[Top] [Table Of Contents] [Prev] [Next] [Index]

Users        13

This chapter describes how to use the command line interface to configure the user table. Detailed command definitions follow a command summary table.

Note ¯ Whenever possible, especially if you have 100 or more users, you should use RADIUS for user authentication rather than the user table. To use RADIUS see
Chapter 3, "Global Commands," and the RADIUS Administrator's Guide.

The user table enables the PortMaster to authenticate and provide operational parameters on a user-by-user basis.

You can use the command line interface to create, edit, and delete four kinds of users:

Displaying User Information

To display information about your configuration, use the following user table commands:

Summary of User Commands

The user commands in Table 13-1 configure the user table used to authenticate dial-in users. The User Type column in the table denotes commands for login user (L) and netuser (N). RADIUS can also be used to authenticate dial-in users; the user table is always consulted first.  
User Table Configuration

User Type

Command Syntax

 

 

N

add netuser Username [password Password]

- see page 13-4

L

add user Username [password Password]

- see page 13-5

L/N

delete user Username

- see page 13-5

L/N

save user

- see page 13-6

N

set user Username address|destination assigned|negotiated|Ipaddress

- see page 13-6

N

set user Username compression on|off

- see page 13-8

L/N

set user Username dialback Locname|String|none

- see page 13-9

L

set user Username host default|prompt|Ipaddress

- see page 13-10

L/N

set user Username idle Number [minutes|seconds]

- see page 13-11

L/N

set user Username ifilter [Filtername]

- see page 13-12

N

set user Username ipxnet Ipxnetwork

- see page 13-13

N

set user Username local-ip-address Ipaddress

- see page 13-14

N

set user Username map Hex

- see page 13-15

L/N

set user Username maxports Number

- see page 13-16

N

set user Username mtu MTU

- see page 13-17

N

set user Username netmask Ipmask

- see page 13-18

N

set user Username ofilter [Filtername]

- see page 13-19

L/N

set user Username ospf on|off [cost Number] [hello-interval Seconds] [dead-time Seconds] [nbma|point-to-multipoint| wan-as-stub-ptmp]

- see page 11-9

 

L/N

set user Username password Password

- see page 13-20

N

set user Username protocol slip|ppp|x75-sync

- see page 13-21

N

set user Username rip on|off|broadcast|listen

- see page 10-21

L/N

set user Username route-filter incoming|outgoing Filtername

- see page 10-8

L

set user Username service netdata|portmaster|rlogin|telnet [Tport]

- see page 13-22

L/N

set user Username session-limit Minutes

- see page 13-23

L/N

set user Username route-filter incoming|outgoing Filtername

- see page 10-8

L/N

show table user

- see page 13-24

L/N

show user Username

- see page 13-25

 

User Commands

These commands configure the user table of the PortMaster.

Note ¯ Set commands can use user and netuser interchangeably, except that you cannot use set netuser for a login user. The add command requires add netuser for network users and add user for login users.

 

add netuser

This command adds an entry to the user table for a network user.

add netuser Username [password Password]

Username

A network username of 1 through 8 characters.

Password

A network user password of 0 through 16 characters.

Usage

A network user must be added to the user table before other netuser parameters can be configured. You cannot add network users with blank network usernames.

Example

Command> add netuser jaime password 1mno+vwab
New User successfully added

See Also

delete user - page 13-5

add user

This command adds an entry to the user table for a login user. Optionally, the user password can be added at the same time.

add user Username [password Password]

Username

A login username of 1 through 8 characters. Usernames cannot begin with a quotation mark or a question mark.

Password

A login user password of 0 through 16 characters.

Usage

A user must be added to the user table before other user parameters can be configured.

Example

Command> add user sam password yzgixcel
New User successfully added

delete user

This command deletes a user or network user, password, and associated information from the user table.

delete user Username

Username

Username of a login user or network user.

Example

Command> delete user sam
Password successfully deleted

See Also

show table user - page 13-24

save user

This command writes any changes in the user table to the nonvolatile RAM of the PortMaster.

save user

Usage

The save all command can also be used.

Example

Command> save user
User table successfully saved
New configurations successfully saved.

set user address|destination

This command sets the IP address of the network user.

set user Username address|destination assigned|negotiated|Ipaddress

Username

Name of a network user.

address|destination

Keywords address and destination are synonyms and generate the same result.

assigned

The PortMaster assigns a temporary IP address for this user from the assigned pool.

negotiated

This option is valid only for PPP sessions. The PortMaster attempts to learn the IP address of the remote host by IP Control Protocol (IPCP) negotiation.

Ipaddress

Uses the specified IP address, or hostname with a maximum of 39 characters. If Ipaddress is 0.0.0.0, the PortMaster does not use IP for this user.

Usage

Address 255.255.255.255 is the same as negotiated. Address 255.255.255.254 is the same as assigned.

Example

Command> set user jaime destination assigned

 

Username:

jaime

Type:

Dial-in Network User

Address:

Assigned

Netmask:

0.0.0.0

Protocol:

PPP

Options:

Quiet, Listen

MTU:

1500

 

  

See Also

set assigned_address - page 3-3

 

set user compression

This command sets Van Jacobson TCP/IP header compression and Stac LZS data compression for a network user.

set user Username compression on|off

Username

Name of a network user.

on

Enables compression. The PortMaster tries to negotiate both Van Jacobson and Stac LZS compression on PortMaster 3 and Office Router products, or Van Jacobson compression only on other PortMaster products. This is the default.

off

Disables compression.

Usage

Van Jacobson TCP/IP header compression can be used for SLIP and PPP connections. With SLIP, both sides need to be configured identically. For PPP connections, the PortMaster supports both bidirectional and unidirectional compression.

Example

Command> set user joe compression on

 

Username:

joe

Type:

Dial-in Network User

Address:

Negotiated

Netmask:

0.0.0.0

Protocol:

SLIP

Options:

Quiet, Compression

MTU:

1006

 

  

set user dialback

This command sets the callback telephone number for a callback login user, or the location for a callback network user.

set user Username dialback|callback Locname|String|none

Username

Username of a login user or network user.

dialback|callback

Keywords dialback and callback are synonyms and generate the same result.

Locname

Network user location name that is in the location table. Locname must be between 1 and 12 characters in length.

String

Login user callback telephone number-a maximum of 32 characters.

none

Disables callback for this user, who then becomes a normal login or network user.

Usage

To set callback for a login user, enter the string of characters that follows the Hayes-compatible ATDT command to return the user's call. If you enter a telephone number, the user is changed to a callback login user.

To set a callback for a network user, enter the name of the location-already in the location table-to which the PortMaster establishes a network connection back to the user.

Examples

Command> set user sam dialback 5551212

 

Username:

sam

Type:

Login User

Host:

default

Login Service:

portmaster

Dialback No:

5551212

 

  

 

Command> set user mario dialback office

 

Username:

mario

Type:

Dialback Network User

Location:

office

 

  

See Also

set S0 dialback_delay - page 5-17

set user host

This command indicates the login host for the login user.

set user Username host default|prompt|Ipaddress

Username

Username of a login user.

default

Connects the user to the default host for the serial port.

prompt

Allows the user to select a host (by IP address or name) to begin a login session.

Ipaddress

Connects the user to the specified IP address, or 39-character hostname.

Usage

The login host parameter defines the host to which the user is connected. If you set the user login host in the user table, prompts are displayed in the following order:

login:

prompt:

host:

Setting the IP address to 0.0.0.0 sets the host to the default.

Example

Command> set user jack host 192.168.1.2

 

Username:

jack

Type:

Login User

Host:

192.168.1.2

Login Service:

portmaster

See Also

set S0 host - page 5-22

set user idle

This command sets the length of time the line can be idle-in both directions-before the PortMaster disconnects the user.

set user Username idle Number [minutes|seconds]

Username

Name of a user.

idle Number

Timeout value from 0 to 240. The default value is 0.

minutes

Sets the idle time in minutes. This is the default.

seconds

Sets the idle time in seconds.

Usage

If the idle time value is set to 0, the idle timer is disabled. If the value is set to 2 seconds or a longer interval, the user is disconnected after there is no traffic for the designated time.

You can set user idle timeout in the user table using this command, or you can use the RADIUS Idle-Timeout attribute. The RADIUS attribute is specified in seconds, but when greater than 240 seconds it is rounded up to minutes by the PortMaster.

Examples

Command> set user joe idle 30

 

Username:

joe

Type:

Dial-in Network User

Address:

Negotiated

Netmask:

0.0.0.0

Protocol:

PPP

Options:

Quiet, Compression

MTU:

1500

Async Map:

00000000

Port Limit:

2

Idle Timeout:

30

See Also

set user session-limit - page 13-23

set user ifilter

This command sets the input packet filter for packets entering the PortMaster on the interface established by the network user.

set user Username ifilter [Filtername

Username

Name of a user.

Filtername

Input filter name. The maximum is 15 characters.

]

Usage

When an input packet filter is specified, all packets received from the serial interface are evaluated against the rule set for this filter, which has been defined and is in the filter table. Only packets that are permitted by this filter are allowed to enter the PortMaster.

An access control filter, using a valid filter name from the filter table, can be set for login users to restrict which hosts they can log into, as follows:

Example

Command> set user joe ifilter student.in

 

Username:

joe

Type:

Dial-in Network User

Address:

Negotiated

Netmask:

0.0.0.0

Protocol:

SLIP

Options:

Quiet, Compression

MTU:

1006

 

  

Packet Filters:

student.in/

 

  

See Also

add filter - page 15-4

set user host prompt - page 13-10

set user ofilter - page 13-19

set user ipxnet

This command sets the IPX network number for the user's network connection.

set user Username ipxnet Ipxnetwork

Username

Name of a network user.

Ipxnetwork

Number of IPX network to be used for a serial link-a 32-bit hexadecimal value.

Usage

The PPP protocol must be used with IPX. If you set the IPX network number to OXFFFFFFFE, the PortMaster dynamically assigns an IPX network for the user by using an address from the assigned pool as an IPX network number.

Example

Command> set user hideo ipxnet ox0f012345

 

IPX network set to F012345

 

  

Username:

hideo

Type:

Dial-in Network User

Address:

Assigned

Netmask:

255.255.255.0

IPX Network:

0F012345

 

  

Protocol:

PPP

Options:

Quiet, Listen

MTU:

1500

 

  

See Also

set assigned_address - page 3-3

set ipx on - page 3-8

set user local-ip-address

This command sets the IP address of the PortMaster serial port to the IP address of a network user.

set user Username local-ip-address Ipaddress

Username

Name of a network user.

Ipaddress

IP address. A hostname is not accepted.

Usage

This function is not available in RADIUS. This command is not needed for typical PortMaster operation.

This command is used to create a dial-out point-to-point network connection when both ends require an IP address.

Note ¯ The point-to-point connection is a network of two nodes and requires its own IP subnet.

Example

Command> set user rani local-ip-address 192.168.96.6

Username:

rani

Type:

Dial-in Network User

Address:

Negotiated

Netmask:

0.0.0.0

Lcl Address:

192.168.96.6

 

  

Protocol:

PPP

Options:

Quiet, Compression

MTU:

1500

Async Map:

00000000

See Also

set user destination - page 13-6

set reported_ip - page 3-18

set user map

This command sets the PPP asynchronous map to replace nonprinting ASCII characters found in the data stream.

set user Username map Hex

Username

Name of a network user.

Hex

A 32-bit hexadecimal number. The default is 0x00000000.

Usage

The PPP protocol supports the replacement of nonprinting ASCII data in the PPP stream. These characters are not sent through the line, but instead are replaced by a special set of characters that the remote site interprets as the original characters. The PPP asynchronous map is a bit map of characters that should be replaced. The lowest-order bit corresponds to the first ASCII character NUL and so on. Most environments should use the default. This command does not apply to the Serial Line Internet Protocol (SLIP).

The command set user Username map 0 disables the asynchronous mapping.

Example

Command> set user joe map 0x00009000

 

Username:

joe

Type:

Dial-in Network User

Address:

Negotiated

Netmask:

0.0.0.0

Protocol:

PPP

Options:

Quiet, Compression

MTU:

1500

Async Map:

0x00009000

Packet Filters:

student.in/student.out

 

set user maxports

This command, if set, limits the number of network dial-in ports the user can use on the PortMaster for Multilink V.120, Multilink PPP, and asynchronous multiline load-balancing.

set user Username maxports Number

Username

Name of a user.

Number

Number between 0 and 64.

Usage

If the number of dial-in ports is left unconfigured, port limits are not imposed and PortMaster multiline load-balancing, Multilink V.120, and Multilink PPP sessions are allowed. You can also set the dial-in port limit using the RADIUS Port-Limit attribute.

Example

Command> set user joe maxports 2

 

Username:

joe

Type:

Dial-in Network User

Address:

Negotiated

Netmask:

0.0.0.0

Protocol:

PPP

Options:

Quiet, Compression

MTU:

1500

Async Map:

00000000

Port Limit:

2

Idle Timeout:

0

See Also

set location maxports - page 14-16

set user mtu

This command sets the maximum transmission unit (MTU) for the network user.

set user Username mtu MTU

Username

Name of a network user.

MTU

MTU value from 100 to 1500 bytes.

Usage

The MTU defines the largest frame or packet that can be sent, without fragmentation. A packet that exceeds this value is automatically fragmented if IP, or discarded if IPX. PPP connections have a maximum MTU of 1500 bytes, and SLIP connections have a maximum of 1006 bytes.

Example

Command> set user joe mtu 1500

 

Username:

joe

Type:

Dial-in Network User

Address:

Negotiated

Netmask:

0.0.0.0

Protocol:

PPP

Options:

Quiet, Compression

MTU:

1500

Async Map:

00000000

Packet Filters:

student.in/student.out

 

See Also

set user protocol - page 13-21

set user netmask

This command defines the netmask of the user's system on the remote end of the connection.

set user Username netmask Ipmask

Username

Name of a network user.

Ipmask

IP netmask in dotted decimal notation.

Usage

Enter the netmask number in dotted decimal notation. For more information, see the section on netmasks in the PortMaster Configuration Guide.

Example

Command> set user jaime netmask 255.255.255.0

 

Username:

jaime

Type:

Dial-in Network User

Address:

Assigned

Netmask:

255.255.255.0

Protocol:

SLIP

Options:

Quiet, Listen

MTU:

1006

 

  

See Also

set user-netmask - page 10-13

set user ofilter

This command sets the output packet filter for packets leaving the PortMaster on the interface established by this dial-in network user.

set user Username ofilter [Filtername

Username

Name of a network user.

Filtername

Output filter name. The maximum is 15 characters.

]

Usage

When an output packet filter is specified, packets being sent to the serial interface are evaluated against the rule set for this filter, which has been defined and is in the filter table. Only packets that are permitted by this filter are allowed to leave the PortMaster.

You remove the filter by entering the command without a filter name.

Note ¯ This command does not apply to login users.

Example

Command> set user joe ofilter student.out

 

Username:

joe

Type:

Dial-in Network User

Address:

Negotiated

Netmask:

0.0.0.0

Protocol:

SLIP

Options:

Quiet, Compression

MTU:

1006

 

  

Packet Filters:

/student.out

 

  

See Also

set user ifilter - page 13-12

add filter - page 15-4

set user password

This command sets the password for a login user or network user.

set user Username password Password

Username

Username of a login user or network user.

Password

User password of 0 through 16 characters.

Usage

As shown in the example, the password is not displayed by any of the responses to a set or show command.

Example

Command> set user marie password zasq2-ab

 

Username:

marie

Type:

Dial-in Network User

Address:

Negotiated

Netmask:

0.0.0.0

Protocol:

SLIP

Options:

Quiet, Listen

MTU:

1006

 

  

set user protocol

This command sets the transport protocol for a network user.

set user Username protocol slip|ppp|x75-sync

Username

Name of a network user.

slip

SLIP protocol. This is the default.

ppp

PPP protocol.

x75-sync

X.75 protocol.

Usage

If a nonzero IP address is set for a network user using PPP, IP is routed. If a nonzero IPX network is set for the user, IPX is routed.

Example

Command> set user mario protocol ppp

 

Username:

mario

Type:

Dial-in Network User

Address:

Negotiated

Netmask:

0.0.0.0

Protocol:

PPP

Options:

Quiet, Listen

MTU:

1500

Async Map:

Ox00000000

See Also

set S0 network dialin - page 5-34

set user service

This command selects the login service for the login user.

set user Username service netdata|portmaster|rlogin|telnet [Tport]

Username

Name of a login user.

netdata

Uses a netdata connection (TCP clear channel).

portmaster

Uses the PortMaster login service to connect to in.pmd on login host. This is the default.

rlogin

Uses the rlogin protocol to connect to the login host.

telnet

Uses Telnet to connect to the login host.

Tport

Designated TCP port on the host, a 16-bit number from
1 through 65535. The default is 23.

Example

Command> set user sam service rlogin

 

Username:

sam

Type:

Login User

Host:

default

Login Service:

rlogin (513)

See Also

set S0 service_login - page 5-44

set user session-limit

This command sets the maximum length of a session permitted before the PortMaster disconnects the user.

set user Username session-limit Minutes

Username

Name of a user.

Minutes

Session limit in minutes, any value from 0 to 240.
The default is 0.

Usage

You can set the user session limit in the user table using this command, or you can use the RADIUS Session-Timeout attribute. The RADIUS attribute is specified in seconds, but is rounded up to minutes by the PortMaster.

Examples

Command> set user joe session-limit 60

 

Username:

joe

Type:

Dial-in Network User

Address:

Negotiated

Netmask:

0.0.0.0

Protocol:

PPP

Options:

Quiet, Compression

MTU:

1500

Async Map:

00000000

Port Limit:

2

Idle Timeout:

30

Session Lim:

60

 

  

See Also

set user idle - page 13-11

show table user

This command shows the current users in the user table.

show table user

Example

Command> show table user

 

  


Name


Type


Address/Host

Netmask/
Service


RIP

------

-----------------

-------------------

---------------

----

bill

Netuser

Assigned

ffffff00

No

hideo

Dialback User

default

Telnet

 

marie

Netuser

192.168.1.74

ffffffff

No

kwasi

Login User

default

PortMaster

 

jill

Netuser

Negotiated

ffffffff

Yes

See Also

show user - page 13-25

show user

This command shows the configuration of the specified user.

show user Username

Username

A username of 1 through 8 characters.

Example

Command> show user jack

 

Username:

jack

Type:

Login User

Host:

default

Login Service:

portmaster

See Also

show table user - page 13-24

 


[Top] [Table Of Contents] [Prev] [Next] [Index]

spider@livingston.com
Copyright © 1998, Lucent Technologies. All rights reserved.