cc/td/doc/product/software/ssr90
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

LAT Configuration and Management

LAT Configuration and Management

This chapter describes how to configure the DEC Local Area Transport (LAT) transmission protocol on the Cisco terminal servers. You will find the following information in this chapter:

Making LAT connections is described in the chapter "Terminal Server User Commands."

To make these changes, you must be in the privileged configuration mode. To enter configuration mode, type the configure command at the EXEC prompt. You can then enter the commands described in this section. For more information about the configuration mode, see the chapter "System Configuration."

A command summary is included at the end of the chapter.

The Local Area Transport Protocol

DEC's Local Area Transport (LAT) protocol is the protocol used most often to connect to DEC hosts. LAT is a DEC-proprietary protocol. Cisco uses LAT technology licensed from DEC.

The LAT protocol allows a user at one site to establish a connection to a host at another site, then passes the keystrokes from one system to the other. A user can establish a LAT connection through the terminal server to a DEC host, simply by entering the host name.

Unlike the TCP/IP Telnet protocols, the LAT protocols cannot be routed. Because DEC's LAT protocol includes its own transport protocol which runs directly over Ethernet, rather than a standard routing layer, it cannot be passed by a router; refer to Figure 1-1. A bridge or combined bridge and router, such as the Cisco router, must be used to carry LAT traffic across a wide area network. A terminal server can be used to carry LAT traffic over a WAN by first translating LAT to X.25 or Telnet.


Figure 1-1: Comparing LAT and Telnet Protocol Stacks



LAT Services

Resources such as modems, computers, and application software are viewed in a LAT network as services that, potentially, any user in the network may use. LAT services are given a unique name that identifies them on the LAT network. Your Cisco terminal server software creates a dynamic table of known LAT services (collectively called learned services). It collects this information by listening to service advertisement messages, also called service announcements, from LAT nodes. These messages are sent using Ethernet multicast messages, which contain lists of services offered, their rating, and identification.

While the Telnet protocol connects to specific nodes, or hosts, on the network, LAT searches for nodes that offer the service you request. If that service is offered by more than one node, the service with the highest rating is chosen.

The software supports the DEC load balancing and service rating functions that help ensure equitable and efficient service to all users. Load balancing serves to spread the user load evenly among the service nodes. Service ratings are a measure of the ability of service nodes to accept new connections. Service ratings are dynamically determined, but may also be
statically set using the Cisco LAT configuration commands.

LAT Groups

As potentially any user on a LAT network can access any of the services on the network, a LAT server manager uses the concept of group codes to allow or restrict access to the services.

When the group codes on both the terminal server and the LAT host share a common group code, a connection can be established between the two. If the default group codes have not been changed, a user on any terminal server can connect to any learned service on the network.

However, if you define groups for terminal servers and LAT hosts, you can partition these services into logical subnetworks. You can organize the groups so that users on one terminal server view one set of services, and users on another terminal server (or another line on the same server) view a different set.

You may wish to design a plan that correlates group numbers with organizational groups, such as departments. You can define subgroups using the global and line configuration commands described in this chapter. The section "Group Code Syntax," later in this chapter describes how to enter group code lists in the Cisco software commands.

A LAT host node's services cannot be accessed in part; access is granted, per node, on an all-or-none basis.

LAT Sessions and Connection Support

A LAT session is a two-way logical connection between a LAT service and the terminal server. All this is transparent to the user at a console connected to a LAT session; to the user it appears that connection has been made to the desired device or application program.

When a host connects to a terminal server, this is called a host-initiated connection. The terminal server maintains a queue of hosts desiring connection by sending periodic status messages to the requesting host. Connection can be to any type of LAT service. A typical example would be a printer.

It is possible to determine which LAT hosts have queue entries for printers on terminal servers using the EXEC command show entry. Additionally, it is possible for privileged users to delete entries using the clear entry command. (These commands are described more fully in later sections of this chapter.)

Host-initiated connections can also be made to services defined on the terminal server, instead of port numbers. These same services are used for connections from other terminal servers.


Note If a connection request is received which specifies a service and a destination port name, the port name is used to determine the line number for connection purposes. This allows a user to connect to a specified port of the terminal server simply by specifying any service on the server and a port number. (Earlier versions of the terminal server software ignored the service name on inbound connections.)

If a host-initiated connection is received which specifies a destination port number that corresponds to a virtual port on the terminal server, a virtual EXEC process will be created for the user to log in with. This process can be used, in conjunction with the DEC set host/dte command on VMS, to connect to a Cisco terminal server from a VMS host node.

Cisco's Implementation of LAT

Cisco's terminal server software fully supports the DEC LAT protocol suite, and additionally, supports these features:

Configuring LAT

Cisco's LAT protocol is supplied with a default configuration, and does not require additional configuration for you to use it. The software does provide commands for customizing the LAT software for your environment, if desired.

Following are the basic steps for using and configuring LAT on the Cisco terminal server.

Step 1: Create group code lists for advertising available services.

Step 2: Define a group list for outgoing connections, if needed.

Step 3: Define a list of services for inbound session support, if needed.

Step 4: Configure reverse LAT connections, whereby a Cisco terminal server runs the host portion of the LAT protocol.

Additionally, the software provides commands that allow you to set timers for the rate at which messages are sent, and for the wait interval between messages.

The following sections describe how to customize the terminal server for the LAT environment. Descriptions of the EXEC commands to troubleshoot LAT operation follow these sections.

Enabling or Disabling LAT

To enable LAT protocol translation on the IGS, LAT must be explicitly enabled. Use this interface subcommand to do so:

lat enabled
no lat enabled

Use the no variation to disable LAT.

Example 1:

This example enables LAT:

interface ethernet 0 lat enabled
Example 2:

This example disables LAT on the same Ethernet interface:

interface ethernet 0 no lat enabled

Configuring Group Code Lists

This section describes how to configure group code lists used for making outgoing LAT
connections. This section begins with a summary of the group code syntax.

Group Code Syntax

In the DEC LAT protocol, a group code is defined as a decimal number in the range 0 to 255. Some of the Cisco LAT configuration commands take a list of group codes; this is referred to as a group code list. The rules for entering numbers in a group code list follow:

A trailing enabled or disabled keyword can be used in the command line to change an existing list. Examples of this are provided in the sections describing the commands that use these features.

Defining the Group List for Outgoing Connections

You can refine the list of services to which a user may connect. You do this by defining the group code lists used for connections from specific lines using the lat out-group line subcommand. You can use this command to limit the connection choices for an individual line. When a user initiates a connection with a LAT host, the user's line must share a common group number with the remote LAT host before a connection can be made.

The lat out-group line subcommand defines the group list for the line's outgoing user-initiated connections. The command has this syntax:

lat out-group group

Group lists can also be defined with the terminal lat out-group EXEC command. This command is entered at the EXEC prompt instead of after a line command in the configuration file, and makes a local change to the group list. See the chapter "Terminal Server User Commands" for a description of the terminal parameter setting commands.


Note If the host node and terminal server do not share a common group number, the host's services will not display when the user enters one of the show lat commands.
Example 1:

This example defines the services for three sets of lines, 1 through 7, 10 through 17, and 20 through 24:

line 1 7 lat out-group 12 18-23 line 10 17 lat out-group 12 line 20 24 lat out-group 12 18-23 44

Access to systems on the first set of lines is limited to groups 12, and 18 through 23; the second set is limited to group 12; the third set is limited to group codes 12, 18 through 23, and 44. All other lines use the default of group zero.

Example 2:

This examples illustrates how to make a local group list at the EXEC prompt:

TS>terminal lat out-group 14 16-18

Groups 14 and 16 through 18 are set for the local terminal. These settings remain in effect until the EXEC command exit is entered, or until the interval set with the exec-timeout command has passed. The user may only enable groups authorized in the lat out-group line configuration command. This feature is used to limit the list size for the show lat services command.

Specifying Group List Logical Names

Use the lat group-list global configuration command to create group lists. The command allows a name to be assigned to the group list. Specifying a name for a group lists simplifies the task of entering individual group codes. In other words, a name makes it easier to refer to a long list of group code numbers. The command has this syntax:

lat group-list name group [group...] [enabled|disabled]
no lat group-list name [group [group...]] [enabled|disabled]

The argument name specifies the name of the group.

The argument group lists the group numbers. The list can be a single number, a list of numbers separated by spaces, or a range of numbers separated by a hyphen.


Note  You must include the group parameter when entering this command or you will delete the entire named group list.

The optional keyword enabled allows you to easily make incremental changes to the list; that is, you may add a group code without retyping the entire command.

The optional keyword disabled allows you to selectively remove a group code from the list.

The no lat group-list command removes the specified group list. The group list must already exist. To see a list of existing groups, enter the EXEC command show lat groups command at the EXEC prompt.

Example 1:

This example creates the new group named stockroom and defines it to include the group numbers 71 and 99.

lat group-list stockroom 71 99

This can be verified by entering the EXEC command show lat groups, which is explained further in the section "Monitoring LAT."

TS>show lat groups Group Name Len Groups stockroom 13 71 99
Example 2:

The following example adds group code 101 to the group named stockroom:

lat group-list 101 enabled

A show lat groups command will verify that group code 101 has been added.

Example 3:

The following example deletes the group named cafeteria:

no lat group-list cafeteria

This can be verified by entering the EXEC show lat groups command.

Specifying the Groups to be Advertised

The lat service-group global configuration command specifies a group code mask to use when advertising all services for this node. The command has this syntax:

lat service-group {groupname|number|range} [enabled|disabled]
no lat service-group {groupname|number|range} [enabled|disabled]

You can enter a group code name specified by the lat group-list command using the groupname argument. You can enter a group code using the number argument. You can enter more than one group code by listing the numbers, or by listing a hyphenated range of numbers. You can also enter both a group code name and group codes.

The optional keyword enabled allows you to easily make incremental changes to the list, that is, you may add a group name or code without retyping the entire command.

The optional keyword disabled allows you to selectively remove a group name or code from the list.

If no service group is specified by the groupname argument, the terminal server defaults to advertising to group 0.


Note Use this global configuration command to control incoming services.
Example 1:

These commands set groups 100 through 103, then specify engineering as the group code list to advertise:

lat group-list engineering 100-103 lat service-group engineering enabled
Example 2:

This command sets the groups 1, 5, 20 through 36, and 52:

lat service-group 1 5 20-36 52

You can then enter this command to add group 99:

lat service-group 99 enabled
Note  When these commands are written to nonvolatile memory (using the EXEC write memory command), the system looks for an exact match on a group code name. If it finds one, it uses that name in the command. Otherwise, it writes out a list of numbers, using the range syntax whenever possible.

Enabling Inbound Services

Just as LAT services are offered by host computers, they also can be offered by terminal servers. A terminal server implements both the host and server portions of the LAT protocol. This allows connections from either hosts or terminal servers. When a host connects to a terminal server, this is called a host-initiated connection. Collectively, both types of connections are referred to as inbound connections.

The commands described in this section define support for host-initiated connections. This support includes refining the list of services which the terminal server will support. An incoming session may be to either a port or a service. The port name is the terminal line number, as reported by the show users all command. LAT services are defined with the lat service command, described in the following subsections. Each service offers attributes that the system manager can set to customize the LAT services as required for the particular environment. Not all of these attributes are necessary in a particular environment, and in fact, it does not make sense to use all the attributes for the same service.

Setting the LAT Password for a Service

The lat service service-name password global configuration command sets up a LAT password for the service.

lat service service-name password password
no lat service service-name password

The connecting user will be required to enter this password in order to complete the connection.

Use the argument service-name to define the service. Specify the password with the password argument.


Note The password is obtained through the LAT password mechanism; Cisco terminal servers running software release 8.1 or earlier do not support this capability. Any services protected in this manner cannot be connected by a device running 8.1 or earlier software.
Example:

This command specifies service name BLUE and password secret.

lat service BLUE password secret

Setting the LAT Service ID for a Specific Service

The lat service service-name ident global configuration command sets the LAT service identification for the specified service. The full syntax of this command follows:

lat service service-name ident identification
no lat service service-name ident

Use the argument service-name to define the service.

The argument identification is a descriptive name (text only) that identifies the service. The identification is advertised to other servers on the network, and is displayed along with the list of name services on the LAN.

Example:

This command specifies the identification Welcome to Gateway-A on service STELLA.

lat service STELLA ident Welcome to Gateway-A

Specifying a Static Service Rating for a Specific Group

The lat service service-name rating global configuration command allows the network manager to set a static service rating for the specified service. The command syntax is as follows:

lat service service-name rating static-rating
no lat service service-name rating

If this command is not entered, the terminal server calculates a dynamic rating based on the number of free ports which can handle connections to the service. Setting a static rating overrides this calculation and causes the specified value to be used.

Use the argument service-name to define the service.

Use the argument static-rating to specify the static service rating. The rating must be in the range of 1 to 255. The default is to use a dynamic rating.

Example:

This command specifies a service rating of 84 on the service WHEEL:

lat service WHEEL rating 84

Configuring a Rotary Group

Use the lat service service-name rotary global configuration command to associate a rotary group with a service. When an inbound connection is received for this service, the terminal server establishes a reverse-LAT connection to a terminal in that rotary group. The full syntax of the command is as follows:

lat service service-name rotary group
no lat service service-name rotary

If the rotary option is not set, the connection will be to a virtual terminal session on the terminal server.

Use the argument service-name to define the service.

Use the group argument to specify the rotary group number.

Example 1:

This command creates a service called MODEM to establish a rotary group:

lat services MODEM rotary 1
Example 2:

Establish rotary groups using line configuration commands and the rotary line subcommand. To define a service that communicates with a specific line, define a rotary with only that line specified. The following is an example of such a configuration:

hostname ciscots ! Service name for the terminal server as a whole lat service ciscots enable ! Set up some lines with unique service names line 1 rotary 1 lat service ciscots1 rotary 1 lat service ciscopt1 enable ! line 2 rotary 2 lat service ciscots2 rotary 2 lat service ciscots2 enable

Associating a Command with a Specific Service

The lat service service-name autocommand global configuration command associates a command with a service. The command has this syntax:

lat service service-name autocommand command
no lat service service-name autocommand command

When an inbound connection is received for this service, the specified command will automatically be executed instead of the user receiving a virtual terminal session.

Use the argument service-name to define the service.

Use the command argument to specify the command to be associated with the service.

TACACS or port passwords are bypassed for these services; only the LAT password is checked.


Note Do not use this option with the rotary keyword.
Example:

This command associates the command telnet china-cat to the service CHINA-CAT.

lat service CHINA-CAT autocommand telnet china-cat

This command is automatically executed when an inbound connection is received.

Enabling Inbound Connections to a Specific Service

The lat service service-name enabled global configuration command enables inbound connections to the specified service, and enables the advertisement of this service to terminal servers on the network. The command syntax follows:

lat service service-name enabled
no lat service service-name enabled

In the simplest form, this command creates a service which gives connecting users access to a VTY port on the server. Use the argument service-name to define the service.


Note Use the enabled command last when defining a service so that users do not connect to a service before all the parameters are set.

The command no lat service service-name deletes the specified service. However, deleting a service does not disconnect existing connections.

Example:

Enter this command when all configurations for a service are complete:

lat service WHEEL enabled

The above command enables inbound connections to the service WHEEL.

Configuring the Traffic Timers

Use the commands described in the following sections to customize the environment for transmitting LAT messages. Cisco's implementation of LAT allows you to set these features:

The commands in this section affect all LAT connection types.

Setting the Message Retransmit Limit

Use the lat retransmit-limit global configuration command to set the number of times that LAT can retransmit a message before declaring the remote system unreachable. The command has this syntax:

lat retransmit-limit number
no lat retransmit-limit

Set the number of retries with the argument number. The default value is eight retries. The number can be set at any number between 4 and 255 retries.

Assigning larger values to the number of tries increases the robustness of the LAT service at the cost of longer delays when communications are disrupted. As LAT generally retransmits messages once a second, the value is approximately the number of seconds that LAT connections will survive connection disruption.

If you bridge LAT, the retransmission limit should be set to at least 20 tries for LAT sessions to survive a worst-case spanning-tree reconfiguration, because bridging spanning-tree reconfiguration can take up to 15 seconds.

The no lat retransmit-limit command restores the default retry value.

Example:

This command sets the retransmission limit to 30 tries, enough time to sustain the down time incurred when the system must reconfigure a spanning-tree topology:

lat retransmit-limit 30

Setting the Keepalive Timer

The keepalive timer sets the rate that messages are sent, in the absence of actual traffic between the terminal server and the remote node. The server uses keepalive messages to detect when communication with a remote node is disrupted, or when the remote node has crashed. Use the lat ka-timer global configuration command to set the keepalive timer to the specified value. The command has this syntax:

lat ka-timer seconds
no lat ka-timer

Use the argument seconds to set the rate. The default rate is 20 seconds. The no lat ka-timer command restores the default.

Example:

This command resets the keepalive timer to five seconds:

lat ka-timer 5

Setting the Virtual Circuit Timer

The virtual circuit timer sets the time that LAT will wait before sending any traffic. Use the lat vc-timer global configuration command to set the virtual-circuit timer to the specified value. The command has this syntax:

lat vc-timer milliseconds
no lat vc-timer

Use the argument milliseconds to specify the timer value. The default timer value is 80 milliseconds. Smaller values increase the overhead on both the terminal server and the host. However, you can use smaller values to correct buffer overflows, which happens when the terminal server receives more data than it can buffer during a virtual circuit timer interval.

Larger values increase the need for terminal server buffering, and can cause noticeable echoing delay. However, increased values can reduce traffic. In environments with slow bridging, retransmissions can be reduced if you increase the value to at least three times the worst-case, round-trip interval.

The no lat vc-timer command returns the default value.

Example:

The following example sets the virtual circuit timer to ten milliseconds.

lat vc-timer 10

Configuring LAT Access Lists

Since LAT groups were not intended to implement security or access control, the terminal server software provides access lists to provide these functions. An access list is a sequential collection of permit and deny conditions that serve to restrict access to or from LAT nodes on a specific terminal line. Each access list statement defines a permit or deny condition and a matching criterion for the node name. When a LAT connection is attempted (either incoming or outgoing), the node name of the destination service (not the service name) is compared against the regular expression. If they match, the connection is permitted or denied as specified by the access list command.

Specifying Access Conditions

To specify an access condition, use the lat access-list global configuration command. The full syntax of this command follows.

lat access-list number {permit|deny} regular-expression
no lat access-list
number

The argument number is a number between 1 and 99 you assign to the line using the access-class line subcommand. See the upcoming section "Restricting Terminal Connections" for examples of command use.

The keyword permit allows matching node names to access the line. The keyword deny denies access to any matching node name.

The node name follows the permit or deny keyword. The argument regular-expression is the name of the LAT node, with or without regular expression pattern matching characters, with which to compare for access. The UNIX-style regular expression characters allow for pattern matching of characters and character strings in the node name.

When both IP and LAT connections are allowed from a terminal line, and an IP access list is applied to that line with the access-class line subcommand, you also must create a LAT access list numbered the same if you want to allow any LAT connections from that terminal. This is because you can specify only one incoming and one outgoing access list number for each terminal line, and when checking LAT access lists, if the list specified does not exist, the system denies all LAT connections.


Note Regular expressions are case-sensitive. As LAT node names are always in all capital letters, care should be taken that only all capital letter regular expressions are used.

See the section "Examples of LAT Access Lists" for an example of command use.

See Table 1-1 and Table 1-2 for a summary of pattern and character matching symbols and their use. A more complete description of the pattern matching characters is found in the appendix "Pattern Matching."


Pattern Matching
Character Description
\0 Replaces entire original address.
\1..9 Replaces the strings that match the first through the ninth parenthesized part of X.121 address.
* Matches 0 or more sequences of the regular expressions.
+ Matches 1 or more sequences of the regular expressions.
? Matches the regular expression of the null string.

Character Matching
Character Description
^ Matches the null string at the beginning of the input string.
$ Matches the null string at the end of the input string.
\char Matches char.
. Matches any single character.

Restricting Terminal Connections

To restrict incoming and outgoing connections between a particular terminal line or group of lines and the node names in an access list, use the access-class line subcommand:

access-class list {in|out}

The argument list is an integer from 1 through 99 that specifies the defined access list. Use the keyword in to control which nodes may make LAT connections into the terminal server.

Use the keyword out to define the access checks made on outgoing connections. (A user who types a node name at the system prompt to initiate a LAT connection is making an outgoing connection.)

See the upcoming section "Examples of LAT Access Lists" for an example of command use.


Note The value supplied for the list argument in both variations of the access-class commands is used for all protocols supported by the terminal server. If you are already using an IP access list, it will be necessary to define LAT (and possibly X.25) access lists permitting connections to everything, to emulate the behavior of previous software versions. See Example 2 in the section "Examples of LAT Access Lists" for an example of such a configuration.

Examples of LAT Access Lists

Example 1:

The following is an extensive example illustrating incoming permit conditions for all IP hosts and LAT nodes with specific characters in their names and a deny condition for X.25 connections to a printer. Outgoing connections, however, are less restricted.

! Permit all IP hosts, LAT nodes beginning with "VMS" and no X.25 ! connections to the printer on line 5 ! access-list 1 permit 0.0.0.0 255.255.255.255 lat access-list 1 permit ^VMS.* x29 access-list 1 deny .* ! line 5 access-class 1 in ! ! Meanwhile, permit outgoing connections to various places on all the ! other lines. ! ! Permit IP access within cisco access-list 2 permit 131.108.0.0 0.0.255.255 ! ! Permit LAT access to the Stella/blue complexes. lat access-list 2 permit ^STELLA$ lat access-list 2 permit ^BLUE$ ! ! Permit X25 connections to infonet hosts only. x29 access-list 2 permit ^31370 ! line 0 99 access-class 2 out
Example 2:

This example illustrates how to define access lists that permit all connections, thereby
conforming to previous software behavior. See the previous note for more information.

access-list 1 permit 131.108.0.0 0.0.255.255 access-list 1 permit 150.136.0.0 0.0.255.255 ! line 1 40 access-class 1 out ! define LAT access list that permits all connections lat access-list 1 permit .*

LAT Configuration Examples

This section lists configuration examples that illustrate use of the commands described in this chapter.

Establishing Basic Service

These commands establish basic LAT service for the service group named WHEEL.

! Establish line connections line 1 7 lat out-group 12 18-23 ! ! Establish list of group codes and service groups lat group-list HUBS 12 18-23 lat service-group HUBS enabled ! ! Establish inbound session support lat service WHEEL password secret lat service WHEEL ident Welcome to the Machine lat service WHEEL autocommand telnet wheel lat service WHEEL enabled ! ! Set the timers lat retransmit-limit 30 lat ka-timer 5

Configuring LAT Rotary Groups

The following example illustrates how to configure a range of lines for rotary connections, then establishes the LAT service Modems for rotary connection.

! Establish rotary groups line 3 7 rotary 1 ! ! Establish modem rotary service ! lat service Modems rotary 1 lat service Modems enabled

See the section "Connections to One or More Lines (Rotary Group)" in the chapter "System Configuration" for more information about rotary groups.

Maintaining LAT

Maintaining LAT is a simple task. Cisco provides the following EXEC command to delete an entry from the queue.

clear entry number

The clear entry command deletes a pending entry. The argument number is an entry number obtained from the show entry EXEC command.

Monitoring LAT

Use the EXEC show commands described in this section to obtain displays of LAT activity.

Displaying Queued Requests

The EXEC command show entry displays the list of queued host-initiated connections. Enter this command at the EXEC prompt:

show entry

Example output follows:

1 waiting 0:02:22 for port 5 from LAT node BLUE 2 waiting 0:00:32 for port 5 from LAT node STELLA

In this sample, two LAT connections are waiting for access to port 5. The list is ordered so that the lower numbered entry has been waiting longer, and will get to use the line next. The display shows how long each connection attempt has been waiting, the port for which the connection is waiting, and the name of the user trying to make the connection.

Displaying Advertised Services

The EXEC command show lat advertised shows all of the LAT services which a terminal server offers to other systems running LAT on the network. Enter this command at the EXEC prompt:

show lat advertised

Advertised services are created with the lat service configuration commands. The display includes the service rating, rotary group, if present, and whether or not the service is enabled for incoming connections.Table 1-3 lists LAT advertised services display fields.

The following is the screen output from a terminal server, RECLUSE, which has three services defined: CHINA-CAT, MODEMS, and RECLUSE:

Service Name Rating Rotary Flags CHINA-CAT 4(Dynamic) None Enabled Autocommand: telnet china-cat MODEMS 0(Dynamic) 12 Enabled Ident: SpaceBlazer modem services RECLUSE 4(Dynamic) None Enabled Ident: white recluse...

Table 1-3 explains the fields in the display.


LAT Advertised Services Display Field Descriptions
Field Description
Service Name Lists the LAT service name.
Rating Lists the static service rating set, if any.
Rotary Lists the associated rotary service.
Flags Lists whether or not a service is enabled.
Autocommand Defines the autocommand associated with the service.
Ident Lists the advertised identification for the service.

Displaying Defined Group Names

The EXEC command show lat groups displays the groups that were defined with the lat group-list configuration command. Enter this command at the EXEC prompt:

show lat groups

The following sample output displays the named LAT groups and the numbered group lists that define them.

Group Name Len Groups cafeteria 3 13 15 23 engineering 7 55 manufacturing 10 70 71 72

Table 1-4 explains the fields shown in the display.


LAT Defined Group Names Display Field Descriptions
Field Description
Group Name Assigned group name.
Len Size of internal data structure used to contain the group code map.
Groups Contains the list of group codes associated with the learned group.

Displaying Remote Node Status

The EXEC command show lat nodes displays information about all known LAT nodes. Enter this command at the EXEC prompt:

show lat nodes

The following sample displays information about LAT nodes TS and Eng2.

Node "TS", Address 0207.0102.3302, usage 0 Timer 69, sequence 5, changes 139, flags 0x0, protocol 5.1 Recv 0/0/0, Xmit 0/0/0, 0 Dups, 0 ReXmit Groups: 0 Node "ENG2", Address AA00.0402.64DC, usage 0 Timer 139, sequence 103, changes 0, flags 0x0, protocol 5.1 Recv 105/65/1072, Xmit 84/68/121, 0 Dups, 0 ReXmit Groups: 0

Table 1-5 explains the fields shown in the display


LAT Remote Node Status Display Field Descriptions
Field Description
Node The node name as reported by the host computer.
Address The MAC address of the node's Ethernet interface.
Ident The node identification when a node identification is set.
usage The number of virtual circuits currently active to this node.
Timer The number of seconds remaining until this nodes service advertisement message will time-out; this value is set to three times the nodes multicast timer value whenever a new service advertisement message is received.
sequence The sequence number received in the last service advertisement message received. Nodes increment their sequence number when the contents of the service advertisement change.
changes The internal representation of what changed in the multicast message the last time the sequence number changed.
flags The internal representation of various state information about the node.
protocol The LAT protocol version used by the node.
Recv and Xmit The number of messages, slots, and bytes received or transmitted to the node. The number of messages is the number of LAT virtual circuit messages. Each virtual circuit message contains some number of slots, which contain actual terminal data or control information. Bytes is the number of data bytes (input or output characters) exchanged.
Dups The number of duplicate virtual circuit messages received.
ReXmit The number of virtual circuit messages retransmitted.
Groups: The list of group codes advertised by the node's service advertisement message.

Displaying the Learned Services

The EXEC command show lat services shows the LAT learned services. Enter this command at the EXEC prompt:

show lat services

The following sample output displays the LAT learned services.

Service Name Rating Interface Node (Address) ABCDEFGHIJ 5 Ethernet0 CONFUSED (0000.0c00.391f) GLAD 84 Ethernet0 BLUE (aa00.0400.9205) Ident: Welcome to Big Blue Gateway WHEEL 83 Ethernet0 WHEEL (aa00.0400.9005) ZXYW 5 Ethernet0 CONFUSED (0000.0c00.391f)

Table 1-6 explains the fields shown in the display.


LAT Learned Services Display Field Descriptions
Field Description
Service Name Lists the LAT service name.
Rating Lists the rating of the service. If a single service is provided by more than one host, the terminal server will connect to the one with the highest rating.
Flags Indicates the state of the service.
Node Lists the connection address.
(address) Lists the advertised identification for the service.

Displaying Session Status

The EXEC command show lat sessions displays active LAT sessions. Enter the following at the EXEC prompt:

show lat sessions [line-number]

Use the optional argument line-number to show a single line.

The first of the following two sample outputs displays information about all active LAT sessions. The second example displays information about LAT sessions on one line only. A discussion of the screen output follows the two examples.

TS#show lat sessions tty0, connection 1 to service TERM1 TTY data: Name "0", Local usage 1/0, Remote usage disabled Flags: Local Connects, Enabled Type flags: none Config flags: -FlowOut, -FlowIn, Parameter Info Flow control ^S/^Q in ^S/^Q out, Mode Normal, Parity None, databits 8 Groups: 0 Session data: Name TERM1, Remote Id 1, Local Id 1 Remote credits 2, Local credits 0, Advertised Credits 2 Flags: none Max Data Slot 255, Max Attn Slot 255, Stop Reason 0 Remote Node data: Node "TERM1", Address 0000.0C00.291F, usage 1 Timer 59, sequence 5, changes 159, flags 0x0, protocol 5.1 Recv 56/22/83, Xmit 41/23/14, 0 Dups, 0 ReXmit Groups: 0 tty10, connection 1 to service ENG2 TTY data: Name "10", Local usage 1/0, Remote usage disabled Flags: Local Connects, Enabled Type flags: none Config flags: -FlowOut, +FlowIn, Set Parameters, 0x40000000 Flow control ^S/^Q in ^S/^Q out, Mode Normal, Parity None, databits 8 Groups: 0 Session data: Name ENG2, Remote Id 1, Local Id 1 Remote credits 1, Local credits 0, Advertised Credits 2 Flags: none Max Data Slot 255, Max Attn Slot 255, Stop Reason 0 Remote Node data: Node "ENG2", Address AA00.0400.34DC, usage 1 Timer 179, sequence 60, changes 255, flags 0x0, protocol 5.1 Recv 58/29/186, Xmit 50/36/21, 0 Dups, 0 ReXmit Groups: 0

The following sample output displays information about active LAT sessions on one line, line 10.

TS#show lat sessions 10 tty10, connection 1 to service ENG2 TTY data: Name "10", Local usage 1/0, Remote usage disabled Flags: Local Connects, Enabled Type flags: none Config flags: -FlowOut, +FlowIn, Set Parameters, 0x40000000 Flow control ^S/^Q in ^S/^Q out, Mode Normal, Parity None, databits 8 Groups: 0 Session data: Name ENG2, Remote Id 1, Local Id 1 Remote credits 1, Local credits 0, Advertised Credits 2 Flags: none Max Data Slot 255, Max Attn Slot 255, Stop Reason 0 Remote Node data: Node "ENG2", Address AA00.0400.34DC, usage 1 Timer 189, sequence 61, changes 247, flags 0x0, protocol 5.1 Recv 60/29/186, Xmit 52/36/21, 0 Dups, 0 ReXmit Groups: 0

Table 1-7 describes the screen output for the preceding two examples. The output is divided into three sections: tty data, sessions data, and remote node data. Where information on more than one session appears, there is a group of three sections for each session, preceded by a line identifying the session.


LAT Session Status Display Field Descriptions
Field Description
TTY data: Reports a summary of the LAT-oriented terminal-line specific data.
   Name Name used for this port as a port identification string. This is reported to remote systems, which may display it in some operating-system dependent manner. This is also the value used for targets of host-initiated connections. Currently, this value is hard-wired to be the line number of the associated terminal line.
   Local usage
   Remote usage
Indicate the current status of the terminal. The number is reported as current/maximum, where current is the current number of sessions of a given type, and maximum is the maximum number of sessions allowed, or zero if there is no maximum. If a terminal is being used for outgoing sessions, the local usage will be equal to the number of current LAT sessions. If the terminal is being used for incoming sessions, local usage will be disabled, and the remote count and maximum will be one.
   Flags Indicate the current state of the line, and whether there are currently any queued host-initiated connections.
   Type flags Report flags which are not currently used in this software release.
   Config flags Indicate the current port state as reflected by the most recent configuration message exchange.
   Flow control Lists set flow control characters.
   Groups: Report the group code list currently in use for the line.
Session data: Reports various parameters about the connection.
   Name For outbound connections: Indicates the name of the remote service to which it is connected. For inbound connections, this field is currently unused.
   Remote/Local ID Report the slot IDs being used to uniquely identify the session multiplexed over the underlying LAT virtual circuit.
   Remote/Local credits The number of flow control credits which the terminal server will be sending to the host as soon as possible. The advertised credits are the number of credits which have already been extended.
   Flags Indicate transient conditions in the LAT state machine dealing with the current connection status.
   Max data slot Maximum number of characters which may be sent in a single data slot.
   Max Attn Slot The maximum amount of data which may be sent in an attention message. As current LAT implementations only send one-byte attention messages (attention messages are used to flush buffered output), a nonzero value means that remote data flushing can be used, a zero means that it can't.
   Stop Reason The reason that the session was stopped, if it has been stopped but not deleted. This value is usually zero, indicating that the session has not been stopped yet. If a session persists for a long period of time with a nonzero stop reason, this generally indicates a problem in the local LAT software.
Remote Node data: Reports information about the remote node. The data includes the same fields as those from the show lat nodes output.

Displaying Traffic Statistics

The EXEC command show lat traffic reports traffic and resource utilization statistics kept by the terminal server. Enter this command at the EXEC prompt:

show lat traffic

The report includes LAT packet statistics and current parameter settings.

The following example shows the LAT traffic on all active lines for this terminal server.

Local host statistics: 0/100 circuits, 0/500 sessions, 1/500 services 100 sessions/circuit, circuit timer 80, keep-alive timer 5 Recv: 335535 messages (2478 duplicates), 161722 slots, 1950146 bytes 0 bad circuit messages, 3458 service messages (52 used) Xmit: 182376 messages (2761 retransmit), 146490 slots, 36085 bytes 1 circuit timeouts Total: 23 circuits created, 38 sessions
LAT Traffic Statistics Display Field Descriptions
Field Description
Local host statistics: Displays information about the terminal server.
   circuits Displays the current number and maximum support number of virtual circuits.
   sessions Displays the current and maximum number of sessions.
   services Displays the current number of known remote services, and the maximum supported.
   sessions/circuit Displays the number of sessions per virtual circuit supported by the software.
   circuit timer Displays the value of the virtual circuit timer parameter defined by the lat vc-timer global configuration command.
   keep-alive timer Displays the value defined by the lat ka-timer global configuration command.
Recv: Displays statistics about local node receive totals.
   messages Displays the total count of virtual circuit messages received.
   duplicates Displays the number of duplicate virtual circuit messages received.
   slots Displays the number of slots received.
   bytes Displays the actual number of data bytes received.
   bad circuit messages Displays the count of invalid messages received.
   service messages Displays the number of service advertisement multicast messages received.
   used Displays the number of multicast messages that caused the local node information to be updated.
Xmit: Displays various transmission totals.
   messages Displays the total number of virtual circuit messages transmitted.
   retransmit Displays the number of virtual circuit messages retransmitted due to the lack of an acknowledgment.
   slots Displays the number of data and control slots transmitted.
   bytes Displays the actual count of user data bytes transmitted.
   circuit timeouts Displays the count of times that a virtual circuit timed-out because the remote node stopped responding (due to a node failure or communications failure).
Total: Displays the count of virtual circuits and sessions that have existed since the terminal server booted or rebooted.

Debugging LAT

The EXEC debug commands described in this section are used to troubleshoot LAT sessions. Generally, you enter these commands during troubleshooting sessions with Cisco Customer Engineers.

For each debug command, there is a corresponding undebug command that turns the display off.

debug entry

The EXEC command debug entry displays debugging messages for incoming queue entries.

debug lat

The EXEC command debug lat turns on debugging messages for LAT-related significant events. Events dealing with LAT control messages are logged to the console terminal and to any logging monitor.

The following shows screen output from high-level LAT event debugging.

LAT event debugging is on TS# Sending Start slot LAT23: Connection complete. LAT23: DataB: -FlowOut +FlowIn Set, OutFlow ^S/^Q, InFlow ^S/^Q *Parity 48 *Mode 0 *Speed 9600/9600 LAT: Host Initiated connection from ENG2 to :3 LAT3: created new inbound session Sending Start slot LAT3: Connection complete. LAT3: Session stopped, code 5, reason 0 LAT23: DataB: -FlowOut +FlowIn Set, OutFlow ^S/^Q, InFlow ^S/^Q *Parity 48 *Mode 0 *Speed 9600/9600

In the preceding example, while debugging is in progress a user logs onto a remote computer system, and a host-initiated connection is received from the remote system ENG2. The DataB messages shown reflect the remote system setting of local port parameters.

debug lat-packet

The EXEC command debug lat-packet turns on more verbose LAT debugging. Packet-level debugging is enabled. For each datagram (packet) received or transmitted, a message is logged to the console.

The following shows screen output from packet-level debugging.


Note These commands severely impact LAT performance and are intended for troubleshooting use only.
LAT packet debugging is on TS# LAT: O dst=AA00.0400.64DC, type= 2, len= 8, next 0 share 1 LAT: I src=AA00.0400.64DC, dst=0207.0104.3302, type=0 LAT: O dst=0900.2B00.000F, type= 28, len= 402C, next 0 share 1 LAT: I src=0207.0104.3302, dst=0900.2B00.000F, type=28 LAT: O dst=AA00.0400.64DC, type= 2, len= E, next 0 share 1 LAT: I src=AA00.0400.64DC, dst=0207.0104.3302, type=1 LAT SLOT: src 1, dst 1, len 1, code 1 (Data-A) LAT: O dst=AA00.0400.64DC, type= 2, len= E, next 0 share 1 LAT: I src=AA00.0400.64DC, dst=0207.0104.3302, type=1 . . . LAT: O dst=0900.2B00.000F, type= 28, len= 402C, next 0 share 1 LAT: I src=0207.0104.3302, dst=0900.2B00.000F, type=28 LAT: O dst=AA00.0400.64DC, type= 2, len= 8, next 0 share 1g LAT: I src=AA00.0400.64DC, dst=0207.0104.3302, type=0 all

LAT Global Configuration Command Summary

Following is an alphabetically organized summary of the LAT global configuration commands. These commands may appear any place within the configuration file.

[no] lat access-list number {permit|deny} regular-expression

Specifies an access condition. The argument number is a number between 1 and 99 assigned to the line using the access-class line subcommand. The keyword permit allows matching node names to access the line. The keyword deny denies access to any matching node name. The node name follows the permit or deny keyword. The argument regular-expression is the name of the LAT node, with or without regular expression pattern matching characters, with which to compare for access. The UNIX-style regular expression characters allow for pattern matching of characters and character strings in the node name. Use the no lat access-list command with the list number to remove the entry.

[no] lat group-list name group [group...] [enabled|disabled]

Creates group lists that are associated with a name to simplify the task of entering
individual group codes. The argument name specifies the name of the group. The argument group lists the group numbers. The list can be a single number, a list of numbers separated by spaces, or a range of numbers separated by a hyphen.

The optional keyword enabled allows you to add a group code without retyping the entire command.

The optional keyword disabled allows selective removal of a group code from the list.


Note You must include the group parameter when entering this command or you will delete the entire named group list.

[no] lat ka-timer seconds

Sets the keepalive timer to the specified value. The argument seconds sets the rate. The default rate is 20 seconds.

[no] lat retransmit-limit number

Sets the number of times that LAT retransmits a message before declaring the remote system unreachable. The argument number sets the number of retries. The default value is eight retries. The number can be set at any number between 4 and 255 retries.

[no] lat service-group {groupname|number|range} [enabled|disabled]

Specifies a group code mask to use when advertising all services for this node. Use the groupname argument to enter the group code name specified by the lat group-list global configuration command. Use the number argument to enter the group code. Enter more than one group code by listing the numbers, or by listing a hyphenated range of numbers, or by entering both a group code name and group codes.

The optional keyword enabled allows adding a group name or code without retyping the entire command.

The optional keyword disabled allows selective removal of a group name or code from the list.

If no service group is specified by the groupname argument, the terminal server defaults to advertising to group 0.

[no] lat service service-name autocommand command

Associates a command with a service.When an inbound connection is received for this service, the specified command will automatically be executed instead of the user receiving a virtual terminal session. The argument service-name defines the service. The argument command specifies the command to be associated with the service.


Note Do not use this option with the rotary option. TACACS or port passwords are bypassed for these services; only the LAT password is checked.

[no] lat service service-name enabled

Enter this command as the last entry to enable inbound connections to the specified service, and enable the advertisement of this service to terminal servers on the network. The command creates a service which gives connecting users access to a VTY port on the server. The argument service-name defines the service. The no lat service command deletes the specified service; however, deleting a service does not disconnect existing connections.

[no] lat service service-name ident identification

Sets the LAT service identification for the specified service. The argument service-name defines the service. The argument identification identifies the service that is advertised to other servers on the network, and is displayed along with the list of name services on the LAN.

[no] lat service service-name password password

Sets up a required LAT password for the service. The password argument specifies the password.


Note The password is obtained through the LAT password mechanism; Cisco terminal servers running software release 8.1 or earlier do not support this capability. Any services protected in this manner cannot be connected by a device running 8.1 or earlier software.

[no] lat service service-name rating static-rating

Allows the network manager to set a static service rating for the specified service. Otherwise, the terminal server calculates a dynamic rating based on the number of free ports which can handle connections to the service. The argument service-name defines the service. The argument static-rating specifies the static service rating. The rating must be in the range of 1 to 255. The default is to use dynamic rating.

[no] lat service service-name rotary group

Associates a rotary group with a service. When an inbound connection is received for this service, the terminal server establishes a reverse-LAT connection to a terminal in that rotary group. If the rotary option is not set, the connection will be to a virtual terminal session on the terminal server. The argument service-name defines the service. The argument group specifies the rotary group number.

[no] lat vc-timer milliseconds

Sets the time that LAT will wait before sending any traffic. The argument milliseconds specifies the timer value. The default timer value is 80 milliseconds. Smaller values increase the overhead on both the terminal server and the host. Larger values increase the need for terminal server buffering, and can cause noticeable echoing delay; however, increased values can reduce traffic. Retransmissions in environments using slow bridging can be reduced by increasing the value to at least three times the worst-case interval. The no variation returns the default value.

LAT Interface Subcommand Summary

Following is an alphabetically organized summary of the LAT interface subcommands. This command must appear after an interface command within the configuration file.

[no] lat enabled

Enables or disables LAT. By default, LAT is enabled on all Ethernet interfaces on all terminal servers, but is disabled on the terminal server option of the IGS, and on all other interface types.

LAT Line Subcommand Summary

The LAT line subcommands must appear after a line command within the configuration file.

access-class list {in|out}

Restricts incoming and outgoing connections between a particular terminal line or group of lines and the node names in an access list. The argument list is an integer from 1 through 99 that specifies the defined access list. The keyword in controls which nodes can make LAT connections into the terminal server. The keyword out defines the access checks made on outgoing connections. (A user who types a node name at the system prompt to initiate a LAT connection is making an outgoing connection.)

lat out-group group

Defines the group lists used for connections from specific lines, and limits the connection choices for an individual line. When a user initiates a connection with a LAT host, the user's line must share a common group number with the remote LAT host before a connection can be made. The argument name defines the group.

This command can also be enabled locally using the EXEC terminal lat out-group command.

hometocprevnextglossaryfeedbacksearchhelp
Copyright 1989-1997 © Cisco Systems Inc.