Introduction to the Cisco Broadband Operating System

This chapter provides an overview of the Cisco Broadband Operating System (CBOS) and its features. CBOS is the common operating system for all Cisco Customer Premise Equipment (CPE), including the Cisco 627, Cisco 633, Cisco 673, Cisco 675, the Cisco 675e, the Cisco 677, and the Cisco 678.

Note These products are referred to as the Cisco 67x product line. When you see 67x in this documentation, substitute the hardware product you are using.

The CBOS is modeled after the Cisco Internetworking Operating System (IOS) and features a similar command syntax and format.

This chapter includes the following sections:

CBOS Features
CBOS User Interfaces
CBOS Help System

For more information on using the CBOS, refer to "Using the Command Line Interface."

The list below defines the terminology used in this chapter.

Dynamic Host Configuration Protocol (DHCP)---Assigns IP addresses and other configuration parameters to hosts dynamically. The DHCP protocol is described in RFC 2131, which obsoletes RFC 1541.
Network Address Translation (NAT)---Converts IP addresses on a private network (designated as "inside" or "LAN") to global IP addresses that are valid on another registered network (designated as "outside" or "WAN"). NAT operates on a router that connects two or more networks together. Port-level multiplexed NAT is used to translate all internal private addresses to ports within one or more outside registered IP addresses.
PPP/Internet Protocol Control Protocol (IPCP)---Dynamically configures IP addresses over Point-to-Point Protocol (PPP). The Cisco CPE family uses PPP/IPCP to dynamically negotiate its own registered WAN interface IP address from a central access server. PPP/IPCP and DHCP are different methods of assigning addresses. The 67x can also be provisioned to obtain its LAN-side (ETH0) address via IPCP.
DHCP Client---An Internet host using DHCP to obtain configuration parameters such as a network address.
DHCP Server---An Internet host that returns configuration parameters to DHCP clients.
Inside---The set of network addresses that are subject to conversion by NAT. These addresses exist on the LAN side of the router.
Outside---Commonly referred to as legal or global addresses. These addresses exist on the WAN side of the router.
Outbound Traffic---Traffic from an inside host to an outside host
Inbound Traffic---Traffic from an outside host to an inside host.
Lease Time
---The amount of time that an address given to a DHCP client by a DHCP server remains valid. The lease time can be either:
- A finite lease-time in which the client must renew the lease before it expires in order to continue using the address.
- An infinite lease-time in which the client maintains the same IP address as long as it stays connected to the network

1.1 New Features for CBOS Release 2.3.0

1.1.1 Port Address Translation Enhancements

CBOS Release 2.3.0 adds Port Address Translation (PAT) enhancements as discussed in the following sections.

Support for Microsoft WINS Applications

CBOS Release 2.3.0 adds PAT support for Microsoft WINS-based applications:

Microsoft's Network File Sharing
Browsers to view Microsoft's Network Neighborhood

Support for UDP Broadcast

CBOS Release 2.3.0 adds PAT support for UDP network-directed as well as subnetwork-directed broadcasts.

1.1.2 Support for Remote Shell (rsh), Remote Copy (rcp), and Remote Login (rlogin)

CBOS Release 2.3.0 adds PAT support for non-encrypted remote shell (rsh), remote copy (rcp), and remote login (rlogin) protocols.

1.1.3 Network Address Translation Enhancements

CBOS Release 2.3.0 adds Network Address Translation (NAT) enhancements that allow NAT to be applied to each interface. This means you can apply NAT to the Ethernet, logical WAN interfaces and the VIPs (virtual interfaces). With the latest NAT enhancements, eth0, vip0 through vip2 can be configured as inside or outside interfaces and wan0-0 through wan 0-3 can be configured as outside interfaces for NAT.

When NAT is enabled, NAT translates only inside to outside and outside to inside traffic. Traffic that remains within its own respective boundary (inside to inside or outside to outside) is not translated.

NAT Commands with No Changes

Use the current commands to globally configure interface timeout values. No new commands are added to create dynamic NAT table entries because the network generates these based on traffic. The NAT commands in Table 1 have not changed:

Table 1: NAT Commands with No Changes

Command	Description
set nat { enable \| disable }	Global on and off command for all interfaces
set nat disable	Disables NAT on all interfaces
set nat entry add	Adds a static NAT entry
set nat entry delete	Deletes a static NAT entry
set nat outside ip address	Adds a specific static NAT entry to the WAN0-0 table
show nat	Displays all NAT entries, including static and wildcard Wildcard entries display as asterisks.

NAT Commands with Changes

Table 2 lists new commands to set NAT protocols for specific interfaces.

Table 2: NAT Commands with Changes

Command	Description
set nat outside ip ip address	Sets Outside Global IP Address for the WAN0-0 Interface as in CBOS 2.2
set interface wan0-1 outside ip 172.167.20.42	Sets a specific outside IP address for WAN0-1 interface
set int eth0 inside	Sets ETH0 interface as an inside network
set int vip0 inside	Sets virtual interface 0 as an inside network

Note The command set interface eth0 outside ip address is invalid.

Enhancements to the show nat command includes the NAT Status and Network Side for all Interfaces. The following is an example of the new format:

sh nat Example
 
cbos#sh nat
 
NAT is currently enabled
 
Port      Network        Global
eth0      Inside
wan0-0    Outside      192.161.23.4
vip0      Outside
vip1      Outside
vip2      Outside
 
 
Local IP  Port      Global IP  Port      Timer Flags Proto   Interface
     *****           **********              0  0x3041  ***   eth0

1.1.4 Support for IP Precedence

CBOS Release 2.3.0 recognizes IP Precedence bits defining Type of Service (TOS) in the IP header and routes IP packets based on this value. With this enhancement, you can use IP Precedence to route packets to a specific interface.

IP Precedence bits map to individual interfaces according to the following rules:

One or more IP precedence values can be mapped to one interface.
A particular IP Precedence value can be mapped to only one interface for the same destination IP address range.
The gateway specified for the route must be the same as the interface transmitting the packet.

IP Precedence bits route IP packets to individual interfaces according to the following rules:

If an IP packet specifies an IP Precedence value mapped to an interface, the interface forwards the IP packet
If an IP packet has an IP Precedence whose value does not map to a specific interface, the packet is forwarded normally.
If an IP packet has a matching precedence but not matching destination, the packet is forwarded using the default precedence route, if configured

New extensions to the CBOS Release 2.3.0 CLI allow users with enable-level access to configure and map IP Precedence values to different interfaces. The syntax for the new command is:

set route add ip ip_address gateway gw_address precedence n

Table 3 shows examples of this command.

Table 3: Sample IP Precedence Setting Commands

Command	Description
set route add ip 192.200.1.0 gw 192.100.10.1 precedence 5	Routes packet from network 192.200.1.0 with a precedence of 5 to the gateway at 192.100.10.1
set route add ip 192.200.1.0 gw wan0-1 precedence 5	Sets IP Precedence to 5 for gateway interface
set route default wan0-1 precedence 5	Sets a default route for precedence 5 packets to wan0-1

The set route command can accept either an IP address or an interface as valid entries according to the command syntax set route default { ip-address | interface } or set route add ip ip-address gw { ip-address | interface }. When using IP address as a gateway, the gateway address must exist in one of WAN interfaces. Use show route to display WAN addresses.

Enhancements to the set route default command include a precedence field that defines the default routes for packets with Precedence bits set. The syntax for the set route default command is:

set route default { ip address | interface } precedence n

The show route command now includes a column [P] showing the precedence level. The following is an example of the new format:

#show route
[TARGET]         [MASK]           [GATEWAY]       [M] [P] [TYPE]    [IF]    [AGE
0.0.0.0          0.0.0.0          0.0.0.0          1      SA        WAN0-0   0
0.0.0.0          0.0.0.0          0.0.0.0          1   5  SAR       WAN0-1   0
192.168.10.0     255.255.255.0    0.0.0.0          1      LA        ETH0     0
192.168.1.0      255.255.255.0    0.0.0.0          1      A         WAN0-0   0
192.168.2.0      255.255.255.0    0.0.0.0          1      AR        WAN0-1   0
WAN Interfaces...
192.168.1.72     255.255.255.255  0.0.0.0          1      HA        WAN0-0   0
192.168.2.72     255.255.255.255  0.0.0.0          1      HA        WAN0-1   0
192.168.3.72     255.255.255.255  0.0.0.0          1      HA        WAN0-2   0

1.1.5 Support for TFTP Checksum

CBOS Release 2.3.0 enhances its TFTP Client and Server programs to perform checksum validation for image and configuration file transfers. Image and configuration files will be written to NVRAM only after a successful checksum validation.

Caution The running configuration will be deleted when a TFTP file transfer is done.

1.1.6 New Default Settings

CBOS Release 2.3.0 defines new factory default settings. These settings apply to the Cisco 675 only:

set ppp wan0-0 ipcp 0.0.0.0

set ppp wan0-0 dns 0.0.0.0

set ppp wan0-0 subnet 0.0.0.0

set multicast forwarding disabled

set broadcast forwarding disabled

Note The show run command does not show these services as enabled. Default settings are not displayed in the running configuration.

1.1.7 Support for GSI 3.2 Firmware Update

The GSI 3.2 firmware update provides for lower baud rates to the 17 Kbaud and 64 Kbaud. CBOS Release 2.3.0 supports these rates in the Cisco 675 and 675e. The Cisco 677 can support these rates after downloading the CBOS Release 2.3 image. Service providers now have wider range of desirable rates from which to chose for these products. (See Table 4 and Table 5.)

Table 4: Downstream Channel Bit Rate per Constellation Size (kb/s)

		Bit Rate per Constellation Size (kb/s)
Symbol Rate (Kbaud)	Signal	256 uncoded	256	128	64	32	16	8
136	Payload with RS	1024	896	768	640	512	384	256
340	Payload with RS	2560	2240	1920	1600	1280	960	640
680	Payload with RS	5120	4480	F/A	3200	F/A	1920	F/A
952	Payload with RS	7168	6272	F/A	4480	F/A	2688	F/A

: RS = Reed-Solomon error correction
: F/A = Future Availability

Table 5: Available Downstream/Upstream Baud Rates

Downstream Kbaud	Upstream Kbaud
136	17
136	68
136	136
340	68
340	136
680	136
952	136

The show rates command now includes entries with the additional baud rate combinations. The following is an example of the additional listings:

cbos#show rates
Possible ATM/ADSL Line Rates 
 Downstream                 Upstream (Kbps)
 --------------------------------------------- 
 952 Kbaud Downstream ----- 136 Kbaud Upstream 
 7168                       1088 
 6272                       952 
 4480                       680 
 2688                       408 
 --------------------------------------------- 
 680 Kbaud Downstream ----- 136 Kbaud Upstream 
 5120                       1088 
 4480                       952 
 3200                       680 
 1920                       408 
 --------------------------------------------- 
340 Kbaud Downstream ----- 136 Kbaud Upstream 
 2560                       1088 
 2240                       952 
 1920                       816 
 1600                       680 
 1280                       544 
 960                        408 
 640                        272 
                            91 
 340 Kbaud Downstream ----- 68 Kbaud Upstream 
 2560                       544 
 2240                       476 
 1920                       408 
 1600                       340 
 1280                       272 
 960                        204 
 640                        136 
                            45 
 --------------------------------------------- 
 136 Kbaud Downstream ----- 136Kbaud Upstream 
 1024                       1088 
 896                        952 
 768                        816 
 640                        680 
 512                        544 
 384                        408 
 256                        272 
 136 Kbaud Downstream ----- 68 Kbaud Upstream 
 1024                       544 
 896                        476 
 768                        408 
 640                        340 
 512                        272 
 384                        204 
 256                        136 
                            45 
 136 Kbaud Downstream ----- 17 Kbaud Upstream 
 1024                       136 
 896                        119 
 768                        102 
 640                        85 
 512                        68 
 384                        51 
 256                        34 
                            11

1.1.8 CBOS Modifications for Setting Upstream Transmit Power

New extensions to the CBOS Release 2.3.0 CLI allow a user with exec-level access to set the upstream transmit power. The syntax for the command is:

set interface wan0 txpower value_in_db

Valid values are:

: 1 = full
: 2 = -3 db
: 3 = -6 db
: 4 = -9 db
: 5 = -12 db
: 6 = -15 db

1.1.9 Enhancements to DHCP Pool Start Addressing

CBOS Release 2.3.0 enables you to learn the starting addresses for the DCHP pool. CBOS Release 2.3.0 enhancements use the mask learned during IPCP negotiation to define the range of IP addresses.

1.1.10 Enhancements to WAN-LNK LED Blink Pattern

CBOS Release 2.3.0 adds new blink patterns to the WAN Link LED to indicate the connection state of the Cisco 675 in more detail.

Table 6: WAN Link LED Blink Patterns

Blink Pattern/Rate	Description
Steady ON	A link is established to the WAN port. All parameters for physical and logical connections are correctly set. The equipment successfully transmits and receives data.
Continuous rapid blinking, about 3 blinks per second	The equipment is trying to establish a connection. The pattern continues until a connection is established.
Intermittent blinking. For the Cisco 675: 6 rapid blinks followed by a 2-second pause before repeating. For the Cisco 676 or 677: 5 rapid blinks followed by a 2-second pause before repeating.	The equipment is trying to establish a physical connection. At this time, the training session is not yet completed; there are no logical connections and negotiated line conditions with other equipment (such as DSLAMs) are not yet established.
OFF	Check all connections. Ensure the WAN0 interface is not disabled.

1.1.11 Enhancements to the Set Filter Command

Use the set filter command to specify and modify IP filtering conventions for the Cisco 67x.

set filter {code} {on | off | reset} [deny | allow] {incoming | outgoing} {interface eth0 | wan0-0 | all}{src-ip src-mask dest-ip dest-mask} [protocol TCP | UDP | ICMP] [srcport lo - hi] [destport lo - hi]

Syntax Description

code	Enter the filter number to be modified. Valid filter code values are 0 through 19.
on \| off \| reset	Enables, disables or resets the filter. Reset allows you to reset a filter to default values without removing an entire configuration.
deny \| allow	Specifies whether the filter is to allow or deny packets that match the filter's address and mask.
incoming \| outgoing	Specifies direction of traffic to be filtered; required.
interface eth0 \| wan0-0 \| all	Displays the Interface on which to apply the filter. This can be a particular interface such as eth0 or wan0-x or all interfaces.
src-ip	Enter the source IP address for packets.
src-mask	Enter the mask to be applied to source IP address. This allows the filter to match a group of incoming IP addresses.
dest-ip	Enter the destination IP address of outgoing packets.
dest-mask	Enter the mask to be applied to destination IP address. This allows the filter to match a group of outgoing IP addresses.
protocol TCP \| UDP \| ICMP	Specify which protocol to match; optional.
srcport lo - hi	Displays the inclusive range of source port numbers to block; 1 - 65535 matches all source ports.
destport lo - hi	Displays the inclusive range of destination port numbers to block; 1 - 65535 matches all destination ports.

Command Mode

Enable

Usage Guidelines

Use the set filter command to specify IP filtering conventions. The Cisco 67x has 20 filters that can be applied to TCP, UDP and ICMP packets passing through the router's interfaces. Enabled filters are applied to packets in sequential order according to filter number.

The rules that govern the filter command are:

The minimum parameters required for the set filter command are the filter code and the on/off/reset flag.
A parameter can be implemented only if all previous parameters are implemented, even with don't care values. If you want to use the protocol parameter, all required and optional parameters prior to the protocol parameter must be included.
If no filters are enabled, no filters are checked. If at least one filter is enabled, the filter function proceeds through the list of filters until a match is found. The function then returns the value of the deny | allow parameter. If no match is found, the function denies the packet.
For traffic you want to allow, be sure that filters are enabled for allowing packets in both directions.
Place filters for expected heavy traffic early in the list of filters. Placing frequently matched filters higher in the list maintains routing performance.
The first match determines the fate of the packet. There are no exceptions to this rule.
Source and destination IP address and masks must both be present on the command line when the deny | allow flag is present.
A source-address and source-mask of 0.0.0.0 and 0.0.0.0 are used to always match a packet for the filter. Likewise, an address/mask of 255.255.255.255/255.255.255.255 is used to never match a packet.
Filters are applied to the Ethernet interface (eth0) by default. Include the interface variable on the command line to specify another interface, or all to specify all interfaces in the router.
Changes made to the filters will become effective immediately. Packet filtering can be globally suspended and resumed with the set filter command.
All filter related commands (set and show) are disabled when in bridge mode.

Examples

The following example blocks all web access.

set filter 0 on deny all 0.0.0.0. 0.0.0.0  0.0.0.0. port 80

The following example blocks all telnet access from the 192.168.0.25 network.

set filter 1 on deny all 192.168.0.0 255.255.255.0 0.0.0.0. 0.0.0.0 port 23

The following example accepts telnet access from the host 192.168.0.25.

set filter 2 on allow all 192.168.0.25 255.255.255.255 0.0.0.0. 0.0.0.0 port 23

The following example blocks all FTP access on a wan port.

set filter 3 on deny wan0-1 0.0.0.0. 0.0.0.0 0.0.0.0. 0.0.0.0 port 21

The following example turns off the first filter.

set filter 0 off

Note Press enter only after entering all command parameters. A command may appear on two lines here for readability.

1.2 Common Features

This section describes the CBOS-supported features that are common to the Cisco Customer Premise Equipment (CPE) product line.

Reduces or eliminates the need for you to manually configure CPE devices
Minimizes the need for configuration of the PCs in a Small Office/Home Office (SOHO) network
Incorporates the DHCP server and NAT functionality.

: DHCP automatically configures the IP addresses of both the Cisco CPE 67x series products and PC clients within the SOHO network. NAT uses one or more public IP address to translate the SOHO network's private IP address space into real, Internet-valid network IP addresses (Figure 1-7).

Figure 1-7: Configurationless Provisioning with DHCP and NAT

Benefits of Configurationless Provisioning

Configurationless provisioning provides:

Reduced Internet access costs through the use of dynamically allocated IP addresses
Simplified router configuration and IP address management
Conserved registered IP addresses
Dynamic IP address allocation for remote workstations
Remote LAN IP address privacy

Note The Cisco 67x CPE products and the CBOS are Y2K compliant.

1.2.1 Configurationless Provisioning Process

The combination of DHCP and NAT in the Cisco PPP/ATM environment supports a configurationless CPE provisioning by automatically configuring both the Cisco 67x and the associated SOHO network at power-on. A minimal configuration is required in the user PC (typically a single check-box to enable DHCP operation) but all PCs within the network have identical settings which simplifies initial provisioning and network support.

Understanding the DHCP Server and DHCP Client

Two components make up the dynamic host configuration protocol on the Cisco 67x:

DHCP server
DHCP client

Using the Cisco 67x as a DHCP Server

When the Cisco 67x DHCP server operates in:

Stand-alone mode---It fully configures the SOHO network with IP addresses, default gateways, and Domain Name Servers (DNSs).

The Cisco 67x DHCP then configures the Cisco 67x and provides sufficient information to allow the Cisco 67x-based DHCP server to configure the SOHO network as well.

Stand-alone server mode---A system administr ator manually provisions the Cisco 67x with the appropriate configuration for the clients within the SOHO network.

The configuration information that the Cisco 67x DHCP server is able to assign to SOHO clients includes, but is not limited to, the following:

Note The Cisco 67x does not automatically resolve DNS addresses. Therefore, you must enter the following configuration parameters as IP addresses.

Gateway
Primary Domain Name Server
Netmask
Internet Address
SMTP Server
POP3 Server
NNTP Server
WEB Server
IRC Server

Note Not all DHCP clients accept or understand every configuration parameter option passed to them.

Using the Cisco 67x as a DHCP Client

The Cisco 67x operates as a DHCP client as follows:

1. A PPP session is establish ed over wan0-0.

2. The Cisco 67x (see Figure 1-7) sends a DHCP client request to the service provider's network.

3. The Cisco 67x obtains configuration information from the service provider's DHCP server.

4. The Cisco 67x turns into a DHCP server and can configure SOHO clients (PC#1, PC#2, and PC#3).

Note If you use the DHCP client mode, you must also use the DHCP server mode.

5. When the DHCP server is enabled, the Cisco 67x must contain a valid DHCP configuration, which has been either manually provisioned or obtained during a previous client transaction.

If this is the first time the Cisco 67x has performed a client request, it ignores all network traffic until the Cisco 67x client transaction has completed.

6. The Cisco 67x saves the client configuration information obtained during the client transaction to NVRAM for subsequent use.

If a client transaction results in configuration information that differs from that which is stored in NVRAM, the Cisco 67x saves the new configuration to NVRAM and uses the new information on the subsequent power-cycle.

Understanding NAT

NAT in the Cisco 67x translates private (or Internet-invalid) IP addresses to public (Internet-valid) IP addresses. By dynamically creating a table of translation information each time data is exchanged with any network outside of the SOHO network, the CPE device allows multiple PCs to oversubscribe a single, public IP address. This powerful feature both conserves IP addresses and minimizes customer reconfiguration of a local SOHO network.

Use NAT if you cannot use a network's internal private addresses outside either for security reasons or because the addresses are invalid outside the network.

Basic NAT allows a one-to-one mapping between one private address and one public address.
NAT with Port Address Translation (PAT or NAPT) is an extension to NAT in that PAT uses TCP/UDP ports in addition to network addresses (IP addresses) to map many private network addresses to a single outside address. Cisco CPE products support both NAT and PAT.

Note Cisco CPE products do not support basic NAT for the 2.1.0 Release.

When NAT is enabled, the Cisco 67x obtains a public IP address from the upstream router (in most cases a Cisco 7200) using either PPP's IPCP protocol or a DHCP client transaction. The upstream router, in turn, may obtain the IP addresses from a locally provisioned pool, either a DHCP server or a RADIUS server. This allows the service provider to easily configure the customer premise network and router.

Network Address Translation is predominantly application-independent, with the exception of FTP. However, the Cisco implementation of NAT fully supports full-rate FTP. Applications that include IP addresses within the packet payload will fail without special NAT-wise consideration.

Other benefits of the Cisco implementation of NAT on CPE products include:

Abstracts the customer premise network from any changes in the service provider network (including changing service providers).
Enables access (from the public Internet) to a specific private SOHO host by statically mapping a real IP address to a private host's IP address. This static mapping would facilitate the operation of a Web server, for example, within a network served by Cisco CPE products.
Preserves all of the Cisco 67x's layer three management features. TFTP (for firmware updates), TELNET (for general management), ping, and traceroute all operate in the same manner as when NAT is disabled, provided there is no static mapping from the outside address to an inside address.
Supports transparent use of the Domain Name Server (DNS) mechanism for outside hosts requests. This means that NAT does not interfere with host name look-ups such as CISCO.COM. However, for hosts inside the SOHO network's private address space, a DNS server (or LMHOSTS file) is required in the SOHO network to resolve host names automatically.
Does not impose any requirements on service provider configurations. Service providers provide their own NAT IP address (that is, registered to the service provider) for translation of 67xs outside network address.

DHCP and NAT Together

When both NAT and DHCP are enabled, the Cisco 67x becomes virtually configurationless. NAT obtains the public address used for translation in the same manner as described above. However, DHCP does not require any additional provisioning since NAT translates all address information to the outside, public address. You can use a DHCP client transaction to obtain DNS, WINS, and other information for subsequent SOHO DHCP server operation, but this is not required.

When a DHCP client transaction is in progress, the Cisco 67x delays NAT implementation until the client transaction completes. This ensures that the most current information is used for server operation.

The end result for the SOHO users (PC#1, PC#2, and PC#3) (see Figure 1-7) is as follows:

1. SOHO users turn on their un-configured machines with DHCP enabled. Within seconds, they are surfing the Internet using a configuration totally and transparently supplied by their service provider.

2. Clients are not affected by changes at the service provider.

Note When you do not use Network Address Translation, you must maintain a consistent relationship between the information you obtain during the client phase and the configurations passed to the clients on the SOHO network. This occurs because clients retain their DHCP configuration for the configurable lease time.

After a SOHO host's lease time expires, it must request an IP address from the DHCP server. If a Cisco 67x obtains different configuration information during the client phase, the SOHO clients must obtain new address leases. And further, because their default gateway system (the Cisco 67x) has changed addresses, they can no longer access the outside network.

1.3 Supported Applications

In addition to DHCP and NAT, CBOS also supports the applications, listed below, for management and control of the system:

Ping (packet Internet groper)

: Cisco CPE products support the standard version of ping (packet Internet groper), which tests whether a particular network destination is online by sending an Internet control message protocol (ICMP) echo request and waiting for a response.

RADIUS

Remote Authentication Dial-In User Service (RADIUS) authenticates users for access to a network. The RADIUS server uses an authentication scheme, such as PAP, to authenticate incoming messages from RADIUS clients. When a password is present, it is hidden using a method based on the RSA Message Digest Algorithm MD5.

The Cisco 67x has been successfully tested for compatibility with the following RADIUS server providers:

Livingston Enterprises RADIUS Version 2.01

Sun Solaris Version 2.5

Merit RADIUS (Sun binary)

RADIUS NT (Microsoft)

Cisco 67x Implementation of the RADIUS Client:

The Cisco 67x supports a RADIUS client. However, for most environments, the RADIUS client is not used. The RADIUS client exists on the service provider's remote access server. The Cisco 67x communicates with the RADIUS client through PAP packets.

RIP (Routing Information Protocol)

: The CBOS supports the Routing Information Protocol (RIP) and RIP2. RIP is an interior gateway protocol used with TCP/IP to automatically add IP routes to the routing table. It provides routing information such as what networks are accessible and the number of hops required to reach each one. RIP2 includes a larger command set to expand RIP functionality.

SYSLOG client

SYSLOG logs significant system information to a remote SYSLOG server for processing without requiring large amounts of local storage or local processing.

Implementing SYSLOG:

Using the CBOS, the Cisco 67x allows you to specify a remote server for logging system messages. Cisco supports the following levels of severity :

Debug
Info
Warning
Alarm
Critical
Crash

To configure your syslog daemon to receive Cisco SYSLOG messages, modify the /etc/syslog.conf configuration file (remember to use tabs, not spaces). Several systems, such as Linux and FreeBSD, have SYSLOG set up properly by default.

Telnet server

: Use Telnet as a command line interface and as a means of providing remote login connections between machines on several networks, including the Internet.

TFTP server

: Use the Trivial File Transfer Protocol (TFTP) to transfer files to and from a Cisco 67x using a TFTP client. Cisco 67x runs a TFTP daemon, which allows users from remote machines who have TFTP client software to remotely transfer files to and from the Cisco 67x. The TFTP client can be enabled and disabled from the CBOS or the Web Management Interface.
: For security reasons, Cisco recommends that you disable the TFTP application, except when uploading or downloading a file. Typically, use TFTP to transfer new software from Cisco to your Cisco 67x, where the file name equals
nsrouter.c67x.<version #>ima.hr. You can also use TFTP to archive an image of your CBOS configuration file. This configuration file can be named anything you wish as long as you can view and edit the file with a standard text editor. Use the.cfg extension to make the configuration file easy to locate and to assure that it can be viewed and edited by a standard text editor. Archive an image of your configuration file before making changes to it so you can easily recover the old file if necessary. When uploading a configuration file to the 67x, you must name the configuration file nscfg.cfg before uploading.

Traceroute

: Use traceroute to determine if there is a connection between two systems and to view the intermediate routers between the two systems.

Web access

: Use the Cisco CPE product's web interface for configuring and changing system settings.

Note These applications are only accessible when the Cisco 67x is in routing mode except for TFTP, ping, and Telnet in managed bridging mode.

1.4 Using CBOS User Interfaces

The CBOS includes two interfaces you can use to configure and operate the Cisco 67x:

Command Line Interface---This interface is designed for experienced personnel to use in their day-to-day tasks for operating banks of Cisco 67xs. Access this interface using either a Telnet or a terminal emulation program.

Web Browser Interface---This interface is designed for individuals who prefer a graphical user interface (GUI) program or who are familiar with Web-based navigational principles.

1.5 Using the CBOS Help System

From the CBOS prompt, use the help command to display the online help system for a specified command. Refer to "Using the Command Line Interface," for more information on the help command. To access the Help Facility, enter the following command from the command line:

help [command-name]

? [command-name]

For example, to display information about the show version command, enter:

help show version

? show version

Table of Contents