1302565-A Rev. 00
Annex Communications Server R10.0B and
Annex Host Tools R14.2 Release Notes
These release notes apply to the following:
❑
The Annex Communications Server Operational Code
Version R10.0
❑
The Annex Host Tools Version R14.2.24
❑
Quick2Config Annex R2.3
❑
Annex Manager R2.3
The release notes for Quick2Config Annex can be found by selecting
the Readme notepad icon in the Bay Networks Program Group.
Included in these release notes are the following topics:
❑
New Features
❑
Special Considerations
❑
Supported Platforms
❑
Known Problems/Limitations
❑
Problems Resolved with this Release
These release notes supersede the notes provided on the distribution
media.
New Features
Ease of Use Installation
The installation process has been significantly improved and more
binaries have been added to the distribution media. The new
installation script will give users the following options:
❑
Installing the Annex Host Tools and/or Annex Manager 2.3
❑
Extracting only the necessary files from the medium
❑
Editing the necessary system files
302565-A Rev. 00
Annex Communications Server R10.0B and Annex Host Tools R14.2 Release Notes
2
Blacklisting and Password History
Two new security features, user blacklisting and password history,
have been added to the ACP security functionality. The blacklisting
enhancement logs and monitors the number of failed login attempts for
users. The administrator may configure erpcd to disallow a user from
logging into the system based on the number of consecutive failed
login attempts, or the total number of failures over a period of time.
An acp_dbm utility was added to access the database used to store
the user's login history. This feature is not enabled by default.
ch_passwd
The ch_passwd utility has been enhanced to keep a history of a user's
passwords and can be configured to prevent a user from setting a
previously used password. This feature is not enabled by default
unless the system uses shadow passwords.
One-to-Many Dynamic Dial-up Routing
The Annex now provides for dynamic dialout to multiple destinations
via a single modem or modem pool.
Chap Security for PPP
This feature allows for the use of encrypted passwords for PPP.
Enigma Security
The Annex can now authenticate a user via the Enigma SafeWord
Authentication Server.
3
Annex Communications Server R10.0B and Annex Host Tools R14.2 Release Notes
302565-A Rev. 00
CIDR
The Annex now supports Classless Interdomain Routing (CIDR),
which provides for supernetting of Class C addresses. Supernetting
allows you to use a subnet mask that is shorter than the intrinsic mask
derived from the class of the Internet address.
IP Basic Security Option (IPSO)
The Annex partially implements this security option by adding the
IPSO classification level to packets generated by telnet or rlogin
running on an Annex dedicated, adaptive, or CLI port.
ACP Port Statistics Logging
This feature tracks the number of packets sent and received and the
total number of bytes sent and received for each session.
TAP Identification Protocol
The Annex now supports this feature as defined in RFC 1413. TAP
Identification Protocol can determine the identity of a user of a
particular TCP connection. Given a TCP port number pair, TAP
returns a character string that identifies the owner of that connection
on the server's system.
Filtering Improvements
Changes have been made to the filter-action algorithm. There are four
filter lists for any interface:
❑
global filter list for input (interface set to the * symbol)
❑
global filter list for output (interface set to the * symbol)
❑
local filter list for input (interface set to other than *)
❑
local filter list for output (interface set to other than *)
302565-A Rev. 00
Annex Communications Server R10.0B and Annex Host Tools R14.2 Release Notes
4
When a packet is sent by the Annex, the local output filter is scanned
first, followed by the global output filter list. When a packet is
received by the Annex, the local input filter list is scanned first,
followed by global input filter list. For the purposes of the algorithm,
local and global are combined into one large list, and input and output
are considered separately.
The algorithm scans each filter, and if the filter conditions match the
packet under consideration, the associated actions are appended to
one of two lists. If the filter is an include, the actions are placed on the
to-do list. If the filter is an exclude, the actions are placed on the inhibit
list.
Once the complete list (both local and global) has been scanned, one
more check is done. If at least one include filter with the netact action
was seen (not necessarily matched, just scanned) and there were no
exclude filters with netact, the default action is none, that is, not netact.
If there were no include netact filters scanned or if any exclude netact
filters were seen, the default action is netact. This default is added to
the to-do list. Finally, the inhibit values are subtracted from the
to-do list.
The following are examples of this process:
Example 1
No filters at all; all traffic is activity.
Example 2
in include proto tcp dst_port telnet netact
in include proto icmp discard
out include proto icmp discard
Packets received that are destined for the standard telnet port (23) are
considered activity and may trigger a dial if the interface is a dial-out
type. No other IP packets are considered activity, and icmp packets
(such as ping) going either way are discarded. (This shows how
include netact works by itself.)
5
Annex Communications Server R10.0B and Annex Host Tools R14.2 Release Notes
302565-A Rev. 00
Example 3
out exclude proto udp port_pair router router netact
out include proto tcp dst_port smtp no_start
Packets generated by RIP are not considered activity and cannot start
the link. Packets destined for SMTP (email) are considered activity
and will keep an active link up, but will not start a dial. All other
packets are considered activity and will start a dial. (The second filter
could have also specified netact, but that is unnecessary because the
exclude implies that netact is the default.)
Example 4
out exclude dst_address 132.245.33.0/24 netact
out exclude dst_address 132.245.11.0/24 netact
Packets sent to either the 33 or 11 subnets will not be considered
activity. All other packets sent will constitute activity. This
demonstrates how excludes are logically ANDed together.
Example 5
out exclude proto tcp dst_address 132.245.66.0/24 netact
in include proto tcp dst_address 132.245.33.0/24 netact
Packets which the Annex sends over the link that are destined for the
66 subnet are not considered activity. All other packets sent are
considered activity. Packets the Annex receives that are addressed to
the 33 subnet are also considered activity. No other packets received
are considered activity. (This example is included to illustrate how
input and output filters do not interact.)
Setting a specific include with netact when there is an exclude with
netact for the same destination (in or out) has no effect. The exclude
with netact implies that everything else is activity (so no specific
include is needed) and, if the exclude matches the same packet as an
include, the exclude takes precedence (thus no specific include is
possible).
302565-A Rev. 00
Annex Communications Server R10.0B and Annex Host Tools R14.2 Release Notes
6
Disallowing VCLI Service
A new syntax is supported in the services file to disallow the
advertising of VCLI service:
service VCLI no
More Information from the stats -o Command
The stats -o command has been modified to give more information.
In the following example, the option key has been set properly for
tn3270 and LAT, but neither is enabled. In the case of LAT, resetting
the disabled_modules parameter will still not enable it because the
loader has disabled it, and the loader takes precedence over
disabled_modules.
admin : show annex disabled_modules
disabled_modules: atalk,ipx,lat,tn3270
admin :
AppleTalk and IPX are not supported in the Communications Server
release. NA and admin always display these modules as disabled.
The CLI stats -o command, however, does not display them at all.
annex: stats -o
KEYED OPTIONS:
MODULES DISABLED
LAT, tn3270
annex:
LAT:
keyed on but disabled by loader
tn3270:
keyed on but disabled by disabled_modules
dialout/RIP/filtering:
keyed off
7
Annex Communications Server R10.0B and Annex Host Tools R14.2 Release Notes
302565-A Rev. 00
Rotary Enhancement
You can now specify an Annex rotary that is reachable through the
normal UNIX rlogin protocol. Specify either protocol=rlogin or the
alternate TCP port /513 to enable this feature. (The user name and
terminal type are discarded. Thus, if port_server_security is enabled,
you must enter your user name and password again.) For examples:
rlogin:protocol=rlogin 8-12@jdc
rlogin:8-12@jdc+132.245.33.229/513
rlogin:protocol=rlogin 8-12@jdc+132.245.33.229
rlogin:protocol=rlogin direct_camp_on=never
Year 2000 Compliance
The R10.0B release of software is Year 2000 Compliant for Micro
Annex XL and the Annex 3. R10.0B is Year 2000 compliant when run
self-boot mode or when run on a supported platform. The R14.2.24
host tools are Year 2000 compliant when run on a supported platform.
For more information, refer to SPR 11150 in the Problems Resolved
with this Release section.
Special Considerations
The R10.0 image names are as follows:
R10.0 Communication Servers:
oper.42.enet - Annex3
oper.52.enet - Micro AnnexXL
The Communications Server release does not support IPX and ARAP.
After an Annex boots, the Annex parameter disabled_modules is set
to ATALK and IPX. Annex configuration parameters related to these
protocols are in some cases displayed and can be modified but have
no effect on the operation of the Annex. For more information refer
to Known Problems section.
302565-A Rev. 00
Annex Communications Server R10.0B and Annex Host Tools R14.2 Release Notes
8
The smaller image size makes this release suitable for use in the
existing base of installed Annex3 and Micro XL hardware.
The following is a list of supported Annex platforms/configurations:
❑
Micro Annex: 2mb ram/1mb flash/8 serial ports
❑
Micro Annex: 2mb ram/1mb flash/16 serial ports
❑
Annex3: 020 mother board/2mb ram max/1mb flash/32
serial ports*
❑
Annex3: 3mb ram/1mb flash/64 serial ports*
❑
Annex3: 4mb ram/1mb flash/64 serial ports
* Memory limited hardware - Some of the older hardware
configurations may be somewhat memory restricted when
used in a heavily loaded environment. These units have a lower
RAM-to-port ratio and are more likely to run out of memory
when an application demands high simultaneous port usage
with slip, ppp, or multiple sessions per port.
RAM is used to hold the operational image of the Annex. Loading an
operational image larger in size than its predecessor results in less
available memory for processes and sessions. The Communications
Server image size is slightly smaller than R9.2.7, therefore upgrading
from R9.2.7 would have no impact on the available RAM of the Annex.
However, if the upgrade is for a memory-limited Annex running R8.0
that is used in a truly loaded environment, the additional size of the
Communications Server image could cause insufficient RAM
conditions to occur.
Disabling modules that are not being used can often free enough RAM
to run in this situation. Disabling modules adds memory to the
available RAM heap by freeing the RAM that was used to store the
operational code of the module being disabled. Refer to the
Administrators's Guide for more information regarding disabling
modules.
9
Annex Communications Server R10.0B and Annex Host Tools R14.2 Release Notes
302565-A Rev. 00
Table 1 lists the modules that may be disabled in the Communications
Server release and the approximate RAM savings in kilobytes for each
module.
Memory Usage Example
A CLI port with 2 active telnet sessions requires 13.5k: 4.5k for the
CLI and 9k for the two telnet sessions.
The Annex defaults ports to CLI mode. Setting uninhabited ports to
a mode of UNUSED saves 4.5k per port. Administrators can monitor
memory with the CLI stats command. See the example below and the
Administrators's Guide for more detail.
Table 1 RAM Saved by Disabling Modules
Module Disabled Savings
Admin >1
Dialout 4
Ftpd >1
Lat 74
SNMP 81
Slip 9
tn3270 >1
tstty >1
ppp 50
fingerd 2
name server 12
vci 50
edit 23
302565-A Rev. 00
Annex Communications Server R10.0B and Annex Host Tools R14.2 Release Notes
10
Example:
Memory:
total=3145728
avail=1929944
free=882320
min free=785112
fails=0
total The total installed RAM
avail The total available RAM after an image is loaded
free The current free memory available for general
consumption
min free The lowest value the free pool has obtained since the
Annex was booted
Fails Memory was requested but not available.
When configuring a dialout route, you must set the metric for the
dialout route to exactly the same value as the metric on all the ports
for which the dialout is defined. By default, all metrics are 1.
Supported Platforms
The Distribution media contains binary files for most of the supported
platforms. When the script detects that there are binary files for the
host operating system, it gives you the option of installing the binary
files or loading the source code and compiling the software at a later
time. If there are no binary files available, the script loads the source
code and uses an available compiler on the host system to build the
image. If the script does not identify a compiler on your system, it
ends the installation session.
11
Annex Communications Server R10.0B and Annex Host Tools R14.2 Release Notes
302565-A Rev. 00
Table 2 lists the operating system versions supported by R10.0 and
the binary files that are provided on the distribution media.
Known Problems
The modems.annex file Cardinal V.34, Cardinal 56K, Motorola voice/
modemsurfer 56K, Penril V.34, Practical Perf V.34 and 56K, US
Robotics 56K, Courier V.Everything, andZoom 56K. f you have a
modem from another vendor, you may have to update the
modems.annex file.
Annex Manager R2.3 may incorrectly display IPX and AppleTalk as
enabled software options in the Annex Info dialog box. The
Communications Server release does not support either protocol. This
misinformation only occurs in Annexes that have these protocols
enabled in their current option key setting. Obtaining and loading a
new option key eliminates the problem.
When the Motorola V.3400 modem is used with either the Micro
Annex XL or the RA2000, the connection is dropped as soon as DCD
is asserted by the modem. The port must be configured for modem
control and hardware flow control:
❑
control_lines is set to
both
Table 2 Operating System Support
Operating System Files Available
Sun Microsystems SunOS 4.1.4 Binary files and source code
Sun Microsystems SunOS 4.1.3 Binary files
Solaris 2.5.1 Binary files
Solaris 2.4 Binary files and source code
IBM RS/6000 AIX 4.2 Binary files and source code
Hewlett-Packard HP-UX 10.20 Binary files and source code
Hewlett-Packard HP-UX 10.0 Binary files
Linux 2.0.34 Binary files and source code
302565-A Rev. 00
Annex Communications Server R10.0B and Annex Host Tools R14.2 Release Notes
12
❑ input_flow_control is set to eia
❑ output_flow_control is set to eia
The modem must be configured as follows:
❑ hardware flow control set
❑ DSR always on
❑ DCD to follow carrier detect
❑ hangup and reset on loss of DTR
For the time being, forcing DCD high works but will cause a problem
with the Annex terminating sessions. Since the Annex will never see
DCD go low, the connections will not be terminated when users exit.
Problems Resolved with this Release
SPR 11150 The acp_logfile is now year 2000 compliant.
The year 2000 is now displayed as "00" rather than "100".
If you are not installing on one of the supported host
platforms and you use the acp_logfile for accounting
purposes, you should be aware that after 991231 (which
represents 1999/12/31) midnight, the entry in the
acp_logfile will appear as 1000101 instead of 000101. If
you have scripts that use this information for accounting,
you need to modify those scripts to handle this properly.
SPR.8900 Dialback now works properly
SPR.8575 The modems.annex file has been updated to support USR
33.6 modems.
SPR.8702 Maximum value for erpcd max_logon parameter is now
1440 minutes.
SPR.9576 Aprint now works properly.
13
Annex Communications Server R10.0B and Annex Host Tools R14.2 Release Notes
302565-A Rev. 00
SPR.10447 Cardinal V.34, Cardinal 56K, Motorola voice/
modemsurfer 56K, Penril V.34, Practical Perf V.34 and
56K, US Robotics 56K, Courier V.Everything, and Zoom
56K.
Features Not Supported in This Release
The following list of features are not supported by the R10.0B release
of software. The Annex Administrators Guide for Unix that is sent with
this release of software mentions several features which are not
present in the R10.0B software release. Some (but not all) of these
features are listed below:
❑
LP and LPD
❑
TSTTY
❑
TMUX
❑
Embedded RADIUS and RADIUS proxy
❑
IPX
❑
ARAP
❑
Windows NT
-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
Nortel Annex Host Tools R14.2 New Features Manual
- Type
- New Features Manual
- This manual is also suitable for
Ask a question and I''ll find the answer in the document
Finding information in a document is now easier with AI
Related papers
Other documents
-
Lantronix SCS100/SCS200/SCS400 User manual
-
US Robotics COURIER Specification
-
3com COURIER Reference
-
HP LCS60 User manual
-
Cardinal PRT37836 Rectangle In Ground Pool Kit Operating instructions
-
-
US Robotics Courier 3453B Quick Installation Manual
-
Bay Networks 5391 Quick start guide
-
JET JDC-501 Owner's manual
-
