Document ID: 12309
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Configuration LU Nailing
Defaults
Command Mode
Usage Guidelines
Configuration Example
Configuration of LU Capping
Defaults
Command Mode
Usage Guidelines
Examples
show Commands
NetPro Discussion Forums - Featured Conversations
Related Information
Introduction
Note: Logical Unit (LU) Nailing is first supported in Cisco IOS® Software Releases 11.2BC and 11.3T and is available in Cisco IOS Software Release12.0 and later.
TN3270 Server Client to LU Nailing is also known as Client IP Address Nailing, a feature that allows the network administrator to restrict which client IP addresses can connect to particular LUs. This feature lets clients from traditional TN3270 (non-TN3270E) devices to connect to specific LUs, thus overcoming the limitation of TN3270 devices in that they cannot specify a CONNECT LU. In order to achieve this improvement, configure the IP address to LU mappings in the TN3270 server. This feature is also useful for TN3270E clients because, in many instances, it is preferable to do the configuration centrally at the router rather than at the client.
LU Capping provides a way for a customer to limit the number of LUs that can be used concurrently by a single client IP address.
In Cisco IOS Software Release 12.1(5)T, several TN3270 Server Connectivity Enhancements are added, mainly:
-
Dynamic LU Naming
-
Inverse DNS Nailing
-
SSL Encryption Support
Refer to TN3270 Server Connectivity Enhancements for more information.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Configuration LU Nailing
Use the client TN3270 PU configuration mode command in order to define a range of locaddrs to be reserved for a remote device(s). Use the no form of this command in order to cancel this definition.
[no] client [printer] ip ip-address [mask] lu first-locaddr [last-locaddr]
where
printer (Optional)
This literal string, if present, specifies that a client connection from the nailed IP address(es) is nailed to one of the specified LUs if the client session negotiates a model type of 328, where <printer> is any alphanumeric. If this string is not present, all the model types can be nailed to this range of LUs.
ip ip-address [mask]
Remote client IP address. The mask is optional and is applied to the remote device address. The mask allows multiple client IP addresses in the same subnet to be nailed to the same range of locaddrs. The form of the mask is IP format A.B.C.D.
lu first-locaddr [last-locaddr]
Defines the range of inclusive locaddrs to be nailed from first-locaddr to last-locaddr (or only the first-locaddr, if the last-locaddr is not defined). The range for first-locaddr and last-locaddr is 1 to 255.
If client ip 192.195.80.40 lu 1 2 is configured, and there is an attempt to delete this command without the specification of the last LU, this error message is displayed:
router(tn3270-pu)#no client ip 192.195.80.40lu 1 % client ip 192.195.80.40 lu not matched with configured lu 1 2
Defaults
The default is to nail connections as screen LUs with no mask.
Command Mode
This is a TN3270 PU configuration mode command.
Usage Guidelines
-
Multiple statements can be configured for one IP address or nail type, either on one PU or multiple PUs, but each LU can only be nailed to one IP address or nail type.
For example, this nailing configuration is rejected:
router(config)int c2/2 router(config-if)tn3270-server router(cfg-tn3270)pu PU1 05D18081 172.28.1.82 ... router(tn3270-pu)client ip 192.195.80.40 lu 1 10 router(tn3270-pu)client printer ip 192.195.80.40 lu 1 10 % client ip 192.195.80.40 conflict detected with lu 1 10 router(tn3270-pu)
-
A nailed client IP address or nail type with no TN3270 device name is connected to the first available active (ACTLUed and not connected) LU in the range of LUs defined for a PU(s). If no active nailed LUs are available, it is connected to an inactive nailed LU and a Dynamic Definition of Dependent LU (DDDLU) activation is initiated. If no nailed LU is available, the connection is rejected.
This example shows a direct PU and a dependent LU requester (DLUR) PU configured with the same listening point. The PUs are configured with the same nailed client IP address.
tn3270-server pu PU1 05D18081 172.28.1.82 ... client ip 192.195.80.40 lu 1 10 dlur pu PU2 05D190B3 172.28.1.82 client ip 192.195.80.40 lu 1 10If both PUs each have three static LUs (which are ACTLUed and not connected), these LUs are the first to be nailed. That is, the first six connections from client ip 192.195.80.40 use the static LUs and subsequent connections use the remainder of the dynamic LUs.
-
A nailed IP address can request one of the nailed LUs through the TN3270 device name. If the requested LU is not available, the connection is rejected.
-
A nailed IP address cannot request an LU outside the range of nailed LUs.
In this example, if the 192.195.80.40 client ip requests LU 11 of PU1, the connection attempt is rejected because this 192.195.80.40 client ip is only nailed to LUS 1 to 10 of PU1.
tn3270-server pu PU1 05D18081 172.28.1.82 ... client ip 192.195.80.40 lu 1 10 -
A non-nailed IP address cannot request an LU that is configured as nailed. Nailed LUs are only reserved for nailed client IP addresses.
-
In order to cancel the definition, the command must be entered exactly as configured. For example, if a range of locaddrs is specified, the whole range of locaddrs must be specified to cancel this definition. There is no way to cancel only one locaddr if a whole range of locaddrs is configured.
Configuration Example
In this example, if the 198.32.1.1 client ip connects to listening point 172.22.0.1, this client gets LU 1 of PU1. If the 198.32.1.1 client ip connects to listening point 172.22.0.2, this client gets LU 1 of PU2.
tn3270-server
pu PU1 05d1801 172.22.0.1
client ip 198.32.1.1 lu 1
pu PU2 05d1802 172.22.0.2
client ip 198.32.1.1 lu 1
Configuration of LU Capping
The TN3270 server client command is used in order to limit the number of LU sessions from the one client IP address in the subnet.
[no] client ip ip-address <ip-mask> lu maximum <n>
Syntax Description:
<ip> (Optional) Client IP address.
<ip-mask>
(Optional) Client IP subnet mask.
max <n>
Maximum number of LU sessions from the
one client IP address in the subnet.
The range is 0-65535.
Defaults
If no IP address is configured, the default is for all clients to be limited to a maximum of LU sessions.
Command Mode
TN3270 configuration
Usage Guidelines
Because of the subnets-within-subnets function, there is sift-down. Therefore, the no form of this command cannot mean "make unlimited". It means "take away the statement that matches".
Examples
These examples illustrate the LU capping function:
-
In order to limit all clients to a maximum of two LU sessions.
client lu maximum 2
-
In order to limit the client with IP address 10.1.1.28 to a maximum of three LU sessions.
client ip 10.1.1.28 lu maximum 3
-
This limit can be applied to different subnets as in this example. The most exact match to the client IP address is chosen.
client ip 10.1.1.0 255.255.255.0 lu maximum 4
client ip 10.1.1.64 255.255.255.192 lu maximum 5
The effect is that clients with IP addresses that reside in the 10.1.1.64 subnet (that is, 10.1.1.64 - 127) are limited to a maximum of five LU sessions while other clients with IP addresses in the 10.1.1.0 subnet are limited to a maximum of four LU sessions.
show Commands
-
This show command displays mappings between a nailed client IP address(es) and nailed LUs.
show extended channel slot/2 tn3270-server nailed-ip ip-address
where ip-address is the IP address of the client. This is sample output:
router#show extended channel 3/2 tn3270-server nailed-ip 172.28.0.0 172.28.1.0 255.255.255.0 pu PU1 lu 1 50 172.28.1.80 pu PU2 lu 100 200 printer 172.28.1.83 pu PU3 lu 1 60 printer 172.28.1.82 pu PU1 lu 100 200
-
The existing show command is issued in order to display the PU configuration parameters, statistics, and all the LUs currently attached to the PU.
show extended channel slot/2 tn3270-server pu pu-name
The command output now contains two modifications. The first is the addition of the nail column in order to identify the nailed LUs. The second modification is the nailed table output with the client IP, mask, nail type, LU first, and LU last columns. This is sample output:
router#sh extended channel 2/2 tn3270-server pu PU1 name(index) ip:tcp xid state link destination r-lsap PU1(1) 172.28.1.82:23 05D18081 ACTIVE tok 0 4000.7470.00e7 08 10 idle-time 0 keepalive 1800 unbind-act discon generic-pool perm bytes 560 in, 3765 out; frames 20 in, 27 out; NegRsp 0 in, 0 out actlus 12, dactlus 0, binds 2 lu name client-ip:tcp nail state model frames in out idle for 1 PU1001 never connected Y ACTIVE 1 1 4:50:44 2 PU1002 never connected Y ACTIVE 1 1 4:50:44 3 PU1003 192.195.80.40:2077 N ACT/SESS 327804 5 5 5:4:36 4 PU1004 192.195.80.40:2644 Y ACTIVE 327804 5 5 0:36:7 client ip mask nail-type lu first lu last 192.195.80.40 255.255.255.0 screen 1 2 192.195.80.40 255.255.255.0 printer 4
NetPro Discussion Forums - Featured Conversations
| NetPro Discussion Forums - Featured Conversations for IBM |
| Network Infrastructure: Enterprise Data Centers |
Related Information
- TN3270 Server Implementation
- TN3270 Server Support Page
- Product Support
- Technology Support
- Technical Support & Documentation - Cisco Systems
| Updated: Sep 09, 2005 | Document ID: 12309 |