Configuration Interfaces

Using the MAX as an ISP or telecommuting hub

Overview of MAX configuration 2-3

Management features 2-6

MAX profiles

Where to go next

Using the MAX as an ISP or telecommuting hub

The MAX is a high-performance WAN router that concentrates many incoming connections onto a corporate backbone or another network, such as the Internet or a Frame Relay network. The connections are usually switched, but the MAX also supports leased connections for those users whose connection times justify a permanent virtual connection to the backbone network.

A switched connection is a temporary link between devices, established only for the duration of a call. When you use bandwidth-on-demand, the MAX adds and subtracts bandwidth as necessary, keeping connection costs as low as possible.

The MAX most commonly serves as an Internet Service Provider (ISP) hub, managing many switched IP connections to the Internet, or as a telecommuting hub, providing high-speed connections between a corporate backbone and remote locations. MAX configuration options provide the flexibility you need to optimize your installation. Management features include a comprehensive set of control and monitoring functions and easy upgrades.

Using the MAX as an ISP hub

Individuals subscribe to an Internet Service Provider to get a TCP/IP connection to the Internet. Subscribers dial in to a local Point-of-Presence (POP), typically by means of an analog modem, an ISDN V.120 terminal adapter, or an ISDN router such as an Ascend Pipeline. If you use the MAX as an ISP hub, configure it as an IP router, because it establishes the dial-in WAN connection with subscribers and routes their data streams to other Internet routers.

Figure 2-1 shows a typical ISP configuration with three POPs. Each POP has at least one MAX on an Ethernet LAN that also includes another Internet router, which could be, for example, an Ascend GRF 400 router.

Figure 2-1. Using the MAX as an ISP hub

Typically, the MAX has T1 or E1 lines that use ISDN signaling to connect to the WAN and handle the incoming switched connections. To connect to Internet routers, the MAX most often uses the local Ethernet, but the connections between Internet routers can be any high bandwidth connection, such as Frame Relay, nailed T1, nailed E1, HSSI, FDDI, or Sonet. Large ISPs often support redundant MAX units and Internet routers on each Ethernet segment.

Using the MAX as a telecommuting hub

Telecommuters are typically at branch offices, at home, at customer sites, at vendor sites, or on the road. The MAX enables these remote users to access the corporate backbone just as though they were connected locally. The backbone might be a NetWare LAN, an IP network, or a multiprotocol network. Figure 2-2 shows an example in which home users, remote offices, and customer sites can access the backbone network.

Figure 2-2. Using the MAX as a telecommuting hub

In this sample network, a telecommuter in a home office uses a Pipeline 25 and Frame Relay to log into the corporate LAN. Users on a remote office LAN access the backbone via a Pipeline 400 with a Switched-56 connection. A customer can access selected corporate network resources by means of a Pipeline 50 with an ISDN BRI connection. A mobile user with an analog modem can dial into the backbone, provided that the MAX has a digital modem card installed.

Notice that each user can access the MAX through a different type of line. While one user might access the MAX by using the switched services on an ISDN BRI or Switched-56 line another might require a nailed 56K Frame Relay circuit.

Overview of MAX configuration

Before you configure the MAX, you should create a network diagram. Configuration tasks generally consist of:

Configuring the lines, channels, and ports, and how calls are routed between them
Configuring wide area network connections and security
Configuring the MAX as a Frame Relay or X.25 concentrator
Configuring routing and bridging across the WAN
Configuring Internet services, such as multicast, OSPF, and virtual private networks

Creating a network diagram

Ascend strongly recommends that, after you have read these introductory sections, you diagram your network and refer to the diagram while configuring the MAX. Creating a comprehensive network diagram helps prevent problems during installation and configuration, and can help in troubleshooting any problems later.

Configuring lines, slots, and ports for WAN access

The MAX has four built-in T1 or E1 lines and a V.35 serial port (8 Mbps). Each T1 or E1 line has a wide variety of configuration options, including whether or not you use ISDN signaling, the type of physical-layer framing, cable length, and telco options. The way you configure each line affects how much bandwidth will be available and whether you can direct outbound calls to use specific channels. The way you configure channels depends on your connectivity needs.

Use the serial WAN port for a leased high-speed connection to a Frame Relay switch or to another WAN router. The port itself requires little configuration. A Frame Relay or Connection profile specifies most of the required information.

You can add expansion modules to support additional bandwidth (BRI lines), serial host ports modules to support videoconferencing, and digital modems to support analog modem connections over digital lines. The lines and ports on the modules (cards) have their own configuration requirements, including the assignment of phone numbers and information about routing calls.

Once you enable the lines, slots, and ports for WAN access, you need to configure the way in which outbound calls are routed to them (for dial-out access to the WAN) and the way in which inbound calls are routed from them to other destinations (such as the local network).

Configuring WAN connections and security

When the MAX receives packets that require establishment of a particular WAN connection, it automatically dials the connection. Software at both ends of the connection encapsulates each packet before sending it out over the phone lines. Each type of encapsulation supports its own set of options, which can be configured on a per-connection basis to enable the MAX to interact with a wide range of software and devices.

After a connection's link encapsulation method has been negotiated, the MAX typically uses a password to authenticate the call. For detailed information about authentication and authorization, see the MAX Security Supplement. Following are some of the connection security features the MAX supports:

Feature

Description

Authentication protocols

For PPP connections, the MAX supports both Password Authentication Protocol (PAP) and Challenge-Handshake Authentication Protocol (CHAP). CHAP is more secure than PAP, and is preferred if both sides of the connection support it.

Callback security

You can have the MAX call back any user dialing into it, thus ensuring that the connection is made with a known location.

Caller-ID and called-number authentication

You can restrict who can access the MAX, by verifying the caller-ID before answering the call. You can also use the called number to authenticate and direct the call.

Authentication servers

You can offload the authentication responsibility to a RADIUS or TACACS server on the local network.

Security card authentication

The MAX supports hand-held personal security cards, such as those provided by Enigma Logic and Security Dynamics. These cards provide users with a password that changes frequently, usually many times a day. Support for dynamic passwords requires the use of a RADIUS server that has access to an authentication server, such as an Enigma Logic SafeWord AS or Security Dynamics ACE authentication server.

Terminal-server

After a dial-in user has passed the initial connection security, you ca demand another password for access to the MAX terminal services. Within the terminal server, you can restrict commands that are accessible to users, or prevent them from executing any command other than Telnet.

Filters and firewalls

Packet-level security mechanisms can provide a very high level of network security.

Concentrating Frame Relay connections

The MAX provides extensive support for Frame Relay. Using a T1 or E1 line or serial WAN port for a nailed connection to a switch, it can function as a network-to-network interface (NNI) switch, a data communications equipment (DCE) unit responding to users, or as a data terminal equipment (DTE) unit requesting services from a switch.

Enabling X.25 terminal connections

X.25 is a precursor to Frame Relay and is generally considered less efficient. However, many sites use it to transmit information between users across the WAN. It accommodates both high-volume data transfers and interactive use of host machines. The MAX can have one physical connection to an X.25 DCE at the other end of a T1, E1, or BRI line. To support interactive use, the connection must be nailed.

Configuring routing and bridging across the WAN

Routing and bridging configurations enable the MAX to forward packets between the local network and the WAN and also between WAN connections.

Enabling protocol-independent packet bridging

The MAX can operate as a link-level bridge, forwarding packets from Ethernet to a WAN connection (and vice versa) on the basis of the destination hardware address in each packet. Unlike a router, a bridge does not examine packets at the network layer. It simply forwards packets to another network segment if the address does not reside on the local segment.

Using IPX routing (NetWare 3.11 or newer)

The MAX can operate as an IPX router, linking remote NetWare LANs with the local NetWare LAN on Ethernet. IPX routing has its own set of concerns related to the client-server model and user logins. For example, users should remain logged in for some period even if the connection has been brought down to save connection costs.

IP routing

IP routing is the most widespread use of the MAX, and it has a wide variety of configurable options. IP routing is the required protocol for Internet-related services such as IP multicast support, OSPF, and cross-Internet tunneling for virtual private networks. Most sites create static IP routes to enable the MAX to reliably bring up a connection to certain destinations or to change global metrics or preferences settings.

Configuring Internet services

All Internet services and routing methods require that the MAX function as an IP router, so an IP routing configuration is a necessary precondition.

Multicast

The multicast backbone (MBONE) is a virtual network layered on top of the Internet to support IP multicast routing across point-to-point links. It is often used for transmitting audio and video on the Internet in realtime, because multicasting is a much cheaper and faster way to communicate the same information to multiple hosts.

OSPF routing

Open Shortest Path First (OSPF) is the next generation Internet routing protocol. The MAX can be configured to communicate with other OSPF routers within an autonomous system (AS). To enable this routing function, you must configure the OSPF options on the Ethernet interface and for each WAN connection that supports remote OSPF routers.

OSPF can import routes from RIP as well. You can control how these imported external routes are handled by adjusting systemwide routing options such as route preferences and ASE-type metrics.

Virtual private networks

Many sites use the Internet to connect corporate sites or to enable mobile nodes to log into a corporate backbone. Such virtual private networks use cross-Internet tunneling to maintain security or to enable the Internet to transport protocols that it would otherwise drop, such as IPX. To implement virtual private networks, the MAX supports both ATMP, which is an Ascend proprietary tunneling mechanism, and Point-to-Point Tunneling Protocol (PPTP).

ATMP enables the MAX to create and tear down a tunnel to another Ascend unit. In effect, the tunnel collapses the Internet cloud and provides a direct access to a home network. Packets received through the tunnel must be routed, so ATMP applies only to IP or IPX networks at this time.

A PPTP session occurs between the MAX and a Windows NT server over a special TCP control channel. Either end might initiate a PPTP session and open the TCP control channel. Note that opening a PPTP session does not mean that a call is active, it simply means that a call can be placed and received.

Management features

The terminal-server command line provides access to management features that are not available through the menus. The VT100 window does, however, provide status information. The MAX supports SNMP, remote management, serial port software upgrades, and Call Detail Reporting (CDR).

The MAX provides up to nine security levels to control the management and configuration functions that are accessible to users. For detailed information about security profiles, see the MAX Security Supplement. For more information on management features, see the Administration Guide for your MAX.

Using the terminal-server command line

To invoke the terminal server command-line interface, you must have administrative privileges. Once you have activated a Security profile that enables these privileges, you can invoke the command line by selecting Term Serv in the Sys Diag menu. To close the command line, use the Quit command at the command-line prompt. The command-line interface closes and the cursor returns to the VT100 menus. For detailed information on the terminal-server, see Chapter 4, Configuring Individual WAN Connections.

Using status windows to track WAN or Ethernet activity

The VT100 interface displays eight status windows to the right of the configuration menus. The windows provide a great deal of read-only information about what is currently happening in the MAX. If you want to focus on the activity of a particular slot card, you can change the default contents of the windows to show what is currently occurring in that slot.

Managing the MAX using SNMP

Many sites use Simple Network Management Protocol (SNMP) applications to obtain information about the MAX and make use of it to enhance security, set alarms for certain conditions, and perform simple configuration tasks.

The MAX supports the Ascend Enterprise MIB, MIB II, and some ancillary SNMP features. The MAX can send management information to an SNMP manager without being polled. SNMP security uses a community name sent with each request. The MAX supports two community names, one with read-only access, and the other with read/write access to the MIB.

Using remote management to configure far-end Ascend units

When you have an MP+ or AIM connection to another Ascend unit, you can use the management subchannel established by those protocols to control, configure, and obtain statistical and diagnostic information about that Ascend unit. Multi-level password security ensures that unauthorized personnel do not have access to remote management functions.

Flash RAM and software updates

Flash RAM technology enables you to perform software upgrades in the field without opening the unit or changing memory chips. You can upgrade the MAX through its serial port by accessing it either locally or through a dial-in modem. You cannot perform remote software upgrades over the WAN interface because of a conflict between running the WAN and reprogramming the software.

Call Detail Reporting (CDR)

Call Detail Reporting (CDR) is a feature that provides a database of information about each call, including date, time, duration, called number, calling number, call direction, service type, associated inverse multiplexing session, and port. Because the network carrier bills for bandwidth on an as-used basis, and bills each connection in an inverse multiplexed call separately, you can use the CDR feature to understand and manage bandwidth usage and the cost of each inverse multiplexed session.

You can arrange the information to create a wide variety of reports that can be based on individual call costs, inverse multiplexed WAN session costs, costs on an application-by-application basis, bandwidth usage patterns over specified time periods, and so on. With the resulting better understanding of your bandwidth usage patterns, you can make any necessary adjustments to the ratio of switched to nailed bandwidth between network sites.

MAX profiles

A profile is a group of related settings that appear on the VT100 interface. To navigate the interface, use the arrow keys or Control-key combinations as described in the Hardware Installation Guide for your MAX. When you first telnet to the VT100 interface, the Main Edit Menu typically appears:

The items in the Main Edit Menu open submenus, many of which have sub-menus. The 10-100 Net/T1 and 20-000 Net/T1 items, for example, represent the two T1 slots on the MAX. (If your MAX has E1 slots instead, the item names are 10-100 Net/E1 and 20-000 Net/E1.) By selecting one of these two items, you open a submenu from which you can select line configuration or line diagnostics:

If you select line configuration, a list of slot-configuration profiles appears:

Each of the slot-configuration profiles provides access to the same set of parameters. You can configure multiple profiles to create alternative configurations for the slot. If you select one of the profiles, a subprofile of three parameters and two submenus appears:

The two submenus (Line 1 and Line2, often referred to collectively as Line N) provide access to the parameters for configuring the first and second line, respectively, of the slot. For example, if you select Line 1, the following set of parameters appears:

In this manual, an instruction to access a parameter in the Line 1 profile is written as follows:

Net/T1 > Line Config > slot profile > parameter name

or, alternatively,

Net/T1 > Line Config > any slot profile > parameter name

In an example of the settings in a profile, levels of indentation represent the levels of nested subprofiles. For example, a Net/T1 > Line Config > any slot profile > Line N profile could be shown as follows:

Net/T1

    Line Config

        any slot profile

            Line N

                Sig Mode=Inband

                    NFAS ID num=N/A

                    Rob Ctl=Wink-Start

                    Switch Type=N/A

                    Framing Mode=D4

                    Encoding=AMI

                    FDL=N/A

                    Length=N/A

                    Buildout=0dB

                    Clock Source=Yes

                    Collect DNIS/ANI=N/A

                    Pbx Type=N/A

                    Delete Digit=N/A

                    Add Number=N/A

                  Call-by-Call=N/A

Obtaining privileges to use the menus

As explained in the Hardware Installation Guide for your MAX, privileges are often required for changing settings in the MAX menus. To activate a profile, for example, you need full privileges. Unless you have a personal profile that grants full privileges, activate the Full Access profile, as follows:

At the Main Edit Menu, press Ctrl-D.
The Main Edit Menu's DO menu appears.
Select P (Password).
Press Enter or the Right-Arrow key.
The Security Profile menu appears.
Select Full Access.
Press Enter or the Right-Arrow key.
A password entry field appears.
Enter your password within the brackets.
Press Enter or the Right-Arrow key.
If your password is accepted, you have Full Access privileges.
Press Enter.
The Main Edit Menu reappears.

Activating a profile

After you have full privileges as described in the previous procedure, you can now make a profile (such as one of the slot-configuration profiles described on page 2-8) active. Proceed as follows:

Open the profile that you want to make current.
Press Ctrl-D.
The profile's DO menu appears.
Select L (Load).
The Load Profile menu appears.
Select 1 to load the profile.
Profile loaded as current profile appears.
The profile reappears.

Where to go next

When you have planned your network, you are ready to configure the MAX. The flexibility of the MAX and its ever-increasing number of configurations means there is no set order for configuration. You can perform configuration tasks in any order you want. Table 2-1 shows where to look for the information you need.

Table 2-1. Where to go next


To do this:	Go to this chapter or document:
Configure slots, lines, and ports	Chapter 3, Configuring WAN Access
Configure WAN connections	Chapter 4, Configuring Individual WAN Connections
Set up Frame Relay	Chapter 5, Configuring Frame Relay
Set up X.25	Chapter 6, Configuring X.25
Set up packet bridging	Chapter 11, Configuring Packet Bridging
Set up IPX routing	Chapter 9, Configuring IPX Routing
Set up IP routing	Chapter 7, Configuring IP Routing
Set up OSPF routing	Chapter 8, Configuring OSPF Routing
Set up multicast forwarding	Chapter 12, Setting Up IP Multicast Forwarding
Set up virtual private networks	Chapter 13, Setting Up Virtual Private Networks
Work with status windows	MAX Reference Guide
Write configuration scripts	MAX 6000 Series Administration Guide
Set up security	MAX Security Supplement
Set up RADIUS	MAX RADIUS Configuration Guide

techpubs@ascend.com

Copyright © 1998, Ascend Communications, Inc. All rights reserved.