Software Release 921 Communication Server Addendum for
AppeTaHk Remote Access
Software Release 9.21
Corporate Headquarters P.O Box 3075
1525 OBrien Drive
Menlo Park CA 94026
415 326-1941
800 553-NETS
Customer Order Number DOC-ARAPADCS9212
Cisco Document Assembly Number 83-0143-01
Text Part Number 78-1304-01 The products and specifications configurations and other technical information regarding the products contained in this manual are subject to change
without notice All statements technical information and recommendations contained in this manual are believed to be accurate and reliable but are
without of kind or and users must take full for their of in this presented warranty any express implied responsibility application any products specified manual
states not allow limitation or exclusion of for or incidental limitation warranties Some do liability consequential damages or on how long implied last so
the above limitations or exclusions not to This Customers that may apply you warranty gives specific legal rights and you may also have other rights vary
from state to state
This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause
interference to radio communications This has been tested and found to with limits device equipment comply the for Class computing pursuant to
of Part 15 of FCC which to reasonable Subpart Rules are designed provide protection against such interference when operated in commercial
environment of this in residential is to in Operation equipment area likely cause interference which case the user at his own expense will be required to
take whatever measures may be required to correct the interference
The third software be included with and will be following party may your product subject to the software license agreement
The Cisco of TCP header is implementation compression an adaptation of program developed by the University of California Berkeley UCB as part of domain version of the UNtX All UCBs public operating system rights reserved Copyright 1981 Regents of the University of California
Network Time Protocol David NTP Copyright 1992 Mills The University of Delaware makes no representations about the suitability of this
software for any purpose
Point-to-Point Protocol Copyright 1989 Carnegie Mellon University All rights reserved The name of the University may not be used to endorse or derived from this without promote products software specific prior written permission
The Cisco implementation of TN3270 is an adaptation of the tn3270 curses and termcsp programs developed by the University of California Berkeley of UCB as part UCBs public domain version of the UNtX operating system All rights reserved Copyright 1981-1988 Regents of the University of
California
XRemote isa trademark of Network Computing Devices Inc Copyright 1989 Network Computing Devices Inc Mountain View California N.CD
makes no representations about the suitability of this software for any purpose
The Window System is trademark of the Massachusetts Institute of Technology Copyright 1987 by Digital Equipment Corporation Maynard
Massachusetts and the Massachusetts Institute of Technology Cambridge Massachusetts All rights reserved
THIS MANUAL CISCOS SOFTWARE AND THE SOFTWARE OF THE ABOVE-LISTED SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES EXPRESSED OR IMPLIED INCLUDING THOSE OF MERCHANTABILITY AND FITNESS FOR PARTICULAR PURPOSE OR ARISING FROM COURSE OF DEALING USAGE OR TRADE PRACTICE
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT SPECIAL CONSEQUENTIAL OR INCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL EVEN IF CISCO HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
Notice of Restricted Rights
Use or disclosure the Government is to restrictions as set forth in of Commercial Software duplication by subject subparagraph the Computer
Restricted clause at FAR and of the in Technical clause DFARS Rights 52.227-19 subparagraph c1ii Rights Data and Computer Software at 252.227-
7013 The information in this manual is subject to change without notice
Access Without Compromise Catalyst CiscoWorks CiscoFusion Internetwork Operating System lOS Netscape The Packet SMARTneI UniverCD
Workgroup Director and Workgroup Stack are trademarks and Cisco Systems and the Cisco logo are registered trademarks of Cisco Systems Inc All other
or services mentioned in this document are the service service marks of their products trademarks marks registered trademarks or registered respective owners
Conununicailon SermerAddendumforAppleTalk Remote Access
Copyright 1993 1994 Cisco Systems Inc
All rights reserved Printed in USA SOFTWARE LICENSE
READ CAREFULLY BEFORE USING THIS SOFTWARE LICENSE AGREEMENT
PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SOFTWARE BY USING THE SOFTWARE OF CISCO SYSTEMS INC AND ITS SUPPLIERS AS NAMED FROM TIME TO TIME YOU AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS LICENSE IF YOU DO NOT AGREE WITH THE TERMS OF THIS LICENSE PROMPTLY RETURN THE UNUSED SOFTWARE MANUAL AND RELATED EQUIPMENT WITH PROOF OF PAYMENT TO THE PLACE OF PURCHASE FOR FULL REFUND
Cisco Systems Inc Cisco grants to Customer Cuslomer nonexciusive and nonlransferable license to use the Cisco software Software in object code form solely on single central processing unit owned or leased by Customer or otherwise embedded in equipment provide by Cisco Customer may make one archival of the software Customer affixes to sucb all notices that the copy provided copy copyright confidentiality and proprietary appear on original
Except as expressly authorized above CUSTOMER SHALL NOT COPY IN WHOLE OR IN PART SOFTWARE OR DOCUMENTATION MODIFY THE SOFTWARE REVERSE COMPILE OR REVERSE ASSEMBLE ALL OR ANY PORTION OF THE SOFTWARE OR RENT LEASE DISTRIBUTE SELL OR CREATE DERIVATIVE WORKS OF THE SOFTWARE
Customer that of the licensed the agrees aspects materials including specific design and structure of individual programs constitute trade secrets and/or
material of Cisco Customer not to otherwise copyrighted agrees disclose provide or make available such trade secrets or copyrighted material in any form to third without the Cisco any party prior consent of Customer agrees to implement reasonable security measures to protect such trade secrets and
material Title to Software and documentation shall remain with Cisco copyrighted solely
LIMITED WARRANTY Cisco warrants that the Software will substantially conform to the published specifications for such Software if used properly in accordance with the of Documentation for period ninety 90 days from the date of shipment To be eligible for remedy Customer must report all warranted problems within the warranty period to the party which supplied the Product to Customer or to the Cisco Service Partner if the Software was
under the multinational exported uplift program Ciscos sole and exclusive obligation and Customers exclusive remedy with respect to nonconforming
Software upon contact will be at Ciscos option and potentially through the Sales or Service Partner either to provide correction or workaround for any reproducible errors or ii to refund to Customer the license fee for the Software in the event that license fee was paid and the other remedy is not available or if the license fee was zero refund the price of the hardware less depreciation calculated on straight-line basis Customer agrees that it will
with Cisco or its Sales or Service Partner in the environment iii which the error occurred Customer to cooperate creating Further agrees supply any
necessary equipment for such tests
This Limited Warranty does not apply to Software which has been altered except as authorized by Cisco has not been installed operated repaired or maintained in accordance with any instaliation handling maintenance or operating instructions supplied by Cisco has been subjected to unusual physical or electrical stress misuse negligence or accident is used in ultra hazardous activities has been used in such way that Cisco or its Sales
Partner cannot the Software has been from the of destination without of an or reasonably reproduce error exported original country payment uplift has been In no event does Cisco warrant that the Software is error free or that Customer will be able to its networks without misapplied operate problems or interruptions
THIS WARRANTY IS IN LIEU OF AND CISCO DISCLAIMS ALL OTHER WARRANTIES EITHER EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR PARTICULAR PURPOSE
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT SPECIAL CONSEQUENTIAL OR INCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR
INABILITY TO USE THIS CISCO SOFTWARE EVEN IF CISCO HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES SOME STATES DO NOT ALLOW LIMITATION OR EXCLUSION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES OR LIMITATION ON HOW LONG IMPLIED WARRANTIES LAST SO THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO CUSTOMER
Customer will with all laws and if it the This restriction survive termination of this comply applicable export regulations exports products shall Agreement
This License is effective until terminated Customer terminate this License at time the with all thereof may any by destroying software together copies
Cisco terminate this License if the Customer fails to with term termination of this may immediately comply any or condition hereof Upon any License
Customer shall discontinue use of the Software and shall destroy all copies of the software
This License shall be and construed in accordance with the laws of the of be void governed by State California If any portion hereof is found to or unenforceable the remaining provisions of this License shall remain in full force and effect This License constitutes the entire License between the parties with respect to the use of the Software
Restricted Ciscos software and documentation with RESTRICTED disclosure the Rights supporting are provided RIGHTS Use duplication or by
Government is to the restrictions as set forth in of the Commercial FAR 52.227- subject subparagraph Computer Software Restricted Rights clause at
19 and of The in Technical Data and Software clause subparagraph clii Rights Computer at DFARS 52.227-7013 HARDWARE WARRANTY
Performance Warranty Cisco warrants to Customer for period of ninety 90 days from the shipping date that Hardware purchased under this Agreement will be free from hardware defects in material and To be for must all warranted within the workmanship eligible remedy Customer report problems
warranty period to the party which supplied the Product to Customer or to the Cisco Service Partner if the Hardware was exported under the multinational uplift program
Hardware Remedies In the event of warranted problem with respect to the Hardware Customer must contact the place it acquired the Hardware or the
Cisco Service Partner if the Hardware to the multinational after it becomes aware of the defect was exported pursuant uplift program as soon as possible
Cisco the Sales Service will for recommended list or or Partner as appropriate supply replacement parts the products listed in Ciscos spares Replacement
will be within five after of Customers Cisco its Sales Service Partner will bear the cost for parts shipped workiisg days receipt request or or shipment
of advance replacements to Customer Customer must retum all defective boards and assemblies prior to installation of the replacement hoards and
assemblies to Cisco or the Sales or Service Partner in accordance with the then current RMA procedures Ciscos sole and exclusive obligation with respect
defective Hardware Ciscos and Sales Service if service as to will be at option through or Partner necessary to either provide advance replacement described the Product with Product that does not contain the for the Hardware less above ii replace defect or iiirefund the price paid depreciation calculated on straight-line basis
Exclusions The above Product which has been has not been warranty does not appiy to any altered except as authorized by Cisco installed operated repaired or maintained in accordance with any installation handling maintenance or operating instructions supplied by Cisco has been subjected to
electrical is used in ultra hazardous used in such that Cisco unusual physical or stress misuse negligence or accident activities has beeis way
In event cannot reasonably reproduce the Software error or has been exported from the original country of destination without payment of an uplift no
its networks without does Cisco warrant that Customer will be able to operate problems or interruptions
Disclaimer THIS WARRANTY IS IN LIEU OF AND CISCO DISCLAJMS ALL OTHER OF ALL OTHER WARRANTIES EXPRESSED OR IMPLIED INCLUDING THOSE OF MERCHANTABILITY NONINFRINGEMENT AND FITNESS FOR PARTICULAR PURPOSE OR ARISING FROM COURSE OF DEALING
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT SPECtAL CONSEQUENTIAL OR INCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR
INABILITY TO USE THIS CISCO SOFTWARE EVEN IF CISCO HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES SOME STATES DO NOT ALLOW LIMITATION OR EXCLUSION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES OR LIMITATION ON HOW LONG IMPLIED WARRANTIES LAST SO THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO CUSTOMER OF CONTENTS
About This Manual XIII
Document Objectives xiii
Audience xiii
Document Organization xiii
Document Conventions xiii
Chapter Configuring an AppleTalk Remote Access Server 1-1
Ciscos Implementation of ARA 1-1
ARA Protocol 1-2
AppleTalk 1-2
Extended Phase versus Nonextended Phase AppleTalk 1-4
Nonextended AppleTalk Addressing 1-5 AppleTalk Zones 1-5
Name Binding Protocol 1-5 Zone Information Protocol 1-6
Dynamic Configuration 1-6
Extended AppleTalk Addressing 1-7
AppleTalk Name Registration 1-7
AppleTalk Responder Support 1-8
ARA Task Overview 1-9
Connect Cables 1-9
Configure the Line and the Modem 1-11
Configure AppleTalk 1-12 Enable AppleTalk Service 1-12
Configure an AppleTalk Interface 1-12
Manual Interface Configuration 1-12
Dynamic Interface Configuration 1-13
Configuring Segment That Has No Routers 1-14 Enable ARA 1-15
Customize ARA 1-15
Configure Automatic Protocol Startup 1-15
Set Dedicated ARA Line 1-16
Set the Session Time Limit 1-16
Set the Disconnect Warning Time 1-16
Disallow Guests 1-16
Control Access 1-16
Customize the AppleTalk Configuration 1-17
Disable Checksum Generation and Verification 1-17
Configure MaciP 1-18
Control Access to AppleTalk Networks 1-20
Create Access Lists 1-21
Table of Contents Configure System Security 1-22
Configure Internal Username Authentication 1-22
Configure TACACS Security 1-22
Modify Scripts to Support TACACS 1-22
Configure TACACS Server User Authentication 1-24
Monitor and Debug an ARA Server 1-24
Monitor the AppleTalk Network 1-25 Debug the ARA Server 1-25
Configuration Examples 1-25
Example of Configuring an Extended AppleTalk Network 1-25
Example of Configuring an Extended Network in Discovery Mode 1-26
Example of Configuring ARA 1-27 Example of Expanding the Cable Range 1-27
Example of Configuring MaciP 1-28
Example of Configuring TACACS Username Authentication 1-28
Example of Configuring Dedicated ARA Line 1-29
Example of Configuring Multiuse Line 1-29
Example of Configuring an ARA Server 1-29
Example of Setting up aTelebit T-3000 Modem 1-30
Chapter AppleTalk Remote Access Commands 2-1
access-list additional-zones 2-2
access-list cable-range 2-3
access-list includes 2-5
access-list network 2-7
access-list other-access 2-9
access-list within 2-10
access-list zone 2-12
appletalk address 2-14
appletalk cable-range 2-15
appletalk checksum 2-17
appletalk discovery 2-18
appletalk macip dynamic 2-20
appletalk macip server 2-22
appletalk macip static 2-24
appletalk service 2-26
appletalk zone 2-27
arap dedicated 2-29
arap enable 2-30
arap net-access-list 2-31
vi Communication Server Addendum for AppleTalk Remote Access 2-32 arap noguest
timelimit 2-33 arap
2-34 arap warningtime
2-35 arap zonelist
autoselect 2-36
debug arap 2-37
login tacacs 2-38
show appletalk arp 2-39
show appletalk interface 2-41
show appletalk macip-clients 2-44
show appletalk macip-servers 2-45
show appletalk macip-traffic 2-48
show appletalk traffic 2-50
show appletalk zone 2-55
show arap 2-57
Index
Table of Contents vii viii Communication Server Addendum for AppleTalk Remote Access 0F FIGURES
Figure 1-1 ARA Configuration Overview 1-2
Figure 1-2 AppleTalk and the OSI Reference Model 1-3
Figure 1-3 InteroPoll Output 1-9
Figure 1-4 ARA Server Cabling and Connections 1-10
Figure 1-5 Wiring Diagram of Mini 8-to-DB-25 Cable 1-10
Figure 1-6 ARA Server Not on an Internet 1-17
Figure 1-7 TACACS Login Screen on the Macintosh 1-24
Figure 1-8 TACACS Password Screen on the Macintosh 1-24
Figure 1-9 Discovery Mode 1-26
List of Figures ix Communication Server Addendum for AppleTalk Remote Access LIST OF TABLES
Table 1-1 Examples of AppleTalk Addresses 1-6
Table 1-2 Building Mini 8-to-DB-25 Cable 1-11
Table 2-1 Show AppleTalk ARP Field Descriptions 2-39
Table 2-2 Show AppleTalk Interface Field Descriptions for an Extended Network 2-42
Table 2-3 Show AppleTalk Interface Field Descriptions for Nonextended Network 2-42
Table 2-4 Show AppleTalk Interface Brief Field Descriptions 2-43
Table 2-5 Show AppleTalk MacIP Clients Field Descriptions 2-44
Table 2-6 Show AppleTalk MacTP Servers Field Descriptions 2-45
Table 2-7 MacIP Finite-State Machine Table 2-46
Table 2-B Server States 2-47
Table 2-9 Show AppleTalk MacIP Traffic Field Descriptions 2-49
Table 2-10 Show AppleTalk Traffic Field Descriptions 2-51
Table 2-11 Show AppleTalk Zone Field Descriptions 2-56
Table 2-12 Show AppleTalk Zone Field Descriptions for Specific Zone Name 2-56
Table 2-13 Show ARAP Field Descriptions 2-58
List of Tables xi xii Communication Server Addendum for AppleTalk Remote Access About This Manua
This section discusses the objectives audience organization and conventions of the Communication
Server Addendum for AppleTalk Remote Access
Document Objectves
This manual provides the information necessary to configure your communication server to use
AppleTalk Remote Access ARA to support remote Macintosh users This manual used in
conjunction with the Release 9.21 Communication Server Configuration Guide and the
Communication Server Command Reference publication provides all of the information necessary
communication and interface to use and configure your server including system network
configuration
Audence
This publication addresses the system administrator who will configure and maintain
communication server configured as an ARA server supporting remote Macintosh users running
ARA software
Document Organ izaton
This publication has two chapters
which contains and Chapter Configuring an AppleTalk Remote Access Server required Macintosh optional tasks for configuring your communication server to support remote users
running ARA software
of each of the Chapter AppleTalk Remote Access Commands which provides description default and commands presented in Chapter including complete syntax descriptions settings
command usage guidelines
Document Conventons
This manual uses the following conventions to convey instructions and information
Ctrl represents the key labeled Control
For example the key combination Ctrl-D means hold down the Control key while you press the key
About This Manual xiii Document Conventions
is defined of string as nonquoted set characters For example when setting up community
string for SNMP to public do not use quotes around the string or the string will include the
quotation marks
Command descriptions use these conventions
that contain Examples system prompts denote interactive sessions indicating that the user enters
commands at the prompt The system prompt indicates the current command mode For example
the prompt router config indicates global configuration mode
Commands and keywords are in boldface font
Arguments for which you supply values are in italic font
Elements in square brackets are optional
Alternative but required keywords are grouped in braces and separated by vertical bars
Examples use these conventions
Terminal sessions and information the system displays are in screen font
Information you enter is in boldface screen font
Nonprinting characters such as passwords are in angle brackets
Default to in responses system prompts are square brackets
Exclamation points at the beginning of line indicate comment line
Note Means reader take note Notes contain helpful suggestions or references to materials not
contained in this manual
Software changes from previous releases are noted in the release note accompanying this manual
xiv Communication Server Addendum for AppleTalk Remote Access CHATER
Configuring an AppeTaIk Remote Access Server
Remote This chapter describes how to configure your communication server to act as an AppleTalk
describe the client Macintosh Refer to Access ARA server It does not how to configure or use Apple Computers Apple Remote Access Client User Guide and the Apple Remote Access Personal Macintosh For Server Uses Guide for information about how to use ARA software on your
complete description of the commands in this chapter refer to Chapter
Cscos mpHementaton of ARA
in Ciscos implementation of ARA gives Macintosh users direct access to information and resources
remote locations Macintosh users can connect to another Macintosh computer or AppleTalk network
over standard telephone lines For example if you have PowerBook at home and need to get file
from your Macintosh at the office ARA software can make the connection between your home and
office computers
You can configure your communication server to act as an ARA server by enabling AppleTalk and allows remote ARA Protocol Configuring your communication server to act as an ARA server
Macintosh users to dial in become network node and connect to devices on other networks ARA
Protocol support on the communication server is transparent to the Macintosh end user
The following Macintosh and communication server software support is required for ARA
connectivity
Macintosh running ARA software and connection control language CCL script
communication server configured as an ARA server
Configuring an AppleTalk Remote Access Server 1-1 Ciscos Implementation of ARA
Figure 1-1 shows how your communication server can act as an ARA server between remote Macintosh computers in Figure 1-1 Macintosh SE and PowerBook and devices on another network
I-Il
PowerBook with internal modem
Figure 1-1 ARA Configuration Overview
ARA ProtocW
Enabling ARA on your communication server permits the server to support ARAon the Macintosh
and therefore to act as an ARA server
App eTa
AppleTalk is client-server or distributed protocol AppleTalk users share network resources such
as files and printers with other users Interactions with different servers are transparent to users
because the computer determines the location of the requested material and accesses it without
requesting information from the user
identifies several network AppleTalk entities node network and zone node is any device
connected to network an AppleTalk The most common nodes are Macintosh computers and laser but other of printers many types computers are also capable of AppleTalk communication including
IBM PCs Digital VAX/VMS systems and variety of workstations communication server which network provides only one interface is considered node on the network In this chapter the
term refers device router to any that routes AppleTalk packets An AppleTalk network is single and logical cable an AppleTalk zone is logical group of one or more possibly noncontiguous networks
has Apple Computer produced variety of internetworking products with which to connect local-area AppleTalk networks Apple supports Ethernet Token Ring Fiber Distributed Data
Interface and its FDDI own proprietary twisted-pair media access system called LocalTalk
1-2 the Figure compares AppleTalk protocols with the standard seven-layer OSI model and illustrates how AppleTalk works with variety of physical and link access mechanisms
12 Communication Server Addendum for AppleTalk Remote Access Ciscos Implementation of ARA
OSl AppleTalk Protocols Reference Model
Application
Presentation
Session
Transport
Network
Data Link
Physical
Figure 1-2 AppleTalk and the OSI Reference Model
services in addition to the The Cisco AppleTalk implementation provides the following standard ability to transmit any AppleTalk packet
AppleTalk Address Resolution Protocol AARP
Datagram Delivery Protocol DDP
Name Binding Protocol NBP
AppleTalk Echo Protocol AEP
AppleTalk Transaction Protocol ATP
Zone Information Protocol ZIP
internetworked nodes The DDP and AARP protocols provide end-to-end connectivity between determine NBP maps network names to AppleTalk internet addresses NBP relies on ZIP to help AFP and which networks belong to which zones File and print access is provided through PAP respectively which work with applications such as AppleShare and print servers
Configuring an AppleTalk Remote Access Server 1-3 Ciscos Implementation of ARA
The Cisco AppleTalk implementation also includes the following enhancements
Support for EtherTalk 1.2 and EtherTalk 2.0
Support for serial protocols including SMDS Frame Relay X.25 and HDLC
Configurable protocol constants
No software limits on the number of zones
MacTCP support via the MacIP server
service NBP proxy providing compatibility between AppleTalk Phase and AppleTalk Phase
Access control support to allow filtering of zones routing data and packets
node Integrated name support to simplify AppleTalk management
Interactive access to AEP and NBP provided via the ping command
for both Support configured called seed and discovered configuration
Responder support used by InteroPoll and other network monitoring packages
Note Apple Computer uses the nameAppleTaik to refer theApple NetworkingArchitecture ANA whereas the actual transmission media used to form an AppleTalk network are referred to as LocalTallc Apple Computers proprietary twisted-pair transmission medium for AppleTalk TokenTalk AppleTalk over Token Ring and EtherTalk AppleTalk over Ethernet
like AppleTalk many network protocols makes no provision for network security The AppleTalk architecture protocol requires that security measures be executed at higher application levels The communication server software supports AppleTalk network access lists providing filters at the
packet level
Extended Phase versus Nonextended Phase AppleTalk
AppleTalk was designed for local work groups With the installation of over 1.5 million Macintosh
computers in the first five years of the products life Apple found that some large corporations were
exceeding the design limits of AppleTalk Apples solution was to create extended AppleTalk The extended architecture increases the AppleTalk number of nodes per AppleTalk internetwork to over 16 million and unlimited number of an zones per cable
The introduction of the extended AppleTalk architecture also introduced the concept of nonextended and extended networks Nonextended AppleTalk networks are sometimes called Phase and
extended networks are called Phase Nonextended networks refer to the nonextended AppleTalk
Ethernet 1.0 networks no longer supported by Apple but still supported by Cisco and to the
nonextended serial line-based networks including those configured using X.25 and LocalTalk
Extended networks refer to the extended AppleTalk-compliant networks configured on Ethernet
EtherTalk 2.0 and Token Ring media Examples of nonextended and extended AppleTalk network
configurations can be found in the section Configuration Examples later in this chapter
The AppleTalk extended-network architecture provides extensions compatible with nonextended
AppleTalk internetworks The AppleTalk extended architecture was designed to remove the
limits of 254 previous concurrently active AppleTalk nodes per cable as well as the previous limit
1-4 Communication Server Addendum for AppleTalk Remote Access Ciscos Implementation of ARA
cable Extended contains better for the of one AppleTalk zone per AppleTalk algorithms choosing
best routers for traffic and is designed to minimize the amount of broadcast traffic generated for
routing updates
Another important feature in extended AppleTalk is the ability of single AppleTalk cable to be
The size of network numbers to assigned more than one network number of the range assigned
cable determines the maximum number of concurrently active AppleTalk devices that can be
supported on that cable which is 254 devices per network number
Nonextended AppleTalk Addressing number AppleTalk addresses are 24 bits long They consist of two components 16-bit network and
an 8-bit node number The Cisco AppleTalk software parses and displays these addresses as
sequence of two decimal numbers the network number period and the node number For
example node 45 on network is written as 3.45 node is any AppleTalk-compatible device
attached to the network Each enabled AppleTalk interface on router is node on its connected network
AppleTalk Zones
When router is used to join two or more AppleTalk networks into an internetwork the component
physical networks remain independent of each other network manager may assign nodes on each
physical network to conceptual grouping known as zone
There are two main reasons to create zones in an AppleTalk internetwork to simplify the process of
locating and selecting network devices and to allow for the creation of departmental work groups
that may exist on several different and possibly geographically separated networks
hundreds thousands of shared For example consider large AppleTalk internetwork that contains or
resources and devices Without method of dividing this large number of resources and devices into thousands of node smaller groups of devices user might have to scroll through hundreds or names of in the Chooser to select the one node to be used By creating small conceptual groups nodes users
can choose the resources they need much more quickly and easily than if they were sorting through
list of very long names
is limited zone can include many networks that need not be located together physically zone not
by geographical area The partitioning afforded by zone names is conceptual not physical
The network manager defines zones when he or she configures router For nonextended networks
each AppleTalk-configured interface must be associated with exactly one zone name and for
extended networks each AppleTalk-configured interface can be associated with one or more zone
names Until zone name has been assigned AppleTalk capability is disabled for that interface The
section Configure AppleTalk later in this chapter lists the commands to use in the zone-naming
of each command and its for process Refer to Chapter for description guidelines usage
Name Binding Protocol
internetwork addresses It allows The Name Binding Protocol NBP maps network entity names to
refer numerical addresses for users to specify descriptive or symbolic names software processes to
the same entities With NBP almost all user-level programs respond to names instead of numbers
When users select an AppleTalk device they are using the NBP protocol to translate the devices
entity name to the entitys network address Numerical addresses dynamically assigned to nodes are
primarily used by the router software and by network managers in the ping process
Configuring an AppleTalk Remote Access Server 1-5 Ciscos Implementation of ARA
NBP provides four basic services for binding names to nodes and zones
Name registration
Name deletion
Name lookup
Name confirmation
The nature of the AppleTalk addressing scheme is inherently volatile and node addresses change
frequently Therefore NBP associates numerical addresses with aliases that continue to reference
the colTect address if the address changes
Zone Information Protocol
NBP uses the Zone Information Protocol ZIP to determine which networks belong to which zones router uses ZIP to maintain the network-number-to-zone-name mapping of the AppleTalk internet
Each communication server or router maintains data structure known as the zone information table
The table of ZIT provides listing network numbers for each network in every zone Each entry
is triple an inseparable network number-hop number set that matches network number with
zone name as supplied by the network manager
Dynamic Configuration
AppleTalk supports dynamic configuration discovery mode Not all fields of an AppleTalk address
need to be specified to configure an AppleTalk router If there is another AppleTalk communication
server or router on the network it might be able to supply the network number and zone name
preconfigured router on an AppleTalk network acts as seed router or communication server
responding to configuration queries from other nodes on its network
Seed and routers come up verify the configuration with an operational router If the configuration is Seed valid they start functioning routers come up even if no other routers are on the network On the other nonseed hand router must first communicate with seed router before it can begin nonseed operation router must obtain and verify the configuration with another functioning
router The configuration of the nonseed router must match exactly with the configuration of the seed
router for the nonseed router to function
An end node always behaves in manner similar to discovery mode It uses any previous
configuration as starting point for initialization
Unspecified parts of the AppleTalk address are entered as zero Table 1-1 lists AppleTalk addresses
that feature unspecified addressing
Table 1-1 Examples of AppleTalk Addresses
AppleTalk
Address Description
34.5 Completely specified network 34 node
05 Partially qualified network unspecified node
122.0 Partially qualified network 122 node unspecified
0.0 Completely unspecified
1-6 Communication Server Addendum for AppleTalk Remote Access Ciscos Implementation of ARA
AppleTalk automatically assigns node numbers When the specified address is in use the node
randomly chooses its node number The node will first try the node number that was its most recent
address If that number is unavailable the node then searches for the next available address If it
reaches 254 without finding an available number it cycles back to and continues until it finds
free address LocalTalk address restrictions are as follows user node numbers are from ito 127 and
server/printer node numbers are from 128 to 254 Nonextended Ethernet and extended media do not
observe the server/user node distinction The protocol reserves node numbers and 255 Extended
media also reserves the node number of 254
For nonseed communication servers an interface will behave as an AppleTalk end node If zero has
been specified for network number that interface will not route any packets until it receives its network number from seed router
As long as one fully configured communication server or router exists on physical network
other attached cable to determine segment or cable routers directly to that can use discovery mode
their configuration they can take their information from an operational communication server or
router However once the configuration process has stabilized for particular AppleTalk internet
all communication servers and routers thereafter should be configured as seed routers Note that each communication synchronous X25 network interfaces must be explicitly configured on server
or router to be used as AppleTalk transports
Node address information is maintained by tables appropriate to the media usually AARP tables
Extended AppleTalk Addressing
AppleTalk addresses as explained in the section Nonextended AppleTalk Addressing earlier in
this chapter are composed of 16-bit network and an 8-bit node number In nonextended AppleTalk
nodes within single cable can communicate using only their 8-bit node numbers
node in extended AppleTalk is always identified by its network and node number Dynamic
address resolution when communication server or router is not present includes the assignment of
random network number within small range as well as node number When communication
server or router is present in the network node starts up using its newly acquired address for short
period of time It then immediately requests the range of valid network numbers from an operational
router The node then uses this to determine its actual AppleTalk address by selecting an unassigned address
new concept of cable ranges is introduced with the extended AppleTalk Ranges of network
numbers and multiple zones can exist on single logical cable But the node can exist in only one
zone and on only one network
In an extended AppleTalk network the mapping of physical cable to zone name is no longer
valid End nodes are expected to know the zone to which they belong or to choose from the list of
available zones provided by router The router maintains default zone that new nodes will use
automatically if they have not chosen zone previously
AppleTalk Name Registration
Cisco communication servers and routers with active AppleTalk interfaces register each interface
separately unique interface name is generated by appending the interface type name and unit
number to the communication server or router name For example if communication server is
named mycommserver and has AppleTalk enabled on Ethernet in zone Engineering the NBP
registered name will be as follows
mycommserver.ELhernetOciscoRouter@Engineering
Configuring an AppleTalk Remote Access Server 1-7 Ciscos Implementation of ARA
The is NBP name deregistered in the event that AppleTalk is disabled on an interface by
configuration or due to interface errors
Registering each interface on the communication server provides the AppleTalk site administrator
with positive indication that the communication server and router is properly configured and
operating
One name is registered per interface other service types are registered once for every zone name on
the communication server The following display output from the show apple nbp command shows
that each interface is but that is uniquely identified only one SNMP Agent generated per zone
Net Adr Skt Name Type Zone 4042 254 brown.Ethernet0 ciscoRouter Engineering 4028 254 brown.Asyncl ciscoRouter Engineering
AppleTalk Responder Support
The communication server answers AppleTalk responder requests The listener is installed on the
AppleTalk interface name registration socket
The response packet generated supplies the bootstrap firmware version string followed by the router software version These operating string are displayed in the position of the Macintosh system
version and the Macintosh printer driver version respectively in such applications as Apples InterPoll
The contains response packet strings similar to those displayed by the show version EXEC command
The information is returned as follows
System bootstrap version ROM version
Currently running software version
versionthis AppleTalk always indicates 56 which is the first Apple Macintosh version that contained AppleTalk Phase support
AppleTalk responder versionthis always displays 100 which indicates support of Version 1.0
responder packets
Report that AppleShare is not installed
Figure 1-3 illustrates typical output display for InterPoll that lists this information
1-8 Communication Server Addendum for AppleTalk Remote Access ARA Task Overview
Net 4042 Node Device orange Ethernet0-clscoRouter stop Packets 20 Using
Echo Pkts Donej Interval 12.5 Isecs
Printer Status Packets
Timeout 11.5 Isecs System Into Packets
Rcvd Lost
Packets Sent Lett 16 Total
Current Average Minimum Maximum
Hope Away 3.00
Delay secs 0.02 0.02 0.02 0.02
System Bootstrap Version 4.41e.ol 1986-1993 Status cs Software lCS-5051 Version 9.11100 Deveiopment Software
flespondur iNiT Version lOS
Driver Version 56 not instaled ______AppieToik AppieShare Co
Figure 1-3 lnterPolI Output
ARA Task Overview
To set up your communication server as an ARA server complete the following tasks
Connect cables page 1-9
Configure the line and the modem page 1-11
Configure AppleTalk page 1-12
The following tasks are optional
Customize ARA page 1-15
Customize the AppleTalk configuration page 1-17
Configure system security page 1-22
Monitor and debug an ARA server page 1-24
Connect CabHes
Figure 1-4 shows how to connect Macintosh directly to the communication server and how to connected connect Macintosh by means of internal and external modems The directly Macintosh
can be used as terminal from which you can configure the communication server
Configuring an AppleTalk Remote Access Server 1-9 Connect Cables
RJ-45
Internal modem
cable __ RJ-45 adapter
Mini 8-to-
DB-25 cable IL
External modem Modem Directly attached Macintosh
Figure 1-4 ARA Server Cabling and Connections
the FDTE version of the RJ-45- To connect Macintosh directly to the communication server use the rolled RJ-45 cable from the to-DB-25 adapter Cisco Part Number 29-FDTE-02 to connect
communication server to the Mini 8-to-DB-25 cable from the Macintosh
version of the RJ-45-to-DB-25 To connect modem to the communication server use the MMOD RJ-45 cable from the communication server to the modem You can adapter to connect the rolled the DB-25 in to also use Cisco MDCE adapter that you have modified by moving pin position
position
the of DB-25 connector and how they are Figure 1-5 shows the pins of Mini connector pins connected
connector
8-to-DB-25 Cable Figure 1-5 Wiring Diagram of Mini
Table 1-2 explains the pin functions
1-10 Communication Server Addendum for AppleTalk Remote Access Configure the Line and the Modem
Table 1-2 Building Mini 8-to-DB-25 Cable
Din-U Pin DB-25 Pin
Number Din-U Pin Function Number DB-25 Pin Function
Output handshake 20 RTS DTR
Input handshake/external CTS
clock
TxD TxD
Ground RxD- Ground RxD RxD
Note This cable implements hardware flow control It allows the Macintosh to assert both the DTR
and the RTS signals with the HSKO control line The HSK1 control line is attached to pin which
allows the Macintosh to monitor the CTS signal from the modem Data is transmitted to the modem
on pin of the DB-25 connector and received from the modem on pin of the DB-25 connector
Pin on the DB-25 connector grounds the connection between the Macintosh and the modem
Because DTR is tied to RTS you should configure the modem to ignore any change in the state of DTR Otherwise an RTS flow control change would cause the modem to hang up the telephone line
For more information about cables connectors and adapters see the hardware installation and
maintenance manual for your communication server
Configure the Line and the Modem
Configure the line on the communication server as follows
Specify line speed3 8400 bps on high-speed modems is recommended
Set hardware flow controluse the flowcontrol hardware command to enable hardware flow
control
the line for both Specify your dial-in typeuse the modem inout command to configure
the line for incoming and outgoing calls or use the modem ri-is-cd command to configure
incoming calls only
Note The autobaud command is not supported with ARA
Configure the modem as follows
Set hardware flow control
Disable software flow control XON/XOFF
Disable echo
Set quiet mode that is prevent the modem from responding to commands
Set auto-answer to answer on ring rings are required in Germany
Set modem so that DSR follows CD
Reset to nonvolatile random-access memory NVRAM when DTR drops
Configuring an AppleTalk Remote Access Server 1-11 Configure AppleTalk
If your modem does not support this configuration see the Communication Server Configuration
Guide or the Communication Server Command Reference publication for information about
configuring line to support your modem
Configure AppeTaUk
To configure ARA on your communication server you need to perform the following tasks
Enable AppleTalk
Configure an AppleTalk interface
Enable ARA
The sections that follow describe each of these tasks See Chapter for information about commands
listed in these tasks
Enable AppleTalk Service
To enable the AppleTalk service in global configuration mode perform the following task
Task Command
Enable AppleTalk appletalk service
Configure an AppleTalk Interface
You can manually configure an interface for AppleTalk or if an interface is connected to network
that has at least one other communication server or router configured for AppleTalk you can
dynamically configure the interface using discovery mode
If the internet the and cable match the already exists zone range must existing configuration To
identify existing cable ranges and zone names configure the communication server for discovery mode
You can also configure an AppleTalk interface on segment for which there are no AppleTalk routers
Manual Interface Configuration
To manually configure an interface for extended AppleTalk peiform the following tasks
Task Command
Specify an interface interface type unit
Assign cable range to an interface appletalk cable-range cable-range
Assign zone name to the interface appletalk zone zone-name
If than is the default you assign more one zone name the first name you assign zone
You can define up to 255 unique zone names
1-12 Communication Server Addendum for AppleTalk Remote Access Configure AppleTalk
After you assign the address and zone names the interface will attempt to verify them with other
communication connected network If there operational servers or routers on the are any
discrepancies the interface will not become operational If there are no neighboring operational
communication servers or routers the communication server will assume the configuration is
colTect and the interface will become operational
Dynamic Interface Configuration
If an AppleTalk interface is connected to network that has at least one other operational AppleTalk
router or communication server you can dynamically configure the interface using discovery mode
In discoveiy mode an interface acquires information about the attached network from an operational
communication server or router and then uses this information to configure itself Once the interface
has been configured you can manually enter the dynamically acquired information
Using discovery mode to configure interfaces saves time if the network numbers cable ranges or
zone names change You need to make the changes on only one operational communication server
or router
Discovery mode is useful when you are changing network configuration or when you are adding
communication server to an existing network
Note Discovery mode does not work with synchronous serial lines
If there is no operational communication server or router on the attached network you must
manually configure the interface as described in the earlier section Manual Interface
Configuration Also if discovery-mode interface is restarted another operational communication
server or router must be present before the interface can become operational
communication server starts up by first acquiring its configuration from memoly Then if an
interface is not configured for discovery mode the interface starts up as follows
The interface must be configured with the appletalk address or appletalk cable-range
command and the appletalk zone command
If the interface is properly configured the interface attempts to verify the stored configuration
with another communication server or router on the attached network
there is the interface If any discrepancy does not start up
If there are no neighboring operational communication servers or routers the communication
server assumes the stored configuration is correct and the interface becomes operational
Using discovery mode does not affect an interfaces ability to respond to configuration queries from
other communication servers on the connected network once the interface becomes operational
When activating discovery mode you do not need to assign zone name The interface acquires the zone name from another interface
and network If Caution Do not enable discovery mode on every communication server router on
you do and all communication servers restart simultaneously for instance after power failure the network will be inaccessible until you manually configure at least one communication server
Configuring an AppleTalk Remote Access Server 1-13 Configure AppleTalk
You can activate discovery mode on an extended interface in one of two ways depending on whether know the cable of the attached These methods described in the sections that you range network are follow
Method
In the first method you immediately put the interface into discovery mode by specifying cable attached range of 00 Use this method when you do not know the network number of the network
To configure an interface for discoveiy mode using this method perform the following tasks
Task Command
Specify an interface interface type unit
Put the interface into discovery mode by assigning it appletalk cable-range 00
the cable range 0-0
Method
In the second first cable then enable method you assign ranges and explicitly discovery mode Use
this method when you know the cable range of the attached network To configure an interface for
discovery mode using this method perform the following tasks
Task Command
Specify an interface interface type unit
Assign an AppleTalk address to the appletalk cable-range cable-range
interface
Put the interface into discoveiy mode appletalk discovery
Configuring Segment That Has No Routers
also that does have You can configure an AppleTalk interface on LAN segment not any AppleTalk
routers by performing the following tasks
Task Command
Turn on AppleTalk but do not enable appletalk service routing
Specify an interface interface
Specify the AppleTalk address as appletalk address 1.1
which is the default address when there
are no routers
Specify the name of the local zone appletalk zone
Note that you cannot use discovery mode for this configuration
1-14 Communication Server Addendum for AppleTalk Remote Access Customize ARA
EnabeARA
To enable ARA on line perform the following tasks
Task Command
Specify line or lines line nunber enclnunberj
Enable ARA on line aiap enable
CustomzeARA
The commands in this section can be used to customize ARA support Some of the commands are
required for certain configurations Possible functions include the following
automatic Configure protocol startup page 15
Set dedicated ARA line page 1-16
Set the session time limit page 1-16
Set the disconnect warning time page 1-16
Disallow guests page 1-16
Control access page 1-16
Note ARA does not support the autobaud command
The following sections describe these tasks See Chapter for information about commands listed
in these tasks
Configure Automafic Protoco Startup
To configure the communication server to automatically start an ARA session perform the following
tasks in global configuration mode
Task Command
Specify line in global configuration mode line number end-number
Configure line to automatically start an ARA autoselect session
The autoselect command permits the communication server to automatically start an appropriate when process starting character is received The communication server detects either Return
character which is the start character for an EXEC session or the start character for the ARA
protocol
This command is required for all ARA-enabled lines that are not configured as dedicated ARA lines
that and are not configured for TACACS logins
Note The autoselect command should not be used with TACACS
Configuring an AppleTalk Remote Access Server 1-15 Customize ARA
Set Dedicated ARA Line
To set line to function only as an ARA connection perform the following task in line configuration mode
Task Command
line for Configure ARA only arap dedicated
Alternatives are to set the line for autoselect or TACACS logins
Set the Session Time Limit
To set the maximum length of an ARA session for line perform the following task in line
configuration mode
Task Command
Set the maximum length of an ARA session arap timelimit
The default is to have unlimited length connections This task is optional
Set the Disconnect Warning Time
To configure when to display disconnect warning perform the following task in line configuration mode
Task Command
Set when disconnect warning message will be arap warningtime displayed in number of minutes before the line
is set to disconnect
This command is only valid if session time limit is set
Disallow Gnests
guest is person who connects to the network without having to give name or password To
prohibit Macintosh guests from logging in through the communication server perform the following
task in line configuration mode
Task Command
Prohibit guests from logging in to the ARA arap noguest network
Caution Do not enter the arap noguest command if TACACS is enabled
Control Access
You can control Macintosh access to zones and networks by using arap commands to reference
access control lists configured using AppleTalk access-list commands
1-16 Communication Server Addendum for AppleTalk Remote Access Customize the AppleTalk Configuration
To control what zones the Macintosh user will see perform the following task in line configuration mode
Task Command
Limit the zones the Macintosh user sees arap zonelist zone-access-list-number
To control traffic from the Macintosh to networks perform the following task in line configuration mode
Task Command
Control access to networks arap net-access-list net-access-list-number
Customzethe AppeTak Configuration
To customize the AppleTalk configuration complete the following tasks
Disable checksum generation and verification page 1-17
Configure MacIP page 1-18
Control Access to AppleTalk Networks page 1-20
This section describes how to perform these configuration tasks See Chapter for information about
commands listed in these tasks
Figure 1-6 shows configuration in which communication server acting as an ARA server is
serving local network that is not connected to an internet
Figure 1-6 ARA Server Not on an Internet
Disable Checksum Generation and Verification
By default the communication server generates checksums for all ARA traffic that requests them
You might want to disable checksum generation and verification as if you have an older LaserWriter
printer or other device that cannot receive packets with checksums
To disable checksum generation and verification perform the following global configuration task
Task Command
Disable the generation and verification of no appletalk checksum
checksums for all AppleTalk packets
Configuring an AppleTalk Remote Access Server 1-11 Customize the AppleTalk Configuration
Configure MaciP
The communication server implements MacIP protocol that routes IP datagrams to IP clients using
AppleTalk Datagram Delivery Protocol DDP low-level encapsulation MacIP allows the
communication server to assign an ID number to Macintosh computer that dials in The ID number
allows the Macintosh computer to run MacTCP applications
Cisco communication servers implement the MacIP address management and routing services
described in the draft Internet RFC Standard for the Transmission of Internet Packets over
AppleTalk Networks This implementation of MacIP conforms to the September 1991 draft RFC
with the following exceptions
Communication servers do not fragment IP datagrams that exceed the DDP MTU and that are
bound for DDP clients of MacIP
Communication servers do not route to DDP clients outside of configured MacIP client ranges
MacIP is required to provide access to IP network servers for those users It is also required for
environments in which Macintosh users use ARA or are connected to the network using LocalTalk
or PhoneNet cabling systems
MacIP services also can be useful when you are managing IP address allocations for large
dynamic Macintosh population There are several advantages to using MacIP in this situation
Macintosh TCP/IP drivers can be configured in completely standard way regardless of the
location of the Macintosh Essentially the dynamic properties of AppleTalk address management
become available for IP address allocation
You can modify all global parameters such as IP subnet mask DNS services and default routers
Macintosh IP users receive the updates by restarting their local TCP/IP drivers
The network administrator can monitor MacIP address allocations and packet statistics remotely
by using the Telnet application to attach to the communication server console This allows central
administration of IP allocations in remote locations For Internet sites it allows remote technical
assistance
However there is an important disadvantage in implementing MacIP on communication server
memory usage in the communication server increases in direct proportion to the total number of
active MacIP clients 80 about bytes per client
To configure MacIP on the Cisco communication server AppleTalk must be configured on the
communication server as follows
AppleTalk must be enabled
IP must be enabled
The MacIP zone name you configure must be associated with configured or seeded zone name
If you are using MacIP to allow Macintosh computers to communicate with IP hosts on the same LAN segment that is the Macintosh computers are on the Cisco interface on which MacIP is
configured and the IP hosts have extended IP access lists these access lists should include
entries to permit IP traffic destined for these IP hosts from the MacIP addresses If these entries be blocked are not present packets destined for IP hosts on the local segment will that is they
will not be forwarded
issues in mind When setting up MacIP routing keep the following address-range
18 Communication Server Addendum for AppleTalk Remote Access Customize the AppleTalk Configuration
Static and dynamic resource statements are cumulative and you can specify as many as
necessary However if possible you should specify single all-inclusive range rather than
several adjacent ranges For example specifying the range 131108.121.1 to 131.108.121.10 is
preferable to specifying the ranges 131.108.121.1 to 131.108.121.5 and 131.108.121.6 to 131.108.121.10
Overlapping resource ranges for example 131.108.121.1 to 131.108.121.5 and 131.108.121.5
to allowed If it is in 131.108.121.10 are not necessary to change range running server use
the no form of the resource address assignment command such as the no appletalk
followed the macip dynamic zone server-zone command to delete the original range by
corrected range statement
You add IP address allocations the address can to running server at any time as long as new
does with of the range not overlap one current ranges
To configure MacIP perform the following tasks
Step Establish MacIP server for specific zone
Step Allocate IP addresses for Macintosh users by specifying at least one dynamic or static
resource address assignment command for each MacIP server
To establish MacIP server for specific zone perform the following global configuration task
Task Command
Establish MaciP server for zone appletalk macip server ip-address zone server-zone
MacIP server is not registered using NBP until at least one MacIP resource is configured
Dynamic clients are those that accept any IP address assignment within the dynamic range specified
Dynamic addresses are for users who do not require fixed address but can be assigned addresses from pool
To allocate IP addresses for Macintosh users if you are using dynamic addresses perform the
following global configuration task
Task Command
Allocate an IP address to MacIP client appletalk macip dynamic ip-address zone
server-zone
For an example of configuring MacIP with dynamic addresses see the section Example of
Configuring MacIP
Static addresses are for users who require fixed addresses for IP DNS services and for administrators
who do not want addresses to change so they always know the IP addresses of the devices on their network
To allocate IP addresses for Macintosh users if you are using static addresses perform the following
global configuration task
Task Command
Allocate an IP address to be used by appletalk macip static ip-address zone
MacIP client that has reserved static IP server-zone
address
For an example of configuring MaciP with static addresses see the section Example of Configuring MacIP
Configuring an AppleTalk Remote Access Server 1-19 Customize the AppleTalk Configuration
In general you should not use fragmented address ranges in configuring ranges for MacIP However
if this is unavoidable use the appletalk macip dynamic command to specify as many addresses or
ranges as required and use the appletalk macip static command to assign specific address or
address range
Coiitro Access to AppUelalk Networks
An access list is list of AppleTalk network numbers or zones that is maintained by the
communication server and used to control access to or from specific zones or networks
The communication server supports two general types of AppleTalk access lists
AppleTalk-style access lists which are based on AppleTalk zones
IP-style access lists which are based on network numbers
AppleTalk-style access lists use zone names to regulate access to the internetwork Zone names are
good control points because they are the only network-level abstraction that users can access You
either can express zone names explicitly or by using generalized argument keywords.Thus using
lists when AppleTalk access simplifies network management and allows for greater flexibility
adding segments because reconfiguration requirements are minimal
define Because AppleTalk-style access lists are based on zones they allow you to access regardless of the existing network topology or any changes in future topologiesbecause they are based on
zones zone access list is effectively dynamic list of network numbers The user specifies zone
name but the effect is as if the user had specified all the network numbers belonging to that zone
IP-style access lists control network access based on network numbers This feature is useful for
defining access lists that control the disposition of networks that overlap are contained by or exactly
match specific network number range
You can combine zone and network entries in single access list Network filtering is performed
first then zone filtering is applied to the result However for optimal performance access lists
should not include both zones and numeric network entries
There are two types of filters you can use on AppleTalk networks
Data packet filters
GetZoneList GZL filters
AppleTalk network access control differs from that of other protocols in that the order of the entries
in an access list is unimportant However there are still some constraints you need to keep in mind
when defining access lists
You must design and type access list entries properly to ensure that entries do not overlap each
other An example of an overlap is if you were to enter an access-list permit network xxx statementand then enter an access-list deny network xxx statement If you do enter entries that
overlap the last one you entered overwrites and removes the previous one from the access list
In the example earlier in this paragraph this means that the penuit network statement would be removed from the the network statement access list when you typed deny
Each access list always has method for handling packets that do not satisfy any of the access
control statements in the access list
be the access-list other-access To explicitly specify how you want these packets to handled use
command when defining access conditions for networks and cable ranges and use the access-list
additional-zones command when defining access conditions for zones If you use one of these
1-20 Communication Server Addendum for AppleTalk Remote Access Customize the AppleTalk Configuration
commands it does not matter where in the list you put it the router software automatically puts
the access-list other-access or access-list additional-zones command at the end of the access
list With other protocols you must type the equivalent commands last
If do how handle the you not explicitly specify to packets that do not satisfy any of access control
statements in the access list the packets are automatically denied access and in the case of data
packets are discarded
You perform the following tasks to control access to AppleTalk networks These tasks are described
in the sections that follow
Create access lists
Create filters
Create Access Lists
An access list defines the conditions used to filter packets sent out of the interface These conditions
are sometimes also used to filter incoming packets Each access list is identified by number All
access-list commands that specify the same access list number create single access list
single access list can contain any number and any combination of access-list commands You can
include network and cable range access-list commands and zone access-list commands in the same
access list However you can only specify one each of the commands that specify default actions to
take if none of the access conditions are matched That is single access list can include only one
access-list other-access command handle that do match the to networks and cable ranges not access
conditions and only one access-list additional-zones command to handle zones that do not match
the access conditions
To create access lists that define access conditions for networks and cable ranges perform one or
more of the following tasks in global configuration mode
Task Command
Define access for single cable range for access-list access-list-number deny permit cable-
extended networks only range cable-range
Define access for an extended or nonextended access-list access-list-number deny permit
network that overlaps any part of the specified includes cable-range
range
Define access for an extended or nonextended access-list access-list-number deny permit
network that is included entirely within the within start-end
specified range
Define the default action to take for access checks access-list access-list-number deny permit other-
that apply to network numbers or cable ranges access
The access list number can be decimal value from 600 to 699
To create access lists that define access conditions for zones perform one or more of the following
tasks in global configuration mode
Task Command
Define access for zone access-list access-list-number deny permit zone
zone-name
Define the default action to take for access-list access-list-number deny permit
access checks that apply to zones additional-zones
Configuring an AppleTalk Remote Access Server 1-21 Configure System Security
The access list number can be decimal value from 600 to 699
Configure System Security
Two types of security can be used on your communication server when it is acting as an ARA server
Internal user authentication with username and password information stored on the
communication server
TACACS user authentication with username and password information stored on TACACS
server
The following sections describe these tasks See Chapter for information about the commands
listed in these tasks
Configure nterna Username Authentication
the To configure your communication server for internal username authentication perform
following task in global configuration mode
Task Command
Specify username and password username name password password
Enter this information for each supported user
Configure TACACS Securfty
You can use TACACS security if you have configured TACACS server and have CCL script that
allows you to use TACACS security This section tells you how to modify your CCL script so that
you can use TACACS security and how to configure line to use TACACS server for user authentication
Modify Scripts to Support TACACS
To Remote Access For number use AppleTalk with TACACS you must modify your CCL scripts of popular modems we provide CCL files that you can use to modify your CCL scripts to support
TACACS security This section explains how to use the CCL files provided by us to modify
AppleTalk Remote Access CCL scripts to work with TACACS security
We recommend using the ARA Modem Toolkit provided through the AppleTalk Programmers and and Developers Association APDA it provides both syntax checking script player
make AppleTalk Remote Access CCL scripts are primarily used to work with modems to
connections to remote machines When the connection has been established the script ends and
ARA is activated TACACS authentication occurs after the connection is established but before the
protocol becomes active
the Insert TACACS logic just before the end of script The CCL TACACS logic performs
following user authentication tasks
the users When the Username prompt is transmitted from the communication server name is
obtained from the Macintosh and sent to the TACACS server
the When the Password prompt is transmitted the users password is obtained from Macintosh
and sent to the TACACS server
1-22 Communication Server Addendum for AppleTalk Remote Access Configure System Security
After successful login indicated by an EXEC prompt at the communication server the EXEC
command arap is sent
The script ends and ARA begins
CCL scripts control logical flow by jumping to labels The labels are the numbers through 128 and will not necessarily be in sequential order in the script file The TACACS logic in CCL files provided by us have label numbers from 100 through 127.111 most environments copy the complete TACACS logic from an existing file
The steps for creating new TACACS CCL file are as follows
Step Copy the TACACS logic from the CCL file provided by Cisco into the file being modified
Step Locate the logical end of the script and insert the command jump 100
Copying the TACACS Logic
Inmost cases you can simply insert the TACACS logic at the appropriate place in your CCL script
The one case that requires extra attention is when the original CCL script has labels that conflict with
the Cisco logic The labels must be resolved on case-by-case basis usually by changing the label
numbers used by the original script This is fairly simple programming job but you should read and understand the manual that comes with the Modem Toolkit before beginning
Locating the Logical End of the Script
You can locate the logical end of the script by following its flow Most scripts have the following
basic structure
Initialize the modem
Dial the number
After connection display the connection speed
Exit
The characteristic logical end of the script is as follows
@label is any integer between and 128 if ANSWER Nil If were answering the phone jump directly to the label Nil pause 30 Were not answering the phone therefore we must be calling Wait three seconds for the modems to sync up @label Nil exit quit and start up ARA
is in this In this is the It common case to replace pause 30 with jump 100 fact usually only
change made to the logic of the original script
Configuring an AppleTalk Remote Access Server 123 Monitor and Debug an ABA Server
Configure TACACS Server User Authentication
To configure line to use TACACS server for user authentication perform the following tasks
Task Command
Specify line or lines line nuinbe endn unberl
Use TACACS server for user login tacacs
authentication
Figure 1-7 shows the TACACS login screen on the Macintosh
Enter your TACACS username
Figure 1-1 TACACS Login Screen on the Macintosh
Figure 1-8 shows the TACACS password screen on the Macintosh
Enter your TACACS password
Figure 1-0 TACACS Password Screen on the Macintosh
See the Communication Server Configuration Guide or the Communication Server Command
Reference publication for more information about configuring TACACS security
Montor and Debug an ARA Server
To display information about running ARA connection perform the following task in privileged
EXEC mode reached by entering the enable command and password
Task Command
information Display about running ARA show arap connection
The with of traffic since the show arap command no arguments displays summary ARA communication last booted The command with line number server was show arap specified
displays information about the connection on that line
1-24 Communication Server Addendum for AppleTalk Remote Access Configuration Examples
Monitor the AppleTalk Network
The communication server software provides several commands you can use to monitor an
AppleTalk network In addition you can use Apple Computers InterPoll which is tool to verify
that communication server is configured and operating properly Use the commands described in
this section to monitor an AppleTalk network using both communication server commands and
InterPoll
To monitor the AppleTalk network perform one or more of the following tasks
Task Command
List the entries in the AppleTalk ARP table show appletalk arp
Display AppleTalk-related interface settings show appletalk interface unit
Display the status of all known MaciP clients show appletalk macip-clients
Display the status of communication servers show appletalk macip-servers
MacIP servers
Display statistics about MaciP traffic show appletalk macip-traffic
Display the statistics about AppleTalk protocol show appletalk traffic
traffic including MacIP traffic
Display the contents of the zone information table show appletalk zone
Debug the ARA Server
To debug ARA connections perform the following tasks in privileged EXEC mode
Task Command
Debug internal ARA packets debug arap internal
Debug memory allocation for ARA debug arap memory
Debug low-level asynchronous serial protocol debug arap mnp4
Debug compression debug arap v42bis
Configuraton Exampes
This section contains examples of ARA configuration on the communication server
Example of Configuring an Extended AppleTalk Network
The following example configures the interface for an extended AppleTalk network It defines the nonextended zones Orange and Brown The cable range of one allows compatibility with AppleTalk networks
appletalk service interface ethernet appletalk cable-range 69-69 69.128 appletalk zone Orange appletalk zone Brown
Configuring an AppleTalk Remote Access Server 1-2 Configuration Examples
Example of Configuring an Extended Network in Discovery Mode
The following example configures an extended network in discovery mode In Figure 1-9
communication server provides the zone and network number information to the interface when
it starts
This communication server
supplies configuration
information for Ethernet
Figure 1-9 Discovery Mode
Use the following commands to configure this extended network in discovery mode
appleLalk service interface ethernet
appletalk cable-range 0O 0.0
1-26 Communication Server Addendum for AppleTalk Remote Access Configuration Examples
Example of Configuring ARA
described in the The following example configures the communication server for ARA support as
comments lines beginning with an exclamation point
Enable AppleTalk on the communication server appletalk service
interface Ethernet ipaddress 128.66.1.1255.255.255.0
On interface Ethernet assign network number 103 to the physical cable and assign zone name Marketing Lab to the interface Assign zone name if you are creating new AppleTalk internet If the internet already exists the zone and cable range must match exactly or you can leave the cable range at to enter discovery mode The suggested AppleTalk address for the interface in this example is 103.1 interface Ethernet appletalk cable-range 103-103 103.1 appletalk zone Marketing Lab Configure username and password for the communication server username jake password sesame On lines through InOut modems are specified the lines are configured to automatically start an EXEC session or enable AppleTalk AppleTalk Remote Access Protocol is enabled the modem speed is specified as 38400 bps and hardware flow control is enabled line modem bOut autoselect arap enabled speed 38400 flowcontrol hardware
emulator match the that set for the line Note that you must set your terminal to speed you
Example of Expanding the Cable Range
the is reentered In the following example the cable range is changed and zone name
The initial configuration is as follows
appletalk cable-range 100-103 appletalk zone Twilight Zone
cable is follows The range expanded as
appletalk cable-range 100-109
At this point you must reenter the zone name as follows
appletalk zone Twilight Zone
Configuring an AppleTalk Remote Access Server 1-27 Configuration Examples
Example of Configuring MacIP
The following example illustrates MacIP support for dynamically addressed MacIP clients with allocated addresses dynamically IP in the range 131.108.8.2 to 131.108.8.10
Specify server address and zone appletalk macip server 131.108.8.1 zone Snark
Specify dynamically addressed clients appletalk macip dynamic 131.108.8.2 131.108.8.10 zone Snark
Assign the address and subnet mask for Ethernet interface interface ethernet ipaddress 131.108.8.1255.255.255.0
Enable AppleTalk service appletalk service
interface ethernet appletalk cable range 6969 69.128 appletalk zone Snark
Specify server address and zone appletalk macip server 131.108.8.1 zone Snark
Specify dynamically addressed clients appletalk macip dynamic 131.108.8.2 131.108.8.10 zone Snack
The illustrates following example MacIP support for MacIP clients with statically allocated IP addresses
Assign the address and subnet mask for Ethernet interface interface ethernet ipaddress 131.108.8.1255.255255.0
Enable AppleTalk appletalk service
interface ethernet appletalk cable range 69-69 69.128 appletalk zone Snark Specify the server address and zone appletalk macip server 131.108.8.1 zone Snark
Specify statically addressed clients appletalk macip static 131.108.811 131.108.8.20 zone Snark appletalk macip static 131.108.831 zone Snark appletalk macip static 131.108.8.41 zone Snark appletalk macip static 131.108.8.49 zone Snark
ExampUe of Configtriiig TACACS Username Anthentcaton
In the following example line is configured for ARA and username authentication will be performed on TACACS server
line login tacacs arap enable
Caution Do not use the autoselect command if TACACS is enabled
1-28 Communication Server Addendum for AppleTalk Remote Access Configuration Examples
Example of Configuring Dedicated ARA Line
In the following example line is configured as dedicated ARA line user authentication
information is configured on the ARA server and guests are disallowed from making ARA sessions
username jsmith password woof line arap dedicated arap noguest
Example of Configuring Multiuse Line
In the following configuration ARA is enabled on lines through 16 username authentication is
configured on the ARA server and the lines are configured to automatically start an ARA session
when an ARA user on Macintosh attempts connection
username jsmith password woof line 16 autoselect arap enabled arap noguest
Example of Configuring an ARA Server
The following example shows how to set up ARA functionality on communication server
Log in to the communication server use the enable command to enter your password if one is set
use the configure command to enter configuration mode and add the following commands to your
configuration
appletalk service interface ethernet
appletalk cable-range 0-0 0.0 sets 500CS into discovery mode line modem inout speed 38400 arap enabled autoselect
If you already know the cable-range and the zone names you need include the information in the configuration file If you do not know this information let the communication server learn about the
AppleTalk network in discovery mode by following these steps
Permit the communication server to monitor the line for few minutes
Log in and enter configuration mode
Show the configuration again using the show config command
Note the appletalk cable-range and appletalk zone variables
Manually add the information in those two entries and add any user accounts
Save the configuration
appletalk cable-range 105-105 105.222 appletalk zone Marketing Lab Do not use quotation marks in this entry username arauser password arapasswd Add as many users as you need
Configuring an AppleTalk Remote Access Server 1-29 Configuration Examples
Show the cOnfiguration again using the show config command to make sure the configuration
is correct
Exampe of Seffing up aleUebit 1-3000 Modem
The following example describes how to set up Telebit T-3000 modem that you are attaching to
500-CS communication server which supports hardware flow control The Macintosh will use
CCL script to configure the attached modem
Start with the modem at factory defaults ATF9 is the preferred configuration for hardware flow control Use the direct command if you have terminal attached to the modem or use the T/D Reset
sequence described in the Telebit T-3000 manual to reset the modem to the F9 defaults
Attach hardware flow control-capable cable between the modem and the device with which you
are configuring the modem At this point the modem is in hardware flow control mode with auto
baudrate-recognition and can detect your speed between 300 and 38400bps at 8-N-i However the
modem must receive the flow control signals from the device to which you have the modem attached
Send the modem the following commands
ATS516 EU Qi SU2 D3 R3 S582
This sequence tells the modem to perform the following tasks
Lock your DTE interface speed to 38400 bps
Turn command echo off
Do not send any result codes
Auto-answer on the second ring Germany requires this but elsewhere you can set it to answer on the first ring with sO1
When DTR is toggled reset to the settings in NVRAM
CTS is always enabled if hardware flow control is disabled
Use full-duplex RTS/CTS flow control
Write these settings to NVRAM
At this if the point you press carriage return or type characters no characters appear on your screen
because the result codes are turned off You can see if the modem is working by getting list of its
configuration registers using the following command ATV
After the modem is configured connect it to the communication server with modem-to-RJ45 Part adapter Cisco Number CAB-5MODCM and an RJ-45 cable to the liness that you plan to use
The following commands are compatible with the Telebit 3000 settings described in this section
arap enable autoselect
no escape-character flowcontol hardware modem ri-is-cd speed 38400
1-30 Communication Server Addendum for AppleTalk Remote Access Configuration Examples
If you are attaching Telebit T-3000 modem to an ASM-CS communication server use an RJ- 11 adapter and straight cable For more information about attaching Telebit T-3000 modem to an
ASM-CS communication server see the ASMCS Hardware Installation and Maintenance publication
1-31 Configuring an AppleTalk Remote Access Server Configuration Examples
1-32 Communication Server Addendum for AppleTalk Remote Access CHAPTER
AppHelaHk Remote Access Commands
This chapter provides full description of the commands presented in Chapter including
command syntax and usage guidelines Commands are presented in alphabetical order
AppleTalk Remote Access Commands 2-1 access-list additional-zones
access-list additionazones
To define the action for access checks that apply to zones use the access-list
additional-zones global configuration command
access-list accesslist-number deny permit additional-zones
Syntax Description
access-list-number Number of the access list This is decimal number from 600 to 699
deny Denies access if the conditions are matched
permit Permits access if the conditions are matched
Default
To deny access
Command Mode
Global configuration
Usage Guidelines
The access-list additional-zones command defines the action to take for access checks not defined explicitly with the access-list zone command If you do not specify this command the default action is to deny access
Example
The following example creates an access list based on AppleTalk zones
access-list 610 deny zone Twilight accesslist 610 permit additionalzones
Related Commands
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list within
access-list zones
2-2 Communication Server Addendum for AppleTalk Remote Access access-list cable-range
access-hst caberange
To define list for cable networks the an AppleTalk access range for extended only use
access-list cable-range global configuration command To remove an access list use the no form
of this command
access-list access-list-number deny permit cable-range cable-range
no access-list access-list-number deny permit cable-range cable-range
Syntax Description
access-list-number Number of the access list This is decimal number from 600 to 699
deny Denies access if the conditions are matched
permit Permits access if the conditions are matched
cable-range Cable range value The argument specifies the start and end of the cable
range separated by hyphen These values are decimal numbers from
to 65279 The starting network number must be less than or equal to the
ending network number
Default
There is no AppleTalk access list defined by default for cable range
Command Mode
Global configuration
Usage Guidelines
conditions The access-list cable-range command affects matching on extended networks only The
defined by this access list are used only when the packets cable range exactly matches the cable
command The conditions are never used to match range specified in the access-list network
network number for nonextended network even if the cable range has the same starting and
ending number as the nonextended network number
To delete an access list specify the minimum number of keywords and arguments needed to delete
entire the command the proper access list For example to delete the access list use following
no access-list access-list-number
command To delete the access list for specific network use the following
no access-list access-list-number permit cable-range cable-range
Example
be forwarded those The access list created by the following commands allows all packets to except
destined to cable range 10 to 20
accesslis 600 deny cable-range 10-20 accesslist 600 permit otheraccess
AppleTalk Remote Access Commands 2-3 access-list cable-range
Related Commands
access-list additional-zones
access-list includes
access-list network
access-list other-access
access-list within
access-list zone
2-4 Communication Server Addendum for AppleTalk Remote Access access-list includes
access-hst ncudes
list that To define an AppleTalk access overlaps any part of range of network numbers or cable both extended and nonextended includes ranges for networks use the access-list global
configuration command To remove an access list use the no form of this command
access-list access-list-number deny permit includes cable-range
no access-list access-list-number deny permit includes cable-range
Syntax Description
access-list-number Number of the access list This is decimal number from 600 to 699
deny Denies access if the conditions are matched
permit Permits access if the conditions are matched
cable-range Cable range or network number The argument specifies the start and
end of the cable range separated by hyphen These values are
decimal numbers from to 65279 The starting network number must
be less than or equal to the ending network number To specify the network number set the starting and ending network numbers to same value
Default
There is no AppleTalk access list defined by default that overlaps any part of range of network numbers or cable ranges
Command Mode
Global configuration
Usage Guidelines
The access-list includes command affects matching on extended and nonextended AppleTalk
networks The conditions defined by this access list are used when the packets cable range or
of those in the network number overlaps either partially or completely one or more specified
access-list network command
To delete an access list specify the minimum number of keywords and arguments needed to delete the command the proper access list For example to delete the entire access list use following
no access-list access-list-number
To delete the access list for specific network use the following command
no access-list access-list-number deny permit includes cable-range
AppleTalk Remote Access Commands 2-5 access-list includes
Example
The defines following example an access list that permits access to packets destined to any nonextended extended network or whose network number or cable range overlaps any part of the
10 20 This for range to means example that packets whose cable ranges are 13 to 16 and 17 to 25
will be forwarded This access list also allows all other packets to be forwarded
accesslist 600 permit includes 10-20 accesslist 600 permit otheraccess
Related Commands
access-list additional-zones
access-list cable-range
access-list network
access-list other-access
access-list within
access-list zone
2-6 Communication Server Addendum for AppleTalk Remote Access access-list network
accessUst network
define list To an AppleTalk access for single network number that is for nonextended network
use the access-list network global configuration command To remove an access list use the no
form of this command
access-list access-list-number deny permit network network no access-list access-list-number deny permit network network
Syntax Description
access-list-number Number of the access list This is decimal number from 600 to 699
deny Denies access if the conditions are matched
permit Permits access if the conditions are matched
network AppleTalk network number
Default
There is no AppleTalk access list for single network number defined by default
Command Mode
Global configuration
Usage Guidelines
The access-list network command affects matching on nonextended networks oniy The conditions network defined by this access list are used only when the packets network number matches used number specified in one of the access-list network commands The conditions are never to and match cable range for an extended network even if the cable range has the same starting
ending number
needed delete To delete an access list specify the minimum number of keywords and arguments to
the desired access list For example to delete an entire access list use the following command
no access-list access-list-number
To delete the access list for specific network use the following command
no access-list access-list-number deny permit network network
Example
The following example defines an access list that forwards all packets except those destined for
networks and
accesslist 650 deny network access-list 650 deny network access-list 650 permit other-access
AppleTalk Remote Access Commands 2-7 access-list network
Related Commands
access-list additional-zones
access-list cable-range
access-list includes
access-list other-access
access-list within
access-list zone
2-U Communication Server Addendum for AppleTalk Remote Access access-list other-access
access-fist otheraccess
To define the action to take for access checks that apply to networks or cable ranges use the
access-list other-access global configuration command
access-list access-list-number deny permit other-access
Syntax Description
access-list-number Number of the access list This is decimal number from 600 to 699
deny Denies access if the conditions are matched
permit Permits access if the conditions are matched
Default
To deny other access
Command Mode
Global configuration
Usage Guidelines
The access-list other-access command defines the action to take for access checks not explicitly
defined with an access-list network access-list cable-range access-list includes or
action is other access-list within command If you do not specify this command the default to deny
access
Example
The following example defines an access list that forwards all packets except those destined for networks and
accesslist 650 deny network access-list 650 deny network access-list 650 permit otheraccess
Related Commands
access-list additional-zones
access-list cable-range
access-list includes
access-list network
access-list within
access-list zone
AppleTalk Remote Access Commands 2-9 access-list within
access-hst wthn
To define an AppleTalk access list for an extended or nonextended network whose network number
or cable range is included entirely within the specified cable range use the access-list within global
configuration command To remove this access list use the no form of this command
access-list access-list-n umber permit within cable-range
no access-list access-list-number permit within cable-range
Syntax Description
access-list-number Number of the access list This is decimal number from 600 to 699
deny Denies access if the conditions are matched
permit Permits access if the conditions are matched
Cable cable-range range or network number The argument specifies the
start and end of the cable range separated by hyphen These
arguments are decimal numbers from to 65279 The starting
network number must be less than or equal to the ending
network number To specify network number set the starting
and ending network numbers to the same value
Default
There is no AppleTalk access list defined by default for an extended or nonextended network
whose network number or cable range is included entirely within the specified cable range
Command Mode
Global configuration
Usage Guidelines
The access-list within command affects matching on extended and nonextended AppleTalk
networks The conditions defined this list used when the cable by access are packets range or
network number is completely included in one or more of those specified in the access-list network command
To delete an access list specify the minimum number of keywords and arguments needed to delete
the desired access list For example to delete the entire access list use the following command
no access-list access-list-n umber
To delete the access list for specific network use the following command
no access-list access-list-number permit within cable-range
2-10 Communication Server Addendum for AppleTalk Remote Access access-list within
Example
The following example defines an access list that permits access to packets destined to any nonextended or extended network whose network number or cable range is completely included in the range 10 to 20 This means for example that packets whose cable range is 13 to 16 will be forwarded but those whose cable range is 17 to 25 will not be forwarded The second line of the example causes all other packets to be forwarded
accesslist 600 permit within 1020 access-list 600 permit other-access
Related Commands access-list additional-zones access-list cable-range access-list includes access-list network access-list other-access access-list zone
AppleTalk Remote Access Commands 2-11 access-list zone
access-hst zone
To define an AppleTalk access list that applies to zone use the access-list zone global
configuration command To remove an access list use the no form of this command
access-list access-list-number deny permit zone zone-name no access-list access-list-nunber deny permit zone zone-name
Syntax Description
access-list-number Number of the access list This is decimal number from 600 to 699
deny Denies access if the conditions are matched
permit Permits access if the conditions are matched
zone-na/ne Name of the zone The name can include special characters from the
Apple Macintosh character set To include special character type
colon followed by two hexadecimal numbers The zone name cannot
have leading or trailing space characters
Default
There is no AppleTalk access list applied to zone by default
Command Mode
Global configuration
Usage Guidelines
To delete an access list specify the minimum number of keywords and arguments needed to delete
the proper access list For example to delete the entire access list use the following command
no access-list access-list-number
To delete the access list for specific network use the following command
no access-list access-list-number deny permit zone zone-name
Use the access-list additional-zones command to define the action to take for access checks not
explicitly defined with the access-list zone command
Example
The following example creates an access list based on AppleTalk zones
access-list 610 deny zone Twilight access-list 610 permit additional-zones
2-12 Communication Server Addendum for AppleTalk Remote Access access-list zone
Related Commands access-list additional-zones access-list cable-range access-list includes access-list network access-list other-access access-list within
AppleTalk Remote Access Commands 2-13 appletalk address
appetaik address
To enable nonextended AppleTalk on an interface use the appletalk address interface configuration
command To disable nonextended AppleTalk use the no form of this command
appletalk address network.node
no appletalk address
Syntax Description
netivork.node AppleTalk network address assigned to the interface The
argument network is the 16-bit network number in the range to 65280 The argument node is the 8-bit node number in the
range to 254 Both numbers are decimal
Default
Disabled
Command Mode
Interface configuration
Usage Guidelines
You must enable AppleTalk on the interface before assigning zone names
address Specifying an of 0.0 0.iode or neiwork.0 puts the interface into discovery mode When in
this the mode communication server attempts to determine network address information from another communication server or router on the network You can also enable discovery mode with the appletalk discovery command Note that discovery mode does not run over synchronous serial lines
Example
The following example enables nonextended AppleTalk on Ethernet interface
appletalk service interface ether appletalk address 1.129
Related Commands
appletalk cable-range
appletalk discovery
appletalk zone
2-14 Communication Server Addendum for AppleTalk Remote Access appletalk cable-range
appetak caWerange
To assign range of networks to cable use the appletalk cable-range interface configuration
command Use the no form of this command to disable cable-range setting
appletalk cable-range cable-range nodel
no appletalk cable-range
Syntax Description
cable-range Cable range or network number The argument specifies the start and end of
the cable range separated by hyphen These arguments are decimal
numbers from to 65279 The starting network number must be less than or
equal to the ending network number
networknode Optional Suggested AppleTalk address for the interface The argument
network is the 16-bit network number and the argument node is the 8-bit
node number Both numbers are decimal The suggested network number numbers must fall within the specified range of network
Default
Disabled
Command Mode
Interface configuration
Usage Guidelines
The communication server needs both valid cable range and zone list to use AppleTalk This
command must be entered before the appletalk zone command
Whenever you change the cable range the communication server clears the internal zone list and
you must enter new zone list
Configure the communication server for discovery mode if you want to find out what the current
the cable- cable range is To configure the communication server for discoveiy mode use appletalk
range 0-0 0.0 command This causes the communication server to learn about the AppleTalk
back in and enable network After saving the command in your configuration file log configuration
mode When you display the configuration will see the AppleTalk cable range and the AppleTalk
zone variables Then add those two entries to the configuration and save the configuration file
AppleTalk Remote Access commands 2-15 appletalk cable-range
Examples
The following example shows how to use discovery mode
appletalk service interface ether appletalk cable-range 0-0 0.0 line modem moot speed 38400 arap enabled autoselect
After you learn the cable range values add them to the configuration file For example
appletalk cable-range 105-105 105.222 appletalk zone Marketing username arauser password arapasswd
The following example assigns cable range of 2-2 to the interface
interface async appletalk cable-range 2-2
Related Commands
appletalk address
appletalk service
appletalk zone
2-16 Communication Server Addendum for AppleTalk Remote Access appletalk checksum
appetak checksum
To enable the generation and verification of checksums for all AppleTalk packets use the appletalk
checksum global configuration command To disable checksum generation and verification use the
no form of this command
appletalk checksum
no appletalk checksum
Syntax Description
This command has no arguments or keywords
Default
Enabled
Command Mode
Global configuration
Usage Guidelines
When the appletalk checksum command is enabled the communication server discards incoming
DDP packets when the checksum is nonzero and is incorrect and when the communication server is
the final destination for the packet
You might want to disable checksum generation and verification if you have older LaserWriter
printers or other devices that cannot receive packets that contain checksums
Example
The following example disables the generation and verification of checksums
no appleLalk checksum
AppleTalk Remote Access Commands 2-17 appletalk discovery
appHetak dscovery
To put an interface into discovery mode use the appletalk discovery interface configuration
command To disable discovery mode use the no form of this command
appletalk discovery
no appletalk discovery
Syntax Description
This command has no arguments or keywords
Default
Disabled
Command Mode
Interface configuration
Usage Guidelines
If an interface is connected to network that has at least one other operational AppleTalk
communication server or router you can dynamically configure the interface using discovery mode
In discovery mode an interface acquires network address information about the attached network
from an operational communication server or router and then uses this information to configure
itself
If you enable discovery mode on an interface that interface must configure itself by acquiring
information from another operational communication server or router on the attached network when
the communication server is starting up that interface If no operational communication server or
router is present on the connected network the interface will not start up
If you do not enable discovery mode the interface must acquire its configuration from memory when
the communication server is starting up If the stored configuration is not complete the interface will
not start up If there is another operational communication server on the connected network the
communication server will verify the stored interface configuration with that communication server
If there is any discrepancy the interface will not start up If there are no neighboring operational
communication servers the communication server will assume the stored interface configuration is correct and will start up
Once an interface is operational it can seed the configurations of other communication servers on
the connected network regardless of whether you have enabled discovery mode on any of the communication servers
If you enable appletalk discovery and the interface is restarted you must have another operational
the connected the interface will not start communication server or router on directly network or up
It is not advisable to have all communication servers and routers on network configured with
discovery mode enabled If all communication servers were to restart simultaneously for instance
after power failure the network would become inaccessible until at least one communication
server or router were restarted with discovery mode disabled
You also can enable discovery mode by specifying an address of 0.0 in the appletalk address
command or cable range of 0-0 in the appletalk cable-range command
2-18 Communication Server Addendum for AppleTalk Remote Access appletalk discovery
Discovery mode is useful when you are changing network configuration or when you are adding
communication server to an existing network
Discovery mode does not run over synchronous serial lines
Use the no appletalk discovery command to disable discovery mode and allow the interface to be
seed port If the interface is not operational when you issue this command you must configure the zone name before the interface will be operational If you are reconfiguring an operational interface by issuing the no appletalk discovery command the command will have no effect because the
network configuration is already established
Example
The following example enables discovery mode on Ethernet interface
interface ethernet appletalk cablerange 0-0 appletalk discovery
Related Commands
appletalk address
appletalk cable..range
appletalk zonc
show appletalk interface
AppleTalk Remote Access Commands 2-19 appletalk macip dynamic
appetk macp dynamic
To allocate IP addresses to dynamic MacIP clients use the appletalk macip dynamic global configuration command To delete MacIP dynamic address assignment use the no form of this command
appletalk macip dynamic ip-address zone server-zone
no appletalk macip ip-address F/p-address zone server-zone
Syntax Description
ip-address IP address in four-part dotted decimal notation To specify
range enter two IP addresses which represent the first and last
addresses in the range
server-zone Zone in which the MacIP server resides The argument server-
zone can include special characters from the Apple Macintosh
character set To include special character specify colon
followed by two hexadecimal numbers For list of Macintosh
characters refer to the Apple Computer Inc specification
Inside AppleTalk Zone names cannot have leading or trailing
space characters
Default
No IP addresses are allocated to dynamic MacIP clients
Command Mode
Global configuration
Usage Guidelines
Use the appletalk macip dynamic command when configuring MacIP
clients those that IP address within the Dynamic are accept any assignment dynamic range specified
In it is recommended that do address in general you not use fragmented ranges configuring ranges
for MacIP However if this is unavoidable use the appletalk macip dynamic command to specify
as many addresses or ranges as required and use the appletalk macip static command to assign address address specific or range
To shut down all running MacIP services use the following command
no appletalk macip
To delete particular dynamic address assignment from the configuration use the following command
no appletalk macip dynamic ip-address zone server-zone
2-20 Communication Server Addendum for AppleTalk Remote Access appletalk macip dynamic
Example
The following example illustrates MaciP support for dynamically addressed MacIP clients with IP
addresses in the raiige 131.108.128 to 131108.1.44
This global statement specifies the MacIP server address and zone appletalk macip server 131.108.1.27 zone Engineering
This global statement identifies the dynamically addressed clients appletalk macip dynamic 131.108.1.28 131.108.1.44 zone Engineering
These statements assign the IP address and subnet mask for Ethernet interface interface ether ipaddress 131.108.1.27 255.255.255.0
This global statement enables AppleTalk on the communication server appletalk service
These statements enable AppleTalk on the interface and set the zone name for the interface interface ether appletalk cablerange 6969 69.128 appletalk zone Engineering
Related Commands
dagger indicates that the command is documented in the Communication Server Command
Reference publication
appletalk macip server
appletalk macip static
ip address
show appletalk macip-servers
AppleTalk Remote Access Commands 2-21 appletalk macip server
appetak macp server
To establish MacIP server for zone use the appletalk macip server global configuration
command To shut down MACIP server use the no form of this command
appletalk macip server ip-address zone server-zone
no appletalk macip ip-address zone server-zone
Syntax Description
ip-address IP address in four-part dotted decimal notation It is suggested that this
address match the address of an existing IP interface
sel-ver-zone Zone in which the MacIP server resides The argument server-zone can
include special characters from the Apple Macintosh character set To
include special character specify colon followed by two hexadecimal
numbers For list of Macintosh characters refer to the Apple Computer
Inc specification Inside AppleTalk Zone names cannot have leading or
trailing space characters
DefaijUt
No MacIP servers are established for zone
Command Mode
Global configuration
Usage GukIeUnes
Use the appletalk macip server command when configuring MacIP
You can configure multiple MacIP servers for communication server but you can assign only one MaciP server to particular zone and only one IP interface to each MacIP server In general you must be able to establish an alias between the IP address you assign with the appletalk macip server
command and an existing IP interface For implementation simplicity it is suggested that the address
specified in this command match an existing IP interface address
MacIP server is not registered using NBP until at least one MacIP resource is configured
To shut down all active MacIP servers use the following command
no appletalk macip
To delete specific MacIP server from the MacIP configuration use the following command
no appletalk macip server ip-address zone server-zone
2-22 Communication Server Addendum for AppleTalk Remote Access appletalk macip server
Exampe
interface in The following example establishes MacIP server on Ethernet AppleTalk zone and enables the Engineering It then assigns an IP address to the Ethernet interface AppleTalk on communication server and the Ethernet interface
appletalk macip server 131.108.1.27 zone Engineering ipaddress 131.108.1.27 255.255.255.0 appletalk service interface ether appletalk cablerange 69-69 69.128 appletalk zone Engineering
Reated Commands
is documented in the Communication Server Command dagger indicates that the command
Reference publication appletalk macip dynamic appletalk macip static ip address show appletalk macipservers
AppleTalk Remote Access Commands 223 appletalk macip static
appetak macip static
To allocate an IP address to be used by MacIP client that has reserved static IP address use the
appletalk macip static global configuration command To delete MacIP static address assignment use the no form of this command
appletalk macip static ip-address zone server-zone
no appletalk macip ip-address zone server-zone
Syntax Description
IP in ip-address address four-part dotted decimal format To specify range enter two IP addresses which represent the first and last addresses in the range
Zone in which server-zone the MacIP server resides The argument server-zone can include special characters from the Apple Macintosh character set To include special character specify colon followed by two hexadecimal
numbers For list of Macintosh characters refer to the Apple Computer Inc specification Inside AppleTalk Zone names cannot have leading or
trailing space characters
Default
No IP addresses are allocated
Command Mode
Global configuration
Usage Guidelines
Use the appletalk macip static command when configuring MacIP
Static addresses are for users fixed who require addresses for IP name domain name service and for administrators who do want addresses to change so they can always know who has what IP address
In general it is recommended that do not use address in you fragmented ranges configuring ranges
for MacIP However if this is use the unavoidable appletalk macip dynamic command to specify as addresses or many ranges as required and then use the appletalk macip static command to assign specific address or address range
To shut down all MacIP running services use the following command
no appletalk macip
To delete static address particular assignment from the configuration use the following command
no appletalk macip static ip-address zone server-zone
2-24 Communication Server Addendum for AppleTalk Remote Access appletalk macip static
Example
allocated IP The following example illustrates MacIP support for MacIP clients with statically 131.108.1.50 131.108.1.66 The three nodes that have addresses The IP addresses range is from to and 131.108.1.101 the specific addresses are 131.108.181 131.108.1.92
This global statement specifies the MacIP server address and zone appletalk macip server 131.108.1.27 zone Engineering
These global statements identify the statically addressed clients appletalk macip static 131.108.1.50 131.108.1.66 zone Engineering appletalk macip static 131.108.1.81 zone Engineering appletalk macip static 131.108.1.92 zone Engineering appletalk macip static 131.108.1.101 zone Engineering
These statements assign the IP address and subnet mask for Ethernet interface interface ether ipaddress 131.108.1.27 255.255.255.0
This global statement enables AppleTalk on the communication server appletalk service
These statements enable AppleTalk on the interface and set the zone name for the interface interface ethernet appletalk cable-range 69-69 69.128 appletalk zone Engineering
Related Commands
command is documented in the Communication Server Command dagger indicates that the
Reference publication appletalk macip dynamic appletalk macip server ip address show appletalk macip-servers
2-25 AppleTalk Remote Access Commands appletalk service
appetak servce
To enable the AppleTalk connections use appletalk service global configuration command To disable AppleTalk use the no form of this command
appletalk service
no appletalk service
Syntax Description
This command has no arguments or keywords
Default
Disabled
Command Mode
Global configuration
Example
The following example enables AppleTalk protocol processing on the communication server
appleLalk service
Related Commands
appletalk cablerange
appletalk zone
2-26 Communication Server Addendum for AppleTalk Remote Access appletalk zone
appHetak zone
To set the zone name for the connected AppleTalk network use the appletalk zone interface
configuration command To delete zone use the no form of this command
appletalk zone zone-name
no appletalk zone
Syntax Description
zone-name Name of the zone The name can include special characters from the Apple Macintosh character set To include special character type
colon followed by two hexadecimal numbers For list of Macintosh
characters refer to the Apple Computer Inc specification Inside
AppleTalk The zone name cannot have leading or trailing spaces
Default
None
Command Mode
Interface configuration
Usage Guidelines
The communication server needs both valid cable range and zone list to use AppleTalk
command The appletalk cable-range command must be entered before the appletalk zone
The first zone specified in the list is the default zone
Do not use marks in the The appletalk zone command accepts spaces in zone names quotation
the show command to command entry When you have completed the entry use configuration
display the configuration file
The no form of the command deletes zone name from zone list or if you do not specify zone
the entire list Before zone list delete existing zone- name it deletes zone configuring new any
name list using the no appletalk zone command
command The internal zone list is cleared automatically when you issue an appletalk cable-range
if issue the on an network The list is also cleared you appletalk zone command existing
Changing the Zone List
and associated network AppleTalk communication servers maintain complete list of zone names
is stable the numbers AppleTalk network protocols assume that the list of zones as long as old associated networks remain reachable The only way to make an zone name disappear
associated routes to If zone name throughout your network is to cause the disappear you change the failure and keep the network numbers the same you might need to wait for next general power
lists and flush the old for parts of your network to acquire new zone entry
2-21 AppleTalk Remote Access Commands appletalk zone
Examples
The following example assigns the zone name Twilight to an interface
interface ether appletalk cable-range 10-20 appletalk zone Twilight
The colon and following example uses two hexadecimal numbers to specify Macintosh special character in the zone name CiscoeZone
appletalk zone CiscoA5Zone
Related Commands
dagger indicates that the command is documented in the Communication Server Command
Reference publication
appletalk cable-range
show appletalk zone
show configuration
2-28 Communication Server Addendum for AppleTalk Remote Access arap dedicated
arap dedicated
To configure line to be used only as an ARA connection use the arap dedicated line configuration
command Use the no form of the command to return the line to interactive mode
arap dedicated no arap dedicated
Syntax Description
This command has no arguments or keywords
Default
Disabled
Command Mode
Line configuration
Example
connections The following example configures line to be used only for ARA
line arap dedicated
AppleTalk Remote Access Commands 2-29 arap enable
arap enahe
To enable ARA for line use the arap enable command Use the no form of this command to disable ARA
arap enable no arap enable
Syntax Description
This command has no arguments or keywords
Default
Disabled
Command Mode
Line configuration
Example
The following example enables ARA on line
line arap enable
Related Command
autoselect
2-30 Communication Server Addendum for AppleTalk Remote Access arap net-access-list
arap netaccess4st
To control Macintosh access to networks use the arap net-access-list line configuration command
Use the 110 form of this command to return to the default setting
arap net-access-list net-access-list-number no net-access-list net-access-list-number
Syntax Description
net-access-list-number One of the list values configured using the AppleTalk access-list cable-
range access-list includes access-list network access-list other-
access and access-list within commands
Default
Disabled The Macintosh has access to all networks
Command Mode
Line configuration
Usage Guidelines
You can use the arap net-access-list command to apply access lists defined by the access-list cable- range access-list includes access-list network access-list other-access and access-list within commands
You cannot use the arap net-access-list command to apply access lists defined by the access-list
zone and access-list additional-zones commands
Example
Macintosh will have to the In the following example ARA is enabled on line and the access
AppleTalk access list numbered 650
line arap enable arap netaccess-Jist 650
Related Commands
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list within
arap zonelist
AppleTalk Remote Access Commands 2-31 arap noguest
arap noguest
To prevent Macintosh guests from logging in to the communication server use the arap noguest
line configuration command Use the no form of this command to remove this restriction
arap noguest no arap noguest
Syntax Description
This command has no arguments or keywords
Default
Disabled
Command Mode
Line configuration
Usage Guidelines
guest is person who connects to the network without having to give name or password
Caution Do not use the arap noguest command if TACACS is enabled
Example The following example prohibits guests from logging in to the communication server
line arap enable arap noguest
2-32 Communication Server Addendum for AppleTalk Remote Access arap timelimit
arap timehmit
To set the maximum length of an ARA session for line use the arap timelimit line configuration
command Use the no form of this command to return to the default of unlimited session length
arap timelimit no arap timelimit
Syntax Description
minutes Optional Maximum length of time in minutes for session
Default
Unlimited session length
Command Mode
Line configuration
Usage Guidelines
After the specified length of time the session will be terminated
Example
The following example specifies maximum length of 20 minutes for ARA sessions
line arap enable arap timelimit 20
Related Command
arap warningtime
AppleTalk Remote Access Commands 2-33 arap warningtime
arap warnngtme
To set when disconnect warning message is displayed use the arap warningtime line
configuration command Use the no form of this command to disable this function
arap warningtime no arap warningtime
Syntax Description
minutes Optional Amount of time in minutes before the configured session time
limit At the configured amount of time before session is to be disconnected
the communication server sends message to the Macintosh client which
causes warning message to appear on the users screen
Default
Disabled
Command Mode
Line configuration
Usage Guidelines
This command can only be used if session time limit has been configured on the line
Example
The following example shows line configured for 20-minute ARA sessions with warning
17 minutes after the session is started
line arap enable arap dedicated arap timelimit 20 arap warningtime
Related Command
arap timelimit
2-34 Communication Server Addendum for AppleTalk Remote Access arap zonelist
arap zonehst
To control what zones the Macintosh client sees use the arap zonelist line configuration command
Use the no form of this command to disable the default setting
arap zonelist zone-access-list-n umber no arap zonelist zone-access-list-number
Syntax Description
zone-access-list-number One of the list values configured using the AppleTalk access-list zone or
access-list additional-zones commands
Default
Disabled The Macintosh will see all defined zones
Command Mode
Line configuration
Usage Guidelines
You ca use the arap zonelist command to apply access lists defined by the access-list zone and
access-list additional-zones command
You cannot use the arap zonelist command to apply access lists defined by the access-list network command
Example
In the following example ARA is enabled on line and the Macintosh will see only zones permitted
by access list 650
line arap enable arap zonelist 650
Related Commands
access-list additional-zones
access-list zone
arap net-access-list
AppleTalk Remote Access Commands 2-35 autoselect
autoseect
To configure line to automatically start either an ARA session or an EXEC session use the
autoselect line configuration command Use the no form of this command to disable this function
on line
autoselect
no autoselect
Syntax Description
This command has no arguments or keywords
Default
Disabled Ignores any character other than 13 which starts an EXEC session
Command Mode
Line configuration
Usage Guidelines
This command eliminates the need for Macintosh users to enter an EXEC command to start an ARA session The autoselect command configures the communication server to identify the type of connection being requested In other words when user on Macintosh running ARA presses the Connect button the communication server automatically starts an ARA session If on the other
hand the user is running SLIP or PPP the communication server starts an EXEC session that
requires the user to enter the slip or ppp command to start session This command is used on lines
used for making different types of connections
The autoselect command is required on all lines configured with arap enabled except for lines
configured for arap dedicated or lines configured for TACACS logins line that does not have
autoselect configured will see an attempt to open an ARA connection as noise and the
communication server will not respond and the user client will time out
Caution Do not use the autoselect command if TACACS is enabled
Example
The following example enables ARA on line
line arap enable autoselect
2-36 Communication Server Addendum for AppleTalk Remote Access debug arap
debug arap
To debug ARA sessions use the debug arap privileged EXEC command Use the no form of this
command to turn off the debugging function
debug arap internal memory mnp4 v42bis no debug arap
Syntax Description
internal Debug internal ARA packets
memory Debug memory allocation for ARA
mnp4 Debug low-level asynchronous serial protocol
v42bis Debug compression
Default
Disabled
Command Mode
Privileged EXEC
Example
line The following example activates debugging internal ARA packets on
CS debug arap internal
AppleTalk Remote Access Commands 2-37 login tacacs
ogn tacacs
To configure your communication server to use TACACS user authentication use the login tacacs
line configuration command The no form of this command disables TACACS user authentication
for line
login tacacs
no login tacacs
Syntax Description
This command has no arguments or keywords
Default
Disabled
Command Mode
Line configuration
Usage Guidelines You can use TACACS security if you have configured TACACS server and you have CCL script that allows you to use TACACS security See the Configure TACACS Security section in for Chapter information about using files provided by Cisco to modify CCL scripts to support TACACS user authentication
Example
In the following example lines through 16 are configured for TACACS user authentication
line 16 login tacacs
2-38 Communication Server Addendum for AppleTalk Remote Access show appletalk arp
show appetalk arp
To display the entries in the AppleTalk Address Resolution Protocol AARP cache use the show
appletalk arp EXEC command
show appletalk arp
Syntax Description
This command has no arguments or keywords
Command Mode EXEC
Usage Guidelines
AARP establishes associates between network addresses and hardware MAC addresses This
information is maintained in the communication servers AARP cache
Sample Display
The following is sample output from the show appletalk arp privileged EXEC command
CS show appletalk arp Address Age mm Type Hardware Addr Encap Interface 2000.1 Hardware 0000.0c04.1111 SNAP Ehernet1
Table 2-1 describes the fields shown in the display
Table 2-1 Show AppleTalk ARP Field Descriptions
Field Description
Address AppleTalk network address of the interface
in that this has been in the ARP table Entries are Age mm Time minutes entry
purged after they have been in the table for 240 minutes hours
hyphen indicates that this is new entry
Indicates the table learned It can be one of the Tpe how ARP ently was
following
DynamicEntry was learned using AARP
HardwareEntry was learned from an adapter in the communication
server
PendingEntiy for destination for which the communication server
does not yet know the address When packet requests to be sent to an
address for which the communication server does not yet have the
MAC-level address the communication server creates an AARP entry
for that AppleTalk address then sends an AARP Resolve packet to get
the MAC-level address for that node When the communication server AARP gets the response the entry is marked Dynamic pending
entry times out after one minute
2-39 AppleTalk Remote Access Commands show appletalk arp
Field Description
Hardware Addr MAC address of this interface
Encap Encapsulation type It can be one of the following
ARPAEthernet-type encapsulation
SNAPIEEE 802.3 encapsulation
Interface Tipe and number of the interface
2-40 Communication Server Addendum for AppleTalk Remote Access show appletalk interface
show appetak interface
To display the status of the AppleTalk interfaces and the parameters configured on each interface
use the show appletalk interface EXEC command
show appletalk interface unit
Syntax Description
brief Optional Displays brief summary of the status of the AppleTalk interfaces
unit Interface unit be inteiface Optional and identifiers The argument interface can
one of the following types asynchronous dialer Ethernet IEEE 8023
loopback null serial or tunnel The argument unit is the number of the
interface For example ethernet specifies the first Ethernet interface
Command Mode EXEC
Usage Guidelines
The show appletalk interface command is particularly useful for discovering the status of the
interface when you first enable AppleTalk
Sample Displays
The following is sample output from the show appletalk interface command for an extended AppleTalk network
CS show appletalk interface EthernetO is up line protocol is up AppleTalk cable range is 111-111 AppleTalk address is 111.188 Valid AppleTalk zone is Cisco Interop Demo AppleTalk port configuration verified by 111.59 AppleTalk route cache is not supported by hardware
Table 2-2 describes the fields shown in the display as well as some fields not shown but that might
also be displayed
AppleTalk Remote Access Commands 2-41 show appletalk interface
Table 2-2 Show AppleTalk Interface Field Descriptions for an Extended Network
Field Description
EthernetO is up Type of interface and whether it is currently active and inserted into the network up or inactive and not inserted down
line is protocol up Indicates whether the software processes that handle the line
protocol believe the interface is usable that is whether the
keepalives are successful
cable AppleTalk range is start-end Cable range of the interface
AppleTalk address is address Valid Address of the interface and whether the address conflicts with
any other address on the network valid means it does not
AppleTalk zone is zone Name of the zone that this interface is in
AppleTalk port configuration verified Indicates whether the interface was configured in discovery mode
by address name if it was this line shows which communication server provided
the configuration information
AppleTalk route cache is not Indicates whether fast switching is enabled on the interface
supported by hardware
Port configuration mismatch Indicates that the communication server is misconfigured
Interface violates Internet Usually indicates that extended and nonextended AppleTalk nodes
compatibility are incorrectly sharing the same network
The following is sample output from the show appletalk interface command for nonextended AppleTalk network
CS show appletalk interface eO
Ethernet0 is up line protocol is up AppleTalk address is 666128 Valid AppleTalk zone is Underworld
Table 2-3 describes the fields shown in the display
Table 2-3 Show AppleTalk Interface Field Descriptions for Nonextended Network
Field Description
Ethernet is of up Type interface and whether it is currently active and inserted into the network up or inactive and not inserted down
line is protocol up Indicates whether the software processes that handle the line
protocol believe the interface is usable that is whether keepalives
are successful
AppleTalk address is address Valid Address of the interface and whether the address conflicts with
any other address on the network valid means it does not
AppleTalk zone is zone Name of the zone that this interface is in
The following is sample output from the show appletalk interface brief command
CS show appletalk interface brief Interface Address Config Status/Line Protocol Atalk Protocol
EthernetO 10.82 Extended up up Async unassigned not coat igd administratively down n/a
Table 2-4 describes the fields shown in the display
2-42 Communication Server Addendum for AppleTalk Remote Access show appletalk interface
Table 2-4 Show AppleTalk Interface Brief Field Descriptions
Field Description
Interface Interface and unit identifiers
Address Address assigned to the interface
Config How the interface is configured Possible values are extended nonextended and not configured
handle the line Status/Line Protocol Whether the software processes that protocol
believe the interface is usable that is whether keepalives are
successful
interface Atallc Protocol Whether AppleTalk is up and running on the
2-43 AppleTalk Remote Access Commands show appletalk macip-clients
show appetak macpcUents
To display status information about all known MacIP clients use the show appletalk macip-clients EXEC command
show appletalk macip-clients
Syntax Description
This command has no arguments or keywords
Command Mode EXEC
Sample Display
The is from following sample output the show appletalk macip-clients command
CS show appletalk macip-clients l3l.lO8.l99.l@ 45 secs S/W Test Lab
Table 2-5 describes the fields shown in the display
Table 2-5 Show AppleTalk MacIP Clients Field Descriptions
Field Description
13l.l08.l99l@ Client IP address
DDP address of the registered entity showing the network number node address and socket number
45 sees Time in seconds since the last NBP confirmation was received
Test SIW Lab Name of the zone to which the MacIP client is attached
Related Command
show appletalk traffic
2-44 Communication Server Addendum for AppleTalk Remote Access show appletalk macip-servers
show appetak macpservers
communication servers use the show To display status information about servers appletalk
macip-servers EXEC command
show appletalk macip-servers
Syntax Description
This command has no arguments or keywords
Command Mode EXEC
Usage Guidelines
determine the The information in the show appletalk macip-servers display can help you quickly In the STATE field can problems in status of your MacIP configuration particular help identify your
AppleTalk environment
Sample Display command The following is sample output from the show appletalk macip-servers
CS show appletalk macip-servers MACIP SERVER IP 131.108.199.221 ZONE S/W Test Lab STATE is server_up Resource DYNAMIC 131.108.199.1-131.108.199.10 1/10 IP in use Resource STATIC 131.108.19911131.108.199.20 0/10 IP in use
Table 2-6 describes the fields shown in the display
Table 2-6 Show AppleTalk MaciP Servers Field Descriptions
Field Description
MACIP SERVER Number of the MacIP server This number is assigned arbitrarily
IP 131.108.199.221 IP address of the MaciF server
with the server ZONE S/W Test Lab AppleTalk server zone specified appletalk macip command
lists the states STATE is server_up State of the server Table 2-8 possible
If the server remains in the resource_wait state check that resources
have been assigned to this server with either the appletalk macip command dynamic or the appletalk macip static
in the and Resource DYNAMIC Resource specifications defined appletalk macip dynamic
This list indicates whether the 131108.199.l-13l.l08.199.10 appletalk macip static commands the 1/10 IF in use resource address was assigned dynamically or statically identifies
the and IP address range associated with resource specification
indicates the number of active MacIP clients
2-45 AppleTalk Remote Access Commands show appletalk macip-servers
Use the show appletalk command with macipservers show appletalk interface to identify AppleTalk network problems as follows
Step Determine the state of the MacIP server using show macip-servers If the STATE field
continues to indicate an anomalous status other than something server_up such as resource_wait or zone_wait there is problem
Step Determine the status of and the AppleTalk specific interface using the show appletalk interface command
If the and Step protocol interface are up check the MacIP configuration commands for inconsistencies in the IP address and zone
The STATE field of the show appletalk macip-servers command indicates the current state of each MacIP configured server Each server operates according to the finite-state machine table in
Table 2-7 Table 2-8 describes the state functions listed in Table 2-7 These are the states that are displayed by the show appletalk macip-servers command
Table 2-7 MaciP Finite-State Machine Table
State Event New State Notes
initial ADD_SERVER resource_wait Server configured
resource wait TIMEOUT resource_wait Wait for resources
resource_wait ADD_RESOURCE zone_wait Wait for zone seeding
zone_wait ZONE_SEEDED server_start Register server
zone_wait TIMEOUT zone_wait Wait until seeded
server_start START_OK reg_wait Wait for server register
server_start START_FAIL del_server Could not start possible
configuration error
reg_wait REG_OK server_up Registration successful
reg_wait REG_FAIL del_server Registration failed possible
duplicate IP address
reg_wait TIMEOUT reg_wait Wait until register
server_up TIMEOUT send_confirms NBP confirm all clients
send_confirms CONFIRM_OK Server_up
send_confirms ZONE_DOWN zone_wait Zone oi IP inteiface down
restart
ADD_RESOURCE Ignore except resource_wait DEL_SERVER del_server No server statement HALT DEL_RESOURCE ck_resource Ignore show appletalk macip-servers
Table 2-8 Server States
State Description ck_resource The server makes sure at least one client range is available If not it
deregisters NBP names and returns to the resource_wait state del_server State at which all servers end In this state the server deregisters all
deallocates NBP names purges all clients and server resources
initial State at which all servers start
has been resource-wait The server waits until client range for the server configured
send_confirms The server requests response from active clients every minute
deletes clients that have not responded within the last minutes and
If the checks IP and AppleTalk interfaces used by MacIP server
interfaces are down or have been reconfigured the server restarts
server_start The server registers configured IPADDRESS and registers as
IPGATEWAY It then opens an ATP socket to listen for IP address
assignment requests sends NBP lookup requests for existing
IPADDRESSes and automatically adds clients with addresses within
one of the configured client ranges
has This enables to client The server_up Server registered routing ranges
server now responds to IP address assignment requests
zone_wait The server waits until the configured AppleTalk zone name for the has server is up The server will remain in this state if no such zone
been configured or if AppleTalk is not enabled
An asterisk in the first colunm represents any state An asterisk in the
second colunm represents return to the previous state
Related Commands
appletalk macip dynamic
appletalk macip server
appletalk macip static
show appletalk interface
show appletalk traffic
AppleTalk Remote Access Commands 2-47 show appletalk macip-traffic
show appHetak macp4raffic
To statistics about MacIP traffic the display through communication server use the show appletalk macip-traffic EXEC command
show appletalk macip-traffic
Syntax Description
This command has no arguments or keywords
Command Mode EXEC
Usage Guidelines
the Use show appletalk macip-traffic command to obtain detailed breakdown of MacIP traffic
that is sent communication server from through an AppleTalk to an IP network The output from this command differs from that of the show appletalk traffic command which shows normal
traffic AppleTalk generated received or routed by the communication server
Sample Display
The is following sample output from the show appletalk macip-traffic command
CS show appletalk macip-traff Ic -- MACIP Statistics MACIP SOP IN 11062 MACIP_DDPIPOtJT 10984 MACIPDDPNOCLIENT SERVICE 78 MACIP_IPIN 7619 MACIPIPDDPQTJT 7619 MACIP SERVER IN 62 MAC IP SERVER OUT 52 MACIP SERVER BAD ATP 10 MACIP SERVER ASSIGN IN 26 MACIP SERVER ASSIGN OUT 26 MACIP SERVER INFO IN 26 MAC IP SERVER INFO OUT 26
Table 2-9 describes the fields shown in the display
2-48 Communication Server Addendum for AppleTalk Remote Access show appletalk macip-traftic
Table 2-9 Show AppleTalk MaciP Traffic Field Descriptions
Field Description
received the communication MACIP_DDP_IN Number of DDP packets by
server
of received the communication MACIP_DDP_IP_OUT Number DDP packets by
server that were sent to the IP network
MACIP_DDP_NO_CLIENT_SBRVICE MacIP servers are configured to serve specific range of IP addresses If client Macintosh has been assigned an
IP address that is not in the server range and then tries to
route packet thru the MaciP server the packet is dropped
and this statistic is incremented
This situation usually arises when the server is restarted
after being configured with different range of addresses
because the client Macintosh must reboot and obtain new
address
MACIP_IP_IN Number of IP packets received by the communication
server
of IP received the communication MACIP_IP_DDP_OUT Number packets by
server that were sent to the AppleTalk network
of destined for servers MACIP_SERVERJN Number packets MacIP
MACIP_SERVER_OUT Number of packets sent by MacIP servers
MACIP_SERVER_BAD_ATP This statistic is incremented if MacIP receives badly
formated AppleTalk ATP packet
MACIP_SERVER_ASSIGN_IN Counts the total number of assignment request packets
received by MacIP
MACIP_SERVER_ASSIGN_OUT Counts the total number of assignment request packet
replies sent by MaciP It should be equal to the MACIP_SERVER_AS SIGN_IN statistic
number of information MACIP_SERVER_INFO_IN This statistic counts the total The information request packets received by MacIP
after it has received its request is sent by MacIP clients
address assignment
MACIP_SERVER_INFO_OUT This statistic counts the total number of information information request packets sent by macip The response contains the IP subnet mask the IP broadcast address the
default IP router the default domain name and the IP
address of the configured domain name server
Related Command
show appletalk traffic
AppleTalk Remote Access Commands 2-49 show appletalk traffic
show appetak traffic
To display statistics about MacIP AppleTalk traffic including traffic use the show appletalk traffic EXEC command
show appletalk traffic
Syntax Description
This command has no arguments or keywords
Command Mode EXEC
Usage Guidelines
For MacIP traffic an IP alias is established for each MacIP client and for the IP address of the MacIP
server if it does not match IP an existing interface address To display the client aliases use the show ip aliases command
Sample Display The following is sample output from the show appletalk traffic command
CS show appletalk traffic AppleTalk statistics Rcvd 357471 total checksum errors 264 bad hop count 321006 local destination access denied for MaciP bad MaciP no client 13510 port disabled 2437 no listener ignored martians Bcast 191881 received 270406 sent Sent 550293 generated 66495 forwarded 1840 fast forwarded forwarded from MaciP MaciP failures 436 encapsulation failed no route no source DDP 387265 long short macip bad size NEP 302779 received invalid proxies 57875 replies sent 59947 forwards 418674 lookups 432 failures RTMP 108454 received requests invalid 40189 ignored 90170 sent replies ATP received
ZIP 13619 received 33633 sent 32 netinfo Echo received discarded illegal generated replies sent Responder received illegal unknown replies sent failures AARP 85 requests 149 replies 100 probes 84 martians bad encapsulation unknown 278 sent failures 29 delays 315 drops Lost no buffers Unknown packets Discarded 130475 wrong encapsulation bad SNAP discriminator
Table 240 describes the fields shown in the display
2-50 Communication Server Addendum for AppleTalk Remote Access show appletalk traffic
Table 2-10 Show AppleTalk Traffic Field Descriptions
Field Description
Rcvd This section describes the packets that the communication server has received
357741 total Total number of packets the communication server received
checksum errors Number of packets that were discarded because their DDP checksum
was incorrect The DDP checksum is verified for packets that are
directed to the communication server It is not verified for forwarded
packets
264 bad hop count Number of packets discarded because they had traveled too many
hops
321006 local destination Number of packets addressed to the local communication server
access denied Number of packets discarded because they were denied by an access
list
for MaciF Number of AppleTalk packets the communication server received
that were encapsulated within an IP packet
bad MacIP Number of bad MacIP packets the communication server received
been malformed not and discarded These packets may have or may
have included destination address
no client Number of packets discarded because they were directed to
nonexistent MacIP client
disabled for that 13510 port disabled Number of packets discarded because routing was
port extended AppleTalk only This is the result of configuration
is in error or packet being received while the communication server
verificationIdiscoveiy mode
socket 2437 no listener Number of packets discarded because they were directed to
that had no services associated with it
ignored Number of routing update packets ignored because they were from
misconfigured neighbor or because routing was disabled
martians Number of packets discarded because they contained bogus
information in the DDP header What distinguishes this error from
the others is that the data in the header is never valid as opposed to
not being valid at given point in time
Bcast Number of broadcast packets sent and received by the
communication server
Sent This section describes the packets that the communication server has
transmitted
the communication 550293 generated Number of packets sent that were generated by
server
66495 forwarded Number of packets sent that were forwarded by the communication
servei
cache 1840 fast forwarded Number of packets sent using routes from the fast-switching
forwarded that forwarded from MacIP Number of IP packets the communication server were
encapsulated within an AppleTalk DDP packet
MaciP failures Number of MacIP packets sent that were corrupted during the MacIP
encapsulation process
AppleTalk Remote Access Commands 2-51 show appletalk traffic
Field Description
436 encapsulation failed Number of packets the communication server could not send because
encapsulation failed This can happen because encapsulation of the
DDP packet failed or because AARP address resolution failed
no route Number of packets the communication server could not send because
it knew of no route to the destination
no source Number of packets the communication server sent when it did not
know its own address This should happen only if something is
seriously wrong with the communication server or network
configuration DDP This section describes DDP packets seen by the communication
server
387265 long Number of DDP long packets
short Number of DDP short packets
macip Number of IP packets encapsulated in an AppleTalk DDP packet that
the communication server sent
bad size Number of packets whose physical packet length and claimed length differed
NBP This section describes NBP packets
302779 received Total number of NBP packets received
invalid Number of invalid NBP received Causes include packets invalid op code and invalid packet type
proxies Number of NBP proxy lookup requests received by the
communication server when it was configured for NBP proxy
transition usage
57875 replies sent Number of NBP replies the communication server has sent
59947 forwards Number of NBP forward requests the communication server has received
418674 lookups Number of NBP lookups the communication server has received
432 failures Generic counter that increments any time the NBP process experiences problem
RTMP This section describes RTMP packets
108454 received Total number of RTMP packets the communication server has received
requests Number of RTMP requests the communication server has received
invalid Number of invalid RTMP packets received Causes include invalid code and op invalid packet type
40189 ignored Number of RTMP packets the communication server ignored One
reason for this is that the interface is still in discoveiy mode and is
not yet initialized
90170 sent Number of RTMP packets the communication server has broadcast
replies Number of RTMP replies the communication server has sent
ATP This section describes ATP packets
received Number of ATP packets the communication server received
ZIP This section describes ZIP packets
13619 received Number of ZIP packets the communication server has received
2-52 Communication Server Addendum for AppleTalk Remote Access show appletalk traffic
Field Description
33633 sent Number of ZIP packets the communication server has sent
32 netinfo Number of packets that requested port configuration via ZIP
GetNetlnfo requests These are commonly used during node startup
and are occasionally used by some AppleTalk network management
software packages
Echo This section describes AEP packets
received Number of AEP packets the communication server received
discarded Number of AEP packets the communication server discarded
illegal Number of illegal AEP packets the communication server received
generated Number of AEP packets the communication server generated
replies sent Number of AEP replies the communication server sent
Responder This section describes Responder Request packets
received Number of Responder Request packets the communication server received
illegal Number of illegal Responder Request packets the communication
server received
unknown Number of Responder Request packets the communication server
received that it did not recognize
communication replies sent Number of Responder Request replies the server sent
failures Number of Responder Request replies the communication server
could not send
AARP This section describes AARP packets
received 85 requests Number of AARP requests the communication server
received 149 replies Number of AARP replies the communication server
100 probes Number of AARP probe packets the communication server sent
did 84 martians Number of AARP packets the communication server not of martians recognize If you start seeing an inordinate number on an
interface check whether bridge has been inserted into the network
is it floods the network with AARP When bridge starting up
packets
bad encapsulation Number of AARP packets received that had an unrecognizable
encapsulation
did unknown Number of AARP packets the communication server not
recognize
278 sent Number of AARP packets the communication server sent
send failures Number of AARP packets the communication server could not
results 29 delays Number of AppleTalk packets delayed while waiting for the
of an AARP request
315 drops Number of AppleTalk packets dropped because an AARP request
failed
Lost no buffers Number of packets lost due to lack of buffer space
Unknown packets Number of packets whose protocol could not be determined
AppleTalk Remote Access Commands 2-53 show appletalk traffic
Field Description
Discarded This section describes the number of packets that were discarded
130475 wrong encapsulation Number of packets discarded because they had the wrong
encapsulation.That is nonextended AppleTalk packets were on an
extended AppleTalk network or vice versa
bad SNAP discrimination Number of discarded because packets they had the wrong SNAP discriminator This occurs when another AppleTalk device has
implemented an obsolete or incorrect packet format
Related Commands
dagger indicates that the command is documented in the Communication Server Command
Reference publication
show appletalk macip-traffic
show ip aliases
2-54 Communication Server Addendum for AppleTalk Remote Access show appletalk zone
show appHetak zone
To display the entries in the zone information table use the show appletalk zone EXEC command
show appletalk zone
Syntax Description
no argument Displays all entries in the zone information table
zone-name Optional Displays the entry for the specified zone
Command Mode EXEC
Usage Guidelines
You can use this command on extended and nonextended networks
zone name can be associated with multiple network addresses or cable ranges or both This means
that zone name will effectively replace multiple network addresses in zone filtering This is named reflected in the output of the show appletalk zone command For example the zone and four cable Mt View in the sample display below is associated with two network numbers ranges
Sample Display
The following is sample output from the show appletalk zone command
CS show appletalk zone Name Networks Gates of Hell 666-666 Engineering 2929 40424042 customer eng 19-19 CISCO ID 41404140 Daves House 3876 3924 5007 Narrow Beam 40134013 4023-4023 40374037 40384038 Low End SW Lab 6160 41724172 95559555 41604160 Tirn naOg 199-199 Mt View 70107010 7122 7142 70207020 70407040 70607060 Mt View 7152 70507050 UDP 111212 Empty Guf 69-69 Light 80 europe 2010 3010 3034 5004 Bldg13 4032 5026 61669 3012 3025 3032 5025 5027 Bldg17 3004 3024 5002 5006
Table 2-11 describes the fields shown in the display
AppleTalk Remote Access Commands 2-55 show appletalk zone
Table 2-11 Show AppleTalk Zone Field Descriptions
Field Description
Name Name of the zone
Networks Cable ranges or network numbers assigned to this zone
The is from the following sample output show appletalk zone command when you specify zone name
CS show appletalk zone CISCO IP AppleTalk Zone Information for CISCO IP Valid for nets 4140-4140
Not associated with any interface Not associated with any access list
Table 2-12 describes the fields shown in the display
Table 2-12 Show AppleTalk Zone Field Descriptions for Specific Zone Name
Field Description
AppleTalk Zone Information for Name of the zone CISCO IP
Valid for nets 4140-4140 Cable ranges or network numbers assigned to this zone
Not associated with any interface Interfaces that have been assigned to this zone
Not associated with any access list Access lists that have been defined for this zone
Related Command
appletalk zone
2-56 Communication Server Addendum for AppleTalk Remote Access show arap
show arap
To display information about running ARAP connection use the show arap EXEC command
show arap
Syntax Description
line-number Optional Number of the line on which an ARAP connection is
established and active
Command Mode
User-level EXEC
Usage Guidelines
Use the show arap command with no arguments to display summary of the ARAP traffic since the
communication server was last booted
Sample Display
The following is sample output from the show arap conmiand
CS show arap Statistics are cumulative since last reboot Total ARAP connections Total Appletalk packets output 157824 Total Appletalk packets input 12465
These fields refer to the sum of all of the ARA connections since the box was last reloaded
The following example results in display of information about ARA activity on specific line
line
CS show arap
Active for 23 minutes
Unlimited time left or 22 minutes left Doing smartbuffering or Smartbuffering disabled Appletalk packets output 157824 Appletalk packets input 12465 Appletalk packets overflowed 1642 Appletalk packets dropped 586 V42bis compression efficiency incoming/outgoing Ipercentage/percentage MNP4 packets received 864 MNP4 packets sent 1068 MNP4 garbled packets received MNP4 out of order packets received MNP4 packets resent MNP4 nobuffers
AppleTalk Remote Access Commands 2-57 show arap
Table 2-13 describes the fields shown in the display
Table 2-13 Show ARAP Field Descriptions
Field Description
Active for integer minutes Number of minutes since ARAP started on the line
Unlimited time left or integer minutes left Remaining time limit on the line if applicable on
the line
disabled Doing smartbuffering or Smartbuffering Obsolete Always says Doing smartbuffering
Appletalk packets output Number of AppleTalk packets that have been
received from the macintosh and out to the network
during this connection
Appletalk packets input Number of AppleTalk packets have been received
from the network and sent to the macintosh during
this connection
Appletallc packets overflowed Number of packets from the network that have
been dropped because the link to the macintosh was
congested
Appletalk packets dropped Number of packets from the network that have
been dropped because it was unnecessary to pass
them frequently RTMP
V42bis compression efficiency incoming Performance of the v42bis protocol underneath
outgoing ARA expressed as percentage of incoming
percentage outgoing If the efficiency is low
network user is probably copying already
compressed files across the link Generally low
efficieny means slow performance
MNP4 packets received Number of link-level packets that have been
received from the macintosh
MNP4 sent packets How many link-level packets have been sent to the macintosh
MNP4 garbled packets received Number of garbled packets that have been received
from the macintosh
MNP4 out of order packets received Number of out-of-order packets that have been
received from the macintosh
MNP4 packets resent Number of times packets have been resent
Each of these fields indicates line noise The higher
the value the higher the noise
MNP4 nobuffers How many times MNP4 has run out of buffers
This field should be zero
2-8 Communication Server Addendum for AppleTalk Remote Access INDEX
definition 1-13 2-18
enabling on extended interface 1-14 1-26 2-14 2-18 access control dynamic address assignment 1-6 AppleTalk 1-201-22 2-2 enabling 2-26 configuring for AppleTalk Remote Access 2-31 EtherTalk 2.0 1-4 configuring for ARA 1-16 2-35 extended Phase 1-4 description 1-4 extended addresses 1-7 access lists AppleTalk extended interface avoiding overlap 1-20 cable range assigning 1-12 network number configuring example 1-25 creating 1-21 2-3 2-5 2-7 2-9 2-10 discovery mode example 1-25 definition 1-20 enabling routing 1-14 2-18 rules for defining 1-20 enabling routing example 1-26 zone zone name assigning 1-12 creating 1-20 1-21 2-2 2-12 extended zones 1-7 definitions 1-20 interfaces access-list additional-zones command 1-21 2-2 configuring dynamically 1-13 2-18 access-list cable-range command 2-3 2-41 displaying status of 1-25 access-list includes command 1-21 2-5 interfaces supported 1-2 access-list network command 2-7 MacIP access-list other-access command 1-21 2-9 address ranges 1-18 access-list within command 1-21 2-10 addresses allocating 1-19 2-20 2-24 access-list zone command 2-12 advantages 1-18 addresses 2-44 clients displaying 1-25 AppleTalk extended 1-7 1-18 configuration requirements AppleTalk nonextended 1-5 definition 1-18 AEP access to via the ping command 1-4 disadvantages 1-18 alias AppleTalk NBP 1-6 implementation 1-18 Apple Networking Architecture ANA 1-3 servers 1-19 1-25 2-22 2-45 AppleTalk traffic displaying statistics about 1-25 2-48 access control 1-201-22 2-2 2-50 access lists MacIP configuring 1-18 network number creating 1-21 2-3 2-5 2-7 2- monitoring tasks 1-25 2-10 NBP aliases 1-6 network number creating definition 1-20 NBP definition 1-5 rules for defining 1-20 network 1-2 zone creating 1-21 2-2 2-12 node 1-2 ARP table displaying entries 1-25 2-39 node numbers 1-6 assigning nonextended Phase 1-4 networks to cable 2-15 nonextended addresses 1-5 2-14 zone names 2-27 1-17 optional configuration commands cable range OSI reference model 1-3 assigning to interface 1-12 checksum performance tuning disabling generation expanding example 1-27 and verification 1-17 checksum generation and verification Phase 1-4 disabling 1-17 2-17 Phase 1-4 enabling 2-17 protocol description 1-2 configuration task list 1-17 routing configuring an interface 2-18 enabling dynamically 1-14 1-26 discovery mode 1-26 enabling example 1-25 extended network 1-25 1-13 enabling manually 1-12 manual mode 1-12 seed device 1-6 customizing configuration 1-17 2-50 traffic displaying statistics about 1-25 description of protocol 1-2 ZIP protocol 1-6 discovery mode
Index zone 1-2 disabling on AppleTalk networks 1-17
assigning name 1-12 2-27 enabling on AppleTalk networks 2-17
definition 1-5 communication server configuring as an ARA server 1-1
name format 2-27 configurable protocol constants 1-4
special characters 2-27 configuration task list AppleTalk 1-17
zone information table displaying 1-25 2-55 configuring communication server as an ARA server 1-1
address command 2-14 appletalk configuring an interface manually 1-12 AppleTalk Address Resolution Protocol AARP 1-3
appletalk cable-range command 1-14 2-15
appletalk checksum command 1-17 2-17
appletalk discoveiy command 1-14 2-18 AppleTalk Echo Protocol AEP 1-3 Datagram Delivery Protocol DDP 1-3 appletalk macip dynamic command 1-19 2-20 debug arap command 2-37 appletalk macip server command 1-19 2-22 debug command 1-25 appletalk macip static command 1-19 2-24 debugging an ARA server 1-24 1-25 AppleTalk Remote Access ARA dedicated line automatically starting session example 1-29 ARA configuration example 1-29 configuration example 1-27 configuring 2-29 configuring access control 1-16 2-3 2-35 setting 1-16 conserving memory 1-16 disconnect warning time setting 1-16 2-34 customizing support 1-15 discovery mode debugging 1-24 2-37 definition 1-13 2-18 dedicated line example 1-29 enabling on extended interface 1-14 2-14 2-15 enabling 1-15 2-30 2-18 monitoring 1-24 2-57 enabling on nonextended interface 2-18 optional configuration commands 1-15 dynamic address assignment AppleTalk 1-6 prerequisites for connectivity 1-1 dynamic interface configuration AppleTalk 1-12 using on your Macintosh 1-1
appletalk routing command 2-26
appletalk service command 1-12 2-26 AppleTalk Transaction Protocol ATP 1-3
appletalk zone command 1-12 2-27 ARA EtherTalk 1.2 and 2.0 support for 1-4 Ciscos implementation 1-1 examples ARA configurations 1-251-31 ARA server configuring example 1-29
arap dedicated command 1-16 2-29
arap enable command 1-15 2-30
arap net-access-list command 1-17 2-31
arap noguest command 1-16 2-32 guests arap timelimit command 1-16 2-33 2-32 arap warningtime command 1-16 2-34 allowing 1-16 2-32 arap zonelist command 1-17 2-35 disallowing
automatic response
configuring 1-15
setting 2-36
autoselect command 1-15 2-36
InterPoll 1-4 1-8 1-9 1-25
interfaces
AppleTalk 1-5 1-7
X25 1-7 cable ranges
AppleTalk extended 1-7
expanding example 1-27
CCL scripts modifying 1-221-23 checksum generation and verification
Communication Server Addendum for AppleTalk Remote Access limit to number of zones 1-4 security line command 1-15 internal username authentication 1-22
modifications for TACACS 1-221-23 login tacacs command 1-24 2-38
seed device AppleTalk 1-6
show appletalk arp command 1-25 2-39
show appletalk interface command 1-25 2-41
show appletalk macip-clients command 1-25 2-44
show appletalk macip-servers command 1-25 2-45 MacIP show appletalk macip-traffic command 1-25 2-48 address ranges 1-18 show appletalk traffic command 1-25 2-50 addresses allocating 1-19 2-20 2-24 show appletalk zone command 1-25 2-55 advantages 1-18 show arap command 1-24 2-57 clients displaying 1-25 2-44 status of interface displaying 2-41 1-18 configuration requirements 1-22 system security configuring definition 1-18
disadvantages 1-18
implementation 1-18
servers 1-19 1-25 2-22 2-45
traffic displaying statistics about 1-25 2-48 TACACS MacTCP support via the MaciP server 1-4
manual interface configuration AppleTalk 1-12 CCL scripts modifying 1-221-23
modem security configuring 1-22
1-28 configuring line support 1-11 username authentication configuring Telebit T-3000 1-30 setting up Telebit T-3000 1-30 modem setting up example
monitoring an ARA server 1-241-25 time limit setting for session 1-16 2-33
multiuse line configuring example 1-29
username authentication internal TACACS 1-22 1-28
command 1-22 Name Binding Protocol NIBP 1-3 1-5 username password
NBP proxy service 1-4
NBP access to via the ping command 1-4 network 1-2
node 1-2
note description of xiv zone 1-2 Zone Information Protocol ZIP 1-3 1-6 zones
AppleTalk 1-5
AppleTalk extended 1-7
number 1-4 OSI reference model AppleTalk 1-3 limit on acceptable
overview configuration tasks 1-9 See also AppleTalk zone
Phase AppleTalk 1-4
Phase AppleTalk 1-4
prerequisites for ARA connectivity 1-1
Index Communication Server Addendum for AppleTalk Remote Access Corporate Headquarters Cisco Systems Inc P0 Box 3075
15250 Bnen Drive
Menlo Park CA 94028 USA
Tel 415 3261941
800 553-NETS 6387
Fax 415 326-1889
Cisco Systems has over
90 sales othces worldwide
Call 415 3211-1941 to contact
local account your
representative or
North America call
800 553-NETS 6387
4154
Printed the in USA on recycled paper
rontatnmg 10% post-consumer waste
CISCOSYST6MS 78-1304-01