are 400-499 … IPsec messages are
600-649 … and Web Link messages are 1400-1499.
■
A new message format will have identifying labels. The new syntax is as
follows:
priority Seq:SeqNumber Sev:Severity From:Entity/Source Msg:Text
Changes to audit log messages saved on the device's local audit log buffer:
■
The new message format will have identifying labels. The new syntax is as
follows:
<priority> Seq:SeqNumber Date/Time Sev:Severity From:Entity/Source
Msg:Text
■
Audit Log Message Filters are now supported. In previous releases, all audit log
messages were sent to the designated SYSLOG server. With 11.4, the
administrator can set a LogFilter, whereby specific messages can be sent to
specific SYSLOG servers. Messages can be filtered based on service, priority,
New Features and Feature Enhancements
21
message identifier(s) and /or SYSLOG server. The action to send all messages to
the SYSLOG server is still the default when auditing is enabled.
■
The audit log messages can also be sent out through an SNMP trap to be
received by the configured SNMP trap manager(s).
Domain Name Use in FTP and TFTP Commands
Starting with 11.4, a domain name can be used in the FTP commands of GET and
PUT, as well as the TFTP command of COpy to specify the name of the FTP or TFTP
server. Previously, only the IP address of the FTP or TFTP server could be used for
these commands. This function assumes that there is a Domain Name server on
the network with the name/address mapping configured; the Enterprise OS device
continues to act only as a FTP/TFTP client.
Transcend VPN With more VPN management applications available and planned for the future,
Application Suite Secure VPN Manager and the new PKI Manager tools have been bundled
together–one part number to use for ordering, one CD-ROM to use for
installation. The new package will be called Transcend VPN Application Suite.
Secure VPN Manager version 2.2
Secure VPN Manager is a graphical web-based network management tool that
presents key information about your virtual private network (VPN). Secure VPN
Manager provides the assistance necessary to monitor the VPN tunnels terminated
by the NETBuilder bridge/router or the PathBuilder S5xx series of devices. These
analyses are possible through the monitoring of the VPN tunnel established for
remote access (client-to-LAN) connections) and site-to-site (LAN-to-LAN)
connections. The application is supported only on the Windows NT Server
platform currently.
Secure VPN Manager supports the following Microsoft devices as tunnel initiators:
■
Window 95 with Microsoft Windows 95 Dial-Up Networking 1.3 Upgrade or
later
■
Window NT with Service Pack 3 and above
Secure VPN Manager supports the following 3Com devices as tunnel initiators and
tunnel terminators:
■
■
■
PathBuilder S5xx series devices running software version 11.3 or later
NETBuilder bridge/routers running software version 11.3 or later
PathBuilder S400 series devices software version 11.4 or later
PKI Manager version 1.0
PKI Manager is a graphical, management application to aid Enterprise OS devices
in obtaining PKI certificates and Certificate Revocation Lists (CRLs) from various
Certificate Authorities (CAs). PKI Manager works as a proxy between the device
and the CA. It is responsible for collecting the certificate requests from the devices
and generating the CA-specific certificate request syntax (CRS), which in turn is
sent to the CA. Once the CA issues the certificate, PKI Manager will retrieve it
from the CA and send it to the Enterprise OS device. The CAs that are supported
with this first release are Verisign and Entrust. The application is supported only on
the Windows NT Server platform currently.
22
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES
Features of PKI Manager version 1.0
■
Multi-Enterprise PKI Management: Administrators can use the application to
manage multiple enterprises (or different business units of an enterprise)
separately.
■
■
Limited RA functionality: The application uses a proprietary Enrollment key
mechanism to authenticate Enterprise OS devices.
Certificate proxy: To eliminate the need of each device talking to the CA, PKI
Manager negotiates the certificates from the CAs on behalf of the device. PKI
Manager will receive a generic (PKCS#10) certificate request from the device
and wrap it into a CA- specific CRS (for example, Versign uses PKCS#7). The
certificate request will be sent to the CA using the protocol supported by the
CA (for example, Verisign uses HTTP).
■
Certificate Management: The administrator can view the CRLs and certificate
status (for example, valid/about, expire/expired/revoke,
requested/revoked/installed, or not installed) using the different views of the
application.
System Requirements for Secure VPN Manager version 2.2 and PKI
Manager 1.0
■
Computer: Pentium Processor with 300 MHz minimum clock, minimum 128
MB of RAM, and minimum 4 GB hard disk space for initial installation &
database storage
■
Operating System: Microsoft Windows NT server 4.0 with Service Pack 3 or
later, with the TCP/IP stack enabled. Microsoft Windows NT SNMP service
loaded and active on the server
■
■
Web Server for Secure VPN Manager: Netscape's FastTrack Web Server version
3.x or Microsoft's Internet Information Server (IIS) version 3.0
Client for Secure VPN Manager: Web browsers that supports Java applets,
■
■
■
Netscape Navigator 4.08 or later
Netscape Communicator 4.5.1 or later
Microsoft Internet Explorer 4.01 or later
11.4 Software Packages
23
11.4 Softw are
Packages
The tables in this section list the features in the packages available in software
version 11.4 for the NETBuilder and PathBuilder platforms.
NETBuilder II The NETBuilder II bridge/routers are supported with the following packages:
Bridge/Router
■
■
■
■
■
AC–APPN Connection Services Router
DW–Multiprotocol Router
DL–Multiprotocol Router with 40-bit Encryption
DE–Multiprotocol Router with 56-bit Encryption
DS–Multiprotocol Router with 128-bit Encryption and 3DES
Table 1 lists the software features of each package for NETBuilder II bridge/routers.
Table 1 NETBuilder II Software Features
Softw are Packages
AC
DW
DL
DE
DS
Feature
Voice Support (Analog)
FXO
FXS
Voice/FAX over IP
Voice/FAX over Frame Relay
Core Features*
X
X
X
X
X
X
X
X
X
X
Boundary Routing® central node
Boundary Routing leaf node
40-Bit Encryption (IPSec)
56-Bit Encryption (IP Sec)
128-Bit Encryption (IP Sec)
IPCP
X
X
X
X
X
x
IPv6/BGP
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
VRRP (Ethernet/FDDI/Token Ring)
VRRP for DLSW
X
X
X
X
X
X
X
X
X
VRRP over VLAN
RSVP, RSVP Proxy
Multicast IP, PIM, IGMP, MBR
IP/OSI Connection Services
IPX
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
XNS, OSI
Appletalk
VINES, DECnet, Ph-IV, Ph-IV/V GW
DLSW
X
NetView Service Point
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/ Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP),
MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS, Bandwidth on
Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.
24
Table 1 NETBuilder II Software Features (continued)
Softw are Packages
AC
DW
DL
DE
DS
Feature
BRITSS
APPN
LNM
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
LAA
Token Ring in Fast Ethernet (IOS
not supported)
ISDN BRI
X
X
X
X
X
X
X
X
X
X
ISDN PRI
ISDN T1/E1
ISDN CT1/CE1
ISDN T3/E3
ISDN CT3/CE3
Data over Analog (Call Originate
only)
CSU/DSU Loopback
SDLC/SHDLC/Polled Async/Bisync
BSC Conversion
QLLC/LLC2 Conversion
Frame Relay
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
SMDS
X.25 Switching/Tunneling
WANExtender
MP6E Module
Fast Ethernet 100Base
ATM Module/ LANE
PPPOE
MPOA Server/Client
ZMODEM Support in Software
Flash Load
LDAP Policy Engine/Client
Auto Startup
X
X
X
X
X
X
DES Crypto
X
X
X
X
X
3DES /3DES 3 KEY
RC5 Crypto
X
X
X
MPPE/RC4
X
X
IKE/IPsec - KEK/ISAKMP Tunnel
Mode/Fast Tunnel/Policy UI/Policy
Manager, IPPCP
IP/IPX RAS, Radius, traps
X
X
X
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/ Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP),
MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS, Bandwidth on
Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.
11.4 Software Packages
25
Table 1 NETBuilder II Software Features (continued)
Softw are Packages
AC
DW
DL
DE
DS
Feature
MS-CHAP
X
X
X
X
X
X
X
X
X
EAP Authentication
X
X
VPN/PPTP/L2TP/L2TP (FP) Tunnel
Switch PPTP/L2TP (R2R, VLL)
X
X
IP (Routing, FireWall, NAT, Proxy,
ARP, DHCP, DHCP Proxy, Traffic
Director, Internal IP Ports, IPQoS)
X
X
X
X
IP OSPF
X
X
X
X
X
IPX NLSP
Virtual Ports
X
X
X
X
X
512
512
512
512
512
Restricted Number of DHCP
Addresses
Max Physical Voice Ports
Max Physical Data Ports
Memory Requirements
DRAM
128
128
128
128
128
40/80 MB
10 MB
40/80 MB 40/80 MB
40/80 MB
10 MB
40/80 MB
10 MB
10 MB
10 MB
Flash memory (Minimum required
for Enterprise OS 11.4)
20 MB
20 MB
20 MB
20 MB
20 MB
Flash memory (Minimum required
for Dual Images)
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/ Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP),
MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS, Bandwidth on
Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.
NETBuilder II Firmw are Requirements
The NETBuilder II I/O modules require firmware upgrades to support the Enterprise
OS software version 11.4 (see Table 2 for firmware requirements).
You can determine your I/O module firmware version through the software by
entering:
SHow -SYS IOI
Table 2 NETBuilder II Firmware Requirements
Module
11.4 Firmw are Version Strings
FW/DPE-BOOT1,1.7
DPE
FW/DPE-BOOT2,1.7
MP Ethernet 6-port
Fast Ethernet 100Base
8-port HSS BRI
FW/6ETH-FW,1.4.0.70
FW/ETH100-FW,1.9
FW/8BRI-FW,1.5
MP ATMLink
FW/ATM-FW,1.1.0.70
FW/HSS3-V35,1.1.11
FW/HSS3-449,1.1.11
FW/HSS3-232,1.1.11
FW/4PORTWAN-FW,1.5
HSS 3-port (V.35)
HSS 3-port (RS-449)
HSS 3-port (RS-232)
HSS 4-port
26
SuperStack II SuperStack II NETBuilder SI bridge/routers are supported with the following
NETBuilder SI packages:
■
■
■
■
■
■
■
■
■
BF– Boundary Router
NW–IP/IPX/AT Router
NE– IP/IPX/AT Router with 56-bit Encryption
NS–IP/IPX/AT Router with 128-bit Encryption and 3DES
CF–Multiprotocol Router]
CL–Multiprotocol Router with 40-bit Encryption
CE–Multiprotocol Router with 56-bit Encryption
CS–Multiprotocol Router with 128-bit Encryption and 3DES
AX–APPN/Connection Services
Table 3 lists the software features of each package for SuperStack II SI
bridge/routers.
Table 3 SuperStack II NETBuilder SI Software Features
Softw are Packages
BF
NW
NE
NS
CF
CL
CE
CS
AX
Feature
Voice Support (Analog)
FXO
FXS
Voice/FAX over IP
Voice/FAX over Frame Relay
Core Features*
X
X
X
X
X
X
X
X
X
X
X
X
Boundary Routing® central node
Boundary Routing leaf node
40-Bit Encryption (IPSec)
56-Bit Encryption (IP Sec)
128-Bit Encryption (IP Sec)
IPCP
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
IPv6/BGP
VRRP (Ethernet/FDDI/Token Ring)
VRRP for DLSW
X
X
X
X
X
X
VRRP over VLAN
X
X
X
X
X
X
RSVP, RSVP Proxy
Multicast IP, PIM, IGMP, MBR
IP/OSI Connection Services
IPX
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
XNS, OSI
Appletalk
VINES, DECnet, Ph-IV, Ph-IV/V GW
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.
11.4 Software Packages
27
Table 3 SuperStack II NETBuilder SI Software Features (continued)
Softw are Packages
BF
NW
NE
NS
CF
CL
CE
CS
AX
Feature
DLSW
X
X
X
X
X
X
X
X
X
X
X
X
X
X
NetView Service Point
BRITSS
APPN
LNM
X
LAA
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Token Ring in Fast Ethernet (IOS
not supported)
ISDN BRI
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
ISDN PRI
ISDN T1/E1
ISDN CT1/CE1
ISDN T3/E3
ISDN CT3/CE3
Data over Analog (Call Originate
only)
X
X
X
X
X
X
X
X
X
X
X
X
CSU/DSU Loopback
SDLC/SHDLC/Polled Async/Bisync
BSC Conversion
QLLC/LLC2 Conversion
Frame Relay
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
SMDS
X.25 Switching/Tunneling
WANExtender
X
X
MP6E Module
Fast Ethernet 100Base
ATM Module/ LANE
PPPOE
X
X
X
X
X
X
X
X
MPOA Server/Client
ZMODEM Support in Software
Flash Load
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
LDAP Policy Engine/Client
Auto Startup
X
DES Crypto
3DES /3DES 3 KEY
RC5 Crypto
X
X
X
MPPE/RC4
X
X
X
X
IKE/IPsec - KEK/ISAKMP Tunnel
Mode/Fast Tunnel/Policy UI/Policy
Manager, IPPCP
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.
28
Table 3 SuperStack II NETBuilder SI Software Features (continued)
Softw are Packages
BF
NW
NE
NS
CF
CL
CE
CS
AX
Feature
IP/IPX RAS, Radius, traps
MS-CHAP
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
EAP Authentication
X
X
VPN/PPTP/L2TP/L2TP (FP) Tunnel
Switch PPTP/L2TP (R2R, VLL)
X
X
X
X
IP (Routing, FireWall, NAT, Proxy,
ARP, DHCP, DHCP Proxy, Traffic
Director, Internal IP Ports, IPQoS)
X
X
X
X
X
X
IP OSPF
X
X
X
X
X
X
X
X
IPX NLSP
Virtual Ports
X
X
X
X
X
X
X
X
48
48
48
48
48
48
48
48
48
Restricted Number of DHCP
Addresses
Max Physical Voice Ports
Memory Requirements
DRAM
16 MB
8 MB
16 MB
8 MB
16 MB
8 MB
16 MB
8 MB
24 MB
12 MB
24 MB
12 MB
24 MB
12 MB
24 MB
12 MB
16 MB
12 MB
Flash memory (Minimum required
for Enterprise OS 11.4)
8 MB
8 MB
8 MB
8 MB
12 MB
12 MB
12 MB
12 MB
12 MB
Flash memory (Minimum required
for Dual Images)
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.
11.4 Software Packages
29
PathBuilder S5xx Series The PathBuilder S5xx Series Switches support the following software packages:
Sw itch
■
■
■
■
PW–Multiprotocol Router
PE–Multiprotocol Router with 56-bit Encryption
PL–Multiprotocol Router with 40-bit Encryption
PS–Multiprotocol Router with 128-bit Encryption and 3DES
Table 4 lists the software features in each package for the PathBuilder S5xx series
switches.
Table 4 PathBuilder S5xx Series Switches Software Features
Softw are Package
PW
PL
PE
PS
Feature
Voice Support (Analog)
FXO
FXS
Voice/FAX over IP
Voice/FAX over Frame Relay
Core Features*
X
X
X
X
X
X
X
X
Boundary Routing® central node
Boundary Routing leaf node
40-Bit Encryption (IPSec)
56-Bit Encryption (IP Sec)
128-Bit Encryption (IP Sec)
IPCP
X
X
X
X
X
X
IPv6/BGP
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
VRRP (Ethernet/FDDI/Token Ring)
VRRP for DLSW
VRRP over VLAN
RSVP, RSVP Proxy
Multicast IP, PIM, IGMP, MBR
IP/OSI Connection Services
IPX
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
XNS, OSI
Appletalk
VINES, DECnet, Ph-IV, Ph-IV/V GW
DLSW
NetView Service Point
BRITSS
APPN
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link Health Monitor/ HTTP client, PPP
(PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS,
Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP
tunnels.
30
Table 4 PathBuilder S5xx Series Switches Software Features (continued)
Softw are Package
PW
PL
PE
PS
Feature
LNM
LAA
X
X
X
X
X
X
X
X
Token Ring in Fast Ethernet (IOS
not supported)
ISDN BRI
ISDN PRI
X
X
X
X
X
X
X
X
ISDN T1/E1
ISDN CT1/CE1
ISDN T3/E3
ISDN CT3/CE3
X
X
X
X
Data over Analog (Call Originate
only)
CSU/DSU Loopback
SDLC/SHDLC/Polled Async/Bisync
BSC Conversion
QLLC/LLC2 Conversion
Frame Relay
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
SMDS
X.25 Switching/Tunneling
WANExtender
MP6E Module
Fast Ethernet 100Base
ATM Module/ LANE
PPPOE
X
X
X
X
X
X
X
X
MPOA Server/Client
ZMODEM Support in Software
Flash Load
X
X
X
X
X
X
X
X
LDAP Policy Engine/Client
Auto Startup
DES Crypto
X
X
X
X
X
X
3DES /3DES 3 KEY
RC5 Crypto
X
X
X
MPPE/RC4
X
IKE/IPsec - KEK/ISAKMP Tunnel
Mode/Fast Tunnel/Policy UI/Policy
Manager, IPPCP
IP/IPX RAS, Radius, traps
MS-CHAP
X
X
X
X
X
X
X
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link Health Monitor/ HTTP client, PPP
(PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS,
Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP
tunnels.
11.4 Software Packages
31
Table 4 PathBuilder S5xx Series Switches Software Features (continued)
Softw are Package
PW
PL
PE
PS
Feature
EAP Authentication
X
X
X
X
X
X
X
X
VPN/PPTP/L2TP/L2TP (FP) Tunnel
Switch PPTP/L2TP (R2R, VLL)
IP (Routing, FireWall, NAT, Proxy,
ARP, DHCP, DHCP Proxy, Traffic
Director, Internal IP Ports, IPQoS)
X
X
X
X
IP OSPF
X
X
X
X
IPX NLSP
X
X
X
X
Virtual Ports
2048
2048
2048
2048
Max Physical Voice Ports
Max Physical Data Ports
Memory Requirements
DRAM
18
18
18
18
160 MB
16 MB
160 MB
16 MB
160 MB
16 MB
160 MB
16 MB
Flash memory (Minimum
required for Enterprise OS
11.4)
Flash memory (Minimum
required for Dual Images)
16 MB
16 MB
16 MB
16 MB
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link Health Monitor/ HTTP client, PPP
(PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS,
Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP
tunnels.
32
PathBuilder S400 Series The PathBuilder S400 series switches support the following software packages:
Sw itches
■
■
■
■
■
■
■
■
XW–IP/IPX/AT Data/Voice Router
XE–IP/IPX/AT Data/Voice Router with 56-bit Encryption
XL–IP/IPX/AT Data/Voice Router with 40-bit Encryption
XS-IP/IPX/AT Data/Voice Router with 128-bit Encryption and 3DES
MW–Multiprotocol Data/Voice Router
ME–Multiprotocol Router with 56-bit Encryption
ML–Multiprotocol Router with 40-bit Encryption
MS–Multiprotocol Router with 128-bit Encryption and 3DES
Table 5 lists the software features in each package for the PathBuilder S400 series
switches.
Table 5 PathBuilder S400 Series Switches Software Features
Softw are Package
XW
XL
XE
XS
MW
ML
ME
MS
Feature
Voice Support (Analog)
FXO
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
FXS
Voice/FAX over IP
Voice/FAX over Frame Relay
Core Features*
Boundary Routing® central node
Boundary Routing leaf node
40-Bit Encryption (IPSec)
56-Bit Encryption (IP Sec)
128-Bit Encryption (IP Sec)
IPCP
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
IPv6/BGP
VRRP (Ethernet/FDDI/Token Ring)
VRRP for DLSW
X
VRRP over VLAN
RSVP, RSVP Proxy
Multicast IP, PIM, IGMP, MBR
IP/OSI Connection Services
IPX
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
XNS, OSI
Appletalk
VINES, DECnet, Ph-IV, Ph-IV/V GW
DLSW
NetView Service Point
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.
11.4 Software Packages
33
Table 5 PathBuilder S400 Series Switches Software Features (continued)
Softw are Package
XW
XL
XE
XS
MW
ML
ME
MS
Feature
BRITSS
APPN
LNM
X
X
X
X
LAA
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Token Ring in Fast Ethernet (IOS
not supported)
ISDN BRI
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
ISDN PRI
ISDN T1/E1
ISDN CT1/CE1
ISDN T3/E3
ISDN CT3/CE3
Data over Analog (Call Originate
only)
X
X
X
X
X
X
X
X
X
X
X
X
CSU/DSU Loopback
SDLC/SHDLC/Polled Async/Bisync
BSC Conversion
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
QLLC/LLC2 Conversion
Frame Relay
X
X
X
X
X
X
X
X
X
X
X
X
SMDS
X.25 Switching/Tunneling
WANExtender
MP6E Module
Fast Ethernet 100Base
ATM Module/ LANE
PPPOE
X
X
X
X
X
X
X
X
MPOA Server/Client
ZMODEM Support in Software
Flash Load
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
LDAP Policy Engine/Client
Auto Startup
DES Crypto
3DES /3DES 3 KEY
RC5 Crypto
X
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.
34
Table 5 PathBuilder S400 Series Switches Software Features (continued)
Softw are Package
XW
XL
XE
XS
MW
ML
ME
MS
Feature
MPPE/RC4
X
X
X
X
X
IP/IPX RAS, Radius, traps
X
X
X
X
X
X
X
X
X
X
IKE/IPsec - KEK/ISAKMP Tunnel
Mode/Fast Tunnel/Policy UI/Policy
Manager, IPPCP
MS-CHAP
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
EAP Authentication
VPN/PPTP/L2TP/L2TP (FP) Tunnel
Switch PPTP/L2TP (R2R, VLL)
X
X
X
X
X
X
IP (Routing, FireWall, NAT, Proxy,
ARP, DHCP, DHCP Proxy, Traffic
Director, Internal IP Ports, IPQoS)
X
X
X
X
X
X
X
X
X
X
IP OSPF
X
IPX NLSP
Virtual Ports
256
12
256
12
256
12
256
12
256
12
256
12
256
12
256
12
Max Physical Voice Ports
Memory Requirements
DRAM
32 MB 32 MB 32 MB 32 MB
64 MB
16 MB
64 MB
16 MB
64 MB
16 MB
64 MB
16 MB
Flash memory (Minimum required 16 MB 16 MB 16 MB 16 MB
for Enterprise OS 11.4)
Flash memory (Minimum required 16 MB 16 MB 16 MB 16 MB
for Dual Images)
16 MB
16 MB
16 MB
16 MB
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.
OfficeConnect The OfficeConnect NETBuilder bridge/routers support the following software
NETBuilder packages for the specified models:
Bridge/Routers
■
■
■
■
■
■
■
■
■
■
■
■
JW–IP/IPX Router
JE–IP/IPX Router with 56-bit encryption
JS–IP/IPX Router with 128-bit encryption and 3DES
BF–Boundary Routing
NW–IP/IPX/AT Router
NE–IP/IPX/AT Router with 56-bit Encryption
NS–IP/IPX/AT Router with 128-bit Encryption and 3DES
AF–APPN Router
OF–Multiprotocol Router
OE–Multiprotocol Router with 56-bit Encryption
OL–Multiprotocol Router with 40-bit Encryption
OS–Multiprotocol Router with 128-bit Encryption and 3DES
11.4 Software Packages
35
Table 6 lists the software features in each package for the OfficeConnect
NETBuilder bridge/routers.
Table 6 OfficeConnect NETBuilder Bridge/Router Software Features
Softw are Packages
JW
JE
JS
BF
NW NE
NS
AF
OF
OL
OE
OS
Feature
Voice Support (Analog)
FXO
FXS
Voice/FAX over IP
Voice/FAX over Frame Relay
Core Features*
Boundary Routing® central node
Boundary Routing leaf node
40-Bit Encryption (IPSec)
56-Bit Encryption (IP Sec)
128-Bit Encryption (IP Sec)
IPCP
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
IPv6/BGP
VRRP (Ethernet/FDDI/Token Ring)
VRRP for DLSW
VRRP over VLAN
RSVP, RSVP Proxy
Multicast IP, PIM, IGMP, MBR
IP/OSI Connection Services
IPX
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
XNS, OSI
Appletalk
VINES, DECnet, Ph-IV, Ph-IV/V GW
DLSW
X
X
NetView Service Point
BRITSS
APPN
X
LNM
LAA
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Token Ring in Fast Ethernet (IOS
not supported)
X
X
X
X
X
X
X
X
ISDN BRI
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
ISDN PRI
ISDN T1/E1
ISDN CT1/CE1
ISDN T3/E3
X
X
X
X
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.
36
Table 6 OfficeConnect NETBuilder Bridge/Router Software Features (continued)
Softw are Packages
JW
JE
JS
BF
NW NE
NS
AF
OF
OL
OE
OS
Feature
ISDN CT3/CE3
Data over Analog (Call Originate
only)
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
CSU/DSU Loopback
SDLC/SHDLC/Polled Async/Bisync
BSC Conversion
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
QLLC/LLC2 Conversion
Frame Relay
X
X
X
X
X
X
X
X
X
X
X
X
X
X
SMDS
X.25 Switching/Tunneling
WANExtender
MP6E Module
Fast Ethernet 100Base
ATM Module/ LANE
PPPOE
MPOA Server/Client
ZMODEM Support in Software
Flash Load
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
LDAP Policy Engine/Client
Auto Startup
X
X
X
X
X
X
IKE/IPsec - KEK/ISAKMP Tunnel
Mode/Fast Tunnel/Policy UI/Policy
Manager, IPPCP
DES Crypto
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
3DES /3DES 3 KEY
RC5 Crypto
X
X
X
X
X
X
X
X
X
X
X
X
MPPE/RC4
X
X
X
X
X
X
IP/IPX RAS, Radius, traps
MS-CHAP
X
X
X
X
X
EAP Authentication
X
X
X
X
VPN/PPTP/L2TP/L2TP (FP) Tunnel
Switch PPTP/L2TP (R2R, VLL)
X
X
X
X
IP (Routing, FireWall, NAT, Proxy,
ARP, DHCP, DHCP Proxy, Traffic
Director, Internal IP Ports, IPQoS)
X
X
X
X
X
X
X
X
X
IP OSPF
X
X
X
X
X
X
X
X
IPX NLSP
Virtual Ports
X
X
X
X
X
X
X
X
10
10
10
28
28
28
28
28
28
28
28
28
Restricted Number of DHCP
Addresses
256
256
256
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.
11.4 Software Packages
37
Table 6 OfficeConnect NETBuilder Bridge/Router Software Features (continued)
Softw are Packages
JW
JE
JS
BF
NW NE
NS
AF
OF
OL
OE
OS
Feature
Max Physical Voice Ports
Memory Requirements
DRAM
16 MB
4 MB
16 MB 16 MB 16 MB 16 MB 16 MB 16 MB 16 MB 16 MB 16 MB
16 MB
8 MB
16 MB
8 MB
4 MB
4 MB
4 MB 8 MB 8 MB 8 MB 8 MB
8 MB
8 MB
Flash memory (Minimum required
for Enterprise OS 11.4)
8 MB
8MB
8 MB
8 MB 12 MB 12 MB 12 MB 12 MB 12 MB 12 MB
12 MB
12 MB
Flash memory (Minimum required
for Dual Images)
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.
OfficeConnect The OfficeConnect NETBuilder 10/ST bridge/router supports the following
NETBuilder 10/ST software packages:
■
■
■
RW–Multiprotocol Router
RE–Multiprotocol Router with 56-bit Encryption
RS–Multiprotocol Router with 128-bit Encryption and 3DES
Table 7 lists the software features in each package for OfficeConnect NETBuilder
10/ST bridge/router.
Table 7 OfficeConnect NETBuilder 10/ST Bridge/Router Software Features
Softw are Packages
RW
RE
RS
Feature
Voice Support (Analog)
FXO
FXS
Voice/FAX over IP
Voice/FAX over Frame Relay
Core Features*
X
X
X
Boundary Routing® central node
Boundary Routing leaf node
40-Bit Encryption (IPSec)
56-Bit Encryption (IP Sec)
128-Bit Encryption (IP Sec)
X
X
X
X
X
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS
Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link
Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and
ASCII Capture, Login Banner, SLAMS, Bandwidth on Demand/incoming, SLAM
Autotargeting, Domain Name Support, NHRP for IP tunnels.
38
Table 7 OfficeConnect NETBuilder 10/ST Bridge/Router Software Features (continued)
Softw are Packages
RW
RE
RS
Feature
IPCP
X
X
X
IPv6/BGP
VRRP (Ethernet/FDDI/Token Ring)
VRRP for DLSW
VRRP over VLAN
RSVP, RSVP Proxy
Multicast IP, PIM, IGMP, MBR
IP/OSI Connection Services
IPX
X
X
X
XNS, OSI
Appletalk
VINES, DECnet, Ph-IV, Ph-IV/V GW
DLSW
NetView Service Point
BRITSS
APPN
LNM
LAA
Token Ring in Fast Ethernet (IOS
not supported)
X
X
X
X
X
X
ISDN BRI
ISDN PRI
ISDN T1/E1
ISDN CT1/CE1
ISDN T3/E3
ISDN CT3/CE3
X
X
X
Data over Analog (Call Originate
only)
X
X
X
X
X
X
CSU/DSU Loopback
SDLC/SHDLC/Polled Async/Bisync
BSC Conversion
QLLC/LLC2 Conversion
Frame Relay
SMDS
X.25 Switching/Tunneling
WANExtender
MP6E Module
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS
Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link
Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and
ASCII Capture, Login Banner, SLAMS, Bandwidth on Demand/incoming, SLAM
Autotargeting, Domain Name Support, NHRP for IP tunnels.
11.4 Software Packages
39
Table 7 OfficeConnect NETBuilder 10/ST Bridge/Router Software Features (continued)
Softw are Packages
RW
RE
RS
Feature
Fast Ethernet 100Base
ATM Module/ LANE
PPPOE
MPOA Server/Client
ZMODEM Support in Software
Flash Load
X
X
X
X
X
X
LDAP Policy Engine/Client
Auto Startup
X
X
X
X
IKE/IPsec - KEK/ISAKMP Tunnel
Mode/Fast Tunnel/Policy UI/Policy
Manager, IPPCP
DES Crypto
X
X
3DES /3DES 3 KEY
RC5 Crypto
MPPE/RC4
X
X
X
X
X
IP/IPX RAS, Radius, traps
MS-CHAP
X
X
X
EAP Authentication
VPN/PPTP/L2TP/L2TP (FP) Tunnel
Switch PPTP/L2TP (R2R, VLL)
X
X
IP (Routing, FireWall, NAT, Proxy,
ARP, DHCP, DHCP Proxy, Traffic
Director, Internal IP Ports, IPQoS)
X
X
IP OSPF
IPX NLSP
Virtual Ports
5
5
5
Restricted Number of DHCP
Addresses
50
50
50
Max Physical Voice Ports
Max Physical Data Ports
Memory Requirements
DRAM
16 MB
16 MB
4 MB
16 MB
4 MB
Flash memory (Minimum required 4 MB
for Enterprise OS 11.4)
Flash memory (Minimum required 8 MB
for Dual Images)
8 MB
8 MB
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS
Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link
Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and
ASCII Capture, Login Banner, SLAMS, Bandwidth on Demand/incoming, SLAM
Autotargeting, Domain Name Support, NHRP for IP tunnels.
40
SuperStack II NETBuilder SuperStack II Token Ring bridge/routers support the following packages for the
Token Ring specified models.
■
CF–Multiprotocol Router
■
TE–Multiprotocol Router with 56-bit encryption
Table 8 lists software features for each package for the SuperStack II Token Ring
bridge/routers.
Table 8 SuperStack II NETBuilder Token Ring Software Features
Softw are Package
CF for
TE for
CF for
TE for
Feature
model 327 model 327
model 527 model 527
Voice Support (Analog)
FXO
FXS
Voice/FAX over IP
Voice/FAX over Frame Relay
Core Features*
Boundary Routing® central node
Boundary Routing leaf node
40-Bit Encryption (IPSec)
56-Bit Encryption (IP Sec)
128-Bit Encryption (IP Sec)
IPCP
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
IPv6/BGP
VRRP (Ethernet/FDDI/Token Ring)
VRRP for DLSW
VRRP over VLAN
RSVP, RSVP Proxy
Multicast IP, PIM, IGMP, MBR
IP/OSI Connection Services
IPX
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
XNS, OSI
Appletalk
VINES, DECnet, Ph-IV, Ph-IV/V GW
DLSW
NetView Service Point
BRITSS
X
X
X
X
APPN
LNM
LAA
X
X
X
X
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP),
MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS, Bandwidth on
Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.
11.4 Software Packages
41
Table 8 SuperStack II NETBuilder Token Ring Software Features (continued)
Softw are Package
CF for
TE for
CF for
TE for
Feature
model 327 model 327
model 527 model 527
Token Ring in Fast Ethernet (IOS
not supported)
ISDN BRI
X
X
ISDN PRI
ISDN T1/E1
ISDN CT1/CE1
ISDN T3/E3
ISDN CT3/CE3
Data over Analog (Call Originate
only)
X
X
X
X
CSU/DSU Loopback
SDLC/SHDLC/Polled Async/Bisync
BSC Conversion
QLLC/LLC2 Conversion
Frame Relay
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
SMDS
X.25 Switching/Tunneling
WANExtender
MP6E Module
Fast Ethernet 100Base
ATM Module/ LANE
PPPOE
MPOA Server/Client
ZMODEM Support in Software
Flash Load
X
X
X
X
X
X
X
X
X
X
X
X
LDAP Policy Engine/Client
Auto Startup
DES Crypto
3DES /3DES 3 KEY
RC5 Crypto
X
X
MPPE/RC4
IKE/IPsec - KEK/ISAKMP Tunnel
Mode/Fast Tunnel/Policy UI/Policy
Manager, IPPCP
IP/IPX RAS, Radius, traps
MS-CHAP
EAP Authentication
VPN/PPTP/L2TP/L2TP (FP) Tunnel
Switch PPTP/L2TP (R2R, VLL)
X
X
X
X
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP),
MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS, Bandwidth on
Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.
42
Table 8 SuperStack II NETBuilder Token Ring Software Features (continued)
Softw are Package
CF for
TE for
CF for
TE for
Feature
model 327 model 327
model 527 model 527
IP (Routing, FireWall, NAT, Proxy,
ARP, DHCP, DHCP Proxy, Traffic
Director, Internal IP Ports, IPQos)
X
X
X
X
IP OSPF
X
X
X
X
IPX NLSP
X
X
X
X
Virtual Ports
28
28
28
28
Max Physical Voice Ports
Max Physical Data Ports
Memory Requirements
DRAM
18
18
18
18
12 MB
4 MB
12 MB
4 MB
12 MB
4 MB
12 MB
4 MB
Flash memory (Minimum
required for Enterprise OS
11.4)
Flash memory (Minimum
required for Dual Images)
8 MB
8 MB
8 MB
8 MB
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP),
MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS, Bandwidth on
Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.
Upgrade Management Utilities
43
Upgrade Management
Utilities
This section includes information about Enterprise OS software version 11.4
Upgrade Management Utilities. The Upgrade Management Utilities can be
executed using the command line, via the GUI-interface in Transcend Upgrade
Manager, the GUI-interface in Upgrade Link, or via user-defined scripts.
The Enterprise OS software version 11.4 Upgrade Management Utilities support
upgrades from NETBuilder bridge/routers running version 8.x through 11.4. If you
need to upgrade from version 7.x to 11.4, you need to perform the upgrade in
two steps. The first step requires upgrading from 7.x to 9.3.1. After the NETBuilder
bridge/router configuration files have been converted to 9.3.1, they can then be
further upgraded to support the 11.4 release. The 9.3.1 Upgrade Utilities and
manual are available on the 3Com InfoDeli website.
Dow nloading Upgrade The Upgrade Management Utilities are shipped on the CD-ROM with every
Management Utilities Enterprise OS software release. In addition, these utilities can be downloaded from
the FTP site (ftp.3com.com), from the World Wide Web access through
Software Downloads, System Software.
UNIX Files The Upgrade Management Utilities are UNIX files compressed with the UNIX
compression utility. To use the downloaded files, you must first expand the files
using the UNIX expansion utility. For instructions on how to download and expand
the utilities, see the ruu114.txt file.
The UNIX files are as follows:
ruusol114.Z Contains the UNIX-compressed Upgrade Management Utilities for
the Solaris 2.5 platforms.
ruuhp114.Z Contains the UNIX-compressed Upgrade Management Utilities for
the HP-UX 10.x platforms.
ruuaix114.Z Contains the UNIX-compressed Upgrade Management Utilities for
the IBM AIX 4.1.1 through 4.2.X platforms.
ruu114.txt
Contains the instructions for downloading and expanding the
Upgrade Management Utilities and Upgrade Link. This file also
contains instructions on how to integrate the utilities into the
Transcend Network Control Services application.
Window s Files The Upgrade Management Utilities are Windows files compressed with a
compression utility. To use the downloaded files, you must first expand them using
the decompress utility PKUNZip. PKUNZip can be downloaded from the following
URLs:
or
For instructions on how to decompress and install the utilities, see the
ruu114.txt file.
44
The Windows files are as follows:
ruu114.zip Contains the compressed Upgrade Management Utilities for
Windows95/98 and Windows NT platforms.
ruu114.txt Contains the instructions for downloading and expanding the
Upgrade Management Utilities and Upgrade Link. This file also
contains instructions on how to integrate the utilities into the
Transcend Network Control Services Manager application.
Executing When using the Upgrade Management Utilities from a Windows command line,
profile.bat you must execute the profile.bat (/user/3com/common/data/profile.bat) file. This
file sets up the path to \usr\3com\common\bin where the utilities reside.
Alternatively you can reboot your system so that the changed in the a
autoexec.bat file can take effect.
Version 11.4 Upgrade The upgrade utilities, can be integrated into Transcend Network Control Services
Management Utilities Manager for Windows 95 version 6.1, and Transcend Network Control Services
Manager for Windows NT are available for use on Windows 95 and Windows NT
platforms. These utilities can also be integrated into Transcend Enterprise Manager
for UNIX version 4.2.1 and 4.2.2 and are shipped preinstalled in Transcend
Network Control Services for UNIX 5.0. The utilities are pre-shipped with
Transcend Network Control Services for Windows version 6.2 and Windows NT
1.1. The Upgrade Management Utilities are designed to work with or without
Transcend Network Control Services Manager Network Admin Tools. See
Upgrading Enterprise OS Software for details about integrating the Upgrade
Management Utilities into the Transcend Network Control Services Manager.
Upgrading to 11.4 The proper installation order for integrating the Upgrade Management Utilities
Utilities w ith Transcend into Transcend is:
Upgrade Manager
1 Stop Transcend.
2 Install the Upgrade Management Utilities using bcmsetup. Do this if Transcend
does not have the Upgrade Management Utilities bundled or if you want to install
a newer version of the Upgrade Management Utilities.
3 Start Transcend. The Transcend Upgrade Manager, Baseline Manager, and Alarm
Manager will then support the latest Enterprise OS software version.
Transcend Enterprise The following notes apply to users of the Transcend network management
Manager application.
BCMUSETFTP Environment Variable
Transcend Enterprise Manager for Windows and Transcend Enterprise Manager for
UNIX 4.x users should set the BCMUSETFTP environment variable to 1 to force the
Upgrade Management Utilities to use TFTP file transfer during upgrading. The
environment variable can be set by executing or adding the following line to the
autoexec.bat or .login file:
set BCMUSETFTP=1
Upgrade Management Notes
45
EncryptionLicenseRead Environment Variable
Transcend Enterprise Manager for Windows Upgrade Manager and Transcend
Enterprise Manager for UNXI Upgrade Manager 4.2.x will not allow you to
upgrade 3Com NETBuilder bridge/routers with encryption technology unless you
set the EncryptionLicenseRead environment variable to 1. Setting this variable
implies that you have read and agree to the export regulations enforced by the US
Department of Commerce. This environment variable can be set by executing or
adding the following line to the autoexec.bat or .login file:
set EncryptionLicenseRead=1
Upgrade Management
Notes
This section contains known upgrade management issues.
bcmdiagnose Error When you execute bcmdiagnose on HP-UX and the TFTP server is configured to
Message use the Safe Directory method, the error message “No TFTP user found in
/etc/passwd. You must add an entry” can be ignored.
Installation of a new version of the Remote Upgrade Utilities onto a UNIX NMS
saves an existing /usr/3Com/bcmutil.conf, into /etc/3Com/bcmutil.conf.backup.
This file is used by the Transcend Enterprise Manager for UNIX (TEM/U). If a user
has made modifications to this file, they must either restore their original file or
add the changes to the new file.
If you are using the Remote Upgrade Utilities in stand-alone mode or with the
Transcend Enterprise Manager for UNIX (TEM/U), you can specify SNMP
community strings of different devices in /etc/snmp.cfg file. More information
about the snmp.cfg file can be found in the help pages
(file://usr/3Com/bcm/gui/hlp/bcm-intro.html).
SuperStack II NETBuilder If SuperStack II NETBuilder systems that are running software version 8.3 have a
Token Ring Upgrades boot image named “bundle.68K,” the SuperStack II NETBuilder Token Ring system
is not upgradeable to software version 11.4 unless the sys file is present on the
flash drive. To work around this, either rename the image to “boot.68k,” or copy
the 8.3 sys file to the primary boot directory on the NETBuilder bridge/router.
bcmdiagnose and HP-UX If you are using HP-UX and have difficulties passing the tftp portion of
bcmdiagnose, you may need to modify the /etc/passwd file. Follow the
instructions printed during bcmsetup. You may need to add the following line to
the /etc/passwd file:
tftp::510:200:,,,:/tftpboot:/bin/false
See the HP-UX tftpd man page for more information.
bcmfdinteg Read the following warning regarding the bcmfdinteg utility.
WARNING: Do not use the bcmfdinteg utility. The bcmfdinteg utility is used
internally by the bcminstall utility. The bcmfdinteg utility should not be used by
itself, because by default it removes all files from the current directory.
46
File Conversion This section describes file conversion considerations for APPN, bridge static routes,
Considerations DLSw, the PROfile service, and X.25 SVCs.
APPN
APPN file conversion is supported in software version 8.2 and later. Upgrading
from software versions prior to 8.2 requires manual configuration.
High Performance Routing (HPR) is a new feature for the NETBuilder bridge/router
after software version 8.3. If you use the Upgrade Management Utilities to convert
your APPN data file from version 8.3 (or later) to 11.4, be sure to turn on HPR if
HPR is desired using:
SETDefault !<port> -APPN PortDef = <DLC type> HPR=yes
Bridge Static Routes
A static bridge route configured with the off option does not convert properly. You
must manually reconfigure this route.
DLSw
Initial Bandwidth for Peer is a new parameter for software version 8.3 and later.
The default for version 11.0 is 8000. If you use the Upgrade Management Utilities
to convert your DLSw data files from version 8.3 (or later) to 11.4, be sure to set
the value of the parameter to the desired value using:
SETDefault <tunnel id> -Dlsw PEER = <IP address> <PrioMode> <8000 | other
value>
UNIX Platform Symbolic When installing Enterprise OS software version 11.4 from a UNIX platform, do not
Links follow symbolic links to reach a particular file (image or tar file) when using the
“Browse” option. Double-clicking a directory name that is a symbolic link will not
connect to the directory. To open a directory, type the directory name and press
“Enter.”
Upgrading From Release If you are upgrading a bridge/router from software version 8.3 or earlier, you must
8.3 or Earlier disable user verification by specifying the -NA flag on bcmnbrus or Upgrade Link.
For example:
bcmnbrus -NA
or
UpgradeLink -NA
Otherwise, an error dialog box is returned with the message “Could not verify
user.”
If you use tftp, the “Verify Upgrade Services” step does not need the user or
password to be verified, so those entries as well as the FTP Client User Name and
Password, should be ignored.
Upgrade Link and Netscape version 4.05 with AWT patch 1.1.5 has the Java support required by
Netscape Brow ser Scroll Enterprise OS software version 11.4 Upgrade Link. Certain problems have been
Bars found with this Netscape patch release, such as sometimes the Netscape browser
IBM Protocols and Services Notes
47
fails to add scroll bars with text fields. If you experience this or other problems,
you may want to use a later version of Netscape when it becomes available.
Upgrade Link Window
Since Enterprise OS software version 11.4 Upgrade Link cannot resize the browser
Resizing window, you should maximize the browser window so that all of the Upgrade Link
dialog boxes are fully visible without scrolling.
IBM Protocols and
Services Notes
This section describes notes, cautions, and other considerations to be aware of
when using the Enterprise OS software when with IBM protocols and services. The
topics are presented in alphabetical order.
APPN In software version 11.4, APPN does not support SMDS.
APPN Connections to When you connect to a 3174 on a token ring, you may need to enable transparent
3174 through bridging on the bridge/router. The 3174 may send exchange identification (XID) as
Token Ring a non-source routed frame.
APPN CP-CP Sessions If you set up APPN routing in an SNA Boundary Routing configuration from a
and SNA Boundary NETBuilder II bridge/router to a leaf node bridge/router, CP-CP sessions between
Routing the remote site PC and the NETBuilder II bridge/router are established before you
can configure the Boundary Routing configuration on the NETBuilder II
bridge/router. However, after you set the -BCN CONTrol parameter for IBM traffic
and enable the -BCN Service, the NETBuilder II bridge/router no longer receives the
CP-CP sessions. To work around this problem, first turn off BOOTP on the
NETBuilder II port at the central site. An alternative work around is to configure
APPN with DLSw at the central site and to use the CEC’s MAC address at the
remote site.
APPN CP-CP Sessions on When parallel transmission groups (TGs) are configured between 3Com network
Parallel TGs nodes and both TGs support CP-CP sessions, a CP-CP session on one TG does not
switch to the other TG if the user disables the port or path. This happens because
both sides learn about the link failure at different times. The network node with
the disabled port or path learns about the link failure right away and tries to bring
CP-CP sessions up on the second TG. However, the second network node does
not learn about the link failure until LLC2 times out; because it thinks the link is
still up, the second network node does not allow CP-CP sessions to start on the
second TG. After five attempts at bringing up CP-CP sessions on the second TG,
the second TG will be flagged as not supporting CP-CP sessions, preventing CP-CP
sessions from coming up on that second TG. To prevent this situation, manually
stop the first TG by entering the SET -APPN LinkStaCONTrol <LinkName>
Deactivate command before disabling the port/path. By doing this, both network
nodes will learn that the link has gone down at the same time, and CP-CP session
can be activated on the second TG.
APPN DLUr Connections When you configure an APPN dependent LU requestor (DLUr) connection from a
to 3174 Systems NETBuilder II bridge/router to a 3174 cluster controller, the NETBuilder II network
node and the 3174 must be on the same ring. In this configuration, the
NETBuilder II token ring port must be set to transparent bridging only.
BSC and Leased Lines The BSC pass-through feature is limited to leased lines and cannot use dialup links.
48
Boundary Routing and When configuring NetView Service Point in a Boundary Routing environment,
NetView Service Point note that the SSCP-PU session actually flows over LLC2 rather than DLSw, even
though the -SNA PortDef parameter is defined as DLSw. As a result, the session
does not show up as a DLSw circuit.
Configuring BSC When connecting a NETBuilder bridge/router to an Network Control Program
and NCPs (NCP) for a BSC configuration, be careful when disabling the 3780/2780 EP lines.
If you try to pull the cable out, the NCP may go into a state that will require the
NCP to be rebooted. Check with your IBM service representative for additional
details.
DLSw Circuit Balancing Circuit balancing does not work properly if WAN links are set to different speeds.
For circuit balancing to work properly, you must have WAN links of the same
speed. If the WAN links are different speeds, for example, T1 and 64 K, the
bridge/router with circuit balancing learns the route from the T1 link before
learning the route from the 64 K link. All circuits are directed to the DLSw tunnel
on the T1 link instead of being distributed on both 64 K and T1 DLSw tunnels.
Only after alternate routes are in the circuit-balancing router cache will
subsequent session establishment be balanced.
DLSw and The default value of the -SYS CONNectUsage parameter is High for NETBuilder
CONNectUsage bridge/routers with a DPE module. The default value of CONNectUsage for all
Parameter other platforms is Low. This difference simplifies DLSw configurations.
Default Change
When the DPE module is used in a non-DLSw configuration, a small amount of
memory is allocated (226 K of approximately 12 MB). Non-DLSw configurations in
very large networks running OSPF and BGP may require that the CONNectUsage
parameter be changed to Low to recapture this 226 K of memory. For all other
configurations, this additional small memory allocation should have no effect.
DLSw Prioritization The FLush -SYS STATistics command does not flush DLSw priority statistics. You
must use the FLush -DLSw PRioritySTATistics command.
DLSw and IBM Boundary The following considerations are related to DLSw in large networks.
Routing in Large
Leaf Node Sessions Support
Netw orks
When a leaf node has more than 50 end stations, use the following tuning
parameters:
SETDefault !<port> -LLC2 TransmitWindow = 1
SETDefault !<port> -LLC2 RetryCount = 20
SETDefault !<port> -LLC2 TImerReply = 10000
Use these parameters for the leaf node and central node WAN ports.
Number of DLSw Circuits
The -SYS CONNectionUsage parameter controls the maximum number of DLSw
circuits. The default value of the CONNectionUsage parameter is High for
NETBuilder bridge/router with a DPE module and for the boundary router
peripheral node, but the default value is low for all other NETBuilder bridge/router
platforms. Change this value using:
SETDefault -SYS CONNectionUsage = Low | Medium | High
IBM Protocols and Services Notes
49
You must reboot the bridge/router before this change takes effect. Table 9 shows
the maximum number of circuits possible with the different CONNectionUsage
parameter settings. The practical limit may be lower and depends on the traffic
load, CPU, and memory usage by other services.
Table 9 DLSw Circuit Maximums with CONNectionUsage Parameter Settings
Maximum Number of DLSw Circuits
System
Low
Medium
High
OfficeConnect and SuperStack II
NETBuilder bridge/routers
190
390
790
Boundary router peripheral node*
NETBuilder II bridge/router
DPE modules
n/a
n/a
790†
390
790
7990
* The CONNectionUsage parameter is set to High by the Boundary Router Peripheral node software; it
cannot be changes.
† The IBM Boundary Router peripheral node uses two LLC2 circuits to support one LLC2 end system.
Therefore, the maximum number of LLC2 end systems supported by an IBM Boundary Router peripheral
node is 395.
Number of TCP Connections
3Com LLC2 tunneling uses one TCP connection for each LLC2 session. DLSw
scales to large networks better than LLC2 tunneling because it multiplexes all LLC2
sessions over one TCP connection per tunnel. Each Telnet session also uses one
TCP connection. Table 10 shows the maximum number of TCP connections
possible with the different CONNectionUsage parameter settings. The practical
limit may be lower and depends on the traffic load, CPU, and memory usage by
other services.
Table 10 TCP Circuit Maximums with CONNectionUsage Parameter Settings
Maximum Number of TCP Circuits
System
Low
Medium
High
OfficeConnect and SuperStack II
NETBuilder bridge/routers
32
256
512
Boundary router peripheral node*
NETBuilder II bridge/router
DPE module
n/a
n/a
790
32
512
2048
* The CONNectionUsage parameter is set to High by the Boundary Router peripheral node software; it
cannot be changed.
Front-End The maximum number of FradMap entries that may be defined for each Frame
Processor/Frame Relay Relay port is 50.
Access for LLC2 Traffic
HPR and ISR High Performance Routing (HPR) is enabled by default. Therefore, if you are
Configurations configuring APPN Intermediate Session Routing (ISR), you must disable HPR on
both the PortDef and the AdjLinkSta parameters by setting HPR = No.
IBM Boundary Routing In an IBM Boundary Routing topology that uses disaster recovery through PPP
Topology Disaster (when two paths are mapped to one port), a disruption to existing SNA and
Recovery
50
NetBIOS sessions occurs if the primary link fails and the redundant link is activated.
If this happens, end users need to log on and initiate another session.
IBM-Related Services in IBM-related services such as DLSw and APPN are affected by parameter settings in
Token Ring the BRidge, SR, and LLC2 Services. Table 11 shows the required settings in source
route (SR), source route transparent (SRT), and transparent bridging environments
for each of the IBM-related services. When a NETBuilder bridge/router token-ring
port is configured for both an IBM service such as DLSw and transparent bridging
or SRT bridging, connectivity problems and frame copy errors can occur. For this
reason, 3Com recommends configuring token ring ports for source route only
when possible.
In Table 11, DLSw refers to data link switching, and LNM refers to LAN Net
Manager. The settings are shown in abbreviated form. 3Com-recommended
configurations are shaded and shown in bold.
Table 11 IBM-Related Feature Settings for Token Ring Ports
Port
Source Route Transparen
Route
Configurat Bridging
t Bridging
(-BR TB)
Bridging
(-BR CONT) (-SR RD)
Discovery LLC2 CONTrol Frame Copy
Services
Bridging only
Bridging only
Bridging only
LNM
ion
SR
SRT
T
(-SR SRB)
SRB
(-LLC2 CONT) Errors
NTB
TB
B
NoLLC2
NoLLC2
NoLLC2
LLC2
Disable
Disable
Disable
Enable
Enable
Enable
Enable
Disable
Disable
Disable
Disable
None
SRB
B
Low # Possible
Low # Possible
None
NSRB
SRB
TB
B
SR
SR
SRT
T
NTB
NTB
TB
B
DLSw
SRB
NB | B
NB* | B*
NB* | B*
NB | B
NB | B
NB | B
NB
LLC2
None
DLSw
SRB
LLC2
High # Possible
High # Possible
None
DLSw
NSRB
SRB
TB
NoLLC2
LLC2
APPN
SR
SRT
T
NTB
TB
APPN
SRB
LLC2
None
APPN
NSRB
SRB
TB
LLC2
None
Default Setting
SRT
TB
NoLLC2
None
* 3Com recommends that you disable global bridging for this configuration. However, with global bridging disabled, the token-ring hardware does not
filter unwanted transparent packets. The token-ring hardware copies each transparent packet for processing by the Enterprise OS software. This can
generate many frame copy errors (see Token Ring Frame Copy Errors below for more information.) If you are seeing many Frame Copy Errors, consider
setting global bridging on, which allows the hardware to learn and filter unwanted transparent packets. Since DLSw cannot block bridging loops, you
must insure that none exist. As an alternative, you can prevent the bridge from forwarding by entering the following command: SETDefault -BRidge
CONTrol = NoForward. The NoForward parameter allows the hardware to filter unwanted transparent packets, allows DLSw to send and receive LLC2
SNA and NetBIOS packets, but prevents these and other packets from bridging.
The row in Table 11 labeled DLSw with port configuration SR represents DLSw in a
source-route-only port configuration. The entries in this row expand to the
following Enterprise OS software configuration syntax:
SETDefault -BRidge CONTrol = Bridge | NoBridge
SETDefault !<port> -SR SrcRouBridge = SrcRouBridge
SETDefault !<port> -BRidge TransparentBridge = NoTransparentBridge
SETDefault !<port> -SR RingNumber = <number> (1–4095) | 0x<number> (1-FFF)
SETDefault !<port> -SR BridgeNumber = <number> (0-15) | 0x<number> (0-F)
SETDefault !<port> -SR RouteDiscovery = LLC2
SETDefault !<port> -LLC2 CONTrol = Enable
In this configuration, global bridging (-BRidge CONTrol) can be set to either Bridge
or NoBridge. Transparent bridging is disabled on token ring ports, source routing
IBM Protocols and Services Notes
51
and route discovery are configured, bridge numbers must be unique for each
bridge/router on the same ring, and LLC2 is enabled on token ring ports.
Token Ring Frame Copy Errors
For transparent bridge or source route transparent configurations, token ring end
systems may generate a small number of MAC frame copy error reports when the
NETBuilder II bridge/router token ring interface is initializing or when the
bridge/router ages out a MAC address from its bridge table.
For the bridge/router to learn the MAC addresses of transparent end systems on
the token ring, it copies a packet with an unknown source address and sets the
address-recognized (A) and frame-copied (C) bits in the Frame Status (FS) field. A
problem occurs when the FS (A) and (C) bits have been set and the destination of
the frame is an end system on the local ring. The destination end system expects
the (A) and (C) bits to be zeros. When it receives a frame with these values already
set, it reports an error. The end system counts these errors and accumulates them
until the MAC layer Soft Error Report Timer period is reached; the default is two
seconds. A MAC Report Error packet is then sent to the Ring Error Monitor (REM)
Network Management entity.
A source route only configuration eliminates frame copy errors. Frame copy errors
do not occur in source route only environments when the NETBuilder
bridge/routers are configured properly. This is because the NETBuilder
bridge/router hardware filters source-routed packets based on the route
information field, not the MAC address. If the bridge/router is configured for
source route only, it never copies frames destined for a station on the local ring.
Frame copy errors can be eliminated by running in source-route-only mode.
Table 12 shows the features supported on the NETBuilder II and NETBuilder
SuperStack II token ring bridge/routers.
Table 12 3Com Bridge/Routers and Supported Features
Source Route
Transparent
Bridging
Source Route
Transparent
Routing Gatew ay
Platform
Source Routing
NETBuilder II
Yes
Yes
Yes
Yes
No
Yes
Yes
SuperStack II NETBuilder No
Token Ring
Frame Copy Errors under LAN Net Manager
Whenever LAN Net Manager is enabled, the token ring driver is set to N-way
bridging mode, which means the bridge/router copies all frames that match the
bridge number specified on the receiving port. If two NETBuilder bridge/routers
are connected to the same ring with the same bridge number, frame copy errors
will occur. To prevent this problem, do not configure two NETBuilder
bridge/routers with the same bridge number on the same ring.
LAN Netw ork Manager If you have previously configured your LAN Network Manager to use the
w ith NETBuilder II NETBuilder II system as a virtual ring, and you want to use it as a physical ring, you
Systems must set your virtual ring number back to None.
52
LLC2 Frames and PPP LLC2 frames are not sent or received over PPP unless global bridging is enabled
using the SETDefault -BRidge CONTrol = Enabled command. You must enable
LLC2 on the port using:
SETDefault !<port> -LLC2 CONTrol = Enabled.
If bridging is enabled and you do not want bridging, either set the -BRidge
CONTrol parameter to NoForward, or disable bridging on individual ports by
setting the following command:
SETDefault -BRidge TransparentBridge = NoTransparentBridge
Maximum BSC Line For V.35 and RS-232 links, the maximum baud rate supported for BSC traffic is
Speed 38.4. If the baud rate is higher, BSC traffic suffers errors and retransmissions.
SHDLC Half-Duplex SHDLC does not support physical half-duplex mode.
Mode
SDLC SDLC requires the following:
■
XID spoofing must be turned on if the IBM Communication Manager is used
for 3270 communications and is defined as a PU type 2.0. Use the following
syntax:
SETDefault !<PU name> -SDLC CUXId = <value> (8 Hexadecimal digits)
SETDefault !<PU name> -SDLC CUXidDefined = Yes
■
SDLC end-to-end through local switching (conversion to a single LLC2 LAN
connection between two NETBuilder bridge/routers) requires different virtual
ring numbers in the LLC2 Service.
SDLC Adjacent Link When you configure SDLC adjacent link stations for APPN, if an active link
Stations for APPN becomes inactive and you change the port definition using the PortDef parameter,
the link remains inactive. If you try to reactivate the link using the SET -APPN
LinkStaCONTrol command, the link reactivates within 30 seconds. To activate the
link immediately, you must enable the APPN port using the SET -APPN PortControl
= Enable command.
Source Route The NETBuilder II bridge/router cannot interoperate with Cisco or IBM routers if
Transparent Bridging the NETBuilder bridge/router is configured using Source Route Transparent
Gatew ay (SRTG) Gateway (SRTG) with Source Route bridging on the token ring LAN port and
Interoperability Transparent Bridging on the PPP or Frame Relay WAN ports. In this configuration,
the NETBuilder II bridge/router is sending using PPP bridge encapsulation 802.5
token ring format, while the IBM 6611 and the Cisco 400 router are using PPP
bridge encapsulation 802.3 Ethernet format.
SDLC Ports and NetView
Service Point
An SDLC port defined for NetView Service Point cannot be used for SDLC-to-LLC2.
UI Response Time With When NETBuilder bridge/router is configured with many SDLC PUs, SETDefault
Large SDLC commands may take a long time to complete. Using the Defrag command to
configuration streamline the flash that contains the configuration files can fix the problem.
VTAM Program VTAM Program Temporary Fixes (PTFs) are required on a mainframe when APPN
Temporary Fixes DLU services are used. Mainframe network management (NetView) services will
not function for downstream physical units (PUs) if the PTFs are not installed.
ATM Services Notes
53
VTAM Version 4.2 requires PTF #UW20787. VTAM Version 4.3 requires PTF
#UW20788.
Visible symptoms of this problem can be seen as a lack of network management
data for PUs that are downstream of a NETBuilder II bridge/router using APPN DLU
services. The NetView message “AAU251I AAUDRTIB 02 UNEXPECTED SENSE
CODE X'1002' ENCOUNTERED FOR TARGET=pu_name” is printed in the log file
when this problem occurs.
ATM Services Notes
This section describes notes, cautions, and other considerations to be aware of
when using the Enterprise OS software with ATM services. The topics are
presented in alphabetical order.
ATM Emulated LANs Enterprise OS software supports a system maximum of 32 ATM emulated LANs.
ATM LAN Emulation This release of LAN emulation software does not support large 802.3 frame
Clients and Large 802.3 encapsulation as specified in the LANE standard 1.0. When IP routing is used from
Frames FDDI to an emulated LAN, packets larger than 1500 are sent fragmented per IP
fragmentation rules.
ATM Connection Table In a LAN Emulation environment with many LAN Emulation Servers (LESs), a
performance drop may occur when the NETBuilder bridge/router is able to
connect to the LAN Emulation Configuration Server (LECS), but many of the LESs
are down or unreachable. Disabling the ETHATM virtual ports corresponding to
the unreachable LESs will alleviate this situation.
Deleting ATM Neighbors Bridge ATM Neighbors must be deleted before the associated virtual ports can be
deleted.
Source-Route The source-route transparent gateway is not currently supported on ATM LAN
Transparent Gatew ay emulation ports.
WAN Protocols and
Services Notes
This section describes notes, cautions, and other considerations to be aware of
when using the Enterprise OS software with WAN protocols and services. The
topics are presented in alphabetical order.
ACCM Not Configurable The ACCM (Async Control Character Map) used for Async PPP cannot be
configured. During LCP negotiation, the NETBuilder bridge/router always proposes
an ACCM of all zeros and agrees to whatever the peer negotiates.
Asynch Tunnelling on For best results, set the LineType parameter to Leased and set the SuperStack II
Serial Ports NETBuilder bridge/router model 32x connector type for the universal port to
RS-232. For the path to come up, the bridge/router must see a DTR or DSR control
signal from the device. Or, if the device does not generate a control signal, a
loopback connector should be used to supply the control signal.
Automatic Line When set to the value of Auto, the -PATH LineType parameter first attempts to
Detection bring up the path as a leased line by raising the data terminal ready (DTR) signal. If
the path comes up but a DTR-base dial modem is attached to the path, the
modem does not hang up until brought down manually with the HangUp
command. To avoid this situation, set the -PATH LineType parameter to Dialup.
54
Auto Start-up Does Not Automatic detection of the line type (LineType=Auto) and link protocol
Include Async (OWNer=Auto) do not include recognition of Async PPP and AT dial. For Async PPP
and AT dial (which must be used together), the following parameters must be
explicitly configured:
-PATH LineType=Dialup
-PATH DialMode=ATdial
-PATH ExDevType=Async
-PORT OWNer=PPP
The PATH service parameter TransferMode should not be changed from its default
value of AUto. Other settings of this parameter are reserved for future extensions.
Bandw idth-on- Two PORT Service parameters are used to configure bandwidth-on-demand ports.
Demand Timer The DialIdleTime parameter sets the time in seconds before all dialup lines in a
Precedence port are disconnected if the port is not in use. The DialSamplPeriod parameter sets
the time (in seconds) to sample before taking an action to bring additional paths
up or down, based on traffic load for bandwidth-on-demand. The value specified
for the DialIdleTime parameter takes precedence over the value specified for the
DialSamplPeriod parameter.
Baud Rates for WAN The following baud rates are supported in DCE mode (synchronous, internal
Ports in DCE Mode clocking):
■
■
■
■
■
■
■
■
■
■
1200
1800
2400
3600
7200
9600
19 K
38 K
56 K
64 K
■
■
■
■
■
■
■
■
■
■
112 K
128 K
256 K
384 K
448 K
768 K
1344 K
1536 K
1580 K
2048 K
If you configure a baud rate that is different from those listed, the system will fall
back to the nearest lower supported rate.
BSC Cabling and The data communication equipment (DCE) cable for SuperStack II bridge/routers
Clocking should be 07-264-000-01 (rev. 1) to work in BSC internal clocking mode.
Changing the Transfer The PATH service parameter TransferMode should not be changed from its default
Mode Parameter Default value of AUto. Other settings of this parameter are reserved for future extensions.
Value
Compression Compression must use the same configuration at both ends of the connection. If
Requirements one side of a connection is configured as per-packet and the other is configured as
history, the PPP link does not come up.
WAN Protocols and Services Notes
55
Dial Idle Timer The dial idle timer is not accurate and it will take a client longer to idle out than is
configured. For a 180 second dial idle time it takes approximately 8.5 minutes for
the client to idle out if no traffic is ever sent. To workaround this problem, disable
bootp on !0 by entering the following command:
Setd !0 -bootp control=disable"
Disaster Recovery on The Port Service DialControl parameter controls port attributes for a dial-up port in
Ports Without Leased the event the bandwidth set for a leased line drops below what has been set as
Lines the normal bandwidth. Setting this parameter to DisasterRecovery for a port
without leased lines prevents port idle out.
DTR Modems DTR modems should not be configured as a dynamic path and a dial pool.
Dynamic Paths Dynamic paths might not be released back into the dial pool from the port if an
incoming call arrives during a disconnect state. If the SHow -POrt PAths command
indicates that a path from the dial pool is attached to a port but is no longer in
use, it can be released by re-enabling the port.
Frame Relay Congestion The current implementation of Frame Relay congestion control requires that you
Control set the committed burst size (Bc) and the committed information rate (cir) to the
same value so that the time interval (Tc) equals 1 second using the formula
Tc= <Bc>/<cir>. If Tc is not 1 second, the Frame Relay frames may be erroneously
dropped due to the incorrect calculation of the throughput rate threshold.
History-Based If you are using history-based compression on a line with excessive errors and the
Compression negotiation attempts exceed the retry count, the device must be rebooted to clear
Negotiation Failure the condition and reset the retry count.
History Compression Not A port using Async PPP (AT dial) cannot be configured for history compression.
Allow ed With Async PPP The user interface will not prevent you from configuring the port for history
compression, however, if history compression is selected the path will not come
up.
Multilink PPP Multilink PPP (MLP) is supported for multiple WAN links connected to the same
Configurations port running PPP.
When configuring MLP:
■
For maximum performance on a NETBuilder II bridge/router, 3Com
recommends that similar hardware interface types be configured for each MLP
bundle. For instance, bundle HSS modules with HSS modules, and bundle HSS
3-port module links with HSS 3-port module links.
■
■
For the best performance, use MLP on interfaces with matched line speeds.
Avoid mismatched baud rates of ratios greater than 10 to 1 for bundled links.
If your baud rate ratios on two links are greater than 4 to 1, the MLP feature
automatically turns off fragmentation. For baud ratios of less than 4 to 1, you
may choose to turn off fragmentation for performance considerations. Turn off
fragmentation using the MlpCONTrol parameter in the PPP Service.
■
■
MLP does not support the HSSI module.
Before you re-enable a port running MLP, disable the port and allow the remote
port to go down. This action prevents loss of packet sequence numbers
56
synchronization, which causes packets to be dropped when the MLP port is
enabled.
SPID Wizard Detection If the two routers are connected to a single NT-1, SPID Wizard cannot detect the
Errors correct switch type and corresponding SPIDs. To work around the problem,
disconnect one of the routers from the NT-1 before running SPID Wizard.
Reconnect the router after SPID Wizard completes the detection process.
STP AutoMode Does Not When a NETBuilder II TI is connected over X.25 to a NETBuilder II bridge/router
Select the Right Mode that has Ethernet or token ring, and the Ethernet is transparent bridging to other
routers over X.25 and the token ring interface requires source route bridging to
the NETBuilder II TI, STP does not select the right mode when the default value is
AutoMode. Set the STP value to SRTMode.
Supported Modems Table 13 lists asynchronous and Table 14 list synchronous modems supported by
3Com.
Table 13 Supported Asynchronous Modems
Modems
Hayes (Accura 33.6)
Motorola (ModemSURFR 33,600)
3Com/USR (Courier, Sportster)
Multitech (MT1932ZDX)
3Com/USR (Impact IQ)
Table 14 Supported Synchronous Modem
Modem
3Com/USR (Courier)
Routing Protocols and
Services Notes
This section describes notes, cautions, and other considerations to be aware of
when using the Enterprise OS software and routing protocols and services. The
topics are presented in alphabetical order.
BGP Configuration Files Prior to software version 10.1, BGP configuration files were written to flash
memory every 10 SETDs, ADDs, or Deletes. Beginning with version 10.1, BGP
configurations are saved to flash memory immediately after each change, which
practically eliminates the need for the SAVEbgp command.
3Com recommends that you pay special attention to bridge/router platforms
running software version 10.1 and greater with pre-10.1 releases in the same
network. Always enter the SAVEbgp command on any bridge/router running
software previous to version 10.1 to make sure that all the BGP configurations are
written to flash memory. Failure to do so may result in all the BGP configurations
being lost after the next reboot.
Prior to software version 10.1, all IGP routes except OSPF External routes were
imported into the BGP routing table by default. Beginning with software version
10.1, the “import” of IBP routes into BGP is controlled by the BGP IntPolDefault
parameter.
Routing Protocols and Services Notes
57
CPU Utilization w ith XNS When the PathBuilder S5xx switch is configured for 2048 tunnels and XNS
Protocol protocol, very high CPU utilization will occur.
IPX to Non-IPX A mechanism does not exist to prevent adding a path from a non-IPX routing port
Configuration Error to an IPX routing port. If this situation occurs, the router stops routing IPX traffic,
even though the primary port has been up the whole time. To restart IPX routing,
re-enable the port.
IPX Routing, Route When you route IPX over a Frame Relay meshed topology and configure the SAP
Receive and Route Route Receive and Route Advertisement policies on the Frame Relay port, these
Advertisement Policies policies do not take effect until the SAP table is flushed.
Managing IP Address When assigning IP address to virtual ports of directly connected networks, it is
Assignment important to ensure that the assigned address is valid. As LCP supports multiple
Network Control Protocols (NCPs), IP does not verify that the address is valid
before bringing the port state up or down, as there may be other protocols which
are utilizing that port. It is possible to have an UP port state, yet have a lack of IP
connectivity.
NAT Service - Many to NAT Many to One Outbound does not translate properly when multiple addresses,
One Outbound on LHS, are specified using comma (,) notation. But NAT Many to One Outbound
Translation translates properly when multiple addresses, on LHS, are specified in 10.3.1.0/24
notation.
NAT Service - TCP/UDP When the NETBuilder bridge/router is configured to use TCP/UDP Port Mapping
Port Mappings from port 23 (Telnet) to any other port number, the first command executed over
the session will fail due to extra characters inserted into the command string. All
subsequent commands issued for that session will succeed. If you encounter this
problem, execute the command again.
OSPF Route If your network is expecting more than 4000 OSPF routes you need to set the
Advertisement ospfholdtime variable to 30.
PIM-Sparse Mode In Release 11.4, PIM-SparseMode does not look into the BGP routing table for RPF
(reverse path forwarding) lookups. RPF lookups for IP addresses reachable only via
BGP will result in RPF failures.
This has the following implications.
■
A PIM-SM router will drop multicast data packets sent from a source reachable
only via BGP.
■
PIM-SM Rendezvous Points which are reachable only via BGP will not get
added to the local RendezvousPoint set (the set of routers capable of
functioning as PIM-SM RPs).
PIM-SM Cisco IOS currently forwards the boot strap router (BSR) message packets without
Enterprise OS/Cisco modifying the source IP address field. This implementation is incompatible with
Incompatibility 3Com Enterprise OS and there is no workaround when a PIM-SM domain contains
both Cisco IOS and 3Com Enterprise OS devices.
PIM-SM Register Cisco IOS currently sends register packets with register checksum on the entire IP
Checksum Formats payload, and IOS rendezvous points (RPs) also expect register checksums done on
the entire IP payload. However, 3Com Enterprise OS devices generate register
58
checksums on the PIM headers only. Enterprise OS devices, when acting as RPs,
are capable of accepting register checksums in both formats. In the scenario
where Cisco IOS devices are the RPs and Enterprise OS devices act as sender
designated routers (DRs), a super user command 'SU PIM RegCksum FullPayload'
is required on the Enterprise OS devices.
PM-SM Not Supported Currently PIM-SM is not supported over non-broadcast, multiaccess (NBMA)
Over NBMA Media datalink media. Such media include IP-IP Point-to-Multipoint (P2MP) tunnels and
Frame Relay configured on parent ports.
RouteDiscovery If RouteDiscovery is enabled on all protocols (-SR RouteDiscovery = All), in the
maximum packet forwarding rate drops significantly during route discovery. 3Com
recommends that you enable RouteDiscovery only for the protocols you use.
Increasing the value of the -SR HoldTime parameter minimizes the drop in
forwarding rate for these protocols.
VRRP Configuration VRRP cannot coexist with DECnet, LAA, OSI, or IPv6.
Netw ork
Management System
and Services Notes
This section describes notes, cautions, and other considerations to be aware of
when using the Enterprise OS software when working with network management
system services. The topics are presented in alphabetical order.
ASCII Boot When using the ASCII Boot feature on a NETBuilder II bridge/router with intelligent
I/O modules or a PathBuilder S5xx series switch, configuration commands that
apply to the physical ports on the intelligent I/O modules or to the physical ports
on the PathBuilder may not get configured correctly if they are the first commands
executed in the boot.cfg file. There is a small timing window where the
commands affecting the physical ports will not execute successfully because the
software drivers have not finished initializing the ports.
This problem can be avoided by either including a PAuse command at the
beginning of the boot.cfg file to delay the execution of the first configuration
command by a few seconds or by putting the configuration commands that do
not apply to the physical ports at the beginning of the boot.cfg file. The intelligent
I/O modules on the NETBuilder II bridge/router are the HSS 4-Port WAN Module,
the MP ATMLink Module, the MP Ethernet 6-Port 10BASE-FL Module, and the HSS
8-Port BRI Module. Support for the PAuse command by the ASCII Boot feature
(and LoadConfigs) is new with the Enterprise OS software version 11.4.
Boot Cycle If the OfficeConnect bridge/router fails to complete the boot cycle and enters a
Continuous Loop boot cycle loop (for example, if the boot image is corrupted), press the ESC key to
interrupt the boot cycle and enter monitor mode.
BootP Server and To use the Enterprise OS software version 11.4 Autostartup feature, you must
Autostartup upgrade the remote node, the central site, and if you are using the 3Com BootP
server, you must upgrade that as well. Autostartup supports a non-3Com BootP
server if the remote node is identified by its MAC address.
Bootptab File The 3Com BOOTP Server for Windows does not read the bootptab file for any
date greater than 2000. The problem resides in Microsoft's system libraries. A
patch can be downloaded from Microsoft. This patch can be found at the
following URL:
Network Management System and Services Notes
59
Capturing Commands to When using Capture to save commands to the boot.cfg, the commands are not
boot.cfg File immediately written to the boot.cfg file. A system crash or reboot may occur at a
time when commands that have been executed have not been written to the
boot.cfg file causing these commands to be lost.
Change Configuration The options on the Change Configuration and Diagnostic menu do not apply to
and Diagnostic Menu the model 1x1 OfficeConnect bridge/router because ISDN ports are not present on
this system.
CPU Utilization Statistic For the NETBuilder Remote Office bridge/routers, the CPU utilization statistic
indicates a high percentage of utilization regardless of actual use. CPU utilization
is displayed on the first line of the response to the SHow STATistics command. This
incorrect display statistic will be fixed in a future release of the Enterprise OS
bridge/router software.
File System Error Occasionally a false file system error message telling you to format and restore
configuration files will appear on the console. These false errors appear when the
background processing in the NETBuilder bridge/router is performing file
operations and you attempt a write operation (such as a SETDefault command,
DEFRag command, and FORMAT command). In these programmatic lockouts
rather than media related error conditions, the flash file system will NOT need to
be reformatted. Examining the results of the attempted command (such as SHow
to examine the results of the attempted SETDefault) can indicate whether the file
system error is a false indication or not.
Firmw are Configuration To select BootP as your Address Discovery protocol, you must set all five IP address
options to None.
Firmw are Update The bridge/router updates firmware as part of its software boot process. In some
cases, some text is displayed during the firmware upgrade process, which appears
similar to the following:
>>>>updating firmware boot bank A
>>>>famd_blk_erase: block addr less than 512K: 0x10000
>>>>famd_blk_erase: block addr less than 512K: 0x20000
>>>>Firmware boot bank update is complete.
These messages do not indicate a problem and can be ignored.
IP Quality of Service There is a bug in the software that exhibits itself when setting the bandwidth of a
Bandw idth QoS Policy to be 8k or lower. The workaround is to assign a bandwidth greater
than 8k to the policy.
IP Quality of Service When using the IP Quality of Service (IP QoS) features, there are two methods for
Configuration configure priority queueing. The older method uses the IP Filter Service and the
new method uses the IPQoS Service. Assigning a priority to IP packets in IP QOS
does not work. For the 11.4 release, if you wish to create a policy to configure
priority queueing use the IP Filter Service Policy command to establish filtering
policies.
Multiple Paths to BootP Multiple paths to a BootP server may cause a BootP reply to fail. If a BootP reply is
Server transmitted by a BootP server and not received by the router, flush the IP Routing
60
table and re-enable BootP on the port waiting for the IP address. BootP must be
re-enabled before route update are received.
Remote Access To increase network security, the default value for the NetAccess parameter in the
Default Change SYS Service is set to NoRemote. This means that by default, no remote connection
attempts will be accepted by the bridge/router. If you are accustomed to or want
to use remote access, you must specifically set the value of the NetAccess
parameter to Remote.
Scheduler When RunOnBootFail is specified, event-based macro execution (EBME) is enabled
RunOnBootFail when the primary connections fail to establish within 5 minutes after the switch
Completion boots. After the initial 5 minutes, PortDown event processing happens at the rate
of approximately one port per second. When the PathBuilder S5xx series switch is
configured for 2048 virtual ports it takes about 45 minutes after the system
initializes for the RunOnBootFail processing to be completed on all ports.
V.25bis Modem Setup If you are using a V.25bis modem with a NETBuilder boundary routing leaf node,
and you configure the line type explicitly as dial rather than auto, be certain to also
set the DialMode to V.25bis rather than use the default of DTR.
Web Link When you set the DocumentPath parameter in the WebLink service to a local file,
Documentation Path drive C for example (“file:///c:”), the Web Link assumes that access to the
NETBuilder bridge/router takes place only from the computer to which the file is
local. If Web Link is used from any other computer, the browser looks on its local
“C” drive for the help pages. If the computer is a UNIX machine and these files are
not present as expected, unpredictable browser behavior will result.
Web Link Login Support When you access the Web Link application for the first time, you are prompted to
enter a username and password. This username and password remains valid on
the NETBuilder bridge/router for two hours. Because most browsers cache user
login information, it is recommended that you log out of Web Link by selecting
the “Logout” icon on the home page.
Zmodem Time Out A Zmodem file transfer from a PC to a SuperStack II or OfficeConnect
bridge/router can take a long time. To minimize the possibility that the PC
Zmodem software will time out during the download, run the DEFRag command
on the SuperStack II bridge/router before beginning the file transfer. The DEFRag
command reclaims dirty space in flash memory. Dirty space is memory that has
been written on and cannot be used again until it has been erased.
VPN Protocols and
Services Notes
This section describes notes, cautions, and other considerations to be aware of
when using the Enterprise OS software with VPN protocols and services. The
topics are presented in alphabetical order.
ACE Security Server When interoperating with the ACE Security Server for Token-based login support,
you may need to change the RAS Retransmit Timer value to a higher value (for
example, 7) to prevent access-request time-outs.
Total Control Security The Total Control™ Security and Accounting Server provides call authentication,
and Accounting Server authorization, and accounting for your Enterprise OS devices. At the time of
Availability publication of these release notes, the required version number of the SAS server
VPN Protocols and Services Notes
61
was unavailable. To determine the required version, refer to the online version of
these release notes available on the 3Com website:
Microsoft MPPE Patches Microsoft has acknowledged performance problems with their original
and Updates implementation of MPPE. You should use MSDUN1.2c or later for Windows 95
and apply Hot Fixes in article Q162230 for Windows NT. Contact your Microsoft
service provider for additional information and updates when they become
available.
PKI: Entrust CA A Certificate Authority (CA) product can be purchased separately from Entrust.
Installation Notes This packaged CA server must be installed and configured on a Windows NT 4.0
system. This package actually consists of two Entrust products:
■
■
Entrust/PKI 4.0 Authority/Admin/Directory is installed on a Windows NT 4.0
server. This product provides the CA server, a facility to administer the CA, and
an optional local LDAP-compliant directory that can serve as a repository for
certificates and CRLs. This product should be installed first.
Entrust/PKI 4.0 VPN Connector can be installed with Entrust PKI 4.0
Authority/Admin/Directory on a Windows NT 4.0 server, or installed separately
on a Windows NT 4.0 workstation with network connectivity to the Entrust CA
server. This product provides a front-end to the Entrust CA server for enrolling
VPN devices such as routers with the Entrust CA in order to obtain certificates
for those devices. This product must be installed after the Entrust/PKI 4.0
Authority/Admin/Directory product is installed.
The following are some guidelines for installing the Entrust/PKI 4.0
Authority/Admin/Directory product:
■
The Entrust installation guide gives instructions for installing the Entrust/PKI 4.0
Authority/Admin/Directory product. It is recommended that the Entrust
directory be installed with the CA server. The installation guide specifies the
exact system requirements. It is strongly recommended that the installation
guide be reviewed carefully before attempting the installation.
■
The Entrust CA environment assumes a hierarchy of security personnel that
manage various aspects of operation of the CA, although all of the various
management roles can be assumed by a single person. It is recommended that
the various passwords for the various personnel be carefully recorded, and the
records placed in a secure location. The installation provides various
worksheets, and the information requested in these must be determined prior
to the installation.
■
■
A Windows NT server administrator password must be set prior to the
installation. Do not use an empty password consisting only of a carriage return.
After installation, if the Entrust directory was installed with the Entrust CA
software, by default, the directory records for certificates and CRLs will be
stored internally in an ASCII format. The directory records should be stored in a
binary format. To change the format, edit the Entrust ENTMGR.INI file and
Bridge/Router PKI Configuration search for the line “serverType =
Entrustslapd”. Change this line to read “serverType = External”. See Appendix
D of the Entrust/PKI 4.0 Administration Guide for more information. After
editing this file, run the Master Control application and invoke the Restore to
62
Directory operation to reinitialize the directory in binary mode. See Chapter 2
of the Entrust/PKI 4.0 Administration Guide.
■
The following are guidelines for installing the Entrust/PKI 4.0 VPN Connector
product: n The Entrust installation guide provides instructions for installing the
Entrust/PKI 4.0 VPN Connector product. The installation guide specifies the
exact system requirements. It is strongly recommended that the installation
guide be reviewed carefully before attempting the installation. n The
installation provides various worksheets, and the information requested in
these must be determined prior to the installation.
■
The CEP features of VPN Connector are not required in a 3Com bridge/router
PKI environment. Skip those steps relating to the CEP installation and
configuration.
PPTP Tunnel Security Authentication problems may occur when connecting a Windows 95 or NT client
Validation via a Total Control™ hub to a NETBuilder II bridge/router where the Total Control
hub is setting up a PPTP tunnel to the bridge/router.
This problem is a combination of the security protocol between the client and the
LS (in this case the Total Control Hub) and the time it takes to validate a Radius
request on the Radius server. In addition, the setting of the DefaultAptCtl
parameter needs to be considered because this determines which security protocol
the NETBuilder bridge/router will use.
If the client and the LS negotiate to use PAP, the client will send PAP configure
requests but at that time the LS is busy setting up the PPTP tunnel and will forward
the PAP requests to the NETBuilder bridge/router. The bridge/router by default
sends CHAP challenge to the client and normally the client responds immediately.
Then the NETBuilder bridge/router sends a request to the Radius server for
validation.
If there is another PAP request from the client to the bridge/router while the
bridge/router is waiting for validation from the Radius server, the bridge/router will
send a PAP NAK to the client and the session is terminated. If the CHAP success
message is received before the next PAP message, the PAP message is discarded
and the connection is established.
Solutions include disabling CHAP on the NETBuilder DAC or disabling PAP
between the client and the LS.
This situation does not arise when the NETBuilder bridge/router is using internal
security because it is fast enough to check the CHAP response before the next PAP
message is generated.
RSA Signature for Phase When using RSA Signature for phase 1 authentication, and an IP address is used
1 Authentication for Distinguished Name Common Name or Subject Alternate Name, the only port
on the device that will perform IPSec is the one that corresponds to that IP
address. Using a domain name for the Distinguished Name Common Name or
Subject Alternate Name does not impose this limitation.
Window s NT MS-CHAP Although the 11.4 RAS service supports 64 character user names and passwords,
Authentication any Windows NT user with a password greater than 14 characters long will fail
MS-CHAP authentication. Per the IETF MS-CHAP v2 draft current versions of
Windows NT limit passwords to 14 characters.
Platform Notes
63
Platform Notes
This section describes the supported PC flash memory cards, approved DRAM
SIMMS, notes, cautions, and other considerations to be aware of when using the
Enterprise OS software on the various NETBuilder bridge/router and PathBuilder
platforms. The topics are presented in alphabetical order.
OfficeConnect In order for OfficeConnect NETBuilder and SuperStack II SI NETBuilder
NETBuilder and bridge/routers to support selected Enterprise OS software version 11.4 packages,
SuperStack II the minimum memory requirements must be met for DRAM and FLASH. These
NETBuilder SI Additional requirements are mentioned in Table 15 and in the Software Features table for the
Memory Requirements specific platform in “11.4 Software Packages” on page 23. The upgrade kits that
available to meet these memory requirements are listed in Table 16. New
equipment shipped pre-loaded with Enterprise OS software version 11.4 has
adequate DRAM and Flash memory installed prior to shipment.
Table 15 Memory Requirements for OfficeConnect NETBuilder and SuperStack II NETBuilder SI
11.4 Dual
11.4 DRAM
11.4 FLASH
Image FLASH
Platform
Description
Package ID
RW, RE, RS
JW, JE, JS
Requirements Requirements Requirements
OfficeConnect NETBuilder 10
OfficeConnect NETBuilder
IP/IPX Router
IP/IPX Router
IP/IPX/AT Router
16MB
16MB
16MB
4MB
4MB
8MB
8MB
8MB
12MB
NW, NE, NS
Multiprotocol Router
Boundary Router
OF, OL, OE, OS 16MB
8MB
4MB
8MB
12MB
8MB
BF
AF
16MB
16MB
APPN/Connection
Services Router
12MB
SuperStack II NETBuilder SI
IP/IPX/AT Router
NW, NE, NS
16MB
8MB
8MB
Multiprotocol Router
Boundary Router
CF, CL, CE, CS 24MB
12MB
8MB
12MB
12MB
12MB
BF
16MB
16MB
APPN/Connection
Services Router
AX
12MB
Table 16 Order Numbers for Memory Upgrade Kits
3C# of Kit
3C8104
3C8108
3C8080
3C8105
Description
4MB FLASH for OfficeConnect NETBuilder & SuperStack II NETBuilder SI
8MB FLASH for OfficeConnect NETBuilder
8MB DRAM for OfficeConnect NETBuilder
16MB DRAM for SuperStack II NETBuilder SI
Approved DRAM SIMMs Table 17 lists 3Com–approved vendors of the 32 MB DRAM SIMM for
upgrading the NETBuilder II DPE 40 module.
Table 17 3Com-approved DRAM SIMMs
Size
Vendor and Description
Part Number
32 MB
NEC
MC428000A32B-60
THM328020S-60
THM328020B5-60
72-pin 8Mx32 60 ns page mode
Toshiba
Toshiba
64
Supported PC Flash Table 18 lists 3Com-approved vendors of the PC flash memory card.
Memory Cards
The 20 MB flash memory card has a formatted capacity of 19.86 MB. For dual
image and full dump capability, 3Com recommends using a 20 MB card used in
the NETBuilder II bridge/router.
You can also purchase the blank flash memory card from 3Com:
■
DPE 20 MB card is 3C6086
Table 18 3Com-approved 20 MB Flash Memory Cards
Vendor and Description
Intel Series 2
Part Number
iMC020FLSA
iMC020FLSP
AmC020DFLKA
Intel Series 2+
AMD Series D
Line Error Reporting on The PathBuilder series switch reports FSI CRCs under the path statistics. This entry
PathBuilder S5xx Series reflects line errors after hardware error assisted recovery has taken place. The
Sw itch Statistics Display number of actual line errors present before hardware error assisted recovery has
taken place may be much higher.
T3 Bandw idth Limitation Due to a driver limitation you cannot combine two T3 paths to double the
bandwidth.
MBRI Ow nership During Port ownership and port/path naming inconsistencies can occur as MBRI boards
Board Sw apping are swapped in and out of a NETBuilder II bridge/router chassis. Replacing an MBRI
board with a non-MBRI board in the same slot requires that the NETBuilder II
bridge/router be rebooted. After the bridge/router is rebooted, there are no
port/path naming problems.
Multiport MBRI Module The Multiport MBRI module cannot be configured using SNMP.
SNMP Management
Token Ring+ Modules The maximum physical frame size that can be forwarded by the Token Ring+
modules with Enterprise OS software is 4,500 bytes. This software limitation
affects routing, source route bridging, and transparent bridging.
Token Ring Auto The Token Ring and Token Ring+ modules may enter the ring at the wrong speed
Start-up with certain MAU or station configurations. You can manually configure the -PATH
BAud value to 16,000 or 4,000 to avoid this situation.
|