FAQ's

What are the MFR Version 2 line settings for the 2960 in the US?

The MFR2 line settings are specific to a bit oriented signal on an E1 line. E1 lines are used everywhere in the world but Canada, Japan, parts of Taiwan, and the USA. The line you will have installed will be a T1 (message oriented or robbed bit) line.

What types of High Speed Facilities do the US use?

The US uses a T1 (message oriented or robbed bit) line. A message oriented line is a PRI (Primary RateInterface) ISDN line with 23B channels and 1 D channel. Instead of the phone company sending the ring voltage in-band with the data, the digital packet with the hook status is sent in its own channel (D channel) as an out-of-band signal (Common Channel Signaling). The gain from losing one channel (D channel which happens to be channel 24 on a T1) is that the 23 B channels are full 64K able DS0s and are not interrupted by calls coming in on the line. This is the line you want to use if you have users using a ISDN BRI (Basic Rate Interface) and a Terminal Adapter. This line also will tell you information like who is calling and what number was dialed. Robbed bit signaling is a type of in-band signaling (Channel Associated Signaling) used in T1 when the D channel is buried with the B channels, using the least-significant bits to indicate the hook condition. The least significant bits are "robbed" from each DS0 leaving a throughput of 56kb per second. Robbed bit signaling leaves you with 24 DS0s rather than 23 (remember you can only make ISDN BRI calls on a PRI that's the advantage, because the robbing of the bits only allows each DS0 56K and there is no digital channel to send digital packets on).

What are the HTTP/SNMP password protection options?

There are two (2) passwords. The first is a monitor password which allows one to view, but not change, all configuration options and statistical data---all passwords are hidden. The second is a superuser password which allows full configuration and password control. These passwords are the same for the SNMP RO and RW community strings.

How can I upgrade my software?

New software images can be found at http://upgrades.patton.com. The software is upgraded using FTP from any computer. The steps are as follows.

FTP into the 2960
The username to enter is KillImage
The password is the superuser password for that 2960
Set the transfer mode for FTP to BIN (for Binary). On most FTP clients this done by typing in BIN at the FTP> prompt.
Use the FTP put command to put the file into the 2960. On most FTP clients this is done by typing put (where name-of-image-file is the name of the new software load.)

How are DSP's allocated?

The DSP's are best thought of as a resource pool. At ring time the 2960 is told by the calling switch whether the call is digital or analog. At that time a DSP is allocated and assigned to that call. The way the DSP's are kept in the resource pool and allocation is in a Round-Robin fashion.

Why can I not log in as monitor?

On the web management pages there is an option to change monitor privileges. The default is readonly(2). If this is changed to none(0), the monitor user can not log in to the web pages.

What is the pin-out for the RJ48C to DB-25 converter?

To connect to the RS232 port you need a straight through cable and a RJ48C to DB-9 converter. These were included with your remote access server but if you have lost them, the pin-out for the converter is as follows:

RJ45 DB25

1 - 6 Data Set Ready
2 - 8 Carrier Detect
3 - 20 Data Terminal Ready
4 - 7 Signal Ground
5 - 3 Received Data
6 - 2 Transmitted Data
7 - 5 Clear to Send
8 - 4 Request to Send

How can I recover a lost Superuser password?

Patton's Technical Support Team does not have access to your passwords, however, with your approval and assistance, we can help you retrieve your password if you do the following:

You must have physical access to the box. Connect a PC running Hyperterm (or other communications software) to the RJ anagement port labeled RS-232 on the front of the RAS. (Configure Hyperterm according to the manual.)
Power the RAS unit up to begin the reboot process.
At boot-up look for: *Hit escape three times to use debug.* Press the escape key three times to get the debug> prompt.
At the debug> prompt type: post , where is the enter key. Let the test run.
Begin a text capture to file in Hyperterm.
At the debug> prompt:
For the 2800 Series type: dump FFF80000 10000
For the 2900 Series type: dump FEF80000 10000
Compress the ZIP capture file and send it to us. You can email the file to support@patton.com as an attachment. Although your dump file must be run through our analysis programs, for your security, we recommend you securely send us this file using S-MIME or by using our PGP key.

You may also FTP the file to us.

FTP site: www.patton.com
username: anonymous
password: your email address

Directory to put the file in: pub/incoming.

Then email technical support telling us that you have lost your password and the name of the file containing the dump.

What kind of data connections does the 2960 support?

The 2960 series supports the following types of connections:

ASCII/VT100
Async PPP
Sync PPP
Frame Relay
ISDN

The 2960 supports all of the types of dial-in connections simultaneously. If the incoming E1/T1 supports ISDN then some users can connect using an analog modems and other users can connect over the same incoming line using ISDN.

How are DSP’s allocated?

The DSP’s are best thought of as a resource pool. At ring time the 2960 is told by the calling switch whether the call is digital or analog. At that time a DSP is allocated and assigned to that call. The way the DSP’s are kept in the resource pool and allocation is in a Round-Robin fashion.

Why can I can not log in as monitor although I am supplying the password shown under the System link?

On the web management pages there is an option to change monitor privileges. The default is readonly(2). If this is changed to none(0), the monitor user can not log in to the web pages.

How do I configure SYSLOGD in my Linux box to create a debug log?

On the Patton you need to do the following:

Go to System Log->Modify.
Set IP address for Syslog Daemon to the IP address of the machine running syslogd. Select Submit Query
Set minimum priority for syslog daemon to the desired level of logging. The lower the number next to the option the more information you get. Verbose is quite verbose. Debug is also probably more logging than you want. Select submit query.
If you want the messages to go into a separate file called local1-local7 then you set the Unix Facility.

The following instructions are valid for Rehat Linux V6.2. The commands may be slightly different for your version of Unix/Linux. On the Linux machine, if syslogd is running it will automatically start logging information to the /var/log/messages. If you want that information to go to a separate file as indicated by selecting the Unix facility above then do the following:

Go to /etc and edit syslog.conf. To log messages to local1.log add the following line:
local1.* /var/log/local1.log For each of local1-local7 you would need to add a line like the one above.
Stop and start syslogd. To kill the process type: $ killall syslogd Restart syslogd by going to /sbin and typing: $ ./syslogd or just $ syslogd from any directory if you have /sbin in your path.
Create an empty file for syslogd to write messages to: cd /var/log touch local1.log You would need to touch each localx file you will have syslogd write messages to.

Do you have any sample scripts for MRTG?

Following is an example config for the number of active calls. Our SNMP MIB definition is contained in links on the SNMP page. The definitions include the OIDs necessary for MRTG or other programs that use OIDs to get or change MIB variables. This goes and gets the active users on the 2800

# BE SURE TO CHANGE THE IP ADDRESS, WORKDIR, Directory and timezone for your system.

WorkDir: /usr/local/www/data
WriteExpires: Yes
Directory[ActiveCalls]: p26
Timezone[ActiveCalls]: GMT+5
Target[ActiveCalls]: 1.3.6.1.4.1.1768.5.25.0&1.3.6.1.4.1.1768.5.25.0:monitor@1.2.3.4
MaxBytes[ActiveCalls]: 32
AbsMax[ActiveCalls]: 32
YLegend[ActiveCalls]: Active Calls
Options[ActiveCalls]: gaug
Unscaled[ActiveCalls]: dwmy
Title[ActiveCalls]: diActive Users
PageTop[ActiveCalls]:
PageTop[ActiveCalls]: diActive Users on Patton
Happy MRTGing. You will soon have real-time graphs that look like this:

Graph

How do I figure out what the SNMP OID is?

Please click to access a scan of the 2960 and 2800 mib trees. If you look at the OID for the dial-in page 1.3.6.1.4.1.1768.5.25.0, you can follow it down the page.

1.3.6.1.4.1.1768 = This is the branch to the Patton Enterprise mib.
5 = This is the calldialin area
25 = diActive (active users on the 2800)
0 = this instance

Here is what the snipet of the SNMP MIB for this (it is under the common.mib)

diActive OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION "The total number of active calls."
::= { calldialin 25 }

The word "calldialin 25" tells you it is under the calldialin branch, in this case it is integer 5, and it is variable 25.
To get all of the items that you can manage in the 2800, goto the HTTP managment system and click on SNMP. All of the MIBS are there at the top.

Click and save all three. Then you can find everything under the sun! Here are some additional OIDs that you might find useful:

1.3.6.1.2.1.1.0 - System Description w/ Software Version
1.3.6.1.2.1.1.3 - Uptime Ticks Since Box Rebooted
1.3.6.1.4.1.1768.5.17 - Total Number of calls
1.3.6.1.4.1.1768.5.25 - Number of calls
1.3.6.1.4.1.1768.5.39 - Max number of calls
1.3.6.1.4.1.1768.16.2 - Number of DSPs Avail
1.3.6.1.4.1.1768.12.2.1.11 - framrelTXOctets
1.3.6.1.4.1.1768.12.2.1.12 - framrelRXOctets

Do you have a MRTG script for the the box temperature on the 2960 or 2996?

Box Temperature Example:

## Temperature for 2996 Site 1.2.3.4
WriteExpires: Yes
Timezone[29xxTemp]: GMT+5
Target[29xxTemp]:1.3.6.1.4.1.1768.20.1.31.0&1.3.6.1.4.1.1768.20.1.31.0:monitor@1.2.3.4
Title[29xxTemp]: 1.2.3.4 Box Temperature
PageTop[29xxTemp]: 2996 Box Temperature
MaxBytes[29xxTemp]:90
AbsMax[29xxTemp]:90
Options[29xxTemp]: growright, nopercent, integer,absolute, gauge
Ylegend[29xxTemp]: Temp C
ShortLegend[29xxTemp]: Degrees -C
Unscaled[29xxTemp]: dwmy
Legend1[29xxTemp]:Current Temp
Legend2[29xxTemp]:Current Temp
Legend3[29xxTemp]: 5 Min Average Temp
Legend4[29xxTemp]: 5 Min Average Temp

How is the MTU(maximum tranmission unit) determined on a call?

The remote access server has a default MTU of 1524. This is the maximum The MTU of the ethernet media. We recommend that this not be changed.

The MTU will be negotiated during LCP negotation for a dial-in user. During LCP negotiation we will tell the remote end we are capable of 1524.

There are two ways in which a customer can receive an MTU that is lower:

The RADIUS software returns a Framed-MTU attribute that specifies a lower value. In releases 2.3.3 and lower, we will change the MTU in response to this attribute. In 2.4.1 and above this RADIUS attribute is ignored.
The remote modem indicates that an MTU of 1524 is not acceptable and wants 512. We 'give in' to that request and assign 512 as the MTU.

A lower MTU on a dial-in call is not necessarily a bad thing. Most packets that are larger than the MTU of a connection can be broken down and sent down the connection in smaller chunks.

The problem occurs when the remote access server receives a packet larger than the connection's MTU and the packet has the Do Not Fragment bit set. This bit tells the remote access server that it must not split the packet into smaller chunks. Because the remote access server can not split the packet into smaller chunks AND can not send it as-is over the connection, it drops the packet.

What the dial-in user may see is the inability to load certain web sites.

Has Patton checked their RAS products for the recent SNMP vulnerabilities issued by CERT?

Yes. See our SNMP Advisory Tech Note at http://www.patton.com/technotes/Patton-Security-Advisory.pdf

How do I user SNMP to kill a user's connection?

The OID to kill a call is as follows:

1.3.6.1.4.1.1768.5.100.1.3.x
where x=call ID number on the dial-in page of the RAS
This OID needs to be set to 10.

This is valid for both the 2800, 29xx and 3120 series.

Does the JetStream8500 have all the functionality of the older JetStream6000 and MTS?

Yes. The 8500 can do everything the MTS/ JetStream6000 does - with superior performance, ease of management and network access functionality built in.

Can I get a port on one JetStream to talk to a port on another JetStream, in effect creating a serial data pipe across the network?

Yes. The ports are configured using TCP socket numbers to link a port on one JetStream to a port on another JetStream, allowing data to flow in both directions. This is useful for connecting serial based, remote machinery or monitoring equipment back to a central system using the existing network infrastructure.

The JetStream8500 offers SNMP support. What is this and how can it help me?

Simple Network Management Protocol (SNMP) is a network management protocol widely used in TCP/IP networks. SNMP communicates between a management program run by an administrator (HP OpenView) and the network management agent (JetStream8500). SNMP is being used more and more these days to aid in the management of networks. Using this protocol, it is possible to query the status of various network components, (i.e. routers, managed hubs, servers, etc), and in some cases to configure the units. With the JetStream8500 and SNMP you can achieve the following :

View product configuration and versions
Obtain statistics on IP usage
Configure the unit
Receive notification of problems.

I want to connect branch offices to the head office system. How can Perle help?

One of the best ways to connect your serial equipment in the branch office to the head office is to use a JETSTREAM8500 and a couple of routers (such as IOLINK) over a kilostream or ISDN line. Just connect a Router to the head office network and to the ISDN. At the other end of the ISDN, connect the other Router for the branch office network. A JETSTREAM8500 is then linked to the network to provide the necessary serial ports for terminals, printers etc.

I want to connect branch office printers and terminals to the head office system.

One of the best ways to connect your serial equipment in the branch office to head office systems is to use a JETSTREAM8500, JETSTREAM4000 or LANSTREAM2000. The 2 sites can be linked using a router/RAS3000 combination giving TCP/IP access from one network to the other. Terminals and printers can then be connected using Telnet, Rlogin, RCP & LPD or using Perle Specialix software such as MTSD, MTSRD and TruePort.

We are a network management company with a requirement to access serial management ports on a variety of equipment (e.g. routers, workstations, PBX, etc). We need to be able to access these across a TCP/IP network.

The JETSTREAM4000, JETSTREAM85000 and LANSTREAM2000 can be used to give access to serial port from the network. The JETSTREAM ports are configured for reverse telnet and each one given a unique TCP socket number, e.g. 2000. From a PC (or server), with network access, you can then telnet to the individual ports by using the following syntax "telnet 2000". This will give direct access to the port. To protect against unauthorised access, connections can be restricted to systems listed in the JETSTREAM host table.

How many user accounts can be configured on a Jetstream?

All Jetstreams have an internal user database which can hold 32 individual user accounts. If more accounts are needed then an external Radius server will need to be used.

Can a port be locked to a particular user?

Yes. In the port settings for each port there is a user field. If a valid username is entered into the field then only that user will be able to access the port.

Why would I need Trueport software?

If using the Jetstream as a terminal server then normally the ports are setup to Telnet to particular Unix servers. However some applications, such as accounting, need to now what terminal performed what transaction. To achieve this the application often needs to use fixed port addresses. By loading Perle's trueport onto the server it can be configured to create the fixed ports permanently linking to the desired terminal.

There are also appications that need to attach to dumb devices such as barcode scanners which cannot make a connection and so the server must initiate the connection. Again this is done by loading Trueport and then the devices can be accessed through fixed TTY or Fixed COM ports.

We are a network management company with a requirement to access serial management ports on a variety of equipment (e.g. routers, workstations, PBX, etc). We need to be able to access these across a TCP/IP network. How can Perle help?

The JetStream4000, JetStream8500, JetStream2000 or IOLAN+ can be used to give access to serial port from the network. The JetStream ports are configured for reverse telnet and each one given a unique TCP socket number, e.g. 2000. From a PC (or server), with network access, you can then telnet to the individual ports by using the following syntax “telnet 2000”. This will give direct access to the port.

I have a user who is on UNIX and currently using Perle’s TA8’s and multiplexers over leased lines to connect dumb terminals/printers. This user has four remote sites and each site has a multiplexer of eight ports. At the main office all users are using TCP/IP to connect to the Unix box. They want the remote sites to keep the existing terminals and printer plus have TCP/IP.

They need to install TCP/IP routers to connect each remote site to the central site. This will provide TCP/IP connectivity via ISDN or the existing leased line depending on which router technology is selected. The terminals and printers can then be connected to a JetStream or IOLAN+ and accessed via the TCP/IP network. The LANSTREAM2000 can be used to connect the terminals, printers and PC’s via the build Ethernet hub.

Is there an easier way to bill the dial-in clients based on their activity?

Yes. The event log file keeps track of the name, time and number of bytes sent and received. This information then can be imported into an Excel file format. This information can be used to calculate client billings.

What is involved in managing the Perle RAS unit?

Initially, you have to configure the Perle RAS. The only other time you will have to be involved with the Perle RAS is to add/remove users. This can be done either over a dial-in connection or through the corporate LAN.

Will I have to reboot or shutdown the Perle RAS unit every time that I am adding a new user?

No. You do not have to reboot or shutdown the Perle RAS unit.

What other advantage does Call-back give me?

Security. You can pre-define the telephone numbers to be called back.

How can I use the Perle 833AS server to bill my clients?

The Perle 833AS server can provide you with an event log file that is a "comma delimited" format. This file can be easily imported into a Microsoft Excel format or other database tool to generate the guest bill, or billing amount.

What kind of Notebooks / Laptops will we be able to support with this type of service?

Any IBM compatible using Windows® 98, 95 or NT4 workstation, or any computer supporting a PPP protocol can be used.

Can I use the Perle 833AS server for an outside caller to access the Internet?

Yes. You can configure the Perle RAS server and your PBX so that you can provide Internet access to people dialing from outside of the hotel itself. This is useful for internal staff, as well as for any guest who leave the hotel but still needs local Internet access.

How easy is it to maintain the Perle RAS server in this configuration?

There will be virtually no maintenance at all for the Perle RAS server. The only time configuration will be required is if there is a major change in the LAN (such as changing the LAN IP address) or if you want to add more capacity to the Perle 833AS.

Will customers have to spend time configuring their Notebooks / Laptops?

The only thing you have to provide to customers will be a telephone number to call and a PPP configuration guideline sheet that can be provided by Perles Technical Assistance Center. Hotel guests use their own notebooks / laptops, which they are familiar using.

Do I need to change the user’s name and password on the Perle 833AS already for each new guest?

No. The easiest way is to use the room number as the user’s ID, without a password. This way you can bill your guest based on the room number using the hotel’s PBX billing systems.

Should I be aware of any security issues?

No. All the Perle RAS servers come with a very strong TCP/IP filter packet protocol that you can use at either the server or client level. You can also disable all possible protocols other than IP to further protect LAN resources

How do dual hot-swappable power supplies and dual cooling fans help me?

With these Perle 833AS features you will be able to provide Internet access to your guests 24 hours, 7 days a week. A recent Intel study indicated that 82% of server failures were caused by either power supply problems or cooling failures. Redundancy of these features in the Perle 833AS eliminates serve failure problems.

What authentication methods does the Perle 833AS support with PPP?

With PPP, the Perle 833AS allows support for both PAP and CHAP protocols. These authentication protocols can be setup for each user profile.

What is the benefit of using IPX Network numbers?

The benefit of using IPX Network numbers is that the system administrator can control the IPX frame type used by the remote IPX PC. This enables the administrator to make a distinction between internal and remote users on the network.

Does the Perle 833AS support user password expiry dates and what is the advantage of having these?

Yes it does. The main advantage to user password expiry dates is that no one has to remember to manually disable a user's profile at a specific time. Instead, an expiration date can be setup in advance for specific user profiles, giving only authorized users access to the corporate LAN.

Does the Perle 833AS support RIP Version 2?

Yes. The Perle 833AS supports RIP Version 1, RIP Version 1 compatible and RIP Version 2. RIP Version 2 protocol can control the method of authentication used, such as No Password, Plain Text Password or Keyed Message Digest (Encryption).

Does the Perle 833AS support call-back and how does it help to increase LAN security?

Yes it does. With call-back, a remote user dialing into central site must log-on with a password or identification number. The central site server then automatically terminates the connection and calls back the user at a telephone number that has been preprogrammed into the server. This added security measure is reliable for verifying a call from a particular site to help prevent unauthorized access, even if the user's password has been stolen.

Can the Perle 833AS enable/disable protocols?

The Perle 833AS can enable/disable at the server and/or user level, any of IP, IPX, NetBEUI, ARA, BCP and bridging protocols. This security feature limits remote users access to certain protocols. In effect, a firewall is created to provide a higher level of security.

Why does the Perle 833AS support only IP and IPX filters?

The standard for many companies has been to deploy multiple protocols in their network. In recent years, however, companies have moved towards establishing a single protocol network, predominantly IPX or IP. This reduces the costs and hassles associated with management and troubleshooting multiple protocol devices on the network, such as workstations, servers and routers. The trend lately has been more towards homogeneous IP networks.

Does the Perle 833AS support static routing tables?

Yes. The Perle 833AS offers the choice of using either static or dynamic routing tables to suit various IP and IPX protocol network environments.

What are the Lan-to-Lan features of the 833AS and 833IS?

This feature allows an 833AS or 833IS to be used to link 2 independent LANs across an ISDN or ISDN/Analogue WAN connection. The 833AS and 833IS support configurations for permanent or demand links with a variety of options including ISDN spoofing for demand links, ML-PPP (2 ISDN channels only), IP or IPX, etc.

What connections do I require to use the ISDN and V.90 modems in the 833AS/833IS?

The 833AS and 833IS are connected to the public network using ISDN lines only. These lines are capable of carrying both analogue and digital data, the RAS server detects which type of call is coming in and responds with the appropriate modem. For the 833IS the incoming users will be allocated the first free channel with a V.90 modem. For the 833AS incoming users will be allocated the first free modem (if a PRI channel is available). ISDN and analogue remote clients use the same phone number.

Remote Access Solutions