|
This chapter describes how to configure the DEC Local Area Transport (LAT) transmission protocol on the Cisco terminal servers. You will find the following information in this chapter:
Making LAT connections is described in the chapter "Terminal Server User Commands."
To make these changes, you must be in the privileged configuration mode. To enter configuration mode, type the configure command at the EXEC prompt. You can then enter the commands described in this section. For more information about the configuration mode, see the chapter "System Configuration."
A command summary is included at the end of the chapter.
DEC's Local Area Transport (LAT) protocol is the protocol used most often to connect to DEC hosts. LAT is a DEC-proprietary protocol. Cisco uses LAT technology licensed from DEC.
The LAT protocol allows a user at one site to establish a connection to a host at another site, then passes the keystrokes from one system to the other. A user can establish a LAT connection through the terminal server to a DEC host, simply by entering the host name.
Unlike the TCP/IP Telnet protocols, the LAT protocols cannot be routed. Because DEC's LAT protocol includes its own transport protocol which runs directly over Ethernet, rather than a standard routing layer, it cannot be passed by a router; refer to Figure 1-1. A bridge or combined bridge and router, such as the Cisco router, must be used to carry LAT traffic across a wide area network. A terminal server can be used to carry LAT traffic over a WAN by first translating LAT to X.25 or Telnet.
Resources such as modems, computers, and application software are viewed in a LAT network as services that, potentially, any user in the network may use. LAT services are given a unique name that identifies them on the LAT network. Your Cisco terminal server software creates a dynamic table of known LAT services (collectively called learned services). It collects this information by listening to service advertisement messages, also called service announcements, from LAT nodes. These messages are sent using Ethernet multicast messages, which contain lists of services offered, their rating, and identification.
While the Telnet protocol connects to specific nodes, or hosts, on the network, LAT searches for nodes that offer the service you request. If that service is offered by more than one node, the service with the highest rating is chosen.
The software supports the DEC load balancing and service rating functions that help ensure equitable and efficient service to all users. Load balancing serves to spread the user load evenly among the service nodes. Service ratings are a measure of the ability of service nodes to accept new connections. Service ratings are dynamically determined, but may also be
statically set using the Cisco LAT configuration commands.
As potentially any user on a LAT network can access any of the services on the network, a LAT server manager uses the concept of group codes to allow or restrict access to the services.
When the group codes on both the terminal server and the LAT host share a common group code, a connection can be established between the two. If the default group codes have not been changed, a user on any terminal server can connect to any learned service on the network.
However, if you define groups for terminal servers and LAT hosts, you can partition these services into logical subnetworks. You can organize the groups so that users on one terminal server view one set of services, and users on another terminal server (or another line on the same server) view a different set.
You may wish to design a plan that correlates group numbers with organizational groups, such as departments. You can define subgroups using the global and line configuration commands described in this chapter. The section "Group Code Syntax," later in this chapter describes how to enter group code lists in the Cisco software commands.
A LAT host node's services cannot be accessed in part; access is granted, per node, on an all-or-none basis.
A LAT session is a two-way logical connection between a LAT service and the terminal server. All this is transparent to the user at a console connected to a LAT session; to the user it appears that connection has been made to the desired device or application program.
When a host connects to a terminal server, this is called a host-initiated connection. The terminal server maintains a queue of hosts desiring connection by sending periodic status messages to the requesting host. Connection can be to any type of LAT service. A typical example would be a printer.
It is possible to determine which LAT hosts have queue entries for printers on terminal servers using the EXEC command show entry. Additionally, it is possible for privileged users to delete entries using the clear entry command. (These commands are described more fully in later sections of this chapter.)
Host-initiated connections can also be made to services defined on the terminal server, instead of port numbers. These same services are used for connections from other terminal servers.
If a host-initiated connection is received which specifies a destination port number that corresponds to a virtual port on the terminal server, a virtual EXEC process will be created for the user to log in with. This process can be used, in conjunction with the DEC set host/dte command on VMS, to connect to a Cisco terminal server from a VMS host node.
Cisco's terminal server software fully supports the DEC LAT protocol suite, and additionally, supports these features:
Cisco's LAT protocol is supplied with a default configuration, and does not require additional configuration for you to use it. The software does provide commands for customizing the LAT software for your environment, if desired.
Following are the basic steps for using and configuring LAT on the Cisco terminal server.
Step 1: Create group code lists for advertising available services.
Step 2: Define a group list for outgoing connections, if needed.
Step 3: Define a list of services for inbound session support, if needed.
Step 4: Configure reverse LAT connections, whereby a Cisco terminal server runs the host portion of the LAT protocol.
Additionally, the software provides commands that allow you to set timers for the rate at which messages are sent, and for the wait interval between messages.
The following sections describe how to customize the terminal server for the LAT environment. Descriptions of the EXEC commands to troubleshoot LAT operation follow these sections.
To enable LAT protocol translation on the IGS, LAT must be explicitly enabled. Use this interface subcommand to do so:
lat enabledUse the no variation to disable LAT.
This example enables LAT:
interface ethernet 0
lat enabled
This example disables LAT on the same Ethernet interface:
interface ethernet 0
no lat enabled
This section describes how to configure group code lists used for making outgoing LAT
connections. This section begins with a summary of the group code syntax.
In the DEC LAT protocol, a group code is defined as a decimal number in the range 0 to 255. Some of the Cisco LAT configuration commands take a list of group codes; this is referred to as a group code list. The rules for entering numbers in a group code list follow:
A trailing enabled or disabled keyword can be used in the command line to change an existing list. Examples of this are provided in the sections describing the commands that use these features.
You can refine the list of services to which a user may connect. You do this by defining the group code lists used for connections from specific lines using the lat out-group line subcommand. You can use this command to limit the connection choices for an individual line. When a user initiates a connection with a LAT host, the user's line must share a common group number with the remote LAT host before a connection can be made.
The lat out-group line subcommand defines the group list for the line's outgoing user-initiated connections. The command has this syntax:
lat out-group groupGroup lists can also be defined with the terminal lat out-group EXEC command. This command is entered at the EXEC prompt instead of after a line command in the configuration file, and makes a local change to the group list. See the chapter "Terminal Server User Commands" for a description of the terminal parameter setting commands.
This example defines the services for three sets of lines, 1 through 7, 10 through 17, and 20 through 24:
line 1 7
lat out-group 12 18-23
line 10 17
lat out-group 12
line 20 24
lat out-group 12 18-23 44
Access to systems on the first set of lines is limited to groups 12, and 18 through 23; the second set is limited to group 12; the third set is limited to group codes 12, 18 through 23, and 44. All other lines use the default of group zero.
This examples illustrates how to make a local group list at the EXEC prompt:
TS>terminal lat out-group 14 16-18
Groups 14 and 16 through 18 are set for the local terminal. These settings remain in effect until the EXEC command exit is entered, or until the interval set with the exec-timeout command has passed. The user may only enable groups authorized in the lat out-group line configuration command. This feature is used to limit the list size for the show lat services command.
Use the lat group-list global configuration command to create group lists. The command allows a name to be assigned to the group list. Specifying a name for a group lists simplifies the task of entering individual group codes. In other words, a name makes it easier to refer to a long list of group code numbers. The command has this syntax:
lat group-list name group [group...] [enabled|disabled]The argument name specifies the name of the group.
The argument group lists the group numbers. The list can be a single number, a list of numbers separated by spaces, or a range of numbers separated by a hyphen.
The optional keyword enabled allows you to easily make incremental changes to the list; that is, you may add a group code without retyping the entire command.
The optional keyword disabled allows you to selectively remove a group code from the list.
The no lat group-list command removes the specified group list. The group list must already exist. To see a list of existing groups, enter the EXEC command show lat groups command at the EXEC prompt.
This example creates the new group named stockroom and defines it to include the group numbers 71 and 99.
lat group-list stockroom 71 99
This can be verified by entering the EXEC command show lat groups, which is explained further in the section "Monitoring LAT."
TS>show lat groups
Group Name Len Groups
stockroom 13 71 99
The following example adds group code 101 to the group named stockroom:
lat group-list 101 enabled
A show lat groups command will verify that group code 101 has been added.
The following example deletes the group named cafeteria:
no lat group-list cafeteria
This can be verified by entering the EXEC show lat groups command.
The lat service-group global configuration command specifies a group code mask to use when advertising all services for this node. The command has this syntax:
lat service-group {groupname|number|range} [enabled|disabled]You can enter a group code name specified by the lat group-list command using the groupname argument. You can enter a group code using the number argument. You can enter more than one group code by listing the numbers, or by listing a hyphenated range of numbers. You can also enter both a group code name and group codes.
The optional keyword enabled allows you to easily make incremental changes to the list, that is, you may add a group name or code without retyping the entire command.
The optional keyword disabled allows you to selectively remove a group name or code from the list.
If no service group is specified by the groupname argument, the terminal server defaults to advertising to group 0.
These commands set groups 100 through 103, then specify engineering as the group code list to advertise:
lat group-list engineering 100-103
lat service-group engineering enabled
This command sets the groups 1, 5, 20 through 36, and 52:
lat service-group 1 5 20-36 52
You can then enter this command to add group 99:
lat service-group 99 enabled
Just as LAT services are offered by host computers, they also can be offered by terminal servers. A terminal server implements both the host and server portions of the LAT protocol. This allows connections from either hosts or terminal servers. When a host connects to a terminal server, this is called a host-initiated connection. Collectively, both types of connections are referred to as inbound connections.
The commands described in this section define support for host-initiated connections. This support includes refining the list of services which the terminal server will support. An incoming session may be to either a port or a service. The port name is the terminal line number, as reported by the show users all command. LAT services are defined with the lat service command, described in the following subsections. Each service offers attributes that the system manager can set to customize the LAT services as required for the particular environment. Not all of these attributes are necessary in a particular environment, and in fact, it does not make sense to use all the attributes for the same service.
The lat service service-name password global configuration command sets up a LAT password for the service.
lat service service-name password passwordThe connecting user will be required to enter this password in order to complete the connection.
Use the argument service-name to define the service. Specify the password with the password argument.
This command specifies service name BLUE and password secret.
lat service BLUE password secret
The lat service service-name ident global configuration command sets the LAT service identification for the specified service. The full syntax of this command follows:
lat service service-name ident identificationUse the argument service-name to define the service.
The argument identification is a descriptive name (text only) that identifies the service. The identification is advertised to other servers on the network, and is displayed along with the list of name services on the LAN.
This command specifies the identification Welcome to Gateway-A on service STELLA.
lat service STELLA ident Welcome to Gateway-A
The lat service service-name rating global configuration command allows the network manager to set a static service rating for the specified service. The command syntax is as follows:
lat service service-name rating static-ratingIf this command is not entered, the terminal server calculates a dynamic rating based on the number of free ports which can handle connections to the service. Setting a static rating overrides this calculation and causes the specified value to be used.
Use the argument service-name to define the service.
Use the argument static-rating to specify the static service rating. The rating must be in the range of 1 to 255. The default is to use a dynamic rating.
This command specifies a service rating of 84 on the service WHEEL:
lat service WHEEL rating 84
Use the lat service service-name rotary global configuration command to associate a rotary group with a service. When an inbound connection is received for this service, the terminal server establishes a reverse-LAT connection to a terminal in that rotary group. The full syntax of the command is as follows:
lat service service-name rotary groupIf the rotary option is not set, the connection will be to a virtual terminal session on the terminal server.
Use the argument service-name to define the service.
Use the group argument to specify the rotary group number.
This command creates a service called MODEM to establish a rotary group:
lat services MODEM rotary 1
Establish rotary groups using line configuration commands and the rotary line subcommand. To define a service that communicates with a specific line, define a rotary with only that line specified. The following is an example of such a configuration:
hostname ciscots
! Service name for the terminal server as a whole
lat service ciscots enable
! Set up some lines with unique service names
line 1
rotary 1
lat service ciscots1 rotary 1
lat service ciscopt1 enable
!
line 2
rotary 2
lat service ciscots2 rotary 2
lat service ciscots2 enable
The lat service service-name autocommand global configuration command associates a command with a service. The command has this syntax:
lat service service-name autocommand commandWhen an inbound connection is received for this service, the specified command will automatically be executed instead of the user receiving a virtual terminal session.
Use the argument service-name to define the service.
Use the command argument to specify the command to be associated with the service.
TACACS or port passwords are bypassed for these services; only the LAT password is checked.
This command associates the command telnet china-cat to the service CHINA-CAT.
lat service CHINA-CAT autocommand telnet china-cat
This command is automatically executed when an inbound connection is received.
The lat service service-name enabled global configuration command enables inbound connections to the specified service, and enables the advertisement of this service to terminal servers on the network. The command syntax follows:
lat service service-name enabledIn the simplest form, this command creates a service which gives connecting users access to a VTY port on the server. Use the argument service-name to define the service.
The command no lat service service-name deletes the specified service. However, deleting a service does not disconnect existing connections.
Enter this command when all configurations for a service are complete:
lat service WHEEL enabled
The above command enables inbound connections to the service WHEEL.
Use the commands described in the following sections to customize the environment for transmitting LAT messages. Cisco's implementation of LAT allows you to set these features:
The commands in this section affect all LAT connection types.
Use the lat retransmit-limit global configuration command to set the number of times that LAT can retransmit a message before declaring the remote system unreachable. The command has this syntax:
lat retransmit-limit numberSet the number of retries with the argument number. The default value is eight retries. The number can be set at any number between 4 and 255 retries.
Assigning larger values to the number of tries increases the robustness of the LAT service at the cost of longer delays when communications are disrupted. As LAT generally retransmits messages once a second, the value is approximately the number of seconds that LAT connections will survive connection disruption.
If you bridge LAT, the retransmission limit should be set to at least 20 tries for LAT sessions to survive a worst-case spanning-tree reconfiguration, because bridging spanning-tree reconfiguration can take up to 15 seconds.
The no lat retransmit-limit command restores the default retry value.
This command sets the retransmission limit to 30 tries, enough time to sustain the down time incurred when the system must reconfigure a spanning-tree topology:
lat retransmit-limit 30
The keepalive timer sets the rate that messages are sent, in the absence of actual traffic between the terminal server and the remote node. The server uses keepalive messages to detect when communication with a remote node is disrupted, or when the remote node has crashed. Use the lat ka-timer global configuration command to set the keepalive timer to the specified value. The command has this syntax:
lat ka-timer secondsUse the argument seconds to set the rate. The default rate is 20 seconds. The no lat ka-timer command restores the default.
This command resets the keepalive timer to five seconds:
lat ka-timer 5
The virtual circuit timer sets the time that LAT will wait before sending any traffic. Use the lat vc-timer global configuration command to set the virtual-circuit timer to the specified value. The command has this syntax:
lat vc-timer millisecondsUse the argument milliseconds to specify the timer value. The default timer value is 80 milliseconds. Smaller values increase the overhead on both the terminal server and the host. However, you can use smaller values to correct buffer overflows, which happens when the terminal server receives more data than it can buffer during a virtual circuit timer interval.
Larger values increase the need for terminal server buffering, and can cause noticeable echoing delay. However, increased values can reduce traffic. In environments with slow bridging, retransmissions can be reduced if you increase the value to at least three times the worst-case, round-trip interval.
The no lat vc-timer command returns the default value.
The following example sets the virtual circuit timer to ten milliseconds.
lat vc-timer 10
Since LAT groups were not intended to implement security or access control, the terminal server software provides access lists to provide these functions. An access list is a sequential collection of permit and deny conditions that serve to restrict access to or from LAT nodes on a specific terminal line. Each access list statement defines a permit or deny condition and a matching criterion for the node name. When a LAT connection is attempted (either incoming or outgoing), the node name of the destination service (not the service name) is compared against the regular expression. If they match, the connection is permitted or denied as specified by the access list command.
To specify an access condition, use the lat access-list global configuration command. The full syntax of this command follows.
lat access-list number {permit|deny} regular-expressionThe argument number is a number between 1 and 99 you assign to the line using the access-class line subcommand. See the upcoming section "Restricting Terminal Connections" for examples of command use.
The keyword permit allows matching node names to access the line. The keyword deny denies access to any matching node name.
The node name follows the permit or deny keyword. The argument regular-expression is the name of the LAT node, with or without regular expression pattern matching characters, with which to compare for access. The UNIX-style regular expression characters allow for pattern matching of characters and character strings in the node name.
When both IP and LAT connections are allowed from a terminal line, and an IP access list is applied to that line with the access-class line subcommand, you also must create a LAT access list numbered the same if you want to allow any LAT connections from that terminal. This is because you can specify only one incoming and one outgoing access list number for each terminal line, and when checking LAT access lists, if the list specified does not exist, the system denies all LAT connections.
See the section "Examples of LAT Access Lists" for an example of command use.
See Table 1-1 and Table 1-2 for a summary of pattern and character matching symbols and their use. A more complete description of the pattern matching characters is found in the appendix "Pattern Matching."
Character Description | |
---|---|
\0 | Replaces entire original address. |
\1..9 | Replaces the strings that match the first through the ninth parenthesized part of X.121 address. |
* | Matches 0 or more sequences of the regular expressions. |
+ | Matches 1 or more sequences of the regular expressions. |
? | Matches the regular expression of the null string. |
Character Description | |
---|---|
^ | Matches the null string at the beginning of the input string. |
$ | Matches the null string at the end of the input string. |
\char | Matches char. |
. | Matches any single character. |
To restrict incoming and outgoing connections between a particular terminal line or group of lines and the node names in an access list, use the access-class line subcommand:
access-class list {in|out}The argument list is an integer from 1 through 99 that specifies the defined access list. Use the keyword in to control which nodes may make LAT connections into the terminal server.
Use the keyword out to define the access checks made on outgoing connections. (A user who types a node name at the system prompt to initiate a LAT connection is making an outgoing connection.)
See the upcoming section "Examples of LAT Access Lists" for an example of command use.
The following is an extensive example illustrating incoming permit conditions for all IP hosts and LAT nodes with specific characters in their names and a deny condition for X.25 connections to a printer. Outgoing connections, however, are less restricted.
! Permit all IP hosts, LAT nodes beginning with "VMS" and no X.25
! connections to the printer on line 5
!
access-list 1 permit 0.0.0.0 255.255.255.255
lat access-list 1 permit ^VMS.*
x29 access-list 1 deny .*
!
line 5
access-class 1 in
!
! Meanwhile, permit outgoing connections to various places on all the
! other lines.
!
! Permit IP access within cisco
access-list 2 permit 131.108.0.0 0.0.255.255
!
! Permit LAT access to the Stella/blue complexes.
lat access-list 2 permit ^STELLA$
lat access-list 2 permit ^BLUE$
!
! Permit X25 connections to infonet hosts only.
x29 access-list 2 permit ^31370
!
line 0 99
access-class 2 out
This example illustrates how to define access lists that permit all connections, thereby
conforming to previous software behavior. See the previous note for more information.
access-list 1 permit 131.108.0.0 0.0.255.255
access-list 1 permit 150.136.0.0 0.0.255.255
!
line 1 40
access-class 1 out
! define LAT access list that permits all connections
lat access-list 1 permit .*
This section lists configuration examples that illustrate use of the commands described in this chapter.
These commands establish basic LAT service for the service group named WHEEL.
! Establish line connections
line 1 7
lat out-group 12 18-23
!
! Establish list of group codes and service groups
lat group-list HUBS 12 18-23
lat service-group HUBS enabled
!
! Establish inbound session support
lat service WHEEL password secret
lat service WHEEL ident Welcome to the Machine
lat service WHEEL autocommand telnet wheel
lat service WHEEL enabled
!
! Set the timers
lat retransmit-limit 30
lat ka-timer 5
The following example illustrates how to configure a range of lines for rotary connections, then establishes the LAT service Modems for rotary connection.
! Establish rotary groups
line 3 7
rotary 1
!
! Establish modem rotary service
!
lat service Modems rotary 1
lat service Modems enabled
See the section "Connections to One or More Lines (Rotary Group)" in the chapter "System Configuration" for more information about rotary groups.
Maintaining LAT is a simple task. Cisco provides the following EXEC command to delete an entry from the queue.
clear entry numberThe clear entry command deletes a pending entry. The argument number is an entry number obtained from the show entry EXEC command.
Use the EXEC show commands described in this section to obtain displays of LAT activity.
The EXEC command show entry displays the list of queued host-initiated connections. Enter this command at the EXEC prompt:
show entryExample output follows:
1 waiting 0:02:22 for port 5 from LAT node BLUE
2 waiting 0:00:32 for port 5 from LAT node STELLA
In this sample, two LAT connections are waiting for access to port 5. The list is ordered so that the lower numbered entry has been waiting longer, and will get to use the line next. The display shows how long each connection attempt has been waiting, the port for which the connection is waiting, and the name of the user trying to make the connection.
The EXEC command show lat advertised shows all of the LAT services which a terminal server offers to other systems running LAT on the network. Enter this command at the EXEC prompt:
show lat advertisedAdvertised services are created with the lat service configuration commands. The display includes the service rating, rotary group, if present, and whether or not the service is enabled for incoming connections.Table 1-3 lists LAT advertised services display fields.
The following is the screen output from a terminal server, RECLUSE, which has three services defined: CHINA-CAT, MODEMS, and RECLUSE:
Service Name Rating Rotary Flags
CHINA-CAT 4(Dynamic) None Enabled
Autocommand: telnet china-cat
MODEMS 0(Dynamic) 12 Enabled
Ident: SpaceBlazer modem services
RECLUSE 4(Dynamic) None Enabled
Ident: white recluse...
Table 1-3 explains the fields in the display.
The EXEC command show lat groups displays the groups that were defined with the lat group-list configuration command. Enter this command at the EXEC prompt:
show lat groupsThe following sample output displays the named LAT groups and the numbered group lists that define them.
Group Name Len Groups
cafeteria 3 13 15 23
engineering 7 55
manufacturing 10 70 71 72
Table 1-4 explains the fields shown in the display.
Field | Description |
---|---|
Group Name | Assigned group name. |
Len | Size of internal data structure used to contain the group code map. |
Groups | Contains the list of group codes associated with the learned group. |
The EXEC command show lat nodes displays information about all known LAT nodes. Enter this command at the EXEC prompt:
show lat nodesThe following sample displays information about LAT nodes TS and Eng2.
Node "TS", Address 0207.0102.3302, usage 0
Timer 69, sequence 5, changes 139, flags 0x0, protocol 5.1
Recv 0/0/0, Xmit 0/0/0, 0 Dups, 0 ReXmit
Groups: 0
Node "ENG2", Address AA00.0402.64DC, usage 0
Timer 139, sequence 103, changes 0, flags 0x0, protocol 5.1
Recv 105/65/1072, Xmit 84/68/121, 0 Dups, 0 ReXmit
Groups: 0
Table 1-5 explains the fields shown in the display
The EXEC command show lat services shows the LAT learned services. Enter this command at the EXEC prompt:
show lat servicesThe following sample output displays the LAT learned services.
Service Name Rating Interface Node (Address)
ABCDEFGHIJ 5 Ethernet0 CONFUSED (0000.0c00.391f)
GLAD 84 Ethernet0 BLUE (aa00.0400.9205)
Ident: Welcome to Big Blue Gateway
WHEEL 83 Ethernet0 WHEEL (aa00.0400.9005)
ZXYW 5 Ethernet0 CONFUSED (0000.0c00.391f)
Table 1-6 explains the fields shown in the display.
Field | Description |
---|---|
Service Name | Lists the LAT service name. |
Rating | Lists the rating of the service. If a single service is provided by more than one host, the terminal server will connect to the one with the highest rating. |
Flags | Indicates the state of the service. |
Node | Lists the connection address. |
(address) | Lists the advertised identification for the service. |
The EXEC command show lat sessions displays active LAT sessions. Enter the following at the EXEC prompt:
show lat sessions [line-number]Use the optional argument line-number to show a single line.
The first of the following two sample outputs displays information about all active LAT sessions. The second example displays information about LAT sessions on one line only. A discussion of the screen output follows the two examples.
TS#show lat sessions
tty0, connection 1 to service TERM1
TTY data:
Name "0", Local usage 1/0, Remote usage disabled
Flags: Local Connects, Enabled
Type flags: none
Config flags: -FlowOut, -FlowIn, Parameter Info
Flow control ^S/^Q in ^S/^Q out, Mode Normal, Parity None, databits 8
Groups: 0
Session data:
Name TERM1, Remote Id 1, Local Id 1
Remote credits 2, Local credits 0, Advertised Credits 2
Flags: none
Max Data Slot 255, Max Attn Slot 255, Stop Reason 0
Remote Node data:
Node "TERM1", Address 0000.0C00.291F, usage 1
Timer 59, sequence 5, changes 159, flags 0x0, protocol 5.1
Recv 56/22/83, Xmit 41/23/14, 0 Dups, 0 ReXmit
Groups: 0
tty10, connection 1 to service ENG2
TTY data:
Name "10", Local usage 1/0, Remote usage disabled
Flags: Local Connects, Enabled
Type flags: none
Config flags: -FlowOut, +FlowIn, Set Parameters, 0x40000000
Flow control ^S/^Q in ^S/^Q out, Mode Normal, Parity None, databits 8
Groups: 0
Session data:
Name ENG2, Remote Id 1, Local Id 1
Remote credits 1, Local credits 0, Advertised Credits 2
Flags: none
Max Data Slot 255, Max Attn Slot 255, Stop Reason 0
Remote Node data:
Node "ENG2", Address AA00.0400.34DC, usage 1
Timer 179, sequence 60, changes 255, flags 0x0, protocol 5.1
Recv 58/29/186, Xmit 50/36/21, 0 Dups, 0 ReXmit
Groups: 0
The following sample output displays information about active LAT sessions on one line, line 10.
TS#show lat sessions 10
tty10, connection 1 to service ENG2
TTY data:
Name "10", Local usage 1/0, Remote usage disabled
Flags: Local Connects, Enabled
Type flags: none
Config flags: -FlowOut, +FlowIn, Set Parameters, 0x40000000
Flow control ^S/^Q in ^S/^Q out, Mode Normal, Parity None, databits 8
Groups: 0
Session data:
Name ENG2, Remote Id 1, Local Id 1
Remote credits 1, Local credits 0, Advertised Credits 2
Flags: none
Max Data Slot 255, Max Attn Slot 255, Stop Reason 0
Remote Node data:
Node "ENG2", Address AA00.0400.34DC, usage 1
Timer 189, sequence 61, changes 247, flags 0x0, protocol 5.1
Recv 60/29/186, Xmit 52/36/21, 0 Dups, 0 ReXmit
Groups: 0
Table 1-7 describes the screen output for the preceding two examples. The output is divided into three sections: tty data, sessions data, and remote node data. Where information on more than one session appears, there is a group of three sections for each session, preceded by a line identifying the session.
Field | Description |
---|---|
TTY data: | Reports a summary of the LAT-oriented terminal-line specific data. |
Name | Name used for this port as a port identification string. This is reported to remote systems, which may display it in some operating-system dependent manner. This is also the value used for targets of host-initiated connections. Currently, this value is hard-wired to be the line number of the associated terminal line. |
Local usage Remote usage | Indicate the current status of the terminal. The number is reported as current/maximum, where current is the current number of sessions of a given type, and maximum is the maximum number of sessions allowed, or zero if there is no maximum. If a terminal is being used for outgoing sessions, the local usage will be equal to the number of current LAT sessions. If the terminal is being used for incoming sessions, local usage will be disabled, and the remote count and maximum will be one. |
Flags | Indicate the current state of the line, and whether there are currently any queued host-initiated connections. |
Type flags | Report flags which are not currently used in this software release. |
Config flags | Indicate the current port state as reflected by the most recent configuration message exchange. |
Flow control | Lists set flow control characters. |
Groups: | Report the group code list currently in use for the line. |
Session data: | Reports various parameters about the connection. |
Name | For outbound connections: Indicates the name of the remote service to which it is connected. For inbound connections, this field is currently unused. |
Remote/Local ID | Report the slot IDs being used to uniquely identify the session multiplexed over the underlying LAT virtual circuit. |
Remote/Local credits | The number of flow control credits which the terminal server will be sending to the host as soon as possible. The advertised credits are the number of credits which have already been extended. |
Flags | Indicate transient conditions in the LAT state machine dealing with the current connection status. |
Max data slot | Maximum number of characters which may be sent in a single data slot. |
Max Attn Slot | The maximum amount of data which may be sent in an attention message. As current LAT implementations only send one-byte attention messages (attention messages are used to flush buffered output), a nonzero value means that remote data flushing can be used, a zero means that it can't. |
Stop Reason | The reason that the session was stopped, if it has been stopped but not deleted. This value is usually zero, indicating that the session has not been stopped yet. If a session persists for a long period of time with a nonzero stop reason, this generally indicates a problem in the local LAT software. |
Remote Node data: | Reports information about the remote node. The data includes the same fields as those from the show lat nodes output. |
The EXEC command show lat traffic reports traffic and resource utilization statistics kept by the terminal server. Enter this command at the EXEC prompt:
show lat trafficThe report includes LAT packet statistics and current parameter settings.
The following example shows the LAT traffic on all active lines for this terminal server.
Local host statistics:
0/100 circuits, 0/500 sessions, 1/500 services
100 sessions/circuit, circuit timer 80, keep-alive timer 5
Recv: 335535 messages (2478 duplicates), 161722 slots, 1950146 bytes
0 bad circuit messages, 3458 service messages (52 used)
Xmit: 182376 messages (2761 retransmit), 146490 slots, 36085 bytes
1 circuit timeouts
Total: 23 circuits created, 38 sessions
Field | Description |
---|---|
Local host statistics: | Displays information about the terminal server. |
circuits | Displays the current number and maximum support number of virtual circuits. |
sessions | Displays the current and maximum number of sessions. |
services | Displays the current number of known remote services, and the maximum supported. |
sessions/circuit | Displays the number of sessions per virtual circuit supported by the software. |
circuit timer | Displays the value of the virtual circuit timer parameter defined by the lat vc-timer global configuration command. |
keep-alive timer | Displays the value defined by the lat ka-timer global configuration command. |
Recv: | Displays statistics about local node receive totals. |
messages | Displays the total count of virtual circuit messages received. |
duplicates | Displays the number of duplicate virtual circuit messages received. |
slots | Displays the number of slots received. |
bytes | Displays the actual number of data bytes received. |
bad circuit messages | Displays the count of invalid messages received. |
service messages | Displays the number of service advertisement multicast messages received. |
used | Displays the number of multicast messages that caused the local node information to be updated. |
Xmit: | Displays various transmission totals. |
messages | Displays the total number of virtual circuit messages transmitted. |
retransmit | Displays the number of virtual circuit messages retransmitted due to the lack of an acknowledgment. |
slots | Displays the number of data and control slots transmitted. |
bytes | Displays the actual count of user data bytes transmitted. |
circuit timeouts | Displays the count of times that a virtual circuit timed-out because the remote node stopped responding (due to a node failure or communications failure). |
Total: | Displays the count of virtual circuits and sessions that have existed since the terminal server booted or rebooted. |
The EXEC debug commands described in this section are used to troubleshoot LAT sessions. Generally, you enter these commands during troubleshooting sessions with Cisco Customer Engineers.
For each debug command, there is a corresponding undebug command that turns the display off.
The EXEC command debug entry displays debugging messages for incoming queue entries.
The EXEC command debug lat turns on debugging messages for LAT-related significant events. Events dealing with LAT control messages are logged to the console terminal and to any logging monitor.
The following shows screen output from high-level LAT event debugging.
LAT event debugging is on
TS#
Sending Start slot
LAT23: Connection complete.
LAT23: DataB: -FlowOut +FlowIn Set, OutFlow ^S/^Q, InFlow ^S/^Q
*Parity 48 *Mode 0 *Speed 9600/9600
LAT: Host Initiated connection from ENG2 to :3
LAT3: created new inbound session
Sending Start slot
LAT3: Connection complete.
LAT3: Session stopped, code 5, reason 0
LAT23: DataB: -FlowOut +FlowIn Set, OutFlow ^S/^Q, InFlow ^S/^Q
*Parity 48 *Mode 0 *Speed 9600/9600
In the preceding example, while debugging is in progress a user logs onto a remote computer system, and a host-initiated connection is received from the remote system ENG2. The DataB messages shown reflect the remote system setting of local port parameters.
The EXEC command debug lat-packet turns on more verbose LAT debugging. Packet-level debugging is enabled. For each datagram (packet) received or transmitted, a message is logged to the console.
The following shows screen output from packet-level debugging.
LAT packet debugging is on
TS#
LAT: O dst=AA00.0400.64DC, type= 2, len= 8, next 0 share 1
LAT: I src=AA00.0400.64DC, dst=0207.0104.3302, type=0
LAT: O dst=0900.2B00.000F, type= 28, len= 402C, next 0 share 1
LAT: I src=0207.0104.3302, dst=0900.2B00.000F, type=28
LAT: O dst=AA00.0400.64DC, type= 2, len= E, next 0 share 1
LAT: I src=AA00.0400.64DC, dst=0207.0104.3302, type=1
LAT SLOT: src 1, dst 1, len 1, code 1 (Data-A)
LAT: O dst=AA00.0400.64DC, type= 2, len= E, next 0 share 1
LAT: I src=AA00.0400.64DC, dst=0207.0104.3302, type=1
. . .
LAT: O dst=0900.2B00.000F, type= 28, len= 402C, next 0 share 1
LAT: I src=0207.0104.3302, dst=0900.2B00.000F, type=28
LAT: O dst=AA00.0400.64DC, type= 2, len= 8, next 0 share 1g
LAT: I src=AA00.0400.64DC, dst=0207.0104.3302, type=0 all
Following is an alphabetically organized summary of the LAT global configuration commands. These commands may appear any place within the configuration file.
[no] lat access-list number {permit|deny} regular-expression
Specifies an access condition. The argument number is a number between 1 and 99 assigned to the line using the access-class line subcommand. The keyword permit allows matching node names to access the line. The keyword deny denies access to any matching node name. The node name follows the permit or deny keyword. The argument regular-expression is the name of the LAT node, with or without regular expression pattern matching characters, with which to compare for access. The UNIX-style regular expression characters allow for pattern matching of characters and character strings in the node name. Use the no lat access-list command with the list number to remove the entry.
[no] lat group-list name group [group...] [enabled|disabled]
Creates group lists that are associated with a name to simplify the task of entering
individual group codes. The argument name specifies the name of the group. The argument group lists the group numbers. The list can be a single number, a list of numbers separated by spaces, or a range of numbers separated by a hyphen.
The optional keyword enabled allows you to add a group code without retyping the entire command.
The optional keyword disabled allows selective removal of a group code from the list.
Sets the keepalive timer to the specified value. The argument seconds sets the rate. The default rate is 20 seconds.
[no] lat retransmit-limit number
Sets the number of times that LAT retransmits a message before declaring the remote system unreachable. The argument number sets the number of retries. The default value is eight retries. The number can be set at any number between 4 and 255 retries.
[no] lat service-group {groupname|number|range} [enabled|disabled]
Specifies a group code mask to use when advertising all services for this node. Use the groupname argument to enter the group code name specified by the lat group-list global configuration command. Use the number argument to enter the group code. Enter more than one group code by listing the numbers, or by listing a hyphenated range of numbers, or by entering both a group code name and group codes.
The optional keyword enabled allows adding a group name or code without retyping the entire command.
The optional keyword disabled allows selective removal of a group name or code from the list.
If no service group is specified by the groupname argument, the terminal server defaults to advertising to group 0.
[no] lat service service-name autocommand command
Associates a command with a service.When an inbound connection is received for this service, the specified command will automatically be executed instead of the user receiving a virtual terminal session. The argument service-name defines the service. The argument command specifies the command to be associated with the service.
[no] lat service service-name enabled
Enter this command as the last entry to enable inbound connections to the specified service, and enable the advertisement of this service to terminal servers on the network. The command creates a service which gives connecting users access to a VTY port on the server. The argument service-name defines the service. The no lat service command deletes the specified service; however, deleting a service does not disconnect existing connections.
[no] lat service service-name ident identification
Sets the LAT service identification for the specified service. The argument service-name defines the service. The argument identification identifies the service that is advertised to other servers on the network, and is displayed along with the list of name services on the LAN.
[no] lat service service-name password password
Sets up a required LAT password for the service. The password argument specifies the password.
[no] lat service service-name rating static-rating
Allows the network manager to set a static service rating for the specified service. Otherwise, the terminal server calculates a dynamic rating based on the number of free ports which can handle connections to the service. The argument service-name defines the service. The argument static-rating specifies the static service rating. The rating must be in the range of 1 to 255. The default is to use dynamic rating.
[no] lat service service-name rotary group
Associates a rotary group with a service. When an inbound connection is received for this service, the terminal server establishes a reverse-LAT connection to a terminal in that rotary group. If the rotary option is not set, the connection will be to a virtual terminal session on the terminal server. The argument service-name defines the service. The argument group specifies the rotary group number.
[no] lat vc-timer milliseconds
Sets the time that LAT will wait before sending any traffic. The argument milliseconds specifies the timer value. The default timer value is 80 milliseconds. Smaller values increase the overhead on both the terminal server and the host. Larger values increase the need for terminal server buffering, and can cause noticeable echoing delay; however, increased values can reduce traffic. Retransmissions in environments using slow bridging can be reduced by increasing the value to at least three times the worst-case interval. The no variation returns the default value.
Following is an alphabetically organized summary of the LAT interface subcommands. This command must appear after an interface command within the configuration file.
[no] lat enabled
Enables or disables LAT. By default, LAT is enabled on all Ethernet interfaces on all terminal servers, but is disabled on the terminal server option of the IGS, and on all other interface types.
The LAT line subcommands must appear after a line command within the configuration file.
Restricts incoming and outgoing connections between a particular terminal line or group of lines and the node names in an access list. The argument list is an integer from 1 through 99 that specifies the defined access list. The keyword in controls which nodes can make LAT connections into the terminal server. The keyword out defines the access checks made on outgoing connections. (A user who types a node name at the system prompt to initiate a LAT connection is making an outgoing connection.)
Defines the group lists used for connections from specific lines, and limits the connection choices for an individual line. When a user initiates a connection with a LAT host, the user's line must share a common group number with the remote LAT host before a connection can be made. The argument name defines the group.
This command can also be enabled locally using the EXEC terminal lat out-group command.
|