Internet Info 1997 December

home *** CD-ROM | disk | FTP | other *** search

/ Internet Info 1997 December / Internet_Info_CD-ROM_Walnut_Creek_December_1997.iso / netinfo / cs-users.txt < prev next >

Wrap

Text File | 1997-03-24 | 92.3 KB | 2,870 lines

DEFENSE INFORMATION SYSTEM NETWORK DIAL-IN DATA SERVICE USER GUIDE January 1996 Defense Information System Agency Center For System Engineering Data Networks System Engineering Division (JEEFE) Table of Contents CHAPTER 1. THE DISN DIAL-IN SERVICE .............................. 1-1 1. Purpose. ..................................................... 1-1 2. Background. .................................................. 1-1 3. Terminal Support. ............................................ 1-1 4. Host Support. ................................................ 1-1 5. Subscriber Connection Process. ............................... 1-2 CHAPTER 2. INTRODUCTION TO USE OF THE COMMUNICATION SERVER ....... 2-1 1. Overview. .................................................... 2-1 2. The Communication Server. .................................... 2-1 3. Protocols. ................................................... 2-2 4. User Registration. ........................................... 2-3 5. How to Get Help ............................................... 2-3 CHAPTER 3. COMMUNICATION SERVER TUTORIAL ......................... 3-1 1. Overview. .................................................... 3-1 2. Hints for the Communication Server Tutorial. ................. 3-1 3. Starting to Use the Communication Server. .................... 3-1 4. Initiating a Connection to the Communication Server. ......... 3-2 5. XTACACS User Verification. ................................... 3-3 6. The Communication Server Herald. ............................. 3-4 7. Using the Communication Server User EXEC Mode. ............... 3-4 8. Automatic Logout for Idle Sessions. .......................... 3-6 9. Closing the Communication Server Connection. ................. 3-7 CHAPTER 4. PORT AND TERMINAL PARAMETERS .................. 4-1 1. Overview. .................................................... 4-1 2. Site File and Communication Server Ports. .................... 4-1 CHAPTER 5. REMOTE CONNECTION SERVICES ............................ 5-1 1. Overview. .................................................... 5-1 2. Procomm Plus Auto-Login Script. .............................. 5-1 3. Telnet Connections. .......................................... 5-3 4. SLIP and PPP Connections. .................................... 5-6 5. Kermit Connections. .......................................... 5-12 CHAPTER 6. OPERATING WITH A STU-III .............................. 6-1 1. Overview. .................................................... 6-1 2. SIPRNET STU-III Operations. .................................. 6-1 3. SIPRNET User Guidelines. ..................................... 6-2 Appendix A Acronyms Appendix B Terminal Commands Appendix C ASCII Map CHAPTER 1. THE DISN DIAL-IN SERVICE 1. Purpose. This document describes the implementation of the Defense Information System Network (DISN) dial-in service and provides the user configuration and operations instructions. 2. Background. The Defense Data Network (DDN) was comprised of the Military Network (MILNET), the Defense Secure Network (DSNET)1, DSNET2, and DSNET3. The MILNET provided dial-in and dedicated ports for users who required asynchronous, terminal connectivity to Host computers via a BBN C30 Terminal Access Controller (TAC). The MILNET TACs were replaced by a Communications Server (CS) on the Unclassified but sensitive Internet Protocol Router Network (NIPRNET). DSNET1 did not provide a dial-in capability but did support directly connected terminals. A dial-in service was implemented on the Secret Internet Protocol Router Network (SIPRNET) which replaced replaced DSNET1. NIPRNET and SIPRNET are part of the DISN. The CS provides access to the NIPRNET and the SIPRNET from the subscriber equipment to the CS via dial-in asynchronous lines. The modems on the CONUS and European NIPRNET access lines and are capable of evoking compression to achieve a maximum throughput rate of 57.6kbps while having a data rate (modem to modem) of 14.4kbps in Europe and 28.8kbps in the CONUS. In the Pacific, the modems support a throughput rate of 19.2kbps and a data rate of 9.6kbps. Access to the SIPRNET is via a Secure Telephone Unit III (STU-III) utilizing the Secure Access Control System (SACS). The STU-III operates at a 14.4kbps line rate (STU-III to STU-III) and can achieve up to 19.2kbps throughput when using the compression mode of operation. 3. Terminal Support. The less sophisticated terminal, sometimes referred to as a dumb terminal, communicates with a remote host via the CS by utilizing the Telnet protocol provided in the CS. The terminal user issues the necessary Telnet commands from the keyboard to open and close a connection to a remote host. The user can then perform all the operations on the remote host as if the terminal was directly connected to the host. The CS also supports access from subscriber equipment that uses the Kermit protocol thus making possible direct file transfers to the terminal equipment. 4. Host Support. The CS supports Serial Line Internet Protocol (SLIP), Compressed SLIP (CSLIP), Point-to-Point Protocol(PPP), and Compressed PPP (CPPP). While the line speed of the dial-in connection is a factor, these dial-in hosts have the same networking capabilities as if they were directly connected to the network. The CS assigns an IP address to the host at connection time so that the TCP connection is between the dial-in host and the remote host, rather than between the CS and the remote host. Therefore, the dial-in host must be capable of adopting that IP address on a call by 1-2 CS User Guide call basis. 5. Subscriber Connection Process. In order to establish a connection to a remote host the subscriber must first connect to the CS via a dial-up line. The subscriber establishes this connection through the switched telephone network by dialing the number of the CS location. Generally, this number will be in a rotary hunt group as will all phones/ports at that location. SIPRNET subscribers will dial-in with their STU-IIIs to a 14.4kbps STU-III at the CS port which will check to determine if their STU-III is on the Access Control List of the Communication Serverss STU-III. In both the NIPRNET and SIPRNET the subscriber is given access to the network by successfully completing an authentication procedure controlled by the CS. The subscriber must input an User ID and Access Code, which the CS will pass along to the Network Server (NS) for verification. The NS is located on the network and the CS communicates with it via the XTACACS protocol. Once the ID and Password have been verified then the subscriber is allowed to establish a connection through the network to any remote host to which it has been authorized access. The remote host can then enforce its own access control procedure and typically requires the user to present a proper password. Thus, the NIPRNET subscriber encounters two separate logons: one to access the network and a second to access a particular host on the network. The SIPRNET subscriber experiences three access control procedures. Dial-in service provided on the NIPRNET will enable the user to access the CS via a 1-800 service or by a local dial-in service in CONUS. Not everyone will have access to a local CS so the 1-800 service is required for these individuals. It is also available for anyone who is on temporary duty (TDY) in that they cannot access their local CS. The SIPRNET also provides 1-800 service in CONUS. Both networks will deploy at least one or two CSs in each foreign country where major US forces are deployed. The 1-800 telephone numbers for CONUS are as follows: a. NIPRNET: 1-800-605-3472 b. SIPRNET: 1-800-495-347 CHAPTER 2. INTRODUCTION TO USE OF THE COMMUNICATION SERVER 1. Overview. This chapter explains functions of the Cisco Communication Server (CS) as deployed on the Unclassified, but sensitive, Internet Protocol (IP) Router Network (NIPRNET) and on the Secret IP Router Network (SIPRNET), discusses the use of the protocols, and then describes where to get help with Communication Server access procedures. 2. The Communication Server. a. The Communication Server allows users at asynchronous terminals to access remote computers (hosts) through a computer network. The Defense Information Systems Network (DISN) provides the means by which information from the terminal can be directed to the correct host and information from the host can reach the correct destination. The Cisco Communication Server model 2511 will be used in the DISN. b. Terminals can be directly connected to the DISN through the Communication Server, or they may be indirectly connected through a modem. This guide concerns the terminals connected by the Communication Server through directly connected lines or through dial-up lines; in the latter case the user must dial-up the Communication Server to establish the connection. Each Communication Server supports 16 asynchronous terminals with DTE speeds (from CS to modem) up to 57.6kbps. In addition, the system includes the Extended Terminal Access Controller Access Control System (XTACACS), which provides authentication and access control for users logging into the network. c. The CONUS and the European NIPRNET will support speeds up to 57.6 kbps between the CS and the modem and 14.4kbps between the modems in Europe and 28.8kbps in the CONUS. The Pacific NIPRNET will support speeds up to 19.2kbps between the CS and the modem and 9.6kbps between the modems. The higher speeds betreen the CS and the modems (and between the users workstation and the modem) are achieved by means of compression algorithms implemented within the modems. The SIPRNET will utilize Secure Telephone Units (STU)-IIIs instead of commercial modems and will support speeds up to 19.2kbps between the CS and the STU-III and 14.4 kbps between the STU-IIIs. The speeds may be different along the path due to the compression schemes used by the modems and the STU-IIIs. d. The network can be considered as a way that a remote computer connected to the network (which will often be called a host) and the users terminal can communicate. With the Communication Server, the user at the terminal can open a connection to a host. 2-2 CS User Guide The Communication Server thus acts as the users window to the DISN. If the users terminal is a PC, it can be equipped with software that will provide the SLIP or PPP protocols and TCP/IP that enable operation as a host. e. Each of the Communication Servers in the DISN connects to a router. Routers are responsible for routing messages between user terminals (or Hosts) and network based hosts. Routers also perform a number of other important network functions, including error handling and support of the physical transmission. 3. Protocols. a. To maintain the connection between a terminal and a host during network communications, the Communication Server and the network based host use a set of conventions called protocols. If the user is operating a dumb terminal, the network protocols, TCP/IP, are not visible at the terminal they are present between the CS and the network host. The Communication Server includes support for the following protocols: b. Transmission Control Protocol/Internet Protocol (TCP/IP) is the underlying protocol used to communicate with remote hosts. TCP is responsible for ensuring that data sent between the CS and the host arrive in order and intact. (Note that there is no guarantee on how the host will handle the data, once it arrives.) The Telnet protocol uses TCP/IP and is normally used by terminals for remote login to hosts for editing text files, using electronic mail or running text-oriented applications. Other protocols such as Kermit are used to accomplish file transfers over a telnet connection. Users with SLIP or PPP can operate as remote hosts with the CS acting in a passive role with respect to the end to end TCP connection. c. Serial Line Internet Protocol (SLIP), Compressed SLIP (CSLIP), Point-to- Point Protocol (PPP) and Compressed PPP (CPPP) are protocols which provide a dial-up host capability. User terminals capable of TCP/IP can employ SLIP or PPP to transport their data over the asynchronous line to the CS. d. The Communication Server does not restrict a users connections to hosts which are on the same network as the Communication Server. By using Internet Protocol (IP), the Communication Server allows connections to hosts on other networks. These other networks are part of a system of networks (an internet) joined by gateways. e. In addition to TCP, IP, SLIP, CSLIP, PPP and CPPP, the Communication Server may use other protocols in connecting a users CS User Guide 2-3 terminal to a host. Telnet is one of the more common protocols used. The CS also supports Xremote, MACIP, TN3270, and rlogin protocols. 4. User Registration. Each user must be properly registered to use a NIPRNET or SIPRNET Communication Server. a. Communications Server Registration. Communications Server (CS) cards may be obtained through a process described in the appropriate DISN Management Bulletins. The NIC or in the case of the SIPRNET, the SIPRNET Support Center (SSC) will provide the user with a UserID and password as a result of following the registration proceedure. The NIC or SSC also enters the users CS UserID and password into the database associated with the Communication Server. If a user requires service on both networks, a separate CS card must be requested and issued for each network. b. SIPRNET STU-III Registration. Users of the SIPRNET will be issued a STU-III KSD (Seed Key) with a unique SIPRNET Department/Agency/Organization (DAO) code. This special Crypto Ignition Key (CIK) will be required to access the Communication Servers STU-III Secure Access Control System (SACS). A further description of the STU-III is contained in Chapter 6. 5. How to Get Help. A beginning Communication Server user needs to know the resources available for obtaining assistance. Aside from this document, there are two major help resources, the Network Information Center (NIC) Customer Assistance Desk and the Regional Control Center (RCC), as described below. a. DISN Dial-in Data Service User Guide. This document contains information that will assist the Communication Server user with the correct terminal setup and Communication Server commands necessary for most situations and should be the users first point of reference. b. NIC Customer Assistance Desk. The HELP Desks of the DoD NIC and the SIPRNET Support Center provide assistance for Communication Server users with problems. It is the first point of contact for users having problems opening a Communication Server connection. The staff will be able to assist users with information concerning the specific terminal its rate, control keys, and type of connection. If an especially difficult problem arises, the staff will know whom to contact for help. These HELP Desks may be contacted between the hours of 0700 and 1900 Eastern Time (ET). Telephone numbers are: (1) DoD NIC (a) CONUS 1-800-365-3642 2-4 CS User Guide (b) OCONUS and Washington D.C. Metro area (703) 821-6266 (1) SSC (a) CONUS 1-800-582-2567 (b) OCONUS and Washington D.C. Metro area (703) 821-6260 c. On-line Information. The DoD NIC and the SSC also provide an on-line list of Communication Server locations, telephone numbers, and modem types/speeds. This information may be accessed by: (1) World Wide Web: http://nic.mil (2) Anonymous FTP: USERID - anonymous; PASSWORD - guest d. Regional Control Center. Each DISN sub-network includes a RCC that is responsible for monitoring and controlling the network. This center assists users with problems related to network connectivity. The RCCs are operational 24 hours-a-day, 7 days-a- week. The telephone numbers are: (1) NIPRNET (a) CONUS 1-800-554-3476 (b) EUROPE ++49 711-680-5532/5534 DSN (314)430-5532/5534 (c) PACIFIC 1 (808) 656-1472 DSN (315)456-1472 (1) SIPRNET (a) CONUS 1-800-451-7413 (b) EUROPE ++49 711-680-5532/5534 DSN (314)430-5532/5534 (c) PACIFIC 1 (808) 656-1472 DSN (315)456-1472 DSN (315)456-1472 CHAPTER 3. COMMUNICATION SERVER TUTORIAL 1. Overview. This section explains the basic steps necessary to use the Communication Server. This basic information should be sufficient for many users who only want to do very simple Communication Server procedures. For more detailed information, refer to later chapters. 2. Hints for the Communication Server Tutorial. Before beginning, here is some essential information about the Communication Server commands and messages. a. Username and Password. The Usernanme: and Password: are CASE SENSITIVE and MUST be entered exactly as only UPPERCASE. b. Other Commands. All other communication server commands may be entered in either uppercase, lowercase, or a combination of uppercase and lowercase. c. Listing Commands. To obtain a list of user commands, enter a question mark (?) followed by a carriage return. To list valid keywords, options, or arguments for a command, enter the known command and a question mark (e.g. resume ?). A partial command plus question mark (?) entered without a space (e.g. show pr?), will provide the completed command or in the case of similar commands, a listing of those commands. d. Abbreviating Commands. Commands and keywords may be abbreviated to the number of characters necessary to make the command abbreviation unique. e. Incomplete Commands. The Communication Server will respond with % Incomplete command When a command is entered that requires an argument. f. Incorrect Commands. The user interface helps to check commands for syntax errors. If an error is detected, a caret (^) is placed underneath the command to indicate where the error occurred. The error may be a command, keyword, or argument as shown in the following example where the telnet command is entered incorrectly: cs> telnet 130.106.32.53 hostname ^ % Invalid input detected at ^ marker. 3. Starting to Use the Communication Server. There are two types of physical connections between the terminal and the Communication Server: dedicated connections and dial-up connections. 3-2 CS User Guide a. Dedicated Connection. A dedicated connection means that the terminal is linked to the Communication Server by a directly connected cable or wire. As a result, there is no need to manually establish a physical connection to the Communication Server as the terminal is always connected. b. Dial-Up Connection. Most terminals are connected to the Communication Server by a dial-up through a public or Government telephone line. Regardless of the type of telephone service, a dial-up connection means that the Communication Servers attention is obtained by dialing a telephone number and the Communication Server answers the telephone at the other end. A dial- up connection always requires that a user initiate the dial-up procedure to establish the connection between the terminal and the Communication Server. (1) NIPRNET Dial-up Connection. At each end of the dial- up connection is a device called a modem. At the user end, this device converts signals from the terminal to a form acceptable for transmission over the telephone line. At the Communication Server end, the modem auto-answers and converts the signal back to a form that is acceptable to the Communication Server. (2) SIPRNET Dial-up Connection. Users of the SIPRNET must use a STU-III phone instead of a modem. At the Communication Server site the line will terminate in an AT&T Model 1910 STU-III which will be equipped with the Secure Access Control System (SACS). A further description of using the STU-III can be found in Chapter 6. 4. Initiating a Connection to the Communication Server. The procedure used for connecting to the Communication Server varies depending on the type of connection between the terminal and the Communication Server. a. Dedicated Connections. For dedicated connections, turn on the terminal (normally a personal computer or PC) and enter the communications package to be used. Some terminals do not use communication packages as they do not have a Central Processing Unit (CPU), these are known as dumb terminals. A dumb terminal has a specific terminal emulation interface configured, such as vt100. Regardless of the terminal type being used, the line setup may be accessed and configured to the users needs. Consult the communication package or terminal documentation for assistance. Refer to Chapter 4 for typical line setup information. b. Dial-up Connections. For dial-up connections to the Communication Server, turn on the terminal, enter the communications package (if required), and then dial the Communication Server number. The user initiated procedure for calling varies depending upon the CS User Guide 3-3 type of user-provided modem and communications software. Consult the vendor documentation or local support personnel for assistance on dialing in. Once connected, a CONNECT plus the baud rate which is being used will be displayed, for example CONNECT 9600. c. STU-III Connection. See Chapter 6. 5. XTACACS User Verification. a. Log-in Prompt. An XTACACS security system is implemented on the Communication Servers to authenticate each user as being an authorized and registered network user. The Communication Server will respond with: User Access Verification Username: Password: b. Log-in Response. The user must respond with the username and password registered to them as provided on the XTACACS card (remember that this is case sensitive (ALL ENTRIES MUST BE UPPERCASE). The password will not echo on the terminal screen. c. Incorrect Response. If an incorrect username or access code is entered, the system will respond with % Access denied, then ask for the username and password again. The system will disconnect a user after the third incorrect username and password login attempt. The Communication Server herald will be displayed after a successful login. d. Log-n Failue. If a user cannot login to the Communication Server successfully using the XTACACS card username and password, the user should contact the NIC or SSC as appropriate for assistance. 3-4 CS User Guide 6. The Communication Server Herald. Once successfully logged into the Communication Server, a herald will be displayed as shown in Figure 3-1 below. ************************************************************************ USE OF THIS OR ANY OTHER DEPARTMENT OF DEFENSE INTEREST COMPUTER SYSTEM (DODICS) CONSTITUTES AN EXPRESS CONSENT TO MONITORING AT ALL TIMES. This DODICS and all related equipment are to be used for the communication transmission, processing, and storage of officual U.S. Government or authorized information only. All DODICS are subject to monitoring at all times. If monitoring of any DODICS reveals possible violation of criminal statutes, all relevant information may be provided to law enforcement officials. ************************************************************************ Figure 3-1 Communication Server Herald 7. Using the Communication Server User EXEC Mode. a. After a successful user login, the Communication Server will respond by placing the user in what is known as the user EXEC mode with a default prompt of cs>. This prompt may be configured to reflect the system name, number, or type, e.g. NIPRNET-010>. The user may now set up any specific terminal requirements (see Chapter 4) or enter other commands such as connect and telnet or enter into SLIP or PPP mode. b. The user EXEC commands are generally utilized to connect to remote systems, temporarily change terminal settings, perform basic tests, and list system information. c. User EXEC commands are listed in Table 3-1. The actual list of available user commands is dependent on the Communication Servers software version and configuration. Table 3-1. User EXEC Mode Commands ____________________________________________________________________________ Command Action ____________________________________________________________________________ ? list user EXEC mode commands Ctrl^X Connection escape sequence; use to switch back and forth between open connections CS User Guide 3-5 ____________________________________________________________________________ Command Action ____________________________________________________________________________ <1-99> connection number to resume connect open a connection to a remote host by specifying the host name or Internet Address disconnect break a connection to a remote host exit, quit, logout close any active terminal sessions help describes the interactive help system lat open a lat connection lock prevent access to your session and keyboard, keeping your connection open (you are prompted for a password) login login as a particular user name-connection assign a logical name to a connection pad open a X.29 PAD connection ping send an echo messages to remote host by specifying the host name or Internet Address ppp start the Internet Engineering Task Force (IETF) Point-to-Point Protocol (PPP) resume return to a previous connection; optional argument is the connection name or number, default is the most recent connection rlogin open the terminal emulation program rlogin show ? list the information commands available show sessions list active terminal information show terminal list current terminal configuration parameters show users list information on active CS ports slip start serial line IP (SLIP) 3-6 CS User Guide ____________________________________________________________________________ Command Action ____________________________________________________________________________ systat show terminal lines and users telnet open a telnet connection to a remote host by specifying the host name or Internet Address terminal change terminal parameters (see Chapter 4) tn3270 open a tn3270 connection trace trace a route to a remote destination where show open connections x3 set X.3 parameters on PAD xremote enter xremote mode d. The prompt DISN-niprnet 010>? can be configured to reflect the system name, number, etc so it may change over the course of time but the user EXEC mode prompt ALWAYS ends with the greater than sign >. 8. Automatic Logout for Idle Sessions. a. The Communication Server has two separate timers to detect idle sessions, a user EXEC mode timer and a terminal line session timer. b. The user EXEC mode timer starts after a successful CS login and each time the user becomes idle while in the user EXEC mode. If the terminal remains idle for 5 minutes while in the user EXEC mode, the terminal connection will be dropped, normally causing a string of random data to be displayed on the terminal screen, followed by NO CARRIER c. The terminal line session timer starts after a remote connection is established from the Communication Server to a remote host and each time the terminal becomes idle afterwards. The above mentioned user EXEC mode timer is off at this point. If the terminal line session remains idle for 30 minutes, an error will be displayed CS User Guide 3-7 as shown below. The terminal connection to the Communication Server will be dropped, and again the random data will appear followed by: NO CARRIER [Connection to SAMPLE.HOST.DOMAIN idle too long; timed out] 9. Closing the Communication Server Connection. a. All connections to remote hosts that were opened by the user should be closed properly before the user logs out of the Communication Server. The user may then issue any of the following commands to end an active session. exit quit logout b. At the end of each session, be sure to close the connection to the Communication Server as only a limited number of users may connect at one time. Also, if the terminal will not be used for an extended period of time, logout of the host and Communication Server so that other users may connect. CHAPTER 4. PORT AND TERMINAL PARAMETERS 1. Overview. This chapter explains the concept of the Communication Server ports and discusses the types of connections that are possible. 2. Site File and Communication Server Ports. a. Default Configuration. The Communication Server has to be informed of important features about the terminal and line settings. Each Communication Server port is configured to expect certain characteristics in the terminal connected to it. This information concerning terminal characteristics, the configuration, is contained in the Communication Server site file, a software file that resides in memory. These configurations are set up for each port when the Communication Server is first installed or when a port is activated for a new user in response to a Telecommunications Service Request (TSR). Default configurations are maintained to allow maximum user flexibility. b. Default Port Parameters. The initial configuration concerns terminal characteristics associated with the physical connection between the terminal and the Communication Server. The physical connection and the characteristics associated with it are collectively called the Communication Server port. Table 4-1 provides a partial listing of standard default port parameters that may be helpful to users connecting to the Communication Server. Table 4-1. Communication Server Default Port Parameters tab (?); l l l lw(1.5i) lw(2.0i) lw(2.5i). _ Parameter?Default?Comment _ line speed (NIPRNET)?T{ 9.6 kbps in PAC 14.4kbps in Europe 28.8 kbps in CONUS T}?T{ Max rate between modems T} rx/txspeed (NIPRNET)?T{ 19.2 kbps in PAC 57.6 kbps in EUR and CONUS T}?T{ Max speed of the DTE interface (not rate between modems) T} line speed (SIPRNET)?T{ 14.4 kbps T}?T{ Max rate between modems T} rx/txspeed (SIPRNET)?T{ 19.2 kbps T}?T{ Max speed of the DTE inter- face (not rate between modems) T} 4-2 CS User Guide tab (?); l l l lw(1.5i) lw(2.0i) lw(2.5i). _ Parameter?Default?Comment _ terminal type?vt100? stopbits?1? databits?8? parity?none? hardware flow control?enabled?CTS/RTS software flow control?disabled? modem?RI-is-CD?T{ Ring Indicator control line used as the Carrier Detect T} modem answer timeout?60?T{ Hangup after 60 seconds, if unable to answer T} data carrier detect?on?When carrier present c. Current Terminal Port Configuration. 1) To list the current terminal configuration use the show terminal command. If the configuration of the port does not meet the users special requirements, the user may negotiate a change to the initial port configuration for the duration of the session only, by using the terminal command. When the session is over, the port will return to the initial configuration defined in the site file. 2) It should be noted that when configuring the terminal and the modem at the users site, the terminal and the modem should be configured with hardware flow control (RTS/CTS) on and software flow control (XON/XOFF) off. This configuration is necessary to be compa- tible with the Cisco CS and the XON/XOFF flow control needs to be disabled when using SLIP or transferring a binary file. 3) User Definable Parameters. Specific terminal parameter options that can be tailored by the user for Communication Server ports are listed in APPENDIX B. Settings may also be changed or removed by using the keyword "no" before the command. For example, the following command will remove any padding characters that were previously set in the data stream: CS User Guide 4-3 cs> terminal no padding 4) To obtain a list of keywords or options associated with a particular terminal command enter the command and a question mark (?). For example, if you enter the following command; cs> terminal telnet ? the CS will respond with the following; tab (/); lw(3.0i) lw(3.0i). break-on-ip/T{ Send break signal when interrupt is received T} refuse-negotiations/T{ Suppress negotiations of Telnet Remote Echo and Suppress Go Ahead options T} speed/Specify line speeds sync-on-break/T{ Send a Telnet Synchronization signal after receiving a Telnet Break signal T} transparent/T{ Send a CR as a CR followed by a NULL instead of a CR followed by a LF T} CHAPTER 5. REMOTE CONNECTION SERVICES 1. Overview. This chapter describes basic procedures used to connect a terminal through the Communication Server to a remote host, using Telnet, SLIP, CSLIP, PPP, CPPP or Kermit. 2. Procomm Plus Auto-Login Script. Users of Procomm Plus by DataStorm Technologies, Inc., may use the sample auto-login script in Figure 5-1 to access the Communication Server. While using Procomm Plus, only Telnet and connect commands may be used from the Communication Server to reach a remote host. To setup the auto-login script for individual use, follow the steps below referencing the Procomm Plus documentation, if necessary: a. Add the local Communication Server telephone number to the Procomm Plus dialing directory. Note the dialing directory entry number. b. Create a comserv.asp file in the PCs C:PCPLUS directory with all of the information shown in the sample using the PCEDIT text editor which is part of Procomm Plus. c. Replace 1 in dial 1 below, with the dialing directory entry number. d. Replace the XXXX-XXX entry with the authorized Username:. e. Exit the editor and enter aspcomp comserv.asp to compile the login script. f. In Procomm Plus, use the Alt-F5 keys to bring up the script and execute it. 5-2 CS User Guide ;********************************************************************* ;* Filename: COMSERV.ASP * ;* Sample Procomm Plus ASPECT script file for logging into a * ;* Communication Server via a dial-up modem. * ;********************************************************************* proc main ; start of main procedure dial 1 ; dial entry 1 from dialing directory pause 3 ; wait three seconds transmit ^M ; send a carriage return waitfor Username: ; wait for Username: transmit XXXX-XXX ; send your ID transmit ^M ; send carriage return waitfor Password: ; wait for Password: atsay $ROW $COL 15 Enter your password and a carriage return! endproc ; end of main procedure Figure 5-1. Sample Procomm Plus Login Script. 3. Telnet Connections. a. Assumptions. If you are unfamiliar with connecting to the Communication Server, refer back to Chapter 3 for the basic steps. This section assumes that you have already connected to the Communication Server. b. Commands. Telnet is available for making connections to a host. Connect is another command name for telnet and operates in the same manner. To telnet or connect to a host, enter either of the following: connect host [port] [keyword] telnet host [port] [keyword] Host - a host name or IP address is mandatory Port - a port number is optional, the default value is 23 Keyword - a keyword is optional, see table 5-1 CS User Guide 5-3 Table 5-1. Telnet Connection Keywords tab (?); l l lw(1.5i) lw(3.5i). _ Keyword?Description _ /route path?T{ The /route path argument is a list of host names or IP addresses for nodes to use in reaching the final destination. T} /line?T{ Turns on Telnet line mode. In this mode, the server sends no data to the host until you press Return. T} /debug?Turns on debugging. /stream?T{ Turns on stream processing, enabling a raw TCP stream with no Telnet control sequences. T} c. Learned Host Names. 1) The Communication Server learns host names that are used, as long as the name does not conflict with Communication Server commands. The name may then be used by itself without entering the telnet or connect command. To see a list of available hosts, enter "show hosts" at the Communication Server prompt. 2) The Communication Server assigns logical names to each connection, which several commands use to identify those connections. The logical name is the same as the host name, unless that name is already in use. If the name is already in use, the server assigns a null name to the connection. d. Telnet Escape Sequences. 1) Telnet supports special commands in the form of Telnet escape sequences that map terminal functions to operating system- specific functions. 2) To issue a special Telnet command, enter the escape sequence and then the command character. The default escape sequence is Ctrl-Shift-6, (press and hold the Control key while pressing the shift and 6 key). Table 5-2 lists the special Telnet commands. 5-4 CS User Guide Table 5-2. Special Telnet Commands center tab (/); l l l c. _ Terminal Function/Escape Sequence, plus _ Break/B Interrupt Process (IP)/C Erase Character (EC)/H Abort Output (AO)/O Are You There? (AYT)/T Erase Line (EL)/U 3) Any time during a Telnet session, you may list the Tel- net commands by entering the Telnet escape sequence followed by a question mark at the system prompt: Ctrl-^ ? 4) The Telnet escape sequence may also be changed with the terminal escape-character <ASCII #> command. If 16 were entered for the ASCII number, the terminal escape sequence would be Ctrl-P. APPENDIX C contains an ASCII-Translation Table e. Multiple Telnet Sessions. You may have several sessions open and switch back and forth between them. To switch between ses- sions, escape out of the current session by pressing Ctrl-^X to return to the EXEC prompt, list the current sessions for the terminal with the where command, and then enter resume <session number>. A carriage return by itself resumes the previous connection. The resume command accepts the connection number as an option along with the list defined in Table 5-3. CS User Guide 5-5 Table 5-3. Telnet Resume Options center tab (?); l l lw(1.0i) lw(3.0i). _ Option?Description _ /debug?Prints parameter changes and messages. /echo?Performs local echo. /line?Enables line-mode editing. /nodebug?Cancels debug mes- sages. /noecho?Disables local echo. /noline?Disables line mode and enables character-at-a-time as the default. /nostream?Disables stream processing. /stream?Enables stream processing. f. Example. This section is an example of using the Telnet protocol to connect to a remote host via the Communication Server (CS). 1) Dial the number of the CS from the list provided in the main body of the document. The dial-in sequence can be a manual operation or done via the terminal using the AT commands associated with the modem. A typical command is ATDT 555-8065, where AT is the Attention Code telling the modem that a command follows. D is the dial command and T is the tone command. The attention code (AT) maybe upper or lower case, but not a combination of both such as aT. 2) Once the phone connection has been established then the CS will respond noting the speed of the connection between the CS and the modem [such as CONNECT 19200], with a User Access Verification prompt asking for the user name and then the password. User name and password are CASE SENSITIVE. They must be entered in UPPER CASE. If an incorrect user name or password is entered, the CS will respond with %Access denied, and request the user name and password again. The CS will disconnect a user after the third incorrect login attempt. After the CS has verified that this is a registered user then the CS will respond with a herald noting that use of the system constitutes an express consent to monitoring at all times and that the system is for official use only. The prompt will follow the herald. cfse-2511> This prompt will indicate the name or number of each particular CS. The user is now allowed access to the network and can make connec- tions to hosts located on the network. 3) Connection to a host can be made using the connect or 5-6 CS User Guide telnet command and the host name or IP network address. At the prompt enter the command. cfse-2511>{connect|telnet}host[port]/keyword The argument host is a host name or Internet address. The optional argument port is a decimal TCP port number, the default value is 23, the well known telnet server port. If you prefer, just enter the host name or IP network address without the command since the Cisco implementation does not require the command word to establish a tel- net connection. Thus, a telnet connection can be made in one of the following ways. cfse-2511> connect [enter host name] cfse-2511> [enter host name] cfse-2511> telnet [enter host name] cfse-2511> [enter IP address] cfse-2511> connect[enter IP address] cfse-2511> telnet [enter IP address] where [host name] is the name of a particular host and [IP address] is the IP network address assigned to that particular host. 4) When a connection has been made to the remote host, then the host will respond with a login and password sequence to ensure that this is an authorized user. After the user has success- fully logged onto the host, then the host will respond with a prompt such as follows. Host Name% The user can now enter the appropriate Telnet commands at the host prompts to effect the necessary data transfers. 5) When the session is completed, enter the logout command at the host prompt. The host will respond with a message that the connection has been closed and the CS prompt will appear. cfse-2511> enter the quit, exit, or logout command. This terminates the connec- tion from the terminal to the CS. The CS will respond with the mes- sage NO CARRIER. The user can now hang up the phone. 4. SLIP and PPP Connections. CS User Guide 5-7 a. Overview. The Serial Line Internet Protocol (SLIP) and the Point-to-Point Protocol (PPP) define methods for sending IP packets over standard RS-232 asynchronous serial lines. These protocols encapsulate the IP datagrams for transmission over the point-to-point links and can be used with asynchronous dial-up modems, allowing access to a network without the cost of a leased line. A connection to a remote host may be made using SLIP or PPP from a Personal Com- puter (PC). It is also possible to set up SLIP and PPP in a mode that compresses packets for more efficient use of the line. These modes are called CSLIP and CPPP. The interfaces are configured in the interactive mode as defined by Cisco. In this mode a line can be used to make any type of supported connection, depending on the com- mand entered by the user. For example, depending on its configura- tion, the line can be used for telnet connections or SLIP/PPP connec- tions. The default addressing scheme will be used at the interfaces, which means that the CS will assign the IP address. The assigned default address is implemented when the user enters the slip default or the ppp default command. In order to use the SLIP and PPP features associated with the CS the terminal must be equipped with the TCP/IP protocols and either the SLIP or PPP protocol. Either SLIP or PPP is used on a given line during a connection. A number of software packages are available for installation on a PC or Worksta- tion that provide SLIP and PPP. 1) Winsock. Winsock is a networking software which pro- vides a TCP/IP stack for PC networking applications running on a Win- dows environment. Winsock provides facilities to allow Async serial SLIP, PPP, ftp and Telnet over IP connections. Peter Tattum's Trum- pet Winsock is public domain software available via anonymous FTP from the server tbone.biol.scarolina.edu in directory /pub/kit. The 00README.DOC in that directory provides instructions on which files to fetch, how to unpack them onto floppy disks and how to install the software. 8 to 12 MBytes of memory and 1 MByte of disk space are required to install and run Trumpet Winsock. The product is free for evaluation purpose up to 30 days period. A registration fee is required if using the software within the organization. 2) CHAMELEON. Another networking software package to provide access is the Internet Chameleon from NetManage Inc. This commercial software provides the broadest suite of Windows TCP/IP applications in the industry in addition to a TCP/IP protocol stack that takes only 6KB of base memory. All NetManage applications give users an easy to use Windows interface while providing an advanced set of features. The product is also available free for evaluation purpose only up to 30 days trial period. The evaluation version can be download via anonymous FTP from ftp.netmanage.com. 5-8 CS User Guide b. SLIP Connection. To make a SLIP connection, connect to the Communication Server as described in Chapter 3 and enter the follow- ing command at the user EXEC mode prompt: slip [host] [/routing] [/compressed] Host The remote host name or IP address /routing This is optional, indicating that the remote system is a route path. The line must be configured for asynchronous routing, using SLIP encapsulation. /compression This optional IP header compression. The default is on, using Van Jacobson TCP header compression defined in RFC 1144. c. SLIP Setup. The Trumpet Winsock and Chameleon both provide setup and dial-up menu options for SLIP connection. The PC needs to be configured with the following parameters: IP address/Netmask Internet IP address. The IP address and Maximum Transmission Unit (MTU) size will be assigned by the Communication Server. The user must enter the assigned IP address in order to access the network. Also, the user can take advantage of the BOOTP feature to obtain the IP address from the Communication Server. Name Server Name Server IP address for DNS searches. This value can be obtained via BOOTP Domain Suffix The domain suffixes to be used when resolving names in the DNS sys- tem. MTU Maximum Transmission Unit. This value is computed by subtracting 40 from the TCP Maximum Segment Size (TCP MSS) which is set in the Comm Server to 600. Therefore the users should set their value to 560. CS User Guide 5-9 TCP RWIN TCP Receive Window. It is recommended that this value be roughly 3 to 4 times the value of TCP MSS. TCP MSS TCP Maximum Segment Size. The Comm Server will provide the MTU size SLIP port Comm Server port number Baud Rate The speed you wish to run d. Sample SLIP Script. The Trumpet Winsock and Chameleon allow manual login or automatic scripting to access the communication server. Both provide a generic script file for dial-up connection. The generic script file provided by Trumpet Winsock is the login.cmd and the file provided by Chameleon is slip.ini. Users may create their automatic dialing script from the generic script files described above or the sample of the Trumpet Winsock auto script file attached below: ################################################################# # # check modem output AT\13 input 10 OK\n output AT&c1&d2\13 input 10 OK\n %number = 0 %connected = 0 repeat # Increase limit below to dial more numbers %number = %number + 1 if %number > 3 %number = 1 end # First if %number = 1 output ATDT7353346\r end 5-10 CS User Guide # Second if %number = 2 output ATDT7353348\r end # Third if %number = 3 output ATDT7358249\r end if [input 15 BUSY] display =Busy, busy, busy... %connected = 0 else if [input 30 CONNECT] %connected = 1 else display =Does not answer...\r\n end end sleep 1 until %connected = 1 display \7 # # wait till its safe to send because some modems hang up # if you transmit during the connection phase # wait 30 dcd # # now prod the terminal server # output \13 # # wait for the username prompt # input 30 Username: username Enter your username output \u\13 # # and the password # input 30 Password: password Enter your password output \p\13 # # we are now logged in # CS User Guide 5-11 input 30 > # # see who on for informational reasons. # output who\13 input 30 > # # jump into slip mode # output slip default\13 # # wait for the address string # input 30 Your IP address is # # parse address # address 30 input 30 \n # # we are now connected, logged in and in slip mode. # display \n display Connected. Your IP address is \i.\n # # ping a well known host locally... #exec pingw 128.19.0.4 # # now we are finished. # ####################################################### e. PPP Connections. To make a PPP connection connect to the Communication Server as described in Chapter 3 and enter the follow- ing command at the user EXEC mode prompt: ppp [host] [/routing] Host The remote host name or IP address /routing This is optional, indicating that the remote host is a router. f. PPP Setup. The setting for the PPP connection is similar to 5-12 CS User Guide the SLIP connection. All the parameters described in the SLIP con- nection are also required to fill in for the PPP connection except the IP address and the NetMask. The IP address and NetMask will be resolved and filled in automatically by the software after success- fully making a PPP connection to a remote host via XTACACS. 5. Kermit Connections. This section deals with the Kermit protocol and how one would connect to a remote host via the Communication Server. The user must be verified by the Network Server via the TACACS process and then the connection to remote host can be esta- blished. The remote host must be capable of running the Kermit pro- tocol since both ends of the connection need to be running the Kermit protocol. A file transfer from the terminal to the host is accom- plished via the Kermit protocol. The connection to the host is then terminated. Note: The procedures listed below apply to a particular Kermit imple- mentation. The procedures for other Kermit implementations may vary somewhat depending on the vendor products. These procedures are listed as a typical example and not meant to be applicable in all cases. a. Obtaining Kermit. The Kermit software (version 3.1) can be obtained from Columbia University in New York City. The software is in the public domain and available free of charge and is available from sources on the Internet. For an up-to-date list of available Kermit programs write to: Kermit Distribution Columbia University Center for Computing Activities 612 West 115th Street New York, NY 10025 b. Activating Kermit. The procedures for activating the Kermit protocol and dialing up a connection to the CS with the software package are listed below. The parameters used in this particular case for Kermit are 8 bits per character, no parity, 1 stop bit, and 9600bps. As mentioned above, these parameters may not apply for other Kermit applications. Kermit resides in the terminal and the remote host and the data transfer is via the CS. In order to activate Kermit at the terminal the following steps are required. Press ALT, CONT, and DEL At the prompt C:> cd kermit2 CS User Guide 5-13 At the prompt C:\kermit2> kermit At the prompt MS-kermit> set port com1 At the prompt MS-kermit> set speed 9600 At the prompt MS-kermit> status (Check that the parameters are properly set.) At the prompt MS-kermit> c (Return) Screen goes blank - enter phone number atd xxxxxxxxx The CS will respond with the message CONNECT c. Authenticate. The user now needs to be verified by the authentication scheme which in this case is XTACACS. From the terminal location press the CR (or Enter) key. The CS will respond with the prompt Username: <user ID> The CS will respond with the prompt Password: <password> When the ID and Password have been verified the CS will respond with the prompt cfse-2511> 5-14 CS User Guide Open the connection to the Host using the appropriate command. At the prompt enter the name or address of the remote host. login: enter ID Host responds with prompt password: password Host responds with prompt host name (user name)12: cd kermit This command changes the host to the Kermit directory where 12 is a line number. Host responds with prompt host name (user name)13: kermit This command causes Kermit to execute. Host responds with prompt C-kermit> server This results in the host being the server in a client/server rela- tionship. Host responds with Kermit ready to Serve d. Data Exchange. The user can now exchange data between the terminal and the host. Activate the client Kermit protocol in the terminal. Enter the Escape Sequence ( by pressing the Control and ] keys simultaneously). Then press the c key The following prompt should appear MS-Kermit> Select a file from the Kermit directory by entering the dir command. CS User Guide 5-15 At the prompt MS-Kermit> send (file name) Information on the screen will indicate when the transmission is com- plete. e. Close Connection. The user can now close the connection to the host. At the prompt MS-Kermit> finish At the prompt MS-Kermit> c At the prompt Ckermit> quit At the prompt host name(user name)14: logout The following message appears. [Connection to [IP address of host is listed] closed by foreign host] At the prompt cfse-2511> (Control and ]) Press c At the prompt MS-Kermit> hangup At the prompt MS-kermit> quit At the prompt C:\kermit> cd\ 5-16 CS User Guide The prompt should appear. c:\> CHAPTER 6. OPERATING WITH A STU-III 1. Overview. The STU-III provides a modem, an encryption/decryption device and an access control device to both the user and each Communications Server port. The User Manual that is provided with each device describes detailed operations and maintenance procedures. 2. SIPRNET STU-III Operations. a. Communications Server/STU-III System Configuration. The Communications Server (CS)/STU-III System Configuration incorporates the CISCO 2511 Communications Server and the AT&T SDD Model 1910. The SDD 1910 utilizes V.42 Compression and V.42bis Error Correction and is capable of data rates up to 38.4 kbps. However, when operating in compressed mode, the SDD 1910 does not buffer the received data and passes the data to the CS at a fixed rate, i.e., the maximum rate of 38.4 kbps. This requires the CS to autobaud to the DTE rate, which is the data rate between the CS and the SDD 1910. This autobaud capability is required for interoperability between other types of STU-IIIs. The SDD 1910 presents the DTE rate to the CS, which was negotiated with the remote STU-III. Due to current software limitation on the CISCO 2511, the CS can autobaud up to a maximum rate of 19.2 kbps. In order to make all potential STU-IIIs interoperate with the SIPRNET CSs, the maximum data rate will be 19.2 kbps, until the CS is capable of autobauding to the higher rate of 38.4 kbps. b. SIPRNET Key Material. The SIPRNET Communications Server system has obtained a unique SIPRNET DAO-Code that will be used by all end users. This Key Material will be made available to the sites and users via Registered U.S. Mail. Each SIPRNET sight will receive a Fill Device KSD and blank KSD for each STU- III. These KSDs will have a DAO-Code designated as SIPRNET. The site Host Administrator will be responsible for keying the KSDs and the STU-IIIs. c. Loading Key Material. The Site Host Administrator will be responsible for keying the STU- IIIs and maintaining the key material. Under normal circumstances, all STU-III key material must be updated annually, based on the expiration date indicated on the KSDs. d. SACS Operations. In order to activate the SACS on each STU-III, the site manager will be required to set the Security parameters as indicated in the SIPRNET Comm Server STU-III Configuration1. In order to set the Security parameters, the Master CIK must be inserted and the parameters set via the STU-III front panel. 6-2 CS User Guide e. Access Control List (ACL) - SIPRNET User DAO-Code. The ACL will be loaded into a single STU-III via a PC using the LOADACL.EXE1. The ACL will contain a single entry, the DAO-Code obtained for SIPRNET users. This DAO-Code is Siprnet User. Once the ACL is loaded and stored in the STU-III SACS, an ACL KSD should be made1, and loaded into the remaining STU-IIIs via the ACL KSD1. 3. SIPRNET User Guidelines. a. User DTE/STU-III System Configuration. The end user will configure the STU-III and DTE as shown in reference1. The end-users far-end STU-III should have the same configuration as the CS STU- III1, however, the end users STU-III will not require the security parameters associated with the SACS to be configured. Additionally, the end-users STU-III will be configured with a DTE rate that is compatible with the associated DTE and will have the Remote Control parameter set to ON. If the user has an AT&T SDD 1910, the maximum data rates will be 19.2 kbps DTE rate, with compression, and 14.4 kbps line rate. All other STU-IIIs can be set to their maximum data rates, which will be lower than the SDD 1910. b. STU-III Interoperability. Based on the current CS/STU-III configuration, there are no known interoperability issues except for an odd-baud problem with Motorola Sectel 1500s with a serial number less than 100,000. If the STU-III is a sectel 1500 with a serial number below 100,000 is will require a software modification, MOD 42, which will be performed by Motorola at no charge. In order to determine if you need the MOD and how to get the upgrade, contact Donna Kim at 1-800-922-7883. c. User Dial-In. For the purposes of dialing into a SIPRNET CS, the end-user may use any communication software package that permits the use of the AT Command Set. Once the STU-IIIs have established a secure session, their functionality is that of standard modems, and their secure operations are transparent to the end-user. 1) Dial-In via the AT&T SDD 1910. The following procedures should be followed when dialing-in using the AT&T SDD 1910: Ensure that the DTE rates for the SDD 1910 and the DTE are set to be compatible. Place the SDD 1910 in Remote Control Mode. Use the DTE communication package to dial the CS STU-III. Once the remote STU-III has indicated a connection at an appropriate CS User Guide 6-3 DTE rate, the CS will attempt to autobaud with its STU-III. At this time, the user must: Enter Ctrl-Q followed by two or three returns from the DTE keyboard. Wait for the CS to issue a user-id request. Enter the user-id followed by a return. Enter the user password followed by a return. Wait for a response from the comm server indicated connection and display of the CS banner page. Once connected to the CS the user may initiate those services which are offered by the CS. 2) Dial-In via other STU-III Models. The following procedures should be followed when dialing-in using other STU-III models: Ensure that the DTE rates for the STU-III and the DTE are set to be compatible. Place the STU-III in On-Hook Mode (Remote Control Mode for the SDD 1900). Press the Data mode button (or Secure Data button) on the STU-III. Note: dialing-in voice mode will cause the CS STU-III to fail in the connection. Once the far-end STU-III has indicated a connection at an appropriate DTE rate, the CS will attempt to autobaud with its STU-III. At this time, the user must: Enter Ctrl-Q followed by two or three returns from the DTE keyboard. Wait for the CS to issue a user-id request. Enter the user-id followed by a return. Enter the user password followed by a return. Wait for a response from the comm server indicated connection and display of the CS banner page. 6-4 CS User Guide d. Siprnet User Key Material. 1) Upon receiving a SIPRNET user id and password, the user will receive a seed KSD via registered mail. The user, with the help of their security manager should load the key material. The user should make an Operational CIK. This Operational CIK will contain the Siprnet User DAO-Code that is listed in the CS STU-III SACS. 2) Once the Operational CIK has been created, the user will be ready to dial-in. It is recommended that the user become familiar with the data communication operations of the STU-III they will be using. The user will be responsible for annually updating the Operational CIK with the Key Management Center. The Operational CIK will have an expiration date associated with it to indicate when the rekeying must be accomplished. APPENDIX A: ACRONYMS ACL KSD Access Control List KeyStorageDevice ACM CIK Access Control Master Crypto-Ignition Key AT&T American Telephone & Telegraph bps bits per second Blank KSD Blank Key Storage Device CD Carrier Detect CIK Crypto Ignition Key CONUS Continental United States CPPP Compressed Point-to-Point Protocol CPU Central Processing Unit CR Carriage Return CS Communication Server CSLIP Compressed Serial Line Internet Protocol DAO Department DAO-Code Department DCD Data Carrier Detect DISN Defense Information Systems Network DODICS Department of Defense Interest Computer System DSN Defense Switched Network DTE Data Transmit Exchange ET Eastern Time ETS European Telephone System FTP File Transfer Protocol IP Internet Protocol IPR Internet Protocol Router KeyID Key Identification Number kbps kilobytes per second KSD Key Storage Device LAN Local Area Network LF Line Feed Master CIK Master Crypto-Ignition Key MC Monitoring Center NIC Network Information Center NS Network Server NIPRNET Unclassified, but sensitive, Internet Protocol Router Network Operational CIK Operational Crypto-Ignition Key PC Personal Computer PPP Point-to-Point Protocol PR Premise Router RA Remote Authentication RI Ring Indicator RFC Request For Comments [Page A-1] SACS Secure Access Control System SACS Master CIK Secure Access Control System Master Crypto- Ignition Key SDD Secure Data Device SIPRNET Secret Internet Protocol Router Network STU-III Secure Telephone Unit III SLIP Serial Line Internet Protocol TCP Transmission Control Protocol TCP IP TSR Telecommunications Service Request XTACACS Extended Terminal Access Controller Access Control System [Page A-2] APPENDIX B TERMINAL COMMANDS This Appendix contains a description of the terminal commands. A list of the terminal commands can be obtained by entering terminal ? at the user EXEC mode prompt. Example: cfse-2511>terminal ? terminal autohangup Automatically hangup up when the last connection closes. terminal data-character-bits This command sets the number of data bits per character to either 7 or 8. The default setting is 8. This command is used primarily to strip parity bits from X.25 connections on the Cisco IGS and 3000 routers with the protocol translation software option. Thus, it appears that this command has no application on the pilot installation. terminal databits The options are 5, 6, 7, or 8. If parity is being specified set 7 data bits per character. If no parity generation is in effect, specify 8 data bits per character. The default is 8 data bits per character. The 5 and 6 bit options are supplied for compatibility with older devices and are generally not used. terminal dispatch-character decimal-number1 [decimal-number2...decimal- numberx] terminal no dispatch-character This command causes the communication server to buffer characters into larger sized packets for transmission to the remote host. The communication server normally dispatches each character as it is typed. The argument decimal-number is the ASCII decimal representation of the character or string; any number of characters can be defined as the dispatch character. Specifying the Carriage Return character (ASCII 13) will result in a line-at-a-time transmission. The terminal no dispatch- character disables the dispatch character feature. terminal dispatch time out This command sets the dispatch timer to the value specified in milliseconds. The value of the timer specifies the number of milliseconds that the CS will wait (without seeing a dispatch character) after putting the first character into a packet buffer [Page B-1] before sending the packet. terminal download terminal no download This command sets the line to the transparent mode for file transfers using protocols such as Kermit, XMODEM, CrossTalk, etc. This allows for binary transmission from the host to the terminal and from the terminal to the host. The terminal no download command restores the lines original parameters. terminal editing This command enables the enhanced command line editing. Although the enhanced editing mode is automatically enabled with this software release, you can disable it and revert to the editing mode of previous software releases by using the terminal no editing command. The command terminal editing returns you to the enhanced command line editing mode. terminal escape-character decimal number terminal no escape-character The argument decimal number is the ASCII decimal representation of the desired escape character or control sequence. The default escape characters are Ctrl^. The terminal no escape-character command makes the break key function as the escape sequence. terminal exec-character-bits This command sets the size of the ASCII characters entered at the Cisco CS EXEC command mode. The options are 8 or 7. terminal flowcontrol The arguments are none, software in/out, and hardware. Software sets software flow control. An additional keyword specifies the direction: in causes the communication server to listen to flow control from the attached device, and out causes the communication server to send flow control information to the attached device. If you do not specify a direction, both directions are assumed. For the software control, the default stop and start characters are Ctrl-S and Ctrl-Q (XOFF and XON). terminal full-help this command provides help in the user EXEC mode. The terminal full- help command enables (or disables ) a display of all help messages available from the terminal. It is used with the show command in the following manner. cfse-2511>terminal full-help cfse-2511>show? [Page B-2] terminal help This command provides a description of the interactive help system. terminal history decimal number This command sets the size of the command history buffer. the argument decimal number specifies the number lines in the command buffer. terminal hold-character decimal-number terminal no hold-character The argument decimal-number is either the ASCII decimal representation of the desired hold character or else a control sequence (for example, Ctrl-C). Typing the hold character temporarily halts the output at the terminal. To continue the output, type any other character. To send the hold character to the host precede it with the escape character. The terminal no hold- character command clears the hold character. terminal keymap-type keymap type Use this command to set the keyboard type. The default value is VT100. terminal lat DEC LAT protocol specific configuration. NOTE: LAT connections will not be supported in the DISN router networks. terminal length screen length Use this command to set the screen length. The argument screen length is the desired number of lines. The default length is 24 lines. terminal notify terminal no notify When you have multiple concurrent connections, you might want to know when output is pending on a connection other than the current connection. For example, you might want to know when another connection receives mail or a message. The terminal notify command causes the communication server to notify you of pending output. The terminal no notify command ends such notifications. terminal padding decimal-number count terminal no padding decimal- number [Page B-3] Use this command to set the padding for a specified output character. The argument decimal-number is the ASCII decimal representation of the character, and can be any of the 127 ASCII characters. The argument count is the number of NULL bytes sent after the character, up to 255 padding characters in length. Use the terminal no padding command to end the padding after the character represented by decimal-number. terminal parity The options are none, even, odd, space, or mark. The default setting is none. terminal rxspeed baud This command is used to set the terminal receive speed (from the terminal to the CS). The Pilot installation modems will support terminal speeds of 2400 to 19,200 (default is set to 19,200) for the NIPRNET ports and the STU-IIIs will support terminal speeds of 2400 to 38,400 (default is set to 38,400) for the SIPRNET ports. The data compression feature of the modem and the STU-III allows the terminal (DTE) speed to be at a higher rate than the line rate (DCE)(from modem to modem). terminal special character bits Use this command to change the ASCII character widths for special characters. The options are 7 or 8. The default value is 7. terminal speed baud This command will set both the receive and the transmit terminal speeds. The argument baud is typically set to 2400, 4800, 9600, 19200, or 38400. The Pilot installation modems will support terminal speeds of 2400 to 19,200 (default is set to 19,200) for the NIPRNET ports and the STU-IIIs will support terminal speeds of 2400 to 38,400 (default is set to 38,400) for the SIPRNET ports. The data compression feature of the modem and the STU-III allows the terminal (DTE) speed to be at a higher rate than the line rate (DCE)(from modem to modem). terminal start-character decimal-number terminal no start character Use this command to change the character that signals the start of data transmission when software flow control is in effect. The argument decimal-number is the ASCII decimal representation of the desired start character. The default start character is Ctrl-Q (ASCII 17). Use the terminal no start-character command to remove [Page B-4] the start character. terminal stop-character decimal-number terminal no stop-character Use this command to change the character that signals the end of data transmission when software flow control is in effect. The argument decimal-number is the ASCII decimal representation of the desired stop character. The default stop character is Ctrl-S(ASCII character 19). Use the terminal no stop-character command to remove the stop character. terminal stopbits The options are 1, 1.5, 2. The default value is 2. terminal telnet-transparent terminal no telnet-transparent This command causes the current terminal line to send a Return (CR) as a CR followed by a NULL instead of a CR followed by a Line Feed (LF). This scheme permits interoperability with different interpretations of end-of-line handling in the Telnet protocol specification. Use the terminal no telnet-transparent to remove this scheme. terminal terminal-type terminal name terminal no terminal-type The argument terminal name records the type of current terminal. Indicate the terminal type if it is different from the default of VT100. This name is used by Telnet and rlogin to inform the remote host of the terminal type. Use the terminal no terminal-type command to remove the terminal type. terminal transport Use this command to select the transport protocol for the line. The options are telnet, pad, none. The default is telnet. terminal txspeed This command is used to set the terminal transmit speed (from the CS to the terminal). The Pilot installation modems will support terminal speeds of 2400 to 19,200 (default is set to 19,200) for the NIPRNET ports and the STU-IIIs will support terminal speeds of 2400 to 38,400 (default is set to 38,400) for the SIPRNET ports. The data compression feature of the modem and the STU-III allows the terminal (DTE) speed to be at a higher rate than the line rate (DCE)(from modem to modem). terminal width columns [Page B-5] Use this command to set the columns on the terminal screen. The argument columns is the desired number of columns. the default is 80. [Page B-6] APPENDIX C: ASCII _ Translation Table Some commands described in this document require the decimal representation of an ASCII character. This APPENDIX provides ASCII character translations to the decimal number. Numeric Values ASCII Comment Keyboard Decimal Hex Name 0 00 NUL Null Ctrl-@ 1 01 SOH Start of heading Ctrl-A 2 02 STX Start of text Ctrl-B 3 03 ETX Break end of text 4 04 EOT End of transmission Ctrl-D 5 05 ENQ Enquiry Ctrl-E 6 06 ACK Positive acknowledgement Ctrl-F 7 07 BEL Bell Ctrl-G 8 08 BS Backspace Ctrl-H 9 09 HT Horizontal tab Ctrl-I 10 0A LF Line feed Ctrl-J 11 0B VT Vertical tab Ctrl-K 12 0C FF Form feed Ctrl-L 13 0D CR Carriage return Ctrl-M 14 0E SO Shift out Ctrl-N 15 0F SI Shift in XON (resume output) 16 10 DLE Data link escape0 Ctrl-P 17 11 DC1 Device control character 1 Ctrl-Q 18 12 DC2 Device control character 2 Ctrl-R 19 13 DC3 Device control character 3 Ctrl-S 20 14 DC4 Device control character 4 Ctrl-T 21 15 NAK Negative Acknowledgment Ctrl-U 22 16 SYN Synchronous idle Ctrl-V 23 17 ETB End of transmission blocko Ctrl-W 24 18 CAN Cancel Ctrl-X 25 19 EM End of medium Ctrl-Y 26 1A SUB substitute end of file 27 1B ESC Escape Ctrl-[ 28 1C FS File separator Ctrl-29 30 1E RS Record separator Ctrl-^ 31 1F US Unit separator Ctrl-_ 32 20 SP Space Space 33 21 ! 34 22 ( 35 23 # 36 24 $ 37 25 % [Page C-1] Numeric Values ASCII Comment Keyboard Decimal Hex Name 38 26 & 39 27 40 28 ( 41 29 ) 42 2A * 43 2B + 44 2C , 45 2D - 46 2E . 47 2F 48 30 0 49 31 1 50 32 2 51 33 3 52 34 4 53 35 5 54 36 6 55 37 7 56 38 8 57 39 9 58 3A : 59 3B ; 60 3C < 61 3D = 62 3E > 63 3F ? 64 40 @ 65 41 A 66 42 B 67 43 C 68 44 D 69 45 E 70 46 F 71 47 G 72 48 H 73 49 I 74 4A J 75 4B K 76 4C L 77 4D M 78 4E N 79 4F O 80 50 P 81 51 Q 82 52 R 83 53 S 84 54 T 85 55 U [Page C-2] Numeric Values ASCII Comment Keyboard Decimal Hex Name 86 56 V 87 57 W 88 58 X 89 59 Y 90 5A Z 91 5B [ 92 5C Ctrl-93 94 5E ^ 95 5F _ 96 60 accent grave 97 61 a 98 62 b 99 63 c 100 64 d 101 65 e 102 66 f 103 67 g 104 68 h 105 69 i 106 6A j 107 6B k 108 6C l 109 6D m 110 6E n 111 6F o 112 70 p 113 71 q 114 72 r 115 73 s 116 74 t 117 75 u 118 76 v 119 77 w 120 78 x 121 79 y 122 7A z 123 7B { 124 7C | 125 7D } 126 7E Tilde ~ 127 7F Delete Del [Page C-3]