home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1997 December
/
Internet_Info_CD-ROM_Walnut_Creek_December_1997.iso
/
netinfo
/
cs-users.txt
< prev
next >
Wrap
Text File
|
1997-03-24
|
94KB
|
2,870 lines
DEFENSE INFORMATION SYSTEM NETWORK
DIAL-IN DATA SERVICE
USER GUIDE
January 1996
Defense Information System Agency
Center For System Engineering
Data Networks System Engineering Division (JEEFE)
Table of Contents
CHAPTER 1. THE DISN DIAL-IN SERVICE .............................. 1-1
1. Purpose. ..................................................... 1-1
2. Background. .................................................. 1-1
3. Terminal Support. ............................................ 1-1
4. Host Support. ................................................ 1-1
5. Subscriber Connection Process. ............................... 1-2
CHAPTER 2. INTRODUCTION TO USE OF THE COMMUNICATION SERVER ....... 2-1
1. Overview. .................................................... 2-1
2. The Communication Server. .................................... 2-1
3. Protocols. ................................................... 2-2
4. User Registration. ........................................... 2-3
5. How to Get Help ............................................... 2-3
CHAPTER 3. COMMUNICATION SERVER TUTORIAL ......................... 3-1
1. Overview. .................................................... 3-1
2. Hints for the Communication Server Tutorial. ................. 3-1
3. Starting to Use the Communication Server. .................... 3-1
4. Initiating a Connection to the Communication Server. ......... 3-2
5. XTACACS User Verification. ................................... 3-3
6. The Communication Server Herald. ............................. 3-4
7. Using the Communication Server User EXEC Mode. ............... 3-4
8. Automatic Logout for Idle Sessions. .......................... 3-6
9. Closing the Communication Server Connection. ................. 3-7
CHAPTER 4. PORT AND TERMINAL PARAMETERS .................. 4-1
1. Overview. .................................................... 4-1
2. Site File and Communication Server Ports. .................... 4-1
CHAPTER 5. REMOTE CONNECTION SERVICES ............................ 5-1
1. Overview. .................................................... 5-1
2. Procomm Plus Auto-Login Script. .............................. 5-1
3. Telnet Connections. .......................................... 5-3
4. SLIP and PPP Connections. .................................... 5-6
5. Kermit Connections. .......................................... 5-12
CHAPTER 6. OPERATING WITH A STU-III .............................. 6-1
1. Overview. .................................................... 6-1
2. SIPRNET STU-III Operations. .................................. 6-1
3. SIPRNET User Guidelines. ..................................... 6-2
Appendix A Acronyms
Appendix B Terminal Commands
Appendix C ASCII Map
CHAPTER 1. THE DISN DIAL-IN SERVICE
1. Purpose. This document describes the implementation of the
Defense Information System Network (DISN) dial-in service and
provides the user configuration and operations instructions.
2. Background. The Defense Data Network (DDN) was comprised of the
Military Network (MILNET), the Defense Secure Network (DSNET)1,
DSNET2, and DSNET3. The MILNET provided dial-in and dedicated ports
for users who required asynchronous, terminal connectivity to Host
computers via a BBN C30 Terminal Access Controller (TAC). The MILNET
TACs were replaced by a Communications Server (CS) on the
Unclassified but sensitive Internet Protocol Router Network
(NIPRNET). DSNET1 did not provide a dial-in capability but did
support directly connected terminals. A dial-in service was
implemented on the Secret Internet Protocol Router Network (SIPRNET)
which replaced replaced DSNET1. NIPRNET and SIPRNET are part of the
DISN. The CS provides access to the NIPRNET and the SIPRNET from the
subscriber equipment to the CS via dial-in asynchronous lines. The
modems on the CONUS and European NIPRNET access lines and are
capable of evoking compression to achieve a maximum throughput rate
of 57.6kbps while having a data rate (modem to modem) of 14.4kbps in
Europe and 28.8kbps in the CONUS. In the Pacific, the modems support
a throughput rate of 19.2kbps and a data rate of 9.6kbps. Access to
the SIPRNET is via a Secure Telephone Unit III (STU-III) utilizing
the Secure Access Control System (SACS). The STU-III operates at a
14.4kbps line rate (STU-III to STU-III) and can achieve up to
19.2kbps throughput when using the compression mode of operation.
3. Terminal Support. The less sophisticated terminal, sometimes
referred to as a dumb terminal, communicates with a remote host via
the CS by utilizing the Telnet protocol provided in the CS. The
terminal user issues the necessary Telnet commands from the keyboard
to open and close a connection to a remote host. The user can then
perform all the operations on the remote host as if the terminal was
directly connected to the host. The CS also supports access from
subscriber equipment that uses the Kermit protocol thus making
possible direct file transfers to the terminal equipment.
4. Host Support. The CS supports Serial Line Internet Protocol
(SLIP), Compressed SLIP (CSLIP), Point-to-Point Protocol(PPP), and
Compressed PPP (CPPP). While the line speed of the dial-in
connection is a factor, these dial-in hosts have the same networking
capabilities as if they were directly connected to the network. The
CS assigns an IP address to the host at connection time so that the
TCP connection is between the dial-in host and the remote host,
rather than between the CS and the remote host. Therefore, the
dial-in host must be capable of adopting that IP address on a call by
1-2 CS User Guide
call basis.
5. Subscriber Connection Process. In order to establish a
connection to a remote host the subscriber must first connect to the
CS via a dial-up line. The subscriber establishes this connection
through the switched telephone network by dialing the number of the
CS location. Generally, this number will be in a rotary hunt group
as will all phones/ports at that location. SIPRNET subscribers will
dial-in with their STU-IIIs to a 14.4kbps STU-III at the CS port
which will check to determine if their STU-III is on the Access
Control List of the Communication Serverss STU-III. In both the
NIPRNET and SIPRNET the subscriber is given access to the network by
successfully completing an authentication procedure controlled by the
CS. The subscriber must input an User ID and Access Code, which the
CS will pass along to the Network Server (NS) for verification. The
NS is located on the network and the CS communicates with it via the
XTACACS protocol. Once the ID and Password have been verified then
the subscriber is allowed to establish a connection through the
network to any remote host to which it has been authorized access.
The remote host can then enforce its own access control procedure and
typically requires the user to present a proper password. Thus, the
NIPRNET subscriber encounters two separate logons: one to access the
network and a second to access a particular host on the network. The
SIPRNET subscriber experiences three access control procedures.
Dial-in service provided on the NIPRNET will enable the user to
access the CS via a 1-800 service or by a local dial-in service in
CONUS. Not everyone will have access to a local CS so the 1-800
service is required for these individuals. It is also available for
anyone who is on temporary duty (TDY) in that they cannot access
their local CS. The SIPRNET also provides 1-800 service in CONUS.
Both networks will deploy at least one or two CSs in each foreign
country where major US forces are deployed. The 1-800 telephone
numbers for CONUS are as follows:
a. NIPRNET: 1-800-605-3472
b. SIPRNET: 1-800-495-347
CHAPTER 2. INTRODUCTION TO USE OF THE COMMUNICATION SERVER
1. Overview. This chapter explains functions of the Cisco
Communication Server (CS) as deployed on the Unclassified, but
sensitive, Internet Protocol (IP) Router Network (NIPRNET) and on the
Secret IP Router Network (SIPRNET), discusses the use of the
protocols, and then describes where to get help with Communication
Server access procedures.
2. The Communication Server.
a. The Communication Server allows users at asynchronous
terminals to access remote computers (hosts) through a computer
network. The Defense Information Systems Network (DISN) provides the
means by which information from the terminal can be directed to the
correct host and information from the host can reach the correct
destination. The Cisco Communication Server model 2511 will be used
in the DISN.
b. Terminals can be directly connected to the DISN through the
Communication Server, or they may be indirectly connected through a
modem. This guide concerns the terminals connected by the
Communication Server through directly connected lines or through
dial-up lines; in the latter case the user must dial-up the
Communication Server to establish the connection. Each Communication
Server supports 16 asynchronous terminals with DTE speeds (from CS to
modem) up to 57.6kbps. In addition, the system includes the Extended
Terminal Access Controller Access Control System (XTACACS), which
provides authentication and access control for users logging into the
network.
c. The CONUS and the European NIPRNET will support speeds up to
57.6 kbps between the CS and the modem and 14.4kbps between the
modems in Europe and 28.8kbps in the CONUS. The Pacific NIPRNET will
support speeds up to 19.2kbps between the CS and the modem and
9.6kbps between the modems. The higher speeds betreen the CS and the
modems (and between the users workstation and the modem) are achieved
by means of compression algorithms implemented within the modems.
The SIPRNET will utilize Secure Telephone Units (STU)-IIIs instead of
commercial modems and will support speeds up to 19.2kbps between the
CS and the STU-III and 14.4 kbps between the STU-IIIs. The speeds
may be different along the path due to the compression schemes used
by the modems and the STU-IIIs.
d. The network can be considered as a way that a remote
computer connected to the network (which will often be called a host)
and the users terminal can communicate. With the Communication
Server, the user at the terminal can open a connection to a host.
2-2 CS User Guide
The Communication Server thus acts as the users window to the DISN.
If the users terminal is a PC, it can be equipped with software that
will provide the SLIP or PPP protocols and TCP/IP that enable
operation as a host.
e. Each of the Communication Servers in the DISN connects to a
router. Routers are responsible for routing messages between user
terminals (or Hosts) and network based hosts. Routers also perform a
number of other important network functions, including error handling
and support of the physical transmission.
3. Protocols.
a. To maintain the connection between a terminal and a host
during network communications, the Communication Server and the
network based host use a set of conventions called protocols. If the
user is operating a dumb terminal, the network protocols, TCP/IP, are
not visible at the terminal they are present between the CS and the
network host. The Communication Server includes support for the
following protocols:
b. Transmission Control Protocol/Internet Protocol (TCP/IP) is
the underlying protocol used to communicate with remote hosts. TCP
is responsible for ensuring that data sent between the CS and the
host arrive in order and intact. (Note that there is no guarantee on
how the host will handle the data, once it arrives.) The Telnet
protocol uses TCP/IP and is normally used by terminals for remote
login to hosts for editing text files, using electronic mail or
running text-oriented applications. Other protocols such as Kermit
are used to accomplish file transfers over a telnet connection. Users
with SLIP or PPP can operate as remote hosts with the CS acting in a
passive role with respect to the end to end TCP connection.
c. Serial Line Internet Protocol (SLIP), Compressed SLIP
(CSLIP), Point-to- Point Protocol (PPP) and Compressed PPP (CPPP) are
protocols which provide a dial-up host capability. User terminals
capable of TCP/IP can employ SLIP or PPP to transport their data over
the asynchronous line to the CS.
d. The Communication Server does not restrict a users
connections to hosts which are on the same network as the
Communication Server. By using Internet Protocol (IP), the
Communication Server allows connections to hosts on other networks.
These other networks are part of a system of networks (an internet)
joined by gateways.
e. In addition to TCP, IP, SLIP, CSLIP, PPP and CPPP, the
Communication Server may use other protocols in connecting a users
CS User Guide 2-3
terminal to a host. Telnet is one of the more common protocols used.
The CS also supports Xremote, MACIP, TN3270, and rlogin protocols.
4. User Registration. Each user must be properly registered to use
a NIPRNET or SIPRNET Communication Server.
a. Communications Server Registration. Communications Server
(CS) cards may be obtained through a process described in the
appropriate DISN Management Bulletins. The NIC or in the case of the
SIPRNET, the SIPRNET Support Center (SSC) will provide the user with
a UserID and password as a result of following the registration
proceedure. The NIC or SSC also enters the users CS UserID and
password into the database associated with the Communication Server.
If a user requires service on both networks, a separate CS card must
be requested and issued for each network.
b. SIPRNET STU-III Registration. Users of the SIPRNET will be
issued a STU-III KSD (Seed Key) with a unique SIPRNET
Department/Agency/Organization (DAO) code. This special Crypto
Ignition Key (CIK) will be required to access the Communication
Servers STU-III Secure Access Control System (SACS). A further
description of the STU-III is contained in Chapter 6.
5. How to Get Help. A beginning Communication Server user needs to
know the resources available for obtaining assistance. Aside from
this document, there are two major help resources, the Network
Information Center (NIC) Customer Assistance Desk and the Regional
Control Center (RCC), as described below.
a. DISN Dial-in Data Service User Guide. This document
contains information that will assist the Communication Server user
with the correct terminal setup and Communication Server commands
necessary for most situations and should be the users first point of
reference.
b. NIC Customer Assistance Desk. The HELP Desks of the DoD NIC
and the SIPRNET Support Center provide assistance for Communication
Server users with problems. It is the first point of contact for
users having problems opening a Communication Server connection. The
staff will be able to assist users with information concerning the
specific terminal its rate, control keys, and type of connection. If
an especially difficult problem arises, the staff will know whom to
contact for help. These HELP Desks may be contacted between the
hours of 0700 and 1900 Eastern Time (ET). Telephone numbers are:
(1) DoD NIC
(a) CONUS 1-800-365-3642
2-4 CS User Guide
(b) OCONUS and Washington D.C. Metro area
(703) 821-6266
(1) SSC
(a) CONUS 1-800-582-2567
(b) OCONUS and Washington D.C. Metro area
(703) 821-6260
c. On-line Information. The DoD NIC and the SSC also provide
an on-line list of Communication Server locations, telephone numbers,
and modem types/speeds. This information may be accessed by:
(1) World Wide Web: http://nic.mil
(2) Anonymous FTP: USERID - anonymous; PASSWORD - guest
d. Regional Control Center. Each DISN sub-network includes a
RCC that is responsible for monitoring and controlling the network.
This center assists users with problems related to network
connectivity. The RCCs are operational 24 hours-a-day, 7 days-a-
week. The telephone numbers are:
(1) NIPRNET
(a) CONUS 1-800-554-3476
(b) EUROPE
++49 711-680-5532/5534
DSN (314)430-5532/5534
(c) PACIFIC
1 (808) 656-1472
DSN (315)456-1472
(1) SIPRNET
(a) CONUS 1-800-451-7413
(b) EUROPE
++49 711-680-5532/5534
DSN (314)430-5532/5534
(c) PACIFIC
1 (808) 656-1472
DSN (315)456-1472 DSN (315)456-1472
CHAPTER 3. COMMUNICATION SERVER TUTORIAL
1. Overview. This section explains the basic steps necessary to use
the Communication Server. This basic information should be
sufficient for many users who only want to do very simple
Communication Server procedures. For more detailed information,
refer to later chapters.
2. Hints for the Communication Server Tutorial. Before beginning,
here is some essential information about the Communication Server
commands and messages.
a. Username and Password. The Usernanme: and Password: are
CASE SENSITIVE and MUST be entered exactly as only UPPERCASE.
b. Other Commands. All other communication server commands may
be entered in either uppercase, lowercase, or a combination of
uppercase and lowercase.
c. Listing Commands. To obtain a list of user commands, enter
a question mark (?) followed by a carriage return. To list valid
keywords, options, or arguments for a command, enter the known
command and a question mark (e.g. resume ?). A partial command plus
question mark (?) entered without a space (e.g. show pr?), will
provide the completed command or in the case of similar commands, a
listing of those commands.
d. Abbreviating Commands. Commands and keywords may be
abbreviated to the number of characters necessary to make the command
abbreviation unique.
e. Incomplete Commands. The Communication Server will respond
with % Incomplete command When a command is entered that requires an
argument.
f. Incorrect Commands. The user interface helps to check
commands for syntax errors. If an error is detected, a caret (^) is
placed underneath the command to indicate where the error occurred.
The error may be a command, keyword, or argument as shown in the
following example where the telnet command is entered incorrectly:
cs> telnet 130.106.32.53 hostname
^
% Invalid input detected at ^ marker.
3. Starting to Use the Communication Server. There are two types of
physical connections between the terminal and the Communication
Server: dedicated connections and dial-up connections.
3-2 CS User Guide
a. Dedicated Connection. A dedicated connection means that the
terminal is linked to the Communication Server by a directly
connected cable or wire. As a result, there is no need to manually
establish a physical connection to the Communication Server as the
terminal is always connected.
b. Dial-Up Connection. Most terminals are connected to the
Communication Server by a dial-up through a public or Government
telephone line. Regardless of the type of telephone service, a
dial-up connection means that the Communication Servers attention is
obtained by dialing a telephone number and the Communication Server
answers the telephone at the other end. A dial- up connection always
requires that a user initiate the dial-up procedure to establish the
connection between the terminal and the Communication Server.
(1) NIPRNET Dial-up Connection. At each end of the dial-
up connection is a device called a modem. At the user end, this
device converts signals from the terminal to a form acceptable for
transmission over the telephone line. At the Communication Server
end, the modem auto-answers and converts the signal back to a form
that is acceptable to the Communication Server.
(2) SIPRNET Dial-up Connection. Users of the SIPRNET must
use a STU-III phone instead of a modem. At the Communication Server
site the line will terminate in an AT&T Model 1910 STU-III which will
be equipped with the Secure Access Control System (SACS). A further
description of using the STU-III can be found in Chapter 6.
4. Initiating a Connection to the Communication Server. The
procedure used for connecting to the Communication Server varies
depending on the type of connection between the terminal and the
Communication Server.
a. Dedicated Connections. For dedicated connections, turn
on the terminal (normally a personal computer or PC) and enter the
communications package to be used. Some terminals do not use
communication packages as they do not have a Central Processing Unit
(CPU), these are known as dumb terminals. A dumb terminal has a
specific terminal emulation interface configured, such as vt100.
Regardless of the terminal type being used, the line setup may be
accessed and configured to the users needs. Consult the
communication package or terminal documentation for assistance.
Refer to Chapter 4 for typical line setup information.
b. Dial-up Connections. For dial-up connections to the
Communication Server, turn on the terminal, enter the communications
package (if required), and then dial the Communication Server number.
The user initiated procedure for calling varies depending upon the
CS User Guide 3-3
type of user-provided modem and communications software. Consult the
vendor documentation or local support personnel for assistance on
dialing in. Once connected, a CONNECT plus the baud rate which is
being used will be displayed, for example CONNECT 9600.
c. STU-III Connection. See Chapter 6.
5. XTACACS User Verification.
a. Log-in Prompt. An XTACACS security system is implemented on
the Communication Servers to authenticate each user as being an
authorized and registered network user. The Communication Server
will respond with:
User Access Verification
Username:
Password:
b. Log-in Response. The user must respond with the username
and password registered to them as provided on the XTACACS card
(remember that this is case sensitive (ALL ENTRIES MUST BE
UPPERCASE). The password will not echo on the terminal screen.
c. Incorrect Response. If an incorrect username or access code
is entered, the system will respond with % Access denied, then ask
for the username and password again. The system will disconnect a
user after the third incorrect username and password login attempt.
The Communication Server herald will be displayed after a successful
login.
d. Log-n Failue. If a user cannot login to the Communication
Server successfully using the XTACACS card username and password, the
user should contact the NIC or SSC as appropriate for assistance.
3-4 CS User Guide
6. The Communication Server Herald. Once successfully logged into the
Communication Server, a herald will be displayed as shown in Figure 3-1
below.
************************************************************************
USE OF THIS OR ANY OTHER DEPARTMENT OF DEFENSE INTEREST COMPUTER SYSTEM
(DODICS) CONSTITUTES AN EXPRESS CONSENT TO MONITORING AT ALL TIMES.
This DODICS and all related equipment are to be used for the
communication transmission, processing, and storage of officual U.S.
Government or authorized information only. All DODICS are subject to
monitoring at all times. If monitoring of any DODICS reveals possible
violation of criminal statutes, all relevant information may be provided
to law enforcement officials.
************************************************************************
Figure 3-1 Communication Server Herald
7. Using the Communication Server User EXEC Mode.
a. After a successful user login, the Communication Server will
respond by placing the user in what is known as the user EXEC mode
with a default prompt of cs>. This prompt may be configured to
reflect the system name, number, or type, e.g. NIPRNET-010>. The
user may now set up any specific terminal requirements (see Chapter
4) or enter other commands such as connect and telnet or enter into
SLIP or PPP mode.
b. The user EXEC commands are generally utilized to connect to
remote systems, temporarily change terminal settings, perform basic
tests, and list system information.
c. User EXEC commands are listed in Table 3-1. The actual
list of available user commands is dependent on the Communication
Servers software version and configuration.
Table 3-1. User EXEC Mode Commands
____________________________________________________________________________
Command Action
____________________________________________________________________________
?
list user EXEC mode commands
Ctrl^X
Connection escape sequence; use to switch back and
forth between open connections
CS User Guide 3-5
____________________________________________________________________________
Command Action
____________________________________________________________________________
<1-99>
connection number to resume
connect
open a connection to a remote host by specifying the
host name or Internet Address
disconnect
break a connection to a remote host
exit, quit, logout
close any active terminal sessions
help
describes the interactive help system
lat
open a lat connection
lock
prevent access to your session and keyboard, keeping
your connection open (you are prompted for a password)
login
login as a particular user
name-connection
assign a logical name to a connection
pad
open a X.29 PAD connection
ping
send an echo messages to remote host by specifying the
host name or Internet Address
ppp
start the Internet Engineering Task Force (IETF)
Point-to-Point Protocol (PPP)
resume
return to a previous connection; optional argument is
the connection name or number, default is the most
recent connection
rlogin
open the terminal emulation program rlogin
show ?
list the information commands available
show sessions
list active terminal information
show terminal
list current terminal configuration parameters
show users
list information on active CS ports
slip
start serial line IP (SLIP)
3-6 CS User Guide
____________________________________________________________________________
Command Action
____________________________________________________________________________
systat
show terminal lines and users
telnet
open a telnet connection to a remote host by specifying
the host name or Internet Address
terminal
change terminal parameters (see Chapter 4)
tn3270
open a tn3270 connection
trace
trace a route to a remote destination
where
show open connections
x3
set X.3 parameters on PAD
xremote
enter xremote mode
d. The prompt
DISN-niprnet 010>?
can be configured to reflect the system name, number, etc so it may
change over the course of time but the user EXEC mode prompt ALWAYS
ends with the greater than sign >.
8. Automatic Logout for Idle Sessions.
a. The Communication Server has two separate timers to detect
idle sessions, a user EXEC mode timer and a terminal line session
timer.
b. The user EXEC mode timer starts after a successful CS login
and each time the user becomes idle while in the user EXEC mode. If
the terminal remains idle for 5 minutes while in the user EXEC mode,
the terminal connection will be dropped, normally causing a string of
random data to be displayed on the terminal screen, followed by NO
CARRIER
c. The terminal line session timer starts after a remote
connection is established from the Communication Server to a remote
host and each time the terminal becomes idle afterwards. The above
mentioned user EXEC mode timer is off at this point. If the terminal
line session remains idle for 30 minutes, an error will be displayed
CS User Guide 3-7
as shown below. The terminal connection to the Communication Server
will be dropped, and again the random data will appear followed by:
NO CARRIER
[Connection to SAMPLE.HOST.DOMAIN idle too long; timed out]
9. Closing the Communication Server Connection.
a. All connections to remote hosts that were opened by the user
should be closed properly before the user logs out of the
Communication Server. The user may then issue any of the following
commands to end an active session.
exit
quit
logout
b. At the end of each session, be sure to close the connection
to the Communication Server as only a limited number of users may
connect at one time. Also, if the terminal will not be used for an
extended period of time, logout of the host and Communication Server
so that other users may connect.
CHAPTER 4. PORT AND TERMINAL PARAMETERS
1. Overview. This chapter explains the concept of the Communication
Server ports and discusses the types of connections that are
possible.
2. Site File and Communication Server Ports.
a. Default Configuration. The Communication Server has to be
informed of important features about the terminal and line settings.
Each Communication Server port is configured to expect certain
characteristics in the terminal connected to it. This information
concerning terminal characteristics, the configuration, is contained
in the Communication Server site file, a software file that resides
in memory. These configurations are set up for each port when the
Communication Server is first installed or when a port is activated
for a new user in response to a Telecommunications Service Request
(TSR). Default configurations are maintained to allow maximum user
flexibility.
b. Default Port Parameters. The initial configuration concerns
terminal characteristics associated with the physical connection
between the terminal and the Communication Server. The physical
connection and the characteristics associated with it are
collectively called the Communication Server port. Table 4-1 provides
a partial listing of standard default port parameters that may be
helpful to users connecting to the Communication Server.
Table 4-1.
Communication Server Default Port Parameters
tab (?); l l l lw(1.5i) lw(2.0i) lw(2.5i). _
Parameter?Default?Comment _
line speed (NIPRNET)?T{ 9.6 kbps in PAC 14.4kbps in Europe 28.8 kbps
in CONUS T}?T{ Max rate between modems T}
rx/txspeed (NIPRNET)?T{ 19.2 kbps in PAC 57.6 kbps in EUR and
CONUS T}?T{ Max speed of the DTE interface (not rate between modems)
T}
line speed (SIPRNET)?T{ 14.4 kbps T}?T{ Max rate between modems T}
rx/txspeed (SIPRNET)?T{ 19.2 kbps T}?T{ Max speed of the DTE inter-
face (not rate between modems) T}
4-2 CS User Guide
tab (?); l l l lw(1.5i) lw(2.0i) lw(2.5i). _
Parameter?Default?Comment _
terminal type?vt100?
stopbits?1?
databits?8?
parity?none?
hardware flow control?enabled?CTS/RTS
software flow control?disabled?
modem?RI-is-CD?T{ Ring Indicator control line used as the Carrier
Detect T}
modem answer timeout?60?T{ Hangup after 60 seconds, if unable to
answer T}
data carrier detect?on?When carrier present
c. Current Terminal Port Configuration.
1) To list the current terminal configuration use the show
terminal command. If the configuration of the port does not meet the
users special requirements, the user may negotiate a change to the
initial port configuration for the duration of the session only, by
using the terminal command. When the session is over, the port will
return to the initial configuration defined in the site file.
2) It should be noted that when configuring the terminal
and the modem at the users site, the terminal and the modem should be
configured with hardware flow control (RTS/CTS) on and software flow
control (XON/XOFF) off. This configuration is necessary to be compa-
tible with the Cisco CS and the XON/XOFF flow control needs to be
disabled when using SLIP or transferring a binary file.
3) User Definable Parameters. Specific terminal parameter
options that can be tailored by the user for Communication Server
ports are listed in APPENDIX B. Settings may also be changed or
removed by using the keyword "no" before the command. For example,
the following command will remove any padding characters that were
previously set in the data stream:
CS User Guide 4-3
cs> terminal no padding
4) To obtain a list of keywords or options associated with
a particular terminal command enter the command and a question mark
(?). For example, if you enter the following command;
cs> terminal telnet ?
the CS will respond with the following;
tab (/); lw(3.0i) lw(3.0i).
break-on-ip/T{ Send break signal when interrupt is received T}
refuse-negotiations/T{ Suppress negotiations of Telnet Remote Echo
and Suppress Go Ahead options T}
speed/Specify line speeds
sync-on-break/T{ Send a Telnet Synchronization signal after receiving
a Telnet Break signal T}
transparent/T{ Send a CR as a CR followed by a NULL instead of a CR
followed by a LF T}
CHAPTER 5. REMOTE CONNECTION SERVICES
1. Overview. This chapter describes basic procedures used to
connect a terminal through the Communication Server to a remote host,
using Telnet, SLIP, CSLIP, PPP, CPPP or Kermit.
2. Procomm Plus Auto-Login Script. Users of Procomm Plus by
DataStorm Technologies, Inc., may use the sample auto-login script in
Figure 5-1 to access the Communication Server. While using Procomm
Plus, only Telnet and connect commands may be used from the
Communication Server to reach a remote host. To setup the auto-login
script for individual use, follow the steps below referencing the
Procomm Plus documentation, if necessary:
a. Add the local Communication Server telephone number to the
Procomm Plus dialing directory. Note the dialing directory entry
number.
b. Create a comserv.asp file in the PCs C:PCPLUS directory with
all of the information shown in the sample using the PCEDIT text
editor which is part of Procomm Plus.
c. Replace 1 in dial 1 below, with the dialing directory entry
number.
d. Replace the XXXX-XXX entry with the authorized Username:.
e. Exit the editor and enter aspcomp comserv.asp to compile the
login script.
f. In Procomm Plus, use the Alt-F5 keys to bring up the script
and execute it.
5-2 CS User Guide
;*********************************************************************
;* Filename: COMSERV.ASP *
;* Sample Procomm Plus ASPECT script file for logging into a *
;* Communication Server via a dial-up modem. *
;*********************************************************************
proc main ; start of main procedure
dial 1 ; dial entry 1 from dialing directory
pause 3 ; wait three seconds
transmit ^M ; send a carriage return
waitfor Username: ; wait for Username:
transmit XXXX-XXX ; send your ID
transmit ^M ; send carriage return
waitfor Password: ; wait for Password:
atsay $ROW $COL 15 Enter your password and a carriage return!
endproc ; end of main procedure
Figure 5-1. Sample Procomm Plus Login Script.
3. Telnet Connections.
a. Assumptions. If you are unfamiliar with connecting to the
Communication Server, refer back to Chapter 3 for the basic steps.
This section assumes that you have already connected to the
Communication Server.
b. Commands. Telnet is available for making connections to a
host. Connect is another command name for telnet and operates in the
same manner. To telnet or connect to a host, enter either of the
following:
connect host [port] [keyword]
telnet host [port] [keyword]
Host - a host name or IP address is mandatory
Port - a port number is optional, the default value is 23
Keyword - a keyword is optional, see table 5-1
CS User Guide 5-3
Table 5-1. Telnet Connection Keywords
tab (?); l l lw(1.5i) lw(3.5i). _
Keyword?Description _
/route path?T{ The /route path argument is a list of host names or IP
addresses for nodes to use in reaching the final destination. T}
/line?T{ Turns on Telnet line mode. In this mode, the server sends no
data to the host until you press Return. T}
/debug?Turns on debugging.
/stream?T{ Turns on stream processing, enabling a raw TCP stream with
no Telnet control sequences. T}
c. Learned Host Names.
1) The Communication Server learns host names that are
used, as long as the name does not conflict with Communication Server
commands. The name may then be used by itself without entering the
telnet or connect command. To see a list of available hosts, enter
"show hosts" at the Communication Server prompt.
2) The Communication Server assigns logical names to each
connection, which several commands use to identify those connections.
The logical name is the same as the host name, unless that name is
already in use. If the name is already in use, the server assigns a
null name to the connection.
d. Telnet Escape Sequences.
1) Telnet supports special commands in the form of Telnet
escape sequences that map terminal functions to operating system-
specific functions.
2) To issue a special Telnet command, enter the escape
sequence and then the command character. The default escape sequence
is Ctrl-Shift-6, (press and hold the Control key while pressing the
shift and 6 key). Table 5-2 lists the special Telnet commands.
5-4 CS User Guide
Table 5-2.
Special Telnet Commands
center tab (/); l l l c. _
Terminal Function/Escape Sequence, plus _
Break/B Interrupt Process (IP)/C Erase Character (EC)/H Abort Output
(AO)/O Are You There? (AYT)/T Erase Line (EL)/U
3) Any time during a Telnet session, you may list the Tel-
net commands by entering the Telnet escape sequence followed by a
question mark at the system prompt:
Ctrl-^ ?
4) The Telnet escape sequence may also be changed with the
terminal escape-character <ASCII #> command. If 16 were entered for
the ASCII number, the terminal escape sequence would be Ctrl-P.
APPENDIX C contains an ASCII-Translation Table
e. Multiple Telnet Sessions. You may have several sessions
open and switch back and forth between them. To switch between ses-
sions, escape out of the current session by pressing Ctrl-^X to
return to the EXEC prompt, list the current sessions for the terminal
with the where command, and then enter resume <session number>. A
carriage return by itself resumes the previous connection. The
resume command accepts the connection number as an option along with
the list defined in Table 5-3.
CS User Guide 5-5
Table 5-3.
Telnet Resume Options
center tab (?); l l lw(1.0i) lw(3.0i). _
Option?Description _
/debug?Prints parameter changes and messages. /echo?Performs local
echo. /line?Enables line-mode editing. /nodebug?Cancels debug mes-
sages. /noecho?Disables local echo. /noline?Disables line mode and
enables character-at-a-time as the default. /nostream?Disables
stream processing. /stream?Enables stream processing.
f. Example. This section is an example of using the Telnet
protocol to connect to a remote host via the Communication Server
(CS).
1) Dial the number of the CS from the list provided in the
main body of the document. The dial-in sequence can be a manual
operation or done via the terminal using the AT commands associated
with the modem. A typical command is ATDT 555-8065, where AT is the
Attention Code telling the modem that a command follows. D is the
dial command and T is the tone command. The attention code (AT)
maybe upper or lower case, but not a combination of both such as aT.
2) Once the phone connection has been established then the
CS will respond noting the speed of the connection between the CS and
the modem [such as CONNECT 19200], with a User Access Verification
prompt asking for the user name and then the password. User name and
password are CASE SENSITIVE. They must be entered in UPPER CASE. If
an incorrect user name or password is entered, the CS will respond
with %Access denied, and request the user name and password again.
The CS will disconnect a user after the third incorrect login
attempt. After the CS has verified that this is a registered user
then the CS will respond with a herald noting that use of the system
constitutes an express consent to monitoring at all times and that
the system is for official use only. The prompt will follow the
herald.
cfse-2511>
This prompt will indicate the name or number of each particular CS.
The user is now allowed access to the network and can make connec-
tions to hosts located on the network.
3) Connection to a host can be made using the connect or
5-6 CS User Guide
telnet command and the host name or IP network address. At the
prompt enter the command.
cfse-2511>{connect|telnet}host[port]/keyword
The argument host is a host name or Internet address. The optional
argument port is a decimal TCP port number, the default value is 23,
the well known telnet server port. If you prefer, just enter the
host name or IP network address without the command since the Cisco
implementation does not require the command word to establish a tel-
net connection. Thus, a telnet connection can be made in one of the
following ways.
cfse-2511> connect [enter host name]
cfse-2511> [enter host name]
cfse-2511> telnet [enter host name]
cfse-2511> [enter IP address]
cfse-2511> connect[enter IP address]
cfse-2511> telnet [enter IP address]
where [host name] is the name of a particular host and [IP address]
is the IP network address assigned to that particular host.
4) When a connection has been made to the remote host,
then the host will respond with a login and password sequence to
ensure that this is an authorized user. After the user has success-
fully logged onto the host, then the host will respond with a prompt
such as follows.
Host Name%
The user can now enter the appropriate Telnet commands at the host
prompts to effect the necessary data transfers.
5) When the session is completed, enter the logout command
at the host prompt. The host will respond with a message that the
connection has been closed and the CS prompt will appear.
cfse-2511>
enter the quit, exit, or logout command. This terminates the connec-
tion from the terminal to the CS. The CS will respond with the mes-
sage NO CARRIER. The user can now hang up the phone.
4. SLIP and PPP Connections.
CS User Guide 5-7
a. Overview. The Serial Line Internet Protocol (SLIP) and the
Point-to-Point Protocol (PPP) define methods for sending IP packets
over standard RS-232 asynchronous serial lines. These protocols
encapsulate the IP datagrams for transmission over the point-to-point
links and can be used with asynchronous dial-up modems, allowing
access to a network without the cost of a leased line. A connection
to a remote host may be made using SLIP or PPP from a Personal Com-
puter (PC). It is also possible to set up SLIP and PPP in a mode
that compresses packets for more efficient use of the line. These
modes are called CSLIP and CPPP. The interfaces are configured in
the interactive mode as defined by Cisco. In this mode a line can be
used to make any type of supported connection, depending on the com-
mand entered by the user. For example, depending on its configura-
tion, the line can be used for telnet connections or SLIP/PPP connec-
tions. The default addressing scheme will be used at the interfaces,
which means that the CS will assign the IP address. The assigned
default address is implemented when the user enters the slip default
or the ppp default command. In order to use the SLIP and PPP
features associated with the CS the terminal must be equipped with
the TCP/IP protocols and either the SLIP or PPP protocol. Either
SLIP or PPP is used on a given line during a connection. A number of
software packages are available for installation on a PC or Worksta-
tion that provide SLIP and PPP.
1) Winsock. Winsock is a networking software which pro-
vides a TCP/IP stack for PC networking applications running on a Win-
dows environment. Winsock provides facilities to allow Async serial
SLIP, PPP, ftp and Telnet over IP connections. Peter Tattum's Trum-
pet Winsock is public domain software available via anonymous FTP
from the server tbone.biol.scarolina.edu in directory /pub/kit. The
00README.DOC in that directory provides instructions on which files
to fetch, how to unpack them onto floppy disks and how to install the
software. 8 to 12 MBytes of memory and 1 MByte of disk space are
required to install and run Trumpet Winsock. The product is free for
evaluation purpose up to 30 days period. A registration fee is
required if using the software within the organization.
2) CHAMELEON.
Another networking software package to provide access is the Internet
Chameleon from NetManage Inc. This commercial software provides the
broadest suite of Windows TCP/IP applications in the industry in
addition to a TCP/IP protocol stack that takes only 6KB of base
memory. All NetManage applications give users an easy to use Windows
interface while providing an advanced set of features. The product is
also available free for evaluation purpose only up to 30 days trial
period. The evaluation version can be download via anonymous FTP
from ftp.netmanage.com.
5-8 CS User Guide
b. SLIP Connection. To make a SLIP connection, connect to the
Communication Server as described in Chapter 3 and enter the follow-
ing command at the user EXEC mode prompt:
slip [host] [/routing] [/compressed]
Host
The remote host name or IP address
/routing
This is optional, indicating that the remote system is a route path.
The line must be configured for asynchronous routing, using SLIP
encapsulation.
/compression
This optional IP header compression. The default is on, using Van
Jacobson TCP header compression defined in RFC 1144.
c. SLIP Setup. The Trumpet Winsock and Chameleon both provide
setup and dial-up menu options for SLIP connection. The PC needs to
be configured with the following parameters:
IP address/Netmask
Internet IP address. The IP address and Maximum Transmission Unit
(MTU) size will be assigned by the Communication Server. The user
must enter the assigned IP address in order to access the network.
Also, the user can take advantage of the BOOTP feature to obtain the
IP address from the Communication Server.
Name Server
Name Server IP address for DNS searches. This value can be obtained
via BOOTP
Domain Suffix
The domain suffixes to be used when resolving names in the DNS sys-
tem.
MTU
Maximum Transmission Unit. This value is computed by subtracting 40
from the TCP Maximum Segment Size (TCP MSS) which is set in the Comm
Server to 600. Therefore the users should set their value to 560.
CS User Guide 5-9
TCP RWIN
TCP Receive Window. It is recommended that this value be roughly 3
to 4 times the value of TCP MSS.
TCP MSS
TCP Maximum Segment Size. The Comm Server will provide the MTU size
SLIP port
Comm Server port number
Baud Rate
The speed you wish to run
d. Sample SLIP Script. The Trumpet Winsock and Chameleon allow
manual login or automatic scripting to access the communication
server. Both provide a generic script file for dial-up connection.
The generic script file provided by Trumpet Winsock is the login.cmd
and the file provided by Chameleon is slip.ini. Users may create
their automatic dialing script from the generic script files
described above or the sample of the Trumpet Winsock auto script file
attached below:
#################################################################
#
# check modem
output AT\13
input 10 OK\n
output AT&c1&d2\13
input 10 OK\n
%number = 0
%connected = 0
repeat
# Increase limit below to dial more numbers
%number = %number + 1
if %number > 3
%number = 1
end
# First
if %number = 1
output ATDT7353346\r
end
5-10 CS User Guide
# Second
if %number = 2
output ATDT7353348\r
end
# Third
if %number = 3
output ATDT7358249\r
end
if [input 15 BUSY]
display =Busy, busy, busy...
%connected = 0
else
if [input 30 CONNECT]
%connected = 1
else
display =Does not answer...\r\n
end
end
sleep 1
until %connected = 1
display \7
#
# wait till its safe to send because some modems hang up
# if you transmit during the connection phase
#
wait 30 dcd
#
# now prod the terminal server
#
output \13
#
# wait for the username prompt
#
input 30 Username:
username Enter your username
output \u\13
#
# and the password
#
input 30 Password:
password Enter your password
output \p\13
#
# we are now logged in
#
CS User Guide 5-11
input 30 >
#
# see who on for informational reasons.
#
output who\13
input 30 >
#
# jump into slip mode
#
output slip default\13
#
# wait for the address string
#
input 30 Your IP address is
#
# parse address
#
address 30
input 30 \n
#
# we are now connected, logged in and in slip mode.
#
display \n
display Connected. Your IP address is \i.\n
#
# ping a well known host locally...
#exec pingw 128.19.0.4
#
# now we are finished.
#
#######################################################
e. PPP Connections. To make a PPP connection connect to the
Communication Server as described in Chapter 3 and enter the follow-
ing command at the user EXEC mode prompt:
ppp [host] [/routing]
Host
The remote host name or IP address
/routing
This is optional, indicating that the remote host is a router.
f. PPP Setup. The setting for the PPP connection is similar to
5-12 CS User Guide
the SLIP connection. All the parameters described in the SLIP con-
nection are also required to fill in for the PPP connection except
the IP address and the NetMask. The IP address and NetMask will be
resolved and filled in automatically by the software after success-
fully making a PPP connection to a remote host via XTACACS.
5. Kermit Connections. This section deals with the Kermit protocol
and how one would connect to a remote host via the Communication
Server. The user must be verified by the Network Server via the
TACACS process and then the connection to remote host can be esta-
blished. The remote host must be capable of running the Kermit pro-
tocol since both ends of the connection need to be running the Kermit
protocol. A file transfer from the terminal to the host is accom-
plished via the Kermit protocol. The connection to the host is then
terminated.
Note: The procedures listed below apply to a particular Kermit imple-
mentation. The procedures for other Kermit implementations may vary
somewhat depending on the vendor products. These procedures are
listed as a typical example and not meant to be applicable in all
cases.
a. Obtaining Kermit. The Kermit software (version 3.1) can be
obtained from Columbia University in New York City. The software is
in the public domain and available free of charge and is available
from sources on the Internet. For an up-to-date list of available
Kermit programs write to:
Kermit Distribution
Columbia University
Center for Computing Activities
612 West 115th Street
New York, NY 10025
b. Activating Kermit. The procedures for activating the Kermit
protocol and dialing up a connection to the CS with the software
package are listed below. The parameters used in this particular
case for Kermit are 8 bits per character, no parity, 1 stop bit, and
9600bps. As mentioned above, these parameters may not apply for
other Kermit applications. Kermit resides in the terminal and the
remote host and the data transfer is via the CS. In order to
activate Kermit at the terminal the following steps are required.
Press ALT, CONT, and DEL
At the prompt C:>
cd kermit2
CS User Guide 5-13
At the prompt C:\kermit2>
kermit
At the prompt MS-kermit>
set port com1
At the prompt MS-kermit>
set speed 9600
At the prompt MS-kermit>
status
(Check that the parameters are properly set.)
At the prompt MS-kermit>
c (Return)
Screen goes blank - enter phone number
atd xxxxxxxxx
The CS will respond with the message
CONNECT
c. Authenticate. The user now needs to be verified by the
authentication scheme which in this case is XTACACS.
From the terminal location press the CR (or Enter) key.
The CS will respond with the prompt
Username: <user ID>
The CS will respond with the prompt
Password: <password>
When the ID and Password have been verified the CS will respond with
the prompt
cfse-2511>
5-14 CS User Guide
Open the connection to the Host using the appropriate command.
At the prompt enter the name or address of the remote host.
login: enter ID
Host responds with prompt
password: password
Host responds with prompt
host name (user name)12: cd kermit
This command changes the host to the Kermit directory where 12 is a
line number.
Host responds with prompt
host name (user name)13: kermit
This command causes Kermit to execute.
Host responds with prompt
C-kermit> server
This results in the host being the server in a client/server rela-
tionship.
Host responds with
Kermit ready to Serve
d. Data Exchange. The user can now exchange data between the
terminal and the host.
Activate the client Kermit protocol in the terminal. Enter the
Escape Sequence ( by pressing the Control and ] keys simultaneously).
Then press the c key
The following prompt should appear
MS-Kermit>
Select a file from the Kermit directory by entering the dir command.
CS User Guide 5-15
At the prompt
MS-Kermit> send (file name)
Information on the screen will indicate when the transmission is com-
plete.
e. Close Connection.
The user can now close the connection to the host.
At the prompt
MS-Kermit> finish
At the prompt
MS-Kermit> c
At the prompt
Ckermit> quit
At the prompt
host name(user name)14: logout
The following message appears.
[Connection to [IP address of host is listed] closed by foreign host]
At the prompt
cfse-2511> (Control and ])
Press c
At the prompt
MS-Kermit> hangup
At the prompt
MS-kermit> quit
At the prompt
C:\kermit> cd\
5-16 CS User Guide
The prompt should appear.
c:\>
CHAPTER 6. OPERATING WITH A STU-III
1. Overview. The STU-III provides a modem, an encryption/decryption
device and an access control device to both the user and each
Communications Server port. The User Manual that is provided with
each device describes detailed operations and maintenance procedures.
2. SIPRNET STU-III Operations.
a. Communications Server/STU-III System Configuration. The
Communications Server (CS)/STU-III System Configuration incorporates
the CISCO 2511 Communications Server and the AT&T SDD Model 1910.
The SDD 1910 utilizes V.42 Compression and V.42bis Error Correction
and is capable of data rates up to 38.4 kbps. However, when
operating in compressed mode, the SDD 1910 does not buffer the
received data and passes the data to the CS at a fixed rate, i.e.,
the maximum rate of 38.4 kbps. This requires the CS to autobaud to
the DTE rate, which is the data rate between the CS and the SDD 1910.
This autobaud capability is required for interoperability between
other types of STU-IIIs. The SDD 1910 presents the DTE rate to the
CS, which was negotiated with the remote STU-III. Due to current
software limitation on the CISCO 2511, the CS can autobaud up to a
maximum rate of 19.2 kbps. In order to make all potential STU-IIIs
interoperate with the SIPRNET CSs, the maximum data rate will be 19.2
kbps, until the CS is capable of autobauding to the higher rate of
38.4 kbps.
b. SIPRNET Key Material. The SIPRNET Communications Server
system has obtained a unique SIPRNET DAO-Code that will be used by
all end users. This Key Material will be made available to the sites
and users via Registered U.S. Mail. Each SIPRNET sight will receive
a Fill Device KSD and blank KSD for each STU- III. These KSDs will
have a DAO-Code designated as SIPRNET. The site Host Administrator
will be responsible for keying the KSDs and the STU-IIIs.
c. Loading Key Material. The Site Host Administrator will be
responsible for keying the STU- IIIs and maintaining the key
material. Under normal circumstances, all STU-III key material must
be updated annually, based on the expiration date indicated on the
KSDs.
d. SACS Operations. In order to activate the SACS on each
STU-III, the site manager will be required to set the Security
parameters as indicated in the SIPRNET Comm Server STU-III
Configuration1. In order to set the Security parameters, the Master
CIK must be inserted and the parameters set via the STU-III front
panel.
6-2 CS User Guide
e. Access Control List (ACL) - SIPRNET User DAO-Code. The ACL
will be loaded into a single STU-III via a PC using the LOADACL.EXE1.
The ACL will contain a single entry, the DAO-Code obtained for
SIPRNET users. This DAO-Code is Siprnet User. Once the ACL is loaded
and stored in the STU-III SACS, an ACL KSD should be made1, and
loaded into the remaining STU-IIIs via the ACL KSD1.
3. SIPRNET User Guidelines.
a. User DTE/STU-III System Configuration. The end user will
configure the STU-III and DTE as shown in reference1. The end-users
far-end STU-III should have the same configuration as the CS STU-
III1, however, the end users STU-III will not require the security
parameters associated with the SACS to be configured. Additionally,
the end-users STU-III will be configured with a DTE rate that is
compatible with the associated DTE and will have the Remote Control
parameter set to ON. If the user has an AT&T SDD 1910, the maximum
data rates will be 19.2 kbps DTE rate, with compression, and 14.4
kbps line rate. All other STU-IIIs can be set to their maximum data
rates, which will be lower than the SDD 1910.
b. STU-III Interoperability. Based on the current CS/STU-III
configuration, there are no known interoperability issues except for
an odd-baud problem with Motorola Sectel 1500s with a serial number
less than 100,000. If the STU-III is a sectel 1500 with a serial
number below 100,000 is will require a software modification, MOD 42,
which will be performed by Motorola at no charge. In order to
determine if you need the MOD and how to get the upgrade, contact
Donna Kim at 1-800-922-7883.
c. User Dial-In. For the purposes of dialing into a SIPRNET
CS, the end-user may use any communication software package that
permits the use of the AT Command Set. Once the STU-IIIs have
established a secure session, their functionality is that of standard
modems, and their secure operations are transparent to the end-user.
1) Dial-In via the AT&T SDD 1910. The following
procedures should be followed when dialing-in using the AT&T SDD
1910:
Ensure that the DTE rates for the SDD 1910 and the DTE are set to be
compatible.
Place the SDD 1910 in Remote Control Mode.
Use the DTE communication package to dial the CS STU-III.
Once the remote STU-III has indicated a connection at an appropriate
CS User Guide 6-3
DTE rate, the CS will attempt to autobaud with its STU-III. At this
time, the user must:
Enter Ctrl-Q followed by two or three returns from the DTE
keyboard.
Wait for the CS to issue a user-id request.
Enter the user-id followed by a return.
Enter the user password followed by a return.
Wait for a response from the comm server indicated connection and
display of the CS banner page.
Once connected to the CS the user may initiate those services which
are offered by the CS.
2) Dial-In via other STU-III Models. The following
procedures should be followed when dialing-in using other STU-III
models:
Ensure that the DTE rates for the STU-III and the DTE are set to be
compatible.
Place the STU-III in On-Hook Mode (Remote Control Mode for the SDD
1900).
Press the Data mode button (or Secure Data button) on the STU-III.
Note: dialing-in voice mode will cause the CS STU-III to fail in the
connection.
Once the far-end STU-III has indicated a connection at an appropriate
DTE rate, the CS will attempt to autobaud with its STU-III. At this
time, the user must:
Enter Ctrl-Q followed by two or three returns from the DTE
keyboard.
Wait for the CS to issue a user-id request.
Enter the user-id followed by a return.
Enter the user password followed by a return.
Wait for a response from the comm server indicated connection and
display of the CS banner page.
6-4 CS User Guide
d. Siprnet User Key Material.
1) Upon receiving a SIPRNET user id and password, the user
will receive a seed KSD via registered mail. The user, with the help
of their security manager should load the key material. The user
should make an Operational CIK. This Operational CIK will contain
the Siprnet User DAO-Code that is listed in the CS STU-III SACS.
2) Once the Operational CIK has been created, the user
will be ready to dial-in. It is recommended that the user become
familiar with the data communication operations of the STU-III they
will be using. The user will be responsible for annually updating
the Operational CIK with the Key Management Center. The Operational
CIK will have an expiration date associated with it to indicate when
the rekeying must be accomplished.
APPENDIX A: ACRONYMS
ACL KSD Access Control List KeyStorageDevice
ACM CIK Access Control Master Crypto-Ignition Key
AT&T American Telephone & Telegraph
bps bits per second
Blank KSD Blank Key Storage Device
CD Carrier Detect
CIK Crypto Ignition Key
CONUS Continental United States
CPPP Compressed Point-to-Point Protocol
CPU Central Processing Unit
CR Carriage Return
CS Communication Server
CSLIP Compressed Serial Line Internet Protocol
DAO Department
DAO-Code Department
DCD Data Carrier Detect
DISN Defense Information Systems Network
DODICS Department of Defense Interest Computer System
DSN Defense Switched Network
DTE Data Transmit Exchange
ET Eastern Time
ETS European Telephone System
FTP File Transfer Protocol
IP Internet Protocol
IPR Internet Protocol Router
KeyID Key Identification Number
kbps kilobytes per second
KSD Key Storage Device
LAN Local Area Network
LF Line Feed
Master CIK Master Crypto-Ignition Key
MC Monitoring Center
NIC Network Information Center
NS Network Server
NIPRNET Unclassified, but sensitive, Internet Protocol Router Network
Operational CIK Operational Crypto-Ignition Key
PC Personal Computer
PPP Point-to-Point Protocol
PR Premise Router
RA Remote Authentication
RI Ring Indicator
RFC Request For Comments
[Page A-1]
SACS Secure Access Control System
SACS Master CIK Secure Access Control System Master Crypto- Ignition Key
SDD Secure Data Device
SIPRNET Secret Internet Protocol Router Network
STU-III Secure Telephone Unit III
SLIP Serial Line Internet Protocol
TCP Transmission Control Protocol
TCP IP
TSR Telecommunications Service Request
XTACACS Extended Terminal Access Controller Access Control System
[Page A-2]
APPENDIX B TERMINAL COMMANDS
This Appendix contains a description of the terminal commands. A list
of the terminal commands can be obtained by entering terminal ? at the
user EXEC mode prompt. Example:
cfse-2511>terminal ?
terminal autohangup
Automatically hangup up when the last connection closes.
terminal data-character-bits
This command sets the number of data bits per character to either 7
or 8. The default setting is 8. This command is used primarily to
strip parity bits from X.25 connections on the Cisco IGS and 3000
routers with the protocol translation software option. Thus, it
appears that this command has no application on the pilot
installation.
terminal databits
The options are 5, 6, 7, or 8. If parity is being specified set 7
data bits per character. If no parity generation is in effect,
specify 8 data bits per character. The default is 8 data bits per
character. The 5 and 6 bit options are supplied for compatibility
with older devices and are generally not used.
terminal dispatch-character decimal-number1 [decimal-number2...decimal-
numberx] terminal no dispatch-character
This command causes the communication server to buffer characters
into larger sized packets for transmission to the remote host. The
communication server normally dispatches each character as it is
typed. The argument decimal-number is the ASCII decimal
representation of the character or string; any number of characters
can be defined as the dispatch character. Specifying the Carriage
Return character (ASCII 13) will result in a line-at-a-time
transmission. The terminal no dispatch- character disables the
dispatch character feature.
terminal dispatch time out
This command sets the dispatch timer to the value specified in
milliseconds. The value of the timer specifies the number of
milliseconds that the CS will wait (without seeing a dispatch
character) after putting the first character into a packet buffer
[Page B-1]
before sending the packet.
terminal download terminal no download
This command sets the line to the transparent mode for file transfers
using protocols such as Kermit, XMODEM, CrossTalk, etc. This allows
for binary transmission from the host to the terminal and from the
terminal to the host. The terminal no download command restores the
lines original parameters.
terminal editing
This command enables the enhanced command line editing. Although the
enhanced editing mode is automatically enabled with this software
release, you can disable it and revert to the editing mode of
previous software releases by using the terminal no editing command.
The command terminal editing returns you to the enhanced command line
editing mode.
terminal escape-character decimal number terminal no escape-character
The argument decimal number is the ASCII decimal representation of
the desired escape character or control sequence. The default escape
characters are Ctrl^. The terminal no escape-character command
makes the break key function as the escape sequence.
terminal exec-character-bits
This command sets the size of the ASCII characters entered at the
Cisco CS EXEC command mode. The options are 8 or 7.
terminal flowcontrol
The arguments are none, software in/out, and hardware. Software sets
software flow control. An additional keyword specifies the
direction: in causes the communication server to listen to flow
control from the attached device, and out causes the communication
server to send flow control information to the attached device. If
you do not specify a direction, both directions are assumed. For the
software control, the default stop and start characters are Ctrl-S
and Ctrl-Q (XOFF and XON).
terminal full-help
this command provides help in the user EXEC mode. The terminal full-
help command enables (or disables ) a display of all help messages
available from the terminal. It is used with the show command in the
following manner. cfse-2511>terminal full-help cfse-2511>show?
[Page B-2]
terminal help
This command provides a description of the interactive help system.
terminal history decimal number
This command sets the size of the command history buffer. the
argument decimal number specifies the number lines in the command
buffer.
terminal hold-character decimal-number terminal no hold-character
The argument decimal-number is either the ASCII decimal
representation of the desired hold character or else a control
sequence (for example, Ctrl-C). Typing the hold character
temporarily halts the output at the terminal. To continue the
output, type any other character. To send the hold character to the
host precede it with the escape character. The terminal no hold-
character command clears the hold character.
terminal keymap-type keymap type
Use this command to set the keyboard type. The default value is
VT100.
terminal lat
DEC LAT protocol specific configuration. NOTE: LAT connections will
not be supported in the DISN router networks.
terminal length screen length
Use this command to set the screen length. The argument screen
length is the desired number of lines. The default length is 24
lines.
terminal notify terminal no notify
When you have multiple concurrent connections, you might want to know
when output is pending on a connection other than the current
connection. For example, you might want to know when another
connection receives mail or a message. The terminal notify command
causes the communication server to notify you of pending output. The
terminal no notify command ends such notifications.
terminal padding decimal-number count terminal no padding decimal-
number
[Page B-3]
Use this command to set the padding for a specified output character.
The argument decimal-number is the ASCII decimal representation of
the character, and can be any of the 127 ASCII characters. The
argument count is the number of NULL bytes sent after the character,
up to 255 padding characters in length. Use the terminal no padding
command to end the padding after the character represented by
decimal-number.
terminal parity
The options are none, even, odd, space, or mark. The default setting
is none.
terminal rxspeed baud
This command is used to set the terminal receive speed (from the
terminal to the CS). The Pilot installation modems will support
terminal speeds of 2400 to 19,200 (default is set to 19,200) for the
NIPRNET ports and the STU-IIIs will support terminal speeds of 2400
to 38,400 (default is set to 38,400) for the SIPRNET ports. The data
compression feature of the modem and the STU-III allows the terminal
(DTE) speed to be at a higher rate than the line rate (DCE)(from
modem to modem).
terminal special character bits
Use this command to change the ASCII character widths for special
characters. The options are 7 or 8. The default value is 7.
terminal speed baud
This command will set both the receive and the transmit terminal
speeds. The argument baud is typically set to 2400, 4800, 9600,
19200, or 38400. The Pilot installation modems will support terminal
speeds of 2400 to 19,200 (default is set to 19,200) for the NIPRNET
ports and the STU-IIIs will support terminal speeds of 2400 to 38,400
(default is set to 38,400) for the SIPRNET ports. The data
compression feature of the modem and the STU-III allows the terminal
(DTE) speed to be at a higher rate than the line rate (DCE)(from
modem to modem).
terminal start-character decimal-number terminal no start character
Use this command to change the character that signals the start of
data transmission when software flow control is in effect. The
argument decimal-number is the ASCII decimal representation of the
desired start character. The default start character is Ctrl-Q
(ASCII 17). Use the terminal no start-character command to remove
[Page B-4]
the start character.
terminal stop-character decimal-number terminal no stop-character
Use this command to change the character that signals the end of data
transmission when software flow control is in effect. The argument
decimal-number is the ASCII decimal representation of the desired
stop character. The default stop character is Ctrl-S(ASCII character
19). Use the terminal no stop-character command to remove the stop
character. terminal stopbits
The options are 1, 1.5, 2. The default value is 2.
terminal telnet-transparent terminal no telnet-transparent
This command causes the current terminal line to send a Return (CR)
as a CR followed by a NULL instead of a CR followed by a Line Feed
(LF). This scheme permits interoperability with different
interpretations of end-of-line handling in the Telnet protocol
specification. Use the terminal no telnet-transparent to remove this
scheme.
terminal terminal-type terminal name terminal no terminal-type
The argument terminal name records the type of current terminal.
Indicate the terminal type if it is different from the default of
VT100. This name is used by Telnet and rlogin to inform the remote
host of the terminal type. Use the terminal no terminal-type command
to remove the terminal type.
terminal transport
Use this command to select the transport protocol for the line. The
options are telnet, pad, none. The default is telnet.
terminal txspeed
This command is used to set the terminal transmit speed (from the CS
to the terminal). The Pilot installation modems will support
terminal speeds of 2400 to 19,200 (default is set to 19,200) for the
NIPRNET ports and the STU-IIIs will support terminal speeds of 2400
to 38,400 (default is set to 38,400) for the SIPRNET ports. The data
compression feature of the modem and the STU-III allows the terminal
(DTE) speed to be at a higher rate than the line rate (DCE)(from
modem to modem).
terminal width columns
[Page B-5]
Use this command to set the columns on the terminal screen. The
argument columns is the desired number of columns. the default is
80.
[Page B-6]
APPENDIX C: ASCII _ Translation Table
Some commands described in this document require the decimal
representation of an ASCII character. This APPENDIX provides ASCII
character translations to the decimal number.
Numeric Values ASCII Comment Keyboard
Decimal Hex Name
0 00 NUL Null Ctrl-@
1 01 SOH Start of heading Ctrl-A
2 02 STX Start of text Ctrl-B
3 03 ETX Break end of text
4 04 EOT End of transmission Ctrl-D
5 05 ENQ Enquiry Ctrl-E
6 06 ACK Positive acknowledgement Ctrl-F
7 07 BEL Bell Ctrl-G
8 08 BS Backspace Ctrl-H
9 09 HT Horizontal tab Ctrl-I
10 0A LF Line feed Ctrl-J
11 0B VT Vertical tab Ctrl-K
12 0C FF Form feed Ctrl-L
13 0D CR Carriage return Ctrl-M
14 0E SO Shift out Ctrl-N
15 0F SI Shift in XON (resume output)
16 10 DLE Data link escape0 Ctrl-P
17 11 DC1 Device control character 1 Ctrl-Q
18 12 DC2 Device control character 2 Ctrl-R
19 13 DC3 Device control character 3 Ctrl-S
20 14 DC4 Device control character 4 Ctrl-T
21 15 NAK Negative Acknowledgment Ctrl-U
22 16 SYN Synchronous idle Ctrl-V
23 17 ETB End of transmission blocko Ctrl-W
24 18 CAN Cancel Ctrl-X
25 19 EM End of medium Ctrl-Y
26 1A SUB substitute end of file
27 1B ESC Escape Ctrl-[
28 1C FS File separator Ctrl-29
30 1E RS Record separator Ctrl-^
31 1F US Unit separator Ctrl-_
32 20 SP Space Space
33 21 !
34 22 (
35 23 #
36 24 $
37 25 %
[Page C-1]
Numeric Values ASCII Comment Keyboard
Decimal Hex Name
38 26 &
39 27
40 28 (
41 29 )
42 2A *
43 2B +
44 2C ,
45 2D -
46 2E .
47 2F
48 30 0
49 31 1
50 32 2
51 33 3
52 34 4
53 35 5
54 36 6
55 37 7
56 38 8
57 39 9
58 3A :
59 3B ;
60 3C <
61 3D =
62 3E >
63 3F ?
64 40 @
65 41 A
66 42 B
67 43 C
68 44 D
69 45 E
70 46 F
71 47 G
72 48 H
73 49 I
74 4A J
75 4B K
76 4C L
77 4D M
78 4E N
79 4F O
80 50 P
81 51 Q
82 52 R
83 53 S
84 54 T
85 55 U
[Page C-2]
Numeric Values ASCII Comment Keyboard
Decimal Hex Name
86 56 V
87 57 W
88 58 X
89 59 Y
90 5A Z
91 5B [
92 5C Ctrl-93
94 5E ^
95 5F _
96 60 accent grave
97 61 a
98 62 b
99 63 c
100 64 d
101 65 e
102 66 f
103 67 g
104 68 h
105 69 i
106 6A j
107 6B k
108 6C l
109 6D m
110 6E n
111 6F o
112 70 p
113 71 q
114 72 r
115 73 s
116 74 t
117 75 u
118 76 v
119 77 w
120 78 x
121 79 y
122 7A z
123 7B {
124 7C |
125 7D }
126 7E Tilde ~
127 7F Delete Del
[Page C-3]
