Communication Server Addendum for Appletalk Remote Access 2-32 Arap Noguest

Software Release 921 Communication Server Addendum for

AppeTaHk Remote Access

Software Release 9.21

Corporate Headquarters P.O Box 3075

1525 OBrien Drive

Menlo Park CA 94026

415 326-1941

800 553-NETS

Customer Order Number DOC-ARAPADCS9212

Cisco Document Assembly Number 83-0143-01

Text Part Number 78-1304-01 The products and specifications configurations and other technical information regarding the products contained in this manual are subject to change

without notice All statements technical information and recommendations contained in this manual are believed to be accurate and reliable but are

without of kind or and users must take full for their of in this presented warranty any express implied responsibility application any products specified manual

states not allow limitation or exclusion of for or incidental limitation warranties Some do liability consequential damages or on how long implied last so

the above limitations or exclusions not to This Customers that may apply you warranty gives specific legal rights and you may also have other rights vary

from state to state

This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause

interference to radio communications This has been tested and found to with limits device equipment comply the for Class computing pursuant to

of Part 15 of FCC which to reasonable Subpart Rules are designed provide protection against such interference when operated in commercial

environment of this in residential is to in Operation equipment area likely cause interference which case the user at his own expense will be required to

take whatever measures may be required to correct the interference

The third software be included with and will be following party may your product subject to the software license agreement

The Cisco of TCP header is implementation compression an adaptation of program developed by the University of California Berkeley UCB as part of domain version of the UNtX All UCBs public operating system rights reserved Copyright 1981 Regents of the University of California

software for any purpose

Point-to-Point Protocol Copyright 1989 Carnegie Mellon University All rights reserved The name of the University may not be used to endorse or derived from this without promote products software specific prior written permission

The Cisco implementation of TN3270 is an adaptation of the tn3270 curses and termcsp programs developed by the University of California Berkeley of UCB as part UCBs public domain version of the UNtX operating system All rights reserved Copyright 1981-1988 Regents of the University of

California

makes no representations about the suitability of this software for any purpose

THIS MANUAL CISCOS SOFTWARE AND THE SOFTWARE OF THE ABOVE-LISTED SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES EXPRESSED OR IMPLIED INCLUDING THOSE OF MERCHANTABILITY AND FITNESS FOR PARTICULAR PURPOSE OR ARISING FROM COURSE OF DEALING USAGE OR TRADE PRACTICE

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT SPECIAL CONSEQUENTIAL OR INCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL EVEN IF CISCO HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES

Notice of Restricted Rights

Use or disclosure the Government is to restrictions as set forth in of Commercial Software duplication by subject subparagraph the Computer

Restricted clause at FAR and of the in Technical clause DFARS Rights 52.227-19 subparagraph c1ii Rights Data and Computer Software at 252.227-

7013 The information in this manual is subject to change without notice

Access Without Compromise Catalyst CiscoWorks CiscoFusion Internetwork Operating System lOS Netscape The Packet SMARTneI UniverCD

Workgroup Director and Workgroup Stack are trademarks and Cisco Systems and the Cisco logo are registered trademarks of Cisco Systems Inc All other

or services mentioned in this document are the service service marks of their products trademarks marks registered trademarks or registered respective owners

Conununicailon SermerAddendumforAppleTalk Remote Access

READ CAREFULLY BEFORE USING THIS SOFTWARE LICENSE AGREEMENT

PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SOFTWARE BY USING THE SOFTWARE OF CISCO SYSTEMS INC AND ITS SUPPLIERS AS NAMED FROM TIME TO TIME YOU AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS LICENSE IF YOU DO NOT AGREE WITH THE TERMS OF THIS LICENSE PROMPTLY RETURN THE UNUSED SOFTWARE MANUAL AND RELATED EQUIPMENT WITH PROOF OF PAYMENT TO THE PLACE OF PURCHASE FOR FULL REFUND

Cisco Systems Inc Cisco grants to Customer Cuslomer nonexciusive and nonlransferable license to use the Cisco software Software in object code form solely on single central processing unit owned or leased by Customer or otherwise embedded in equipment provide by Cisco Customer may make one archival of the software Customer affixes to sucb all notices that the copy provided copy copyright confidentiality and proprietary appear on original

Except as expressly authorized above CUSTOMER SHALL NOT COPY IN WHOLE OR IN PART SOFTWARE OR DOCUMENTATION MODIFY THE SOFTWARE REVERSE COMPILE OR REVERSE ASSEMBLE ALL OR ANY PORTION OF THE SOFTWARE OR RENT LEASE DISTRIBUTE SELL OR CREATE DERIVATIVE WORKS OF THE SOFTWARE

Customer that of the licensed the agrees aspects materials including specific design and structure of individual programs constitute trade secrets and/or

material of Cisco Customer not to otherwise copyrighted agrees disclose provide or make available such trade secrets or copyrighted material in any form to third without the Cisco any party prior consent of Customer agrees to implement reasonable security measures to protect such trade secrets and

material Title to Software and documentation shall remain with Cisco copyrighted solely

LIMITED WARRANTY Cisco warrants that the Software will substantially conform to the published specifications for such Software if used properly in accordance with the of Documentation for period ninety 90 days from the date of shipment To be eligible for remedy Customer must report all warranted problems within the warranty period to the party which supplied the Product to Customer or to the Cisco Service Partner if the Software was

under the multinational exported uplift program Ciscos sole and exclusive obligation and Customers exclusive remedy with respect to nonconforming

Software upon contact will be at Ciscos option and potentially through the Sales or Service Partner either to provide correction or workaround for any reproducible errors or ii to refund to Customer the license fee for the Software in the event that license fee was paid and the other remedy is not available or if the license fee was zero refund the price of the hardware less depreciation calculated on straight-line basis Customer agrees that it will

with Cisco or its Sales or Service Partner in the environment iii which the error occurred Customer to cooperate creating Further agrees supply any

necessary equipment for such tests

This Limited Warranty does not apply to Software which has been altered except as authorized by Cisco has not been installed operated repaired or maintained in accordance with any instaliation handling maintenance or operating instructions supplied by Cisco has been subjected to unusual physical or electrical stress misuse negligence or accident is used in ultra hazardous activities has been used in such way that Cisco or its Sales

Partner cannot the Software has been from the of destination without of an or reasonably reproduce error exported original country payment uplift has been In no event does Cisco warrant that the Software is error free or that Customer will be able to its networks without misapplied operate problems or interruptions

THIS WARRANTY IS IN LIEU OF AND CISCO DISCLAIMS ALL OTHER WARRANTIES EITHER EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR PARTICULAR PURPOSE

INABILITY TO USE THIS CISCO SOFTWARE EVEN IF CISCO HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES SOME STATES DO NOT ALLOW LIMITATION OR EXCLUSION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES OR LIMITATION ON HOW LONG IMPLIED WARRANTIES LAST SO THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO CUSTOMER

Customer will with all laws and if it the This restriction survive termination of this comply applicable export regulations exports products shall Agreement

This License is effective until terminated Customer terminate this License at time the with all thereof may any by destroying software together copies

Cisco terminate this License if the Customer fails to with term termination of this may immediately comply any or condition hereof Upon any License

Customer shall discontinue use of the Software and shall destroy all copies of the software

This License shall be and construed in accordance with the laws of the of be void governed by State California If any portion hereof is found to or unenforceable the remaining provisions of this License shall remain in full force and effect This License constitutes the entire License between the parties with respect to the use of the Software

Restricted Ciscos software and documentation with RESTRICTED disclosure the Rights supporting are provided RIGHTS Use duplication or by

Government is to the restrictions as set forth in of the Commercial FAR 52.227- subject subparagraph Computer Software Restricted Rights clause at

19 and of The in Technical Data and Software clause subparagraph clii Rights Computer at DFARS 52.227-7013 HARDWARE WARRANTY

Performance Warranty Cisco warrants to Customer for period of ninety 90 days from the shipping date that Hardware purchased under this Agreement will be free from hardware defects in material and To be for must all warranted within the workmanship eligible remedy Customer report problems

warranty period to the party which supplied the Product to Customer or to the Cisco Service Partner if the Hardware was exported under the multinational uplift program

Hardware Remedies In the event of warranted problem with respect to the Hardware Customer must contact the place it acquired the Hardware or the

Cisco Service Partner if the Hardware to the multinational after it becomes aware of the defect was exported pursuant uplift program as soon as possible

Cisco the Sales Service will for recommended list or or Partner as appropriate supply replacement parts the products listed in Ciscos spares Replacement

will be within five after of Customers Cisco its Sales Service Partner will bear the cost for parts shipped workiisg days receipt request or or shipment

of advance replacements to Customer Customer must retum all defective boards and assemblies prior to installation of the replacement hoards and

assemblies to Cisco or the Sales or Service Partner in accordance with the then current RMA procedures Ciscos sole and exclusive obligation with respect

defective Hardware Ciscos and Sales Service if service as to will be at option through or Partner necessary to either provide advance replacement described the Product with Product that does not contain the for the Hardware less above ii replace defect or iiirefund the price paid depreciation calculated on straight-line basis

Exclusions The above Product which has been has not been warranty does not appiy to any altered except as authorized by Cisco installed operated repaired or maintained in accordance with any installation handling maintenance or operating instructions supplied by Cisco has been subjected to

electrical is used in ultra hazardous used in such that Cisco unusual physical or stress misuse negligence or accident activities has beeis way

In event cannot reasonably reproduce the Software error or has been exported from the original country of destination without payment of an uplift no

its networks without does Cisco warrant that Customer will be able to operate problems or interruptions

Disclaimer THIS WARRANTY IS IN LIEU OF AND CISCO DISCLAJMS ALL OTHER OF ALL OTHER WARRANTIES EXPRESSED OR IMPLIED INCLUDING THOSE OF MERCHANTABILITY NONINFRINGEMENT AND FITNESS FOR PARTICULAR PURPOSE OR ARISING FROM COURSE OF DEALING

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT SPECtAL CONSEQUENTIAL OR INCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR

About This Manual XIII

Document Objectives xiii

Audience xiii

Document Organization xiii

Document Conventions xiii

Chapter Configuring an AppleTalk Remote Access Server 1-1

Ciscos Implementation of ARA 1-1

ARA Protocol 1-2

AppleTalk 1-2

Extended Phase versus Nonextended Phase AppleTalk 1-4

Nonextended AppleTalk Addressing 1-5 AppleTalk Zones 1-5

Name Binding Protocol 1-5 Zone Information Protocol 1-6

Dynamic Configuration 1-6

Extended AppleTalk Addressing 1-7

AppleTalk Name Registration 1-7

AppleTalk Responder Support 1-8

ARA Task Overview 1-9

Connect Cables 1-9

Configure the Line and the Modem 1-11

Configure AppleTalk 1-12 Enable AppleTalk Service 1-12

Configure an AppleTalk Interface 1-12

Manual Interface Configuration 1-12

Dynamic Interface Configuration 1-13

Configuring Segment That Has No Routers 1-14 Enable ARA 1-15

Customize ARA 1-15

Configure Automatic Protocol Startup 1-15

Set Dedicated ARA Line 1-16

Set the Session Time Limit 1-16

Set the Disconnect Warning Time 1-16

Disallow Guests 1-16

Control Access 1-16

Customize the AppleTalk Configuration 1-17

Disable Checksum Generation and Verification 1-17

Configure MaciP 1-18

Control Access to AppleTalk Networks 1-20

Create Access Lists 1-21

Table of Contents Configure System Security 1-22

Configure Internal Username Authentication 1-22

Configure TACACS Security 1-22

Modify Scripts to Support TACACS 1-22

Configure TACACS Server User Authentication 1-24

Monitor and Debug an ARA Server 1-24

Monitor the AppleTalk Network 1-25 Debug the ARA Server 1-25

Configuration Examples 1-25

Example of Configuring an Extended AppleTalk Network 1-25

Example of Configuring an Extended Network in Discovery Mode 1-26

Example of Configuring ARA 1-27 Example of Expanding the Cable Range 1-27

Example of Configuring MaciP 1-28

Example of Configuring TACACS Username Authentication 1-28

Example of Configuring Dedicated ARA Line 1-29

Example of Configuring Multiuse Line 1-29

Example of Configuring an ARA Server 1-29

Example of Setting up aTelebit T-3000 Modem 1-30

Chapter AppleTalk Remote Access Commands 2-1

access-list additional-zones 2-2

access-list cable-range 2-3

access-list includes 2-5

access-list network 2-7

access-list other-access 2-9

access-list within 2-10

access-list zone 2-12

appletalk address 2-14

appletalk cable-range 2-15

appletalk checksum 2-17

appletalk discovery 2-18

appletalk macip dynamic 2-20

appletalk macip server 2-22

appletalk macip static 2-24

appletalk service 2-26

appletalk zone 2-27

arap dedicated 2-29

arap enable 2-30

arap net-access-list 2-31

vi Communication Server Addendum for AppleTalk Remote Access 2-32 arap noguest

timelimit 2-33 arap

2-34 arap warningtime

2-35 arap zonelist

autoselect 2-36

debug arap 2-37

show appletalk arp 2-39

show appletalk interface 2-41

show appletalk macip-clients 2-44

show appletalk macip-servers 2-45

show appletalk macip-traffic 2-48

show appletalk traffic 2-50

show appletalk zone 2-55

show arap 2-57

Index

Table of Contents vii viii Communication Server Addendum for AppleTalk Remote Access 0F FIGURES

Figure 1-1 ARA Configuration Overview 1-2

Figure 1-2 AppleTalk and the OSI Reference Model 1-3

Figure 1-3 InteroPoll Output 1-9

Figure 1-4 ARA Server Cabling and Connections 1-10

Figure 1-5 Wiring Diagram of Mini 8-to-DB-25 Cable 1-10

Figure 1-6 ARA Server Not on an Internet 1-17

Figure 1-7 TACACS Login Screen on the Macintosh 1-24

Figure 1-8 TACACS Password Screen on the Macintosh 1-24

Figure 1-9 Discovery Mode 1-26

List of Figures ix Communication Server Addendum for AppleTalk Remote Access LIST OF TABLES

Table 1-1 Examples of AppleTalk Addresses 1-6

Table 1-2 Building Mini 8-to-DB-25 Cable 1-11

Table 2-1 Show AppleTalk ARP Field Descriptions 2-39

Table 2-2 Show AppleTalk Interface Field Descriptions for an Extended Network 2-42

Table 2-3 Show AppleTalk Interface Field Descriptions for Nonextended Network 2-42

Table 2-4 Show AppleTalk Interface Brief Field Descriptions 2-43

Table 2-5 Show AppleTalk MacIP Clients Field Descriptions 2-44

Table 2-6 Show AppleTalk MacTP Servers Field Descriptions 2-45

Table 2-7 MacIP Finite-State Machine Table 2-46

Table 2-B Server States 2-47

Table 2-9 Show AppleTalk MacIP Traffic Field Descriptions 2-49

Table 2-10 Show AppleTalk Traffic Field Descriptions 2-51

Table 2-11 Show AppleTalk Zone Field Descriptions 2-56

Table 2-12 Show AppleTalk Zone Field Descriptions for Specific Zone Name 2-56

Table 2-13 Show ARAP Field Descriptions 2-58

List of Tables xi xii Communication Server Addendum for AppleTalk Remote Access About This Manua

This section discusses the objectives audience organization and conventions of the Communication

Server Addendum for AppleTalk Remote Access

Document Objectves

This manual provides the information necessary to configure your communication server to use

AppleTalk Remote Access ARA to support remote Macintosh users This manual used in

conjunction with the Release 9.21 Communication Server Configuration Guide and the

Communication Server Command Reference publication provides all of the information necessary

communication and interface to use and configure your server including system network

configuration

Audence

This publication addresses the system administrator who will configure and maintain

communication server configured as an ARA server supporting remote Macintosh users running

ARA software

Document Organ izaton

This publication has two chapters

which contains and Chapter Configuring an AppleTalk Remote Access Server required Macintosh optional tasks for configuring your communication server to support remote users

running ARA software

of each of the Chapter AppleTalk Remote Access Commands which provides description default and commands presented in Chapter including complete syntax descriptions settings

command usage guidelines

Document Conventons

This manual uses the following conventions to convey instructions and information

Ctrl represents the key labeled Control

For example the key combination Ctrl-D means hold down the Control key while you press the key

About This Manual xiii Document Conventions

is defined of string as nonquoted set characters For example when setting up community

string for SNMP to public do not use quotes around the string or the string will include the

quotation marks

Command descriptions use these conventions

that contain Examples system prompts denote interactive sessions indicating that the user enters

commands at the prompt The system prompt indicates the current command mode For example

the prompt router config indicates global configuration mode

Commands and keywords are in boldface font

Arguments for which you supply values are in italic font

Elements in square brackets are optional

Alternative but required keywords are grouped in braces and separated by vertical bars

Examples use these conventions

Terminal sessions and information the system displays are in screen font

Information you enter is in boldface screen font

Nonprinting characters such as passwords are in angle brackets

Default to in responses system prompts are square brackets

Exclamation points at the beginning of line indicate comment line

Note Means reader take note Notes contain helpful suggestions or references to materials not

contained in this manual

Software changes from previous releases are noted in the release note accompanying this manual

xiv Communication Server Addendum for AppleTalk Remote Access CHATER

Configuring an AppeTaIk Remote Access Server

Remote This chapter describes how to configure your communication server to act as an AppleTalk

describe the client Macintosh Refer to Access ARA server It does not how to configure or use Apple Computers Apple Remote Access Client User Guide and the Apple Remote Access Personal Macintosh For Server Uses Guide for information about how to use ARA software on your

complete description of the commands in this chapter refer to Chapter

Cscos mpHementaton of ARA

in Ciscos implementation of ARA gives Macintosh users direct access to information and resources

remote locations Macintosh users can connect to another Macintosh computer or AppleTalk network

over standard telephone lines For example if you have PowerBook at home and need to get file

from your Macintosh at the office ARA software can make the connection between your home and

office computers

You can configure your communication server to act as an ARA server by enabling AppleTalk and allows remote ARA Protocol Configuring your communication server to act as an ARA server

Macintosh users to dial in become network node and connect to devices on other networks ARA

Protocol support on the communication server is transparent to the Macintosh end user

The following Macintosh and communication server software support is required for ARA

connectivity

Macintosh running ARA software and connection control language CCL script

communication server configured as an ARA server

Configuring an AppleTalk Remote Access Server 1-1 Ciscos Implementation of ARA

Figure 1-1 shows how your communication server can act as an ARA server between remote Macintosh computers in Figure 1-1 Macintosh SE and PowerBook and devices on another network

I-Il

PowerBook with internal modem

Figure 1-1 ARA Configuration Overview

ARA ProtocW

Enabling ARA on your communication server permits the server to support ARAon the Macintosh

and therefore to act as an ARA server

App eTa

AppleTalk is client-server or distributed protocol AppleTalk users share network resources such

as files and printers with other users Interactions with different servers are transparent to users

because the computer determines the location of the requested material and accesses it without

requesting information from the user

identifies several network AppleTalk entities node network and zone node is any device

connected to network an AppleTalk The most common nodes are Macintosh computers and laser but other of printers many types computers are also capable of AppleTalk communication including

IBM PCs Digital VAX/VMS systems and variety of workstations communication server which network provides only one interface is considered node on the network In this chapter the

term refers device router to any that routes AppleTalk packets An AppleTalk network is single and logical cable an AppleTalk zone is logical group of one or more possibly noncontiguous networks

has Apple Computer produced variety of internetworking products with which to connect local-area AppleTalk networks Apple supports Ethernet Token Ring Fiber Distributed Data

Interface and its FDDI own proprietary twisted-pair media access system called LocalTalk

1-2 the Figure compares AppleTalk protocols with the standard seven-layer OSI model and illustrates how AppleTalk works with variety of physical and link access mechanisms

12 Communication Server Addendum for AppleTalk Remote Access Ciscos Implementation of ARA

OSl AppleTalk Protocols Reference Model

Application

Presentation

Session

Transport

Network

Data Link

Physical

Figure 1-2 AppleTalk and the OSI Reference Model

services in addition to the The Cisco AppleTalk implementation provides the following standard ability to transmit any AppleTalk packet

AppleTalk Address Resolution Protocol AARP

Datagram Delivery Protocol DDP

Name Binding Protocol NBP

AppleTalk Echo Protocol AEP

AppleTalk Transaction Protocol ATP

Zone Information Protocol ZIP

internetworked nodes The DDP and AARP protocols provide end-to-end connectivity between determine NBP maps network names to AppleTalk internet addresses NBP relies on ZIP to help AFP and which networks belong to which zones File and print access is provided through PAP respectively which work with applications such as AppleShare and print servers

Configuring an AppleTalk Remote Access Server 1-3 Ciscos Implementation of ARA

The Cisco AppleTalk implementation also includes the following enhancements

Support for EtherTalk 1.2 and EtherTalk 2.0

Support for serial protocols including SMDS Frame Relay X.25 and HDLC

Configurable protocol constants

No software limits on the number of zones

MacTCP support via the MacIP server

service NBP proxy providing compatibility between AppleTalk Phase and AppleTalk Phase

Access control support to allow filtering of zones routing data and packets

node Integrated name support to simplify AppleTalk management

Interactive access to AEP and NBP provided via the ping command

for both Support configured called seed and discovered configuration

Responder support used by InteroPoll and other network monitoring packages

Note Apple Computer uses the nameAppleTaik to refer theApple NetworkingArchitecture ANA whereas the actual transmission media used to form an AppleTalk network are referred to as LocalTallc Apple Computers proprietary twisted-pair transmission medium for AppleTalk TokenTalk AppleTalk over Token Ring and EtherTalk AppleTalk over Ethernet

like AppleTalk many network protocols makes no provision for network security The AppleTalk architecture protocol requires that security measures be executed at higher application levels The communication server software supports AppleTalk network access lists providing filters at the

packet level

Extended Phase versus Nonextended Phase AppleTalk

AppleTalk was designed for local work groups With the installation of over 1.5 million Macintosh

computers in the first five years of the products life Apple found that some large corporations were

exceeding the design limits of AppleTalk Apples solution was to create extended AppleTalk The extended architecture increases the AppleTalk number of nodes per AppleTalk internetwork to over 16 million and unlimited number of an zones per cable

The introduction of the extended AppleTalk architecture also introduced the concept of nonextended and extended networks Nonextended AppleTalk networks are sometimes called Phase and

extended networks are called Phase Nonextended networks refer to the nonextended AppleTalk

Ethernet 1.0 networks no longer supported by Apple but still supported by Cisco and to the

nonextended serial line-based networks including those configured using X.25 and LocalTalk

Extended networks refer to the extended AppleTalk-compliant networks configured on Ethernet

EtherTalk 2.0 and Token Ring media Examples of nonextended and extended AppleTalk network

configurations can be found in the section Configuration Examples later in this chapter

The AppleTalk extended-network architecture provides extensions compatible with nonextended

AppleTalk internetworks The AppleTalk extended architecture was designed to remove the

limits of 254 previous concurrently active AppleTalk nodes per cable as well as the previous limit

1-4 Communication Server Addendum for AppleTalk Remote Access Ciscos Implementation of ARA

cable Extended contains better for the of one AppleTalk zone per AppleTalk algorithms choosing

best routers for traffic and is designed to minimize the amount of broadcast traffic generated for

routing updates

Another important feature in extended AppleTalk is the ability of single AppleTalk cable to be

The size of network numbers to assigned more than one network number of the range assigned

cable determines the maximum number of concurrently active AppleTalk devices that can be

supported on that cable which is 254 devices per network number

Nonextended AppleTalk Addressing number AppleTalk addresses are 24 bits long They consist of two components 16-bit network and

an 8-bit node number The Cisco AppleTalk software parses and displays these addresses as

sequence of two decimal numbers the network number period and the node number For

example node 45 on network is written as 3.45 node is any AppleTalk-compatible device

attached to the network Each enabled AppleTalk interface on router is node on its connected network

AppleTalk Zones

When router is used to join two or more AppleTalk networks into an internetwork the component

physical networks remain independent of each other network manager may assign nodes on each

physical network to conceptual grouping known as zone

There are two main reasons to create zones in an AppleTalk internetwork to simplify the process of

locating and selecting network devices and to allow for the creation of departmental work groups

that may exist on several different and possibly geographically separated networks

hundreds thousands of shared For example consider large AppleTalk internetwork that contains or

resources and devices Without method of dividing this large number of resources and devices into thousands of node smaller groups of devices user might have to scroll through hundreds or names of in the Chooser to select the one node to be used By creating small conceptual groups nodes users

can choose the resources they need much more quickly and easily than if they were sorting through

list of very long names

is limited zone can include many networks that need not be located together physically zone not

by geographical area The partitioning afforded by zone names is conceptual not physical

The network manager defines zones when he or she configures router For nonextended networks

each AppleTalk-configured interface must be associated with exactly one zone name and for

extended networks each AppleTalk-configured interface can be associated with one or more zone

names Until zone name has been assigned AppleTalk capability is disabled for that interface The

section Configure AppleTalk later in this chapter lists the commands to use in the zone-naming

of each command and its for process Refer to Chapter for description guidelines usage

Name Binding Protocol

internetwork addresses It allows The Name Binding Protocol NBP maps network entity names to

refer numerical addresses for users to specify descriptive or symbolic names software processes to

the same entities With NBP almost all user-level programs respond to names instead of numbers

When users select an AppleTalk device they are using the NBP protocol to translate the devices

entity name to the entitys network address Numerical addresses dynamically assigned to nodes are

primarily used by the router software and by network managers in the ping process

Configuring an AppleTalk Remote Access Server 1-5 Ciscos Implementation of ARA

NBP provides four basic services for binding names to nodes and zones

Name registration

Name deletion

Name lookup

Name confirmation

The nature of the AppleTalk addressing scheme is inherently volatile and node addresses change

frequently Therefore NBP associates numerical addresses with aliases that continue to reference

the colTect address if the address changes

Zone Information Protocol

NBP uses the Zone Information Protocol ZIP to determine which networks belong to which zones router uses ZIP to maintain the network-number-to-zone-name mapping of the AppleTalk internet

Each communication server or router maintains data structure known as the zone information table

The table of ZIT provides listing network numbers for each network in every zone Each entry

is triple an inseparable network number-hop number set that matches network number with

zone name as supplied by the network manager

Dynamic Configuration

AppleTalk supports dynamic configuration discovery mode Not all fields of an AppleTalk address

need to be specified to configure an AppleTalk router If there is another AppleTalk communication

server or router on the network it might be able to supply the network number and zone name

preconfigured router on an AppleTalk network acts as seed router or communication server

responding to configuration queries from other nodes on its network

Seed and routers come up verify the configuration with an operational router If the configuration is Seed valid they start functioning routers come up even if no other routers are on the network On the other nonseed hand router must first communicate with seed router before it can begin nonseed operation router must obtain and verify the configuration with another functioning

router The configuration of the nonseed router must match exactly with the configuration of the seed

router for the nonseed router to function

An end node always behaves in manner similar to discovery mode It uses any previous

configuration as starting point for initialization

Unspecified parts of the AppleTalk address are entered as zero Table 1-1 lists AppleTalk addresses

that feature unspecified addressing

Table 1-1 Examples of AppleTalk Addresses

AppleTalk

Address Description

34.5 Completely specified network 34 node

05 Partially qualified network unspecified node

122.0 Partially qualified network 122 node unspecified

0.0 Completely unspecified

1-6 Communication Server Addendum for AppleTalk Remote Access Ciscos Implementation of ARA

AppleTalk automatically assigns node numbers When the specified address is in use the node

randomly chooses its node number The node will first try the node number that was its most recent

address If that number is unavailable the node then searches for the next available address If it

reaches 254 without finding an available number it cycles back to and continues until it finds

free address LocalTalk address restrictions are as follows user node numbers are from ito 127 and

server/printer node numbers are from 128 to 254 Nonextended Ethernet and extended media do not

observe the server/user node distinction The protocol reserves node numbers and 255 Extended

media also reserves the node number of 254

For nonseed communication servers an interface will behave as an AppleTalk end node If zero has

been specified for network number that interface will not route any packets until it receives its network number from seed router

As long as one fully configured communication server or router exists on physical network

other attached cable to determine segment or cable routers directly to that can use discovery mode

their configuration they can take their information from an operational communication server or

router However once the configuration process has stabilized for particular AppleTalk internet

all communication servers and routers thereafter should be configured as seed routers Note that each communication synchronous X25 network interfaces must be explicitly configured on server

or router to be used as AppleTalk transports

Node address information is maintained by tables appropriate to the media usually AARP tables

Extended AppleTalk Addressing

AppleTalk addresses as explained in the section Nonextended AppleTalk Addressing earlier in

this chapter are composed of 16-bit network and an 8-bit node number In nonextended AppleTalk

nodes within single cable can communicate using only their 8-bit node numbers

node in extended AppleTalk is always identified by its network and node number Dynamic

address resolution when communication server or router is not present includes the assignment of

random network number within small range as well as node number When communication

server or router is present in the network node starts up using its newly acquired address for short

period of time It then immediately requests the range of valid network numbers from an operational

router The node then uses this to determine its actual AppleTalk address by selecting an unassigned address

new concept of cable ranges is introduced with the extended AppleTalk Ranges of network

numbers and multiple zones can exist on single logical cable But the node can exist in only one

zone and on only one network

In an extended AppleTalk network the mapping of physical cable to zone name is no longer

valid End nodes are expected to know the zone to which they belong or to choose from the list of

available zones provided by router The router maintains default zone that new nodes will use

automatically if they have not chosen zone previously

AppleTalk Name Registration

Cisco communication servers and routers with active AppleTalk interfaces register each interface

separately unique interface name is generated by appending the interface type name and unit

number to the communication server or router name For example if communication server is

named mycommserver and has AppleTalk enabled on Ethernet in zone Engineering the NBP

registered name will be as follows

mycommserver.ELhernetOciscoRouter@Engineering

Configuring an AppleTalk Remote Access Server 1-7 Ciscos Implementation of ARA

The is NBP name deregistered in the event that AppleTalk is disabled on an interface by

configuration or due to interface errors

Registering each interface on the communication server provides the AppleTalk site administrator

with positive indication that the communication server and router is properly configured and

operating

One name is registered per interface other service types are registered once for every zone name on

the communication server The following display output from the show apple nbp command shows

that each interface is but that is uniquely identified only one SNMP Agent generated per zone

Net Adr Skt Name Type Zone 4042 254 brown.Ethernet0 ciscoRouter Engineering 4028 254 brown.Asyncl ciscoRouter Engineering

AppleTalk Responder Support

The communication server answers AppleTalk responder requests The listener is installed on the

AppleTalk interface name registration socket

The response packet generated supplies the bootstrap firmware version string followed by the router software version These operating string are displayed in the position of the Macintosh system

version and the Macintosh printer driver version respectively in such applications as Apples InterPoll

The contains response packet strings similar to those displayed by the show version EXEC command

The information is returned as follows

System bootstrap version ROM version

Currently running software version

versionthis AppleTalk always indicates 56 which is the first Apple Macintosh version that contained AppleTalk Phase support

AppleTalk responder versionthis always displays 100 which indicates support of Version 1.0

responder packets

Report that AppleShare is not installed

Figure 1-3 illustrates typical output display for InterPoll that lists this information

1-8 Communication Server Addendum for AppleTalk Remote Access ARA Task Overview

Net 4042 Node Device orange Ethernet0-clscoRouter stop Packets 20 Using

Echo Pkts Donej Interval 12.5 Isecs

Printer Status Packets

Timeout 11.5 Isecs System Into Packets

Rcvd Lost

Packets Sent Lett 16 Total

Current Average Minimum Maximum

Hope Away 3.00

Delay secs 0.02 0.02 0.02 0.02

System Bootstrap Version 4.41e.ol 1986-1993 Status cs Software lCS-5051 Version 9.11100 Deveiopment Software

flespondur iNiT Version lOS

Driver Version 56 not instaled ______AppieToik AppieShare Co

Figure 1-3 lnterPolI Output

ARA Task Overview

To set up your communication server as an ARA server complete the following tasks

Connect cables page 1-9

Configure the line and the modem page 1-11

Configure AppleTalk page 1-12

The following tasks are optional

Customize ARA page 1-15

Customize the AppleTalk configuration page 1-17

Configure system security page 1-22

Monitor and debug an ARA server page 1-24

Connect CabHes

Figure 1-4 shows how to connect Macintosh directly to the communication server and how to connected connect Macintosh by means of internal and external modems The directly Macintosh

can be used as terminal from which you can configure the communication server

Configuring an AppleTalk Remote Access Server 1-9 Connect Cables

RJ-45

Internal modem

cable __ RJ-45 adapter

Mini 8-to-

DB-25 cable IL

External modem Modem Directly attached Macintosh

Figure 1-4 ARA Server Cabling and Connections

the FDTE version of the RJ-45- To connect Macintosh directly to the communication server use the rolled RJ-45 cable from the to-DB-25 adapter Cisco Part Number 29-FDTE-02 to connect

communication server to the Mini 8-to-DB-25 cable from the Macintosh

version of the RJ-45-to-DB-25 To connect modem to the communication server use the MMOD RJ-45 cable from the communication server to the modem You can adapter to connect the rolled the DB-25 in to also use Cisco MDCE adapter that you have modified by moving pin position

position

the of DB-25 connector and how they are Figure 1-5 shows the pins of Mini connector pins connected

connector

8-to-DB-25 Cable Figure 1-5 Wiring Diagram of Mini

Table 1-2 explains the pin functions

1-10 Communication Server Addendum for AppleTalk Remote Access Configure the Line and the Modem

Table 1-2 Building Mini 8-to-DB-25 Cable

Din-U Pin DB-25 Pin

Number Din-U Pin Function Number DB-25 Pin Function

Output handshake 20 RTS DTR

Input handshake/external CTS

clock

TxD TxD

Ground RxD- Ground RxD RxD

Note This cable implements hardware flow control It allows the Macintosh to assert both the DTR

and the RTS signals with the HSKO control line The HSK1 control line is attached to pin which

allows the Macintosh to monitor the CTS signal from the modem Data is transmitted to the modem

on pin of the DB-25 connector and received from the modem on pin of the DB-25 connector

Pin on the DB-25 connector grounds the connection between the Macintosh and the modem

Because DTR is tied to RTS you should configure the modem to ignore any change in the state of DTR Otherwise an RTS flow control change would cause the modem to hang up the telephone line

For more information about cables connectors and adapters see the hardware installation and

maintenance manual for your communication server

Configure the Line and the Modem

Configure the line on the communication server as follows

Specify line speed3 8400 bps on high-speed modems is recommended

Set hardware flow controluse the flowcontrol hardware command to enable hardware flow

control

the line for both Specify your dial-in typeuse the modem inout command to configure

the line for incoming and outgoing calls or use the modem ri-is-cd command to configure

incoming calls only

Note The autobaud command is not supported with ARA

Configure the modem as follows

Set hardware flow control

Disable software flow control XON/XOFF

Disable echo

Set quiet mode that is prevent the modem from responding to commands

Set auto-answer to answer on ring rings are required in Germany

Set modem so that DSR follows CD

Reset to nonvolatile random-access memory NVRAM when DTR drops

Configuring an AppleTalk Remote Access Server 1-11 Configure AppleTalk

If your modem does not support this configuration see the Communication Server Configuration

Guide or the Communication Server Command Reference publication for information about

configuring line to support your modem

Configure AppeTaUk

To configure ARA on your communication server you need to perform the following tasks

Enable AppleTalk

Configure an AppleTalk interface

Enable ARA

The sections that follow describe each of these tasks See Chapter for information about commands

listed in these tasks

Enable AppleTalk Service

To enable the AppleTalk service in global configuration mode perform the following task

Task Command

Enable AppleTalk appletalk service

Configure an AppleTalk Interface

You can manually configure an interface for AppleTalk or if an interface is connected to network

that has at least one other communication server or router configured for AppleTalk you can

dynamically configure the interface using discovery mode

If the internet the and cable match the already exists zone range must existing configuration To

identify existing cable ranges and zone names configure the communication server for discovery mode

You can also configure an AppleTalk interface on segment for which there are no AppleTalk routers

Manual Interface Configuration

To manually configure an interface for extended AppleTalk peiform the following tasks

Task Command

Specify an interface interface type unit

Assign cable range to an interface appletalk cable-range cable-range

Assign zone name to the interface appletalk zone zone-name

If than is the default you assign more one zone name the first name you assign zone

You can define up to 255 unique zone names

1-12 Communication Server Addendum for AppleTalk Remote Access Configure AppleTalk

After you assign the address and zone names the interface will attempt to verify them with other

communication connected network If there operational servers or routers on the are any

discrepancies the interface will not become operational If there are no neighboring operational

communication servers or routers the communication server will assume the configuration is

colTect and the interface will become operational

Dynamic Interface Configuration

If an AppleTalk interface is connected to network that has at least one other operational AppleTalk

router or communication server you can dynamically configure the interface using discovery mode

In discoveiy mode an interface acquires information about the attached network from an operational

communication server or router and then uses this information to configure itself Once the interface

has been configured you can manually enter the dynamically acquired information

Using discovery mode to configure interfaces saves time if the network numbers cable ranges or

zone names change You need to make the changes on only one operational communication server

or router

Discovery mode is useful when you are changing network configuration or when you are adding

communication server to an existing network

Note Discovery mode does not work with synchronous serial lines

If there is no operational communication server or router on the attached network you must

manually configure the interface as described in the earlier section Manual Interface

Configuration Also if discovery-mode interface is restarted another operational communication

server or router must be present before the interface can become operational

communication server starts up by first acquiring its configuration from memoly Then if an

interface is not configured for discovery mode the interface starts up as follows

The interface must be configured with the appletalk address or appletalk cable-range

command and the appletalk zone command

If the interface is properly configured the interface attempts to verify the stored configuration

with another communication server or router on the attached network

there is the interface If any discrepancy does not start up

If there are no neighboring operational communication servers or routers the communication

server assumes the stored configuration is correct and the interface becomes operational

Using discovery mode does not affect an interfaces ability to respond to configuration queries from

other communication servers on the connected network once the interface becomes operational

When activating discovery mode you do not need to assign zone name The interface acquires the zone name from another interface

and network If Caution Do not enable discovery mode on every communication server router on

you do and all communication servers restart simultaneously for instance after power failure the network will be inaccessible until you manually configure at least one communication server

Configuring an AppleTalk Remote Access Server 1-13 Configure AppleTalk

You can activate discovery mode on an extended interface in one of two ways depending on whether know the cable of the attached These methods described in the sections that you range network are follow

Method

In the first method you immediately put the interface into discovery mode by specifying cable attached range of 00 Use this method when you do not know the network number of the network

To configure an interface for discoveiy mode using this method perform the following tasks

Task Command

Specify an interface interface type unit

Put the interface into discovery mode by assigning it appletalk cable-range 00

the cable range 0-0

Method

In the second first cable then enable method you assign ranges and explicitly discovery mode Use

this method when you know the cable range of the attached network To configure an interface for

discovery mode using this method perform the following tasks

Task Command

Specify an interface interface type unit

Assign an AppleTalk address to the appletalk cable-range cable-range

interface

Put the interface into discoveiy mode appletalk discovery

Configuring Segment That Has No Routers

also that does have You can configure an AppleTalk interface on LAN segment not any AppleTalk

routers by performing the following tasks

Task Command

Turn on AppleTalk but do not enable appletalk service routing

Specify an interface interface

Specify the AppleTalk address as appletalk address 1.1

which is the default address when there

are no routers

Specify the name of the local zone appletalk zone

Note that you cannot use discovery mode for this configuration

1-14 Communication Server Addendum for AppleTalk Remote Access Customize ARA

EnabeARA

To enable ARA on line perform the following tasks

Task Command

Specify line or lines line nunber enclnunberj

Enable ARA on line aiap enable

CustomzeARA

The commands in this section can be used to customize ARA support Some of the commands are

required for certain configurations Possible functions include the following

automatic Configure protocol startup page 15

Set dedicated ARA line page 1-16

Set the session time limit page 1-16

Set the disconnect warning time page 1-16

Disallow guests page 1-16

Control access page 1-16

Note ARA does not support the autobaud command

The following sections describe these tasks See Chapter for information about commands listed

in these tasks

Configure Automafic Protoco Startup

To configure the communication server to automatically start an ARA session perform the following

tasks in global configuration mode

Task Command

Specify line in global configuration mode line number end-number

Configure line to automatically start an ARA autoselect session

The autoselect command permits the communication server to automatically start an appropriate when process starting character is received The communication server detects either Return

character which is the start character for an EXEC session or the start character for the ARA

protocol

This command is required for all ARA-enabled lines that are not configured as dedicated ARA lines

that and are not configured for TACACS logins

Note The autoselect command should not be used with TACACS

Configuring an AppleTalk Remote Access Server 1-15 Customize ARA

Set Dedicated ARA Line

To set line to function only as an ARA connection perform the following task in line configuration mode

Task Command

line for Configure ARA only arap dedicated

Alternatives are to set the line for autoselect or TACACS logins

Set the Session Time Limit

To set the maximum length of an ARA session for line perform the following task in line

configuration mode

Task Command

Set the maximum length of an ARA session arap timelimit

The default is to have unlimited length connections This task is optional

Set the Disconnect Warning Time

To configure when to display disconnect warning perform the following task in line configuration mode

Task Command

Set when disconnect warning message will be arap warningtime displayed in number of minutes before the line

is set to disconnect

This command is only valid if session time limit is set

Disallow Gnests

guest is person who connects to the network without having to give name or password To

prohibit Macintosh guests from logging in through the communication server perform the following

task in line configuration mode

Task Command

Prohibit guests from logging in to the ARA arap noguest network

Caution Do not enter the arap noguest command if TACACS is enabled

Control Access

You can control Macintosh access to zones and networks by using arap commands to reference

access control lists configured using AppleTalk access-list commands

1-16 Communication Server Addendum for AppleTalk Remote Access Customize the AppleTalk Configuration

To control what zones the Macintosh user will see perform the following task in line configuration mode

Task Command

Limit the zones the Macintosh user sees arap zonelist zone-access-list-number

To control traffic from the Macintosh to networks perform the following task in line configuration mode

Task Command

Control access to networks arap net-access-list net-access-list-number

Customzethe AppeTak Configuration

To customize the AppleTalk configuration complete the following tasks

Disable checksum generation and verification page 1-17

Configure MacIP page 1-18

Control Access to AppleTalk Networks page 1-20

This section describes how to perform these configuration tasks See Chapter for information about

commands listed in these tasks

Figure 1-6 shows configuration in which communication server acting as an ARA server is

serving local network that is not connected to an internet

Figure 1-6 ARA Server Not on an Internet

Disable Checksum Generation and Verification

By default the communication server generates checksums for all ARA traffic that requests them

You might want to disable checksum generation and verification as if you have an older LaserWriter

printer or other device that cannot receive packets with checksums

To disable checksum generation and verification perform the following global configuration task

Task Command

Disable the generation and verification of no appletalk checksum

checksums for all AppleTalk packets

Configuring an AppleTalk Remote Access Server 1-11 Customize the AppleTalk Configuration

Configure MaciP

The communication server implements MacIP protocol that routes IP datagrams to IP clients using

AppleTalk Datagram Delivery Protocol DDP low-level encapsulation MacIP allows the

communication server to assign an ID number to Macintosh computer that dials in The ID number

allows the Macintosh computer to run MacTCP applications

Cisco communication servers implement the MacIP address management and routing services

described in the draft Internet RFC Standard for the Transmission of Internet Packets over

AppleTalk Networks This implementation of MacIP conforms to the September 1991 draft RFC

with the following exceptions

Communication servers do not fragment IP datagrams that exceed the DDP MTU and that are

bound for DDP clients of MacIP

Communication servers do not route to DDP clients outside of configured MacIP client ranges

MacIP is required to provide access to IP network servers for those users It is also required for

environments in which Macintosh users use ARA or are connected to the network using LocalTalk

or PhoneNet cabling systems

MacIP services also can be useful when you are managing IP address allocations for large

dynamic Macintosh population There are several advantages to using MacIP in this situation

Macintosh TCP/IP drivers can be configured in completely standard way regardless of the

location of the Macintosh Essentially the dynamic properties of AppleTalk address management

become available for IP address allocation

You can modify all global parameters such as IP subnet mask DNS services and default routers

Macintosh IP users receive the updates by restarting their local TCP/IP drivers

The network administrator can monitor MacIP address allocations and packet statistics remotely

by using the Telnet application to attach to the communication server console This allows central

administration of IP allocations in remote locations For Internet sites it allows remote technical

assistance

However there is an important disadvantage in implementing MacIP on communication server

memory usage in the communication server increases in direct proportion to the total number of

active MacIP clients 80 about bytes per client

To configure MacIP on the Cisco communication server AppleTalk must be configured on the

communication server as follows

AppleTalk must be enabled

IP must be enabled

The MacIP zone name you configure must be associated with configured or seeded zone name

If you are using MacIP to allow Macintosh computers to communicate with IP hosts on the same LAN segment that is the Macintosh computers are on the Cisco interface on which MacIP is

configured and the IP hosts have extended IP access lists these access lists should include

entries to permit IP traffic destined for these IP hosts from the MacIP addresses If these entries be blocked are not present packets destined for IP hosts on the local segment will that is they

will not be forwarded

issues in mind When setting up MacIP routing keep the following address-range

18 Communication Server Addendum for AppleTalk Remote Access Customize the AppleTalk Configuration

Static and dynamic resource statements are cumulative and you can specify as many as

necessary However if possible you should specify single all-inclusive range rather than

several adjacent ranges For example specifying the range 131108.121.1 to 131.108.121.10 is

preferable to specifying the ranges 131.108.121.1 to 131.108.121.5 and 131.108.121.6 to 131.108.121.10

Overlapping resource ranges for example 131.108.121.1 to 131.108.121.5 and 131.108.121.5

to allowed If it is in 131.108.121.10 are not necessary to change range running server use

the no form of the resource address assignment command such as the no appletalk

followed the macip dynamic zone server-zone command to delete the original range by

corrected range statement

You add IP address allocations the address can to running server at any time as long as new

does with of the range not overlap one current ranges

To configure MacIP perform the following tasks

Step Establish MacIP server for specific zone

Step Allocate IP addresses for Macintosh users by specifying at least one dynamic or static

resource address assignment command for each MacIP server

To establish MacIP server for specific zone perform the following global configuration task

Task Command

Establish MaciP server for zone appletalk macip server ip-address zone server-zone

MacIP server is not registered using NBP until at least one MacIP resource is configured

Dynamic clients are those that accept any IP address assignment within the dynamic range specified

Dynamic addresses are for users who do not require fixed address but can be assigned addresses from pool

To allocate IP addresses for Macintosh users if you are using dynamic addresses perform the

following global configuration task

Task Command

Allocate an IP address to MacIP client appletalk macip dynamic ip-address zone

server-zone

For an example of configuring MacIP with dynamic addresses see the section Example of

Configuring MacIP

Static addresses are for users who require fixed addresses for IP DNS services and for administrators

who do not want addresses to change so they always know the IP addresses of the devices on their network

To allocate IP addresses for Macintosh users if you are using static addresses perform the following

global configuration task

Task Command

Allocate an IP address to be used by appletalk macip static ip-address zone

MacIP client that has reserved static IP server-zone

address

For an example of configuring MaciP with static addresses see the section Example of Configuring MacIP

Configuring an AppleTalk Remote Access Server 1-19 Customize the AppleTalk Configuration

In general you should not use fragmented address ranges in configuring ranges for MacIP However

if this is unavoidable use the appletalk macip dynamic command to specify as many addresses or

ranges as required and use the appletalk macip static command to assign specific address or

address range

Coiitro Access to AppUelalk Networks

An access list is list of AppleTalk network numbers or zones that is maintained by the

communication server and used to control access to or from specific zones or networks

The communication server supports two general types of AppleTalk access lists

AppleTalk-style access lists which are based on AppleTalk zones

IP-style access lists which are based on network numbers

AppleTalk-style access lists use zone names to regulate access to the internetwork Zone names are

good control points because they are the only network-level abstraction that users can access You

either can express zone names explicitly or by using generalized argument keywords.Thus using

lists when AppleTalk access simplifies network management and allows for greater flexibility

adding segments because reconfiguration requirements are minimal

define Because AppleTalk-style access lists are based on zones they allow you to access regardless of the existing network topology or any changes in future topologiesbecause they are based on

zones zone access list is effectively dynamic list of network numbers The user specifies zone

name but the effect is as if the user had specified all the network numbers belonging to that zone

IP-style access lists control network access based on network numbers This feature is useful for

defining access lists that control the disposition of networks that overlap are contained by or exactly

match specific network number range

You can combine zone and network entries in single access list Network filtering is performed

first then zone filtering is applied to the result However for optimal performance access lists

should not include both zones and numeric network entries

There are two types of filters you can use on AppleTalk networks

Data packet filters

GetZoneList GZL filters

AppleTalk network access control differs from that of other protocols in that the order of the entries

in an access list is unimportant However there are still some constraints you need to keep in mind

when defining access lists

You must design and type access list entries properly to ensure that entries do not overlap each

other An example of an overlap is if you were to enter an access-list permit network xxx statementand then enter an access-list deny network xxx statement If you do enter entries that

overlap the last one you entered overwrites and removes the previous one from the access list

In the example earlier in this paragraph this means that the penuit network statement would be removed from the the network statement access list when you typed deny

Each access list always has method for handling packets that do not satisfy any of the access

control statements in the access list

be the access-list other-access To explicitly specify how you want these packets to handled use

command when defining access conditions for networks and cable ranges and use the access-list

additional-zones command when defining access conditions for zones If you use one of these

1-20 Communication Server Addendum for AppleTalk Remote Access Customize the AppleTalk Configuration

commands it does not matter where in the list you put it the router software automatically puts

the access-list other-access or access-list additional-zones command at the end of the access

list With other protocols you must type the equivalent commands last

If do how handle the you not explicitly specify to packets that do not satisfy any of access control

statements in the access list the packets are automatically denied access and in the case of data

packets are discarded

You perform the following tasks to control access to AppleTalk networks These tasks are described

in the sections that follow

Create access lists

Create filters

Create Access Lists

An access list defines the conditions used to filter packets sent out of the interface These conditions

are sometimes also used to filter incoming packets Each access list is identified by number All

access-list commands that specify the same access list number create single access list

single access list can contain any number and any combination of access-list commands You can

include network and cable range access-list commands and zone access-list commands in the same

access list However you can only specify one each of the commands that specify default actions to

take if none of the access conditions are matched That is single access list can include only one

access-list other-access command handle that do match the to networks and cable ranges not access

conditions and only one access-list additional-zones command to handle zones that do not match

the access conditions

To create access lists that define access conditions for networks and cable ranges perform one or

more of the following tasks in global configuration mode

Task Command

Define access for single cable range for access-list access-list-number deny permit cable-

extended networks only range cable-range

Define access for an extended or nonextended access-list access-list-number deny permit

network that overlaps any part of the specified includes cable-range

range

Define access for an extended or nonextended access-list access-list-number deny permit

network that is included entirely within the within start-end

specified range

Define the default action to take for access checks access-list access-list-number deny permit other-

that apply to network numbers or cable ranges access

The access list number can be decimal value from 600 to 699

To create access lists that define access conditions for zones perform one or more of the following

tasks in global configuration mode

Task Command

Define access for zone access-list access-list-number deny permit zone

zone-name

Define the default action to take for access-list access-list-number deny permit

access checks that apply to zones additional-zones

Configuring an AppleTalk Remote Access Server 1-21 Configure System Security

The access list number can be decimal value from 600 to 699

Configure System Security

Two types of security can be used on your communication server when it is acting as an ARA server

Internal user authentication with username and password information stored on the

communication server

TACACS user authentication with username and password information stored on TACACS

server

The following sections describe these tasks See Chapter for information about the commands

listed in these tasks

Configure nterna Username Authentication

the To configure your communication server for internal username authentication perform

following task in global configuration mode

Task Command

Specify username and password username name password password

Enter this information for each supported user

Configure TACACS Securfty

You can use TACACS security if you have configured TACACS server and have CCL script that

allows you to use TACACS security This section tells you how to modify your CCL script so that

you can use TACACS security and how to configure line to use TACACS server for user authentication

Modify Scripts to Support TACACS

To Remote Access For number use AppleTalk with TACACS you must modify your CCL scripts of popular modems we provide CCL files that you can use to modify your CCL scripts to support

TACACS security This section explains how to use the CCL files provided by us to modify

AppleTalk Remote Access CCL scripts to work with TACACS security

We recommend using the ARA Modem Toolkit provided through the AppleTalk Programmers and and Developers Association APDA it provides both syntax checking script player

make AppleTalk Remote Access CCL scripts are primarily used to work with modems to

connections to remote machines When the connection has been established the script ends and

ARA is activated TACACS authentication occurs after the connection is established but before the

protocol becomes active

the Insert TACACS logic just before the end of script The CCL TACACS logic performs

following user authentication tasks

the users When the Username prompt is transmitted from the communication server name is

obtained from the Macintosh and sent to the TACACS server

the When the Password prompt is transmitted the users password is obtained from Macintosh

and sent to the TACACS server

1-22 Communication Server Addendum for AppleTalk Remote Access Configure System Security

After successful login indicated by an EXEC prompt at the communication server the EXEC

command arap is sent

The script ends and ARA begins

CCL scripts control logical flow by jumping to labels The labels are the numbers through 128 and will not necessarily be in sequential order in the script file The TACACS logic in CCL files provided by us have label numbers from 100 through 127.111 most environments copy the complete TACACS logic from an existing file

The steps for creating new TACACS CCL file are as follows

Step Copy the TACACS logic from the CCL file provided by Cisco into the file being modified

Step Locate the logical end of the script and insert the command jump 100

Copying the TACACS Logic

Inmost cases you can simply insert the TACACS logic at the appropriate place in your CCL script

The one case that requires extra attention is when the original CCL script has labels that conflict with

the Cisco logic The labels must be resolved on case-by-case basis usually by changing the label

numbers used by the original script This is fairly simple programming job but you should read and understand the manual that comes with the Modem Toolkit before beginning

Locating the Logical End of the Script

You can locate the logical end of the script by following its flow Most scripts have the following

basic structure

Initialize the modem

Dial the number

After connection display the connection speed

Exit

The characteristic logical end of the script is as follows

@label is any integer between and 128 if ANSWER Nil If were answering the phone jump directly to the label Nil pause 30 Were not answering the phone therefore we must be calling Wait three seconds for the modems to sync up @label Nil exit quit and start up ARA

is in this In this is the It common case to replace pause 30 with jump 100 fact usually only

change made to the logic of the original script

Configuring an AppleTalk Remote Access Server 123 Monitor and Debug an ABA Server

Configure TACACS Server User Authentication

To configure line to use TACACS server for user authentication perform the following tasks

Task Command

Specify line or lines line nuinbe endn unberl

Use TACACS server for user login tacacs

authentication

Figure 1-7 shows the TACACS login screen on the Macintosh

Enter your TACACS username

Figure 1-1 TACACS Login Screen on the Macintosh

Figure 1-8 shows the TACACS password screen on the Macintosh

Enter your TACACS password

Figure 1-0 TACACS Password Screen on the Macintosh

See the Communication Server Configuration Guide or the Communication Server Command

Reference publication for more information about configuring TACACS security

Montor and Debug an ARA Server

To display information about running ARA connection perform the following task in privileged

EXEC mode reached by entering the enable command and password

Task Command

information Display about running ARA show arap connection

The with of traffic since the show arap command no arguments displays summary ARA communication last booted The command with line number server was show arap specified

displays information about the connection on that line

1-24 Communication Server Addendum for AppleTalk Remote Access Configuration Examples

Monitor the AppleTalk Network

The communication server software provides several commands you can use to monitor an

AppleTalk network In addition you can use Apple Computers InterPoll which is tool to verify

that communication server is configured and operating properly Use the commands described in

this section to monitor an AppleTalk network using both communication server commands and

InterPoll

To monitor the AppleTalk network perform one or more of the following tasks

Task Command

List the entries in the AppleTalk ARP table show appletalk arp

Display AppleTalk-related interface settings show appletalk interface unit

Display the status of all known MaciP clients show appletalk macip-clients

Display the status of communication servers show appletalk macip-servers

MacIP servers

Display statistics about MaciP traffic show appletalk macip-traffic

Display the statistics about AppleTalk protocol show appletalk traffic

traffic including MacIP traffic

Display the contents of the zone information table show appletalk zone

Debug the ARA Server

To debug ARA connections perform the following tasks in privileged EXEC mode

Task Command

Debug internal ARA packets debug arap internal

Debug memory allocation for ARA debug arap memory

Debug low-level asynchronous serial protocol debug arap mnp4

Debug compression debug arap v42bis

Configuraton Exampes

This section contains examples of ARA configuration on the communication server

Example of Configuring an Extended AppleTalk Network

The following example configures the interface for an extended AppleTalk network It defines the nonextended zones Orange and Brown The cable range of one allows compatibility with AppleTalk networks

appletalk service interface ethernet appletalk cable-range 69-69 69.128 appletalk zone Orange appletalk zone Brown

Configuring an AppleTalk Remote Access Server 1-2 Configuration Examples

Example of Configuring an Extended Network in Discovery Mode

The following example configures an extended network in discovery mode In Figure 1-9

communication server provides the zone and network number information to the interface when

it starts

This communication server

supplies configuration

information for Ethernet

Figure 1-9 Discovery Mode

Use the following commands to configure this extended network in discovery mode

appleLalk service interface ethernet

appletalk cable-range 0O 0.0

1-26 Communication Server Addendum for AppleTalk Remote Access Configuration Examples

Example of Configuring ARA

described in the The following example configures the communication server for ARA support as

comments lines beginning with an exclamation point

Enable AppleTalk on the communication server appletalk service

interface Ethernet ipaddress 128.66.1.1255.255.255.0

On interface Ethernet assign network number 103 to the physical cable and assign zone name Marketing Lab to the interface Assign zone name if you are creating new AppleTalk internet If the internet already exists the zone and cable range must match exactly or you can leave the cable range at to enter discovery mode The suggested AppleTalk address for the interface in this example is 103.1 interface Ethernet appletalk cable-range 103-103 103.1 appletalk zone Marketing Lab Configure username and password for the communication server username jake password sesame On lines through InOut modems are specified the lines are configured to automatically start an EXEC session or enable AppleTalk AppleTalk Remote Access Protocol is enabled the modem speed is specified as 38400 bps and hardware flow control is enabled line modem bOut autoselect arap enabled speed 38400 flowcontrol hardware

emulator match the that set for the line Note that you must set your terminal to speed you

Example of Expanding the Cable Range

the is reentered In the following example the cable range is changed and zone name

The initial configuration is as follows

appletalk cable-range 100-103 appletalk zone Twilight Zone

cable is follows The range expanded as

appletalk cable-range 100-109

At this point you must reenter the zone name as follows

appletalk zone Twilight Zone

Configuring an AppleTalk Remote Access Server 1-27 Configuration Examples

Example of Configuring MacIP

The following example illustrates MacIP support for dynamically addressed MacIP clients with allocated addresses dynamically IP in the range 131.108.8.2 to 131.108.8.10

Specify server address and zone appletalk macip server 131.108.8.1 zone Snark

Specify dynamically addressed clients appletalk macip dynamic 131.108.8.2 131.108.8.10 zone Snark

Assign the address and subnet mask for Ethernet interface interface ethernet ipaddress 131.108.8.1255.255.255.0

Enable AppleTalk service appletalk service

interface ethernet appletalk cable range 6969 69.128 appletalk zone Snark

Specify server address and zone appletalk macip server 131.108.8.1 zone Snark

Specify dynamically addressed clients appletalk macip dynamic 131.108.8.2 131.108.8.10 zone Snack

The illustrates following example MacIP support for MacIP clients with statically allocated IP addresses

Assign the address and subnet mask for Ethernet interface interface ethernet ipaddress 131.108.8.1255.255255.0

Enable AppleTalk appletalk service

interface ethernet appletalk cable range 69-69 69.128 appletalk zone Snark Specify the server address and zone appletalk macip server 131.108.8.1 zone Snark

Specify statically addressed clients appletalk macip static 131.108.811 131.108.8.20 zone Snark appletalk macip static 131.108.831 zone Snark appletalk macip static 131.108.8.41 zone Snark appletalk macip static 131.108.8.49 zone Snark

ExampUe of Configtriiig TACACS Username Anthentcaton

In the following example line is configured for ARA and username authentication will be performed on TACACS server

line login tacacs arap enable

Caution Do not use the autoselect command if TACACS is enabled

1-28 Communication Server Addendum for AppleTalk Remote Access Configuration Examples

Example of Configuring Dedicated ARA Line

In the following example line is configured as dedicated ARA line user authentication

information is configured on the ARA server and guests are disallowed from making ARA sessions

username jsmith password woof line arap dedicated arap noguest

Example of Configuring Multiuse Line

In the following configuration ARA is enabled on lines through 16 username authentication is

configured on the ARA server and the lines are configured to automatically start an ARA session

when an ARA user on Macintosh attempts connection

username jsmith password woof line 16 autoselect arap enabled arap noguest

Example of Configuring an ARA Server

The following example shows how to set up ARA functionality on communication server

use the configure command to enter configuration mode and add the following commands to your

configuration

appletalk service interface ethernet

appletalk cable-range 0-0 0.0 sets 500CS into discovery mode line modem inout speed 38400 arap enabled autoselect

If you already know the cable-range and the zone names you need include the information in the configuration file If you do not know this information let the communication server learn about the

AppleTalk network in discovery mode by following these steps

Permit the communication server to monitor the line for few minutes

Show the configuration again using the show config command

Note the appletalk cable-range and appletalk zone variables

Manually add the information in those two entries and add any user accounts

Save the configuration

appletalk cable-range 105-105 105.222 appletalk zone Marketing Lab Do not use quotation marks in this entry username arauser password arapasswd Add as many users as you need

Configuring an AppleTalk Remote Access Server 1-29 Configuration Examples

Show the cOnfiguration again using the show config command to make sure the configuration

is correct

Exampe of Seffing up aleUebit 1-3000 Modem

The following example describes how to set up Telebit T-3000 modem that you are attaching to

500-CS communication server which supports hardware flow control The Macintosh will use

CCL script to configure the attached modem

Start with the modem at factory defaults ATF9 is the preferred configuration for hardware flow control Use the direct command if you have terminal attached to the modem or use the T/D Reset

sequence described in the Telebit T-3000 manual to reset the modem to the F9 defaults

Attach hardware flow control-capable cable between the modem and the device with which you

are configuring the modem At this point the modem is in hardware flow control mode with auto

baudrate-recognition and can detect your speed between 300 and 38400bps at 8-N-i However the

modem must receive the flow control signals from the device to which you have the modem attached

Send the modem the following commands

ATS516 EU Qi SU2 D3 R3 S582

This sequence tells the modem to perform the following tasks

Lock your DTE interface speed to 38400 bps

Turn command echo off

Do not send any result codes

Auto-answer on the second ring Germany requires this but elsewhere you can set it to answer on the first ring with sO1

When DTR is toggled reset to the settings in NVRAM

CTS is always enabled if hardware flow control is disabled

Use full-duplex RTS/CTS flow control

Write these settings to NVRAM

At this if the point you press carriage return or type characters no characters appear on your screen

because the result codes are turned off You can see if the modem is working by getting list of its

configuration registers using the following command ATV

After the modem is configured connect it to the communication server with modem-to-RJ45 Part adapter Cisco Number CAB-5MODCM and an RJ-45 cable to the liness that you plan to use

The following commands are compatible with the Telebit 3000 settings described in this section

arap enable autoselect

no escape-character flowcontol hardware modem ri-is-cd speed 38400

1-30 Communication Server Addendum for AppleTalk Remote Access Configuration Examples

If you are attaching Telebit T-3000 modem to an ASM-CS communication server use an RJ- 11 adapter and straight cable For more information about attaching Telebit T-3000 modem to an

ASM-CS communication server see the ASMCS Hardware Installation and Maintenance publication

1-31 Configuring an AppleTalk Remote Access Server Configuration Examples

1-32 Communication Server Addendum for AppleTalk Remote Access CHAPTER

AppHelaHk Remote Access Commands

This chapter provides full description of the commands presented in Chapter including

command syntax and usage guidelines Commands are presented in alphabetical order

AppleTalk Remote Access Commands 2-1 access-list additional-zones

access-list additionazones

To define the action for access checks that apply to zones use the access-list

additional-zones global configuration command

access-list accesslist-number deny permit additional-zones

Syntax Description

access-list-number Number of the access list This is decimal number from 600 to 699

deny Denies access if the conditions are matched

permit Permits access if the conditions are matched

Default

To deny access

Command Mode

Global configuration

Usage Guidelines

The access-list additional-zones command defines the action to take for access checks not defined explicitly with the access-list zone command If you do not specify this command the default action is to deny access

Example

The following example creates an access list based on AppleTalk zones

access-list 610 deny zone Twilight accesslist 610 permit additionalzones

Related Commands

access-list cable-range

access-list includes

access-list network

access-list other-access

access-list within

access-list zones

2-2 Communication Server Addendum for AppleTalk Remote Access access-list cable-range

access-hst caberange

To define list for cable networks the an AppleTalk access range for extended only use

access-list cable-range global configuration command To remove an access list use the no form

of this command

access-list access-list-number deny permit cable-range cable-range

no access-list access-list-number deny permit cable-range cable-range

Syntax Description

access-list-number Number of the access list This is decimal number from 600 to 699

deny Denies access if the conditions are matched

permit Permits access if the conditions are matched

cable-range Cable range value The argument specifies the start and end of the cable

range separated by hyphen These values are decimal numbers from

to 65279 The starting network number must be less than or equal to the

ending network number

Default

There is no AppleTalk access list defined by default for cable range

Command Mode

Global configuration

Usage Guidelines

conditions The access-list cable-range command affects matching on extended networks only The

defined by this access list are used only when the packets cable range exactly matches the cable

command The conditions are never used to match range specified in the access-list network

network number for nonextended network even if the cable range has the same starting and

ending number as the nonextended network number

To delete an access list specify the minimum number of keywords and arguments needed to delete

entire the command the proper access list For example to delete the access list use following

no access-list access-list-number

command To delete the access list for specific network use the following

no access-list access-list-number permit cable-range cable-range

Example

be forwarded those The access list created by the following commands allows all packets to except

destined to cable range 10 to 20

accesslis 600 deny cable-range 10-20 accesslist 600 permit otheraccess

AppleTalk Remote Access Commands 2-3 access-list cable-range

Related Commands

access-list additional-zones

access-list includes

access-list network

access-list other-access

access-list within

access-list zone

2-4 Communication Server Addendum for AppleTalk Remote Access access-list includes

access-hst ncudes

list that To define an AppleTalk access overlaps any part of range of network numbers or cable both extended and nonextended includes ranges for networks use the access-list global

configuration command To remove an access list use the no form of this command

access-list access-list-number deny permit includes cable-range

no access-list access-list-number deny permit includes cable-range

Syntax Description

access-list-number Number of the access list This is decimal number from 600 to 699

deny Denies access if the conditions are matched

permit Permits access if the conditions are matched

cable-range Cable range or network number The argument specifies the start and

end of the cable range separated by hyphen These values are

decimal numbers from to 65279 The starting network number must

be less than or equal to the ending network number To specify the network number set the starting and ending network numbers to same value

Default

There is no AppleTalk access list defined by default that overlaps any part of range of network numbers or cable ranges

Command Mode

Global configuration

Usage Guidelines

The access-list includes command affects matching on extended and nonextended AppleTalk

networks The conditions defined by this access list are used when the packets cable range or

of those in the network number overlaps either partially or completely one or more specified

access-list network command

To delete an access list specify the minimum number of keywords and arguments needed to delete the command the proper access list For example to delete the entire access list use following

no access-list access-list-number

To delete the access list for specific network use the following command

no access-list access-list-number deny permit includes cable-range

AppleTalk Remote Access Commands 2-5 access-list includes

Example

The defines following example an access list that permits access to packets destined to any nonextended extended network or whose network number or cable range overlaps any part of the

10 20 This for range to means example that packets whose cable ranges are 13 to 16 and 17 to 25

will be forwarded This access list also allows all other packets to be forwarded

accesslist 600 permit includes 10-20 accesslist 600 permit otheraccess

Related Commands

access-list additional-zones

access-list cable-range

access-list network

access-list other-access

access-list within

access-list zone

2-6 Communication Server Addendum for AppleTalk Remote Access access-list network

accessUst network

define list To an AppleTalk access for single network number that is for nonextended network

use the access-list network global configuration command To remove an access list use the no

form of this command

access-list access-list-number deny permit network network no access-list access-list-number deny permit network network

Syntax Description

access-list-number Number of the access list This is decimal number from 600 to 699

deny Denies access if the conditions are matched

permit Permits access if the conditions are matched

network AppleTalk network number

Default

There is no AppleTalk access list for single network number defined by default

Command Mode

Global configuration

Usage Guidelines

The access-list network command affects matching on nonextended networks oniy The conditions network defined by this access list are used only when the packets network number matches used number specified in one of the access-list network commands The conditions are never to and match cable range for an extended network even if the cable range has the same starting

ending number

needed delete To delete an access list specify the minimum number of keywords and arguments to

the desired access list For example to delete an entire access list use the following command

no access-list access-list-number

To delete the access list for specific network use the following command

no access-list access-list-number deny permit network network

Example

The following example defines an access list that forwards all packets except those destined for

networks and

accesslist 650 deny network access-list 650 deny network access-list 650 permit other-access

AppleTalk Remote Access Commands 2-7 access-list network

Related Commands

access-list additional-zones

access-list cable-range

access-list includes

access-list other-access

access-list within

access-list zone

2-U Communication Server Addendum for AppleTalk Remote Access access-list other-access

access-fist otheraccess

To define the action to take for access checks that apply to networks or cable ranges use the

access-list other-access global configuration command

access-list access-list-number deny permit other-access

Syntax Description

access-list-number Number of the access list This is decimal number from 600 to 699

deny Denies access if the conditions are matched

permit Permits access if the conditions are matched

Default

To deny other access

Command Mode

Global configuration

Usage Guidelines

The access-list other-access command defines the action to take for access checks not explicitly

defined with an access-list network access-list cable-range access-list includes or

action is other access-list within command If you do not specify this command the default to deny

access

Example

The following example defines an access list that forwards all packets except those destined for networks and

accesslist 650 deny network access-list 650 deny network access-list 650 permit otheraccess

Related Commands

access-list additional-zones

access-list cable-range

access-list includes

access-list network

access-list within

access-list zone

AppleTalk Remote Access Commands 2-9 access-list within

access-hst wthn

To define an AppleTalk access list for an extended or nonextended network whose network number

or cable range is included entirely within the specified cable range use the access-list within global

configuration command To remove this access list use the no form of this command

access-list access-list-n umber permit within cable-range

no access-list access-list-number permit within cable-range

Syntax Description

access-list-number Number of the access list This is decimal number from 600 to 699

deny Denies access if the conditions are matched

permit Permits access if the conditions are matched

Cable cable-range range or network number The argument specifies the

start and end of the cable range separated by hyphen These

arguments are decimal numbers from to 65279 The starting

network number must be less than or equal to the ending

network number To specify network number set the starting

and ending network numbers to the same value

Default

There is no AppleTalk access list defined by default for an extended or nonextended network

whose network number or cable range is included entirely within the specified cable range

Command Mode

Global configuration

Usage Guidelines

The access-list within command affects matching on extended and nonextended AppleTalk

networks The conditions defined this list used when the cable by access are packets range or

network number is completely included in one or more of those specified in the access-list network command

To delete an access list specify the minimum number of keywords and arguments needed to delete

the desired access list For example to delete the entire access list use the following command

no access-list access-list-n umber

To delete the access list for specific network use the following command

no access-list access-list-number permit within cable-range

2-10 Communication Server Addendum for AppleTalk Remote Access access-list within

Example

The following example defines an access list that permits access to packets destined to any nonextended or extended network whose network number or cable range is completely included in the range 10 to 20 This means for example that packets whose cable range is 13 to 16 will be forwarded but those whose cable range is 17 to 25 will not be forwarded The second line of the example causes all other packets to be forwarded

accesslist 600 permit within 1020 access-list 600 permit other-access

Related Commands access-list additional-zones access-list cable-range access-list includes access-list network access-list other-access access-list zone

AppleTalk Remote Access Commands 2-11 access-list zone

access-hst zone

To define an AppleTalk access list that applies to zone use the access-list zone global

configuration command To remove an access list use the no form of this command

access-list access-list-number deny permit zone zone-name no access-list access-list-nunber deny permit zone zone-name

Syntax Description

access-list-number Number of the access list This is decimal number from 600 to 699

deny Denies access if the conditions are matched

permit Permits access if the conditions are matched

zone-na/ne Name of the zone The name can include special characters from the

Apple Macintosh character set To include special character type

colon followed by two hexadecimal numbers The zone name cannot

have leading or trailing space characters

Default

There is no AppleTalk access list applied to zone by default

Command Mode

Global configuration

Usage Guidelines

To delete an access list specify the minimum number of keywords and arguments needed to delete

the proper access list For example to delete the entire access list use the following command

no access-list access-list-number

To delete the access list for specific network use the following command

no access-list access-list-number deny permit zone zone-name

Use the access-list additional-zones command to define the action to take for access checks not

explicitly defined with the access-list zone command

Example

The following example creates an access list based on AppleTalk zones

access-list 610 deny zone Twilight access-list 610 permit additional-zones

2-12 Communication Server Addendum for AppleTalk Remote Access access-list zone

Related Commands access-list additional-zones access-list cable-range access-list includes access-list network access-list other-access access-list within

AppleTalk Remote Access Commands 2-13 appletalk address

appetaik address

To enable nonextended AppleTalk on an interface use the appletalk address interface configuration

command To disable nonextended AppleTalk use the no form of this command

appletalk address network.node

no appletalk address

Syntax Description

netivork.node AppleTalk network address assigned to the interface The

argument network is the 16-bit network number in the range to 65280 The argument node is the 8-bit node number in the

range to 254 Both numbers are decimal

Default

Disabled

Command Mode

Interface configuration

Usage Guidelines

You must enable AppleTalk on the interface before assigning zone names

address Specifying an of 0.0 0.iode or neiwork.0 puts the interface into discovery mode When in

this the mode communication server attempts to determine network address information from another communication server or router on the network You can also enable discovery mode with the appletalk discovery command Note that discovery mode does not run over synchronous serial lines

Example

The following example enables nonextended AppleTalk on Ethernet interface

appletalk service interface ether appletalk address 1.129

Related Commands

appletalk cable-range

appletalk discovery

appletalk zone

2-14 Communication Server Addendum for AppleTalk Remote Access appletalk cable-range

appetak caWerange

To assign range of networks to cable use the appletalk cable-range interface configuration

command Use the no form of this command to disable cable-range setting

appletalk cable-range cable-range nodel

no appletalk cable-range

Syntax Description

cable-range Cable range or network number The argument specifies the start and end of

the cable range separated by hyphen These arguments are decimal

numbers from to 65279 The starting network number must be less than or

equal to the ending network number

networknode Optional Suggested AppleTalk address for the interface The argument

network is the 16-bit network number and the argument node is the 8-bit

node number Both numbers are decimal The suggested network number numbers must fall within the specified range of network

Default

Disabled

Command Mode

Interface configuration

Usage Guidelines

The communication server needs both valid cable range and zone list to use AppleTalk This

command must be entered before the appletalk zone command

Whenever you change the cable range the communication server clears the internal zone list and

you must enter new zone list

Configure the communication server for discovery mode if you want to find out what the current

the cable- cable range is To configure the communication server for discoveiy mode use appletalk

range 0-0 0.0 command This causes the communication server to learn about the AppleTalk

back in and enable network After saving the command in your configuration file log configuration

mode When you display the configuration will see the AppleTalk cable range and the AppleTalk

zone variables Then add those two entries to the configuration and save the configuration file

AppleTalk Remote Access commands 2-15 appletalk cable-range

Examples

The following example shows how to use discovery mode

appletalk service interface ether appletalk cable-range 0-0 0.0 line modem moot speed 38400 arap enabled autoselect

After you learn the cable range values add them to the configuration file For example

appletalk cable-range 105-105 105.222 appletalk zone Marketing username arauser password arapasswd

The following example assigns cable range of 2-2 to the interface

interface async appletalk cable-range 2-2

Related Commands

appletalk address

appletalk service

appletalk zone

2-16 Communication Server Addendum for AppleTalk Remote Access appletalk checksum

appetak checksum

To enable the generation and verification of checksums for all AppleTalk packets use the appletalk

checksum global configuration command To disable checksum generation and verification use the

no form of this command

appletalk checksum

no appletalk checksum

Syntax Description

This command has no arguments or keywords

Default

Enabled

Command Mode

Global configuration

Usage Guidelines

When the appletalk checksum command is enabled the communication server discards incoming

DDP packets when the checksum is nonzero and is incorrect and when the communication server is

the final destination for the packet

You might want to disable checksum generation and verification if you have older LaserWriter

printers or other devices that cannot receive packets that contain checksums

Example

The following example disables the generation and verification of checksums

no appleLalk checksum

AppleTalk Remote Access Commands 2-17 appletalk discovery

appHetak dscovery

To put an interface into discovery mode use the appletalk discovery interface configuration

command To disable discovery mode use the no form of this command

appletalk discovery

no appletalk discovery

Syntax Description

This command has no arguments or keywords

Default

Disabled

Command Mode

Interface configuration

Usage Guidelines

If an interface is connected to network that has at least one other operational AppleTalk

communication server or router you can dynamically configure the interface using discovery mode

In discovery mode an interface acquires network address information about the attached network

from an operational communication server or router and then uses this information to configure

itself

If you enable discovery mode on an interface that interface must configure itself by acquiring

information from another operational communication server or router on the attached network when

the communication server is starting up that interface If no operational communication server or

router is present on the connected network the interface will not start up

If you do not enable discovery mode the interface must acquire its configuration from memory when

the communication server is starting up If the stored configuration is not complete the interface will

not start up If there is another operational communication server on the connected network the

communication server will verify the stored interface configuration with that communication server

If there is any discrepancy the interface will not start up If there are no neighboring operational

communication servers the communication server will assume the stored interface configuration is correct and will start up

Once an interface is operational it can seed the configurations of other communication servers on

the connected network regardless of whether you have enabled discovery mode on any of the communication servers

If you enable appletalk discovery and the interface is restarted you must have another operational

the connected the interface will not start communication server or router on directly network or up

It is not advisable to have all communication servers and routers on network configured with

discovery mode enabled If all communication servers were to restart simultaneously for instance

after power failure the network would become inaccessible until at least one communication

server or router were restarted with discovery mode disabled

You also can enable discovery mode by specifying an address of 0.0 in the appletalk address

command or cable range of 0-0 in the appletalk cable-range command

2-18 Communication Server Addendum for AppleTalk Remote Access appletalk discovery

Discovery mode is useful when you are changing network configuration or when you are adding

communication server to an existing network

Discovery mode does not run over synchronous serial lines

Use the no appletalk discovery command to disable discovery mode and allow the interface to be

seed port If the interface is not operational when you issue this command you must configure the zone name before the interface will be operational If you are reconfiguring an operational interface by issuing the no appletalk discovery command the command will have no effect because the

network configuration is already established

Example

The following example enables discovery mode on Ethernet interface

interface ethernet appletalk cablerange 0-0 appletalk discovery

Related Commands

appletalk address

appletalk cable..range

appletalk zonc

show appletalk interface

AppleTalk Remote Access Commands 2-19 appletalk macip dynamic

appetk macp dynamic

To allocate IP addresses to dynamic MacIP clients use the appletalk macip dynamic global configuration command To delete MacIP dynamic address assignment use the no form of this command

appletalk macip dynamic ip-address zone server-zone

no appletalk macip ip-address F/p-address zone server-zone

Syntax Description

ip-address IP address in four-part dotted decimal notation To specify

range enter two IP addresses which represent the first and last

addresses in the range

server-zone Zone in which the MacIP server resides The argument server-

zone can include special characters from the Apple Macintosh

character set To include special character specify colon

followed by two hexadecimal numbers For list of Macintosh

characters refer to the Apple Computer Inc specification

Inside AppleTalk Zone names cannot have leading or trailing

space characters

Default

No IP addresses are allocated to dynamic MacIP clients

Command Mode

Global configuration

Usage Guidelines

Use the appletalk macip dynamic command when configuring MacIP

clients those that IP address within the Dynamic are accept any assignment dynamic range specified

In it is recommended that do address in general you not use fragmented ranges configuring ranges

for MacIP However if this is unavoidable use the appletalk macip dynamic command to specify

as many addresses or ranges as required and use the appletalk macip static command to assign address address specific or range

To shut down all running MacIP services use the following command

no appletalk macip

To delete particular dynamic address assignment from the configuration use the following command

no appletalk macip dynamic ip-address zone server-zone

2-20 Communication Server Addendum for AppleTalk Remote Access appletalk macip dynamic

Example

The following example illustrates MaciP support for dynamically addressed MacIP clients with IP

addresses in the raiige 131.108.128 to 131108.1.44

This global statement specifies the MacIP server address and zone appletalk macip server 131.108.1.27 zone Engineering

This global statement identifies the dynamically addressed clients appletalk macip dynamic 131.108.1.28 131.108.1.44 zone Engineering

These statements assign the IP address and subnet mask for Ethernet interface interface ether ipaddress 131.108.1.27 255.255.255.0

This global statement enables AppleTalk on the communication server appletalk service

These statements enable AppleTalk on the interface and set the zone name for the interface interface ether appletalk cablerange 6969 69.128 appletalk zone Engineering

Related Commands

dagger indicates that the command is documented in the Communication Server Command

Reference publication

appletalk macip server

appletalk macip static

ip address

show appletalk macip-servers

AppleTalk Remote Access Commands 2-21 appletalk macip server

appetak macp server

To establish MacIP server for zone use the appletalk macip server global configuration

command To shut down MACIP server use the no form of this command

appletalk macip server ip-address zone server-zone

no appletalk macip ip-address zone server-zone

Syntax Description

ip-address IP address in four-part dotted decimal notation It is suggested that this

address match the address of an existing IP interface

sel-ver-zone Zone in which the MacIP server resides The argument server-zone can

include special characters from the Apple Macintosh character set To

include special character specify colon followed by two hexadecimal

numbers For list of Macintosh characters refer to the Apple Computer

Inc specification Inside AppleTalk Zone names cannot have leading or

trailing space characters

DefaijUt

No MacIP servers are established for zone

Command Mode

Global configuration

Usage GukIeUnes

Use the appletalk macip server command when configuring MacIP

You can configure multiple MacIP servers for communication server but you can assign only one MaciP server to particular zone and only one IP interface to each MacIP server In general you must be able to establish an alias between the IP address you assign with the appletalk macip server

command and an existing IP interface For implementation simplicity it is suggested that the address

specified in this command match an existing IP interface address

MacIP server is not registered using NBP until at least one MacIP resource is configured

To shut down all active MacIP servers use the following command

no appletalk macip

To delete specific MacIP server from the MacIP configuration use the following command

no appletalk macip server ip-address zone server-zone

2-22 Communication Server Addendum for AppleTalk Remote Access appletalk macip server

Exampe

interface in The following example establishes MacIP server on Ethernet AppleTalk zone and enables the Engineering It then assigns an IP address to the Ethernet interface AppleTalk on communication server and the Ethernet interface

appletalk macip server 131.108.1.27 zone Engineering ipaddress 131.108.1.27 255.255.255.0 appletalk service interface ether appletalk cablerange 69-69 69.128 appletalk zone Engineering

Reated Commands

is documented in the Communication Server Command dagger indicates that the command

Reference publication appletalk macip dynamic appletalk macip static ip address show appletalk macipservers

AppleTalk Remote Access Commands 223 appletalk macip static

appetak macip static

To allocate an IP address to be used by MacIP client that has reserved static IP address use the

appletalk macip static global configuration command To delete MacIP static address assignment use the no form of this command

appletalk macip static ip-address zone server-zone

no appletalk macip ip-address zone server-zone

Syntax Description

IP in ip-address address four-part dotted decimal format To specify range enter two IP addresses which represent the first and last addresses in the range

Zone in which server-zone the MacIP server resides The argument server-zone can include special characters from the Apple Macintosh character set To include special character specify colon followed by two hexadecimal

numbers For list of Macintosh characters refer to the Apple Computer Inc specification Inside AppleTalk Zone names cannot have leading or

trailing space characters

Default

No IP addresses are allocated

Command Mode

Global configuration

Usage Guidelines

Use the appletalk macip static command when configuring MacIP

Static addresses are for users fixed who require addresses for IP name domain name service and for administrators who do want addresses to change so they can always know who has what IP address

In general it is recommended that do not use address in you fragmented ranges configuring ranges

for MacIP However if this is use the unavoidable appletalk macip dynamic command to specify as addresses or many ranges as required and then use the appletalk macip static command to assign specific address or address range

To shut down all MacIP running services use the following command

no appletalk macip

To delete static address particular assignment from the configuration use the following command

no appletalk macip static ip-address zone server-zone

2-24 Communication Server Addendum for AppleTalk Remote Access appletalk macip static

Example

allocated IP The following example illustrates MacIP support for MacIP clients with statically 131.108.1.50 131.108.1.66 The three nodes that have addresses The IP addresses range is from to and 131.108.1.101 the specific addresses are 131.108.181 131.108.1.92

This global statement specifies the MacIP server address and zone appletalk macip server 131.108.1.27 zone Engineering

These global statements identify the statically addressed clients appletalk macip static 131.108.1.50 131.108.1.66 zone Engineering appletalk macip static 131.108.1.81 zone Engineering appletalk macip static 131.108.1.92 zone Engineering appletalk macip static 131.108.1.101 zone Engineering

These statements assign the IP address and subnet mask for Ethernet interface interface ether ipaddress 131.108.1.27 255.255.255.0

This global statement enables AppleTalk on the communication server appletalk service

These statements enable AppleTalk on the interface and set the zone name for the interface interface ethernet appletalk cable-range 69-69 69.128 appletalk zone Engineering

Related Commands

command is documented in the Communication Server Command dagger indicates that the

Reference publication appletalk macip dynamic appletalk macip server ip address show appletalk macip-servers

2-25 AppleTalk Remote Access Commands appletalk service

appetak servce

To enable the AppleTalk connections use appletalk service global configuration command To disable AppleTalk use the no form of this command

appletalk service

no appletalk service

Syntax Description

This command has no arguments or keywords

Default

Disabled

Command Mode

Global configuration

Example

The following example enables AppleTalk protocol processing on the communication server

appleLalk service

Related Commands

appletalk cablerange

appletalk zone

2-26 Communication Server Addendum for AppleTalk Remote Access appletalk zone

appHetak zone

To set the zone name for the connected AppleTalk network use the appletalk zone interface

configuration command To delete zone use the no form of this command

appletalk zone zone-name

no appletalk zone

Syntax Description

zone-name Name of the zone The name can include special characters from the Apple Macintosh character set To include special character type

colon followed by two hexadecimal numbers For list of Macintosh

characters refer to the Apple Computer Inc specification Inside

AppleTalk The zone name cannot have leading or trailing spaces

Default

None

Command Mode

Interface configuration

Usage Guidelines

The communication server needs both valid cable range and zone list to use AppleTalk

command The appletalk cable-range command must be entered before the appletalk zone

The first zone specified in the list is the default zone

Do not use marks in the The appletalk zone command accepts spaces in zone names quotation

the show command to command entry When you have completed the entry use configuration

display the configuration file

The no form of the command deletes zone name from zone list or if you do not specify zone

the entire list Before zone list delete existing zone- name it deletes zone configuring new any

name list using the no appletalk zone command

command The internal zone list is cleared automatically when you issue an appletalk cable-range

if issue the on an network The list is also cleared you appletalk zone command existing

Changing the Zone List

and associated network AppleTalk communication servers maintain complete list of zone names

is stable the numbers AppleTalk network protocols assume that the list of zones as long as old associated networks remain reachable The only way to make an zone name disappear

associated routes to If zone name throughout your network is to cause the disappear you change the failure and keep the network numbers the same you might need to wait for next general power

lists and flush the old for parts of your network to acquire new zone entry

2-21 AppleTalk Remote Access Commands appletalk zone

Examples

The following example assigns the zone name Twilight to an interface

interface ether appletalk cable-range 10-20 appletalk zone Twilight

The colon and following example uses two hexadecimal numbers to specify Macintosh special character in the zone name CiscoeZone

appletalk zone CiscoA5Zone

Related Commands

dagger indicates that the command is documented in the Communication Server Command

Reference publication

appletalk cable-range

show appletalk zone

show configuration

2-28 Communication Server Addendum for AppleTalk Remote Access arap dedicated

arap dedicated

To configure line to be used only as an ARA connection use the arap dedicated line configuration

command Use the no form of the command to return the line to interactive mode

arap dedicated no arap dedicated

Syntax Description

This command has no arguments or keywords

Default

Disabled

Command Mode

Line configuration

Example

connections The following example configures line to be used only for ARA

line arap dedicated

AppleTalk Remote Access Commands 2-29 arap enable

arap enahe

To enable ARA for line use the arap enable command Use the no form of this command to disable ARA

arap enable no arap enable

Syntax Description

This command has no arguments or keywords

Default

Disabled

Command Mode

Line configuration

Example

The following example enables ARA on line

line arap enable

Related Command

autoselect

2-30 Communication Server Addendum for AppleTalk Remote Access arap net-access-list

arap netaccess4st

To control Macintosh access to networks use the arap net-access-list line configuration command

Use the 110 form of this command to return to the default setting

arap net-access-list net-access-list-number no net-access-list net-access-list-number

Syntax Description

net-access-list-number One of the list values configured using the AppleTalk access-list cable-

range access-list includes access-list network access-list other-

access and access-list within commands

Default

Disabled The Macintosh has access to all networks

Command Mode

Line configuration

Usage Guidelines

You can use the arap net-access-list command to apply access lists defined by the access-list cable- range access-list includes access-list network access-list other-access and access-list within commands

You cannot use the arap net-access-list command to apply access lists defined by the access-list

zone and access-list additional-zones commands

Example

Macintosh will have to the In the following example ARA is enabled on line and the access

AppleTalk access list numbered 650

line arap enable arap netaccess-Jist 650

Related Commands

access-list cable-range

access-list includes

access-list network

access-list other-access

access-list within

arap zonelist

AppleTalk Remote Access Commands 2-31 arap noguest

arap noguest

To prevent Macintosh guests from logging in to the communication server use the arap noguest

line configuration command Use the no form of this command to remove this restriction

arap noguest no arap noguest

Syntax Description

This command has no arguments or keywords

Default

Disabled

Command Mode

Line configuration

Usage Guidelines

guest is person who connects to the network without having to give name or password

Caution Do not use the arap noguest command if TACACS is enabled

Example The following example prohibits guests from logging in to the communication server

line arap enable arap noguest

2-32 Communication Server Addendum for AppleTalk Remote Access arap timelimit

arap timehmit

To set the maximum length of an ARA session for line use the arap timelimit line configuration

command Use the no form of this command to return to the default of unlimited session length

arap timelimit no arap timelimit

Syntax Description

minutes Optional Maximum length of time in minutes for session

Default

Unlimited session length

Command Mode

Line configuration

Usage Guidelines

After the specified length of time the session will be terminated

Example

The following example specifies maximum length of 20 minutes for ARA sessions

line arap enable arap timelimit 20

Related Command

arap warningtime

AppleTalk Remote Access Commands 2-33 arap warningtime

arap warnngtme

To set when disconnect warning message is displayed use the arap warningtime line

configuration command Use the no form of this command to disable this function

arap warningtime no arap warningtime

Syntax Description

minutes Optional Amount of time in minutes before the configured session time

limit At the configured amount of time before session is to be disconnected

the communication server sends message to the Macintosh client which

causes warning message to appear on the users screen

Default

Disabled

Command Mode

Line configuration

Usage Guidelines

This command can only be used if session time limit has been configured on the line

Example

The following example shows line configured for 20-minute ARA sessions with warning

17 minutes after the session is started

line arap enable arap dedicated arap timelimit 20 arap warningtime

Related Command

arap timelimit

2-34 Communication Server Addendum for AppleTalk Remote Access arap zonelist

arap zonehst

To control what zones the Macintosh client sees use the arap zonelist line configuration command

Use the no form of this command to disable the default setting

arap zonelist zone-access-list-n umber no arap zonelist zone-access-list-number

Syntax Description

zone-access-list-number One of the list values configured using the AppleTalk access-list zone or

access-list additional-zones commands

Default

Disabled The Macintosh will see all defined zones

Command Mode

Line configuration

Usage Guidelines

You ca use the arap zonelist command to apply access lists defined by the access-list zone and

access-list additional-zones command

You cannot use the arap zonelist command to apply access lists defined by the access-list network command

Example

In the following example ARA is enabled on line and the Macintosh will see only zones permitted

by access list 650

line arap enable arap zonelist 650

Related Commands

access-list additional-zones

access-list zone

arap net-access-list

AppleTalk Remote Access Commands 2-35 autoselect

autoseect

To configure line to automatically start either an ARA session or an EXEC session use the

autoselect line configuration command Use the no form of this command to disable this function

on line

autoselect

no autoselect

Syntax Description

This command has no arguments or keywords

Default

Disabled Ignores any character other than 13 which starts an EXEC session

Command Mode

Line configuration

Usage Guidelines

This command eliminates the need for Macintosh users to enter an EXEC command to start an ARA session The autoselect command configures the communication server to identify the type of connection being requested In other words when user on Macintosh running ARA presses the Connect button the communication server automatically starts an ARA session If on the other

hand the user is running SLIP or PPP the communication server starts an EXEC session that

requires the user to enter the slip or ppp command to start session This command is used on lines

used for making different types of connections

The autoselect command is required on all lines configured with arap enabled except for lines

configured for arap dedicated or lines configured for TACACS logins line that does not have

autoselect configured will see an attempt to open an ARA connection as noise and the

communication server will not respond and the user client will time out

Caution Do not use the autoselect command if TACACS is enabled

Example

The following example enables ARA on line

line arap enable autoselect

2-36 Communication Server Addendum for AppleTalk Remote Access debug arap

debug arap

To debug ARA sessions use the debug arap privileged EXEC command Use the no form of this

command to turn off the debugging function

debug arap internal memory mnp4 v42bis no debug arap

Syntax Description

internal Debug internal ARA packets

memory Debug memory allocation for ARA

mnp4 Debug low-level asynchronous serial protocol

v42bis Debug compression

Default

Disabled

Command Mode

Privileged EXEC

Example

line The following example activates debugging internal ARA packets on

CS debug arap internal

AppleTalk Remote Access Commands 2-37 login tacacs

ogn tacacs

To configure your communication server to use TACACS user authentication use the login tacacs

line configuration command The no form of this command disables TACACS user authentication

for line

no login tacacs

Syntax Description

This command has no arguments or keywords

Default

Disabled

Command Mode

Line configuration

Usage Guidelines You can use TACACS security if you have configured TACACS server and you have CCL script that allows you to use TACACS security See the Configure TACACS Security section in for Chapter information about using files provided by Cisco to modify CCL scripts to support TACACS user authentication

Example

In the following example lines through 16 are configured for TACACS user authentication

line 16 login tacacs

2-38 Communication Server Addendum for AppleTalk Remote Access show appletalk arp

show appetalk arp

To display the entries in the AppleTalk Address Resolution Protocol AARP cache use the show

appletalk arp EXEC command

show appletalk arp

Syntax Description

This command has no arguments or keywords

Command Mode EXEC

Usage Guidelines

AARP establishes associates between network addresses and hardware MAC addresses This

information is maintained in the communication servers AARP cache

Sample Display

The following is sample output from the show appletalk arp privileged EXEC command

CS show appletalk arp Address Age mm Type Hardware Addr Encap Interface 2000.1 Hardware 0000.0c04.1111 SNAP Ehernet1

Table 2-1 describes the fields shown in the display

Table 2-1 Show AppleTalk ARP Field Descriptions

Field Description

Address AppleTalk network address of the interface

in that this has been in the ARP table Entries are Age mm Time minutes entry

purged after they have been in the table for 240 minutes hours

hyphen indicates that this is new entry

Indicates the table learned It can be one of the Tpe how ARP ently was

following

DynamicEntry was learned using AARP

HardwareEntry was learned from an adapter in the communication

server

PendingEntiy for destination for which the communication server

does not yet know the address When packet requests to be sent to an

address for which the communication server does not yet have the

MAC-level address the communication server creates an AARP entry

for that AppleTalk address then sends an AARP Resolve packet to get

the MAC-level address for that node When the communication server AARP gets the response the entry is marked Dynamic pending

entry times out after one minute

2-39 AppleTalk Remote Access Commands show appletalk arp

Field Description

Hardware Addr MAC address of this interface

Encap Encapsulation type It can be one of the following

ARPAEthernet-type encapsulation

SNAPIEEE 802.3 encapsulation

Interface Tipe and number of the interface

2-40 Communication Server Addendum for AppleTalk Remote Access show appletalk interface

show appetak interface

To display the status of the AppleTalk interfaces and the parameters configured on each interface

use the show appletalk interface EXEC command

show appletalk interface unit

Syntax Description

brief Optional Displays brief summary of the status of the AppleTalk interfaces

unit Interface unit be inteiface Optional and identifiers The argument interface can

one of the following types asynchronous dialer Ethernet IEEE 8023

loopback null serial or tunnel The argument unit is the number of the

interface For example ethernet specifies the first Ethernet interface

Command Mode EXEC

Usage Guidelines

The show appletalk interface command is particularly useful for discovering the status of the

interface when you first enable AppleTalk

Sample Displays

The following is sample output from the show appletalk interface command for an extended AppleTalk network

CS show appletalk interface EthernetO is up line protocol is up AppleTalk cable range is 111-111 AppleTalk address is 111.188 Valid AppleTalk zone is Cisco Interop Demo AppleTalk port configuration verified by 111.59 AppleTalk route cache is not supported by hardware

Table 2-2 describes the fields shown in the display as well as some fields not shown but that might

also be displayed

AppleTalk Remote Access Commands 2-41 show appletalk interface

Table 2-2 Show AppleTalk Interface Field Descriptions for an Extended Network

Field Description

EthernetO is up Type of interface and whether it is currently active and inserted into the network up or inactive and not inserted down

line is protocol up Indicates whether the software processes that handle the line

protocol believe the interface is usable that is whether the

keepalives are successful

cable AppleTalk range is start-end Cable range of the interface

AppleTalk address is address Valid Address of the interface and whether the address conflicts with

any other address on the network valid means it does not

AppleTalk zone is zone Name of the zone that this interface is in

AppleTalk port configuration verified Indicates whether the interface was configured in discovery mode

by address name if it was this line shows which communication server provided

the configuration information

AppleTalk route cache is not Indicates whether fast switching is enabled on the interface

supported by hardware

Port configuration mismatch Indicates that the communication server is misconfigured

Interface violates Internet Usually indicates that extended and nonextended AppleTalk nodes

compatibility are incorrectly sharing the same network

The following is sample output from the show appletalk interface command for nonextended AppleTalk network

CS show appletalk interface eO

Ethernet0 is up line protocol is up AppleTalk address is 666128 Valid AppleTalk zone is Underworld

Table 2-3 describes the fields shown in the display

Table 2-3 Show AppleTalk Interface Field Descriptions for Nonextended Network

Field Description

Ethernet is of up Type interface and whether it is currently active and inserted into the network up or inactive and not inserted down

line is protocol up Indicates whether the software processes that handle the line

protocol believe the interface is usable that is whether keepalives

are successful

AppleTalk address is address Valid Address of the interface and whether the address conflicts with

any other address on the network valid means it does not

AppleTalk zone is zone Name of the zone that this interface is in

The following is sample output from the show appletalk interface brief command

CS show appletalk interface brief Interface Address Config Status/Line Protocol Atalk Protocol

EthernetO 10.82 Extended up up Async unassigned not coat igd administratively down n/a

Table 2-4 describes the fields shown in the display

2-42 Communication Server Addendum for AppleTalk Remote Access show appletalk interface

Table 2-4 Show AppleTalk Interface Brief Field Descriptions

Field Description

Interface Interface and unit identifiers

Address Address assigned to the interface

Config How the interface is configured Possible values are extended nonextended and not configured

handle the line Status/Line Protocol Whether the software processes that protocol

believe the interface is usable that is whether keepalives are

successful

interface Atallc Protocol Whether AppleTalk is up and running on the

2-43 AppleTalk Remote Access Commands show appletalk macip-clients

show appetak macpcUents

To display status information about all known MacIP clients use the show appletalk macip-clients EXEC command

show appletalk macip-clients

Syntax Description

This command has no arguments or keywords

Command Mode EXEC

Sample Display

The is from following sample output the show appletalk macip-clients command

CS show appletalk macip-clients l3l.lO8.l99.l@ 45 secs S/W Test Lab

Table 2-5 describes the fields shown in the display

Table 2-5 Show AppleTalk MacIP Clients Field Descriptions

Field Description

13l.l08.l99l@ Client IP address

DDP address of the registered entity showing the network number node address and socket number

45 sees Time in seconds since the last NBP confirmation was received

Test SIW Lab Name of the zone to which the MacIP client is attached

Related Command

show appletalk traffic

2-44 Communication Server Addendum for AppleTalk Remote Access show appletalk macip-servers

show appetak macpservers

communication servers use the show To display status information about servers appletalk

macip-servers EXEC command

show appletalk macip-servers

Syntax Description

This command has no arguments or keywords

Command Mode EXEC

Usage Guidelines

determine the The information in the show appletalk macip-servers display can help you quickly In the STATE field can problems in status of your MacIP configuration particular help identify your

AppleTalk environment

Sample Display command The following is sample output from the show appletalk macip-servers

CS show appletalk macip-servers MACIP SERVER IP 131.108.199.221 ZONE S/W Test Lab STATE is server_up Resource DYNAMIC 131.108.199.1-131.108.199.10 1/10 IP in use Resource STATIC 131.108.19911131.108.199.20 0/10 IP in use

Table 2-6 describes the fields shown in the display

Table 2-6 Show AppleTalk MaciP Servers Field Descriptions

Field Description

MACIP SERVER Number of the MacIP server This number is assigned arbitrarily

IP 131.108.199.221 IP address of the MaciF server

with the server ZONE S/W Test Lab AppleTalk server zone specified appletalk macip command

lists the states STATE is server_up State of the server Table 2-8 possible

If the server remains in the resource_wait state check that resources

have been assigned to this server with either the appletalk macip command dynamic or the appletalk macip static

in the and Resource DYNAMIC Resource specifications defined appletalk macip dynamic

This list indicates whether the 131108.199.l-13l.l08.199.10 appletalk macip static commands the 1/10 IF in use resource address was assigned dynamically or statically identifies

the and IP address range associated with resource specification

indicates the number of active MacIP clients

2-45 AppleTalk Remote Access Commands show appletalk macip-servers

Use the show appletalk command with macipservers show appletalk interface to identify AppleTalk network problems as follows

Step Determine the state of the MacIP server using show macip-servers If the STATE field

continues to indicate an anomalous status other than something server_up such as resource_wait or zone_wait there is problem

Step Determine the status of and the AppleTalk specific interface using the show appletalk interface command

If the and Step protocol interface are up check the MacIP configuration commands for inconsistencies in the IP address and zone

The STATE field of the show appletalk macip-servers command indicates the current state of each MacIP configured server Each server operates according to the finite-state machine table in

Table 2-7 Table 2-8 describes the state functions listed in Table 2-7 These are the states that are displayed by the show appletalk macip-servers command

Table 2-7 MaciP Finite-State Machine Table

State Event New State Notes

initial ADD_SERVER resource_wait Server configured

resource wait TIMEOUT resource_wait Wait for resources

resource_wait ADD_RESOURCE zone_wait Wait for zone seeding

zone_wait ZONE_SEEDED server_start Register server

zone_wait TIMEOUT zone_wait Wait until seeded

server_start START_OK reg_wait Wait for server register

server_start START_FAIL del_server Could not start possible

configuration error

reg_wait REG_OK server_up Registration successful

reg_wait REG_FAIL del_server Registration failed possible

duplicate IP address

reg_wait TIMEOUT reg_wait Wait until register

server_up TIMEOUT send_confirms NBP confirm all clients

send_confirms CONFIRM_OK Server_up

send_confirms ZONE_DOWN zone_wait Zone oi IP inteiface down

restart

ADD_RESOURCE Ignore except resource_wait DEL_SERVER del_server No server statement HALT DEL_RESOURCE ck_resource Ignore show appletalk macip-servers

Table 2-8 Server States

State Description ck_resource The server makes sure at least one client range is available If not it

deregisters NBP names and returns to the resource_wait state del_server State at which all servers end In this state the server deregisters all

deallocates NBP names purges all clients and server resources

initial State at which all servers start

has been resource-wait The server waits until client range for the server configured

send_confirms The server requests response from active clients every minute

deletes clients that have not responded within the last minutes and

If the checks IP and AppleTalk interfaces used by MacIP server

interfaces are down or have been reconfigured the server restarts

server_start The server registers configured IPADDRESS and registers as

IPGATEWAY It then opens an ATP socket to listen for IP address

assignment requests sends NBP lookup requests for existing

IPADDRESSes and automatically adds clients with addresses within

one of the configured client ranges

has This enables to client The server_up Server registered routing ranges

server now responds to IP address assignment requests

zone_wait The server waits until the configured AppleTalk zone name for the has server is up The server will remain in this state if no such zone

been configured or if AppleTalk is not enabled

An asterisk in the first colunm represents any state An asterisk in the

second colunm represents return to the previous state

Related Commands

appletalk macip dynamic

appletalk macip server

appletalk macip static

show appletalk interface

show appletalk traffic

AppleTalk Remote Access Commands 2-47 show appletalk macip-traffic

show appHetak macp4raffic

To statistics about MacIP traffic the display through communication server use the show appletalk macip-traffic EXEC command

show appletalk macip-traffic

Syntax Description

This command has no arguments or keywords

Command Mode EXEC

Usage Guidelines

the Use show appletalk macip-traffic command to obtain detailed breakdown of MacIP traffic

that is sent communication server from through an AppleTalk to an IP network The output from this command differs from that of the show appletalk traffic command which shows normal

traffic AppleTalk generated received or routed by the communication server

Sample Display

The is following sample output from the show appletalk macip-traffic command

CS show appletalk macip-traff Ic -- MACIP Statistics MACIP SOP IN 11062 MACIP_DDPIPOtJT 10984 MACIPDDPNOCLIENT SERVICE 78 MACIP_IPIN 7619 MACIPIPDDPQTJT 7619 MACIP SERVER IN 62 MAC IP SERVER OUT 52 MACIP SERVER BAD ATP 10 MACIP SERVER ASSIGN IN 26 MACIP SERVER ASSIGN OUT 26 MACIP SERVER INFO IN 26 MAC IP SERVER INFO OUT 26

Table 2-9 describes the fields shown in the display

2-48 Communication Server Addendum for AppleTalk Remote Access show appletalk macip-traftic

Table 2-9 Show AppleTalk MaciP Traffic Field Descriptions

Field Description

received the communication MACIP_DDP_IN Number of DDP packets by

server

of received the communication MACIP_DDP_IP_OUT Number DDP packets by

server that were sent to the IP network

MACIP_DDP_NO_CLIENT_SBRVICE MacIP servers are configured to serve specific range of IP addresses If client Macintosh has been assigned an

IP address that is not in the server range and then tries to

route packet thru the MaciP server the packet is dropped

and this statistic is incremented

This situation usually arises when the server is restarted

after being configured with different range of addresses

because the client Macintosh must reboot and obtain new

address

MACIP_IP_IN Number of IP packets received by the communication

server

of IP received the communication MACIP_IP_DDP_OUT Number packets by

server that were sent to the AppleTalk network

of destined for servers MACIP_SERVERJN Number packets MacIP

MACIP_SERVER_OUT Number of packets sent by MacIP servers

MACIP_SERVER_BAD_ATP This statistic is incremented if MacIP receives badly

formated AppleTalk ATP packet

MACIP_SERVER_ASSIGN_IN Counts the total number of assignment request packets

received by MacIP

MACIP_SERVER_ASSIGN_OUT Counts the total number of assignment request packet

replies sent by MaciP It should be equal to the MACIP_SERVER_AS SIGN_IN statistic

number of information MACIP_SERVER_INFO_IN This statistic counts the total The information request packets received by MacIP

after it has received its request is sent by MacIP clients

address assignment

MACIP_SERVER_INFO_OUT This statistic counts the total number of information information request packets sent by macip The response contains the IP subnet mask the IP broadcast address the

default IP router the default domain name and the IP

address of the configured domain name server

Related Command

show appletalk traffic

AppleTalk Remote Access Commands 2-49 show appletalk traffic

show appetak traffic

To display statistics about MacIP AppleTalk traffic including traffic use the show appletalk traffic EXEC command

show appletalk traffic

Syntax Description

This command has no arguments or keywords

Command Mode EXEC

Usage Guidelines

For MacIP traffic an IP alias is established for each MacIP client and for the IP address of the MacIP

server if it does not match IP an existing interface address To display the client aliases use the show ip aliases command

Sample Display The following is sample output from the show appletalk traffic command

CS show appletalk traffic AppleTalk statistics Rcvd 357471 total checksum errors 264 bad hop count 321006 local destination access denied for MaciP bad MaciP no client 13510 port disabled 2437 no listener ignored martians Bcast 191881 received 270406 sent Sent 550293 generated 66495 forwarded 1840 fast forwarded forwarded from MaciP MaciP failures 436 encapsulation failed no route no source DDP 387265 long short macip bad size NEP 302779 received invalid proxies 57875 replies sent 59947 forwards 418674 lookups 432 failures RTMP 108454 received requests invalid 40189 ignored 90170 sent replies ATP received

ZIP 13619 received 33633 sent 32 netinfo Echo received discarded illegal generated replies sent Responder received illegal unknown replies sent failures AARP 85 requests 149 replies 100 probes 84 martians bad encapsulation unknown 278 sent failures 29 delays 315 drops Lost no buffers Unknown packets Discarded 130475 wrong encapsulation bad SNAP discriminator

Table 240 describes the fields shown in the display

2-50 Communication Server Addendum for AppleTalk Remote Access show appletalk traffic

Table 2-10 Show AppleTalk Traffic Field Descriptions

Field Description

Rcvd This section describes the packets that the communication server has received

357741 total Total number of packets the communication server received

checksum errors Number of packets that were discarded because their DDP checksum

was incorrect The DDP checksum is verified for packets that are

directed to the communication server It is not verified for forwarded

packets

264 bad hop count Number of packets discarded because they had traveled too many

hops

321006 local destination Number of packets addressed to the local communication server

access denied Number of packets discarded because they were denied by an access

list

for MaciF Number of AppleTalk packets the communication server received

that were encapsulated within an IP packet

bad MacIP Number of bad MacIP packets the communication server received

been malformed not and discarded These packets may have or may

have included destination address

no client Number of packets discarded because they were directed to

nonexistent MacIP client

disabled for that 13510 port disabled Number of packets discarded because routing was

port extended AppleTalk only This is the result of configuration

is in error or packet being received while the communication server

verificationIdiscoveiy mode

socket 2437 no listener Number of packets discarded because they were directed to

that had no services associated with it

ignored Number of routing update packets ignored because they were from

misconfigured neighbor or because routing was disabled

martians Number of packets discarded because they contained bogus

information in the DDP header What distinguishes this error from

the others is that the data in the header is never valid as opposed to

not being valid at given point in time

Bcast Number of broadcast packets sent and received by the

communication server

Sent This section describes the packets that the communication server has

transmitted

the communication 550293 generated Number of packets sent that were generated by

server

66495 forwarded Number of packets sent that were forwarded by the communication

servei

cache 1840 fast forwarded Number of packets sent using routes from the fast-switching

forwarded that forwarded from MacIP Number of IP packets the communication server were

encapsulated within an AppleTalk DDP packet

MaciP failures Number of MacIP packets sent that were corrupted during the MacIP

encapsulation process

AppleTalk Remote Access Commands 2-51 show appletalk traffic

Field Description

436 encapsulation failed Number of packets the communication server could not send because

encapsulation failed This can happen because encapsulation of the

DDP packet failed or because AARP address resolution failed

no route Number of packets the communication server could not send because

it knew of no route to the destination

no source Number of packets the communication server sent when it did not

know its own address This should happen only if something is

seriously wrong with the communication server or network

configuration DDP This section describes DDP packets seen by the communication

server

387265 long Number of DDP long packets

short Number of DDP short packets

macip Number of IP packets encapsulated in an AppleTalk DDP packet that

the communication server sent

bad size Number of packets whose physical packet length and claimed length differed

NBP This section describes NBP packets

302779 received Total number of NBP packets received

invalid Number of invalid NBP received Causes include packets invalid op code and invalid packet type

proxies Number of NBP proxy lookup requests received by the

communication server when it was configured for NBP proxy

transition usage

57875 replies sent Number of NBP replies the communication server has sent

59947 forwards Number of NBP forward requests the communication server has received

418674 lookups Number of NBP lookups the communication server has received

432 failures Generic counter that increments any time the NBP process experiences problem

RTMP This section describes RTMP packets

108454 received Total number of RTMP packets the communication server has received

requests Number of RTMP requests the communication server has received

invalid Number of invalid RTMP packets received Causes include invalid code and op invalid packet type

40189 ignored Number of RTMP packets the communication server ignored One

reason for this is that the interface is still in discoveiy mode and is

not yet initialized

90170 sent Number of RTMP packets the communication server has broadcast

replies Number of RTMP replies the communication server has sent

ATP This section describes ATP packets

received Number of ATP packets the communication server received

ZIP This section describes ZIP packets

13619 received Number of ZIP packets the communication server has received

2-52 Communication Server Addendum for AppleTalk Remote Access show appletalk traffic

Field Description

33633 sent Number of ZIP packets the communication server has sent

32 netinfo Number of packets that requested port configuration via ZIP

GetNetlnfo requests These are commonly used during node startup

and are occasionally used by some AppleTalk network management

software packages

Echo This section describes AEP packets

received Number of AEP packets the communication server received

discarded Number of AEP packets the communication server discarded

illegal Number of illegal AEP packets the communication server received

generated Number of AEP packets the communication server generated

replies sent Number of AEP replies the communication server sent

Responder This section describes Responder Request packets

received Number of Responder Request packets the communication server received

illegal Number of illegal Responder Request packets the communication

server received

unknown Number of Responder Request packets the communication server

received that it did not recognize

communication replies sent Number of Responder Request replies the server sent

failures Number of Responder Request replies the communication server

could not send

AARP This section describes AARP packets

received 85 requests Number of AARP requests the communication server

received 149 replies Number of AARP replies the communication server

100 probes Number of AARP probe packets the communication server sent

did 84 martians Number of AARP packets the communication server not of martians recognize If you start seeing an inordinate number on an

interface check whether bridge has been inserted into the network

is it floods the network with AARP When bridge starting up

packets

bad encapsulation Number of AARP packets received that had an unrecognizable

encapsulation

did unknown Number of AARP packets the communication server not

recognize

278 sent Number of AARP packets the communication server sent

send failures Number of AARP packets the communication server could not

results 29 delays Number of AppleTalk packets delayed while waiting for the

of an AARP request

315 drops Number of AppleTalk packets dropped because an AARP request

failed

Lost no buffers Number of packets lost due to lack of buffer space

Unknown packets Number of packets whose protocol could not be determined

AppleTalk Remote Access Commands 2-53 show appletalk traffic

Field Description

Discarded This section describes the number of packets that were discarded

130475 wrong encapsulation Number of packets discarded because they had the wrong

encapsulation.That is nonextended AppleTalk packets were on an

extended AppleTalk network or vice versa

bad SNAP discrimination Number of discarded because packets they had the wrong SNAP discriminator This occurs when another AppleTalk device has

implemented an obsolete or incorrect packet format

Related Commands

dagger indicates that the command is documented in the Communication Server Command

Reference publication

show appletalk macip-traffic

show ip aliases

2-54 Communication Server Addendum for AppleTalk Remote Access show appletalk zone

show appHetak zone

To display the entries in the zone information table use the show appletalk zone EXEC command

show appletalk zone

Syntax Description

no argument Displays all entries in the zone information table

zone-name Optional Displays the entry for the specified zone

Command Mode EXEC

Usage Guidelines

You can use this command on extended and nonextended networks

zone name can be associated with multiple network addresses or cable ranges or both This means

that zone name will effectively replace multiple network addresses in zone filtering This is named reflected in the output of the show appletalk zone command For example the zone and four cable Mt View in the sample display below is associated with two network numbers ranges

Sample Display

The following is sample output from the show appletalk zone command

CS show appletalk zone Name Networks Gates of Hell 666-666 Engineering 2929 40424042 customer eng 19-19 CISCO ID 41404140 Daves House 3876 3924 5007 Narrow Beam 40134013 4023-4023 40374037 40384038 Low End SW Lab 6160 41724172 95559555 41604160 Tirn naOg 199-199 Mt View 70107010 7122 7142 70207020 70407040 70607060 Mt View 7152 70507050 UDP 111212 Empty Guf 69-69 Light 80 europe 2010 3010 3034 5004 Bldg13 4032 5026 61669 3012 3025 3032 5025 5027 Bldg17 3004 3024 5002 5006

Table 2-11 describes the fields shown in the display

AppleTalk Remote Access Commands 2-55 show appletalk zone

Table 2-11 Show AppleTalk Zone Field Descriptions

Field Description

Name Name of the zone

Networks Cable ranges or network numbers assigned to this zone

The is from the following sample output show appletalk zone command when you specify zone name

CS show appletalk zone CISCO IP AppleTalk Zone Information for CISCO IP Valid for nets 4140-4140

Not associated with any interface Not associated with any access list

Table 2-12 describes the fields shown in the display

Table 2-12 Show AppleTalk Zone Field Descriptions for Specific Zone Name

Field Description

AppleTalk Zone Information for Name of the zone CISCO IP

Valid for nets 4140-4140 Cable ranges or network numbers assigned to this zone

Not associated with any interface Interfaces that have been assigned to this zone

Not associated with any access list Access lists that have been defined for this zone

Related Command

appletalk zone

2-56 Communication Server Addendum for AppleTalk Remote Access show arap

show arap

To display information about running ARAP connection use the show arap EXEC command

show arap

Syntax Description

line-number Optional Number of the line on which an ARAP connection is

established and active

Command Mode

User-level EXEC

Usage Guidelines

Use the show arap command with no arguments to display summary of the ARAP traffic since the

communication server was last booted

Sample Display

The following is sample output from the show arap conmiand

CS show arap Statistics are cumulative since last reboot Total ARAP connections Total Appletalk packets output 157824 Total Appletalk packets input 12465

These fields refer to the sum of all of the ARA connections since the box was last reloaded

The following example results in display of information about ARA activity on specific line

line

CS show arap

Active for 23 minutes

Unlimited time left or 22 minutes left Doing smartbuffering or Smartbuffering disabled Appletalk packets output 157824 Appletalk packets input 12465 Appletalk packets overflowed 1642 Appletalk packets dropped 586 V42bis compression efficiency incoming/outgoing Ipercentage/percentage MNP4 packets received 864 MNP4 packets sent 1068 MNP4 garbled packets received MNP4 out of order packets received MNP4 packets resent MNP4 nobuffers

AppleTalk Remote Access Commands 2-57 show arap

Table 2-13 describes the fields shown in the display

Table 2-13 Show ARAP Field Descriptions

Field Description

Active for integer minutes Number of minutes since ARAP started on the line

Unlimited time left or integer minutes left Remaining time limit on the line if applicable on

the line

disabled Doing smartbuffering or Smartbuffering Obsolete Always says Doing smartbuffering

Appletalk packets output Number of AppleTalk packets that have been

received from the macintosh and out to the network

during this connection

Appletalk packets input Number of AppleTalk packets have been received

from the network and sent to the macintosh during

this connection

Appletallc packets overflowed Number of packets from the network that have

been dropped because the link to the macintosh was

congested

Appletalk packets dropped Number of packets from the network that have

been dropped because it was unnecessary to pass

them frequently RTMP

V42bis compression efficiency incoming Performance of the v42bis protocol underneath

outgoing ARA expressed as percentage of incoming

percentage outgoing If the efficiency is low

network user is probably copying already

compressed files across the link Generally low

efficieny means slow performance

MNP4 packets received Number of link-level packets that have been

received from the macintosh

MNP4 sent packets How many link-level packets have been sent to the macintosh

MNP4 garbled packets received Number of garbled packets that have been received

from the macintosh

MNP4 out of order packets received Number of out-of-order packets that have been

received from the macintosh

MNP4 packets resent Number of times packets have been resent

Each of these fields indicates line noise The higher

the value the higher the noise

MNP4 nobuffers How many times MNP4 has run out of buffers

This field should be zero

2-8 Communication Server Addendum for AppleTalk Remote Access INDEX

definition 1-13 2-18

enabling on extended interface 1-14 1-26 2-14 2-18 access control dynamic address assignment 1-6 AppleTalk 1-201-22 2-2 enabling 2-26 configuring for AppleTalk Remote Access 2-31 EtherTalk 2.0 1-4 configuring for ARA 1-16 2-35 extended Phase 1-4 description 1-4 extended addresses 1-7 access lists AppleTalk extended interface avoiding overlap 1-20 cable range assigning 1-12 network number configuring example 1-25 creating 1-21 2-3 2-5 2-7 2-9 2-10 discovery mode example 1-25 definition 1-20 enabling routing 1-14 2-18 rules for defining 1-20 enabling routing example 1-26 zone zone name assigning 1-12 creating 1-20 1-21 2-2 2-12 extended zones 1-7 definitions 1-20 interfaces access-list additional-zones command 1-21 2-2 configuring dynamically 1-13 2-18 access-list cable-range command 2-3 2-41 displaying status of 1-25 access-list includes command 1-21 2-5 interfaces supported 1-2 access-list network command 2-7 MacIP access-list other-access command 1-21 2-9 address ranges 1-18 access-list within command 1-21 2-10 addresses allocating 1-19 2-20 2-24 access-list zone command 2-12 advantages 1-18 addresses 2-44 clients displaying 1-25 AppleTalk extended 1-7 1-18 configuration requirements AppleTalk nonextended 1-5 definition 1-18 AEP access to via the ping command 1-4 disadvantages 1-18 alias AppleTalk NBP 1-6 implementation 1-18 Apple Networking Architecture ANA 1-3 servers 1-19 1-25 2-22 2-45 AppleTalk traffic displaying statistics about 1-25 2-48 access control 1-201-22 2-2 2-50 access lists MacIP configuring 1-18 network number creating 1-21 2-3 2-5 2-7 2- monitoring tasks 1-25 2-10 NBP aliases 1-6 network number creating definition 1-20 NBP definition 1-5 rules for defining 1-20 network 1-2 zone creating 1-21 2-2 2-12 node 1-2 ARP table displaying entries 1-25 2-39 node numbers 1-6 assigning nonextended Phase 1-4 networks to cable 2-15 nonextended addresses 1-5 2-14 zone names 2-27 1-17 optional configuration commands cable range OSI reference model 1-3 assigning to interface 1-12 checksum performance tuning disabling generation expanding example 1-27 and verification 1-17 checksum generation and verification Phase 1-4 disabling 1-17 2-17 Phase 1-4 enabling 2-17 protocol description 1-2 configuration task list 1-17 routing configuring an interface 2-18 enabling dynamically 1-14 1-26 discovery mode 1-26 enabling example 1-25 extended network 1-25 1-13 enabling manually 1-12 manual mode 1-12 seed device 1-6 customizing configuration 1-17 2-50 traffic displaying statistics about 1-25 description of protocol 1-2 ZIP protocol 1-6 discovery mode

Index zone 1-2 disabling on AppleTalk networks 1-17

assigning name 1-12 2-27 enabling on AppleTalk networks 2-17

definition 1-5 communication server configuring as an ARA server 1-1

name format 2-27 configurable protocol constants 1-4

special characters 2-27 configuration task list AppleTalk 1-17

zone information table displaying 1-25 2-55 configuring communication server as an ARA server 1-1

address command 2-14 appletalk configuring an interface manually 1-12 AppleTalk Address Resolution Protocol AARP 1-3

appletalk cable-range command 1-14 2-15

appletalk checksum command 1-17 2-17

appletalk discoveiy command 1-14 2-18 AppleTalk Echo Protocol AEP 1-3 Datagram Delivery Protocol DDP 1-3 appletalk macip dynamic command 1-19 2-20 debug arap command 2-37 appletalk macip server command 1-19 2-22 debug command 1-25 appletalk macip static command 1-19 2-24 debugging an ARA server 1-24 1-25 AppleTalk Remote Access ARA dedicated line automatically starting session example 1-29 ARA configuration example 1-29 configuration example 1-27 configuring 2-29 configuring access control 1-16 2-3 2-35 setting 1-16 conserving memory 1-16 disconnect warning time setting 1-16 2-34 customizing support 1-15 discovery mode debugging 1-24 2-37 definition 1-13 2-18 dedicated line example 1-29 enabling on extended interface 1-14 2-14 2-15 enabling 1-15 2-30 2-18 monitoring 1-24 2-57 enabling on nonextended interface 2-18 optional configuration commands 1-15 dynamic address assignment AppleTalk 1-6 prerequisites for connectivity 1-1 dynamic interface configuration AppleTalk 1-12 using on your Macintosh 1-1

appletalk routing command 2-26

appletalk service command 1-12 2-26 AppleTalk Transaction Protocol ATP 1-3

appletalk zone command 1-12 2-27 ARA EtherTalk 1.2 and 2.0 support for 1-4 Ciscos implementation 1-1 examples ARA configurations 1-251-31 ARA server configuring example 1-29

arap dedicated command 1-16 2-29

arap enable command 1-15 2-30

arap net-access-list command 1-17 2-31

arap noguest command 1-16 2-32 guests arap timelimit command 1-16 2-33 2-32 arap warningtime command 1-16 2-34 allowing 1-16 2-32 arap zonelist command 1-17 2-35 disallowing

automatic response

configuring 1-15

setting 2-36

autoselect command 1-15 2-36

InterPoll 1-4 1-8 1-9 1-25

interfaces

AppleTalk 1-5 1-7

X25 1-7 cable ranges

AppleTalk extended 1-7

expanding example 1-27

CCL scripts modifying 1-221-23 checksum generation and verification

Communication Server Addendum for AppleTalk Remote Access limit to number of zones 1-4 security line command 1-15 internal username authentication 1-22

modifications for TACACS 1-221-23 login tacacs command 1-24 2-38

seed device AppleTalk 1-6

show appletalk arp command 1-25 2-39

show appletalk interface command 1-25 2-41

show appletalk macip-clients command 1-25 2-44

show appletalk macip-servers command 1-25 2-45 MacIP show appletalk macip-traffic command 1-25 2-48 address ranges 1-18 show appletalk traffic command 1-25 2-50 addresses allocating 1-19 2-20 2-24 show appletalk zone command 1-25 2-55 advantages 1-18 show arap command 1-24 2-57 clients displaying 1-25 2-44 status of interface displaying 2-41 1-18 configuration requirements 1-22 system security configuring definition 1-18

disadvantages 1-18

implementation 1-18

servers 1-19 1-25 2-22 2-45

traffic displaying statistics about 1-25 2-48 TACACS MacTCP support via the MaciP server 1-4

manual interface configuration AppleTalk 1-12 CCL scripts modifying 1-221-23

modem security configuring 1-22

1-28 configuring line support 1-11 username authentication configuring Telebit T-3000 1-30 setting up Telebit T-3000 1-30 modem setting up example

monitoring an ARA server 1-241-25 time limit setting for session 1-16 2-33

multiuse line configuring example 1-29

username authentication internal TACACS 1-22 1-28

command 1-22 Name Binding Protocol NIBP 1-3 1-5 username password

NBP proxy service 1-4

NBP access to via the ping command 1-4 network 1-2

node 1-2

note description of xiv zone 1-2 Zone Information Protocol ZIP 1-3 1-6 zones

AppleTalk 1-5

AppleTalk extended 1-7

number 1-4 OSI reference model AppleTalk 1-3 limit on acceptable

overview configuration tasks 1-9 See also AppleTalk zone

Phase AppleTalk 1-4

prerequisites for ARA connectivity 1-1

Index Communication Server Addendum for AppleTalk Remote Access Corporate Headquarters Cisco Systems Inc P0 Box 3075

15250 Bnen Drive

Menlo Park CA 94028 USA

Tel 415 3261941

800 553-NETS 6387

Fax 415 326-1889

Cisco Systems has over

90 sales othces worldwide

Call 415 3211-1941 to contact

local account your

representative or

North America call

800 553-NETS 6387

4154

Printed the in USA on recycled paper

rontatnmg 10% post-consumer waste

CISCOSYST6MS 78-1304-01