DEFENSE INFORMATION SYSTEM NETWORK DIAL-IN DATA SERVICE PILOT INSTALLATION USER GUIDE January 13, 1995 Defense Information System Agency Joint Interoperability and Engineering Organization Center For System Engineering Data Networks System Engineering Division(TEFE) Parkridge 3 10701 Parkridge Blvd Reston, Virginia 22091-4398 Purpose The purpose of this document is to describe the pilot implementation of the Defense Information System Network (DISN) dial-in service. This pilot installation of the Communication Server(CS)/Network Server(NS) combination will provide the future subscribers a chance to familiarize themselves with the DISN dial-in service and allow them to develop the terminal configuration best suited for using this service. The pilot implementation will stay active until the establishment of the dial-in service on the router network. Background The Defense Data Network (DDN) is comprised of the Military Network (MILNET), the Defense Secure Network (DSNET)1, DSNET2, and DSNET3. MILNET provides dial-in and dedicated ports for users who require asynchronous, terminal connectivity to Host computers. This service is provided via a BBN C30 Terminal Access Controllers (TAC). The present MILNET users will transition to a CS on the Unclassified but sensitive Internet Protocol Router Network (NIPRNET) and the MILNET will be shut down prior to Fiscal Year (FY) 96. Presently, DSNET1 does not provide a dial-in capability but does support directly connected terminals. A dial-in service will be implemented on the Secret Internet Protocol Router Network (SIPRNET). The SIPRNET will be replacing the DSNET1, which will be deactivated prior to FY 96. NIPRNET and SIPRNET are part of the DISN. The CS will provide the subscriber access to the NIPRNET and the SIPRNET. This access from the subscriber equipment to the CS will be via dial-in asynchronous lines. V.3225 modems are planned for use on the NIPRNET access lines and will be capable of evoking compression to achieve a maximum throughput rate of 19.2kbps while having a line rate (modem to modem) of 9.6kbps. Access to the SIPRNET will be via a Secure Telephone Unit III (STU-III) utilizing the Secure Access Control System (SACS). The STU-III will operate at a 14.4kbps line rate (STU-III to STU-III) and can achieve up to 38.4kbps throughput when using the compression mode of operation. Terminal Support The less sophisticated terminal, sometimes referred to as a "dumb terminal", can communicate with a remote host via the CS by utilizing the Telnet and TCP/IP protocols provided in the CS. The terminal user would issue the necessary Telnet commands from the keyboard for opening and closing connections to remote hosts, and performing the various data transfers allowed by the Telnet protocol. The CS also supports access from subscriber equipment running terminal emulation programs. Since these units are more sophisticated than the "dumb terminal" more intricate operations can take place between the terminal and the remote hosts. Thus, these terminals can support file transfer programs such as Kermit over the dial-in lines. The Attention Characters associated with the CS can be disabled so that binary files can be transferred through the CS without any adverse affects taking place. Host Support For the users with equipment such as PCs and Workstations, they can enjoy full internet capabilities by running TCP/IP suite of protocols over a dial-in line that supports Serial Line Internet Protocol (SLIP), Compressed SLIP (CSLIP), or Point-to-Point Protocol(PPP) or Compressed PPP (CPPP). While one must be aware of the dial-in connection's line speed, these units are fully functional hosts on the network. These dial-in hosts have the same networking capabilities as if they were directly connected to the network. In this case an IP address needs to be assigned for that line since the TCP connection is now between the dial-in host and the distant host, rather than between the CS and the distant host. The CS will be configured to provide the IP address to the dial-in host. Therefore, the dial-in host must be capable of adopting that IP address on a call by call basis. Subscriber Connection Process In order to establish a connection to a distant host the subscriber must first connect to the CS via a dial-up line. The subscriber establishes this connection through the switched telephone network by dialing the number of the CS location. Generally, this number will be in a rotary hunt group as will all phones/ports at that location. SIPRNET subscribers will dial-in with their STU-IIIs to a 14.4kpbs STU-III at the CS port which will provide access control with its SAC feature. Before the subscriber is given access to the network, an authentication procedure controlled by the CS must be completed. The subscriber must input an User ID and Access Code, which the CS will pass along to the NS for verification. The NS is located on the network and the CS communicates with it via the XTACACS protocol. Once the ID and Password have been verified then the subscriber is allowed to establish a connection through the network to any distant host to which it has been authorized access. The distant host can then enforce its own access control procedure and typically requires the user to present a proper password. Thus, the NIPRNET subscriber encounters two separate logons: one to access the network and a second to access a particular host on the network. The SIPRNET subscriber experiences three access control procedures. When the operational dial-in service is provided on the NIPRNET the user will be able to access the CS via a 1-800 service or by a local dial-in service in CONUS. Not everyone will have access to a local CS so the 1-800 service is required for these individuals. It is also available for anyone who is on temporary duty (TDY) such that they cannot access their local CS. The SIPRNET will also use a 1-800 service in CONUS. Both networks will deploy at least one or two CSs in each foreign country where major US forces are deployed. Pilot Dial-in Service Prior to installing the dial-in service on the router networks a pilot implementation is being provided so that users can familiarize themselves with this service. The CS and NS are located at the Center For System Engineering (CFSE)lab in the Parkridge III building in Reston, VA. One purpose for providing this pilot capability is to allow existing DDN dial-in subscribers to modify their terminal configuration and scripts to verify that they will be compatible with the dial-in service that will be provided on the router networks. Since this is a COTS product and not built to be an exact replica of the present TACs there will be some differences in the operational procedures. In addition, the new service will provide added features such as the SLIP and PPP protocols, so users can test any new implementations that they my want to acquire and configure to take advantage of these added capabilities. Also, compression software can be activated to take advantage of the faster compressed speeds. The CS is a Cisco 2511 model which has a Motorola 68030 microprocessor @ 20MHz, 2Mb of RAM, and 16 asynchronous ports. Thirteen asynchronous ports will be equipped with a Motorola V.3225 modem (the same modem used with the TACs). The ports will be configured for 9600bps which is the speed presently supported on the TACs. The compression feature will allow throughput rates up to 19.2kbps. Two asynchronous ports will be equipped with AT&T Model 1910 STU-III SACS to permit future SIPRNET subscribers to emulate operation of that network. The CS supports the Telnet Virtual Terminal protocol along with the TCP/IP protocols. The Extended Terminal Access Controller Access Control System (XTACACS) protocol is used by the CS to communicate with the associated network server to perform the authentication and access control function. On the SIPRNET the XTACACs protocol will be used for audit purposes only as the STU- III will perform the authentication and access control function. Two SUN SPARC workstations will be installed as Network Servers (NS) to house the User ID and Access Code database. One SUN SPARC workstation will be located at the Parkridge site and the other unit will be located at the NIC in Chantilly, VA. The Parkridge unit will be the primary NS while the Chantilly unit will be the alternate NS. The NIC personnel will handle the additions and deletions to the databases. As noted above the NS in conjunction with the CS will be used to perform the authentication and access control function. Telephone Numbers The pilot installation will not provide a 1-800 number but will only provide local numbers. The CS has 15 active ports with 13 of them assigned to the NIPRNET and 2 assigned to SIPRNET. The commercial telephone number for the NIPRNET is 703-487-3216 commercial and 364-3216 for the Defense Switched Network (DSN). This is rotary hunt group of 13 lines. The SIPRNET numbers are 703-487-3369 and 364-3369 (DSN). This is a rotary hunt group of 2 lines. The SIPRNET users must access the CS via a STU III phone. The pilot STU-IIIs will be operated with unclassified key material. NOTE: The telephone prefixes for the above numbers will change March 4, 1995. 487 will be changed to 735 and 364 will be changed to 653. Modem Option Selection Modems are shipped configured with a factory set of options already selected which is usually referred to as the default settings. Because of the number and variety of applications most modems require some option changes to fit to a particular application. Normally, the options can be changed or selected by the front panel controls on the modem or by AT commands from the terminal. One must refer to the particular modem manual for the various controls and AT commands since they are not standard across all vendor products. The AT commands are preceded by the AT characters which serve as the attention code telling the modem that a command statement follows. So that, ATD555-1212 instructs the modem to dial the number 555-1212. AT informs the modem that a command will follow and in this case D is the dial command followed by the number. A typical terminal/modem configuration is shown below. These settings are recommended but may not be the best options for all implementations. Cisco requires that XON/XOFF software flow control be disabled and that CTS/RTS hardware flow control be enabled. - DTE data rate set to 19,200 - DCE line speed set to 9,600 - Data compression is enabled - XON/XOFF flow control is disabled (see note) - CTS/RTS flow control is enabled - Data Carrier Detect (DCD) is turned on when carrier is present - Modem disconnects when Data Terminal Ready (DTR) drops NOTE: When using SLIP or transmitting binary data it is necessary that the XON/XOFF flow control be disabled. Registration Anyone wishing to participate in this pilot program must first register to use the pilot installation. Present MILNET users who are transitioning to the NIPRNET can have their User IDs and Access Codes, as specified on their DDN TAC Access Cards, honored by the pilot installation. A potential NIPRNET user without a TAC Access Card can obtain one through normal channels by contacting his/her host administrator. The User ID and Access Code from the card must then be installed in the database of the NS associated with this pilot installation. This can be accomplished by sending an e-mail to Registrar@nic.ddn.mil. The NIC will place the User ID and Access Code into the NS database for a 30 day period. If more than 30 days are required for testing, then an extension can requested. Please allow 3 working days for this entry into the database to occur. The situation is different for present day users on DSNET1 who are transitioning to the SIPRNET. They do not possess a TAC Access Card. Therefore, a temporary or guest card will be made available for these individuals who wish to utilize the pilot installation. Points of contact for obtaining these cards are listed below. Anthony Brewer 703-487-3238 LCDR Dorothy Fricke 703-487-3236 James Nostrant 703-487-3238 John Staple 703-487-3236 NOTE: The prefix for the above numbers will change on March 4, 1995. 487 will be changed to 735. There will be guest cards available for the duration of this pilot installation. Everyone should be aware that the normal security procedures that apply to the regular TAC Access Cards also apply to these guest cards. Each person will be required to complete a questionnaire before the guest card is issued. A sample form is attached as Appendix F. When the guest card is issued, the DISA POC shown above, will contact the NIC and have the User ID and the Access Code entered into the NS database. Since this application utilizes the STU-III, the Crypto Ignition Key (CIK) Serial Number will be required. This number will be listed in the Secure Access Control System (SACS) as noted in the section entitled SIPRNET Security Requirements. Traffic Restrictions Since this pilot installation is connected to the operating network it is requested that only test traffic be sent over this configuration. This is a test set up and is not equipped to support operational traffic loads. Also, to prevent congestion on the pilot CS, it is requested that a time limit of 30 minutes be observed for each session. This time limit should provide enough time for users to modify, test, and verify new login and logout scripts. Of course, if there are applications that require more time then feel free to take all the time required to sufficiently test that particular application. NOTE: Use of the Pilot Communication Server is subject to the same security precautions and restrictions as used on the DDN TACs. User IDs and Access Codes should be protected and not shared. This service is for official DOD business only. SIPRNET Security Requirements This pilot installation is providing connectivity to the Unclassified but Sensitive Internet Protocol Router Network (NIPRNET). As such, all traffic and equipment (hardware and software) must be unclassified. This will require potential SIPRNET users to conduct their tests using unclassified hardware and software. The distant hosts that they connect to must also be unclassified. They should contain the same application that would be used in an operational SIPRNET host but has never been connected to a secret network. The STU-III at the CS will be keyed to the unclassified level and the Secure Access Control System (SACS) of the STU-III will be used to block any calls from non registered users. In order that the STU-III be included in this SAC Database, the Crypto Ignition Key (CIK) Serial Number of the unit must be provided. Any STU-III Type1 device may be utilize. The user's STU-III is not required to have the SACS feature, only the STU-III attached to the CS needs this feature. User Interface The command interpreter in the Cisco CS is called the EXEC. The EXEC interprets the commands that you type and carries out the corresponding operations. You must log into the CS before you can enter the EXEC commands. For security purposes, the EXEC has two levels of commands: user and privileged. This section focuses on the user EXEC mode. The privileged EXEC mode is reserved for use by the system administrator. The user EXEC commands are a subset of the privileged EXEC command set. The user EXEC mode prompt is indicated by the greater than sign (>) while the privileged EXEC mode prompt is indicated by the number sign (#). The EXEC commands at the user level are generally utilized to connect to remote systems, temporarily change terminal settings, perform basic tests, and list system information. A list of the user EXEC commands can be obtained by entering a question mark (?) at the user EXEC mode prompt (cfse-2511>). A list and description of the user commands are shown in Appendix D. The user EXEC mode prompt is presently configured as shown for the pilot installation but will change on the operational network to indicate the name or number of each particular CS. Terminal Commands The terminal commands allow you to change the terminal parameters and line settings locally. The local settings temporarily override those made by the system administrator and they remain in effect only for the duration of the connection. To obtain information about the current terminal configuration parameter settings, enter the show terminal command. Settings can be changed or removed by using the keyword no before the command. For example, the following command will remove any padding characters that were previously set in the data stream. cfse-2511>terminal no padding The terminal download command temporarily sets the line to act as a transparent pipe for file (binary data) transfers. You can use this feature to run a program such as Kermit, Xmodem, or Crosstalk that allows a transfer of a file in either direction (from host to terminal or from the terminal to the host) through the CS. This command has the following format. cfse-2511>terminal download The terminal no download command removes this feature and returns the line to the original parameter settings. To display a list of supported terminal commands, enter the terminal ? command. A list and description of the terminal commands are shown in Appendix E. Terminal Operation As noted above, there are three broad categories of units that can utilize the dial-in service. The first is the basic or "dumb terminal" that will be utilizing the Telnet and TCP/IP protocols capabilities of the CS. In this type of arrangement the user would dial into the CS, enter the User ID and Access Code at the appropriate prompts, connect to the remote host using the CS commands, perform the necessary data transfer, disconnect from the remote host, and then disconnect form the CS, and eventually hang up the phone. A further description of this process is outlined in Appendix A on a step by step basis. It should be noted that although this appendix is written with Telnet in mind the connection process applies to any protocol that may be used. For a file transfer application such a Kermit, the connection process to the remote host is basically the same except that the Kermit protocol must be activated in both the terminal and the remote host. Appendix B has a detailed description of a typical connection process that will use file transfer protocols such as Kermit. Again, it should be noted that since implementations differ in the hardware and software utilized the description may not apply to all cases. Appendix C deals with the end user that will be utilizing the TCP/IP suite of protocols along with SLIP or PPP. Again it should be noted, that Appendix C describes two particular vendor implementations of the TCP/IP stack of protocols. Details will differ from other vendor products but Appendix C can serve as a general outline of the procedures involved when using this suite of protocols. APPENDIX A This appendix deals with the Telnet protocol and how one would connect to a remote host via the Communication Server (CS). The first step is to make a telephone connection to the CS and then login to the CS using the user ID and password associated with the CS. 1. Dial the number of the CS from the list provided in the main body of the document. The dial-in sequence can be a manual operation or done via the terminal using the AT commands associated with the modem. A typical command is ATDT 487-3216, where AT is the Attention Code telling the modem that a command follows. D is the dial command and T is the tone command. The attention code (AT) maybe upper or lower case, but not a combination of both such as aT. 2. Once the phone connection has been established then the CS will respond noting the speed of the connection [such as CONNECT 19200], with a User Access Verification prompt asking for the user name and then the password. It should be noted that the user name and password are case sensitive, so care should be taken when entering these items. In some cases, it maybe necessary to enter a few carriage returns (CRs) to establish the correct data rate between the modems before the User Access Verification is displayed. If an incorrect user name or password is entered, the CS will respond with "%Access denied", and then ask for the user name and password again. The CS will disconnect a user after the third incorrect login attempt. After the CS has verified that this is a registered user then the CS will respond with a herald noting that use of the system constitutes an express consent to monitoring at all times and that the system is for official use only. The prompt will follow the herald. cfse-2511> This prompt is presently configured as shown for the pilot installation but will change on the operational network to indicate the name or number of each particular CS. The user is now allowed access to the network and can make connections to hosts located on the network. 3. Connection to a host can be made using the connect or telnet command and the host name or Internet address. At the prompt enter the command. cfse-2511>{connect|telnet}host[port]/keyword The argument host is a host name or Internet address. The optional argument port is a decimal TCP port number, the default value is 23, the Telnet server port. The optional argument keyword is one of the following. /route:path - specifies loose source routing /line - enables Telnet line mode /debug - enables Telnet debugging mode /stream - turns on stream processing, which allows a raw TCP stream with no Telnet control sequences. If you prefer, just enter the host name or Internet address without the command since the Cisco implementation does not require the command word to establish a Telnet connection. Thus, a Telnet connection can be made in one of the following ways. cfse-2511>connect [enter host name] cfse-2511>[enter host name] cfse-2511>telnet [enter host name] cfse-2511>[enter IP address] cfse-2511>connect[enter IP address] cfse-2511>telnet [enter IP address] where [host name] is the name of a particular host and [IP address] is the Internet Address assigned to that particular host. 4. When a connection has been made to the remote host, then the host will respond with a login and password sequence to ensure that this is an authorized user. After the user has successfully logged onto the host, then the host will respond with a prompt such as follows. Host Name% The user can now enter the appropriate Telnet commands at the host prompts to effect the necessary data transfers. 5. When the session is completed, enter the logout command at the host prompt. The host will respond with a message that the connection has been closed and the CS prompt will appear. cfse-2511> enter the quit, exit, or logout command. This terminates the connection from the terminal to the CS. The CS will respond with the message NO CARRIER. The user can now hang up the phone. 6. To issue a Special Telnet command, type the escape sequence (Crtl^) and then the command character. You can type the command character while you hold down Ctrl or with Ctrl released; you can type lower case or upper case. The special commands are as follows. Break Ctrl^B Interrupt Process (IP) Ctrl^C Erase Character (EC) Ctrl^H Abort Output (AO) Ctrl^O Are You There (AYT) Ctrl^T Erase Line (EL) Ctrl^U At any time during the active Telnet session, a list of the commands can to seen by entering Ctrl^? at the system prompt. 7. The CS has two timers to detect for idle conditions, a user EXEC mode timer and a terminal line session timer. The user EXEC mode timer is set for 5 minutes and will time out when the connection between the CS and the terminal remains idle for 5 minutes. A "NO CARRIER" message will be displayed on the screen. The terminal line session timer is set for 15 minutes and will expire when the session with the remote host remains idle for 15 minutes. When the timer expires the message [Connection to (host name) idle too long; timed out] will be displayed and then the "NO CARRIER" message will be displayed. APPENDIX B This appendix deals with the Kermit protocol and how one would connect to a remote host via the Communication Server. The user must be verified by the Network Server via the TACACS process and then the connection to remote host can be established. The remote host must be capable of running the Kermit protocol since both ends of the connection need to be running the Kermit protocol. A file transfer from the terminal to the host is accomplished via the Kermit protocol. The connection to the host is then terminated. Note: The procedures listed below apply to the particular Kermit implementation utilized in the Parkridge Lab. The procedures for other Kermit implementations may vary somewhat depending on the vendor products. These procedures are listed as a typical example and not meant to be applicable in all cases. I. The procedures for activating the Kermit protocol and dialing up a connection to the CS with the software package used at the Parkridge Lab are listed below. The Kermit software (version 3.1) was obtained from Columbia University in New York City, the developer of this protocol. A UNIX version was obtained for the Hosts and a DOS version for the Terminals. The software is in the public domain and available free of charge and is available from sources on the Internet. For an up-to-date list of available Kermit programs write to: Kermit Distribution Columbia University Center for Computing Activities 612 West 115th Street New York, NY 10025 The parameters used in this particular case for Kermit are 8 bits per character, no parity, 1 stop bit, and 9600bps. As mentioned above, these parameters may not apply for other Kermit applications. Kermit resides in the terminal and the remote host and the data transfer is via the CS. In order to activate Kermit at the terminal the following steps are required. 1. Press ALT, CONT, and DEL 2. At the prompt C:\> enter "cd kermit2" 3. At the prompt C:\kermit> enter "kermit" 4. At the prompt MS-kermit> enter "set port com1" 5. At the prompt MS-kermit> enter "set speed 9600" 6. At the prompt MS-kermit > enter "status" Check that the parameters are properly set. 7. At the prompt MS-kermit> enter "c" and press Return 8. Screen goes blank - enter phone number atd xxxxxxxxx The CS will respond with the message - CONNECT II. The user now needs to be verified by the authentication scheme which in this case is XTACACS. 1. From the terminal location press the CR (or Enter) key. 2. The CS will respond with the prompt - Username: 3. Enter a valid user ID. 4. The CS will respond with the prompt - Password: 5. Enter a valid Password. 6. When the ID and Password have been verified the CS will respond with the prompt - cfse-2511> 7. Open the connection to the Host using the appropriate command. a. At the prompt enter the name or address of the remote host. b. Host responds with prompt - login: enter ID c. Host responds with prompt - password: enter password d. Host responds with prompt - host name (user name)12: enter "cd kermit". This command changes the host to the Kermit directory where 12 is a line number. e. Host responds with prompt - antares (user name)13: enter "wermit". This command causes Kermit to execute. f. Host responds with prompt - C-kermit> enter "server". This results in the host being the server in a client/server relationship. g. Host responds with - "Kermit ready to Serve". 8. Perform the appropriate data exchange between the terminal and the host. a. Activate the client Kermit protocol in the terminal. Enter the Escape Sequence ( by pressing the "Control" and "]" keys simultaneously). b. Then press the "c" key c. The following prompt should appear - MS-Kermit> Select a file from the Kermit directory by entering the "dir" command. d. At the prompt MS-Kermit> enter "send (file name)" e. Information on the screen will indicate when the transmission is complete. 9. Close the connection to the host. a. At the prompt MS-Kermit> - enter "finish" b. At the prompt MS-Kermit> - enter "c" c. At the prompt C-Kermit> - enter "quit" d. At the host name(user name)14: prompt - enter "logout" The following message appears. [Connection to [IP address of host is listed] closed by foreign host] e. At the prompt cfse-2511> enter the Escape Sequence ("Control" and "]") f. Press "c" g. At the prompt MS-Kermit> enter "hangup" h. At the prompt MS-kermit> enter "quit" i. At the prompt C:\kermit> enter "cd\" j. The prompt c:\> should appear. APPENDIX C The Serial Line Internet Protocol (SLIP) and the Point-to-Point Protocol (PPP) define methods for sending IP packets over standard RS-232 asynchronous serial lines. These protocols encapsulate the IP datagrams for transmission over the point-to- point links and can be used with asynchronous dial-up modems, allowing access to a network without the cost of a leased line. The interfaces are configured in the interactive mode as defined by Cisco. In this mode a line can be used to make any type of supported connection, depending on the command entered by the user. For example, depending on its configuration, the line can be used for Telnet connections or SLIP/PPP connections. The default addressing scheme will be used at the interfaces, which means that the CS will assign the IP address. The assigned default address is implemented when the user enters the slip default or the ppp default command. In order to use the SLIP and PPP features associated with the CS the terminal must be equipped with the TCP/IP protocols and either the SLIP or PPP protocol. Either SLIP or PPP is used on a given line during a connection. A number of software packages are available for installation on a PC or Workstation that provide SLIP and PPP. The two popular PC networking applications have been reviewed, Trumpet Winsock version 2.0 and the Internet Chameleon from NetManage Inc. TRUMPET WINSOCK The Trumpet Winsock is a networking software which provides a TCP/IP stack for PC networking applications running on a Windows environment. The Trumpet Winsock provides facilities to allow Async serial SLIP, PPP, ftp and Telnet over IP connections. The product is a shareware item and available for using the Internet World Wide Web (WWW) at the site "tbone.biol.scarolina.edu". Use a WWW Browser to connect to the HTTP Server at that site and check the Home Page (index.html) for the "PC Internet Kit" entry. The product is also available by anonymous FTP from the Server "tbone.biol.scarolina.edu in directory /pub/kit. The "00README.DOC" in that directory shall provide instructions on which files to fetch, how to unpack them onto floppy disks and how to install the software. The product is free for evaluation purpose up to 30 days period. A registration fee is required if using the software within the organization: Single user license $20 US Multi User license for commercial users 1-99 $20 US per user 100-499 $2000 US + $10 US per additional user over 100 500-999 $6000 US + $5 US per additional user over 500 1000+ users $8500 US + $2 US per additional user over 1000 Unlimited Commercial Site License $10000 US for first year subsequent years, %25 of unlimited site license fee for that year. site restriction 100km radius (negotiable) License for educational users 1-100 users $20 US per user 100+ $2000 US site restriction unlimited Support for site license is up to 12 months from the date of purchase. Such support will include upgrades and bug fixed within that 12 months within the constraints of the program's existing capabilities. Future upgrades will be 25% of the original license fee per annum. CHAMELEON The other networking software is the Internet Chameleon from NetManage Inc. which also provides the broadest suite of Windows TCP/IP applications in the industry in addition to a TCP/IP protocol stack that takes only 6KB of base memory. All NetManage applications give users an easy to use Windows interface while providing an advanced set of features. The following information highlights some of the new and enhanced features and performance improvements in the 4.01 release. * The NetManage BOOTP client operates over serial lines. This function allows dynamic configuration at connection time for remote hosts. * ODI operation has been improved for faster performance and reliability. * TN3270 - NetManage's TN3270 supports APA Graphics. This high end feature allows TN3270 to emulate an IBM 3179G and 3192G terminal . When a graphic picture is displayed, you may use Print option to print a graphic. * TN5250 - NetManage's TN5250 is currently the only 5250 emulation being shipped with a bundled suite of TCP/IP applications. The TN5250 application has been upgraded to support IBM Office Vision commands, including support for additional control keys. The Chameleon is available as COTS product for about $200 for a single copy. GSA price is not available yet. NetManage Inc. can be reached at the following: o Phone (408) 973-7171 o Fax (408) 257-6405 o Internet support@netmanage.com, intl_support@netmanage.com o Compuserve 70640,1074 o BBS (408) 257-3794, 8-N-1 NETMANAGE Inc. 10725 DeAnza Blvd. Cupertino, CA 95014 USA The product is also available free for evaluation purpose only up to 30 days trial period. The evaluation version can be download via anonymous FTP from "ftp.netmanage.com". SLIP Connections The Trumpet Winsock and Chameleon both provide setup and dial-up menu options for SLIP connection. The users need to configure his/her system with the following parameters: o IP address/Netmask - Internet IP address. The IP address and Maximum Transmission Unit (MTU) size will be assigned by the Communication Server. User must enter the assigned IP address in order to access the network. Also, the user can take advantage of the BOOTP feature to obtain the IP address from the Communication Server. o Name Server - Name Server IP address for DNS searches. This value can be obtained via BOOTP o Domain suffix - the domain suffixes to be used when resolving names in the DNS system. o MTU - Maximum Transmission Unit. This value is computed by subtracting 40 from the TCP Maximum Segment Size (TCP MSS) which is set in the Comm Server to 600. Therefore the users should set their value to 560. o TCP RWIN - TCP Receive Window. It is recommended that this value be roughly 3 to 4 times the value of TCP MSS. o TCP MSS - TCP Maximum Segment Size. The Comm Server will provide the MTU size o SLIP port - Comm Server port number o Baud Rate - the speed you wish to run The Trumpet Winsock and Chameleon allow manual login or automatic scripting to access the communication server. Both provides a generic script file for dial-up connection. The generic script file provided by Trumpet Winsock is the "login.cmd" and the file provided by Chameleon is "slip.ini". Users may create their automatic dialling script from the generic script files described above or the sample of the Trumpet Winsock auto script file attached below: ################################################################# # # check modem output ATZ\13 input 10 OK\n output AT&c1&d2\13 input 10 OK\n %number = 0 %connected = 0 repeat # Increase limit below to dial more numbers %number = %number + 1 if %number > 3 %number = 1 end # First if %number = 1 output ATDT4873346\r end # Second if %number = 2 output ATDT4873348\r end # Third if %number = 3 output ATDT4878249\r end if [input 15 BUSY] display =Busy, busy, busy... %connected = 0 else if [input 30 CONNECT] %connected = 1 else display =Does not answer...\r\n end end sleep 1 until %connected = 1 display \7 # # wait till it's safe to send because some modem's hang up # if you transmit during the connection phase # wait 30 dcd # # now prod the terminal server # output \13 # # wait for the username prompt # input 30 Username: username Enter your username output \u\13 # # and the password # input 30 Password: password Enter your password output \p\13 # # we are now logged in # input 30 > # # see who on for informational reasons. # output who\13 input 30 > # # jump into slip mode # output slip default\13 # # wait for the address string # input 30 Your IP address is # # parse address # address 30 input 30 \n # # we are now connected, logged in and in slip mode. # display \n display Connected. Your IP address is \i.\n # # ping a well known host locally... #exec pingw 128.19.0.4 # # now we are finished. # ####################################################### PPP Connection The setting for the PPP connection is similar to the SLIP connection. All the parameters described in the SLIP connection are also required to fill in for the PPP connection except the IP address and the NetMask. The IP address and NetMask will be resolved and filled in automatically by the software after successfully making a PPP connection to a remote host via XTACACS. APPENDIX D The commands available to the user are listed below. A list of the commands can be obtained by entering a question mark ? at the user EXEC mode prompt. Example cfse-2511>? This prompt can be configured to reflect the system name, number, etc so it may change over the course of time but the user EXEC mode prompt always ends with the greater than sign >. -connect - use this command to open a connection to a remote host by specifying the host name or Internet Address. Several concurrent connections can be open at one time and you can switch back and forth between them using the Connection escape sequence (Ctrl^X). -disconnect - this command closes a connection. A connection name or number can be specified; the default is the current connection. -enable - use this command to turn on the privileged commands. Note: This command is reserved for the system administrator and should not be used by the terminal subscriber. -exit/quit - these commands close any active terminal sessions. The commands are synonymous, enter either command when you are through with your session. -help - this command provides a description of the interactive help system. -lat - this command is used to open a lat connection which is associated with DEC hosts. Note: lat connections will not be supported on the DISN router network. -lock - use this command to prevent access to your session while keeping your connection open. This command locks your keyboard. When you lock a session, you are prompted for a password, which can be any arbitrary string. Enter the password you want assigned. The screen clears and displays the word "locked". To regain access to your session, re-enter the password. -login - use this command to login to a system with a specific user name. -logout - use this command to exit from the user EXEC command mode. -name-connection - use this command to assign a logical name to a connection. -pad - use this command to open a X.29 pad connection. Note: This command is not supported on the DISN router network. -ppp - use this command to start the Internet Engineering Task Force (IETF) Point-to-Point Protocol (PPP). -ping - use this command to send echo messages. This command must be accompanied with a name or Internet Address of the remote host. -resume - use this command to return to a previous connection. The optional argument is the connection name or number, the default being the most recent connection. Pressing the Return key also resumes the previous connection. You can use only the connection number to resume a particular session. This is a short cut version of the resume command. -rlogin - Open a rlogin connection. rlogin is a terminal emulation program, similar to Telnet, offered in most UNIX implementations. -show - use this command to show running system information. Show ? will list the information commands available. Some of the more common commands are shown below. -show sessions - to display information about your active terminal sessions use this command. -show terminal - this command displays the configuration parameters settings for the current terminal. -show users - this commands displays information about active ports of the communication server. Inclusion of the keyword all requests information for both active and inactive ports. -slip - start serial line IP (SLIP). -systat - this command provides the same information as the show users command. -telnet - use this command to open a telnet connection to a remote host by specifying the host name or Internet Address. -terminal - use this command to set terminal parameters. The terminal parameters are discussed in another section of this document. -tn3270 - this command is used to open a tn3270 connection which is associated with IBM hosts. -trace - use this command with the appropriate address to trace the route to the destination host. -where - this command displays information about all open connections associated with the current terminal line. -X3 - set X.3 parameters on the PAD. Note: This command is not supported on the DISN router network. -Xremote - enter Xremote mode. Note: This command will not be supported on the DISN router network. APPENDIX E This Appendix contains a description of the terminal commands. A list of the terminal commands can be obtained by entering terminal ? at the user EXEC mode prompt. Example cfse- 2511>terminal ?. -terminal autohangup Automatically hangup up when the last connection closes. -terminal data-character-bits This command sets the number of data bits per character to either 7 or 8. The default setting is 8. This command is used primarily to strip parity bits from X.25 connections on the Cisco IGS and 3000 routers with the protocol translation software option. Thus, it appears that this command has no application on the pilot installation. -terminal databits The options are 5, 6, 7, or 8. If parity is being specified set 7 data bits per character. If no parity generation is in effect, specify 8 data bits per character. The default is 8 data bits per character. The 5 and 6 bit options are supplied for compatibility with older devices and are generally not used. -terminal dispatch-character decimal-number1 [decimal- number2...decimal-numberx] -terminal no dispatch-character This command causes the communication server to buffer characters into larger sized packets for transmission to the remote host. The communication server normally dispatches each character as it is typed. The argument decimal-number is the ASCII decimal representation of the character or string; any number of characters can be defined as the dispatch character. Specifying the Carriage Return character (ASCII 13) will result in a line- at-a-time transmission. The terminal no dispatch-character disables the dispatch character feature. -terminal dispatch time out This command sets the dispatch timer to the value specified in milliseconds. The value of the timer specifies the number of milliseconds that the CS will wait (without seeing a dispatch character) after putting the first character into a packet buffer before sending the packet. -terminal download -terminal no download This command sets the line to the transparent mode for file transfers using protocols such as Kermit, XMODEM, CrossTalk, etc. This allows for binary transmission from the host to the terminal and from the terminal to the host. The terminal no download command restores the line's original parameters. -terminal editing This command enables the enhanced command line editing. Although the enhanced editing mode is automatically enabled with this software release, you can disable it and revert to the editing mode of previous software releases by using the terminal no editing command. The command terminal editing returns you to the enhanced command line editing mode. -terminal escape-character decimal number -terminal no escape-character The argument decimal number is the ASCII decimal representation of the desired escape character or control sequence. The default escape characters are Ctrl^. The terminal no escape-character command makes the break key function as the escape sequence. -terminal exec-character-bits This command sets the size of the ASCII characters entered at the Cisco CS EXEC command mode. The options are 8 or 7. -terminal flowcontrol The arguments are none, software in/out, and hardware. Software sets software flow control. An additional keyword specifies the direction: in causes the communication server to listen to flow control from the attached device, and out causes the communication server to send flow control information to the attached device. If you do not specify a direction, both directions are assumed. For the software control, the default stop and start characters are Ctrl-S and Ctrl-Q (XOFF and XON). -terminal full-help this command provides help in the user EXEC mode. The terminal full-help command enables (or disables ) a display of all help messages available from the terminal. It is used with the show command in the following manner. cfse-2511>terminal full-help cfse-2511>show? -terminal help This command provides a description of the interactive help system. -terminal history decimal number This command sets the size of the command history buffer. the argument decimal number specifies the number lines in the command buffer. -terminal hold-character decimal-number -terminal no hold-character The argument decimal-number is either the ASCII decimal representation of the desired hold character or else a control sequence (for example, Ctrl-C). Typing the hold character temporarily halts the output at the terminal. To continue the output, type any other character. To send the hold character to the host precede it with the escape character. The terminal no hold-character command clears the hold character. -terminal keymap-type keymap type Use this command to set the keyboard type. The default value is VT100. -terminal lat DEC LAT protocol specific configuration. NOTE: LAT connections will not be supported in the DISN router networks. -terminal length screen length Use this command to set the screen length. The argument screen length is the desired number of lines. The default length is 24 lines. -terminal notify -terminal no notify When you have multiple concurrent connections, you might want to know when output is pending on a connection other than the current connection. For example, you might want to know when another connection receives mail or a message. The terminal notify command causes the communication server to notify you of pending output. The terminal no notify command ends such notifications. -terminal padding decimal-number count -terminal no padding decimal-number Use this command to set the padding for a specified output character. The argument decimal-number is the ASCII decimal representation of the character, and can be any of the 127 ASCII characters. The argument count is the number of NULL bytes sent after the character, up to 255 padding characters in length. Use the terminal no padding command to end the padding after the character represented by decimal-number. -terminal parity The options are none, even, odd, space, or mark. The default setting is none. -terminal rxspeed baud This command is used to set the terminal receive speed (from the terminal to the CS). The Pilot installation modems will support terminal speeds of 2400 to 19,200 (default is set to 19,200) for the NIPRNET ports and the STU-IIIs will support terminal speeds of 2400 to 38,400 (default is set to 38,400) for the SIPRNET ports. The data compression feature of the modem and the STU-III allows the terminal (DTE) speed to be at a higher rate than the line rate (DCE)(from modem to modem). -terminal special character bits Use this command to change the ASCII character widths for special characters. The options are 7 or 8. The default value is 7. -terminal speed baud This command will set both the receive and the transmit terminal speeds. The argument baud is typically set to 2400, 4800, 9600, 19200, or 38400. The Pilot installation modems will support terminal speeds of 2400 to 19,200 (default is set to 19,200) for the NIPRNET ports and the STU-IIIs will support terminal speeds of 2400 to 38,400 (default is set to 38,400) for the SIPRNET ports. The data compression feature of the modem and the STU- III allows the terminal (DTE) speed to be at a higher rate than the line rate (DCE)(from modem to modem). -terminal start-character decimal-number -terminal no start character Use this command to change the character that signals the start of data transmission when software flow control is in effect. The argument decimal-number is the ASCII decimal representation of the desired start character. The default start character is Ctrl-Q (ASCII 17). Use the terminal no start-character command to remove the start character. -terminal stop-character decimal-number -terminal no stop-character Use this command to change the character that signals the end of data transmission when software flow control is in effect. The argument decimal-number is the ASCII decimal representation of the desired stop character. The default stop character is Ctrl- S(ASCII character 19). Use the terminal no stop-character command to remove the stop character. -terminal stopbits The options are 1, 1.5, 2. The default value is 2. -terminal telnet-transparent -terminal no telnet-transparent This command causes the current terminal line to send a Return (CR) as a CR followed by a NULL instead of a CR followed by a Line Feed (LF). This scheme permits interoperability with different interpretations of end-of-line handling in the Telnet protocol specification. Use the terminal no telnet-transparent to remove this scheme. -terminal terminal-type terminal name -terminal no terminal-type The argument terminal name records the type of current terminal. Indicate the terminal type if it is different from the default of VT100. This name is used by Telnet and rlogin to inform the remote host of the terminal type. Use the terminal no terminal- type command to remove the terminal type. -terminal transport Use this command to select the transport protocol for the line. The options are telnet, pad, none. The default is telnet. -terminal txspeed This command is used to set the terminal transmit speed (from the CS to the terminal). The Pilot installation modems will support terminal speeds of 2400 to 19,200 (default is set to 19,200) for the NIPRNET ports and the STU-IIIs will support terminal speeds of 2400 to 38,400 (default is set to 38,400) for the SIPRNET ports. The data compression feature of the modem and the STU-III allows the terminal (DTE) speed to be at a higher rate than the line rate (DCE)(from modem to modem). -terminal width columns Use this command to set the columns on the terminal screen. The argument columns is the desired number of columns. the default is 80. APPENDIX F Defense Information Systems Agency DISN Data Network Support Division 11440 Isaac Newton Square Reston, Virginia 22090 DISN SIPRNET Pilot Dial-In Service User Registration Form 1. Name of User:____________________________________________ 2. User's Phone Number: DSN:_____________ Comm:_____________ 3. User's Work Address:_________________________________________________ _________________________________________________ City:_________________ State:______ ZIP Code:_________ 4. User's E-mail Address:_______________________________________ 5. Sponsoring Agency: ___ USAF ___ USA ___ USN ___ DOD 6. Sponsoring Command/Organization:_______________________________________ 7. Command AUTODIN Address:_______________________________________________ 8. COMSEC Account Number:____________________ 9. COMSEC Custodian:___________________________________________ 10. Custodian Phone Number: DSN:_____________ Comm:_____________ 11. Custodian E-mail Address:___________________________________ 12. Custodian AUTODIN:_________________________________ 13. Custodian Work Address:_________________________________________________ _________________________________________________ City:_________________ State:______ Zip Code:_________ 14. STU-III Manufacturer:______________________________________ 15. STU-III Model Number:________________________ 16. STU-III Cryptographic Ignition Key (CIK) Serial Number:__________________________________ 17. Completed By (Print):______________________________________ 18. Signature:________________________________________________ 19. Phone Number: DSN:_____________ Comm:_____________ ----------------------------------------------------------------- FOR DISA USE ONLY 20. IP Address:_______________ 21. Domain Name:_______________ 22. User ID:__________________ 23. Password:_______________