Guest

Support

WAN Link Protocols

Hierarchical Navigation

Downloads

 Feedback

Table Of Contents

WAN Link Protocols

Link Configuration: WAN Dialog Box

WAN On

Link Type

Failover Type

Backup Port

Timers

Allow Dial Out

Allow Dial In

Always Keep Link Up

Drop Link If Inactive For

Dialing Method

Dial-Out / Connect Script

Dial-back Script

Dialing Retries / Connect Retries

Retry Delay Setting

Script Timeout

Failover Timers Configuration Dialog Box

Backup Enable Timer

Backup Disable Timer

Backup Init Timer

Frame Relay Configuration Dialog Box

Maintenance Protocol

Polling Frequency

Home DLCI

MTU

DLCI Database Dialog Box

DLCI #

IP Address

AppleTalk Address

IPX Address

DECnet Address

CHAP Configuration Dialog Box

Request CHAP Authentication

Respond to CHAP Challenges

Name

Secret

PAP Configuration Dialog Box

Request PAP Authentication

Respond to PAP Requests

Name

Password

SMDS Dialog Box

Station Address

IP Multicast

Polling Frequency

PPP Options Dialog Box

Sequenced Predictor Compression

PPP Link Quality Configuration Dialog Box

Echo Packets On

Frequency in Seconds (Echo Packets)

Drop Link When

LCP Options Configuration Dialog Box

MRU

ACCM

Address/Control Compression

Protocol Compression

Multilink PPP Dialog Box

MPPP Bundle Name

Enable

Linked Ports

Set as Primary

Short Sequence Header

MPQual

WAN Chat Script Editor Dialog Box

Chat Script Editor Dialog Box Buttons & Controls

Chat Script Rules and Syntax

A Note About the AT Command Set

A Note About the V.25bis Command Set

Chat Script Examples

User Authentication Database Dialog Box

Remote Name

Password/Secret

Interfaces

Dial-back Chat


WAN Link Protocols


Link Configuration: WAN Dialog Box

To access this dialog box (Figure 10-1), select WAN/Link Configuration from the Device View.

Figure 10-1 Link Configuration: WAN Dialog Box

WAN On

This checkbox controls how wide area network traffic is handled for this interface.

If checked, then the interface will be active, link information can be configured with this dialog box, and network protocol configurations (TCP/IP Routing, IPX Routing, etc.) for the interface will take effect.

If unchecked, then the interface will be inactive, no link information can be configured into this dialog box, and protocol configurations for the interface will not be in effect.

Link Type

This pull-down menu determines how the router will maintain the WAN link, and sets the low-level communications protocol which will be used on the line connected to this interface.

If On Demand PPP Link is selected, the router will treat the line connected to this interface as an intermittent "on-demand" connection which may require dialing commands to be issued. The router will use the Point-to-Point protocol to establish communications with the system at the other end of the line. Whether a connection can be initiated by this router, another router (or remote node client), or both, can be set using the Allow Dial Out and Allow Dial In checkboxes (as explained later in this chapter).

If Dedicated PPP Link is selected, the router will treat the line connected to this interface as a connection which is always available regardless of traffic activity. The router will use the Point-to-Point protocol to establish communications with the system at the other end of the line.

If Frame Relay Link is selected, the router will treat the line connected to this interface as a connection which is available regardless of traffic activity. The router will use the Frame Relay protocol to establish communications with the system (typically a Frame Relay switch) at the other end of the line.

For On Demand PPP Link operation over EIA/TIA-232 DIN-8 interfaces, certain routers require that your communications device (modem, CSU/DSU, TA, etc.) be set to raise the DCD (data carrier detect) and/or DSR (data set ready) line when a connection is established, and drop it when the connection is terminated.

If an interface is set to On Demand PPP Link, there are certain maintenance packets for each protocol (IP, IPX, etc.) which will not cause an inactive connection to be dialed. This is a security measure that keeps intruders out and allows on-demand links to be useful.

The push buttons at the bottom of this dialog box will change depending on the choice you make for this pulldown.

Failover Type

WAN ports can be set to divert their traffic to a secondary port (known as "failing over") if a line problem is detected. This pull-down menu determines the failover mode for this port.

Ports set for PPP operation will fail over if the PPP echo protocol determines that the line is down. Ports set for Frame Relay operation will fail over if the router stops receiving Frame Relay switch maintenance packets, or if all user PVCs go down.

If None is selected, failover mode on the port will not be used.

If Primary is selected, the router will monitor the status of the line connected to the port. If problems are detected on the line, traffic to this port will be diverted to the port selected with the Backup Port pull-down menu.

This pull-down menu will be disabled and will show "Backup" on a port which has been selected as a backup for a Primary port.

Backup Port

When the port has been set as a Primary failover port using the Failover Type pulldown menu, this pulldown allows a backup port to be set. If the line on the primary port goes down, traffic will be diverted to the designated backup port.

Once a port has been selected as a backup port for one primary it cannot be used as a backup for another.

This pull-down menu will be disabled, renamed to "Primary Port," and will show the Primary port's name on a port which has been selected to be a backup.

Timers

This button brings up the Failover Timers screen, which controls the amount of time before traffic is diverted from the Primary to a backup port when a Primary's line goes down, and the amount of time before traffic is diverted back to the Primary port when its line comes back up. The screen is described "Failover Timers Configuration Dialog Box" section.

Allow Dial Out

This checkbox tells the router whether traffic forwarded from other interfaces on this router will cause an on-demand connection to be established on this interface. This checkbox can only be set if the Link Type is On Demand PPP Link.

If checked, then incoming packets from another interface on this router whose destination is via this port will initiate a dialing sequence if the link is not already connected. If the link is already connected, the packets will simply be forwarded.

If unchecked, then incoming packets from another interface on this router will be dropped if the link is not already connected.

Allow Dial In

This checkbox tells the router whether it should accept incoming on-demand PPP connections from other routers (or end-node clients). This checkbox can only be set if the Link Type is On Demand PPP Link.

If checked, then incoming PPP connections will be accepted.

If unchecked, then incoming PPP connections will be rejected.

Always Keep Link Up

This checkbox tells the router whether it should always initiate a dialing sequence if there is no connection established for this interface. This checkbox can only be set if the Allow Dial Out checkbox is checked and the Drop Link If Inactive For checkbox is unchecked.

If checked, then whenever the connection for this interface is down, a dialing sequence will be initiated.

If unchecked, then a dialing sequence will only be initiated when there is network traffic which needs to be forwarded out this interface.

Drop Link If Inactive For

This checkbox and edit box tell the router how long it should wait once all traffic has been forwarded across the connection before dropping the link. If additional traffic is forwarded from another interface on the router before the link has been dropped, the timer will be reset.

If checked, then the link will be dropped after the specified number of minutes have passed with no packets being forwarded out this interface. The maximum value is 65535 minutes. The default value is 10 minutes.

If unchecked, then the link will only be dropped when the router (or remote end-node client) drops its end of the connection.

There are certain maintenance packets for each protocol (IP, IPX, etc.) which will not cause the inactivity timer to be reset. This is a security measure that keeps intruders out and allows on-demand links to be useful.

Dialing Method

This pull-down menu lets you pick the dialing method which will be used for on-demand dialing on this interface. Which dialing method is used depends on the type of equipment being dialed. In general, asynchronous devices, such as modems, use AT style dialing. Synchronous devices, such as dialed CSU/DSU's and ISDN terminal adapters, generally use V.25bis style dialing.

The AT dialing specification is the industry standard for dialing modems. If you select this option, make sure you enter AT-style commands in the chat scripts you select as the Dial-Out Script and/or Dial-back Script.

If you select V.25bis dialing, make sure you enter V.25bis-style commands in the chat scripts you select as the Dial-Out Script and/or Dial-back Script.

Please check the manual for the communications device you are using to determine the best available dialing method for this interface.

Select routers support "chat scripts" which let you provide a sequence of commands (using chat "send" statements), and anticipated responses (using chat "expect" statements) to devices which need to be dialed.

Dial-Out / Connect Script

This pull-down menu selects the main chat script the router will run when attempting to initiate a connection.

You may choose any of the chat scripts which have been configured into the router. For more information on creating chat scripts, see the "WAN Chat Script Editor Dialog Box" section.

If you selected the On Demand PPP Link pulldown discussed earlier, this pulldown will be labeled Dial-Out, and you must select a chat script here. The chat script you select will be executed whenever dialing is initiated.

If you selected the Dedicated PPP Link or Frame Relay Link pulldown discussed earlier, this pulldown will be labeled Connect, and you may optionally select a chat script here. This script will be run when the router starts up and again whenever PPP communications are lost for some reason, and can be used to provide a set of required connect responses to a device (such as a terminal server) at the other end of the dedicated line.

Dial-back Script

This pull-down menu provides a way to select a chat script which will provide global dial-back security on incoming connections to this interface. This option can only be used if you have checked both the Allow Dial Out and Allow Dial In boxes.

You may use this menu to choose any of the chat scripts which have been configured into the router. For more information on creating chat scripts, see the "WAN Chat Script Editor Dialog Box" section.

If you select a chat script here, the router will accept a PPP dial-in connection and then automatically drop the link and initiate dialing using the chat script you have selected.

If you select None here, the router will not initiate a global dial-back on all incoming connections to this interface.

You may still enforce dial-back security on selected connections by correctly setting the parameters in the User Authentication Database dialog box discussed later in this chapter.

Dialing Retries / Connect Retries

Use this parameter to set the number of dialing retry attempts the router will make following an unsuccessful connection effort.

If you selected the On Demand PPP Link pulldown discussed earlier, this field will be labeled Dialing Retries. This option can only be used if Allow Dial Out has been checked and a Dial-Out Script has been set.

If you selected the Dedicated PPP Link or Frame Relay Link pulldown discussed earlier, this field will be labeled Connect Retries. On those types of links, this option can only be used if a Connect Script has been set.

Values may range between 1 and 255.

Retry Delay Setting

This parameter sets the amount of time in seconds the router will wait between dialing attempts.

For an On Demand PPP Link, this option can only be used if Allow Dial Out has been checked and a Dial-Out Script has been set.

For a Dedicated PPP Link or a Frame Relay Link, this option can only be used if a Connect Script has been set.

Values may range between 1 and 255.

Script Timeout

This is the amount of time in seconds the router will wait for input when it encounters an "Expect" statement in one of your chat scripts.

For more information on Expect statements and chat scripts in general, see the "WAN Chat Script Editor Dialog Box" section.

Failover Timers Configuration Dialog Box

You can access the Failover Timers Configuration dialog box (Figure 10-2) by selecting Primary in the Failover Type pulldown in the Link Configuration: WAN dialog box (under WAN/Link Configuration), and then selecting the Timers button.

Figure 10-2 Failover Timers Configuration Dialog Box

Backup Enable Timer

This is the number of seconds from the time the Primary port's line is detected as being down until traffic is diverted to the Backup port. This is also known as the "failover time."

Backup Disable Timer

This is the number of seconds from the time the Primary port's line is detected as having come back up until traffic is restored to the Primary port. This is also known as the "failback time" and is used to keep the router from switching out of failover mode too soon if the Primary link has an intermittent connection.

Backup Init Timer

This is the number of seconds after router startup before failover operation will go into effect. This timer allows PPP or Frame Relay communications time to stabilize before Primary port line status is checked.

Frame Relay Configuration Dialog Box

You can access the Frame Relay Configuration dialog box (Figure 10-3) by selecting Frame Relay Link from the Link Type pulldown in the Link Configuration: WAN dialog box (under WAN/Link Configuration), and then clicking on the Frame Relay button at the bottom of the dialog box.

Figure 10-3 Frame Relay Configuration Dialog Box

Maintenance Protocol

This checkbox controls which Frame Relay maintenance protocol is used on this WAN interface. The maintenance protocol is used to send link status and virtual circuit information between Frame Relay switches and other devices (such as routers) that communicate with them.

ANSI Annex D is the most commonly used standard in the United States.

ITU-T Annex A is a European standard.

LMI was developed by a vendor consortium and is also known as the "consortium" management interface specification. It is still used by some carriers in the United States.

Static allows the emulation of a Frame Relay network over WAN broadcast media. Examples include satellite ground stations and multipoint packet radio installations. Do not use this setting for normal Frame Relay switch communications.

Your Frame Relay carrier may or may not give you a choice of management protocols. If you are given a choice, we suggest Annex D since it is the most widely used.

Polling Frequency

The router is required to periodically poll the Frame Relay switch at the other end of the communications link in order to determine whether the link is active. This field determines how often the router polls the switch, using the Maintenance Protocol you have selected.

If any three out of four polls go unanswered by the switch, the router will assume the Frame Relay link is down. Every sixth poll, the router requests a full status packet from the switch in order to update its table of active permanent virtual circuits (PVCs).

This value is in seconds. The allowable range for the value is 5 to 30. The default is 10.

Home DLCI

When Static maintenance is used on a WAN broadcast medium, this edit box can be filled in to provide a statically assigned DLCI (Data Link Control Identifier) number for this interface.

This number can be configured into other routers' DLCI Mapping dialog boxes so that they can communicate with this router. In order to reject packets that were sent out its own interface, this router will ignore any packets with a sending DLCI number that matches this number.

MTU

This is the Maximum Transmission Unit in bytes for the interface. This setting may need to be adjusted in order to communicate with switches or routers from other vendors which do not support full size frame packets. The allowable range for the value is 262 to 1700. The default for this value is 1500.

Adjusting the MTU to a smaller size will cause fragmentation of Frame Relay packets, which will impact performance. This setting should be left at the default unless it must be changed for compatibility reasons.

DLCI Database Dialog Box

You can access the Frame Relay DLCI Database dialog box (Figure 10-4) by selecting Frame Relay Link from the Link Type pulldown in the Link Configuration: WAN dialog box (under WAN/Link Configuration), and then clicking on the DLCI button at the bottom of the dialog box. This window displays all DLCI mapping entries, but is not used to add or modify the entries.

Figure 10-4 DLCI Database Configuration Dialog Box

To add or modify the entries, you must access the DLCI Entry dialog box by selecting the Add... or Modify... buttons in the Frame Relay DLCI Database dialog box (Figure 10-5).

Figure 10-5 DLCI Entry Dialog Box

The Data Link Connection Identifier (DLCI) is a number which uniquely identifies one end of a Permanent Virtual Circuit (PVC) to your Frame Relay carrier's Frame Relay switch. The DLCIs are not interchangeable between the two ends of a PVC, since they only identify one end of the PVC. Unless you use the correct DLCI numbers at each end of your PVC, two-way communications cannot take place.

This database lets you create static mappings between the Frame Relay PVCs on this interface (identified by their DLCI number) and the protocol (e.g. IP, IPX, etc.) addresses of the router interfaces at the far ends of the PVCs.

If the router at the far end of a PVC is a Compatible Systems router, you will generally not need any entries in the DLCI database for it. Compatible Systems routers use the IARP (Inverse Address Resolution Protocol) to dynamically create the same type of mappings that are manually entered in the DLCI database.

A router will not use IARP to attempt to discover addresses for a particular protocol on a PVC if there is already a DLCI database entry for the PVC for that protocol. Therefore, if you wish to use IARP to dynamically discover the addresses at the far end of a PVC, do not make any entries for its DLCI number in the DLCI database.

Frame Relay DLCIs must be statically mapped using the DLCI mapping database when IP subinterfaces are in use, because IARP can only resolve a physical port, not a logical subinterface on that port.

DLCI #

This is the decimal number between 16 and 991 which uniquely identifies this end of a PVC. A DLCI number will be provided to you by your Frame Relay carrier for each end of each PVC.

IP Address

This is the IP address of the router interface at the other end of the PVC. It should be entered in standard IP dotted-decimal notation (e.g. 198.041.9.1).

AppleTalk Address

This is the AppleTalk address of the interface of the router WAN interface at the other end of the PVC. It should be entered in decimal as a "network:node" pair (e.g. 24:1).

The AppleTalk network number must be between 1 and 65,279. The node address must be between 1 and 254.

IPX Address

This is the IPX address of the interface of the router WAN interface at the other end of the PVC. It should be entered in hexadecimal as a "network:node" pair (e.g. 12F0A:00A510123456).

The IPX network number must be between 1 and FFFFFFFE. The IPX node address must be 12 hexadecimal digits.

The IPX node address at the other end is generally a "borrowed" Ethernet address from one of the other router's Ethernet interfaces. There is no addressing conflict because the actual Ethernet interface is on a network with a different IPX network number.

DECnet Address

This is the DECnet address of the router at the other end of the PVC. The address consists of a decimal "area.node" pair (e.g. 14.1001).

The area value must be within the range of 1 to 63. The node value must be within the range of 1 to 1023.

A period is traditionally used as the separator for DECnet area:node pairs. Other protocols use a colon.

CHAP Configuration Dialog Box

You can access the CHAP (Challenge Handshake Authentication Protocol) Configuration dialog box (Figure 10-6) by selecting On Demand PPP Link or Dedicated PPP Link from the Link Type pulldown in the Link Configuration: WAN dialog box (under WAN/Link Configuration), and then clicking on the CHAP button at the bottom of the dialog box.

Figure 10-6 CHAP Configuration Dialog Box

CHAP is a security protocol that allows devices using PPP to authenticate their identities to each other through the use of a message digest (MD5) calculation. Either or both ends of a link can request that the opposite end of the link authenticate itself. CHAP requests do not depend on knowing which device initiated a call, so a calling device can request and/or provide authentication, as can a device that receives a call.

CHAP authentications can be performed at any time after a communications link is connected. A CHAP authentication sequence begins with a "challenge" from one end of the link. The challenge includes the name of the challenging router.

The response to the challenge includes the name of the responding router. This name will be looked up in the challenging router's database or on a configured RADIUS server. The name, along with a "secret" value that is stored in the database or RADIUS server and is shared by both ends, will be processed by the challenging end using the MD5 algorithm.

If the result of an identical MD5 calculation performed by the challenging end is not the same, the challenging end drops the link.

To access the User Authentication Database Configuration dialog box, select Global/User Authentication Database in the Device View. To access the RADIUS Configuration dialog box, select Global/System Configuration in the Device View and click on the RADIUS button.

Because the secret is never passed across the link, even in encrypted form, CHAP is considered to be significantly more secure than PAP.

Request CHAP Authentication

This checkbox controls whether this router will send a CHAP challenge to the other end before allowing PPP negotiation to complete. Each challenge will include this router's Name, along with a random value selected by this router.

If checked this router will send a CHAP challenge to the device at the other end of the link.

If unchecked this router will not send a CHAP challenge to the device at the other end of the link.

Respond to CHAP Challenges

This checkbox controls whether this router will respond to CHAP challenges from the other end.

If checked this router will use the values in the Name and Secret fields to respond to a CHAP challenge from the other end.

If unchecked this router will not respond to CHAP challenges.

Name

This is the name that the router will include in any CHAP challenges it makes, and in any CHAP responses it provides. A name is required if either Request CHAP Authentication or Respond to CHAP Challenges is checked. The name can be from 1 to 255 characters in length.

Secret

This is the shared information that is used to calculate expected CHAP responses to challenges issued by this router. A secret is required if Respond to CHAP Challenges is checked. The secret can be from 1 to 255 characters in length.

CHAP functionality was changed in version 3.04 and higher of Compatible Systems' router software in order to allow for effective use of RADIUS servers. CHAP in versions 3.04 and later are not downward compatible with earlier versions.

PAP Configuration Dialog Box

You can access the PAP (Password Authentication Protocol) Configuration dialog box (Figure 10-7) by selecting On Demand PPP Link or Dedicated PPP Link from the Link Type pulldown in the Link Configuration: WAN dialog box (under WAN/Link Configuration), and then clicking on the PAP button at the bottom of the dialog box.

Figure 10-7 PAP Configuration Dialog Box

PAP is a security protocol that allows devices using PPP to authenticate their identities to each other through the use of passwords. Either or both ends of a link can request that the opposite end of the link authenticate itself. PAP requests do not depend on knowing which device initiated a call, so a calling device can request and/or provide authentication, as can a device that receives a call.

PAP authentications are only performed after a communications link is connected, but before PPP has completely negotiated the communications parameters which will be used on the link. A PAP authentication sequence begins with a "PAP request" from one end of the link. The other end must respond with a valid name and password. If it does not, the requesting end drops the link.

Because PAP passes the name and password values back across the link in "cleartext," it is considered to be less secure than CHAP.

Request PAP Authentication

This checkbox controls whether this router will request a PAP name and password from the other end before allowing PPP negotiation to complete.

All name/password combinations received are checked against the entries in the User Authentication Database, or in a configured RADIUS server.

To access the User Authentication Database Configuration dialog box, select Global/User Authentication Database in the Device View. To access the RADIUS Configuration dialog box, select Global/System Configuration in the Device View and click on the RADIUS button.

If checked this router will request a PAP name and password from the device at the other end of the link. The name and password will be checked against all entries in the User Authentication Database or configured RADIUS server.

If unchecked this router will not request a PAP name and password from the device at the other end of the link.

Respond to PAP Requests

This checkbox controls whether this router will supply a PAP name and password to the other end if they are requested.

If checked this router will provide the name and password entered into the PAP Name and PAP Password edit areas on this screen when PAP information is requested by the device at the other end of the link.

If unchecked this router will not provide any PAP information if it is requested by the device at the other end of the link.

Name

This is the name that the router will provide to the device at the other end if PAP name/password information is requested and the Provide PAP Information checkbox is checked. The name can be from 1 to 255 characters in length.

Password

This is the password that the router will provide to the device at the other end if PAP name/password information is requested and the Provide PAP Information checkbox is checked. The password can be from 1 to 255 characters in length.

SMDS Dialog Box

You can access the SMDS dialog box (Figure 10-8) by selecting SMDS from the Link Type pull-down in the Link Configuration: WAN dialog box (under WAN/Link Configuration), and then clicking on the SMDS button at the bottom of the dialog box.

Figure 10-8 SMDS Dialog Box

Station Address

This is the SMDS physical station address. The address is assigned by the service provider and follows the E.164 format (i.e., 64-bit/15-digit addressing). The station address must start with the letter C and be followed by at least 10 digits.The missing digits will be filled in with F. The address should be entered exactly as it is assigned by the service provider.

IP Multicast

This is the IP multicast address. This address is the SMDS group address assigned by the service provider and follows the E.164 format. The multicast address must start with the letter E and be followed by at least 10 digits. The missing digits will be filled in with F. The address should be entered exactly as it is assigned by the service provider.

Polling Frequency

This number specifies the interval that the router uses to poll the SMDS switch. The interval is specified in seconds and must be between 0 and 30.

If the switch does not respond to the polling, the router will eventually declare the SMDS link down and start dropping packets designated for that interface. A value of 0 will disable the polling mechanism. Disabling the polling mechanism will automatically declare the SMDS link up.

The keepalive mechanism is also referred to as "heartbeat exchange" in SMDS literature.

PPP Options Dialog Box

You can access the PPP Options dialog box (Figure 10-9) by selecting On Demand PPP Link or Dedicated PPP Link from the Link Type pulldown in the Link Configuration: WAN dialog box (under WAN/Link Configuration), and then clicking on the PPP Options button at the bottom of the dialog box.

Figure 10-9 PPP Options Dialog Box

Sequenced Predictor Compression

Packet data can be compressed to provide better throughput across slower WAN links. Sequenced Predictor is a compression algorithm used in some Compatible Systems routers.

If checked this router will compress packet data being sent on this interface using the Sequenced Predictor algorithm.

A general rule of thumb for Compatible Systems routers would be to use Sequenced Predictor on uncompressed links at up to 128K rates, but to turn it off at higher speeds or if other means of compression (such as the V.42 compression built into modems) are in use. A few simple file copy transfer tests over your particular WAN setup will yield a more exact answer.

PPP Link Quality Configuration Dialog Box

You can access the PPP Link Quality Configuration dialog box (Figure 10-10) by selecting On Demand PPP Link or Dedicated PPP Link from the Link Type pulldown in the Link Configuration: WAN dialog box (under WAN/Link Configuration), and then clicking on the PPP Options button at the bottom of the dialog box, and then clicking on the Link Quality button at the bottom of the PPP Options dialog box.

Figure 10-10 PPP Link Quality Configuration Dialog Box

This dialog box is used to set parameters which allow a router using PPP to monitor the quality of an on-demand WAN link. If poor link quality is detected, the line can be dropped and redialed to improve performance.

Echo Packets On

This checkbox controls whether this router will use an echo protocol to monitor the quality of the line.

The number of echo packets sent, and the number of responses, are counted. If the conditions set in the Drop Link When... fields are met, the link is dropped.

If checked, echo packets will be regularly sent, and line quality monitored.

Frequency in Seconds (Echo Packets)

This parameter determines how often an echo packet will be sent to the other end. The value must be in the range of 1 to 32.

Drop Link When

These parameters set the size of the echo sequence that will be tracked, and the number of packets that must be lost out of a sequence before the link will be dropped. The values must be in the range of 1 to 32.

LCP Options Configuration Dialog Box

You can access the LCP Options Configuration dialog box (Figure 10-11) by selecting On Demand PPP Link or Dedicated PPP Link from the Link Type pulldown in the Link Configuration: WAN dialog box (under WAN/Link Configuration), and then clicking on the PPP Options button at the bottom of the dialog box, and then clicking on the LCP Options button at the bottom of the PPP Options dialog box.

Figure 10-11 LCP Options Configuration Dialog Box

This dialog box is used to set parameters relating to PPP's internal operation. You will probably never need to change the settings in this dialog box.

MRU

This is the Maximum Receive Unit size in bytes for PPP packets. The default value is 1500 bytes.

ACCM

The Asynchronous Character Control Map allows you to set characters which must be "escaped" for your particular communications link. For the vast majority of communications links, the default (no characters escaped) is correct.

If you set Flow Control to XOn/XOff in the Interface Configuration dialog box (under WAN/Physical Configuration) for this WAN interface, the characters for XOn and XOff will automatically be escaped by the router.

Address/Control Compression

This checkbox controls whether this router will use the method defined in the PPP specification for compression of the PPP address and control fields. The default is checked.

Protocol Compression

This checkbox controls whether this router will use the method defined in the PPP specification for compression of the PPP protocol fields. The default is checked.

Multilink PPP Dialog Box

This dialog box (Figure 10-12) is used to configure Multilink PPP (MPPP) parameters for multiple WAN interfaces. MPPP allows multiple physical links to be combined into a "bundle" which provides a virtual link with greater bandwidth than a single link

To access this dialog box, select Global/Multilink PPP from the Device View. This dialog box defines a list of MPPP bundles and the physical WAN ports that are included in each bundle.

Figure 10-12 Multilink PPP Dialog Box

To add or modify this list, click on the appropriate button to open the MPPP Bundle dialog box (Figure 10-13).

Figure 10-13 MPPP Bundle Dialog Box

MPPP Bundle Name

This edit box allows you to specify a name for the multilink virtual port.

Enable

This checkbox is used to specify whether multilink bundling will function on this router.

Linked Ports

Check each of the physical WAN ports that you wish to include in the bundle. You must select at least two ports.

Set as Primary

Select which interface in the bundle should be used by the router to configure the network protocol for the multilink, and click on the Set as Primary button.

Short Sequence Header

This checkbox allows the router to use an abbreviated sequence number in its multilink headers.

While the shorter header can enhance performance slightly, routers from other vendors may not be compatible with this feature.

MPQual

This checkbox allows the router to use echo packets on each of the physical ports in the bundle to determine whether individual links are up. If one link in a bundle goes down, the router can divert data away from that port.

If the primary port goes down, the entire link will go down, even if MPQual is enabled. If left unchecked, any individual link in the bundle can bring down the entire multilink. (Parameters for echo packets are configured in the PPP Options/PPP Link Quality dialog box, see"PPP Options Dialog Box" section.)

WAN Chat Script Editor Dialog Box

You can access the Chat Script Editor dialog box (Figure 10-14) by selecting Global/WAN Chat Scripts in the Device View.

Figure 10-14 WAN Chat Script Editor Dialog Box

Compatible Systems Legacy routers support standard communications chat scripts that let you specify dialing and/or connect sequences between this router and remote routers or terminal servers.

All of the chat scripts stored in a router are available to any of the router's WAN interfaces. To select the scripts which will be used on a specific interface, use the Dial-out Script / Connect Script and Dial-back Script pull-down menus in the VPN 5000 Manager's Link Configuration: WAN dialog box. You can access this dialog box by selecting WAN/Link Configuration from the Device View.

These scripts may also be used for user-specific dial-back scripts in the User Authentication dialog box, and can be selected from there. Access this dialog box by selecting Global/User Authentication Database in the Device View.

Chat Script Editor Dialog Box Buttons & Controls

The Current Chat Script pull-down menu lets you select a script for editing.

The New button brings up a dialog box which asks you to name the new script, then creates a blank chat script and selects it in the Current Chat Script pull-down menu. Names can be up to 16 characters long.

The Rename button lets you change the name of the chat script you are currently editing.

The Delete button deletes the chat script which is currently selected in the Current Chat Script pull-down menu.

The Import button lets you bring a previously exported chat script in from a disk on your computer. The imported information will be appended to the script which is currently selected in the Current Chat Script pull-down menu.

The Export button lets you save the chat script which is currently selected in the Current Chat Script pull-down menu to a disk file on your computer.

Chat Script Rules and Syntax

Every line in a chat script must start with either send or expect in order to be a valid chat script line.

Lines which begin with send will cause all other characters (except escaped control characters) on the line to be output through the WAN interface which is running the script.

Lines which begin with expect will cause the router to wait for matching input characters from the WAN interface which is running the script. The router is case-sensitive when examining returned data.

The amount of time the router will wait is determined by the Script Timeout parameter in the Link Configuration: WAN dialog box.

All control characters are preceded by a backslash character (\) which tells the router that what follows is an escaped character and should not be literally sent on the WAN interface.

\r insert a carriage return

\c don't add a carriage return to end of line - valid at end of line only

\x insert a hex digit (range 0 to FF)

\p pause for 0.3 seconds

\b send a break character

\ <space> follow the backslash with a space to insert a space; space characters between send or expect commands and the first character of a line are normally stripped

\t insert a tab

\n insert a new line

\q set "quiet mode" - do not log output until another \q encountered

\\ insert a backslash

A Note About the AT Command Set

Most asynchronous devices (e.g. modems and some terminal adapters) expect AT commands from the router in order to dial or perform other functions. Different modems support different subsets of AT commands. To be certain that the AT commands you are using are correct for your modem, you must refer to the manual that came with your modem.

Every AT command is preceded by "AT," which tells the modem that the string is destined for it. Listed are the most common (and commonly supported) AT commands:

ATDT -- Originate a call by dialing the number sequence which follows this command using tones (note: use a comma in the sequence for a delay)

An asynchronous terminal adapter does not use tones to dial ISDN phone numbers. Use ATD to dial ISDN phone numbers.

ATH0 -- Hang up (note: the final character is a zero)

ATM0 -- Set speaker off (note: the final character is a zero)

ATM1 -- Set speaker on until connect

Modems typically provide a response message depending on the success of an attempted call:

CONNECT -- The other end has successfully answered. Note that some modems require a switch to be set correctly to receive text responses (as opposed to result codes).

Compatible Systems routers automatically send standard modem setup parameters when a port's Dialing Method is set for AT dialing. These setup parameters are adequate for virtually all dial-up applications. In almost all cases, your modem should work right out of the box.

A Note About the V.25bis Command Set

Different CSU/DSU's and Terminal Adapters support different subsets of the V.25bis commands. To be certain that the V.25bis commands you are using are correct for your communications device, you should refer to the manual that came with the device.

The V.25bis commands use hardware signaling to denote whether the information they are sending is destined for the communications device or the data link itself. Listed are the most common (and commonly supported) V.25bis commands:

CRN -- Originate a call by dialing the number sequence which follows this command

To include a pound sign (#) as part of the number sequence, it must be enclosed in double quotes ("").

CIC -- Connect an incoming call

Communications devices provide several responses depending on the outcome of an attempted call:

CNX -- The other end has successfully answered

INC -- An incoming call has been detected

VAL -- The command received is valid

INV -- The command received is invalid or is not supported (may be followed by an error code)

CFI -- Call Failure Indicator; the call could not be completed

If your router is connected to a device synchronously, make sure to configure it to accept V.25bis commands in bit-synchronous format (i.e. within HDLC packets). This is the format Compatible Systems routers use to send V.25bis commands.

Chat Script Examples

There are as many variations of chat scripts as there are specific installation requirements. However, all chat scripts generally follow the same format, which is a series of send and expect statements.

To connect to another router using a modem. This script dials through a PBX which requires a 9 to be dialed followed by a delay in order to access an outside line:

send atdt 9,13035559000 
expect CONNECT

To connect to another router via an ISDN line, using V.25bis dialing:

send CRN 5554000 
expect CNX

To connect to an Internet Service Provider using a modem:

send atdt 5551000 
expect CONNECT 
expect login: 
send myname 
expect ssword: 
send im4CSCru2 
expect connecting

As demonstrated in this script, it may be convenient to only put part of the expected response in an expect statement. This can make it easier to get an exact match when the actual expected string is long (e.g. Please login:, Please enter your password:, etc.).

User Authentication Database Dialog Box

You can access the User Authentication Database Configuration dialog box (Figure 10-15) by selecting Global/User Authentication Database in the Device View. This dialog box displays all database entries, but is not used to add or modify the entries.

Figure 10-15 User Authentication Database Configuration Dialog Box

To add or modify database entries, you must access the Authentication Database Entry dialog box by selecting the Add... or Modify... buttons in the User Authentication Database Configuration dialog box (Figure 10-16).

Figure 10-16 Authentication Database Entry Dialog Box

This database is global to the router. If you have configured a RADIUS server, entries in this database will take precedence over RADIUS entries.

Remote Name

This is the name of the remote device.

For PAP entries, this is the name of the device we are requesting a password from, when the Request PAP Authentication checkbox is set in this router's PAP Configuration dialog box.

For CHAP entries, this is the name of the device we will send a challenge to, when the Request CHAP Authentication checkbox is set in this router's CHAP Configuration dialog box.

If there is a Compatible Systems router at the far end, these names correspond to the names entered in the CHAP Configuration dialog box and/or PAP Configuration dialog box Name fields.

Password/Secret

This is the password or secret string for the remote device.

For PAP entries, this is the password value which must be returned from the remote device before we will grant it access to this router.

For CHAP entries, this is the secret value which is shared with the remote device which will be challenged by this router. This value, along with the random value in the challenge, will be used to determine whether a response is valid.

If there is a Compatible Systems router at the far end, these strings correspond to the Password entered in the PAP Configuration dialog box and/or the Secret entered in the CHAP Configuration dialog box.

Interfaces

This is the list of interfaces on which we will accept the entered Name and Password as valid. The entry will be invalid on interfaces not selected here.

Dial-back Chat

If a chat script is selected in this pulldown, then upon successful negotiation of PAP or CHAP, the link will be dropped and the selected chat script will be executed.