Expand Accelarator - Exos4.0UserGuide

Expand Networks
ExpandOS 4.0
User's Guide
US Headquarters
103 Eisenhower Parkway
Roseland, NJ 07068
Telephone: +1-973-618-9000
Toll Free: +1-888-892-1250

Fax: +1-973-618-9254
© 2001 Expand Networks

Publication No. 99-123-24-08/01
ExpandOS 4.0 User's Guide
ii
Important Notice
This guide is delivered subject to the following conditions and restrictions:
! This guide contains proprietary information belonging to Expand
Networks Inc. Such information is supplied solely for the purpose of
assisting explicitly and properly authorized users of the Expand product
series.
! No part of its contents may be used for any other purpose, disclosed to
any person or firm or reproduced by any means, electronic,
photographic or mechanical, without the express prior written
permission of Expand Networks, Inc.
! The text and graphics are for the purpose of illustration and reference
only. The specifications on which they are based are subject to change
without notice.
! The software described in this guide is furnished under a license. The
software may be used or copied only in accordance with the terms of
that agreement.
! Information in this guide is subject to change without notice. Corporate
and individual names and data used in examples herein are fictitious
unless otherwise noted.
Copyright© 2001 Expand Networks Inc. All rights reserved.

ExpandOS 4.0™, ACCELERATOR 2700™, ACCELERATOR 4000™ and
Adaptive Packet Compression™ are trademarks of Expand Networks Inc.
Flex 2.5™ includes software developed by the University of California,

Berkeley and its contributors. Copyright© 1990, The Regents of the
University of California. All rights reserved.
Other company and brand product and service names are trademarks or
registered trademarks of their respective holders.
Terms and Conditions of Sale
iii

PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE
PRODUCT. BY USING THE PRODUCT YOU AGREE TO BE BOUND BY THE TERMS AND
CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE WITH THE PROVISIONS OF
THESE TERMS AND CONDITIONS, PROMPTLY RETURN THE UNUSED PRODUCTS,
MANUAL, AND RELATED EQUIPMENT (WITH PROOF OF PAYMENT) TO THE PLACE OF
PURCHASE FOR A FULL REFUND.
Acceptance
These terms and conditions of sale ("Terms and Conditions") are the terms and conditions upon which
Expand Networks, Ltd. and its affiliates and subsidiaries (together "Expand") make all sales. Expand
will not accept any other terms and conditions of sale, unless Purchaser and Expand have executed an
agreement that expressly supersedes and replaces these Terms and Conditions. Acceptance of all
purchase orders is expressly made conditional upon Purchaser's assent, expressed or implied, to the
Terms and Conditions set forth herein without modification or addition. Purchaser's acceptance of these
Terms and Conditions shall be indicated by Purchaser's acceptance of any shipment of any part of the
items specified for delivery (the "Products") or any other act or expression of acceptance by Purchaser.
Expand's acceptance is expressly limited to the Terms and Conditions hereof in their entirety without
addition, modification or exception, and any term, condition or proposals hereafter submitted by
Purchaser (whether oral or in writing) which is inconsistent with or in addition to the Terms and
Conditions set forth hereon is objected to and is hereby rejected by Expand.
Price and Payment

The Purchaser agrees to pay the purchase price for the Products as set forth in Expand's invoice on the
date of installation. Purchaser shall bear all applicable federal, state, municipal and other government
taxes (such as sales, use and similar taxes), as well as import or customs duties, license fees and similar
charges, however designated or levied on the sale of the Products (or the delivery thereof) or measured
by the purchase price paid for the Products. (Expand's prices set forth on the front side of the invoice
does not include such taxes, fees and charges.) Unless otherwise specified, payment terms are COD in
United States Dollars. Expand, at its discretion, may require reasonable advance assurances of payment
through irrevocable bank letters of credit or otherwise. All unpaid invoices shall bear interest at an
amount equal to 1-1/2% of the outstanding balance per month (or the maximum rate of interest allowed
to be contracted for by law, whichever is less), commencing upon the date payment is due. Expand shall
have no continuing obligation to deliver Products on credit, and any credit approval may be withdrawn
by Expand at any time and without prior notice.
Title and Security Interest

Title to the Products shall vest in the Purchaser upon date of shipment of the Products to Purchaser.
Expand shall retain a security interest in the Products until the Products price and all other monies
payable hereunder are paid in full. The Purchaser shall execute, upon request by Expand, financing
statements deemed necessary or desirable by Expand to perfect its security interest in the Products.
Purchaser authorizes Expand to file a copy of the invoice, these Terms and Conditions or a financing
statement with the appropriate state authorities at any time thereafter as a financing statement in order to
perfect Expand's security interest. A financing statement may be filed without Purchaser's signature on
the basis of Expand's invoice or these Terms and Conditions where permitted by law. Purchaser shall
keep the Products in good order and condition until the purchase price has been paid in full and shall
promptly pay all taxes and assessments upon the Products or use of the Products.
iv
Risk of Loss
Risk of loss or damage to the Products shall pass to the Purchaser upon delivery of the Products to the
common carrier, regardless of whether the purchase price has been paid in full. Unless advised
otherwise, Expand may insure the Products shipped to full value and all such insurance costs shall be
for the Purchaser's account. The Purchaser shall inspect the Products immediately upon receipt and shall
promptly file any applicable claims with the carrier when there is evidence of damage during shipping.
Warranty
EXPAND WARRANTS TO THE PURCHASER FOR A PERIOD OF NINETY (90) DAYS FROM
SHIPMENT THAT THE PRODUCTS SHALL BE FREE FROM DEFECTS IN MATERIAL AND
WORKMANSHIP AND SHALL PERFORM IN SUBSTANTIAL CONFORMANCE WITH
SPECIFICATIONS PUBLISHED BY EXPAND. EXPAND'S OBLIGATIONS UNDER THESE
TERMS AND CONDITIONS SHALL BE LIMITED SOLELY TO EXPAND MAKING, AT
EXPAND'S COST AND EXPENSE, SUCH REPAIRS AND REPLACEMENTS AS ARE
NECESSARY TO PLACE THE PRODUCTS IN GOOD WORKING ORDER AND TO CONFORM
THE PRODUCTS TO EXPAND'S PUBLISHED SPECIFICATIONS. THIS WARRANTY IS IN LIEU
OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT
LIMITATION, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE.
Product Returns
Return of Products purchased hereunder shall be governed by Expand's RMA policies in effect on the
date of the invoice. Expand reserves the right to modify or eliminate such policies at any time. The right
to return defective Products, as previously described, shall constitute Expand's sole liability and
Purchaser's exclusive remedy in connection with any claim of any kind relating to the quality, condition
or performance of any Product, whether such claim is based upon principles of contract, warranty,
negligence or other tort, breach of any statutory duty, principles of indemnity or contribution, the failure
of any limited or exclusive remedy to achieve its essential purpose, or otherwise. In the event Expand
issues a return authorization to Purchaser allowing Purchaser to return Product to Expand, Purchaser
will deliver the Product to Expand's address in the United States, if so required by Expand, and
Purchaser shall bear all applicable federal, state, municipal and other government taxes (such as sales,
use and similar taxes) as well as import or customs duties, license fees and similar charges, however
designated or levied, on any replacement Product to be shipped by Expand to Purchaser.
License Grant
The Products, though primarily composed of hardware components, contain software that is proprietary
to Expand or its licensors. Expand hereby grants to Purchaser, and Purchaser accepts, a personal
nonexclusive, nontransferable license to use the Program, in object code form only, and the
accompanying documentation (collectively referred to as the "Software") only as authorized in these
Terms and Conditions. The Software is licensed for Purchaser's internal use and the Software or any
derivative or by-product of the Software may not be used by, sub-licensed, re-sold, rented or distributed
to any other party. Purchaser agrees that Purchaser will not assign, sublicense, transfer, pledge, lease,
rent, or share Purchaser's rights under these Terms and Conditions. Purchaser shall not copy, modify,
reverse assemble, reverse engineer, reverse compile, or otherwise translate all or any portions of the
Software. The Software and the Documentation are proprietary to Expand and are protected under U.S.
and international copyright, trademark, trade secret and patent laws. All right, title, and interest in and to
the Software, including associated intellectual property rights, are and shall remain with Expand.
v
Limitation of Liability
In no event shall Expand be liable for loss of profits, indirect, special, incidental, or consequential
damages (including, without limitation, loss of use, income or profits, losses sustained as a result of
personal injury or death, or loss of or damage to property including, but not limited to, property handled
or processed by the use or application of the products) arising out of any breach of these Terms and
Conditions or obligations under these Terms and Conditions. Expand shall not be liable for any
damages caused by delay in delivery, installation, or furnishing of the Products hereunder. No action
arising out of any claimed breach of these Terms and Conditions or transactions under these Terms and
Conditions may be brought by either party more than two years after the cause of action has accrued.
Expand's liability under these Terms and Conditions shall in no event exceed the purchase price of the
Products.
Default
The failure of the Purchaser to perform its obligations under these Terms and Conditions including but
not limited to payment in full of the purchase price for the Products, or the filing of any voluntary or
involuntary petition under the Bankruptcy Code, insolvency, assignment for the benefit of creditors, or
liquidation of the Purchaser's business shall constitute a default under these Terms and Conditions and
shall afford Expand all the remedies of a secured party under the Uniform Commercial Code. In the
event of default, Expand may, with or without demand or notice to Purchaser, declare the entire unpaid
amount immediately due and payable, enter the premises where the Products is located and remove it,
and sell any or all the Products as permitted under applicable law. Expand may, in addition to any other
remedies which Expand may have, refuse to provide service on the Products under any applicable
maintenance agreement relating to the Products then in effect between the parties at the time of the
default.
Indemnity
Expand shall defend or settle any suit or proceeding brought against Purchaser based on a claim that
Products sold hereunder constitutes an infringement of any existing United States patent, copyright or
trade secret providing that Expand is notified promptly in writing and is given complete authority and
information required for the defense. Expand shall pay all damages and costs awarded against
Purchaser, but shall not be responsible for any cost, expense or compromise incurred or made by
Purchaser without Expand's prior written consent. If any Products is in the opinion of Expand likely to
or does become the subject of a claim for patent infringement, Expand may, at its sole option, procure
for the Purchaser the right to continue using the Products or modify it to become non-infringing. If
Expand is not reasonably able to modify or otherwise secure the Purchaser the right to continue using
the Products, Expand shall remove the Products and refund the Purchaser the amounts paid in excess of
a reasonable rental for past use. Expand shall not be liable for any infringement or claim based upon use
of the Products in combination with other Products or with software not supplied by Expand or with
modifications made by the Purchaser.
vi
General
Expand shall not be liable for Expand's failure to perform or for delay in performance of Expand's
obligations under these Terms and Conditions if such performance is prevented, hindered or delayed by
reason of any cause beyond the reasonable control of Expand. These Terms and Conditions and the
rights and duties hereunder shall not be assignable by either party hereto except upon written consent of
the other. Purchaser agrees to pay to Expand any reasonable attorney's fees and other costs and expenses
incurred by Expand in connection with the enforcement of these Terms and Conditions. These Terms
and Conditions and performance hereunder shall be governed by and construed in accordance with the
laws of the State of New York. Each party acknowledges that it has read, fully understands and agrees
to be bound by these Terms and Conditions, and further agrees that it is the complete and exclusive
statement of the agreement between the parties, which supersedes and merges all prior proposals,
understandings and all other agreements, oral and written, between the parties relating to the subject
matter of these Terms and Conditions. These Terms and Conditions may not be modified or altered
except by a written instrument duly executed by both parties. If any provision of these Terms and
Conditions shall be held to be invalid, illegal or unenforceable, the validity, legality and enforceability
of the remaining provisions shall in no way be affected or impaired thereby. The failure of either party
to exercise in any respect any right provided for herein shall not be deemed a waiver of any right
hereunder.
Table of Contents
vii
About This Guide

This guide describes the Expand ACCELERATOR product series and
configuration procedures for ExpandOS.
This guide contains the following chapters:

! Chapter 1, Introducing the ACCELERATOR Series, provides an
overview of the ACCELERATOR product series, and describes the
installation procedures necessary to access the configuration options.
! Chapter 2, Initial Configuration, describes the initial configuration
procedures needed for ExpandOS.
! Chapter 3, Configuring the ACCELERATOR, describes how to
configure parameters for the ACCELERATOR's serial interfaces in
point-to-point and multipoint configurations. It similarly describes how
to define route rules for data packets, and how to configure
multiplexing for ExpandOS.
! Chapter 4, Quality of Service, describes the various queuing methods
that can be configured for use with the ACCELERATOR, enabling
higher-priority traffic to receive necessary bandwidth.
! Chapter 5, SNMP, describes how to configure the Simple Network
Management Protocol for use with the ACCELERATOR.
! Chapter 6, Web UI, describes the ExpandOS Web user interface, a
new, user-friendly method of configuring the parameters of the
ACCELERATOR.
! Chapter 7, RMON, describes Remote Monitoring, focusing on
specifications and groups.
! Chapter 8, Access Authentication, describes the various methods for
ensuring security within ExpandOS.
! Chapter 9, Configuring Supplementary Services, describes the
various supplementary services that are serviced by the Expand
ACCELERATOR product series, and how to configure them.
viii
! Chapter 10, Upgrading ExpandOS, describes how to upgrade

ExpandOS to newer versions, using standard TFTP.
! Chapter 11, Command Reference, provides a reference for the
commands that are available for configuration of the ACCELERATOR.
! Chapter 12, LAN Resilience, describes HSRP configuration.
Introducing the ACCELERATOR Series
1-1
I ntroducing the Accelerator Series

Chapter 1
Introducing the
ACCELERATOR
Series
About This Chapter
This chapter provides an introduction to Expand's ACCELERATORs and

how they fit into a communications network. It also describes how to
access the ACCELERATOR configuration options.
This chapter includes the following sections:

! What are ACCELERATORs?, page 1-2, provides an overview of the
Expand ACCELERATOR Series, and illustrates why
ACCELERATORs provide an effective solution for increased network
performance.
! ACCELERATOR Connection to a Network, page 1-7, describes
how ACCELERATORs are installed in an existing network.
! Configuration and Management, page 1-7, provides a basic
introduction to the range of configuration and management options
provided by the ACCELERATOR's operating system, ExpandOS.
! Installing the ACCELERATOR, page 1-8, describes where to find
installation information.
! Connecting to the Console, page 1-8, describes how to connect the
ACCELERATOR to a console.
1-2
What are ACCELERATORs?

ACCELERATORs are devices that enable the transparent acceleration of
data transmitted over a WAN. The ACCELERATORs dramatically expand
the bandwidth of existing WAN lines, while maintaining full transparency,
data integrity and network fairness. In fact, enterprise bandwidth can be
increased by as much as 100% to 400%.
This is very significant in today's IT world, in which the need for increased
bandwidth is a fact of life. Corporations see bandwidth as a strategic
communications resource that enables their business-critical applications to
run unhindered.
The challenge is to have the capacity to transmit ever-increasing amounts

of data in the shortest amount of time. The problem is that constantly
acquiring more bandwidth incurs recurring costs. Other solutions, such as
data compression, bandwidth management and protocol "enhancement"
have therefore been sought in order to address the need for increased
available bandwidth, with minimal costs.
The Expand ACCELERATOR Series offers an effective solution for

improving network performance. It provides a means of dramatically
expanding the effective bandwidth of existing WAN lines and multiplying
throughput, with a one-time financial outlay only.
1-3
How the ACCELERATOR Works

The ACCELERATOR is a device that can be seamlessly integrated into an
existing network. The enhanced network options possible with the
ACCELERATOR include point-to-point over a private WAN link, and
point-to-multipoint over a Frame Relay line.
Private Line Network

In an ACCELERATOR-enhanced network on a private WAN link, two
ACCELERATORs are used. One ACCELERATOR is positioned at each
end of the line, between the WAN termination product (for example,
CSU/DSU) and the router.
The following diagram shows a typical installation of a T1 private line

equipped with the ACCELERATOR 4000:
A data packet is passed from the router to the ACCELERATOR, where it is

accelerated using Expand Networks' unique Enterprise Caching technology.
The packet is transmitted over the WAN and reaches the second
ACCELERATOR. Here, the packet is reconstructed, and then passed to the
router and on to its final destination, arriving with no modification to the
packet whatsoever.
1-4
Frame Relay Network

In an ACCELERATOR enhanced network on a Frame Relay line, an
ACCELERATOR can be positioned at each end of each permanent virtual
circuit (PVC) on the WAN, between the CSU/DSU and the router.
The ACCELERATOR automatically identifies if there is another

ACCELERATOR at the other side of the PVC and handles the data
accordingly. If there is no unit at the other side, the ACCELERATOR
sends the data packets unaccelerated.
The following diagram shows typical integration of ACCELERATORs in a

Frame Relay network:
4000 2700
Frame Relay
Network
Public or Private
2700 2700
Each ACCELERATOR can synchronize with every other

ACCELERATOR on the network, provided that there is a PVC established
between the sending location and the destination. A data packet is passed
from the router to the ACCELERATOR, where it is accelerated using
Enterprise Caching technology. The packet is then transmitted over the
appropriate PVC on the WAN, and reaches the ACCELERATOR at the
required destination location. Here, the packet is reconstructed, and then
passed to the router and on to its final destination, arriving with no
modification to the packet.
The possible number of PVCs handling accelerated data in a network is

determined by the memory capacity of the ACCELERATOR. The possible
number of unaccelerated PVCs is unlimited.
1-5
LAN Applications

In an ACCELERATOR enhanced IP network, an Expand Networks’
ACCELERATOR can be positioned between the router and the WAN
termination device (e.g. CSU/DSU) or on the LAN side of the router.
The ACCELERATOR can be located either On-Path or On-LAN.

NOTE:
If you have a firewall placed in between the two routers, it is essential that you open
access, in the firewall, for the IPcomp protocol or for the ACCELERATORs’ specific
IP addresses.
On-Path
On-Path configuration places the ACCELERATOR between the LAN and
the router on both sides of the IP network. The data from the LAN segment
passes through the ACCELERATOR before it reaches the router. The
ACCELERATOR changes the destination IP address of the accelerated
data, rerouting it via the far-end ACCELERATOR to be reconstructed
before it is passed on to its final destination IP address. See the sample
On-Path application in the following figure.
PUBLIC NETWORK
ACCELERATOR 4800 ACCELERATOR 4800
Data passes through and is accelerated before it reaches the router. In this
configuration, an internal-bypass circuit short circuits the two LAN ports
making the ACCELERATOR invisible to protect the network in the
unlikely event of failure.
1-6
On-LAN
On-LAN configuration places the ACCELERATOR directly on the LAN
as a host. The ACCELERATOR is considered the next hop for all traffic on
the LAN. The accelerated data is redirected to the far-end
ACCELERATOR where it is reconstructed before it reaches its final IP
address. See the sample On-LAN application in the following figure.
PUBLIC NETWORK
ACCELERATOR 4800
ACCELERATOR 4800
ACCELERATOR 4800
In this configuration, Hot Standby Routing Protocol (HSRP) or Virtual

Router Redundancy Protocol (VRRP) enables the ACCELERATOR to take
part in HSRP/VRRP groups with available routers (or even other available
ACCELERATORs) to provide backup in the rare case of ACCELERATOR
failure.
NOTE:
Usually, one ACCELERATOR is installed on the LAN segment. However, if
resilience is to be enhanced, two ACCELERATORs can be installed. Resilience
methods are discussed in the ExpandOS User’s Guide, version 4.0.
1-7
ACCELERATOR Connection to a

Network
An ACCELERATOR can be added to a network with minimal changes.
Each ACCELERATOR connects to the WAN using an industry-standard
interface, such as V.35, X.21, RS-530, DDS, T1 or E1.
NOTE:
Refer to the ACCELERATOR Series Hardware Installation Guide for information
about interface availability.
In a standard network configuration, one or more private or Frame Relay
lines provide point-to-point or point-to-multipoint connectivity between
various locations. Each line is likely to be connected to a router.
Acceleration on a line is achieved by connecting an ACCELERATOR at
each end of the line, or at either end of each PVC. The router may be
connected to the ACCELERATOR using one or two serial links. The
ACCELERATOR is completely transparent – the router is not aware of its
existence.
Configuration and Management

ExpandOS can be managed either via a connected console, via SNMP or
via the Web User Interface.
The ACCELERATOR operating system, ExpandOS, provides a wide range

of management features. Most of these features are used for monitoring
purposes, since only minimal configuration is required.
The ACCELERATOR requires some basic initial configuration in order to

function. This configuration is performed locally using an RS-232 console,
and includes specifying the ACCELERATOR's IP address. The initial
configuration also involves defining passwords, and the time and date at the
ACCELERATOR site.
1-8
Installing the ACCELERATOR

The installation and connection procedures for the ACCELERATOR and
its cables, together with physical descriptions of the hardware, can be found
in the relevant ACCELERATOR Series Hardware Installation Guide for
your ACCELERATOR model.
Connecting to the Console

After the ACCELERATOR is mounted on a rack or tabletop and the
required cables are connected to the back panel, the ACCELERATOR
should be connected to a console in order to access ExpandOS
configuration options. Use a local RS-232 terminal, such as
HyperTerminal, connected to the Console port on the back panel of the
ACCELERATOR.
1-9
! To connect the console interface:

1 Connect the console cable to the console port and fasten the screws on
the connector.
2 Connect the cable to the console terminal (an ASCII terminal or a PC
running terminal emulation software).
NOTE:
The diagram below shows the back panel of the ACCELERATOR 4000 as an
example.
Accelerator 4000
Console Port
PC
1-10
Initial Configuration
2-1
Chapter 2
I nitial Configuration
Initial
Configuration
About This Chapter
Following successful installation of the hardware, the ACCELERATOR is

powered on. It is then necessary to configure the ACCELERATOR via the
ACCELERATOR operating system, ExpandOS. The required parameters
are accessed using a local RS-232 console, since the first time that
ACCELERATOR is configured, it does not have an IP address. The cable
from the console is connected to the console port on the back panel of the
ACCELERATOR, as described in Chapter 1, Introducing the
ACCELERATOR Series.

! Accessing Configuration Options, page 2-2.
! Defining the IP Address and the Default Gateway, page 2-4.
! Writing the Configuration to the Flash, page 2-5.
! Configuring Passwords, page 2-6.
! Configuring the Time and Date, page 2-6.
! Configuring the Modem, page 2-7.
! Monitoring the Power Supplies, page 2-9.
! Setting the Configuration Defaults, page 2-10.
2-2
Accessing Configuration Options

! To access configuration options:
1 Run your terminal-based application, configuring it as follows:
Baud rate: 9600 bps
Parity: none
Data bits: 8
Stop bits: 1
2 Connect to ExpandOS Command Line Interface (CLI). Press <Enter>
several times until the Expand prompt is displayed:
Password:
Expand>
NOTE:
A > symbol at the end of the Expand prompt indicates that configuration
options are disabled.
3 Type enable, and press <Enter> to enable configuration. You will be
prompted for your password.
4 Type Expand (this is the factory default password) and press <Enter>.
A # symbol at the end of the prompt indicates that configuration
options are enabled, as shown below.
Password:
Expand>
Expand>enable
Password:
Expand#
NOTE:
It is recommended that you change the password. For further information, refer
to Configuring Passwords, on page 2-6.
2-3
5 In Enable mode, type configure terminal, and press <Enter>.

The Expand prompt is now followed by (config), indicating that
ExpandOS is now in Primary Configuration mode, as shown below:
Password:
Expand>
Expand>enable
Password:
Expand#
Expand #configure terminal
Expand (config)#
NOTE:
When entering commands, you can type in a unique command prefix instead
of the full command word and ExpandOS will recognize the command. For
example, type conf for configure. If you press <Tab> after typing the
unique prefix, the full command word will be displayed.
2-4
Defining the IP Address and the Default

Gateway
The IP address and default gateway of ExpandOS must be defined to enable
remote management.
! To define the IP address:
1 In Primary Configuration mode, as described on page 2-3, type
interface ethernet 0 (when using the ACCELERATOR
4000), and press <Enter>. The eth0 prompt is displayed.
NOTE:
Ethernet 0 is the LAN interface connected to the LAN for management
purposes.
6 Type ip address, followed by a space, then the actual IP address,
space, and then the subnet mask, for example,
ip address 10.0.214.3 255.0.0.0, and press <Enter>, as
follows:
Password:
Expand>
Expand>enable
Password:
Expand#
Expand #configure terminal
Expand (config)#
Expand (config)#interface ethernet 0
Expand (eth0)#ip address 10.0.214.3 255.0.0.0
Expand (eth0)#
! To define the default gateway:

1 Press <Control-Z> to return to Primary Configuration mode.
2 Type route-rules, and press <Enter> to enter Route Rules
configuration mode. The route-rules prompt is displayed.
2-5
3 Type ip default-gateway, followed by a space, and then the IP

address, as follows:
Expand (eth0)#^z
Expand (config)#route-rules
Expand (route-rules)#ip default-gateway 10.0.0.1
Expand (route-rules)#
3 Press <Enter>.
NOTE:
The configuration must be saved to the flash in order for it to be available when
ExpandOS is rebooted.
Writing the Configuration to the Flash

ExpandOS has three separate types of memory: RAM used for internal
processing, memory allocated for the cache and Flash memory for software
updates.
ExpandOS maintains its software and configuration on a flash. In order to

ensure that the configuration will be available when the system is rebooted,
it is necessary to write the configuration on the flash.
! To write the configuration to the flash:
1 If you are still in Primary Configuration mode, press <Control-Z> to
return to the Enable prompt.
2 Type write, and press <Enter>. A message is displayed, indicating
that the configuration is being built. A success message is displayed
when the process is complete.
NOTE:
If a fail message is displayed, contact your reseller's technical support
department for assistance.
2-6
Configuring Passwords
Passwords are required in order to access parameters in Enable mode, and
for the initial login. ExpandOS' default password is Expand. It is
recommended that this password be changed during the initial setup
process.
! To configure a password for Initial Login mode:

1 Enter Primary Configuration mode, as described on page 2-3.
2 Type line telnet, and press <Enter>.
3 Type password, then a space followed by the required password, for
example, password ncc1701E, and press <Enter>.
NOTE:
Passwords may consist of letters and numbers, and are case sensitive.
4 To save the password, follow the Writing the Configuration to the

Flash procedure, on page 2-5.
! To configure a password for Enable mode:
2 Type enable, and press <Enter>. The enable prompt is displayed.
3 Type password, a space, and the required password.
4 To save the password, follow the Writing the Configuration to the
Configuring the Time and Date

A time and date of the ACCELERATOR can be defined. This time and date
are used for the internal system requirements of the device (i.e. generating
log files).
! To configure the time and date of the ACCELERATOR:

2-7
2 Type clock, and press <Enter>. The clock prompt is displayed.

3 Type set, then a space followed by the date in dd-mmm-yyyy
format, where mmm represents the first three letters of the month (in
English), for example, 18-Sep-2001.
Type another space, then the time in hh:mm:ss format.
set 04-Jul-2001 10:30:00.
NOTES:
Entering a time is optional.
The time set on the ACCELERATOR can be checked at any time by typing
show clock at the prompt.
The ACCELERATOR has an option to be set to gather time information from
an SNTP server.
4 To save the configuration, follow the Writing the Configuration to the

Configuring the Modem

When you load an ACCELERATOR 4000/2700 with ExpandOS 3.5, you
can connect a modem to the Auxiliary port. Consequently, out-of-band
management can be performed for remote monitoring and configuration.
! To configure the modem:

1 In Primary Configuration mode, as described on page 2-3, type modem,
and press <Enter> to enter Modem configuration mode. The modem
prompt is displayed.
2 Type show, and press <Enter> to view the default modem
configuration. The show prompt and sub-menus are displayed as
follows:
Modem
modemcap default
No Echo <NEC> E0
No Result Codes <NRS> Q1
On Hook <ONH> H0
2-8
3 Type modemcap edit, followed by a space and the name of the

modem. Type another space, then the name of the required modem
setting followed by the modem setting value, and press <Enter>, for
example, modemcap edit Modem_1 NEC E1, to create a new
modem called Modem_1 and set the No Echo setting NEC to E1.
NOTES:
A new modem is created, unless otherwise specified, with the default settings
of NEC set to E0, NRS to Q1 and ONH set to H0.
The name of the modem is case sensitive.
4 Type show, and press <Enter> to view the updated modem
configuration. The show prompt and sub-menus are displayed as
follows:
Modem
modemcap
Modem_1
No Echo <NEC> E1
On Hook <ONH> H0
default
No Echo <NEC> E0
On Hook <ONH> H0
! To alter the modem type:

1 In Enable mode, type line auxiliary, and press <Enter> to enter
Line Auxiliary configuration mode. The line auxiliary prompt is
displayed.
NOTE:
This feature is only available with an ACCELERATOR 4000 loaded with
ExpandOS 3.5.
2 Type modem type, followed by a space and the modem name, and
press <Enter> to alter the modem type.
2-9
NOTES:
The command modem clear line clears the line by sending an initialization
AT string.
The command modem hang up hangs up the connection.
Monitoring the Power Supplies

This feature enables monitoring of the dual power supplies. The events
command enables or disables this function, while the snooze-
interval variable defines the interval between alerts in hours.
With the ACCELERATOR 4000 Revision B, this is conditional upon the

physical existence of two power supplies, and when the show version
command is invoked, the ExpandOS 3.5 displays a message stating the
presence of redundant power supplies.
! To enable monitoring of the power supply and set the

interval between alerts:
1 In Primary Configuration mode, as described on page 2-3, type
power-check, and press <Enter> to enter Power-check mode.
2 Type events on, and press <Enter>, to enable redundant power
check events.
3 Type snooze-interval 24, and press <Enter>, to set the snooze
interval between alerts to 24 hours.
4 Type show, and press <Enter> to view the updated power supplies
configuration:
power-check
events on
snooze-interval 24
2-10
Setting the Configuration Defaults

ExpandOS 3.5 offers three ways to set the configuration file of the
ACCELERATOR:
! reset-factory-default: This command resets the default

configuration by erasing the existing configuration.
! restore-factory-default: This command returns the current
configuration to the default settings.
! set-factory-default: This command ensures that the device
will always startup configured to the factory default settings.
! To set the configuration file of the ACCELERATOR:

1 In Enable mode, type reset-factory-default,
-or-
type restore-factory-default,
-or-
type set-factory-default.
2 Press <Enter>.
Configuring the ACCELERATOR
3-1
Chapter 3
Configuring the
ACCELERATOR
About This Chapter
This chapter describes how to configure interface parameters and routing

rules for the ACCELERATOR.
This chapter includes configuration guides for the following:

! Point to Point Networks
! Frame Relay Networks
! LAN Networks
! On-LAN Applications
! On-Path Applications
This chapter also includes step-by-step detailed procedures for all available
ExpandOS initial configuration options.
Configuration Guides
The following point-to-point, Frame Relay and LAN configuration guides
include sample applications drawings accompanied by sample basic
configuration task lists and commands.
ExpandOS User's Guide
3-2
Point-to-Point Networks
In a point-to-point network, a direct line connects the two
ACCELERATORs, using PPP, HDLC or LAPB encapsulation. The
following drawing shows a typical point-to-point configuration:
Different parameters are configured for the DCE and DTE connections to
the network, as described in the following sections of this chapter.
Sample Point-to-Point Configuration

The following sample configuration is based on the diagram above.
Expand#configure
Expand#interface serial 0/1
Expand(conf-if)#bypass
Expand(config-if)#interface ethernet 0
Expand(conf-if)#ip address 10.30.0.2 255.255.0.0
Expand(config-if)#interface serial 0/0
In X.21 Interfaces ONLY: set port 0/0 on the DTE side to RX External Only
Expand(config-if)#encapsulation autodetect
Expand(conf-if)#interface serial 0/1
Expand(config)#encapsulation autodetect
Expand(conf-if)# exit
3-3
Expand(conf)#route-rules
Expand(route-rules)#bridge route serial 0/0 serial 0/1
Expand(route-rules)#routing-policy bridge-routing-first
Expand(route-rules)#exit
Expand#configure
Expand(conf)#interface serial 0/1
Expand(config-if)#no bypass
Wait a few seconds until the encapsulation has been automatically detected and then perform
the following commands.
Expand(conf-if)#confirm autodetection
Point-to-Point Application Required Task List

! Connect the ACCELERATOR according to instructions in
ACCELERATOR Installation and Operation Guide (Required)
! Manually Activate Bypass Mode, (Optional)
for the duration of the device configuration (in the ACCELERATOR
4000 bypass is on Serial Port 0/1, in the ACCELERATOR 2700 Series,
bypass is on port 0/0)
! Set Ethernet Interface IP Address (Required)
(make sure to set the application’s subnet mask) (port 0 in the
ACCELERATOR 4000, port 3/0 in the ACCELERATOR 2700 Series)
! In X.21 Interfaces ONLY: Set port 0/0 on the DTE side to RX External
Only
! Set Encapsulation Autodetect (Required)
(ports 0/0 and 0/1 in the ACCELERATOR 4000, ports 0/0 and 1/0 in
the ACCELERATOR 2700 Series)
! Set the following Route-Rules
! Define a Bridge Route from 0/0 to 0/1(ACCELERATOR 4000) or
from 0/0 to 1/0 (ACCELERATOR 2700 Series) (Required)
! Define a Bridge Route from 0/1(ACCELERATOR 4000) or from
1/0 (ACCELERATOR 2700 Series) to 0/0 (Required)
3-4
! Set Routing Policy to Bridge Routing First (Required)

! Manually Deactivate Bypass Mode (Optional)
! Confirm Encapsulation Autodetect (Required)
! Write the configuration to the ACCELERATOR
Frame Relay Networks

In a multipoint (Frame Relay) network, an ACCELERATOR can
synchronize with every other ACCELERATOR on the network. If there is
no unit at the other side of a PVC, the ACCELERATOR sends the data
packets unaccelerated.
The following diagram shows a typical Frame Relay configuration:
In a Frame Relay configuration, logical subinterfaces are defined or

autodetected for individual serial interfaces. These subinterfaces relate to
the other connections on the Frame Relay network with which the
ACCELERATOR communicates.
3-5
Each subinterface performs like a point-to-point serial interface, providing

a logical point-to-point connection. Configuration of each subinterface is
performed in the same way as for point-to-point configuration (with the
exception of encapsulation, which is set per entire interface). The physical
serial interface in a Frame Relay configuration acts as a binder for its
subinterfaces, so that commands specified for the serial interface will affect
all its subinterfaces.
Multipoint parameters are configured for the DCE and DTE connections to
the network, as described in Point-to-Point Networks, page 3-1. For the
purpose of the following procedures, Serial Interface 0/0 is configured as an
example. However, these procedures can be used to configure any serial
interface.
Sample Frame Relay Configuration

Expand#configure
Expand#interface serial 0/1
Expand(config-if)#interface ethernet 0
Expand(config-if)#interface serial 0/0
In X.21 Interfaces ONLY: set port 0/0 on the DTE side to RX External Only
Expand(config-if)#encapsulation autodetect
Expand(config)#encapsulation autodetect
Expand(conf-if)# exit
Expand(conf)#route-rules
Expand(route-rules)#routing-policy bridge-routing-first
Expand(route-rules)#exit
Expand#configure
Expand(conf)#interface serial 0/1
3-6
Expand(config-if)#no bypass
Wait a few seconds until the encapsulation has been automatically detected and then perform
the next two commands.
Frame Relay Application Task List

! Manually Activate Bypass Mode, (Optional)
for the duration of the device configuration (in the ACCELERATOR
4000 bypass is on Serial Port 0/1, in the ACCELERATOR 2700 Series,
bypass is on port 0/0)
! Set Ethernet Interface IP Address (Required)
(make sure to set the application’s subnet mask) (port 0 in the
ACCELERATOR 4000, port 3/0 in the ACCELERATOR 2700 Series)
! In X.21 Interfaces ONLY: Set port 0/0 on the DTE side to RX External
Only
! Set Encapsulation Autodetect (Required)
! Define a Bridge Route from 0/0 to 0/1(ACCELERATOR 4000) or
from 0/0 to 1/0 (ACCELERATOR 2700 Series) (Required)
! Define a Bridge Route from 0/1(ACCELERATOR 4000) or from
1/0 (ACCELERATOR 2700 Series) to 0/0 (Required)
! Set Routing Policy to Bridge Routing First (Required)
! Confirm Encapsulation Autodetect (Required)
! Write the configuration to the ACCELERATOR
3-7
LAN Configuration
LAN network configuration can be set up in three different ways:
! ACCELERATORs On-Path
! ACCELERATORs On-LAN
! Mixed configuration, one ACCELERATOR On-LAN and one
ACCELERATOR On-Path
On-Path Network Configuration

On-Path configuration places the ACCELERATOR between the LAN and
the router on both sides of the IP network. The data from the LAN segment
passes through the ACCELERATOR before it reaches the router. The
ACCELERATOR changes the destination IP address of the accelerated
data, rerouting it via the far-end ACCELERATOR to be reconstructed
before it is passed on to its final destination IP address.
For further explanation of On-Path configuration, refer to Chapter 1,

Introducing the ACCELERATOR Series.
The following is a typical On-Path application:
Sample On-Path Configuration

Expand#config
Expand(config)#interface ethernet 0/0
3-8
Expand(conf-if)#interface ethernet 0/1

Expand(conf-if)#mode on-path wan-side connecting ethernet 0/0
Expand(conf-if)#router-ip 10.30.0.1
Expand(config)#interface tunnel 5 ipv4
Expand(conf-tunnel-5)#tunnel source 10.30.0.6
Expand(conf-tunnel-5)#tunnel destination 10.20.0.6
Tunnel ID was set to 5
Source 10.30.0.6
Destination 10.20.0.6
Expand(conf-tunnel-5)#route-rules
Expand(route-rules)#routing-policy on-path-policy
Expand(route-rules)#ip route 10.20.0.0 255.255.0.0 tunnel 5
Expand(route-rules)#ip route 10.20.0.6 255.255.255.255 10.30.0.1
Expand(route-rules)#interface ethernet 0/1
Expand(conf-if)#no bypass
On-Path Application Task List

! Manually Activate Bypass Mode, for the duration of the device
configuration (in the ACCELERATOR 4000 bypass is on Serial Port
0/1, in the ACCELERATOR 2700 Series, bypass is on port 0/0)
(Optional)
! Set Ethernet Interface IP Address for Port 0/0 (Required)
! Set Mode to On-Path (Required)
! Set Router IP to the Next Hop Router (Required)
! Create an IP Tunnel (Required)
! Set IP Tunnel Source to Local ACCELERATOR Port 0/0 IP Address
(Required)
! Set IP Tunnel Destination to Remote ACCELERATOR Port 0/0 IP
Address (Required)
! Set Routing Policy to on-path-policy(Required)
3-9
! Define an IP Route Directing Transmissions Sent to the Far-End

Network into the Tunnel (Required)
! Define an IP Route Directing Tunnel Traffic to the Next Hop Router
(Required)
! Set the IP Default Gateway to the IP Address of the Router
(Required)
On-LAN Network Configuration

On-LAN configuration can be set up in two ways: Basic On-LAN
configuration and On-LAN configuration with HSRP support.
BasicOn-LAN
BasicOn-LAN configuration places the ACCELERATOR directly on the
LAN as a host. The ACCELERATOR is considered the next hop for all
traffic on the LAN. The accelerated data is redirected to the far-end
ACCELERATOR where it is reconstructed before it reaches its final IP
address. See the sample On-LAN application in the following figure.
3-10
Sample Basic On-LAN Configuration

Expand#config
Expand(config)#interface ethernet 0
Expand(conf-if)#mode on-lan
Expand(config)#interface tunnel 5 ipv4
Expand(conf-tunnel-5)#tunnel source 10.30.0.6
Expand(conf-tunnel-5)#tunnel destination 10.20.0.6
Tunnel ID was set to 1
Source 10.30.0.6
Destination 10.20.0.6
Expand(conf-tunnel-5)#route-rules
Expand(route-rules)#routing-policy ip-routing-first
Expand(route-rules)#ip route 10.20.0.0 255.255.0.0 tunnel 5
Basic On-LAN Application Task List

! Set Ethernet Interface IP Address for Port 0
(make sure to set the application’s subnet mask) (Required)
! Verify that the Mode is set to On-LAN
! Create an IP Tunnel (Required)
! Configure IP Tunnel Source IP Address (Required)
! Configure IP Tunnel Destination IP Address (Required)
! Set Routing Policy to IP Routing First (Required)
! Define the IP Default Gateway of the Network as the Router
(Required)
3-11
! Define an IP Route Directing Transmissions Sent to the Far-End

Network into the Tunnel (Required)
! Define an IP Route Directing Tunnel Traffic to the Next Hop Router
(Required)
! Make sure to set the IP Default Gateway of the NT as the
ACCELERATOR (Required)
On-LAN with HSRP

On-LAN with HSRP configuration places the ACCELERATOR directly
on the LAN as a host, as in the Basic On-LAN configuration. The HSRP
feature enables the ACCELERATOR to operate in the HSRP backup group
with other devices to provide backup in the unlikely event of
ACCELERATOR failure.
The following figure depicts a typical ACCELERATOR On-LAN with

HSRP application:
Sample On-LAN with HSRP Configuration

The following sample configuration should be added to the Basic On-
LAN configuration and is based on the diagram above.
3-12
There are two ways to configure HSRP: automatically or manually, as

follows:
Expand#configure
Expand(conf)#interface ethernet 0
Expand(config-if)#hsrp auto-config enable
OR
Expand#configure
Expand(conf)#interface ethernet 0
Expand(conf-if)#hsrp 0 preempt enable
Expand(conf-if)#hsrp 0 priority 101
Expand(conf-if)#hsrp 0 ip 10.30.0.3
On-LAN with HSRP Application Task List

! Make sure to set the IP Default Gateway of the NT as the HSRP group
(Required)
! Auto-Configure HSRP (Optional)
OR
Manually Configure HSRP as follows:

! Set the Preempt status (Required)
! Set the Priority as Higher than the Router (Required)
! Set the Timers’ Hello and Hold Messages in accordance with the
Router (Optional)
! Set the IP address of the Group (Required)
Mixed On-LAN/On-Path Configurations

An application can be set up in which one side of the network places the
ACCELERATOR On-LAN, while the other side of the ACCELERATOR
places the ACCELERATOR On-Path, as follows:
3-13
To configure the ACCELERATORs in this mixed configuration, configure

the On-LAN ACCELERATOR according to the On-LAN configuration
instructions and the On-Path ACCELERATOR according to the On-Path
instructions.
Configuring Serial Interfaces

The enhanced network options that are possible with
ACCELERATOR devices include point-to-point and Frame Relay
configurations. Each type of architecture requires a different configuration
and settings in ExpandOS.
ExpandOS contains an autodetection feature that enables it to detect the

type of interface and network with which it is interacting. This detection is
based on the type of data that is passed through the ACCELERATOR's
serial interfaces after the ACCELERATOR is connected to an active line.
ExpandOS uses this data to detect if it is connected to a point-to-point or
point-to-multipoint network, and then to automatically select the
appropriate encapsulation protocol.
3-14
Configuring the DTE Serial Interface

The DTE Serial interface is ExpandOS' connection to the WAN through the
CSU/DSU. In order to configure the parameters described in this section,
you must be in DTE Serial Interface configuration mode, for example,
Serial Interface 0/0.
NOTE:
The ACCELERATOR 2700 labels the Serial Interface 1/0. This is equivalent to
Serial Interface 0/0 for the ACCELERATOR 4000.
For the purpose of these procedures, Serial Interface 0/0 is configured.

However, these procedures can be used to configure any serial interface.
# To enter DTE Serial Interface configuration mode:

1 In Enable mode, type configure, and press <Enter>.
2 Type interface serial 0/0, and press <Enter> to enter the
Serial Interface 0/0 configuration mode.
Configuring Data Encapsulation

In order to configure serial interfaces, you must set the encapsulation
method used in your network. Encapsulation refers to the way in which
data packets are encapsulated when sent from the router.
This can be accomplished either by using the automatic encapsulation

detection feature or by manually configuring encapsulation.
For the ACCELERATOR to work properly, the encapsulation method must

be stable, it is not desirable to run the system while in autodetect mode.
Confirming Autodetect
By default, the ACCELERATOR automatically detects the encapsulation
method used in your network application, based on the data packets that are
received on that interface.
3-15
Once the confirm autodetect command is performed, the

encapsulation method will be permanently set to the current, detected
method. The ACCELERATOR will discontinue detection of encapsulation
methods. To resume autodetection, use the encapsulation
autodetect command, as described in Manually Configuring
Encapsulation, (when changes are made in the system application, such as
updating a DLCI number, the encapsulation must be redetected).
# To confirm autodetection:
1 In Primary Configuration mode, type interface serial 0/0,
and then press <Enter> to enter the Serial Interface 0/0 configuration
mode.
2 Type confirm autodetection, to confirm the interface
encapsulation,
-or-
Type confirm autodetection all, to confirm the
encapsulation for both the interface and its related subinterfaces.
3 Press <Enter>.
Manually Configuring Encapsulation

IMPORTANT:
Expand recommends that you use the confirm autodetect command to set the
encapsulation method, unless your application dictates otherwise (for example if
encapsulation has to be specified for a Frame Relay line, or if you know that the
router specifically uses CISCO HDLC, PPP or LAPB encapsulation).
# To configure data encapsulation on a point-to-point line:

1 In Serial Interface 0/0 configuration mode, type encapsulation
autodetect, to enable ExpandOS to automatically select the
Encapsulation mode,
-or-
Type encapsulation hdlc, to specify CISCO HDLC
encapsulation,
(a CISCO proprietary method of encapsulating data in HDLC frames
with additional protocol label),
-or-
3-16
Type encapsulation ppp, to specify PPP encapsulation,

-or-
Type encapsulation lapb modulo-8 (or modulo-128), to
specify LAPB encapsulation,
-or-
Type encapsulation raw-hdlc, to specify an unknown protocol
encapsulation over raw HDLC.
1 Press <Enter>.
# To configure raw-HDLC encapsulation:

1 In Serial Interface 0/1 configuration mode, type
encapsulation raw-hdlc, to specify raw HDLC encapsulation,
and then press <Enter>.
2 Type barker, and then press <Enter>. The prompt displays Expand
(Barker) #.
3 Type show, and then press <Enter> to display the following options:
♦ Barker: A prefix is added to any Expand accelerated data in order
to distinguish between that data and non-Expand data. Its default
value can be altered manually. It should be altered in cases where
normal packets passing through the network happen to start with
the same identical prefix.
♦ Checksum: A checksum of the Expand accelerated data is added
to ensure data integrity. By default, this option is disabled.
NOTES:
Raw-HDLC should be used only when the actual data link protocol used on the
Network is not directly supported by ExpandOS. In order to distinguish Accelerated
packets from regular layer 2 packets, ExpandOS adds a prefix to each packet. This
prefix’s default value is (HEX) 670256.
Raw-HDLC can only be used for point-to-point applications.
# To configure data on a Frame Relay line:

encapsulation frame-relay ietf, to specify multipoint
encapsulation for an IETF connection,
-or-
3-17
Type encapsulation frame-relay cisco, to specify

multipoint encapsulation for a CISCO connection.
2 Press <Enter>.
Setting the Bandwidth

It is necessary to specify the bandwidth that the CSU/DSU provides to the
ACCELERATOR. For example, a T1 may have a bandwidth of
1544000 bps. The bandwidth is generally specified during installation, but
it can also be changed remotely.
NOTE:
The bandwidth parameter reflects an "approximation" of the bandwidth that is
available from the WAN termination product (for example, CSU/DSU).
# To set the bandwidth:

1 In Serial Interface 0/0 configuration mode, type bandwidth, then a
space, followed by a number between 32000 and 4000000. This
number represents the bandwidth in bits per second.
2 Press <Enter>.
NOTES:
It is also possible to configure bandwidth for subinterfaces. This can be performed
only after invoking the confirm autodetection all command. This impacts
the acceleration cores allocation to the subinterfaces.
Core is a logical component of the system used for acceleration. The higher the
number of cores allocated to an interface or a subinterface, the higher the
acceleration.
The system allocates cores to interfaces and subinterfaces according to their
bandwidth. By default, the bandwidth of a subinterface is assumed to be the
bandwidth of its parent serial interface divided by the number of subinterfaces.
However, manual modification is possible by allowing manual control.
See Flow Control in Chapter 9, Supplementary Services.
Configuring Acceleration
An ACCELERATOR can only accelerate the data if there is another
ACCELERATOR at the opposite end. If the acceleration option is for some
reason disabled or in the unlikely event of a failure, the ACCELERATOR
will not probe for another ACCELERATOR, and data is sent at normal
speed.
3-18
# To configure acceleration:
1 In Serial Interface 0/0 configuration mode, type acceleration on
to enable acceleration,
-or-
Type no acceleration to disable acceleration.
2 Press <Enter>.
NOTE:
In a multipoint network, this procedure sets acceleration on/off for all the serial
interface's related subinterfaces, alternatively, you can set each subinterface
acceleration on/off by performing the same procedure while in subinterface
configuration mode.
Configuring the Clock Source

The clock source that is used by the Serial Interface when receiving or
transmitting data may be defined. The clock may be generated internally or
externally. External clock sources are generated by the WAN termination
product (for example, CSU/DSU), whereas internal clock sources are
generated internally by the ACCELERATOR.
NOTE:
In many cases, the default settings for the clock source will suffice, and will not
need to be changed.
# To configure the clock source:

1 In Serial Interface 0/0 configuration mode, type clock source rx
external tx external to set an external clock source for both
receive and transmit. This is the default for DTE interfaces,
-or-
Type clock source rx external tx internal to set an
external clock source for receive and an internal clock source for
transmit,
-or-
Type clock source rx external only to set the same
external clock source for both receive and transmit. This clock source is
primarily used for X.21 interfaces.
3-19
2 Press <Enter>.
NOTE:
The DDS interface card can be set to either rx external tx external or
rx internal tx internal (the rx external only and rx external tx
internal modes supported by the serial card are not relevant for the DDS card).
Configuring the Clock Rate

When using a DTE port for which the default clock source configuration is
clock source rx external tx external, the DTE port will be
clocked by an external device, for example, the CSU/DSU, and no
additional clock configuration is required. When using the rx external
tx internal clock source configuration, you also need to configure the
clock rate.
NOTE:
The corresponding serial ports of the ACCELERATORs at both sites (in the case of
a point-to-point application) must have identical clock rates in order to prevent
packet loss.
# To set the clock rate:

1 In Serial Interface 0/0 configuration mode, type clock rate ?,
and press <Enter> to display the available clock rates, as shown below:
3-20
2 Select the highest clock rate that is supported by the CSU/DSU. Type
clock rate, then a space followed by the selected rate, and press
<Enter> to set the clock rate.
NOTES:
You may only use a clock rate that is shown in the displayed list.
For DDS interfaces, the clock rate must be configured and is limited to clock
rates of 56000 and 64000.
Setting Clock Polarity

Using the polarity command reduces the occurrence of errors. An interface
requires instruction on whether to sample its send data on the rising edge or
the falling edge of the clock. When you use long cables that introduce
delays into the line, which could produce errors, polarity must be set.
On V.35/RS-530, you can alter the Tx clock polarity from low to high on
Serial 0/0, or you can alter the Rx clock polarity from low to high on
Serial 0/1.
On X.21, you can set the Rx clock polarity on serial 0/0 and the Rx clock
polarity on Serial 0/1.
NOTES:
On point-to-point links, CRC errors can be viewed at the remote site. These errors
cannot be viewed in Frame Relay connections.
Further information about Clock Polarity issues can be found in Expand Network's
Web site (www.expand.com), under Support.
# To set clock polarity:

1 In Serial Interface 0/0 configuration mode, type clock rx
polarity low to sample data on the rising edge,
-or-
Type clock rx polarity high to sample data on the falling
edge.
2 Press <Enter>.
Setting Description
The description is free text that describes the interface. For example, you
might describe the interface by its physical location.
3-21
# To set the description:
In Serial Interface 0/0 configuration mode, type description followed

by a space, followed by a string that provides a short description of the
interface, for example, description Long Island, and then press
<Enter>.
NOTE:
You can use lower case and upper case letters, numbers, spaces, and so on.
Configuring Drop Recovery Code

Drop Recovery Code (DRC) enables synchronized ACCELERATORs to
attempt recovery of dropped data packets, without the need for the
ACCELERATORs to resynchronize or for the cache to be reset. There are
three configurable states, as follows:
! Full, for performing data packet recovery and retransmission.
! Semi, for performing retransmission only.
! Off, for not attempting to recover a data packet at all.
DRC is activated only when two ACCELERATORs are synchronized.
When performing full data packet recovery, there is an overhead of data on

the line because recovery data packets are sent automatically. If a data
packet is lost, information about the lost packet can be retrieved using the
recovery data packet.
# To configure DRC:
1 In Serial Interface 0/0 configuration mode, type drc mode full
and press <Enter>, to perform packet recovery and retransmission,
-or-
Type drc mode semi to perform retransmission only,
-or-
Type drc mode off to prevent packet recovery attempts.
3-22
2 Press <Enter>.
NOTE:
For a detailed explanation about the DRC mechanism, refer to Appendix A, Drop
Recovery.
Configuring the Ignore Data Carrier Detect

Signal
ExpandOS can be configured to ignore the Data Carrier Detect (DCD)
signal being sent by the CSU/DSU. When DCD is ignored, the
ACCELERATOR transmits data, regardless of the DCD signal (e.g. in case
of an X.21 interface or when the WAN termination device does not provide
DCD signal).
# To configure the ignore Data Carrier Detect signal:
In Serial Interface 0/0 configuration mode, type ignore dcd, to ignore

the DCD signal from the CSU/DSU, and press <Enter>.
Type no ignore dcd, to use the DCD signal from the CSU/DSU.
Configuring the Interval Between Keepalive

Packets
Once two ACCELERATORs are properly configured keepalive packets are
sent between them in order to maintain the synchronized communication
link. The default time interval between transmission of the keepalive
packets can be altered by configuring the keepalive command on one
ACCELERATOR in the synchronized pair. This command sets the number
of seconds that the second ACCELERATOR waits between sending each
keepalive packet back to the first ACCELERATOR.
If other data is sent between the two ACCELERATORs, keepalive packets

are not sent, thus avoiding an overhead of data on the line.
# To configure the interval between keepalive packets:
In Serial Interface 0/0 configuration mode, type keepalive-interval,

then a space followed by the required number of seconds, for example,
keepalive-interval 10, and press <Enter>.
3-23
Configuring Keepalive Iterations

The keepalive iteration is the number of keepalive intervals that can be
missed before the interface is considered disconnected as follows:
keepalive-intervals × keepalive-iterations = connection down
# To configure the keepalive iteration:
In Serial Interface 0/0 configuration mode, type

keepalive-iterations, then a space followed by the required
number of intervals, for example, keepalive-iterations 6, and
press <Enter>.
IMPORTANT:
The iteration multiple should be at least twice the keepalive-interval of the remote
device.
Configuring a Probe
A probe is a packet that is sent from an ACCELERATOR to the other end
of a communications link to determine if another ACCELERATOR is
connected at the remote end. When a second ACCELERATOR is detected,
the two devices are able to synchronize and begin communication. The
probe command defines the frequency with which probe packets are sent.
# To configure a probe:
In Serial Interface 0/0 configuration mode, type probe, then a space

followed by the required number of seconds, for example, probe 10, and
press <Enter>.
3-24
Configuring the Maximum Transmission Unit

Parameter
The Maximum Transmission Unit (MTU) parameter defines the maximum
packet size that the DCE serial interface passes to ExpandOS. This
parameter should be configured to reflect the MTU specified in the router.
The ACCELERATOR MTU value should be set slightly higher than the
MTU that is set within the router, in order to provide support for the
additional headers applied by the router.
# To configure the MTU parameter:

1 In Serial Interface 0/1 configuration mode, type mtu, then a space,
followed by an MTU number that is greater than the one specified in
the router, for example, mtu 2000.
2 Press <Enter>.
Configuring Cyclic Redundancy Check

Parameters
Cyclic Redundancy Check (CRC) parameters determine the type of CRC
used in the link. They must be the same as those configured for the router.
# To configure CRC parameters:

1 In Serial Interface 0/1 configuration mode, type crc 16-bit, to set
the CRC length to 16 bits,
-or-
Type crc 32-bit, to set the CRC length to 32 bits.
2 Press <Enter>.
NOTE:
For information on configuring Flow Control parameters, refer to Chapter 9,
Configuring Supplementary Services.
Serial Interface Statistics

It is possible to view statistics (packet and byte data) for serial interfaces.
These statistics can also be viewed for subinterfaces, with the exception of
CRC errors which are only available for the interface.
3-25
# To view interface statistics:

! From within the serial interface (or subinterface) configuration mode,
type show throughput. The following screen will be displayed:
Expand(conf-if)#show throughput
throughput
Data | System Up | Since Clear | Last 30 Secs
---------------+-----------+-------------+--------------
CRC Errors | 0| 0| 0 /Sec
Dropped Bytes | 0| 0| 0
Dropped Packets| 0| 0| 0
In Bytes | 0| 0| 0 Kbps
In Packets | 0| 0| 0 /Sec
Out Bytes | 0| 0| 0 Kbps
Out Packets | 0| 0| 0 /Sec
Raw In Bytes | 0| 0| 0 Kbps
Raw Out Bytes | 0| 0| 0 Kbps
---------------+-----------+-------------+--------------
! CRC Errors
Statistics for errored packets that arrived to the hardware (Physical
layer CRC Error).
! Dropped bytes
Statistics for bytes that were discarded by the prioritization queues
or bytes that were discarded due to a bandwidth overflow
! Dropped packets
Statistics for packets that were discarded by the prioritization queues
or packets that were discarded due to a bandwidth overflow
! In bytes
Statistics for physical input of bytes on the line
! In packets
Statistics for physical input of packets on the line
! Out bytes
Statistics for physical output of bytes on the line
! Out packets
Statistics for physical output of packets on the line
3-26
! Raw In bytes
Total incoming bytes being accelerated using this (sub) interface or
tunnel
! Raw Out bytes
Total outgoing bytes being accelerated using this (sub) interface or
tunnel
Configuring the DCE Serial Interface

The DCE Serial Interface provides a connection between an
ACCELERATOR and the router. In order to configure the parameters
described in this section, you must be in DCE Serial Interface mode.
For the purposes of the procedures described below, Serial Interface 0/1 is
configured. However, these procedures can be used to configure any serial
interface.
# To enter DCE Serial Interface configuration mode:

1 In Enable mode, type configure.



3-27

mode.
encapsulation,
-or-
3 Press <Enter>.

IMPORTANT:

1 In Serial Interface 0/0 configuration mode, type encapsulation
Encapsulation mode,
-or-
Type encapsulation hdlc, to specify CISCO HDLC
encapsulation,
(a CISCO proprietary method of encapsulating data in HDLC frames
with additional protocol label),
-or-
3-28
Type encapsulation ppp, to specify PPP encapsulation,

-or-
Type encapsulation lapb modulo-8 (or modulo-128), to
specify LAPB encapsulation,
-or-
Type encapsulation raw-hdlc, to specify an unknown protocol
encapsulation over raw HDLC.
2 Press <Enter>.
# To configure raw-HDLC encapsulation:

encapsulation raw-hdlc, to specify raw HDLC encapsulation,
2 Type barker, and then press <Enter>. The prompt displays Expand
(Barker) #.
3 Type show, and then press <Enter> to display the following options:
♦ Barker: A prefix is added to any Expand accelerated data in order
to distinguish between that data and non-Expand data. Its default
value can be altered manually. It should be altered in cases where
normal packets passing through the network happen to start with
the same identical prefix.
♦ Checksum: A checksum of the Expand accelerated data is added
to ensure data integrity. By default, this option is disabled.
NOTES:
Raw-HDLC should be used only when the actual data link protocol used on the
Network is not directly supported by ExpandOS. In order to distinguish Accelerated
packets from regular layer 2 packets, ExpandOS adds a prefix to each packet. This
prefix’s default value is (HEX) 670256.
Raw-HDLC can only be used for point-to-point applications.

-or-
3-29

2 Press <Enter>.
Configuring the Clock Source/Clock Rate

The clock source and the clock rate are configured for the DCE Serial
Interface using the same procedure as for the DTE Serial Interface. These
configuration options can be found in Configuring the DTE Serial
Interface, page 3-14. However, in the DCE case, the ACCELERATOR is
the clock source and hence:
# To configure the clock source:
In Serial Interface 0/1 (for example) configuration mode, type clock

source rx internal tx internal to set an internal clock source
for both receive and transmit. This is the default for DCE interfaces,
Configuring the Maximum Transmission Unit

Parameter
3-30

1 In Serial Interface 0/1 configuration mode, type mtu, then a space,
followed by an MTU number that is greater than the one specified in
the router, for example, mtu 2000.
2 Press <Enter>.
Configuring Cyclic Redundancy Check

Parameters
Cyclic Redundancy Check (CRC) parameters determine the type of CRC
used in the link. They must be the same as those configured for the router.
# To configure CRC parameters:

1 In Serial Interface 0/1 configuration mode, type crc 16-bit, to set
the CRC length to 16 bits,
-or-
Type crc 32-bit, to set the CRC length to 32 bits.
2 Press <Enter>.
Configuring Data Carrier Detect Mode

The DCD control line from ExpandOS to the router can be either on or off.
# To configure the Data Carrier Detect mode:

1 In Serial Interface Configuration 0/1 mode, type dcd enable, to
enable DCD mode,
-or-
Type dcd disable, to disable DCD mode.
3-31
2 Press <Enter>.
Bypass Mode
In order to provide greater network stability, the ACCELERATOR features
a built-in bypass mode. Bypass mode directs received traffic through the
hardware to the transmit port, bypassing the ACCELERATOR entirely. In
the unlikely event of a hardware failure or a power failure, the
ACCELERATOR will automatically operate in bypass mode. This provides
an automatic safeguard for the network connection, regardless of the
ACCELERATOR’s status. Alternatively, the ACCELRATOR can be
manually configured to operate in bypass mode.
NOTE:
In the ACCELERATOR 2700 Series, bypass is always on port 0/0.
Manual Bypass Activation

When you want to force the ACCELERATOR to operate in bypass mode, it
can be manually configured, as follows.
# To manually activate/deactivate bypass mode:

1 In Serial Interface 0/0 configuration mode, type bypass, and then
press <Enter> to activate bypass mode.
2 Type no bypass, when you are ready to deactivate the bypass
option.
SAVE:
$ In order to save a configuration to flash memory so that it will be available after

ExpandOS is rebooted, type write at the Enable (#) prompt.
3-32
Multipoint Networks



mode.
encapsulation,
-or-
3-33
3 Press <Enter>.

IMPORTANT:

! In Serial Interface 0/0 configuration mode, type encapsulation
Encapsulation mode,

-or-
2 Press <Enter>.
Detecting Subinterfaces
Subinterfaces can be detected automatically or manually.
Automatic Subinterface Detection

The autodetect subinterfaces option enables you to configure
the ACCELERATOR to continuously detect subinterfaces. If this option is
disabled, a new connection will not be detected.
NOTE:
It is recommended that this option is left enabled.
3-34
# To configure autodetect subinterfaces:

mode.
2 Type autodetect subinterfaces enable, to enable
continuous detection,
-or-
Type autodetect subinterfaces disable, to disable
continuous detection.
2 Press <Enter>.
NOTE:
Once subinterface detection is complete, encapsulation can be reset:
in order to allow autodetection again.
Manual Subinterface Detection
# To manually detect subinterfaces:

1 In Primary Configuration mode, type interface serial 0/0
(1/0 or 0/1), followed by a period, followed by the subinterface number
and then a space followed by point to point. Press <Enter>.
2 Manually detected subinterfaces must be configured manually as
follows:
Manual Subinterface Configuration

The configuration parameters and related commands described for serial
interfaces in Point-to-Point Networks, page 3-1, are also used for each
subinterface.
3-35
Configuration of the serial interface to which the subinterfaces are related

will override any subinterface configuration.
In addition, there are two options that are set at the subinterface level, as
follows:
! Configuring a DLCI Number: The DLCI number is automatically given
to the subinterface when it is autodetected. If it is not autodetected, the
DLCI number must be specified manually by the user.
! Defining the IP Address: If a separate IP address is required for each
subinterface, it must be configured manually by the user.
NOTE:
Once subinterface detection and configuration are complete, encapsulation can be
enabled in order to allow autodetection again.
NOTE:
Refer to Chapter 11, Command Reference, for the subinterface configuration
commands.
SAVE:

DDS Interface Configuration

(For ExpandOS versions 3.5(1) and
above)
Port 0/0 of the ACCELERATOR 2700 supports up to one DDS card. The
hardware bypass feature is not available for the DDS card. Configuration of
the DDS card should be performed according to the instructions provided
above, for serial interface configuration, with the following exceptions:
! The clock rate only can be set to 56000 or 64000.
3-36
! The clock source can be set to either rx external tx external

or rx internal tx internal (the rx external only and
rx external tx internal modes supported by the serial card
are not relevant for the DDS card). See the following DDS
Configuration example:
Expand#conf
Expand(config)#int s0/0
Expand(conf-if)#clock rate ?
56000
64000
Expand(conf-if)#clock source rx external tx external
Expand(conf-if)#clock source rx internal tx internal
! The clock rate MUST be configured even if the clock source is rx

external tx external. The default clock rate is 56000.
! The rx internal tx internal clock source is not supported at
a clock rate of 64000.
! The Activity LED on front panel lights constantly, regardless of
interface activity.
The following is an example of the show interface command for the DDS
card:
Expand#show interface serial 0/0
0/0
Bandwidth.............................2000000
acceleration..........................on
clock
rate................................56000
source..............................rx internal
tx internal
counters period throughput............30
crc...................................16-bit
description...........................(not
configured)
drc
chunk-size method...................automatic
mode................................off
encapsulation.........................autodetect
(undecided)
3-37
queuing strategy......................fifo
hardware type.........................Dds Rev: 1
keepalive-interval....................3
keepalive-iterations..................10
mtu...................................2000
probe.................................5
DCD=D DSR=D DTR=U RTS=U CTS=U
throughput
---------------+-----------+-------------+-------------
Dropped Bytes | 0| 0| 0 /Sec
Dropped Packets| 0| 0| 0 /Sec
---------------+-------+----------+--------------
Configuring Ethernet Interfaces

ACCELERATORs can accommodate up to three Ethernet interfaces: One
on board and two connected with by-pass options.
Ethernet Configuration Task List

! Configuring Ethernet Parameters
! Configuring the ARP Cache
Ethernet Configuration Task List

! Configuring common interface parameters
! Configuring Ethernet mode
(on-lan or on-path)
! Configuring standby router (HSRP) (Optional, for On-LAN mode only)
! Configuring the ARP Cache (Optional)
Configuring Common Ethernet Parameters

# To configure the Ethernet Interface:
3-38
1 In configuration mode, type interface ethernet followed by a

space, followed by the interface name (for example 0/1) and press
<Enter>.
Configuring Ethernet Mode

# To configure the Ethernet mode:
1 The Ethernet mode can be set to either on-lan or on-path. For
information on these two setups, refer to Chapter 1, Introducing the
ACCELERATOR.
Type mode followed by a space, followed by the mode in which the
ACCELERATOR is working:
on-lan
-or-
on-path wan-side connecting ethernet followed by a
space, followed by the interface number (for example 0/1)
In an On-Path configuration, the Ethernet interface must be configured
through the WAN side.
Then press <Enter>.

2 Set the interface’s IP address as follows:
On-LAN: In an On-LAN configuration, the IP address of the interface

must be an address that is part of and communicates with
the entire LAN.
♦ Type ip address followed by the interface’s IP
address, followed by the interface’s IP mask, and press
<Enter>.
On-Path: In an On-Path configuration, configure only the LAN side IP

address. Once On-Path mode is selected, the IP address
configuration command is no longer available for the WAN
side.
♦ Type ip address followed by the interface’s IP
address, followed by the interface’s IP mask, and press
<Enter>.
3-39
NOTE:
In On-Path mode, because it is impossible to connect two separate interfaces to the
same LAN, you cannot connect the LAN port and the management port to the same
subnet. If you have a separate LAN subnet, you can connect the management to
this subnet. In the unlikely event of ACCELERATOR failure, hardware bypass (in
ACCELERATOR 4800) will not operate via the management port.
3 Configure routing rules for the Ethernet interface as follows (see

Configuring Routing Rules, page 3-60 for a detailed configuration
procedure):
! On-LAN: Configure a route-rule defining the IP default gateway as
the IP address of the router. Set the routing policy as IP routing first.
! On-Path: Configure a route-rule defining the IP default gateway as
the IP address of the router. A bridge-route between the LAN side
and the WAN side and vice versa. Set the routing policy as IP
routing first.
NOTE:
To set Queuing parameters for the interface, refer to Chapter 4, Congestion
Management.
The following is an example of an Ethernet interface show:

0
description...........................(not
configured)
ip
address.............................10.0.211.11
mask................................255.0.0.0
link mode Auto(10Mbit) half
mac...................................00e0.1801.0d47
mode..................................on-path
promiscuous enable
1
queue-usage...........................0
queuing-strategy......................fifo
router-ip.............................0.0.0.0
throughput
---------------+-----------+-------------+--------------
In Bytes | 2,237| 2,237| 0.48 Kbps
In Packets | 11| 11| 0.27 /Sec
3-40

---------------+-----------+-------------+--------------
Setting the ACCELERATOR Promiscuous

Feature
When the ACCELERATOR is operating in On-LAN mode, the LAN side
of the ACCELERATOR can be set to function promiscuously. When the
ACCELERATOR operates promiscuously, it listens to all transfers on the
network. When Promiscuous mode is not enabled on the ACCELERATOR,
only protocols destined for the ACCELERATOR’s own MAC address and
broadcasts will be listened to by the ACCELERATOR.
# To enable promiscuous:
! In Ethernet Interface configuration mode, when the ACCELERATOR
is set to On-LAN mode, type promiscuous followed by enable,
and press <Enter>.
Setting the Link Mode

Link mode settings enable you to view and set the status of the link.
To set the link mode:
In Ethernet interface configuration mode, type link mode, followed by

either:
Auto, 10mbit, or 100mbit,
followed by either half or full to set whether the link is to work in half
or full duplex mode, and then press <Enter>.
The link status (up or down) will be displayed at the end of the line.
NOTE:
When set to auto, if the link status is down, not available will be displayed for
the data rate.
Ethernet Interface Statistics

It is possible to view throughput statistics (packet and byte data) for
Ethernet interfaces.
3-41
Throughput Statistics
# To view interface throughput statistics:

! From within the Ethernet interface configuration mode, type show
throughput. The following screen will be displayed:
Expand(conf-if)#show throughput
throughput
------------------------+-----------+-------------+--------------
Dropped Packets | 0| 0| 0
Non Unicast In Packets | 0| 0| 0 /Sec
Non Unicast Out Packets | 0| 0| 0 /Sec
---------------------------+-----------+-------------+--------
! CRC Errors
Statistics for errored packets that arrived to the hardware (Physical
layer CRC Error)
! Dropped bytes
! Dropped packets
! In bytes
Statistics for physical input of bytes on the line
! In packets
Statistics for physical input of packets on the line
! Out bytes
Statistics for physical output of bytes on the line
! Out packets
Statistics for physical output of packets on the line
3-42
! Non Unicast in packets

Statistics for non-unicast incoming packets on the line
! Non Unicast out packets
Statistics for non-unicast outgoing packets on the line
Configuring a Standby Router (HSRP)

For information on HSRP configuration, refer to Appendix F, Hot Standby
Routing Protocol.
ACCELERATOR 4800 Bypass Switch

The Bypass switch on the ACCELERATOR’s back panel enables you to
enable or disable bypass mode between 0/0 and 0/1. Disabling the bypass
mode via the switch will make it impossible for the ACCELERATOR to
operate in bypass mode, even in the event of a failure.
This switch is useful for On-LAN or On-Path applications that take
advantage of the ACCELERATOR’s HSRP mechanism: Bypass mode
should be disabled in the active ACCELERATOR so that in the event of
failure, the standby device in the HSRP group will become active (see
Appendix F, LAN Resilience, for more information on HSRP).
Managing the ARP

There are 2 kinds of entries in the cache:
! Dynamic: added due to an ARP request
! Static: added manually
The Ethernet interface contains an ARP cache table that maps the IP and
MAC addresses of devices working in the network. Static addressing can be
added to the default dynamic mapping scheme.
# To add a static entry into the ARP:

1 Under the separator:
#Configure
#interface ethernet 0/0
#arp-cache
3-43
Use the ARP command as follows:

arp [ip_address] [mac_address]
ip_address - The address of the system for static mapping. Enter an IP

address in dotted-decimal notation (for example, 192.168.11.1)
mac_address - The MAC address of the system for static mapping. Enter
the MAC address in hyphenated-hexadecimal notation (for example,
0060.97d5.26ab).
For example:
arp-cache# arp 192.168.11.1 0060.97d5.26ab
# To remove a mapping address:

1 Use the no form of the arp command.
For example:
arp-cache# no arp 192.168.11.1
arp-cache#no arp 192.168.11.1 0060.97d5.26ab
# To change a mapping address:
Use the ARP command as follows:

arp [ip_address] [mac_address]
ip_address - The address of the system for static mapping. Enter an IP

address in dotted-decimal notation (for example, 192.168.11.1)
mac_address - The MAC address of the system for static mapping. Enter
the MAC address in hyphenated-hexadecimal notation (for example,
0060.97d5.26ab).
For example:
arp-cache# arp 192.168.11.1 0060.97d5.26ab
Showing ARP Information

To display ARP information, use the show arp command. The syntax
and options for the command are:
show arp - Display the complete ARP resolution table with IP addresses,
MAC addresses, and resolution type.
3-44
show - Display ARP global configuration parameters. The screen displays

the response timeout and the flush timeout in seconds and the ARP
Resolution table.
show arp ip_address - Display the resolution for the IP address.
For example:
arp-cache# show arp
ARP Resolution Table:

IP Address MAC Address Type
10.186.20.1 0010.58FF.FB6E static
10.186.20.10 0010.5800.1342 dynamic
10.186.20.21 0060.088F.968C static
10.186.20.29 0010.4B2C.FF6B dynamic
Configuring ARP Timeout
# To set the time in seconds to hold an ARP resolution

result:
Use the ARP timeout command.

When you change the timeout value, it only affects new ARP entries. All
previous ARP entries retain the old timeout value. To remove all current
dynamic entries, enter the clear ARP cache command.
The timeout value is the number of seconds the CSS holds an ARP
resolution result. To set a timeout period, enter an integer from 60 to 86400
(24 hours) seconds. The default is 14400 seconds (4 hours). If you do not
want the ARP entries to timeout, enter 0.
For example:
arp-cache# arp timeout 120
# To restore the default timeout value of 14400 seconds:
Enter the following command:

arp-cache# no arp timeout
3-45
Configuring ARP Wait
# To set the time in seconds to wait for an ARP resolution:
Enter the ARP wait command followed by a wait time. The wait time is the
number of seconds you should wait for an ARP resolution in response to an
ARP request to the network. Enter an integer from 5 to 30 seconds. The
default is 5.
For example:
arp-cache# arp wait 15
# To restore the default wait time of 5 seconds:
Enter the command:

arp-cache# no arp wait
# To delete dynamic entries from the ARP cache:
Use the clear arp cache command followed by an IP address or hostname,

as follows:
clear arp cache - Clears the entire ARP cache
Configuring IP Tunneling
By establishing IP tunnels, enterprises can transport any protocol over an IP
cloud. The ACCELERATORs process the original packet. Once the
original packet has been reduced, a new IP header is added. The IP header
has a new source and destination IP address that routes the packets to
remote ACCELERATORs. The following figure depicts the added IP
header.
NOTE:
At present, ExpandOS supports IP version 4 only.
3-46
Size Description
4 bits Version (always 4 for IPv4)
4 bits IP header length in 32 bit words
(5 for Expand’s tunnel)
1 byte Type of Service
(configuration dependent)
2 bytes Total length in bytes (24 bytes–MTU)
2 bytes Identification (sequence number)
2 bytes Fragmentation (configuration and packet-flow dependent)
1 byte Time to Live (Expand sends packets with 7F, 127 hops)
1 byte Protocol (Expand uses protocol IPComp, 108)
2 bytes Header Checksum
4 bytes Source IP address (source of the IP tunnel that was
configured)
4 bytes Destination IP address (destination of the IP tunnel that was
configured)
Data In the Expand tunnel, the first byte value is always 0.
See the sample IP tunneling application in the following figure.

3-47
ACCELERATOR 4000
PUBLIC NETWORK
ACCELERATOR 2700
ACCELERATOR 2700
Creating an IP Tunnel
# To create an IP tunnel:
NOTE:
To work with IP tunnels, Routing Policy must be configured to IP routing first or On-
Path, refer to page 3-62 for configuration details.
1 In the configuration mode, type interface tunnel followed
by a space and then type in a tunnel number (0 to 255) followed by a
tunnel mode (ExpandOS version 4.0 supports IPv4 only).
NOTE:
The tunnel number is a reference number for user-interface purposes. Do not
confuse this number with the tunnel ID.
2 Press <Enter>.
A new tunnel will be created. You are now in tunnel configuration mode
and can configure tunnel parameters.
3-48
Typing show interface tunnel, followed by the tunnel number will

reveal all interface parameters, including the commands that are to be
configured for the IP tunnel, as follows:
tunnel
bandwidth...........................9216
checksum............................disable
destination.........................0.0.0.0
force...............................no
id..................................value not set
mode................................IPv4
sequence............................disable
service
ToS...............................normal
precedence........................0
source..............................0.0.0.0
If flow control is enabled, the Increase and Decrease Rate will be displayed,
see the description of Flow Control in the Supplementary Services Chapter.
Defining an IP Tunnel Path

# To define the IP tunnel path:
1 Tunnel ID, source and destination IP address identify a tunnel. After
creating an IP tunnel, in ip tunnel configuration mode type
tunnel source followed by a space followed by the IP address
allocated for the tunnels.
Press <Enter>.
2 Type tunnel destination followed by a space followed by the
IP address of the remote ACCELERATOR interface to which you want
to tunnel.
Press <Enter>.
If you do not configure Tunnel ID manually, the ACCELERATOR will

automatically select a Tunnel ID. If you wish to manually determine the
tunnel ID, type in tunnel id followed by a space followed by the
desired ID number and press <Enter>.
! More than one tunnel can be created with the same source and
destination IP addresses, but they must have unique tunnel ID numbers.
3-49
! Tunnels created with non-identical source and destination IP addresses

can have the same tunnel ID number.
IMPORTANT:
For the IP tunnel to synchronize, it is important that they have corresponding source
and destination IP addresses and identical ID numbers. For example:
ACCELERATOR A: source 1.1.1.1, destination 5.5.5.5, ID 6
ACCELERATOR B: source 5.5.5.5, destination 1.1.1.1, ID 6
Forcing Tunnel Parameters

# To set tunnel force parameters:
The tunnel force parameter forces an IP header on non-accelerated

data:
! In the tunnel configuration mode, type tunnel force, followed by
a space, followed by enable or disable:
! When tunnel force is set to enable, all packets will enter the tunnel
regardless of connection status and packet size.
! When tunnel force is set to disable, small packets will not be
accelerated and will not enter the tunnel.
When the ACCELERATORs are not connected, packets will not
enter the tunnel.
! Press <Enter>.
By default, tunnel force is set to disable.
IMPORTANT:
When un-tunneled data cannot be transferred independently without tunnels,
tunnel force must be set to enable.
Preserving Packet Sequencing

# To preserve packet sequencing in the tunnel:
! In the tunnel configuration mode, type tunnel sequence followed
by a space, followed by enable or disable:
! The tunnel sequence command preserves the sequence of packets in
the tunnel.
3-50
! When packet sequence is essential, enable this feature. Press

<Enter>.
By default, packet sequencing is set to disable.
Tunnel Service
ToS and precedence settings can be configured separately, or one
user-defined value (0 to 255) can be configured, as follows:
User Defined
7 6 5 4 3 2 1 0
Precedence ToS unused
# To configure ToS:
! In the tunnel configuration mode, type tunnel service tos
followed by a space, followed by one of the following commands:
normal no special treatment
user-defined user defined value
minimize-cost attempt to reduce cost
maximize-reliability attempt to avoid drops
maximize-throughput attempt to maximize throughput
minimize-delay attempt to minimize delay
! Press <Enter>.
# To configure precedence:
! In the tunnel configuration mode, type tunnel service
precedence followed by a space, followed by the precedence level,
0 to 7 (where 7 is the highest value).
! Press <Enter>.
3-51
# To set a user-defined value as the tunnel service:

1 In the tunnel configuration mode, type tunnel service tos
user-defined and press <Enter>.
2 Type tunnel service user-defined, followed by a space,
and then the level, 0 to 255 and press <Enter>.
3 This will set the entire ToS byte, including the IP precedence bits and
the unused bit.
# To enable tunnel checksum:

! In the tunnel configuration mode, type tunnel checksum followed
by a space, then type enable or disable and then press <Enter>:
! When enabled, tunnel checksum performs checksum on tunneled
data. This consumes CPU.
! Enable this feature when decompression failures occur.
By default, checksum is disabled.
NOTE:
After configuring the IP tunnel, it is necessary to define at least the following routing
rules for the IP tunnel:
♦ Define what enters the tunnel
♦ Configure a route rule that handles the tunnel destination address.
For more information about route-rules, see page 3-65.
Tunnel Statistics
It is possible to view statistics (packet and byte data) for available tunnels.
# To view tunnel statistics:

! From within the tunnel configuration mode, type show
throughput. The following screen will be displayed:
Expand(conf-tunnel-1)#show throughput
throughput
---------------+-----------+-------------+--------------
3-52
Raw In Bytes | 0| 0| 0 Kbps
Raw Out Bytes | 0| 0| 0 Kbps
Wrong Checksum | 0| 0| 0 /Sec
Wrong Protocol | 0| 0| 0 /Sec
---------------+-----------+-------------+--------------
! Dropped bytes
! Dropped packets
! In bytes
Statistics for input of bytes
! In packets
Statistics for input of packets
! Out bytes
Statistics for output of bytes
! Out packets
Statistics for output of packets
! Raw In bytes
Total incoming bytes being accelerated using this tunnel
! Raw Out bytes
Total outgoing bytes being accelerated using this tunnel
! Wrong checksum
Statistics for packets arriving with an errored tunnel checksum.
This will only be displayed when checksum is active.
! Wrong protocol
Statistics for packets that arrived on the other side of the tunnel with
errors. If this occurs, make sure that checksum is enabled so that this
problem can be corrected (you may continue to see wrong protocol
packets because the protocol is checked before the checksum).
3-53
Fragmentation Statistics
Fragmentation statistics are relevant for tunneled data only.
# To view interface fragmentation statistics:

! From configuration mode, type show fragmentation. The
following IP packet fragmentation statistics will be displayed:
fragmentation
------------------------+-----------+-------------+--------------
Bad Fragments | 0| 0| 0 /Sec
Complete Packet Bytes | 0| 0| 0 Kbps
Complete Packet Number | 0| 0| 0 /Sec
Drops Due To Collision | 0| 0| 0 /Sec
Drops Due To Failure | 0| 0| 0 /Sec
Drops Due To Timeout | 0| 0| 0 /Sec
Fragment Bytes | 0| 0| 0 Kbps
Fragment Number | 0| 0| 0 /Sec
Fragmented Packet Bytes | 0| 0| 0 Kbps
Fragmented Packet Number| 0| 0| 0 /Sec
------------------------+-----------+-------------+--------------
! Bad fragments
Statistics for errored fragmentation data that arrived
! Complete packet bytes
Statistics for the number of bytes that arrived in whole packets
! Complete packet number
Statistics for the number of packets that arrived whole
! Drops due to collision
Statistics for the number of inappropriate fragments that arrived
! Drops due to failure
Statistics for the number of drops that occurred due to internal errors
! Drops due to timeout
Statistics for fragments in which one fragment arrived on time and
the rest of the fragments did not, indicating that there were problems
resulting in dropped byes.
! Fragment bytes
Statistics for how many bytes arrived in fragmented packets
3-54
! Fragment number
Statistics for the total number of fragments that arrived
! Fragmented packet bytes
Statistics for the total number of bytes that arrived fragmented
! Fragmented packet number
Statistics for the total number of fragmented packets that arrived
In addition to statistics gathered since system up time and since the

statistics were last cleared, statistics can be gathered for the last X number
of seconds.
# To set the last number of seconds over which

fragmentation statistics are to be gathered:
! In the configuration mode, type counters period
fragmentation followed by the number of seconds (5 to 300), as
follows:
Expand(config)#counters period fragmentation 10
Setting the Bandwidth

It is possible to specify the bandwidth that you wish to dedicate to the
tunnel. The bandwidth is generally specified during installation, but it can
also be changed remotely.
NOTE:
The bandwidth parameter reflects an approximation of the bandwidth that is
dedicated to the tunnel.
3-55
NOTES:
It is also possible to configure bandwidth for subinterfaces. This can be performed
only after invoking the confirm autodetection all command. This impacts
the acceleration cores allocation to the subinterfaces.
Core is a logical component of the system used for acceleration. The higher the
number of cores allocated to an interface or a subinterface, the higher the
acceleration.
The system allocates cores to interfaces and subinterfaces according to their
bandwidth. By default, the bandwidth of a subinterface is assumed to be the
bandwidth of its parent serial interface divided by the number of subinterfaces.
However, manual modification is possible by allowing manual control.
See Flow Control in Chapter 9, Supplementary Services.
# To set the bandwidth:

1 In tunnel configuration mode, type bandwidth, then a space,
followed by a number between 32000 and 4000000. This number
represents the bandwidth in bits per second.
2 Press <Enter>.
This Command will limit throughput over the tunnel by a given number
with a 10% margin of error, if flow controller is enabled.
NOTE:
In order to enforce the bandwidth, flow controller must be enabled..
Configuring Backup Tunnels

A backup tunnel may be configured for each tunnel so that in the event that
a tunnel falls at any point, another tunnel will continue to pass that tunnel’s
traffic.
A set of backup tunnels can be created: tunnel 2 can backup tunnel 1;

tunnel 3 can backup tunnel 2; tunnel 4 can backup tunnel 3, and so on.
The backup is configured in the active tunnel – the one that will be backed
up in the event of failure.
3-56
# To configure a backup tunnel:

! In the tunnel configuration mode of the tunnel that is to be backed up,
type tunnel backup followed by the number of the tunnel that is to
serve as the backup, as follows:
Expand(conf-tunnel-1)#tunnel backup 1
If no backup tunnel has been assigned to a tunnel, the following will be
displayed in the tunnel show menu:
Expand(conf-tunnel-1)no backup assigned
Configuring Acceleration
An ACCELERATOR can only accelerate the data if there is another
ACCELERATOR at the opposite end. If the acceleration option is for some
reason disabled or in the unlikely event of a failure, the ACCELERATOR
will not probe for another ACCELERATOR, and data is sent at normal
speed.
# To configure acceleration:
1 In tunnel configuration mode, type acceleration on to enable
acceleration,
-or-
Type no acceleration to disable acceleration.
2 Press <Enter>.
Setting Description
The description is free text that describes the interface. For example, you
might describe the interface by its physical location.
# To set the description:
In tunnel configuration mode, type description followed by a space,

followed by a string that provides a short description of the interface, for
example, description Long Island, and then press <Enter>.
NOTE:
You can use lower case and upper case letters, numbers, spaces, and so on.
3-57
Configuring Drop Recovery Code

Drop Recovery Code (DRC) enables synchronized ACCELERATORs to
attempt recovery of dropped data packets, without the need for the
ACCELERATORs to resynchronize or for the cache to be reset. There are
three configurable states, as follows:
! Full, for performing data packet recovery and retransmission.
! Semi, for performing retransmission only.
! Off, for not attempting to recover a data packet at all.
DRC is activated only when two ACCELERATORs are synchronized.
When performing full data packet recovery, there is an overhead of data on

the line because recovery data packets are sent automatically. If a data
packet is lost, information about the lost packet can be retrieved using the
recovery data packet.
# To configure DRC:
1 In tunnel configuration mode, type drc mode full and press
<Enter>, to perform packet recovery and retransmission,
-or-
Type drc mode semi to perform retransmission only,
-or-
Type drc mode off to prevent packet recovery attempts.
2 Press <Enter>.
NOTE:
For a detailed explanation about the DRC mechanism, refer to Appendix A, Drop
Recovery.
3-58
Configuring the Interval Between Keepalive Packets

When two ACCELERATORs are synchronized and there is no other traffic
on the line, keepalive packets are sent between them in order to maintain
the synchronized communication link. The default time interval between
transmission of the keepalive packets can be altered by configuring the
keepalive command on one ACCELERATOR in the synchronized pair.
This command sets the number of seconds that the second
ACCELERATOR waits between sending each keepalive packet back to the
first ACCELERATOR.
If other data is sent between the two ACCELERATORs, keepalive packets

are not sent, thus avoiding an overhead of data on the line.
# To configure the interval between keepalive packets:
In tunnel configuration mode, type keepalive-interval, then a space

followed by the required number of seconds, for example, keepalive-
interval 10, and press <Enter>.
Configuring Keepalive Iterations

The keepalive iteration is the number of keepalive intervals that can be
missed before the interface is considered disconnected as follows:
keepalive-intervals × keepalive-iterations = connection down
# To configure the keepalive iteration:
In tunnel configuration mode, type keepalive-iterations, then a

space followed by the required number of intervals, for example,
keepalive-iterations 6, and press <Enter>.
IMPORTANT:
The iteration sum should be at least twice the keepalive-interval of the remote
device.
3-59
Configuring a Probe
A probe is a packet that is sent from an ACCELERATOR to the other end
of a communications link to determine if another ACCELERATOR is
# To configure a probe:
In tunnel configuration mode, type probe, then a space followed by the

required number of seconds, for example, probe 10, and press <Enter>.
Configuring the Maximum Transmission Unit Parameter


1 In tunnel configuration mode, type mtu, then a space, followed by an
MTU number that is greater than the one specified in the router, for
example, mtu 2000.
2 Press <Enter>.
NOTE:
For information on configuring Flow Control parameters, refer to Chapter 9,
Configuring Supplementary Services.
SAVE:

3-60
Configuring Routing Rules

The relay of data packets between interfaces and subinterfaces requires a
policy, which is a set of rules that specify the path by which data packets
are transmitted. Rules are defined in Route Rules configuration mode,
which is performed as part of the primary configuration.
Configuring Basic Routing

There are three major types of rules, Bridging routing rules and IP routing
rules. Each set is contained in a separate table.
! The Bridging Table indicates the source interface and the destination
interface of the packet, meaning that any packet from source
interface A will be relayed to interface B.
! The IP Routing Table comprises the destination IP address, its subnet
mask and the destination, which can be either an IP address or a
specific interface. Any IP packet that is to be sent to a destination IP
address with an IP mask will be relayed from there to the destination
interface.
When the ACCELERATOR recognizes that an IP packet contains a

destination IP address, the destination IP must be resolved to a specific
interface. A search is performed for that interface in the IP Routing Table.
This search is performed by taking the destination IP address from the
packet and checking for a matching entry in the IP Routing Table. If a
match is detected, the destination column in the IP Routing Table is used as
the new destination, as follows:
! If the destination is an interface, the interface is the final destination.
! If the destination is an IP address, one further search is performed to
detect a destination interface.
3-61
A routing policy is provided that enables you to specify whether bridging

or IP routing rules have priority. If a match is not detected in accordance
with any IP routing policy, the packet is relayed to the default IP gateway.
NOTE:
If bridging is selected as the first priority, the destination matching process is
performed in the following order:
1. Bridging Table
2. IP Routing Table
3. Default IP Gateway
If IP first is selected as the first priority, the destination matching process is
1. IP Routing Table
2. Default IP Gateway
3. Bridging Table
If On-Path is selected as the first priority, the destination matching process is
1. IP Routing Table for IP Tunnels
2. Bridging Table
3. IP Routing Table for non-tunneled data
4. Default Gateway
When an interface IP address is defined, a row is automatically added to the

IP Routing Table. For example, if 192.116.30.40 and a mask of
255.255.255.0 are inserted for Serial Interface 0/1.3, then the IP Routing
Table's routing row will be displayed as follows:
Outgoing IP address 192.116.30.00
IP Mask 255.255.255.0
Destination Serial Interface 0/1.3

3-62
Configuring the Routing Policy

# To configure a routing policy:
1 In Primary configuration mode, type route-rules, and then press
<Enter> to enter Route Rules configuration mode.
2 Type routing-policy bridging-first, to select bridging
rules as the priority routing method,
-or-
Type routing-policy ip-routing-first, to select IP
routing rules as the priority routing method.
-or-
routing-policy on-path-policy, for ExpandOS version 4
and higher only, to set the ACCELERATOR to bridge all traffic, except
tunneled data which is directed through established IP tunnels.
3 Press <Enter>.
NOTE:
To work with IP tunnels, Routing Priority must be configured to IP routing first.
3-63
Configuring the IP Default Gateway

# To configure the IP default gateway:
1 Enter Route Rules configuration mode, as described above.
2 Type ip default-gateway, then a space followed by the IP
address of the default gateway, for example,
ip default-gateway 192.168.0.104.
3 Press <Enter>.
NOTE:
In order to add an IP default-gateway in the route-rules you must first have
assigned an IP address and subnet mask to the subnet of the default gateway.
Defining a Bridge Route

# To define a bridge route:
1 Enter Route Rules configuration mode, as described on page 3-60.
2 Type bridge route, then a space and the type of interface:
serial or ethernet followed by the source interface or source
subinterface name. Type another space, followed by the destination
interface or destination subinterface name.
For example:
bridge route serial 0/0 serial 0/1 <Enter>.
This example specifies that all data packets from Serial Interface 0/0
will be sent to Serial Interface 0/1.
bridge route ethernet 0/0 ethernet 0/1 <Enter>.
This example specifies that all data packets from Ethernet Interface 0/0
will be sent to Ethernet Interface 0/1.
3 The following is an example of bridge route configuration:
Expand(route-rules)#routing-policy bridging-first
Expand(route-rules)#show
route-rules
bridge
route
source-interface | | dest-interface |
-----------------+-----+----------------+----
3-64
serial | 0/0 | serial | 0/1

serial | 0/1 | serial | 0/0
-----------------+-----+----------------+----
use-labels..........................off
NOTE:
The factory default configuration is (according to installed interface cards):
bridge route serial 0/0 serial 0/1
bridge route serial 0/1 serial 0/0
bridge route ethernet 0/0 ethernet 0/1
bridge route ethernet 0/1 ethernet 0/0
Defining an IP Route
# To define an IP route:
2 Type ip route, then a space, followed by the outgoing IP address.
Type another space, followed by the outgoing IP mask, another space,
then the destination interface type followed by a space and then the
interface name or an IP address, for example,
ip route 10.20.0.0 255.255.0.0 ethernet 0/1 <Enter>.
or
ip route 10.20.0.0 255.255.0.0 15.0.0.1 <Enter>.
NOTE:
If Forwarding IP Address is configured before the interface name, the configuration
is accepted, even though a warning message appears.
The following is an example of IP route configuration:

Expand(route-rules)#ip route 10.0.0.1 255.255.255.255
ethernet 0
Expand(route-rules)#ip default-gateway 10.0.0.1
Expand(route-rules)#show
ip
default-gateway.....................10.0.0.1
route
network | net-mask | destination |
---------+-----------------+-------------+--
10.0.0.0 | 255.0.0.0 | 10.0.0.1 |
10.0.0.1 | 255.255.255.255 | ethernet | 0
---------+-----------------+-------------+--
routing-policy........................ip-routing-first
3-65
Defining an IP-Tunnel Route

# To define an IP-tunnel route:
After configuring the IP tunnel as described above on page 3-47, it is

necessary to define the subnet that goes through the tunnel.
2 Type ip route, then a space, followed by the subnet to be routed
through the tunnel, followed by a space, followed by tunnel followed
by a space and then the tunnel ID number for example,
ip route 10.0.0.0 255.0.0.0 tunnel 1 <Enter>.
Configuring Multiplexing Interfaces

ExpandOS enables users to configure multiplexing using the Bridging
Table. This means that you can multiplex two or more interfaces into a
single interface.
Label 2 Label 0
Serial Serial
Interface Serial Serial Interface
R o u te r 0/1 Interface Interface 0/1 Router
(DCE) ACCELERATOR 0/0 0/0 ACCELERATOR (DCE)
(DCE) (DCE)
Serial Serial
Interface Interface
1/1 1/1
(DTE) (DTE)
Label 3 Label 1
In the diagram above, Serial Interfaces 0/1 and 1/1 are multiplexed into
Serial Interface 0/0. In order to multiplex, you must enable labeling in the
Route Rules configuration mode. After enabling labeling, each multiplexed
serial interface must be given a label. The label will be utilized by the
ACCELERATOR on the remote side for bridging that label to the
appropriate interface. In order to configure multiplexing, you must
configure the following bridge route commands.
3-66
# To enable multiplex labeling:

2 Type bridge use-labels, and then press <Enter>.
NOTE:
Type no bridge use-labels to disable multiplex labeling.
# To configure a bridge route rule with labeling:

2 Type bridge route, then a space followed by serial followed by
a space, and then type the source interface or source subinterface name.
Type another space, followed by the destination interface or destination
subinterface name. Type another space, followed by dest-label,
another space, and then the destination label number. This defines the
label that will be sent with the packet, for example,
bridge route serial 0/1 serial 0/0 dest-label 2
bridge route serial 1/1 serial 0/0 dest-label 3
3 In the other ACCELERATOR, type bridge route, then a space
followed by the interface type (serial or ethernet) followed by a
space, and then type the source interface or source subinterface name.
Type another space, followed by the destination interface or destination
subinterface name. Type another space, followed by source-label,
another space, and then the source label number. This indicates to
which interface that specific label should be routed, for example,
bridge route serial 0/0 serial 0/1 source-label
0
bridge route serial 0/0 serial 1/1 source-label
1
3 Press <Enter>.
The following table shows the bridge routes and labeling used in the above
examples:
Local ACCELERATOR Remote ACCELERATOR
I/F 0/1% I/F 0/0 destination label 2 I/F 0/1% I/F 0/0 destination label 0
3-67
I/F 1/1% I/F 0/0 destination label 3 I/F 1/1% I/F 0/0 destination label 1
I/F 0/0 source label 0 % I/F 0/1 I/F 0/0 source label 2 % I/F 0/1
I/F 0/0 source label 1 % I/F 1/1 I/F 0/0 source label 3 % I/F 1/1
NOTE:
Source and destination labels must be an integer between 0-15.
Configuring Software Bypass in

Multiplexing Mode
This feature enables two ACCELERATORs, configured to work in
Multiplexing mode, to choose the serial interfaces that should be bypassed.
This means that in the event that the ACCELERATORs lose their
synchronization, the traffic from one of the serial interfaces (which was
pre-assigned with a higher priority) will be software-bypassed to the WAN
interface.
# To configure software bypass in Multiplexing mode:

2 Type bridge default-label and then insert the label number (0
to 15) (the label value that was defined for the specific link), and then
press <Enter>.
Congestion Management
4-1
Chapter 4
Congestion
Management
C onfiguring QoS
About This Chapter
Congestion management includes multiple methods of transmitting data

over a lower speed link by means of queuing. Queuing involves specifying
traffic priority and ensuring that high priority traffic is transmitted prior to
lower priority traffic, as well as specifying how to handle the lower priority
traffic. Mission-critical traffic, for example, should be assigned a higher
priority than e-mail or WEB browsing. In this way, congestion management
enables you to maximize the limited available bandwidth.
Implementation of congestion management involves defining the properties

and policies, based on source, destination, or type (port, network host,
protocol, and so on) and then assigning these policies to interfaces.
NOTE:
Because FIFO and Weighted Fair Queuing policies cannot be adjusted or
configured in any way, when they are assigned to an interface they are referred to
as queues rather than policies.
The queuing configuration will apply for all traffic passing through the
ACCELERATOR, both accelerated and non-accelerated.
This chapter describes different types of queuing, including configuring

your system for each type, as follows:
! Data Link Protocols Prioritization, page 4-3.
! First In, First Out Queuing (FIFO), page 4-4.
4-2
! Weighted Fair Queuing (WFQ), page 4-4.

! Priority Queuing (PQ) page 4-8.
! Custom Queuing (CQ) page 4-11.
Last printed: 8/8/2001 5:04 PM

Last saved: 8/8/2001 12:18 PM
4-3
Data Link Protocols Prioritization

The ACCELERATORs provide a special mechanism to prioritize several
Data Link protocols, such as Frame Relay, LMI, PPP, LCP (Link Control
Protocol), and Cisco’s CDP (Cisco Discovery Protocol, a proprietary
protocol used in Cisco products to transport keepalives and other
router-to-router communications). This mechanism operates in two ways:
! In the case of non-trivial queuing schemes (for example, Weighted Fair
Queuing, Priority Queuing, and so on), the data link control packets are
automatically assigned to the highest priority queue.
! In the case of FIFO queuing, the above-mentioned packets are inserted
into the same FIFO queue. However, they are not discarded when the
queue is full. The FIFO queue is allowed to buffer 20% more than its
normal capacity for only these special packets. This ensures that they
will only be discarded in the rare occurrences, when the queue exceeds
this extra allowance.
These prioritization mechanisms are used to prevent routers from dropping

the line in unusual situations where the ACCELERATORs discard large
numbers of packets, for example, during periods of network congestion.
4-4
First In, First Out Queuing

NOTE:
Because the FIFO policy cannot be adjusted or configured in any way, when it is
assigned to an interface it is referred to asa queue rather than a policy.
First In, First Out (FIFO), a basic store and forward process, is the default
queuing algorithm of the ACCELERATOR. FIFO does not take into
account any factors in terms of determining network traffic priority other
than order of arrival. If packet "A" arrives before packet "B", then the
ACCELERATOR advances packet "A" first, regardless of importance, size,
or any other factor.
FIFO requires no configuration, and is an effective and practical queuing

algorithm under normal circumstances when network traffic is light to
medium, but has inherent limitations:
! When network traffic is high and bandwidth is limited, once a file
transfer is initiated, you can end up with "packet train", where
high-priority traffic (mission-critical traffic, for instance) is caught
behind low-priority traffic.
! Bursty applications can cause major delays.
For higher traffic volumes links, other queuing algorithms are available, as
described on the following pages.
NOTE:
Because FIFO is the default policy setting, to return to FIFO from any of the other
queuing algorithms, disable the other policy setting, for example, if weighted fair
queuing was set, type no fair-queue or fair-queue disable to return to
FIFO.
Weighted Fair Queuing

NOTE:
Because the WFQ policy cannot be adjusted or configured in any way, when it is
assigned to an interface it is referred to asa queue rather than a policy.
4-5
Weighted Fair Queuing (WFQ) distributes buffering resources in a fair

method. There are two categories of WFQ sessions, small packets and large
packets. Small-packet traffic has effective priority over larger packets
because of its greater importance. Small-packet traffic, such as VoIP or any
other time-sensitive traffic, is allocated a portion of the bandwidth, which
flows in the WFQ mode in one queue, and large-packet traffic, such as
FTP, is placed in one of 255 queues on the remaining bandwidth. These
255 queues transfer packets in a cyclical, round robin manner, with each
C onfiguring QoS
queue being permitted to transfer up to 2000 bytes before moving on to the
next queue.
WFQ provides traffic priority management that automatically sorts

individual traffic streams without requiring the user to configure queuing
mechanisms.
With WFQ, packets are classified by flow. Packets with the same source IP
address, destination IP address, source Transmission Control Protocol
(TCP) or User Datagram Protocol (UDP) port, or destination TCP or UDP
port belong to the same flow. When the packet size is larger than 100 bytes,
WFQ allocates an equal share of the bandwidth to each flow. Flow-based
WFQ is also called fair queuing because all flows are equally weighted.
4-6
The ACCELERATOR’s WFQ can be described, as follows:
Each queue has a limit of 32 packets, and all traffic has a global limit of 64.
The individual queue limit is enforced only after the global threshold is
exceeded. When the global threshold is exceeded, only new packets are
discarded.
While the global number of packets does not exceed 64, the individual
queue limit is not enforced, and this may result in an individual queue with
more than 32 packets. Once the global limit is reached, the individual limit
is applied to new packets. However, existing packets in the queue are not
discarded.
Assigning Weighted Fair Queuing

For the purpose of these procedures, Serial Interface 0/0 is configured.
However, these procedures can be used to configure any serial interface.
4-7
! To configure WFQ:
1 In Enable mode, type configure, and press <Enter> to enter Primary
Configuration mode.
2 Type interface serial 0/0, and press <Enter> to enter
3 Type fair-queue enable, and press <Enter> to enable WFQ.
C onfiguring QoS
4-8
Priority Queuing
Priority Queuing (PQ), allocates bandwidth in an absolute manner,
assigning unconditional priority to higher priority traffic. This is designed
for environments that focus on mission-critical data, excluding or delaying
less critical traffic during periods of congestion.
There are 4 queues and 4 corresponding levels of importance, as follows:

! 0 is high priority
! 1 is medium priority
! 2 is normal priority
! 3 is low priority
Traffic on lower priority queues is only dequeued once the

ACCELERATOR has forwarded traffic on higher priority queues. In this
way, traffic in queue 0, for instance, will always be dequeued before traffic
in queue 1, and so on. The advantage is that higher priority traffic is never
delayed by lower priority traffic. However, there is a possibility that
low-priority traffic may experience significant delays when there is high
volume, or may even be discarded completely, because a packet is either
enqueued, or when traffic congestion becomes particularly acute, it is
dropped.
Priority queuing is most effective when time-critical, but low-bandwidth

traffic is placed in the high-priority queue. This ensures that the traffic is
transmitted immediately, but because of the low bandwidth requirement,
other queues are unlikely to be starved.
The packets are enqueued as follows: The ACCELERATOR sends packets

to one of the 4 queues, based on the rules that apply to the specific packet.
The packets are dequeued as follows: Traffic on lower priority queues is

only dequeued once the ACCELERATOR has forwarded traffic on higher
priority queues. In this way, traffic in queue 0, for instance, will always be
dequeued before traffic in queue 1, and so on.
4-9
The user first defines the custom policies (at this stage these policies are not
related to the interfaces) and then relays the policy to the appropriate
interfaces. Thus, any change made to a custom policy will automatically
update the relevant interfaces.
The ACCELERATOR’s PQ can be described, as follows:
C onfiguring QoS
Setting Priority Queuing
For the purpose of these procedures, priority policy 1 is configured, as well
as Serial Interface 0/0, meaning card 0 and port 0. However, these
procedures can be used to configure any priority policy or serial interface.
In order to set Priority Queuing, you must:
! Configure up to 16 policies
! Assign these policies to specific interfaces.
4-10
Configuring Priority Queuing Policies

By default, all transmissions are directed to priority 2. If you choose
Priority Queuing and do not set any policies, all transmissions will be via
priority 2 until specific policies are set. If you want to assign priority to
certain types of traffic and leave all the rest of the traffic as is, there is no
need to define a priority for the remainder of the traffic, it will pass to
priority 2 by default.
! To set a default queue for the priority policy:

Configuration mode.
2 Type priority-policy 1 queue 1 default, and press
<Enter> to set this as the default policy, if no other rule applies. This
means that all packets that do not match any of the other priority
policies will be sent via this queue.
! To enter a priority policy that specifies the total number

of packets in a queue:
1 In Primary Configuration mode, type priority-policy 1
queue, followed by a space, and then the queue number. Type another
space, then limit (the total number of packets that will be enqueued
in this queue), followed by a space and a number between 0 and 32.
2 Press <Enter>.
! To enter a priority policy that specifies a specific source

interface’s transmission a specific queue:
3 In Primary Configuration mode, type priority-policy 1
queue, followed by a space, and then the queue number. Type
another space, then interface, followed by a space and the interface
number (for example 0/1)
4 Press <Enter>.
4-11
! To enter a priority policy that specifies where to enqueue

packets with a particular protocol and transport:
1 In Enable mode, type priority-policy 1 queue, followed by a
space, and then the queue number. Type another space, then
protocol ip transport, followed by a space and either none,
tcp, or udp (the type of packets that will be enqueued in this queue).
In cases where TCP or UDP are required, you can add a port, to better
classify sessions.
C onfiguring QoS
2 Press <Enter>.
! To clear a priority policy:
In Enable mode, type priority-policy 1 clear, and press <Enter>

to erase the policy properties for priority policy 1.
! To view the properties of a priority-policy:
In Enable mode, type priority-policy 1 show, and press <Enter>

to view the policy properties for priority policy 1.
NOTES:
If you change a priority policy, it is automatically relayed to the appropriate
interfaces.
To view how many packets have been dropped, type dropped packet.
Assigning Priority Queuing to an Interface

! To assign PQ to a serial interface:
Configuration mode.
2 Type interface serial 0/0, and press <Enter> to enter
3 Type priority-policy 1, and press <Enter> to apply priority
policy 1 to this serial interface.
NOTE:
To disable custom policy 1 for a serial interface, type priority-policy 1
disable, and press <Enter>.
4-12
Custom Queuing
Custom Queuing (CQ) involves allocating bandwidth to specific types of
traffic in accordance with defined rules or custom policies that are
established by the user. The user defines as many rules as are required.
The packets are enqueued, or placed in queues, as follows: The

ACCELERATOR sends packets to one of the 16 queues, based on the rules
that apply to the specific packet.
The packets are subsequently dequeued, or forwarded, as follows: Each

queue sends out traffic until the byte limit has been met, and then the next
queue sends out its traffic until its byte limit has been met.
The user first defines the custom policies (at this stage, these policies are
not associated with the interfaces) and then relays the policies to the
appropriate interfaces. Thus, any change made to a custom policy will
automatically update the relevant interfaces.
The ACCELERATOR’s CQ can be described, as follows:

4-13
Setting Custom Queuing

In order to set Custom Queuing, you must:
! Configure up to 16 policies
! Assign these policies to specific interfaces.
Configuring Custom Queuing
C onfiguring QoS
For the purpose of these procedures, custom policy 1 is configured, as well
as Serial Interface 0/0. However, these procedures can be used to configure
any custom policy or serial interface.
By default, all transmissions are directed to priority 0. If you choose

Custom Queuing and do not set any policies, all transmissions will be via
priority 0 until specific policies are set. If you want to assign priority to
certain types of traffic and leave all the rest of the traffic as is, there is no
need to define a priority for the remainder of the traffic, it will pass to
priority 0 by default.
! To enter a custom policy that specifies the number of

bytes that will be dequeued:
Configuration mode.
2 Type custom-policy 1 queue, followed by a space, and then the
queue number, between 0 and 15. Type another space, then byte-
count (how many bytes will be dequeued from this queue), followed
by a space and a number between 0 and 10000.
3 Press <Enter>.
! To set a default queue for the custom policy:

Configuration mode.
2 Type custom-policy 1 queue 1 default, and press <Enter>
to set this as the default policy, if no other rule applies. This means that
all packets that do not match any of the other custom policies will be
sent via this queue.
4-14
! To enter a custom policy that specifies the total number

of packets in a queue:
1 In Primary Configuration mode, type custom-policy 1 queue,
followed by a space, and then the queue number. Type another space,
then limit (the total number of packets that will be enqueued in this
queue), followed by a space and a number between 0 and 32.
2 Press <Enter>.
! To enter a custom policy that specifies a specific source

interface’s transmission a specific queue:
then interface, followed by a space and the interface number (for
example 0/1)
2 Press <Enter>.
! To enter a custom policy that specifies where to enqueue

packets with a particular protocol and transport:
then protocol ip transport, followed by a space and either
none, tcp, or udp (the type of packets will be enqueued in this
queue). In cases where TCP or UDP are required, you can add a port, to
better classify sessions.
2 Press <Enter>.
! To clear a custom-policy:
In Primary Configuration mode, type custom-policy 1 clear, and

press <Enter> to erase the policy properties for custom policy 1.
! To view the properties of a custom-policy:
In Enable mode, type custom-policy 1 show, and press <Enter> to

view the policy properties for custom policy 1.
4-15
NOTE:
If you change a custom policy it is automatically relayed to the appropriate
interfaces.
Assigning a Custom Queuing Policy to a

Specific Interface
! To configure CQ for a serial interface:
1
C onfiguring QoS
In Enable mode, type configure, and press <Enter> to enter Primary
Configuration mode.
2 Enter interface configuration mode, for example interface
serial 0/0, and press <Enter> to enter Serial Interface 0/0
configuration mode.
3 Type custom-policy 1, and press <Enter> to apply priority policy
1 to this serial interface.
NOTE:
To disable custom policy 1 for a serial interface type custom-policy 1
disable, and press <Enter>.
Configuring SNMP
5-1
Chapter 5
Configuring SNMP
About This Chapter
C onfiguring SNMP
This chapter describes how to configure the ACCELERATOR to enable
remote management access. This chapter includes the following sections:
! What is SNMP?, page 5-2.
! Basic SNMP Components, page 5-2.
! Basic SNMP Protocol Operations, page 5-4.
! SNMP Management Information Base (MIB) Tables, page 5-4.
! SNMPv1 Protocol Operations, page 5-6.
! SNMP Configuration, page 5-7.
! Displaying the Current SNMP Configuration, page 5-7.
! Disabling SNMP Access, page 5-7.
! Defining SNMP Communities, page 5-8.
! Enabling Traps, page 5-8.
! Example SNMP Configuration, page 5-9.
! Supported Traps, page 5-11.
! Supported MIB-2 Entries, page 5-13.
! System MIB, page 5-13.
! IfEntry MIB, page 5-14.
! RMON MIB, page 5-15.
! Private MIB Entries, page 5-16.
! Private MIB Diagram, page 5-48.
5-2
What is SNMP?
The Simple Network Management Protocol (SNMP), is an
application-layer protocol that enables management information exchange
between network devices. SNMP allows network administrators to locate
and solve network problems, manage network performance and plan for
future network growth. The following diagram illustrates a basic network
managed by SNMP:
The two versions of SNMP, SNMP Version 1 (SNMPv1) and SNMP

Version 2 (SNMPv2), have a number of features in common. However,
enhancements like additional protocol operations are only available with
SNMPv2. This chapter provides descriptions of the SNMPv1 and SNMPv2
protocol operations.
Currently, Expand’s ACCELERATORs support SNMPv1 and Standard

MIB-2.
Basic SNMP Components

An SNMP-managed network consists of three essential components: a
managed device, an agent, and a network management system (NMS).
Configuring SNMP
5-3
A managed device is a network node containing an SNMP agent and

residing on a managed network. It collects and stores management
information and makes this information available to the NMS through the
SNMP protocol. Managed devices, which are also called network elements,
include routers, access servers, switches, bridges, hubs, computer hosts and
printers.
An agent is a network management software module that resides on a

managed device. It has local knowledge of management information and
translates it into a form compatible with SNMP.
C onfiguring SNMP
An NMS executes applications that monitor and control managed devices,
and provides the majority of the processing and memory resources needed
to manage the network. One or more NMS must exist on a managed
network. The following diagram illustrates the relationship between these
components:
5-4
SNMP is a distributed management protocol. This means that a system

could operate as an NMS, an agent, or both. When a system operates as
both an NMS and an agent, another NMS might require the system to query
the managed devices and provide a summary of the information learned, or
to report on management information stored locally.
Basic SNMP Protocol Operations

There are four basic types of SNMP protocol operations that can be used to
monitor and control a managed device.
! A Read operation is used by the NMS to monitor a managed device
by examining the different variables that are maintained by it.
! A Write operation is used by the NMS to control a managed device
by changing the values of the variables stored within it.
! A Trap operation is used by a managed device to asynchronously
report events to the NMS. When certain types of events occur, a
managed device sends a trap to the NMS.
! A Traversal operation is used by the NMS to determine which
variables are supported by the managed device and to sequentially
gather information in variable tables (for example, a routing table).
SNMP Management Information Base

(MIB) Tables
A Management Information Base (MIB) is a hierarchically organized
collection of information comprised of managed objects and identified by
object identifiers. MIBs can be accessed using a network management
protocol like SNMP.
A managed object (also called a MIB object, object, or MIB) is one of any
number of specific characteristics of a managed device. Managed objects
are comprised of one or more object instances, or variables.
Configuring SNMP
5-5
There are two types of managed objects: scalar and tabular. Scalar objects
define single object instances, while tabular objects contain multiple
variables. These are grouped together in a highly structured MIB table
using the SNMPv1 Structure of Management Information (SMI). The
tables are composed of zero or more rows, indexed in a way that allows
SNMP to retrieve or alter an entire row using a single Get, GetNext, or
Set command.
An object identifier (or object ID) uniquely identifies a managed object in

the MIB hierarchy. The MIB hierarchy can be depicted as a tree with a
nameless root, the levels of which are assigned by different organizations.
C onfiguring SNMP
The following diagram illustrates the SNMP tree:
5-6
SNMPv1 Protocol Operations

SNMP is a simple request-response protocol. This means that the NMS
issues a request and the agent returns a response. This is implemented by
using one of the following four protocol operations:
! A Get operation is used by the NMS to retrieve the value of one or
more object instances from an agent. Unless the agent responding to the
operation can provide values for all the object instances in a list, it will
not provide any values at all.
! A GetNext operation is used by the NMS to retrieve the value of the
next object instance in a table or list from an agent.
! A Set operation is used by the NMS to set the values of the object
instances in an agent.
! A Trap operation is used by an agent to asynchronously report events
to the NMS.
Configuring SNMP
5-7
SNMP Configuration
In order to enable SNMP management of the ACCELERATOR using
HP OpenView or other SNMP management software, you must define the
following:
! Defining SNMP Communities, page 5-8.
! Enabling Traps, page 5-8.
# To enter the SNMP configuration mode:

C onfiguring SNMP
2 Type snmp and press <Enter> to enter the SNMP configuration mode.
Displaying the Current SNMP Configuration

There are two ways to view parameters currently configured for SNMP.
# To view the current SNMP configuration:

In Enable mode, type show snmp,
-or-
In SNMP mode, as described above, type show.
Disabling SNMP Access

SNMP access to the specific ACCELERATOR being configured can be
disabled.
# To disable SNMP access to the ACCELERATOR:

1 In SNMP mode, as described above, type snmp disable.
2 Press <Enter>.
5-8
Defining SNMP Communities

Up to five SNMP communities may be defined, together with access
privilege levels. Each community has a name and an access permission
level.
# To define an SNMP community:

1 In SNMP mode, as described on page 5-7, type community, then a
space, then the name of the community followed by another space, then
permission, followed by the permission type ro, for Read Only, or
rw, for Read-Write.
2 Press <Enter>.
Enabling Traps
A trap enables events to be sent to defined recipients in order to enable
central management. In order to send traps, you must first define the
recipients.
# To enable traps:
1 In SNMP mode, as described on page 5-7, type host, followed by a
space, type host’s IP address, space and a community
string or user name and press <Enter>. This will set up the host
(the SNMP entity which will receive the traps).
2 Type traps enable, and press <Enter> to enable all traps.
NOTE:
To disable the traps, type traps disable.
# To set a contact name:
In SNMP mode, as described on page 5-7, type contact, followed by a

string. This text will become an entry for defining the contact person for
this unit.
Configuring SNMP
5-9
# To set a location name:
In SNMP mode, as described on page 5-7, type location, followed by a

string. This text will become an entry for defining the location of this unit.
IfTable Index
The IfTable charts which index belongs to which interface number on the
ACCELERATOR rear panel. This table assists in showing how Expand’s
interface names are indexed in the IfTable under SNMP MIB II.
# To display the ifTable Index:
C onfiguring SNMP
In SNMP mode, type sh interface-table and press <Enter>. The
example below displays the ifTable index for two interfaces and
sub-interfaces (including DLCI numbers) for an ACCELERATOR 4000:
Interface Name | Index in ifTable
-----------------------------
0/1 | ifInex.2
0/1/1(769) | ifInex.201
0/0 | ifInex.1
0/0.1(769) | ifInex.101
SAVE:
Example SNMP Configuration

Community
WORD | Privilege
-------+----------
MIS | rw
R&D | ro
public | ro
-------+----------
5-10
contact.....................John Smith
host
IP | COMMUNITY
-----------------+------------
172.16.32.53 | traps
-----------------+------------
location........................Paris
snmp............................enable
traps...........................enable
Configuring SNMP
5-11
Supported Traps
SNMP events (alerts) are driven by trap messages generated as a result of
certain device parameters. These parameters can be either generic or
vendor-device-specific. Enterprise-specific are Expand Networks’
proprietary trap messages and provide more ACCELERATOR
device-specific detail.
Standard Traps
C onfiguring SNMP
ExpandOS 3.5 supports the following standard SNMP traps:
! ColdStart: Sent after a successful system start-up.
! LinkDown: Signals a failure in one of the communications links of the
ACCELERATORs. An indication for a Link Down status on a DTE
port is a reflection of a DSR signal from the DCE device, and on the
DCE port it is a reflection of the DTR signal from the DTE device.
! LinkUp: Signals that one of the communications links of the
ACCELERATORs came up after a Down state. An indication for a link
up status on a DTE port is a reflection of a DSR signal from the DCE
device, and on the DCE port it is a reflection of the DTR signal from
the DTE device.
! AuthenticationFailure: Signals an SNMP authentication
failure.
Enterprise-Specific Traps
ExpandOS supports the following Expand Networks traps:
! redundantPowerSupplyUp: Signifies that both power supplies
are working (after redundantPowerSupplyDown trap was
issued). These traps are applicable to ACCELERATORs with dual
power supplies.
! redundantPowerSupplyDown: Signifies that one of the redundant
power supplies stopped working. These traps are applicable to
ACCELERATORs with dual power supplies.
5-12
! connectionInboundUp: Signifies that the inbound direction has

successfully synchronized (logically, when Expand’s Acceleration
protocols are properly working) with a remote ACCELERATOR.
! connectionInboundDown: Signifies that the inbound direction
has lost synchronization with a remote ACCELERATOR. After this
trap is sent, the ACCELERATOR performs in Software bypass mode.
! connectionOutboundUp: Signifies that the outbound direction has
successfully synchronized (logically, when Expand’s Acceleration
protocols are properly working) with a remote ACCELERATOR.
! connectionOutboundDown: Signifies that outbound direction has
lost synchronization with a remote ACCELERATOR. After this trap is
sent, the ACCELERATOR performs in Software bypass mode.
! hardwareBypassActivated: Signifies that the user has switched
the ACCELERATOR to Hardware bypass mode.
! hardwareBypassdeactivated: Signifies that the user has
switched off hardware-bypass mode.
! generalAuthenticationFailure: Signifies that the user failed
to authenticate on any user interface (WEB Management, Console, or
Telnet).
! generalAuthenticationEnableFailure: Signifies that the
user attempted and failed to obtain privileged access (Enable mode) to
the accelerator.
! generalAuthorizeExecFailure: Signifies that the user
attempted to execute a command to which he/she does not have
authorization to execute.
Configuring SNMP
5-13
Supported MIB-2 Entries

The ACCELERATOR supports the following MIB-2 entries:
System MIB
ExpandOS supports the standard MIB-2 system entries according to
RFC1213. The entries listed below are all of the type OBJECT-TYPE.
sysDescr
OID: 1.3.6.1.2.1.1.1
C onfiguring SNMP
Full path: iso(1).org(3).dod(6).internet(1).mgmt(2).mib-
2(1).system(1).sysDescr(1)
sysObjectID
OID: 1.3.6.1.2.1.1.2

2(1).system(1).sysObjectID(2)
sysUpTime
OID: 1.3.6.1.2.1.1.3

2(1).system(1).sysUpTime(3)
sysContact
OID: 1.3.6.1.2.1.1.4

2(1).system(1).sysContact(4)
5-14
sysName
OID: 1.3.6.1.2.1.1.5

2(1).system(1).sysName(5)
sysLocation
OID: 1.3.6.1.2.1.1.6

2(1).system(1).sysLocation(6)
sysServices
OID: 1.3.6.1.2.1.1.7

2(1).system(1).sysServices(7)
IfEntry MIB
ExpandOS supports the following standard MIB-2 ifTable entries according
to RFC1213:
Name:ifEntry
OID: 1.3.6.1.2.1.2.2.1

2(1).interfaces(2).ifTable(2).ifEntry(1)
Sequences:
ifIndex - INTEGER(2 - int, int32) (For interface ID information, refer to

the explanation at the end of the list of Sequences.)
ifDescr - DisplayString(4 - octets)
ifType - INTEGER(2 - int, int32)
ifMtu - INTEGER(2 - int, int32)

Configuring SNMP
5-15
ifSpeed - Gauge(66 - gauge32)
ifPhysAddress - PhysAddress(4 - octets) - Relevant only for Ethernet
ifAdminStatus - INTEGER(2 - int, int32)
ifOperStatus - INTEGER(2 - int, int32)
ifLastChange - TimeTicks(67 - timeticks) - This data is not saved
ifInOctets - Counter(65 - cntr32)
ifInUcastPkts - Counter(65 - cntr32) - EXOS does not save statistics about
C onfiguring SNMP
non-unicast packets (only multicast and broadcast)
ifInNUcastPkts - Counter(65 - cntr32)
ifInDiscards - Counter(65 - cntr32) - EXOS does not discard incoming

packets with no errors
ifInErrors - Counter(65 - cntr32)
ifInUnknownProtos - Counter(65 - cntr32) - EXOS does not discard

packets due to unsupported protocols.
ifOutOctets - Counter(65 - cntr32)
ifOutUcastPkts - Counter(65 - cntr32)
ifOutNUcastPkts - Counter(65 - cntr32) - EXOS does not save statistics

about non-unicast packets (only multicast and broadcast).
ifOutDiscards - Counter(65 - cntr32)
ifOutErrors - Counter(65 - cntr32) - EXOS does not send packets with

errors
ifOutQLen - Gauge(66 - gauge32)
ifSpecific - OBJECT IDENTIFIER(6 - oid)

NOTE:
Leaves #6, 9, 12, 13, 15, 18, and 20 return a constant value of 0 upon querying.
5-16
# To determine the ifIndex of the indicated interface:

1 The ACCELERATOR serial interface slot number is replaced with the
corresponding ifIndex ID value, according to the tables below:
ifIndex ACCELERATOR 4000 ifIndex ACCELERATOR 2700
1 0/0 1 0/0
2 0/1 2 1/0
3 1/0 3 2/0
4 1/1
2 In cases of Fame Relay, the ifIndex value of the serial interface is

followed by a two-digit subinterface value (01-99).
For example, for ports 0/0.1 – 0/0.99, the ifIndex values are 101 – 199;
for ports 1/0.1 –1/0.99 the ifIndex values are 301 – 399.
RMON MIB
ExpandOS supports the standard MIB-2 RMON entries according to
RFC1757.
Private MIB Entries

The ExpandOS private MIB-2 (EXPAND-ACCLERETOROS-MIB) entries
are Read Only. The entries listed below are all of the type OBJECT-TYPE:
expandSystemId
OID: 1.3.6.1.4.1.3405.1
Full path: iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).expand-

networks(3405).expandSystemId(1)
Module: EXPAND-NETWORKS-SMI
Description: This object identifier defines the object identifiers that are
assigned to the various Expand-Networks operating systems, and hence are
returned as values for sysObjectID leaf of MIB 2.
Configuring SNMP
5-17
accProductId
OID: 1.3.6.1.4.1.3405.3.1

networks(3405).acceleratorOs(3).accProductId(1)
Module: EXPAND-ACCLERETOROS-MIB
Description: This object identifier defines the object identifiers that are
assigned to the various Expand-Networks products, and hence is assign to
the outgoing traps.
C onfiguring SNMP
accSysUpTime
OID: 1.3.6.1.4.1.3405.3.2.1

networks(3405).acceleratorOs(3).accSystem(2).accSysUpTime(1)
Description: The time (in hundredths of a second) since the network

management portion of the system was last re-initialized.
accSoftwareVersion
OID: 1.3.6.1.4.1.3405.3.2.2

networks(3405).acceleratorOs(3).accSystem(2).accSoftwareVersion(2)
5-18
accSysHostName
OID: 1.3.6.1.4.1.3405.3.2.3

networks(3405).acceleratorOs(3).accSystem(2).accSysHostName(3)
Description: An administratively-assigned name for this managed node, the

value is the same as in sysName leaf in MIB 2.
accSysLocation
OID: 1.3.6.1.4.1.3405.3.2.4

networks(3405).acceleratorOs(3).accSystem(2).accSysLocation(4)
Description: The physical location of this node, the value is the same as in
sysLocation leaf in MIB 2.
accSysContact
OID: 1.3.6.1.4.1.3405.3.2.5

networks(3405).acceleratorOs(3).accSystem(2).accSysContact(5)
Description: The textual identification of the contact person for this

managed node, together with information on how to contact this person.
The value is the same as in sysContact leaf in MIB 2.
Configuring SNMP
5-19
accCpuTotalEntries
OID: 1.3.6.1.4.1.3405.3.3.1.1.1

networks(3405).acceleratorOs(3).accPerformance(3).accHardware(1).accC
pu(1).accCpuTotalEntries(1)
Description: The number of Central Processing Units present on this

system. Number of entries in the cpuTable.
C onfiguring SNMP
accCpuIndex
OID: 1.3.6.1.4.1.3405.3.3.1.1.2.1.1

pu(1).accCpuTable(2).accCpuEntry(1).accCpuIndex(1)
Description: A unique value for each cpu.
accCpuDesc
OID: 1.3.6.1.4.1.3405.3.3.1.1.2.1.2

pu(1).accCpuTable(2).accCpuEntry(1).accCpuDesc(2)
Description: A textual string containing information about the cpu.

5-20
accCpuUtilization
OID: 1.3.6.1.4.1.3405.3.3.1.1.2.1.3

pu(1).accCpuTable(2).accCpuEntry(1).accCpuUtilization(3)
Description: Utilization per cpu in percentage.
accSystemWide
OID: 1.3.6.1.4.1.3405.3.3.2.1.1

networks(3405).acceleratorOs(3).accPerformance(3).accSoftware(2).accBu
ffer(1).accSystemWide(1)
Description: Buffer utilization system-wide in percentage.
accInterfaceTotalEntries
OID: 1.3.6.1.4.1.3405.3.4.1

networks(3405).acceleratorOs(3).accInterfaces(4).accInterfaceTotalEntries(
1)
Description: The number of network interfaces and sub-interfaces present

on this system.
Configuring SNMP
5-21
accInterfaceIndex
OID: 1.3.6.1.4.1.3405.3.4.2.1.1

networks(3405).acceleratorOs(3).accInterfaces(4).accInterfaceTable(2).accI
nterfaceEntry(1).accInterfaceIndex(1)
Description: A unique value for each interface or sub interface.
accInterfaceDescription
C onfiguring SNMP
OID: 1.3.6.1.4.1.3405.3.4.2.1.2

nterfaceEntry(1).accInterfaceDescription(2)
Description: A textual string containing information about the interface.

This string should include the name of the manufacturer, the product name
and the version of the hardware interface.
5-22
accInterfaceEncapsulation
OID: 1.3.6.1.4.1.3405.3.4.2.1.3

nterfaceEntry(1).accInterfaceEncapsulation(3)
Value list:
1: other(1)
2: ppp(2)
3: hdlc-cisco(3)
4: frame-relay-ietf(4)
5: frame-relay-cisco(5)
6: lapb-8(6)
7: lapb-128(7)
8: ethernet(8)
9: expand-special(9)
10: raw-hdlc(10)
Description: The type of interface, distinguished according to the network

layer.
accInterfaceFrameRelayDlci
OID: 1.3.6.1.4.1.3405.3.4.2.1.4

nterfaceEntry(1).accInterfaceFrameRelayDlci(4)
Configuring SNMP
5-23
accInterfaceOperStatus
OID: 1.3.6.1.4.1.3405.3.4.2.1.6

nterfaceEntry(1).accInterfaceOperStatus(6)
Value list:
1: up(1)
C onfiguring SNMP
2: down(2)
3: testing(3)
Description: The current operational state of the interface. The testing(3)

state indicates that no operational packets can be passed.
accInterfaceAdminStatus
OID: 1.3.6.1.4.1.3405.3.4.2.1.7

nterfaceEntry(1).accInterfaceAdminStatus(7)
Value list:
1: up(1)
2: down(2)
3: testing(3)
Description: The desired state of the interface. The testing(3) state indicates
that no operational packets can be passed.
5-24
accInterfaceMtu
OID: 1.3.6.1.4.1.3405.3.4.2.1.8

nterfaceEntry(1).accInterfaceMtu(8)
Description: The size of the largest datagram which can be sent/received on

the interface, specified in octets. For interfaces that are used for
transmitting network datagrams, this is the size of the largest network
datagram that can be sent on the interface.
accInterfaceSpeed
OID: 1.3.6.1.4.1.3405.3.4.2.1.9

nterfaceEntry(1).accInterfaceSpeed(9)
Description: An estimate of the interface's current bandwidth in bits per

second. For interfaces that do not vary in bandwidth or for those where no
accurate estimation can be made, this object should contain the nominal
bandwidth.
accInterfaceOutQlength
OID: 1.3.6.1.4.1.3405.3.4.2.1.10

nterfaceEntry(1).accInterfaceOutQlength(10)
Description: The length of the output packet queue (in packets).

Configuring SNMP
5-25
accInterfaceBufferUtil
OID: 1.3.6.1.4.1.3405.3.4.2.1.11

nterfaceEntry(1).accInterfaceBufferUtil(11)
Description: Buffer utilization per sub/interface in percentage.
accInterfaceAccelerationAdminStatus
C onfiguring SNMP
OID: 1.3.6.1.4.1.3405.3.4.2.1.12

nterfaceEntry(1).accInterfaceAccelerationAdminStatus(12)
Value list:
1: off(1)
2: on(2)
Description: The desired state of Acceleration for this interface.

5-26
accInterfaceQueuingStrategy
OID: 1.3.6.1.4.1.3405.3.4.2.1.13

nterfaceEntry(1).accInterfaceQueuingStrategy(13)
Value list:
1: fifo(1)
2: wfq(2)
3: priority(3)
4: custom(4)
Description: Interface queuing strategy.
accInterfaceIpAddress
OID: 1.3.6.1.4.1.3405.3.4.2.1.14

nterfaceEntry(1).accInterfaceIpAddress(14)
Description: IP address assigned to this interface.

Configuring SNMP
5-27
accInterfaceIpMask
OID: 1.3.6.1.4.1.3405.3.4.2.1.15

nterfaceEntry(1).accInterfaceIpMask(15)
Description: Subnet mask for the interface IP address.
accInterfaceChunkSizeMethod
C onfiguring SNMP
OID: 1.3.6.1.4.1.3405.3.4.2.1.16

nterfaceEntry(1).accInterfaceChunkSizeMethod(16)
Value list:
1: manual(1)
2: automatic(2)
Description: Method used to determine DRC chunk size.
accInterfaceChunkSize
OID: 1.3.6.1.4.1.3405.3.4.2.1.17

nterfaceEntry(1).accInterfaceChunkSize(17)
Description: DRC chunk size setting for this interface.

5-28
accInterfaceDrcMode
OID: 1.3.6.1.4.1.3405.3.4.2.1.18

nterfaceEntry(1).accInterfaceDrcMode(18)
Value list:
1: off(1)
2: semi(2)
3: full(3)
Description: Drop Recovery operation mode.
accInterfaceKeepAliveInterval
OID: 1.3.6.1.4.1.3405.3.4.2.1.19

nterfaceEntry(1).accInterfaceKeepAliveInterval(19)
Description: Frequency (in seconds) of keepalive packets sent.
accInterfaceKeepAliveIterations
OID: 1.3.6.1.4.1.3405.3.4.2.1.20

nterfaceEntry(1).accInterfaceKeepAliveIterations(20)
Description: Number of subsequent keepalives that the system may loose

before dropping connection.
Configuring SNMP
5-29
accInterfaceProbe
OID: 1.3.6.1.4.1.3405.3.4.2.1.21

nterfaceEntry(1).accInterfaceProbe(21)
Description: Frequency (in seconds) of probe packets that are sent to detect
the presence of a far-end ACCELERATOR.
C onfiguring SNMP
accInterfaceInboundStatus
OID: 1.3.6.1.4.1.3405.3.4.2.1.22

nterfaceEntry(1).accInterfaceInboundStatus(22)
Value list:
1: not-connected(1)
2: connected(2)
Description: Inbound direction actual synchronization status.
accInterfaceInboundCore
OID: 1.3.6.1.4.1.3405.3.4.2.1.23

nterfaceEntry(1).accInterfaceInboundCore(23)
Description: Number of Cores used to Accelerate inbound traffic.

5-30
accInterfaceOutboundStatus
OID: 1.3.6.1.4.1.3405.3.4.2.1.24

nterfaceEntry(1).accInterfaceOutboundStatus(24)
Value list:
1: not-connected(1)
2: connected(2)
Description: Outbound direction actual synchronization status.
accInterfaceOutboundCore
OID: 1.3.6.1.4.1.3405.3.4.2.1.25

nterfaceEntry(1).accInterfaceOutboundCore(25)
Description: Number of Cores used to accelerate outbound traffic.

Configuring SNMP
5-31
accInterfaceTransmitDirection
OID: 1.3.6.1.4.1.3405.3.4.2.1.26

nterfaceEntry(1).accInterfaceTransmitDirection(26)
Value list:
1: duplex(1)
C onfiguring SNMP
2: simplex-receive(2)
3: simplex-transmit(3)
Description: Interface transmit direction.
accInterfacePerformancePeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.27

nterfaceEntry(1).accInterfacePerformancePeriod(27)
Description: Sampling period of the acceleration percentage counters.
accInterfacePerformanceInAccelerationUp
OID: 1.3.6.1.4.1.3405.3.4.2.1.28

nterfaceEntry(1).accInterfacePerformanceInAccelerationUp(28)
Description: Inbound traffic acceleration percentage since system

power-up.
5-32
accInterfacePerformanceInAccelerationClear
OID: 1.3.6.1.4.1.3405.3.4.2.1.29

nterfaceEntry(1).accInterfacePerformanceInAccelerationClear(29)
Description: Inbound traffic acceleration percentage since counters were

last cleared.
accInterfacePerformanceInAccelerationPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.30

nterfaceEntry(1).accInterfacePerformanceInAccelerationPeriod(30)
Description: Inbound traffic acceleration percentage during last sampling

period.
accInterfacePerformanceOutAccelerationUp
OID: 1.3.6.1.4.1.3405.3.4.2.131

nterfaceEntry(1).accInterfacePerformanceOutAccelerationUp31
Description: Outbound traffic acceleration percentage since system

power-up.
Configuring SNMP
5-33
accInterfacePerformanceOutAccelerationClear
OID: 1.3.6.1.4.1.3405.3.4.2.1.32

nterfaceEntry(1).accInterfacePerformanceOutAccelerationClear(32)
Description: Outbound traffic acceleration percentage since counters were

last cleared.
C onfiguring SNMP
accInterfacePerformanceOutAccelerationPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.33

nterfaceEntry(1).accInterfacePerformanceOutAccelerationPeriod(33)
Description: Outbound traffic acceleration percentage during last sampling

period.
accInterfacePerformanceDrcResetsUp
OID: 1.3.6.1.4.1.3405.3.4.2.1.34

nterfaceEntry(1).accInterfacePerformanceDrcResetsUp(34)
Description: Number of times the DRC module had to reset since system
power-up.
5-34
accInterfacePerformanceDrcResetsClear
OID: 1.3.6.1.4.1.3405.3.4.2.1.35

nterfaceEntry(1).accInterfacePerformanceDrcResetsClear(35)
Description: Number of times the DRC module had to reset since counters
were last cleared.
accInterfacePerformanceDrcResetsPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.36

nterfaceEntry(1).accInterfacePerformanceDrcResetsPeriod(36)
Description: Number of times the DRC module had to reset during last
sampling period.
accInterfacePerformanceLostPacketsUp
OID: 1.3.6.1.4.1.3405.3.4.2.1.37

nterfaceEntry(1).accInterfacePerformanceLostPacketsUp(3637)
Description: Number of packets lost on the accelerated link since system

power-up.
Configuring SNMP
5-35
accInterfacePerformanceLostPacketsClear
OID: 1.3.6.1.4.1.3405.3.4.2.1.38

nterfaceEntry(1).accInterfacePerformanceLostPacketsClear(38)
Description: Number of packets lost on the accelerated link since counters

were last cleared.
C onfiguring SNMP
accInterfacePerformanceLostPacketsPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.39

nterfaceEntry(1).accInterfacePerformanceLostPacketsPeriod(39)
Description: Number of packets lost on the accelerated link during last

sampling period.
accInterfacePerformanceRetransmitPacketsUp
OID: 1.3.6.1.4.1.3405.3.4.2.1.40

nterfaceEntry(1).accInterfacePerformanceRetransmitPacketsUp(40)
Description: Number of packets retransmitted by the DRC mechanism on

the accelerated link since system power-up.
5-36
accInterfacePerformanceRetransmitPacketsClear
OID: 1.3.6.1.4.1.3405.3.4.2.1.41

nterfaceEntry(1).accInterfacePerformanceRetransmitPacketsClear(41)

the accelerated link since counters were last cleared.
accInterfacePerformanceRetransmitPacketsPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.42

nterfaceEntry(1).accInterfacePerformanceRetransmitPacketsPeriod(42)

the accelerated link, during last sampling period.
accInterfacePerformanceRecoveredPacketsUp
OID: 1.3.6.1.4.1.3405.3.4.2.1.43

nterfaceEntry(1).accInterfacePerformanceRecoveredPacketsUp(43)
Description: Number of packets recovered by the DRC mechanism on the

Accelerated link, since system power-up.
Configuring SNMP
5-37
accInterfacePerformanceRecoveredPacketsClear
OID: 1.3.6.1.4.1.3405.3.4.2.1.44

nterfaceEntry(1).accInterfacePerformanceRecoveredPacketsClear(44)

accelerated link, since counters were last cleared.
C onfiguring SNMP
accInterfacePerformanceRecoveredPacketsPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.45

nterfaceEntry(1).accInterfacePerformanceRecoveredPacketsPeriod(46)

accelerated link, during last sampling period.
accInterfaceThroughputPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.46

nterfaceEntry(1).accInterfaceThroughputPeriod(45)
Description: Sampling period of the interface throughput counters.

5-38
accInterfaceThroughputCrcErrUp
OID: 1.3.6.1.4.1.3405.3.4.2.1.47

nterfaceEntry(1).accInterfaceThroughputCrcErrUp(47)
Description: Number of inbound packets with CRC errors, since system

power-up.
accInterfaceThroughputCrcErrClear
OID: 1.3.6.1.4.1.3405.3.4.2.1.48

nterfaceEntry(1).accInterfaceThroughputCrcErrClear(48)
Description: Number of inbound packets with CRC errors, since counters

were last cleared.
accInterfaceThroughputCrcErrPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.49

nterfaceEntry(1).accInterfaceThroughputCrcErrPeriod(49)
Description: Number of inbound packets with CRC errors, during last

sampling period.
Configuring SNMP
5-39
accInterfaceThroughputDropByteUp
Type: OBJECT-TYPE
OID: 1.3.6.1.4.1.3405.3.4.2.1.50

nterfaceEntry(1).accInterfaceThroughputDropByteUp(50)
Description: Total number of data bytes in outbound packets that were
C onfiguring SNMP
discarded on the interface due to congestion, since system power-up.
accInterfaceThroughputDropByteClear
Type: OBJECT-TYPE
OID: 1.3.6.1.4.1.3405.3.4.2.1.51

nterfaceEntry(1).accInterfaceThroughputDropByteClear(51)

discarded on the interface due to congestion, since counters were last
cleared.
5-40
accInterfaceThroughputDropBytePeriod
Type: OBJECT-TYPE
OID: 1.3.6.1.4.1.3405.3.4.2.1.52

nterfaceEntry(1).accInterfaceThroughputDropBytePeriod(52)

discarded on the interface due to congestion, during last sampling period.
accInterfaceThroughputDropPacketsUp
Type: OBJECT-TYPE
OID: 1.3.6.1.4.1.3405.3.4.2.1.53

nterfaceEntry(1).accInterfaceThroughputDropPacketsUp(53)
Description: Number of outbound packets discarded on the interface due to

congestion, since system power-up.
Configuring SNMP
5-41
accInterfaceThroughputDropPacketsClear
Type: OBJECT-TYPE
OID: 1.3.6.1.4.1.3405.3.4.2.1.54

nterfaceEntry(1).accInterfaceThroughputDropPacketsClear(54)
C onfiguring SNMP
congestion, since counters were last cleared.
accInterfaceThroughputDropPacketsPeriod
Type: OBJECT-TYPE
OID: 1.3.6.1.4.1.3405.3.4.2.1.55

nterfaceEntry(1).accInterfaceThroughputDropPacketsPeriod(55)

congestion, during last sampling period.
accInterfaceThroughputInBytesUp
OID: 1.3.6.1.4.1.3405.3.4.2.1.56

nterfaceEntry(1).accInterfaceThroughputInBytesUp(56)
Description: Total number of bytes in packets received on the interface

since system power-up.
5-42
accInterfaceThroughputInBytesClear
OID: 1.3.6.1.4.1.3405.3.4.2.1.57

nterfaceEntry(1).accInterfaceThroughputInBytesClear(57)
Description: Total number of bytes in packets received on the interface

since counters were last cleared.
accInterfaceThroughputInBytesPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.58

nterfaceEntry(1).accInterfaceThroughputInBytesPeriod(58)
Max access: read-only
Description: Throughput in kilobits per second over the last sampling

period.
accInterfaceThroughputInPacketsUp
OID: 1.3.6.1.4.1.3405.3.4.2.1.59

nterfaceEntry(1).accInterfaceThroughputInPacketsUp(59)
Description: Total number of packets received on the interface since system

power-up.
Configuring SNMP
5-43
accInterfaceThroughputInPacketsClear
OID: 1.3.6.1.4.1.3405.3.4.2.1.60

nterfaceEntry(1).accInterfaceThroughputInPacketsClear(60)
Description: Total number of packets received on the interface since

counters were last cleared.
C onfiguring SNMP
accInterfaceThroughputInPacketsUp
OID: 1.3.6.1.4.1.3405.3.4.2.1.59

nterfaceEntry(1).accInterfaceThroughputInPacketsUp(59)
Description: Total number of packets received on the interface since system

power-up.
accInterfaceThroughputInPacketsClear
OID: 1.3.6.1.4.1.3405.3.4.2.1.60

nterfaceEntry(1).accInterfaceThroughputInPacketsClear(60)
Description: Total number of packets received on the interface since

5-44
accInterfaceThroughputInPacketsPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.61

nterfaceEntry(1).accInterfaceThroughputInPacketsPeriod(61)
Description: Throughput in packets per second over the last sampling

period.
accInterfaceThroughputOutBytesUp
OID: 1.3.6.1.4.1.3405.3.4.2.1.62

nterfaceEntry(1).accInterfaceThroughputOutBytesUp(62)
Description: Total number of bytes in packets transmitted by the interface

since system power-up.
accInterfaceThroughputOutBytesClear
OID: 1.3.6.1.4.1.3405.3.4.2.1.63

nterfaceEntry(1).accInterfaceThroughputOutBytesClear(63)
Description: Total number of bytes in packets transmitted by the interface

since counters were last cleared.
Configuring SNMP
5-45
accInterfaceThroughputOutBytesPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.64

nterfaceEntry(1).accInterfaceThroughputOutBytesPeriod(64)
Description: Throughput in kilobit per second over the last sampling period.
accInterfaceThroughputOutPacketsUp
C onfiguring SNMP
OID: 1.3.6.1.4.1.3405.3.4.2.1.65

nterfaceEntry(1).accInterfaceThroughputOutPacketsUp(65)
Description: Total number of packets transmitted by the interface since

system power-up.
accInterfaceThroughputOutPacketsClear
OID: 1.3.6.1.4.1.3405.3.4.2.1.66

nterfaceEntry(1).accInterfaceThroughputOutPacketsClear(66)
Description: Total number of packets transmitted by the interface since

5-46
accInterfaceThroughputOutPacketsPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.67

nterfaceEntry(1).accInterfaceThroughputOutPacketsPeriod(67)
Description: Throughput in packets per second over the last sampling

period.
accInterfaceThroughputRawInBytesUp
OID: 1.3.6.1.4.1.3405.3.4.2.1.69

nterfaceEntry(1) accInterfaceThroughputRawInBytesUp(69)
Description: Total number of raw bytes in packets received on the interface

since system power-up
accInterfaceThroughputRawInBytesClear
OID: 1.3.6.1.4.1.3405.3.4.2.1.70

nterfaceEntry(1) accInterfaceThroughputRawInBytesClear (70)
Description: Total number of raw bytes in packets received on the

interface since counters were last cleared.
accInterfaceThroughputRawInBytesPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.71
Configuring SNMP
5-47

nterfaceEntry(1) accInterfaceThroughputRawInBytesPeriod(71)

period.
accInterfaceThroughputRawOutBytesUp
OID: 1.3.6.1.4.1.3405.3.4.2.1.72
C onfiguring SNMP
nterfaceEntry(1) accInterfaceThroughputRawOutBytesUp (71)
Description: Total number of raw bytes in packets transmitted by the

interface since system power-up.
accInterfaceThroughputRawOutBytesClear
OID: 1.3.6.1.4.1.3405.3.4.2.1.73

nterfaceEntry(1) accInterfaceThroughputRawOutBytesClear(72)
Description: Total number of raw bytes in packets transmitted by the

interface since counters were last cleared.
accInterfaceThroughputRawOutBytesPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.74

nterfaceEntry(1) accInterfaceThroughputRawOutBytesPeriod(73)
5-48

period.
Private MIB Diagram

Configuring SNMP
5-49
C onfiguring SNMP
5-50
Configuring SNMP
5-51
C onfiguring SNMP
Web User Interface
6-1
Chapter 6
Web User Interface
About This Chapter
This chapter describes the ExpandOS Web User Interface, a new,
W eb User Interface
user-friendly and intuitive method of managing and configuring the
ACCELERATORs.

! Overview of the Web User Interface, page 6-1.
! Accessing the Web User Interface, page 6-4.
! Logging In, page 6-5.
! Defining Privilege Levels, page 6-6.
! Configuring Privilege Levels for a Command, page 6-7.
! Using the Web User Interface, page 6-9.
! Showing a Configuration, page 6-9.
! Configuring Parameters, page 6-9.
! Managing Default Values, page 6-10.
Overview of the Web User Interface

NOTE:
By default, the Web User Interface is disabled. For instructions on enabling the
Web User Interface, refer to Enabling the Web User Interface, below.
6-2
ExpandOS includes a Web User Interface that enables you to remotely

manage and configure the ACCELERATOR using a graphical interface in
your Internet browser. This Web User Interface simplifies the task of
configuring the various parameters of the ACCELERATOR.
The Web User Interface is accessed using the Microsoft Internet Explorer
Web browser version 5.0 and above, through the URL http://, followed by
the IP Address of the ACCELERATOR.
The hierarchical tree in left pane represents the ACCELERATOR

command tree and its hierarchy, and enables you to navigate to the required
mode and configure the various parameters. Click to expand a branch in
the command tree or click to collapse a branch in the command tree.
NOTE:
The commands are detailed in Chapter 11, Command Reference.
The Enable mode branch and the various configuration mode branches are
indicated by , while the configuration parameters are represented by .
Click to view the current status of a configurable parameter or mode.
This is the equivalent of invoking the show command in a Telnet session.
Web User Interface
6-3
The Command pane displays the associated command and parameters for
the mode selected in the Tree pane. A next to a parameter indicates that
the parameter value is mandatory, and you must complete the entry. Other
fields are optional. A list, or range, of permitted values for each of the
parameters is indicated to the right of each parameter.
The following buttons are available:
OPTION DESCRIPTION
Refreshes the tree in the left pane.
Executes the selected command.
Executes all commands in the Command pane.
W eb User Interface
Cancels the commands in the Command pane, and
discards any changes that have been made.
6-4
Enabling the Web User Interface

The Web User Interface is disabled upon system boot. To enable this
feature, follow the following instructions.
# To enable the Web User Interface:

1 In Primary Configuration mode, type web, and then press <Enter> to
enter web configuration mode.
2 Type either:
yes: enable web user interface.
no: disable web user interface.
The default setting is no.
Accessing the Web User Interface

The main window of the Web User Interface enables authorized users to
log into the system.
# To use the Web User Interface you must:

1 Use Internet Explorer 5.0/5.5
2 In tools/internet options/security/custom level/cookies, select
the option allow per session cookies (not stored).
3 In tools/internet options/general/temporary internet files/settings/
select the option every visit to the page.
When a password is required in order to access a specific mode, the system

sends the password entered by the user to the correct server for
authentication. You can define the following password options:
! Local: The password is authenticated against the local user database.
! None: No password is required. This option is not recommended.
! TACACS+: The password is authenticated against the TACACS+
server.
! RADIUS: The password is authenticated against the RADIUS server.
Web User Interface
6-5
Logging In
You must log in to the ACCELERATOR in order to configure or view the
ACCELERATOR's status.
# To log in:
1 Type http:// and the IP address of the ACCELERATOR, and then
press <Enter>. The login window of the ACCELERATOR is displayed:
W eb User Interface
NOTE:
The IP address that you use to access the Web User Interface is the IP
address of the ACCELERATOR that has been configured using Telnet (For
further information, see Defining the IP Address and the Default Gateway, in
Chapter 2).
2 Enter your username and password, and click Login.
NOTE:
Both the username and the password are case sensitive.
6-6
Defining Access Privilege Levels

Your access privilege level must be defined the first time you log in. This
enables you to access Enable mode commands.
NOTE:
Privilege levels can be set, but not viewed via this screen. If you set the privilege
level here and later return to this screen, you will not see previous privilege level
configurations.
# To define access privilege levels:

1 Click enable, in the Tree pane,
-or-
click Privilege Level, on the upper right side of the window.
The enable pane is displayed:
2 Enter the required privilege level <1-15> in the Enable level field,
and click Execute.
NOTES:
When a user enters the Web user interface, the lowest privilege level is
automatically assigned, and must be changed as required. If the privilege level
is changed, the window view is refreshed and the new value is displayed.
Similarly, various submenus are enabled, based on the updated privilege level.
Level 15 is the equivalent of entering Enable mode in a Telnet session.
Web User Interface
6-7
Configuring Privilege Levels for a Command

You can configure the privilege level for a specific command.
# To configure the privilege level for a specific command:

1 Place the mouse cursor over the required command in the Tree pane,
and right-click. Two options are displayed in the Tree pane as follows:
! Configuring the privilege level for a command (the Telnet
equivalent is priv-level)
! No command.
W eb User Interface
6-8
2 Click priv, to assign a privilege level. In the Command pane, the

following fields are displayed:
NOTES:
Another method of setting a default value is to right-click a leaf in the
hierarchical tree. From the pop-up menu that is displayed, click no.
3 Enter the required privilege level(s), command(s), and user interface(s)

in their respective fields, and then click Update.
Web User Interface
6-9
Using the Web User Interface

Once you have logged in and your authorization level has been accepted,
you can view and configure the parameters of the ACCELERATOR from
the Web User Interface.
Showing a Configuration
# To show configured parameters:

Click adjacent to the required mode in the Tree pane. The parameters
W eb User Interface
and their values for the selected entries are displayed in the Command pane:
Configuring Parameters
# To configure parameters:
1 Navigate to the required mode in the Tree pane. The Command pane
displays the associated command and parameters for the mode selected
in the Tree pane.
6-10
2 Enter the required values in the fields, and then click Update.
NOTES:
A parameter may be accessed at the command leaf level or in the
corresponding mode branch.
Some parameters may be selected form a dropdown list, as displayed below:
Managing Default Values

Various parameters in ExpandOS have predefined default values. These
default values may not fall within the list or range of values for a parameter
(for instance, a default value may be one that is smaller than the normal
value).
# To set a default value:

1 Navigate to the required mode in the Tree pane. The Command pane
displays the associated command and parameters for the mode selected
in the Tree pane.
Web User Interface
6-11
2 Click default, next to the required parameter. The parameter is set to

the default value and the edit option appears as displayed:
W eb User Interface
NOTES:
This is the equivalent of invoking the no command in a Telnet session.
To enter a value for a parameter that has a default set, click edit, then enter
the required value and click Update.
3 Click Update.
NOTES:
Another method of setting a default value is to right-click a leaf in the
hierarchical tree. From the pop-up menu that is displayed, click no.
RMON
7-1
Chapter 7
RMON
About This Chapter
This chapter provides a brief overview of Remote Monitoring (RMON),

focusing on specifications and groups. It includes the following sections:
! Overview, page 7-2.
R MON
! RMON Groups, page 7-3.
! RMON Monitoring Groups, page 7-4.
! RMON2 Groups (RFC 2021 and 2074), page 7-4.
! Configuring RMON, page 7-7.
! RMON Traps as Defined in RFC 1757 (RMON I), page 7-11.
7-2
Overview
RMON is a standard monitoring specification that:
! Enables certain network monitors and console systems to share
network-monitoring data.
! Offers network administrators greater freedom to select
network-monitoring probes and consoles with features that meet their
particular networking needs.
The RMON specification defines a set of statistics and functions that can be
exchanged between RMON-compliant console managers and network
probes. As such, it:
! Provides network administrators with extensive network-fault
diagnosis, as well as with planning and performance-tuning
information.
The following figure illustrates an RMON probe. The probe can monitor
WAN links and convey statistical information back to an RMON-compliant
console:
RMON
7-3
RMON Groups
RMON delivers information in nine RMON groups of monitoring elements,
each providing specific sets of data to meet mutual requirements for
network-monitoring. Each group is optional. Vendors need not support all
groups within the Management Information Base (MIB). Some RMON
groups require the support of other RMON groups in order to function
properly. The following figure illustrates the structure of the RMON tree of
groups:
R MON
7-4
RMON Monitoring Groups

Statistics
Contains information measured by the probe for each monitored interface
(Ethernet or Token-Ring) on the device.
History
Periodically records statistical samples from a network and stores them for
later retrieval.
The elements: Sample period, number of samples, item(s) sampled.
Alarm
Periodically records statistical samples from variables in the probe and
compares them with previously configured thresholds. If the monitored
variable crosses a threshold, an event is generated.
The elements: Includes the alarm table and requires the implementation of
the event group. Alarm type, interval, starting threshold, stop threshold.
Hosts
Contains statistics on hosts discovered on the network.
The elements: Host address, packets, and bytes received and transmitted,
as well as broadcast, multicast, and error packets.
HostTop N
Generates tables that describe major hosts on a list ordered by one of their
statistics. The available statistics are samples of one of their base statistics
over an interval specified by the management station. Thus, these statistics
are rate-based.
The elements: Statistics, host(s), sample start and stop periods, rate base,
and duration.
RMON
7-5
Matrix
Stores statistics for use in conversations between two addresses. The device
creates a new entry in its table whenever it detects a new conversation.
The elements: Source and destination address pairs and packets, bytes,
errors for each pair.
Filter
Enables packets to be matched by a filter equation. These matched packets
form a data stream that might be captured or might generate events.
The elements: Bit-filter type (mask or not mask), filter expression (bit
level), conditional expression (and, or, not) to other filters.
Capture
Enables packets to be captured after flowing through a channel.
The elements: Size of buffer for captured packets, full status (alarm),
number of captured packets.
R MON
Event
Controls the generation and notification of events from this device.
The elements: Event type, description, last time the event was sent.
7-6
RMON2 Groups (RFC 2021 and 2074)

The RMON2 MIB specification defines new groups for monitoring
network and application layer activities. Each group controls a specific
RMON2 agent function:
Protocol Directory
List of protocols the probe has the capability of monitoring, providing the
means for an RMON2 application to learn which protocols a specific
RMON2 probe can see. Especially important when application and probe
are from different vendors.
Protocol Distribution
Traffic statistics for each protocol, providing distribution and trend
information on the use of protocols such as IP, IPX, DECnet, AppleTalk,
and so on.
Address Map
Maps network-layer addresses to MAC-layer addresses, making it easier for
the network manager to see and interpret the data.
Network-Layer Host
Traffic statistics to and from each discovered host, useful for improving the
configuration and placement of network resources for optimized
performance.
Network-Layer Matrix
Traffic statistics on conversations between pairs of discovered hosts.
Application-Layer Host
Traffic statistics to and from each host by protocol (up to and including the
application-layer protocols), providing insight into the use and growth of
applications such as Web, Telnet, Lotus Notes, and so on.
Application-Layer Matrix
Traffic statistics on conversations between pairs of hosts by protocol (up to
and including the application-layer protocols).
RMON
7-7
User History
Periodic samples of user-specified variables, extending the capabilities
beyond RMON1 History, which focuses exclusively on RMON1 Statistics
group variables.
Probe Configuration
Provides a standard way to remotely configure probe parameters, such as
trap destination and out-of-band management.
From the Probe Configuration group, ExpandOS supports only the

following:
! probeCapabilities
! probeSoftwareRev
! probeHardwareRev
! probeDate Time
R MON
! trapDest Table
Configuring RMON
When an ACCELERATOR is first activated, the default state for RMON is
disabled. This means no RMON functionality is supported.
RMON current configuration displays current status. In order to change

RMON parameters, make changes in RMON future settings, save the
changes and reboot.
In order to enable RMON functionality, the following procedure must be

executed.
! To display RMON functionality in the ACCELERATOR:

1 In Primary Configuration mode, type snmp, and then press <Enter> to
enter SNMP configuration mode.
2 Type show snmp, and then press <Enter>, to display the current
SNMP configuration, as follows:
snmp
7-8
community
None configured.
contact...............................(not configured)
host
None configured.
location..............................(not configured)
rmon
current
status............................disable
future
memory............................32
status............................disable
snmp..................................disable
traps.................................disable
! To enable RMON functionality in the ACCELERATOR:

1 In SNMP configuration mode, type rmon, and press <Enter> to enter
RMON configuration mode.
2 Type future and press <Enter>.
3 Type status enable and press <Enter>, the following message is
displayed:
NOTICE: RMON mib will be enabled after saving
configurations to flash disk and rebooting.
4 Save configuration to the disk by typing write.
5 Reboot the ACCELERATOR.
RMON Security
The filter-capture command enables you to block direct access to the filter
and capture RMON groups via RMON manager software and SNMP.
NOTE:
RMON statistics continue to be collected while filter-capture is disabled, but
they cannot be viewed.
! To update filter or capture profiles:

1 Once RMON has been enabled (and the unit has been rebooted) from
the snmp configuration mode, type rmon and press <Enter>.
RMON
7-9
2 In the rmon mode, type filter-capture enable and press

<Enter>.
NOTE:
To add a filter or capture profile in an RMON manager or SNMP browser while
maintaining full security, it is recommended that you disconnect the
ACCELERATOR from the network, configure filter-capture to enable, make the
desired changes, reset filter-capture to disable and reconnect to the network.
3 Type show, and press <Enter>, to display RMON’s updated settings.

rmon
current
memory................................64
status................................enable
filter-capture......................enable
pause.................................off
R MON
future
memory............................64
status............................enable
pause...............................off
Determining the Amount of Memory for

RMON
The memory command allows users to define the amount of memory they
wish to use for RMON’s statistics. Expand Networks recommends a
minimum of 32 MB, and preferably 64MB. The user can choose to increase
the amount of usable memory from a list.
! To determine the amount of memory for RMON:

1 In RMON configuration mode, type future and press <Enter>.
2 Type memory ?, and then press <Enter>. The following options are
displayed:
32 MB
64 MB
96 MB
128 MB
7-10
3 In the future mode, type memory followed by a space, followed by the

number of MB to set the memory to and press <Enter> (for example
(future)memory 64<Enter>.
4 Save the configuration to the ACCELERATOR by typing write, and
reboot.
NOTES:
RMON MIB memory allocation will be updated after saving configurations to
flash disk and rebooting.
If the amount of available memory for ExpandOS is less than 64MB after
RMON’s allocation, RMON will not be activated. In addition, the required
RMON memory allocation will be freed for ExpandOS.
Pausing RMON
The pause command will be displayed only if RMON is enabled.
Pause temporarily deactivates RMON, meaning:
! RMON traps will not be sent.
! RMON statistics will not be calculated and accumulated.
! Any SNMO request by an SNMO browser or RMON manager software
will not be able to acquire RMON information.
! To pause RMON:
In RMON configuration mode, type pause, and then press <Enter>.
To un-pause RMON, in RMON mode type pause off, and then press
<Enter>.
RMON
7-11
RMON Traps as Defined in RFC 1757

(RMON I)
If the traps option in RMON is enabled, these traps are sent after you
have configured an alarm and an event in the RMON I tables.
risingAlarm
The SNMP trap that is generated when an alarm entry crosses its rising
threshold and generates an event that is configured for sending SNMP
traps.
fallingAlarm
The SNMP trap that is generated when an alarm entry crosses its falling
threshold and generates an event that is configured for sending SNMP
traps.
R MON
Access Authentication
8-1
Chapter 8
Access
Authentication
About This Chapter
This chapter describes the various methods for ensuring security within
ExpandOS.

! Overview of ExpandOS Access Authentication, page 8-3.
A ccess Authentication
! The AAA Approval Process, page 8-3.
! How AAA Handles Authentication Transactions, page 8-4.
! Daemon, page 8-4.
! RADIUS and TACACS+ Compared, page 8-5.
! AAA Authorization Methods and Types, page 8-5.
! Configuring AAA, page 8-6.
! Building a Local User Database, page 8-8.
! Creating a Custom List and Defining its Access Methods,
page 8-8.
! Modifying an Existing List, page 8-10.
! Viewing an Access List and Attaching an Access List to a
User Interface, page 8-11.
! RADIUS, page 8-12.
! Client/Server Model, page 8-13.
! Protocol Operation, page 8-13.
! Authentication and Authorization Features, page 8-14.
8-2
! Enabling RADIUS Authentication, page 8-14.

! Displaying the Current RADIUS Server Settings, page 8-14.
! Configuring RADIUS Server Access Settings, page 8-14.
! Defining a RADIUS Server, page 8-15.
! Defining a UDP Port, page 8-15.
! Defining the Number of Retry Attempts, page 8-16.
! Defining the Timeout Period, page 8-16.
! Defining the Encryption Key, page 8-17.
! Defining the RADIUS Server Service Request Code, page 8-17.
! TACACS+, page 8-18.
! Configuring TACACS+ Server Access Settings, page 8-19.
! Showing the TACACS+ Server Settings, page 8-22.
! Assigning Privilege Levels, page 8-24.
! Privilege Level Definitions, page 8-24.
! Configuring Priv-level Commands, page 8-25.
! Configuring Priv-level Commands in Primary Configuration
Mode, page 8-26.
8-3
Overview of ExpandOS Access

Authentication
With Access Authentication, you can manage access to the
ACCELERATOR by means of Authentication Authorization, and
Accounting (AAA). The following is a brief overview of the AAA model's
three functional areas:
! Authentication: Validates users' identity in advance of granting
login.
! Authorization: Enables users to access networks and commands.
! Accounting: Tracks usage patterns of individual users, service, host,
time of day, day of week, and so on.
NOTE:
ExpandOS does not presently include Accounting functionality, but uses the term
AAA for purposes of convenience and familiarity.
AAA is the security infrastructure of Operating System (OS) devices. Its
commands are located in OS Privileged Exec mode. Each client device is
configured for security using the AAA commands from Primary
Configuration mode. The ACCELERATOR can be configured to make use
of a security server via either the TACACS+ or RADIUS security
protocols, or both.
TACACS+ and RADIUS are client-server network protocols that are used
to achieve client-server security over the network (this makes them the
equivalent of what SNMP is to network management). The following
diagram depicts the various components:
8-4
The AAA Approval Process

AAA operates by amassing attributes that specify a user's permission level.
In AAA, an attribute is an entity (or object) to which a user may have
access. For example, an authentication attribute might be the limit on
coexisting connections the person has open at a given time.
When a user tries to connect to a secured service, the ACCELERATOR

sends a query to the server database and looks for a match. This checks to
see whether the user has clearance in accordance with the security policy.
The ACCELERATOR knows what to query for based on its config file
parameter settings. The query has the mandatory attributes for the requested
service, as defined in the ACCELERATOR 's config file. To process the
query, the server searches for the same attributes in the user's profile in the
user database. The search is for so-called attribute-values. An attribute,
called an attribute-value pair (or AVB pair) in TACACS+ terminology, is a
fancy term for a network entity that is secured.
How AAA Handles Authentication

Transactions
Once the connection is made, the ACCELERATOR calls on the security
server for a prompt and displays it to the user. The user enters the
information (usually a username and password), and RADIUS or
TACACS+ encrypts the packet and forwards it to the server. The server
decodes the information, checks the user's profile, forms and encrypts the
answer, and returns it to the ACCELERATOR.
The rules of AAA approval are fairly simple. If:

! Accept is returned, the requested connection is made
! Reject is returned, the user's request-for-connection session is
terminated.
8-5
If Error is returned and the ACCELERATOR is configured for multiple

security servers, the query is forwarded to a different server. If that server
also fails to respond, another server is queried, and so forth until there are
no more servers available. At that point, if the ACCELERATOR has been
configured with a second method, it will try the process again. If the
ACCELERATOR exhausts authentication methods, it terminates the user's
request-for-connection session.
Daemon
Daemons are processes that perform predefined tasks on a server, usually as
a response to an event. In Windows, daemons are called "system agents". A
TACACS+ daemon sits on the security server and fields authentication or
authorization queries from client ACCELERATORs. It does this by
searching the user database for required AV pairs, and returning the results
to the client in TACACS+ packets.
If the user is authenticated, the daemon is contacted to check for
authorization attributes on a case-by-case basis.
RADIUS and TACACS+ Compared

While the functionalities of RADIUS and TACACS+ are essentially the
same, there are many differences between them.
RADIUS is a standard and uses the UDP transport layer. TACACS+, which
is a Cisco-enhanced protocol, uses the TCP transport layer. TACACS+ is a
third revision of the TACACS protocol.
RADIUS works well in IP-only environments, while TACACS+ is useful

in multiprotocol environments. RADIUS currently supports more protocol
attributes and allows client and server to pass more information than
TACACS+. RADIUS only encrypts the password sent between the client
and server, while TACACS+ encrypts all communication.
8-6
AAA Authorization Methods and Types

AAA has six methods for authorizing (although one is the none method,
which is a request not to authorize any procedure.
Both RADIUS and TACACS+ can be present on the same

ACCELERATOR. Depending on the kind of connection being attempted
and how the device is configured, the client will query either the RADIUS
or the TACACS+ servers.
If the user has already been authenticated elsewhere, the

if-authenticated command will waive authorization. This is
significant, since a user may make dozens of connections to entities secured
by AAA authorization (such as OS command modes) during a single
session, and it would be cumbersome for the client device to query the
TACACS+ or RADIUS server each time.
The AAA authorization commands enable you to specify whether

authorization is accomplished through Exec commands or at the start of
Exec or network sessions (such as PPP sessions). It also enables you to
specify the protocol to use to perform these tasks.
Configuring AAA
Configuring AAA for the ACCELERATOR involves validating the user's
identity as authentic when logging in, including how to achieve validation.
Once the user's identity has been established and validated, the
configuration process involves the process of granting the user privileges to
specific access networks and commands.
# To enter AAA configuration mode:

Configuration mode.
2 Type aaa, followed by a space and then the required setting:
! alias, to create a command alias for this mode,
8-7
-or-
! authentication, to display authentication data,
-or-
! authorization exec, to display authorization data,
-or-
! exit, to exit to the previous mode,
-or-
! priv-level, to define the privilege level for configuring AAA.
-or-
! show, to display the AAA system information.
3 Press <Enter>.
# To view the existing AAA configuration:
In AAA configuration mode, type show, and then press <Enter>. The
existing AAA configuration is displayed, as follows:
aaa
authentication
enable
WebUI list.. .line
console list. none
telnet list.... enable
login
WebUI list......…………….. none
console list...............none
telnet list...............…line
authorization exec
WebUI list............... none
console list.............. none
telnet list............... none
8-8
Building a Local User Database

A database of local users can be built by defining users and their
passwords, as described in the following procedures. This is done in AAA
configuration mode.
# To define a user and password:
In AAA configuration mode, type username, then a space followed by

the name of the user then another space, then password, then a space
followed by a string representing the password. An example of this is as
follows: username john password lxtw7.
NOTE:
To define user access authentication without a password, type username, then a
space followed by the user's name, then another space, and then nopassword.
# To delete a user from a database:

1 In AAA configuration mode, type no username, then a space
followed by the name of the user to be deleted.
2 Type <Control-Z> to apply the configuration.
# To display the local user database:
In AAA configuration mode, type show local users, and then press
<Enter>.
Creating a Custom List and Defining its

Access Methods
You can create a custom list and define its access methods For the purpose
of these procedures, a list called sample is created.
# To create a custom list and define its access methods:

1 From AAA mode, type authorization exec, followed by a space
then sample, followed by another space and then:
! enable, to enable the password,
8-9
-or-
! line, to use the line password,
-or-
! local, to use the local method,
-or-
! none, for free access,
-or-
! radius, to use the RADIUS access method,
-or-
! tacacs, to use the TACACS+ access method.
2 Press <Enter>.
3 Type show, and then press <Enter> to view the updated AAA
configuration, as follows:
aaa
authentication
enable
WebUI list line
console list none
telnet list enable
login
WebUI list. none
console list none
telnet list line
authorization exec
WebUI list none
console list none
sample local
telnet list none
NOTE:
You can select more than one of the above methods. Follow step 1, add another
space after the method selected, and then type other required methods from the list
with a space between them. ExpandOS will use the methods in the order in which
they were selected in order to define the available access methods.
8-10
Modifying an Existing List

You can modify an existing list, by assigning it a new list of available
access methods. For the purpose of these procedures, the list for
authentication login for the Telnet user interface is modified.
# To modify an existing list:

1 From AAA mode, type authentication login, followed by a
space then telnet list, followed by a space and then:
! enable, to use enable password authentication,
-or-
! line, to use line authentication,
-or-
! local, to use local authentication,
-or-
! tacacs, to use TACACS+ authentication,
-or-
! radius, to use RADIUS authentication.
-or-
! none, for no authentication.
2 Press <Enter>.
NOTE:
You can similarly modify an existing list in authentication exec or
authorization exec, as well as for the Web UI or console user interface.
8-11
Viewing an Access List and Attaching an

Access List to a User Interface
The custom list that has been created is available for configuring the
authorization or authentication methods in existing user interfaces, that is
console, Telnet, and Web UI. For the purpose of this procedure, the Telnet
user interface is configured.
# To view the access lists of a user interface:
In Primary Configuration mode, type line telnet, followed by a space

then show, and then press <Enter>. The access lists of Telnet are
displayed, as follows:
telnet
authenticate
enable list............ telnet
login list............ telnet
authorize list..... telnet
password....................Expand
privilege...................1
NOTE:
In the example above, all of the security options are configured to work with the
access list called telnet. Note that there is a password and a privilege level defined
for this Line Telnet mode.
8-12
# To attach an access list to a user interface:

1 In Primary Configuration mode, type line telnet, followed by a
space then authorize, followed by a space then list, followed by
a space then sample, and then press <Enter>. The access lists of
Telnet are attached to sample.
2 Type line telnet, followed by a space then show, and then press
<Enter> to view the updated configuration, as follows:
telnet
authenticate
enable list..................………telnet
login list....................………telnet
authorize list....................…… sample
password..........................……Expand
privilege...........................……1
NOTES:
When a user then tries to access the machine using Telnet, the authorization phase
will be executed via the sample list defined in the AAA mode.
If we use a list that specifies the use of the line access method, the method will
ask for a password that is defined in the mode line of the user interface we
connected the list to. An example is if the above list, sample, was defined via line
access, then the method used in authorization (since sample is an authorization
access method list, as defined in AAA mode), as well as the given privilege level (if
passed), would be to check the password configured in Line Telnet mode.
Assigning Privilege Levels

For information on setting the privilege level, see Assigning Privilege
Levels, on page 8-24.
RADIUS
The RADIUS protocol is an accounting/access server authentication
protocol. Implemented by several network access server vendors, this
protocol has gained the support of a wide customer base, including Internet
service providers (ISPs).
8-13
Client/Server Model
The RADIUS protocol is based on a client/server model. This means that
the client passes user information to a designated RADIUS server, and then
acts on the response that is returned.
A RADIUS server (or daemon) can provide accounting and authentication

services to one or more client network access server (NAS) devices. The
daemon is responsible for receiving the user connection request,
authenticating the user, and then returning all the configuration information
necessary for the client to deliver service to the user. A RADIUS access
server is usually a dedicated workstation connected to the network.
Protocol Operation
For technical reasons, communication between an NAS and a daemon
is based on the User Datagram Protocol (UDP). The RADIUS protocol is
generally considered to be a connectionless service. The RADIUS-enabled
devices, and not the transmission protocol, handle issues related to
retransmission, timeouts, and server availability.
A user login typically consists of an Access-Request query from the NAS

to the daemon and a corresponding Access-Accept or Access-Reject
response. The Access-Request query packet contains the username,
encrypted password, NAS IP address, and port. The format of the request
also provides information on the type of session that the user wants to
initiate. For example, if the query is presented in Point-to-Point Protocol
(PPP) packet mode, the inference is "Service-Type = Framed-User" and
"Framed-Type = PPP"; if the request is presented in character mode, the
inference is "Service-Type = Exec-User".
When the daemon receives the Access-Request query packet from the
NAS, it searches the database for the listed username. If the username does
not exist in the database, the daemon either loads a default profile or
immediately sends an Access-Reject message. This Access-Reject message
can be accompanied by an optional text message, which could indicate the
reason for the rejection of the query.
8-14
If the username is found in the database and the password is correct, the
daemon returns an Access-Accept response. This includes a list of
attribute-value pairs that describe the parameters to be used for this session,
such as service type (shell or framed), protocol type, the IP address to
assign to the user (either static or dynamic), access list to apply, or a static
route to install in the NAS routing table. The configuration information in
the RADIUS server defines what is installed on the NAS.
Authentication and Authorization Features

Authentication can be one of the most troublesome aspects of remote
security due to the difficulty associated with positively identifying a user.
The RADIUS protocol supports several authentication methods, including
Password Authentication Protocol (PAP), Challenge Handshake
Authentication Protocol (CHAP), and token cards, to ensure the identity of
a remote user. At present, all implementations of the RADIUS protocol
require that the token card vendor's server be run in addition to the
RADIUS server.
Enabling RADIUS Authentication

A command line must be entered for every type of login that requires
authentication. The RADIUS access control server must be configured with
the appropriate permit or deny criteria. Customization of privilege levels on
each NAS may also be required.
Displaying the Current RADIUS Server

Settings
The currently defined RADIUS server settings in the ACCELERATOR can
be viewed and any required modifications can be executed.
# To display the current RADIUS server settings:

2 Type radius, to enter RADIUS Server configuration mode.
8-15
3 In RADIUS Server configuration mode, type show, to display the

current settings,
-or-
Type show radius at the Enable prompt.
Configuring RADIUS Server Access Settings

One or more RADIUS servers may be accessed by the ACCELERATOR.
You can configure the way in which the RADIUS server is accessed.
# To enter RADIUS server configuration mode:

2 Type radius, to enter RADIUS Server configuration mode.
Defining a RADIUS Server

In order for a RADIUS server to be accessed, its IP address must be
specified. More than one RADIUS server may be defined.
# To define a RADIUS server:

1 In RADIUS Server configuration mode, type server, then a space
followed by the IP address of the RADIUS server.
NOTE:
To disable access to a RADIUS server, type no server, then a space followed by
the IP address of the relevant RADIUS server.
Defining a UDP Port

A default UDP port is specified for RADIUS servers. In most cases you
will not need to change the port; however, it can be changed if necessary.
8-16
# To define a UDP port:

1 In RADIUS Server configuration mode, type server, then a space
followed by the IP address of the RADIUS server for which the UDP
port is to be defined, then another space. Type port, then a space
followed by the UDP port number. For example,
server 192.168.0.100 port 500.
Defining the Number of Retry Attempts

You can define the number of times the ACCELERATOR should attempt
to contact the RADIUS server before either attempting to contact the next
RADIUS server on the list, when multiple RADIUS servers have been
defined, or returning an error message.
# To set the number of retries:

1 In RADIUS Server configuration mode, type retransmit, then a
space followed by a digit (between 1-20) representing the number of
times the ACCELERATOR will attempt to contact the RADIUS server.
Defining the Timeout Period

You can define the maximum length of time (in seconds) that the
ACCELERATOR will wait for a reply from the RADIUS server after
having sent an authentication request.
# To define the timeout period:

1 In RADIUS Server configuration mode, type timeout, then a space
followed by a digit representing the number of seconds the
ACCELERATOR will wait for a reply from the RADIUS server.
8-17
Defining the Encryption Key

Since data packets transmitted between the ACCELERATOR and the
RADIUS server are encrypted, an encryption (shared secret) key must be
defined.
# To define the encryption key:

1 In RADIUS Server configuration mode, type key, then a space
followed by a string representing the encryption key.
Defining the RADIUS Server Service Request

Code
Codes are used to define which service is required through the RADIUS
server. When the ACCELERATOR contacts the RADIUS server, it sends a
code that informs the RADIUS server of the specific service it requires.
The ACCELERATOR has a default code set that can be reconfigured, if
required, in order to match the code of the RADIUS server being accessed.
# To define the RADIUS server service code:

1 In RADIUS Server configuration mode, type enable service,
then a space followed by a number representing the code for the
required Enable mode service,
-or-
Substitute login service for enable service to define a
View mode service.
NOTE:
The ACCELERATOR should be configured to match the Enable and View mode
service codes of the RADIUS server.
8-18
SAVE:
$ In order to save configurations to flash memory so that they will be available after
the ACCELERATOR are rebooted, type write at the Enable (#) prompt.
TACACS+
TACACS+ is a security application that provides centralized validation of
users attempting to gain access to a network access server. TACACS+
services are maintained in a database on a TACACS+ daemon that runs on
a UNIX or Windows NT workstation. TACACS+ features are available to
ACCELERATOR users who have configured a TACACS+ server and have
access to it.
TACACS+ provides for separate and modular authentication and

authorization facilities. In addition, it allows for a single access control
server (the TACACS+ daemon) to provide each service, authentication and
authorization, independently. Each service can be linked to its own
database, enabling it to leverage other services available on that server or
on the network, depending on the capabilities of the daemon.
TACACS+ provides management of multiple network access points from a

single management service. The entities connected to the network through a
network access server are called network access clients, for example,
Expand's ACCELERATORs. TACACS+, administered through the AAA
security services, provides the following services:
! Authentication: Complete control of authentication through login
and password dialog, challenge and response, and messaging support.
! Authorization: Fine-grained control over user capabilities for the
duration of the user's session, including but not limited to setting access
control.
The TACACS+ protocol provides authentication between the network

access clients and the TACACS+ daemon. All protocol exchanges between
a network access server and a TACACS+ daemon are encrypted, ensuring
confidentiality.
8-19
Configuring TACACS+ Server Access

Settings
The defining parameters of access options for one or more TACACS+
servers are configured. The following describes the configuration process.
# To enter the TACACS+ Server configuration mode:

1 In Enable mode, type configure, and then press <Enter>.
2 Type tacacs+, and then press <Enter> to enter the TACACS+
Server configuration mode.
Defining a TACACS+ Server

In order to configure accessing TACACS+ servers, their IP addresses must
be defined. It is possible to define one or more TACAC+ servers.
# To define a TACACS+ server:
In TACACS+ Server configuration mode, type server, then a space
followed by the IP address of the TACACS+ server, and then press
<Enter>.
NOTE:
To disable access to a specific TACACS+ server, type no server, then a space,
followed by the IP address of the specific TACACS+ server.
Defining the User Name and Password

Authentication Method
User authentication for the ACCELERATOR can be defined. You can
choose one of the following options:
! auto_send yes: The ACCELERATOR automatically sends the
user name and password to the TACACS+ server for authentication.
! auto_send no: The ACCELERATOR sends a message to the
TACACS+ server indicating that a user wants to log in, and the
TACACS+ server instructs the ACCELERATOR to request
authentication information from the user. This is the recommended
option.
8-20
# To define the user name and password authentication

method:
1 In TACACS+ Server configuration mode, type auto_send, and then
press <Enter> to disable automatic sending of the user name and
password to the TACACS+ server.
2 Press <Control-Z> to apply the configuration.
NOTE:
Type auto_send at the (tacacs+) prompt to enable auto_send.
Defining the Global Encryption Key

A global encryption key can be defined to enable the ACCELERATOR to
log in to the TACACS+ server, and to secure communication between the
ACCELERATOR and the TACACS+ server. This is the default encryption
key that is used in cases where no specific secret key is defined for the
TACACS+ server. The Key used by the ACCELERATOR must match the
one used by the TACACS+ server.
# To define the global encryption key:

1 In TACACS+ Server configuration mode, type key, then a space
followed by a string representing the global encryption key, and then
press <Enter>.
NOTE:
The default encryption key is also referred to as the shared secrets key.
8-21
Defining a Secret Key

A secret key must be defined to enable the ACCELERATOR to log in to
the TACACS+ server. The secret key is used for encrypting communication
to the TACACS+ server. If no secret key is defined, the global encryption
key is used, as described above.
# To define a secret key:

1 In TACACS+ Server configuration mode, type server, then a space
followed by the IP address of the TACACS+ server, and then another
space, and then press <Enter>.
2 Type key, then a space followed by an alphanumeric string
representing the key code, for example,
server 192.168.0.100 key Z23iLt, and then press <Enter>.
NOTE:
The default global secret key can be disabled by typing no key at the tacacs+
prompt. This option is only available for TACACS+ servers that do not have specific
keys defined.
Defining Privilege Level Codes for View and

Enable Modes
User privilege level codes for access to View and Enable modes must be
defined so that the TACACS+ server can perform user authentication. This
involves specifying the code for the minimum privilege level required by
the user to access each mode. You can use predefined codes to map the
required service type, or type a number to specify the code.
# To define privilege levels:

1 In TACACS+ Server configuration mode, type priv-level, then a
space followed by a digit (between 1 and 15) that represents the
minimum Enable privilege level, and then press <Enter>.
8-22
NOTE:
Codes should not be changed without the prior authorization of a professional
TACACS+ Server Manager.
Defining TACACS+ Service Types for View and

Enable Modes
The ACCELERATOR View and Enable modes must be mapped into
TACACS+ server types.
You can use predefined codes to map the service type required, or type in a
number to specify the code. It is recommended that the Enable service type
be defined for users with Enable access, and the Login service type be
defined for users with View access.
# To set a timeout:
1 In TACACS+ Server configuration mode, type timeout then a space
and a number (between 1-500000) representing the time (in seconds) to
wait for a TACACS+ server to reply.
2 Press <Enter>.
# To set the number of attempts:

1 In TACACS+ Server configuration mode, type attempts, then a
space and a number (between 1-20) representing the number of allows
authentication request retries.
2 Press <Enter>.
Showing the TACACS+ Server Settings

The currently defined TACACS+ server settings can be viewed, enabling
the user to determine if modifications are required.
# To display the current TACACS+ server settings:

1 In TACACS+ Server configuration mode, type show to display the
current settings.
8-23
2 Press <Enter>. The TACACS+ server settings are displayed in the

following format:
tacacs
Key...........Z23iLt
Timeout.......3000
attempts.......3
auto_send.....no
server | attempts | key | port| timeout
172.16.32.7 | 3 | cisco | 49 | 3000
8-24
Assigning Privilege Levels

The priv-level command is a command that appears on all command
modes of the system configuration, excluding the Exec mode. The reason is
because Exec mode does not enable the user to change or configure
anything in the system.
The purpose of priv-level is to assign a privilege level to a command

in the same mode in which it resides, so that only users with that privilege
or higher can see and execute that command.
Privilege Level Definitions

The following is a list of definitions in priv-level commands:
! Priv-level: A number between 1 (lowest)-15 (highest). This is the
privilege level that is given to the command, and is mandatory.
! User-interface: The name of the user interface for which the
command has a new privilege level, for example, Console, Telnet, and
WebUI. This user interface is the default in cases where no user
interface is given.
! Access-right: The right given to the command for that privilege
level: read, write or read-write. The default is read-write.
! Mode-command: The command given to the privilege level and
access right for a user interface. The ? utility can be used to query
which commands are available to be assigned the privilege level, and a
full syntax command can be written, as long as it represents a command
within that specific command mode.
8-25
Configuring Priv-level Commands

The syntax of the priv-level command is the same in all command
modes in which it appears, except for in Primary Configuration mode,
where it is slightly different. Another difference is that in Primary
Configuration mode, you can only configure a privilege level for a
command in Exec mode, as well as for a command in Primary
Configuration mode (because, as mentioned above, the priv-level command
is not available in Exec mode).
# To configure priv-level commands:
In the required mode (excluding Primary Configuration mode), type

priv-level, followed by a space and a number between 1-15, followed
by a space then for, followed by a space then the required user interface,
followed by a space then the required access right, followed by a space then
command, followed by a space then the required command given to the
privilege level, and then press <Enter>.
The common syntax is:
priv-level [number] for [user-interface] [access-
right] command [mode-command]
An example in Primary Configuration mode is as follows:

Expand(config)#priv-level 4 for telnet read-write
command interface serial 0/0
This command will assign privilege level 4 and access read/write to the
command, interface serial 0/0 (which is used to access the serial
interface 0/0 from Primary Configuration mode). This command assigns
read/write access only for users who access the ExpandOS via Telnet and
have privilege level 4 and above.
8-26
Configuring Priv-level Commands in Primary

Configuration Mode
The syntax for priv-level in Primary Configuration mode is the same
as the common syntax, but can assign a privilege level to a command in
Exec mode as well.
# To configure priv-level commands in Primary

Configuration mode:
In Primary Configuration mode, type priv-level exec, followed by a

space and a number between 1-15, followed by a space then for, followed
by a space then the required user interface, followed by a space then the
required access right, followed by a space then command, followed by a
space then the required command given to the privilege level, and then
press <Enter>.
priv-level exec [number] for [user-interface]

[access-right] command [mode-command]
When exec is typed before the privilege level number, the commands that
are assigned a privilege level are those in Exec mode.
8-27
An example is as follows:
Expand(config)#priv-level exec 2 command ?
clear Clear data
configure Enter configuration mode
copy Copy from one file to another
cpu-counter Show the gateway counter for
the last second
cpu-utilization Show CPU utilization
debug Debug data
delete Delete a file
dir List files on a filesystem
disable Turn off privileged
commands
enable Turn on privileged commands
erase Erase flash
memory Show memory data
ping Send echo messages
reboot Reboot the system
rename Rename from one file to another
reset-factory-default Reset the Factory Default
Configuration-
erase it.
restore-factory-default Restore the Factory
Default Configuration-
to be the StartupConfig.
serial-bypass Bypass at layer 1
set-factory-default Set the Factory Default
Configuration to be identical
to Startup Config.
write Write configuration
8-28
As opposed to when not using the exec prefix:
Expand(config)#priv-level 2 command ?
aaa Authentication, Authorization
and Accounting
alias Create command alias for this mode
banner Banner
boot Modify system boot parameters
clock System clock
custom-policy Custom policy number
debug Debug data
enable Modify enable password parameters
hostname This system's network name
interface interface data
led-manager Led Manager
line Line data
local Configure local options
logging Logging data
modem Modem settings
net-tftp Net-TFTP parameters
power-check Redundant power check
priority-policy Priority policy number
radius Configure RADIUS options
route-rules Handle routing definitions
service Technicians' tools
snmp SNMP data
sntp SNTP
tacacs Configure TACACS+ options
terminal Terminal settings
watch-dog System WatchDog
Configuring Supplementary Services
9-1
Chapter 9
Configuring
Supplementary
Services
About This Chapter
This chapter describes how to configure the various supplementary services

that are compatible with for the ACCELERATOR.
! Banner, page 9-2.
!
C onfiguring Supplementary Services

Mail, page 9-3.
! LED Manager, page 9-5.
! SNTP, page 9-6.
! Simple Network Time Protocol (SNTP), page 9-7.
! Configuring SNTP, page 9-8.
! Showing SNTP Configuration, page 9-10.
! WatchDog, page 9-11.
! Simplex, page 9-12.
! Signal Routing, page 9-20.
! Flow Control, page 9-22.
9-2
Banner
Banner commands provide the option to edit the Welcome banner. An
example of a typical ACCELERATOR 4000 series banner is as follows:
*********************************************
* *
* FEB-11-2001 10:02:54 *
* *
* Expand 4000 series *
* *
* Running ExpandOS 3.2(2) *
* *
* For details, http://www.expand.com *
* *
*******************************************
# To configure a banner:
1 In Primary Configuration mode, type banner, followed by a space
and then the required setting:
-or-
! default, to restore the default welcome banner,
-or-
! edit, to edit the welcome banner,
-or-
-or-
! priv-level, to define the privilege level for configuring a
banner.
2 Press <Enter>.
NOTES:
The default banner is saved in the banner.txt file
Date, time, and ExpandOS versions are taken automatically from the system's
parameters.
9-3
Mail
Mail provides the option for log messages to be sent to up to three e-mail
addresses and a syslog server, informing the administrator exactly which
ACCELERATOR transmitted the log.
# To view the mail options:
In Logging configuration mode, type mail ?, and press <Enter> to view

the Mail options:
active E-mail active state
domain Domain name parameter
from From address parameter
recipient Recipients' data
server Destination servers' information
severity Severity limits
# To configure mail active:

1 In Logging configuration mode, type mail active, followed by a
space and then the required value:
! no for a false value,
-or-
! yes for a true value.
2 Press <Enter>.
# To configure the mail domain:

1 In Logging configuration mode, type mail domain, followed by a
space and then the required domain name parameter (WORD).
2 Press <Enter>.
9-4
# To configure mail from:

1 In Logging configuration mode, type mail from, followed by a
space and then the required from address parameter (WORD).
2 Press <Enter>.
# To configure mail recipients:

1 In Logging configuration mode, type mail recipient, followed by
a space and then the required mail recipient number <1-3>, followed
by a space and then the required value:
! active, for the recipient active state,
-or-
! email, for the e-mail address of recipient.
2 Press <Enter>.
# To configure the mail server:

1 In Logging configuration mode, type mail server, followed by a
space and then the required value:
! ip, to configure the mail server IP,
-or-
! port, to configure the mail port.
2 Press <Enter>.
# To configure the mail severity:

1 In Logging configuration mode, type mail severity, followed by
a space and:
! maximum, to set the severity to send mail to maximum,
-or-
! minimum, to set the severity of messages to be sent to minimum.
2 Press <Enter>.
9-5
LED Manager
LED Manager enables you to test the front panel LEDs.
# To view the LED manager options:
In Primary Configuration mode, type led-manager ?, and press <Enter>

to view the LED Manager options:
alias Creates a command alias for LED

Manager.
exit Exits to the previous mode.
priv-level Defines the privilege level for LED

Manager.
show Displays running system information.
testing [on] Sets testing mode to on or off.

or [off]
# To enable the LED manager testing:

In Primary Configuration mode, type testing on, and press <Enter>.
This will initiate the front panel LEDs test, as follows:
! In the ACCELERATOR 4000 series, all LEDs will be switched on, one
at a time.
! In the ACCELERATOR 2700 series, only the lower row LEDs will be
switched on, one at a time.
NOTE:
In order to stop the LED test, type testing off and press <Enter>.
9-6
SNTP
Network Time Protocol (NTP) is designed to synchronize a network of
machines. It runs over UDP, which in turn runs over IP. A detailed
explanation of the NTP can be found in RFC 1305.
An NTP network gets its time from an authoritative time source, either a
radio clock or an atomic clock attached to a time server, and then
distributes this time across the network. NTP is an extremely efficient
protocol, with no more than one packet per minute needed to synchronize
two machines to within a millisecond of one another.
NTP uses the concept of a "stratum" to describe how many hops away a
machine is from an authoritative time source. A "stratum 1" time server is
directly attached to a radio or atomic clock, a "stratum 2" time server
receives its time from a "stratum 1" time server, and so on. A machine
running NTP will automatically choose the machine with the lowest
stratum number that it is configured to communicate with via NTP as its
time source. This effectively builds a self-organizing tree of NTP speakers.
NTP is careful to avoid synchronizing with a machine whose time may not
be accurate. It does not synchronize with a machine that is not itself
synchronized. NTP compares the time reported by several machines, and
does not synchronize with a machine whose time is significantly different
from the others, even if its stratum is lower.
The communications between machines running NTP (also called

associations) are usually configured statically. This means that each
machine has the IP address of all machines with which it should form
associations. Accurate timekeeping is made possible by each pair of
machines within an association exchanging NTP messages. In a local area
network (LAN) environment, however, NTP can be configured to use IP
broadcast messages instead. This reduces configuration complexity, as each
machine can be configured to send or receive broadcast messages.
Nevertheless, the accuracy of timekeeping is marginally reduced since there
is only a one-way flow of information.
9-7
As the time kept on a machine is a crucial resource, it is strongly

recommended that you use NTP's security features to prevent the accidental
or malicious setting of an incorrect time. There are two ways to do this,
either through an access list-based restriction scheme or an encrypted
authentication mechanism.
Simple Network Time Protocol

The Simple Network Time Protocol (SNTP) supported by ExpandOS is a
simplified, client-only version of NTP. This means it can only receive the
time from NTP servers, and cannot provide time services to other systems.
SNTP can provide time within 100 milliseconds of the accurate time, but
does not provide the complex filtering and statistical mechanisms that NTP
does. An SNTP client is much more vulnerable to problematic servers than
an NTP client is, and should only be used in situations where strong
authentication is not required.
SNTP can either request and accept packets from configured servers only
or can accept NTP broadcast packets from any source. When multiple
sources send NTP packets, the server with the best stratum is selected. If

multiple servers have the same stratum level, a configured server is
preferred over a broadcast server. If a number of servers pass both these
tests, the first one to send a time packet is selected. SNTP will choose a
new server only if it stops receiving packets from the currently selected
server, or if a better server (according to the above criteria) is found.
SNTP does not authenticate traffic, although extended access lists can be
configured to provide some protection against unauthorized traffic.
9-8
Configuring SNTP
In order to enable SNTP management of ACCELERATORs, the following
setting has to be defined:
# To enter the SNTP configuration mode:

1 In Enable mode, type configure, and then press <Enter>.
2 Type sntp, and then press <Enter> to enter the SNTP configuration
mode.
Defining the Servers' IP Addresses

There are two ways to define the IP addresses for SNTP, as described in the
following procedures.
# To define an SNTP server’s IP address:

1 In SNTP mode, type server, then a space followed by an IP address,
# To define an SNTP broadcast server's IP address:

1 In SNTP mode, type broadcast, then a space followed by an IP
address, and then press <Enter>.
NOTE:
Refer to the SNTP section on page 9-7, for a detailed explanation about the two
types of servers. Only one source (server or broadcast) can be used. The last entry
(server or broadcast) sets the SNTP source.
9-9
Configuring the SNTP Synchronization

The SNTP synchronization to a server can be enabled or disabled.
# To enable or disable synchronization:

1 In SNTP mode, type sntp, followed by a space and the required
setting:
! on, for synchronization,
-or-
! off, to disable synchronization.
2 Press <Enter>.
# To define the SNTP polling intervals:

1 In SNTP mode, type interval, then a space followed by an integer.
This is the interval (in minutes).
2 Press <Enter>.
# To set privilege levels:

In SNTP mode, type priv-level, followed by an integer
from 1-15, then a space, then command sntp, and then press
<Enter>. This will set the privilege level (1 is the lowest and 15
is the highest) for the SNTP commands.
9-10
Showing SNTP Configuration

There are two ways to view parameters currently configured for SNTP.
# To view the current SNTP configuration:

1 In Enable mode, type show sntp,
-or-
In SNTP mode, type show.
2 Press <Enter>.
SNTP configuration examples:
sntp
Interval 100
Sntp on
Source server
Ip 110.50.50.6
-or-
In the case of setting a broadcast server:
sntp
Interval 100
Sntp on
Source broadcast
Ip 192.116.68.50
9-11
WatchDog
The WatchDog application within the ExpandOS system serves as an
external monitor for the operation of both the hardware and software within
the ACCELERATOR. It is this component of the operating system that
seeks out faults, failures, and abnormal operating conditions, and provides
detection and recovery services to counter them.
By default, the WatchDog operation is enabled. This causes the

ACCELERATOR to reboot upon sensing an unrecoverable ExpandOS
failure. This operation is logged by the ExpandOS logging functionality.
# To configure WatchDog:
1 In Primary Configuration mode, type watch-dog, and then press
<Enter> to enter WatchDog configuration mode.
2 Type watch-dog, followed by a space and then the required setting:
-or-
-or-

! priv-level, to assign the privilege level to
a command,
-or-
! watchdog show, to show running system information,
-or-
! watchdog, followed by a space and then enable or disable,
to enable or disable WatchDog.
3 Press <Enter>.
An example of show watchdog is as follows:
watch-dog
watchdog enable
9-12
Simplex
Simplex services enable transmission of data traffic in only one direction.
Whereas standard duplex Frame Relay circuits require the same CIR in
both directions, simplex mode enables a different CIR (in cases of Frame
Relay).
Simplex mode is especially useful for applications such as:
! Broadcasting services
! Two simplex circuits (in opposite directions) operating opposite each
other, each with a different CIR
! Data communications configurations in which a high volume of
data flows in one direction (e.g. large file transfers) while only a
minimal volume flows in the other direction (the protocol's
acknowledgments).
Point-to-Point Simplex Configuration

In the following example, two ACCELERATORs, A and B, are connected
both over a simplex connection and through the Internet.
A B
Router Accelerator Accelerator Router
Serial Serial Serial Serial

Interface Interface Interface Interface
0/1 0/0 0/0 0/1
(DCE) (DTE) (DTE) (DCE)
Ethernet 0 Ethernet 0
# To configure ACCELERATOR A:
9-13
3 Type transmit direction send-only (assuming

ACCELERATOR A transmits only).
4 Type receive from B where B is ACCELERATOR B’s ID.
# To configure ACCELERATOR B:
3 Type transmit direction receive-only (assuming
ACCELERATOR B receives only).
4 Type send through <IP> B where IP is ACCELERATOR A’s
LAN port IP address and B is ACCELERATOR B’s ID (In this case
“B” is the ID which will be encoded on the system messages from B to
A – it can be any other string).
Example Simplex Configuration

Run show interface, a new entry appears:
transmit-direction....................duplex

duplex is the default transmit direction and mode
or operation.
Invoke the help options to display all Simplex options:
Expand(conf-if)#transmit-direction ?
duplex Interface can send and receive data
receive-only Interface can only receive data
send-only Interface can only send data
In a point-to-point configuration, configure ACCELERATOR A:
Expand(conf-if)#send-through ?
9-14
A.B.C.D Peer IP address to send system

messages through
and
Expand(conf-if)#send-through 192.116.48.1 ?
WORD Id of interface through which to send
Expand(conf-if)#send-through 1.92.116.48.1 ACC1
Expand(conf-if)#sh
send-through peer-
ip..................192.116.48.1 interface-id ACC1
And ACCELERATOR B:
Expand(conf-if)#transmit-direction receive-only
transmit-direction....................send-only
Expand(conf-if)#receive-from ?
WORD Peer interface id to receive from
Expand(conf-if)#receive-from ACC1
The updated information now appears in the show command:
Expand(conf-if)#show
receive-from peer-id..................ACC1
transmit-direction....................send-only
9-15
Frame-Relay Configuration
In the following Frame-Relay configuration example, two
ACCELERATORs, A and B, are connected in simplex mode. Neither
ACCELERATOR has an Internet connection. ACCELERATOR A’s sub-
interface (PVC) 0/0.1 is connected to ACCELERATOR B’s sub-interface
0/0.1 by a PVC which is receive-only, and ACCELERATOR A’s sub-
interface 0/0.2 is connected to ACCELERATOR B’s sub-interface 0/0.2 by
a PVC which is send-only.
A B
0/0.1 0/0.1
0/0.2 0/0.2
Frame-

Relay
9-16
First, configure IP address configurations to the sub-interfaces. Assign

ACCELERATOR A sub-interface 0/0.1 an IP address of 10.0.0.1. Assign
ACCELERATOR A sub-interface 0/0.2 with an IP address of 11.0.0.1.
Different subnets should be chosen because ACCELERATOR A 0/0.1, as a

receive-only interface, needs to send its system messages (as UDP packets)
via an alternate route (through sub-interface 0/0.2. In order to route these
messages through sub-interface 0/0.2, the two interfaces should be on
different subnets.
Assign ACCELERATOR B sub-interface 0/0.1 with an IP address

of10.0.0.2, and its sub-interface 0/0.2 with an IP address of 11.0.0.2.
# To configure ACCELERATOR A:
2 Type interface serial 0/0.1, and press <Enter> to enter the
Serial Interface 0/0 sub-interface configuration mode.
3 Type transmit direction receive-only.
4 Type send-through 11.0.0.2 ACC1 (ACC1 is
ACCELERATOR A’s ID)
6 Type transmit-direction send-only.
7 Type receive-from ACC2 (ACC2 is ACCELERATOR B’s ID)
# To configure ACCELERATOR B:
3 Type transmit direction send-only followed by
receive-from ACC1
4 Type sub-interface 0/0.2.
9-17
5 Type transmit direction receive-only followed by

send-through 10.0.0.1 ACC2 (ACC2 is ACCELERATOR
B’s ID).
This configuration ensures that when ACCELERATOR A’s sub-interface 0/0.1

attempts to send system messages through 11.0.0.2, these messages will be sent
through sub-interface 0/0.2 (because its IP address belongs to the same subnet).
Simplex Mode Commands

In configuration mode,
Expand(config)#simplex
Expand(simplex)#?
simplex commands:
alias Creates a command alias for this mode.
exit Exits to a previous mode.
no Negates a command or sets its defaults.

priv-level Gives a privilege level to a command.
receive from Defines the ID for send-only transmission.
send-through Defines IP address and ID for receive-only

transmission.
simplex-port Defines the simplex UDP port.
transmit-direction Defines transmit direction as duplex, receive

only or transmit only.
Invoking show command followed by ? :
Expand(simplex)#show ?
9-18
aliases Aliases defined for simplex mode.
receive-tableDisplays receive-table data.
send-table Displays send-table data.
simplex-port Defines the simpelx UDP port.
tables Displays tables data.
<cr>
Invoking show receive-table :
Expand(simplex)#show receive-table
Receive Table:
------------------------------------------------
| Interface | Interface ID to receive from |
--------------------------------------------
| 0/0 | ACC1
|
Invoking show send-table :
Expand(simplex)#show send-table
Send Table:
---------------------------------------------
| Interface | Ip to send through | Interface ID |
------------------------------------------------
Expand(simplex)#simplex-port ?
<2000-50000> Define the simpelx UDP port
Invoking the tables command displays both receive and send tables:
--------------------------------------------
| Interface | Interface ID to receive from |
9-19
-------------------------------------------------
| 0/0 | ACC1 |
-------------------------------------------------
| Interface | Ip to send through | Interface ID |
-------------------------------------------------

9-20
Signal Routing
This feature sets signaling transmissions to be sent transparently through
the ACCELERATOR from the router to the modem (WAN termination
device, e.g. CSU/DSU) and vice versa. The signals reflected are DCD,
DSR and DTR.
# To configure signal routing:

1 In primary configuration mode type signal-route and press
<Enter> to enter the signal route configuration mode.
2 Type ? to display signal route commands:
alias Creates a command alias for this mode
exit Exits to the previous mode
no Negates a command or sets its defaults
priv-level Gives a privilege level to a command
route Configures signal route
show Shows running system information

3 Type route and then insert first the port number of the source port
and then the port number of the destination port (for example 0/1 0/0),
then press <Enter>.
4 To define a duplex signaling connection, in which signaling
transmissions pass from the router to the modem as well as from the
modem to the router, the previous step must be repeated for the
opposite direction (0/0 0/1).
9-21
5 To check that the connection was made as intended, type show:

signal-route
route
From | To | Status
-----+-----+-------
0/0 | 0/1 | valid
-----+-----+-------
In this example, interface 0/0 was configured to reflect its signals to
interface 0/1.
The status will be reflected as invalid in the event that a connection has
been made between two DCEs or two DTEs (rather than DCE to DTE).
For the ACCELERATOR 2700, an invalid status will be displayed
when the cable has been disconnected from the interface.

9-22
Flow Control
(For ExpandOS versions 3.5(1) and above)
Occasionally, the network drops packets. This can occur when

ACCELERATORs are connected over "noisy" lines, or over WAN links
with statistical multiplexing capabilities (such as Frame Relay). Beginning
with ExpandOS 3.5, ACCELERATORs can apply a recovery mechanism to
handle this phenomenon. Drop Recovery Code (DRC) is a unique
mechanism used to tackle data loss problems.
If too many packets are dropped from the network, the DRC buffer may
overfill. In the event that this occurs, the DRC requests a retransmission of
lost packets. The Flow Control feature enables the ACCELERATOR to
adjust the current bandwidth in order to decrease instances of DRC
retransmission requests.
Flow Control should be configured on the subinterface that is connected to

the remote ACCELERATOR.
NOTE:
DRC must be set to either semi or full for Flow Control to operate (refer to
Appendix A, Drop and Recovery, for more information on DRC).
# To configure Flow Control:

1 In Primary Configuration mode, type subinterface followed by
the interface port to be configured (for example serial 0/1.1) and
press <Enter>.
2 Type flow-control followed by a space and press <Enter>.
This will enable you to configure the Flow Control to:
enable: The ACCELERATOR will not exceed the bandwidth, as

defined in subinterface bandwidth, (see
show-subinterface example, below).
9-23
disable:The ACCELERATOR continues to function normally,

without adjusting data flow to avoid occurrences of DRC
retransmit. This is the default setting.
The following is an example of the relevant parameters from the

show-subinterface command:
bandwidth...............1000000
flow-adjustment.......enable
flow-control..........enable (now 1000000)
The “(now XXX)” field in the flow-control line indicates that the
bandwidth is currently controlled by the flow control. When flow
adjustment is enabled, and there are DRC retransmits, this field will
indicate the reduced or raised bandwidth status.
3 Type flow-adjustment followed by a space, and then press

<Enter>.
This will enable you to configure Flow Adjustment to:
enable: When a DRC Retransmit occurs, the ACCELERATOR will

reduce the bandwidth by 10% of the current effective

bandwidth value “(nowXXX)”, every 2 seconds. The
bandwidth will then be raised by 2% every 5 seconds, in an
attempt to restore a higher data rate. This is the default
setting.
disable: Bandwidth is not modified.

NOTES:
Flow Adjustment is only displayed when Flow Control is set to enable.
FECN (Forward Explicit Congestion Notification) and BECN (Backward Explicit
Congestion Notification) are not supported in this version.
Once Flow Control has been enabled, the Increase and Decrease Rate
parameters can be set as follows.
9-24
# To set the increase rate:

! In the tunnel configuration field, enable flow control and then type
increase-rate or decrease-rate followed by the number 0.1% by which
the flow should be increased/decreased:
decrease-rate is the rate at which the flow is decreased, per 0.1 %,
every 2 seconds.
increase-rate: is the rate at which the flow is decreased, per 0.1 %,
every 5 seconds.
bandwidth.............................2000000
decrease-rate.........................100
flow-adjustment.......................enable
flow-control..........................enable (now 2000000)
increase-rate.........................20
Upgrading ExpandOS
10-1
Chapter 10
Upgrading
ExpandOS
About This Chapter
ExpandOS has three separate types of memory: RAM used for internal
processing, memory allocated for the cache and Flash memory for software
updates.
ExpandOS can be upgraded to newer versions using standard TFTP. When

an upgrade is required, the file containing the new version can be
downloaded from Expand Networks’ Web site (via TFTP), or from the CD
that is included with each ACCELERATOR. This CD contains the User's
Guides and the software.
U pgrading ExpandOS
Version control in ExpandOS involves three operations:
! The supplied file must first be copied from the TFTP server to the Flash
card.
! The updated file must then be specified as the boot file that is to be
used when rebooting the system.
! The system must be rebooted to activate the upgraded version.
NOTES:
It is not possible to upgrade from versions below 3.2(3) to 3.5. To upgrade from a
version lower than 3.2(3), first upgrade to version 3.2(3) and then upgrade again to
version 3.5.
It is not possible to downgrade from version 3.5 to version 3.1. ExpandOS 3.5 will
not synchronize with any pre-3.2 ExpandOS version.
10-2
Backing Up the ACCELERATOR's

Configuration
It is an important precaution to backup the current ACCELERATOR
configurations in order to:
! Enable the user to revert to a previous version after upgrading to a new
release.
! Transfer files to a newer model of the ACCELERATOR after an
upgrade.
! Preserve the current configuration, and use it to configure other units.
! Recover critical configuration files in the unlikely event of file
corruption.
! To backup ACCELERATOR configuration:

1 Ensure the configuration file is present by executing the write
command in Enable mode.
2 In Enable mode, type copy startup-config net-tftp, and
then press <Enter>. You will be prompted with a request for the TFTP
server name or IP address.
3 Type the destination address or name of the remote host, and press
<Enter>. You will be prompted for the destination file name.
4 Type the name of the file, and press <Enter>.
This will save the startup configuration file to the station on which the
TFTP server is running. After the successful ExpandOS upgrade has been
performed, the configuration file can be downloaded to the
ACCELERATOR by typing copy net-tftp startup-config.
! To copy the version file to the Flash card:

1 Check that there is sufficient available space on the Flash card for the
new version. For further details, refer to the BootROM Commands
section in Chapter 11, Command Reference.
2 Delete the existing version image from the card.
Upgrading ExpandOS
10-3
3 In Enable mode, type copy net-tftp flash.

4 Press <Enter>. A series of questions will be displayed to guide you
through the copying process, as follows:
# Enter the remote address of the TFTP server.
# Enter the file name of the file to be downloaded from the TFTP
server.
# Enter the destination file name to be given to the file when it is
saved on the Flash card.
Following a successful process, the file resides on the Flash card, with the
defined filename.
! To specify the boot file:

1 In Primary Configuration mode, type boot, and press <Tab>.
boot system flash is displayed.
2 Press <Enter>.
3 At the screen prompt, type the file name that is used on the Flash card
for the upgraded version.
4 Press <Enter>.
5 Reboot the system to invoke the updated version, as described below.
! To reboot the system:
U pgrading ExpandOS
1 Press <Control-Z> to exit Primary Configuration mode.
2 Type reboot.
3 Press <Enter>. You are prompted to confirm the reboot.
4 Type yes. The system reboots.
NOTE:
The upgraded version is only activated following a system reboot.
SAVE:

10-4
Command Reference
11-1
Chapter 11
Command
Reference
About This Chapter
This chapter provides a reference for the commands that are available for
configuration of the ACCELERATOR 4000.
The commands are listed within their various nodes.
In this chapter, commands are typed in bold, and parameters are typed
within square brackets [ ], For example, ping [IP Address].

! Common Commands, page 11-2
! Executable Commands, page 11-3.
! Commands Available in Enabled Mode, page 11-5.
C ommand Reference
! Commands Available in Enabled Configuration Mode, page 11-7.
! Show Commands, page 11-28.
! BootROM Commands, page 11-30.
11-2
Common Commands
The following commands can be performed at nearly every level
throughout ACCELERATOR configuration.
The No Command
The no command can be typed before almost any command to reset the
setting for the command.
The ? Command
To view help for a command, type ? after the command and you will receive a detailed list
of all possible configuration parameters for this command with a brief explanation.
For example:
Expand(config)#clock
Expand(clock)#?
clock commands:
alias Create command alias for this mode
daylight-saving Configure daylight savings
exit Exit to previous mode
priv-level Give privilege level to a command
set Set the time and date
timezone Configure time zone (Min)
The Show Command
The show command can be used after any command to reveal the set parameters for a
command.
For example:
Expand(config)#interface ethernet 0/0
Expand(conf-if)#show
0/0
bypass................................disable
Command Reference
11-3
description...........................(not configured)
ip
address.............................1.2.3.1
mask................................255.255.255.255
mac...................................aaaa.bbbb.cccc
mode..................................on-path lan-side
queue-usage...........................0
queuing-strategy......................fifo
throughput
---------------+-----------+-------------+--------------
---------------+-----------+-------------+--------------
Executable Commands
Expand#
C ommand Reference
COMMAND DESCRIPTION
debug Debug data.
dir Displays files on a file system.
disable Disables privileged commands.
enable Enables privileged commands.
exit Exits the shell.
no Negates a command or set its default.
packet Packet data
ping [IP address] [number] Sends echo messages.
11-4
Pings the IP address with the number of

packets to ping (between 1 – 2000000).
Expand#debug
COMMAND DESCRIPTION
ber-permil [number] Promil of packet drop [debug].
clear-tasks Clears tasks information
events [all] or [long] Sets selection parameters for events:
All: Displays events in long format.
Long: Displays a full description of
events.
queuing Activates data queuing.
tasks Creates trace task data in a file.
trace [task name] Enables task tracing according to its name.
Expand#dir
COMMAND DESCRIPTION
flash Activates the flash file system.
null Deactivates the flash file system.
Expand#enable
COMMAND DESCRIPTION
clear [counters interface Clears data from the specified serial
serial] or [events] interface counters or events data
configure Enables Configuration mode.
copy Enables copying from one file to another.
debug Debugs data.
delete Deletes a file.
dir Lists files in a file system.
Command Reference
11-5
disable Disables privileged commands.

enable Enables privileged commands.
erase Deactivates flash.
exit Exits the shell.
no Deactivates a command or sets its default.
packet Packet data.
ping Sends echo messages.
reboot Resets the system.
rename Renames a file with another file name.
reset-factory-default Resets the factory default configuration by
erasing the existing configuration.
restore-factory-default Restores the factory default configuration
as the startup configuration.
set-factory-default Sets the factory default configuration as
the startup configuration.
write Writes the configuration to memory.
Commands Available in Enable Mode
Expand#configure mode
C ommand Reference
COMMAND DESCRIPTION
aaa Enables Authentication, Authorization and
Accounting mode.
banner Displays the banner.
boot [system] or [flash] Modifies system boot parameters.
Boots the system image file or flash file
system.
clock Displays the system clock.
custom-policy [1-16] Configures a custom queuing policy.
11-6
COMMAND DESCRIPTION
enable Modifies enable password parameters.
hostname [network name] Defines the system network name.
interface [ethernet] or Interface data: ethernet data or serial
[serial] interface help.
led-manager Displays the LED manager.
line [console] or [telnet] Configures console, Telnet, WebUI or
or [WebUI] or [auxiliary] auxiliary (modem connected to the rs line)
parameters.
local Configures local options.
logging Displays logging data.
modem Defines modem settings.
net-tftp [port number] Sets the parameters of the port (between
[seconds] 0-65535), and the timeout, in seconds
(between 0-70000).
power-check Enables monitoring of dual power
supplies.
priority-policy [1-16] Configures a priority queuing policy.
priv-level Defines the privilege level of a command.
radius Configures RADIUS options.
route-rules Sets routing definitions.
show Displays active system information.
snmp Displays SNMP data.
sntp Displays SNTP server settings.
tacacs Configures TACACS+ options.
terminal Displays terminal settings.
watch-dog Displays System Watch Dog.
Command Reference
11-7
Commands Available in Enabled

Configuration Mode
Expand(config)#AAA
COMMAND DESCRIPTION
alias [alias word] [alias Creates a command alias for this mode.
command]
authentication Displays authentication data.
authorization exec Displays authorization data.
C ommand Reference
11-8
Expand(AAA)#Authentication &
Authorization
This command is performed from within the Configuration mode, see the
configuration command, above.
COMMAND DESCRIPTION
authentication enable [Web Sets the method of enabled authentication:
UI] or [console] or 1: Enable: Use enable password
[telnet] or [list name]
authentication.
[1] [2] [3] [4] [5] [6]
2: Line: Use line authentication.
[1] (enable)
[2] (line) 3: Local: Use local authentication.
[3] (local) 4: Tacacs: Use TACACS+
authentication.
[4] (tacacs)
5: Radius: Use RADIUS authentication.
[5] (radius)
[6] (none) 6: None: No authentication.
authentication login [Web Sets the method of login authentication:

UI] or [console] or 1: Enable: Use enable password
[telnet] or [list name]
authentication.
[1] [2] [3] [4] [5] [6]
2: Line: Use line authentication.
[1] (enable)
[2] (line) 3: Local: Use local authentication.
[3] (local) 4: Tacacs: Use TACACS+
authentication.
[4] (tacacs)
5: Radius: Use RADIUS authentication.
[5] (radius)
[6] (none) 6: None: No authentication.
authorization exec [Web Sets the names of the new access

UI] or [console] or permission list:
[telnet] or [list name] 1: Enable: Use enable password
[1] [2] [3] [4] [5] [6]
authorization.
[1] (enable)
2: Line: Use line authorization.
[2] (line)
3: Local: Use local authorization.
[3] (local)
4: Tacacs: Use TACACS+ authorization.
[4] (tacacs)
Command Reference
11-9
COMMAND DESCRIPTION
[5] (radius) 5: Radius: Use RADIUS authorization.
[6] (none) 6: None: No authorization.
Expand(config)#arp-cache
COMMAND DESCRIPTION
timeout Enables configuration of the number of
seconds the ARP cache should wait before
deleting dynamic entries.
wait Enables configuration of the number of
seconds the ARP cache should wait before
discarding packets.
Expand(config)#banner
COMMAND DESCRIPTION
default Restores the default welcome banner.
edit Edits the welcome banner.
C ommand Reference
Expand(config)#clock
COMMAND DESCRIPTION
daylight-saving Configures daylight savings.
Defines the start day for summer daylight
saving time (between 1-31).
set [day] [time] Sets the date [dd-mmm-yyyy]
11-10
COMMAND DESCRIPTION
and time [hh:mm:ss].
timezone [min] Defines the time zone, in minutes
(between 0-1380).
Expand(config)#custom policy
COMMAND DESCRIPTION
clear Clears the policy properties.
queue [1-16] [1] [2] [3] Sets the queue number:
[4] [5] [6] 1: Sets the byte count (between
[1] (byte-count) 0-10000).
[2] (default) 2: Sets as the default queue.
[3] (interface) 3: Queues by serial interface.
[card]/[port]
4: Sets the queue limit.
[4] (limit)
5: Queues by protocol.
[5] (protocol) ip
6: TCP or UDP port number.
transport [none] or
[tcp] or [udp]
[6] (tcp or udp port
number)
show Shows the policy properties.
Expand(config)#enable
COMMAND DESCRIPTION
Exits to the previous mode.
exit
no Deactivates a command or set its default.
password [password] Defines a privilege level password and
[level] level (between 1-15).
Sets the unencrypted (clear text)
"enable" password.
Command Reference
11-11
Expand(config)#interface
ethernet 0
COMMAND DESCRIPTION
ip [IP address] [subnet Defines the IP address and subnet mask.
mask]
mac address Defines the interface’s MAC address.
mode Sets the ACCELERATOR mode to
on-path or on-lan.
priv-level [number] Defines the privilege level of a command
(between 1-15).
Expand(config-if)#hsrp
This command is performed from within the Ethernet interface mode, see the
interface ethernet command, above.
C ommand Reference
COMMAND DESCRIPTION
authentication Sets HSRP authentication string.
Sets the virtual IP address for the HSRP
ip group.
mac-address Sets the MAC address of the HSRP group.
preempt Enables or disables the ACCELERATOR
to preempt lower priority devices in the
HSRP group.
priority Sets the ACCELERATOR’s status within
the HSRP group.
timers [hello time] [hold Enables configuration of Hello Time and
11-12
time] Hold Time.

auto-config Enable or disable auto-configuration of
HSRP.
protocol-monitor[severity Enables event-log reports to be sent via
level] email.
serial
COMMAND DESCRIPTION
bandwidth [bps] Sets the bandwidth
(between 32000-4000000).
acceleration [on] or [off] Enables or disables acceleration
(false/true value).
alias [WORD] Creates a command alias for this mode.
clock Sets the clock data.
confirm Confirms that the auto-detection results
are valid.
counters period throughput Defines the counters data throughput
[seconds] period, in seconds (between 5-300).
crc [16-bit] or [32-bit] Sets the CRC length.
or [none]
custom-queue [enable] or Enables or disables custom queuing.
[disable]
dcd [enable] or [disable] Enables or disables Data Carrier Detect,
DCE only.
description [line] Defines an interface-specific description.
drc [chunk-size] [mode] Sets the Data Carrier Detect configuration:
automatic or manual plus size, and
full, semi or off.
Command Reference
11-13
COMMAND DESCRIPTION
encapsulation Sets the interface encapsulation:
[1] (autodetect) 1: Sets the device to detect automatically.
[2] (ppp) 2: Sets the type to PPP.
[3] (hdlc) 3: Sets the type to CISCO-HDLC.
[4] (frame-relay) 4: Sets the type to frame relay.
[5] (lapb) 5: Sets the LAPB options.
[6] (raw-hdlc) 6: Sets the type to unknown protocol over
standard HDLC.
fair-queue [enable] or Enables or disables weighted fair queuing.
[disable]
hardware [data type] Sets the hardware data type: Amsterdam,
multi-bypass, V.35, or multi-DCE.
ignore Defines the data to be ignored:
[1] (dcd) 1: Disables or enables Data Carrier Detect.
[2] (packet-size) [size] 2: Disables acceleration for a specific
packet size (between 0-5000).
ip [IP address] [subnet Defines the IP address and subnet mask.
mask] Does not appear in Auto detect
encapsulation mode.
keepalive_interval [time] Sets the frequency of keepalives, in
seconds (between 1-60).
C ommand Reference
keepalive_iterations Defines the quantity of keepalives before
[number] the connection is lost (between 1-50).
mtu Defines the maximum MTU size for the
serial interface.
priority-queue [enable] or Enables or disables priority queuing.
[disable]
(between 1-15).
probe [seconds] Defines the time between probes, in
seconds (between 0-30).
11-14
COMMAND DESCRIPTION
transmit-direction Defines the interface transmit direction:
[1] (duplex) 1: Interface can send and receive data.
[2] (receive-only) 2: Interface can only receive data.
[3] (send-only) 3: Interface can only send data.
type [cable type] Multi-type help: V.35, RS-422, RS-
232, RS-530 or cable (displays which
cable is attached).
Command Reference
11-15
Expand(config-if)#clock
This command is performed from within the serial interface mode, see the interface
serial command, above.
COMMAND DESCRIPTION
rate [bps] Sets the rate from one of the following
values: 0, 2400, 4800, 9600,
19200, 38400, 56000, 64000,
128000, 256000, 512000,
1000000, 1523800, 2000000,
2909000, 3500000, 4000000,
4571400, 5333300, 6400000, or
8000000.
rx polarity [low] or Sets the Rx data to low or high.
[high]
source rx [options] tx Sets the clock source help:
[options] 1: Sets the receive & transmit clock
[1] (source rx internal tx sources to internal.
internal) 2: Sets the receive clock source to external
[2] (source rx external tx & transmit clock source to internal.
internal)
3: Sets the receive clock source to external
[3] (source rx external tx & transmit clock source to external.
external)
4: When the interface is X.21, the clock is
[4] (source from rx only) only derived from the receive.
tx polarity [low] or Sets the Tx data to low or high.
C ommand Reference
[high]
11-16
tunnel
COMMAND DESCRIPTION
tunnel [tunnel number] Creates an IP tunnel.
[tunnel mode]
tunnel source [local ip Defines the IP tunnel path.
address]
tunnel destination [remote Defines the IP tunnel path.
ip address]
tunnel id Identifies the IP tunnel.
bandwidth Limits tunnel throughput.
tunnel force Forces an IP header on non-accelerated
data.
tunnel allow-fragmentation Enables/disables packet fragmentation of
tunneled packets.
tunnel sequence Enables/disables packet sequence
preservation of tunnel packets.
tunnel service [tos and Configures the IP tunnel service.
precedence or user
defined]
tunnel checksum Enables/disables checksum on tunneled
data.
Expand(config)#led-manager
COMMAND DESCRIPTION
testing [on] or [off] Sets the Testing mode to on or off.
Command Reference
11-17
Expand(config)#line
auxiliary
COMMAND DESCRIPTION
authenticate [enable] or Authenticates the parameters:
[login] enable: Authentication of enable
parameters.
login: Authentication of login
parameters.
authorize Authorizes the parameters:
[1] (none) 1: No authorization list.
[2] (auxiliary) 2: Default authorization list.
[3] (console) 3: Default authorization list.
[4] (telnet) 4: Default authorization list.
modem Sets the modem connected to the rs line:
[1] (clear) 1: Clears the line by sending an
[2] (hang) initialization AT string.
[3] (type) 2: Hangs up the connection.
3: Modem name.
C ommand Reference
password Configures the password.
privilege Changes the privilege level for the line.
11-18
Expand(config)#line console
COMMAND DESCRIPTION
authenticate Authenticates the parameters.
authorize Authorizes the parameters.
no Negates a command or sets its default.
password Configures the password for this line.
privilege Changes the privilege level for this line.
show Shows running system information.
Expand(config)#line telnet
COMMAND DESCRIPTION
authenticate Authenticates the parameters.
authorize Authorizes the parameters.
password Configures the password for this line.
privilege Changes the privilege level for this line.
show Shows running system information.
Command Reference
11-19
Expand(config)#line WebUI
COMMAND DESCRIPTION
authenticate [enable] or Authenticates the parameters.
[login] enable: Authentication of enable
parameters.
login: Authentication of login
parameters.
authorize Authorizes the parameters:
[1] (none) 1: No authorization list.
[2] (auxiliary) 2: Default authorization list.
[3] (console) 3: Default authorization list.
[4] (telnet) 4: Default authorization list.
password Configures the password.
privilege Changes the privilege level for the line.
web Enables or disables the web user interface.
C ommand Reference
Expand(config)#local
COMMAND DESCRIPTION
max-num-of-users [number] Sets the maximum number of users that
can be configured (between 1-50).
11-20
users [user name] Configures local database users.

Adds a new user to the local users list.
Expand(config)#logging
COMMAND DESCRIPTION
autosave period [seconds] Defines the autosave intervals, in seconds
(between 10-1000000).
broadcast Sets broadcast information:
[1] (active) [Y] or [N] 1: Sets broadcast active state to yes or
[2] (priority) [number] no.
[3] (severity) [max] or 2: Sets the user priority for sending
[min] messages (between 1-15).
[4] (terminal) 3: Sets the severity limits to maximum or
[auxiliary], [console] or minimum.
[telnet]
4: Defines to which terminal to send
messages.
mail Email information:
[1] active 1: Email active state: Yes or No.
[2] domain 2: Domain name parameter <string>.
[3] from 3: From address parameter <string>.
4: Recipients’ data:
[4] recipient Number <1-3>.
[5] server Active state: Yes or No.
Email address.
[6] severity
5: Destination servers’ information
[7] subject <IP address and port number>.
6: Severity limits.
7: The e-mail subject to be sent with the
message.
Command Reference
11-21

syslog Syslog information:
[1] (active) 1: Syslog active state: Yes or No.
[2] (facility) 2: Facility's data <0-21>.
. [3] (level) 3: Facility level of sent messages <debug,
error, fatal, info, warning>.
. [4] (server) 4: Syslog server details – IP address and
[5] (severity) port.
5: Severity limits: Maximum and
Minimum.
Expand(config)#modem
COMMAND DESCRIPTION
modemcap [modem name] Defines the modem and its settings:
[default] NEC: No Echo (E0 or E1).
NRS: No Result Codes (Q0, Q1 or Q2).
ONH: On Hook (H0 or H1).
C ommand Reference
11-22
Expand(config)#power-check
COMMAND DESCRIPTION
events [on] or [off] Enables or disables the redundant power
check events:
off: False value.
on: True value.
snooze-interval [number] Sets snooze interval between alerts, in
hours (between 1-72).
Expand(config)#priority
policy
COMMAND DESCRIPTION
clear Clears the policy properties.
queue [1-16] [1] [2] [3] Sets the queue number:
[4] [5] 1: Sets as the default queue.
[1] (default) 2: Queues by serial interface.
[2] (interface) 3: Sets the queue limit.
[card]/[port]
4: Queues by protocol.
[3] (limit)
5: Transport protocol port.
[4] (protocol) ip
transport [none] or
[tcp] or [udp]
[5] (TCP or UDP port)
show Shows the policy properties.
Command Reference
11-23
Expand(config)#RADIUS
COMMAND DESCRIPTION
key [encryption key] Defines the RADIUS default encryption
key.
timeout [seconds] Defines the time to wait for a RADIUS
server to reply (between 0-500000).
(between 1-15).
retransmit [number] Sets the number of retries to the active
server (between 1-20). The default is 3.
server [IP address] Adds a RADIUS server to the server list.
Expand(config)#route-rules
COMMAND DESCRIPTION
bridge route[source I/F Sets the global bridge configuration
type] [source I/F] subcommands: source interface
C ommand Reference
[destination I/F type] type (serial or ethernet), source
[destination I/F] interface, destination
interface type, and
destination interface.
bridge use-labels [enable] Enables or disables multiplex-interface
or [disable] configuration mode.
bridge default-label Sets the default path in case of software
[0-15] bypass, valid only if use-labels is
enabled.
ip default gateway [ip] Defines the default gateway’s IP address.
11-24
ip route [outgoing ip]; Defines an IP route.

[outgoing mask];
[destination I/F] or
[forwarding ip]
routing-policy [bridging- Defines the routing policy: bridging or
first] [IP-routing-first] IP.
Expand(config)#signal-route
COMMAND DESCRIPTION
alias Creates command alias for this mode.
no Negates a command or set its defaults.
priv-level Gives privilege level to a command.
route Configures the signal route.
show Show running system information.
Expand(config)#simplex
COMMAND DESCRIPTION
(between 1-15).
receive-from Defines the ID for send-only transmission.
send-through Defines IP address and ID for receive-only
transmission.
simplex-port Defines the simplex UDP port.
Command Reference
11-25
COMMAND DESCRIPTION
transmit-direction Defines transmit direction as duplex,
receive only or transmit only.
Expand(config)#SNMP
COMMAND DESCRIPTION
community [community Enables SNMP.
string] Sets a community string and access
privileges.
contact [contact name] Defines the contact person for this unit.
host [IP address] Defines a host to receive SNMP
[community string] or notifications: The IP address of the SNMP
[user name] notification host, SNMPv1/v2c
community string, or SNMPv3 user name.
interface-table Shows interface if-table index.
location Defines the location for this unit.
(between 1-15).
rmon Enters RMON mode.
C ommand Reference
snmp [enable] or [disable] Enables or disables the SNMP state.
traps [enable] or Enables or disables SNMP Traps.
[disable]
11-26
Expand(snmp)#RMON
This command is performed from within the Configuration mode, see the
configuration command, above.
COMMAND DESCRIPTION
current memory [number] Current memory allocation.
current status Displays current RMON status: enable or
disable.
filter-capture RMON I filter tables mode.
future memory [number] RMON memory to be allocated upon next
reboot.
future status Displays RMON status desired upon next
reboot: enable or disable.
pause Pauses RMON functionality.
(between 1-15).
status Operation mode in next restart.
Expand(config)#SNTP
COMMAND DESCRIPTION
server [IP address] Configures the server’s IP address.
broadcast [IP address] Configures the broadcast servers IP
address.
interval [minutes] Defines the interval time, in minutes.
Command Reference
11-27

sntp [on] or [off ] Sets the synchronization to on or off.
Expand(config)#TACACS
COMMAND DESCRIPTION
key [encryption key] Sets the TACACS+ default encryption
key.
timeout [seconds] Sets the time to wait for a TACACS+
server to reply, in seconds (between
1-500000).
attempts [number] Defines the number of authentication
request retries (between 1-20).
auto_send [yes] or [no] Enables or disables automatic requests and
the sending of user and password data.
(between 1-15).
server [IP Address] Enables an additional TACACS+ server to
be added to the server list.
C ommand Reference
Expand(config)#terminal
COMMAND DESCRIPTION
lines [number] [current] Configures the number of lines for the
current session (between 3-512).
11-28
(between 1-15).
timeout [minutes] Activates the terminal session idle
time out [1-9999].
Show Commands
Expand#show
COMMAND DESCRIPTION
acceleration Displays all acceleration information.
aliases Displays the aliases defined for Exec
mode.
banner Displays the banner text.
boot Displays the system boot parameters.
clock Displays the clock data.
configure Displays the Primary Configuration mode
information.
cpu-counter Displays the gateway counter for the last
second.
cpu-utilization Displays the CPU utilization in
percentages.
daylight-saving Displays the daylight savings time
settings.
debug Displays debug data information.
events Displays the events selection parameters.
frame-relay Displays frame relay data.
hostname Displays the system's network name.
interface Displays the interface data.
led-manager Displays the LED manager.
leds Displays the LED mode.
line Displays the terminal line configuration.
Command Reference
11-29
COMMAND DESCRIPTION
local Displays the local configuration.
logging Displays the logging data.
memory Displays the memory data.
modem Displays the modem settings.
net-tftp Displays the net-TFTP parameters.
power-check Displays the redundant power supply.
privilege Displays the current privilege level.
radius Displays the RADIUS configuration.
route-rules Displays the routing definitions.
snmp Displays the SNMP data.
sntp Displays the SNTP data.
tacacs Displays the TACACS configuration.
tech-support Displays system information for purposes
of technical support query diagnosis.
terminal Displays the terminal settings.
up-time Displays the system uptime since the last
reboot.
version Displays the system version.
watch-dog Displays System Watch Dog.
Expand#show events
C ommand Reference
COMMAND DESCRIPTION
long Displays the events in the long format.
short Displays the events in the short format.
filter Displays the filtered results by the required
[1] (message) fields:
[2] (severity) 1: Message counter's display range.
2: Severity's display range.
sortby Displays sorted fields.
11-30
BootRom Commands
These commands can be invoked during ACCELERATOR’s boot-up, by pressing
<Control-C>:
COMMAND DESCRIPTION
cd [path] Defines the current directory.
copy flash ftp Copies a file from the flash using FTP.
copy flash tftp Copies a file from the flash using TFTP.
copy ftp flash Copies a file to the flash using FTP.
copy tftp flash Copies a file to the flash using TFTP.
delete [file name] Deletes a file.
dir [directory name] Displays the contents of a directory.
erase flash Erases all flash files.
flash size Displays the available and used space for
flash.
ftp password [password] Configures a password for the FTP server.
ftp username [username] Configures a username for the FTP server.
ipshow Displays the IP configuration.
mkdir [directory name] Creates a directory.
ping [address] [num of Tests that a remote host can be reached.
packets]
pwd Prints the current directory.
rmdir [directory name] Deletes a directory.
routeshow Displays the routing table.
In order to return to the Applications commands, reboot must be invoked.

LAN Resilience
12-1
Chapter 12
LAN Resilience
HSRP
HSRP Overview
One way to achieve near-100 percent network uptime is to use the

Hot Standby Router Protocol (HSRP), which provides network redundancy
for IP networks, ensuring that user traffic immediately and transparently
recovers from first hop failures in network edge devices or access circuits.
In HSRP, multiple network devices can act in concert to present the

illusion of a single “virtual router” to the hosts on the LAN, by sharing an
IP address and a MAC (Layer 2) address. The devices are all configured
with a priority status within the group. In general, the device with the
highest priority will naturally be the Active device; the device with the
next-highest priority is the Standby device that takes over in the event of
Active device failure or unavailability. Dominant devices in the virtual
HSRP group continually exchange status messages, enabling one device to
assume the routing responsibility of another, should it stop operating for
either planned or unplanned reasons.
In the event that the Active device fails, the Standby device assumes the
packet-forwarding duties of the Active device. If the Standby device fails
or becomes the Active device, then another device is elected as the Standby
device. Hosts continue to forward IP packets to a consistent IP and MAC
address, and the changeover of devices is transparent.
12-2
ACCELERATORs can take part in HSRP and work in tandem with routers
to provide backup for the network. The following figure displays an
ACCELERATOR application working with routers in a virtual HSRP
group. The ACCELERATOR and routers are configured with the MAC
address and the IP network address of the virtual HSRP group.
HSRP GROUP
HSRP
Standby Device PUBLIC NETWORK
Listen Device
Active Device
ACCELERATOR
The ACCELERATOR is configured to have the highest priority and work

as the Active device. It is configured with the IP address and MAC address
of the virtual router and forwards any packets addressed to the virtual
router. One of the routers acts as the Standby router, in the event that the
ACCELERATOR stops transferring packets, the router protocol converges,
and the router assumes the duties of the ACCELERATOR and becomes the
Active device.
Configuring HSRP
Expand recommends that you use the auto-config command to
configure the ACCELERATOR.
LAN Resilience
12-3
HSRP Auto-Configuration
The auto-config command ensures that the correct HSRP parameters
are implemented for the ACCELERATOR to become the Active device in
all HSRP groups on the LAN.
HSRP Auto-Configuration Task List

! Enabling auto-configuration
Auto-configuration copies the configuration of the Active device in the
HSRP
HSRP group, gives the ACCELERATOR a priority higher than that of the
current Active device and enables preempt, allowing the ACCELERATOR
to continually try to be the Active device (see Manual HSRP Configuration
parameters, below, for details on the specific parameters).
! To auto-configure the ACCELERATOR’s HSRP:

2 Type interface followed by a space, and then type ethernet
followed by a space and then the interface name, 0 (for
ACCELERATOR 4800) or 3/0 (in the ACCELERATOR 2700 series).
3 Press <Enter> to enter the Interface configuration mode.
4 Type hsrp, followed by a space, and then type auto-config
followed by a space, and then type enable.
5 Check the device’s configuration to make sure that the correct
configuration settings have been enabled.
If auto-config mode remains set to enable, the ACCELERATOR
will maintain an Active position in the HSRP group in a dynamic fashion,
continuing to force its priority above all other devices, including devices
added to the HSRP group later.
IMPORTANT:
Once the ACCELERATOR has been auto-configured, it is recommended to set
auto-config to disable, to avoid new-configuration overriding.
NOTE:
Expand recommends that you avoid a situation in which two ACCELERATORs on
the same LAN are both set to auto-config enable.
12-4
Mixing Manual and Auto-Configuration

Auto-configuration can be combined with manual configuration as follows:
! Manually configuring an auto-configured ACCELERATOR:
Once the ACCELERATOR is auto-configured, disable the
auto-configuration command. This will enable you to manually alter
any parameters that have been auto-configured.
! Auto-configuring a manually configured ACCELERATOR:
HSRP
If an ACCELERATOR has been manually configured, auto-
configuring the ACCELERATOR will overwrite any parameters
necessary, so that the ACCELERATOR will be the Active device in all
HSRP groups.
Manual HSRP Configuration

Manual HSRP Configuration Task List
Perform the following tasks to configure HSRP:

! Setting the authentication (Optional)
! Setting the MAC address (Optional)
! Setting the preempt status (Required)
! Selecting the priority
! Setting the timers (Optional)
! Setting the group number and IP address (Required)
! Setting protocol monitor (Optional)
NOTE:
Although configured HSRP parameters do not appear in the hsrp show until the
ip address parameter has been set, it is recommended to configure this
parameter last so that the configuration is complete before the ACCELERATOR
begins communication with the HSRP group.
LAN Resilience
12-5
Setting the authentication

The Authentication command enables you to configure the router standard
by which you learn the virtual IP, hold time and hello time of the other
routers.
The default setting for the authentication command is “cisco”.

Expand recommends that you use this default setting.
NOTE:
It is important that all the devices in the HSRP group have the same authentication
HSRP
setting. If you change the default authentication setting, verify that all the other
devices in the HSRP group have the same authentication setting.
! To set HSRP Authentication:

followed by a space and then the interface name, for example 0 (for
ACCELERATOR 4800) or 3/0 (in ACCELERATOR 2700 series).
3 Press <Enter> to enter the Interface configuration mode.
4 Type hsrp, followed by a space, followed by the group number and a
space, then type authentication, followed by the desired
authentication string and then press <Enter>.
NOTE:
You must type in a group number, even if the target group is group 0. Unlike Cisco
HSRP configuration, ACCELERATOR HSRP does not have a default group
number.
Setting the MAC address

The Active router adds the virtual MAC address of the HSRP group to its
configuration, enabling packets sent to the virtual router to locate the
Active device. A default value, ending in the device’s priority level, is
automatically entered. Expand recommends that you defer to the default
value.
12-6
IMPORTANT:
The Virtual Router’s MAC address must be identical for all devices in the HSRP
group. If you change the MAC address in the ACCELERATOR, make sure you
change it in all other devices participating in the HSRP group.
NOTE:
If you change the MAC address, be careful to assign an address that is not used by
any other device on the local network.
HSRP
! To set the HSRP MAC address:
3 Press <Enter> to enter Interface configuration mode.
4 Type hsrp, followed by a space, followed by the group number and
then type mac-address and enter the desired MAC address
5 Press <Enter>.
Setting the preempt status

Preempt is a flag that sets the ACCELERATOR to continually try to
become the Active device, even when there has been no Active device
failure.
NOTE:
Because changeover between one device and another can take two to three
seconds, during which the network has no default gateway, preempting one Active
device with another may be undesirable.
! To enable preempt status:

ACCELERATOR 4800) or 3/0
(in ACCELERATOR 2700 series).
LAN Resilience
12-7
4 Type hsrp, followed by a space, followed by the virtual router group

number and then type preempt, followed by a space, and then type
enable and press <Enter>.
The default value for the preempt command is disable.
Selecting the priority

Setting the ACCELERATOR’s priority enables you to select its status in
the HSRP group.
HSRP
! To enable priority status:
ACCELERATOR 4800) or 3/0
(in ACCELERATOR 2700 series).
4 Type hsrp, followed by a space, followed by the group number
followed by a space, and then type priority, followed by a space,
and then type in the number of priority level to be given to the
ACCELERATOR (0 to 255) and press <Enter>.
The default value for the priority command is 100.
NOTE:
In the event that two devices in the HSRP group have the same priority, the Active
router will be set according to IP address. Expand does not recommend this setup.
Setting the timers

The timers command enables configuration of Hello Time and Hold
Time, which set the packet rate between the devices in the HSRP group.
Hello time is the interval between Hello messages (an exchange of HSRP
priority and state information) and the Hold Time is the interval between a
receipt of a Hello message and the presumption that the sending router has
failed.
12-8
Expand recommends that you do not change the default timer setting!
IMPORTANT:
The default rate is 3 second Hello Time and 10 second Hold Time. It is
recommended that the Hold Time be more than three times the length of the Hello
Time.
! To set HSRP timers:

HSRP
4 Type hsrp, followed by a space, then type the group number followed
by a space, and then type timers, followed by a space, followed by
the number of seconds to be set as hello time, followed by the number
of seconds to be set as hold time, and press <Enter>. For example:
hsrp 1 timers 4 15
IMPORTANT:
It is imperative that all members of the HSRP group have the same Hello Time and
Hold Time. If you change the default parameters, make sure you do so on all
members of the HSRP group.
NOTES:
Increasing timer-default rates will shorten the time that the network has without a
default gateway during Active router changeover, but will increase the protocol
bandwidth overhead and vice versa.
If the ACCELERATOR is not currently the Active device in the HSRP group, Timer
settings will be derived from the Active device and any timer configurations that you
set in the ACCELERATOR will not be saved.
Setting the IP address

Once the IP address is configured, the ACCELERATOR begins
communication with other devices in the HSRP group. Because of this, it is
recommended for all other HSRP values to be set before IP address.
LAN Resilience
12-9
! To set the HSRP IP address:

4 Type hsrp, followed by a space, followed by the number of the HSRP
group the ACCELERATOR is being added to, followed by a space,
HSRP
then type ip, followed by a space, followed by the Virtual Router’s IP
address (VIP), and press <Enter>.
IMPORTANT:
It is essential that all the devices in the HSRP group have the same VIP.
Once this has been set, the ACCELERATOR’s configured HSRP

parameters can be displayed by typing show hsrp or show hsrp
followed by the group number:
NOTE:
It could take a few seconds for the total configuration to take effect; the show
hsrp enables you to monitor the HSRP parameters until the configuration is stable.
Group 0
Local state is Standby
Active router is 10.0.214.11
Standby router is local
authentication........................cisco
ip....................................10.0.118.110
mac-address...........................0000.0c07.ac00
preempt...............................enable
priority..............................222
timers................................3
hold..........................10
! The Local state displays the ACCELERATOR’s status as follows:
12-10
# Initial
Initial state before configuration (this will not be visible in the show
menu)
# Learn
The ACCELERATOR can learn the VIP from the Active device, for
cases in which it was not configured.
# Listen
The ACCELERATOR listens to the other HSRP members on the
HSRP
same subnet
# Speak
The ACCELERTOR sends packets including priority data
(including coup packets)
# Standby
The ACCELERATOR is waiting for the Active device to become
inactive (fault condition or unavailable)
# Active
The Active device adds the MAC address of the virtual router to its
interface; all packets sent to the VIP will reach this interface.
This router answers all ARP, ping and Telnet messages sent to the
VIP.
! The Active router state displays the real IP address of the Active
device or “local”, if the ACCELERATOR itself is currently the Active
device.
! The Standby router state displays the real IP address of the Standby
router or “local” if the ACCELERATOR itself is currently the Standby
device.
LAN Resilience
12-11
Protocol Monitor
In HSRP, it is important that all the devices are synchronized and have
compatible settings. After HSRP configuration is complete and stable, it is
possible to configure the protocol-monitor command to enable email
messages to be sent to network administrators in the event that HSRP
settings change. Protocol monitoring enables you to receive errors for all
HSRP devices on the LAN.
NOTE:
HSRP
If protocol-monitor is set, before HSRP configuration is complete and stable, a
number of error emails may be generated as the HSRP settings are updated to the
proper configuration.
! To set protocol-monitor:
4 Type hsrp, followed by a space, followed by protocol-monitor
and then type one of the following protocol monitor severity levels:
debug-logging
info-logging
warning-logging
error-logging
fatal-logging
no-logging
5 Press <Enter>.
Drop Recovery (DRC)
A-1
D rop Recovery
Appendix A
Drop Recovery
(DRC)
Overview
Drop Recovery Code (DRC) is a unique mechanism used to tackle data loss
problems. Occasionally, the network drops packets. This can occur when
ACCELERATORs are connected over "noisy" lines, or over WAN links
with statistical multiplexing capabilities (such as Frame Relay). Beginning
with ExpandOS 3.5, ACCELERATORs can apply a recovery mechanism to
handle this phenomenon.
This appendix includes the following sections:

! DRC Modes, page A-2.
! Chunk Size, page A-4.
! DRC Rate, page A-4.
! DRC Depth, page A-4.
! Configuring DRC, page A-5.
A-2
DRC Modes
There are currently three different DRC modes:
! DRC Off
! DRC Semi
! DRC Full
DRC Off
In this mode, the DRC mechanism performs the relatively simple task of
segmenting the packets coming out of the ACCELERATOR to the required
chunk size, as described in the following section. The ACCELERATOR at
the other end reassembles the packets. If a chunk is lost, it does not attempt
to recover it but merely waits for the beginning of the next packet, and
continues from there.
It should be noted that the term chunk refers to the data packet travelling
between the machines. The term chunk size (explained in the following
section) defines the largest chunk that can travel between the machines.
DRC off is the default configuration.
DRC Semi
In this mode, the DRC mechanism attempts to recover lost chunks by
retransmitting the lost data (packet) from the originating ACCELERATOR.
The DRC utilizes a reliable retransmission mechanism, enabling it to
retrieve lost data quickly.
No bandwidth is wasted when this mode is used, because the DRC transfers
extra data over the line only when packet loss occurs. This is similar to the
activity performed by other, reliable, higher level protocols (for example,
TCP) running on the line.
In this mode, when a chunk is lost, the DRC accumulates the received
packets and releases them only after the lost packet is retrieved.
Drop Recovery (DRC)
A-3
DRC Full
D rop Recovery
When using this mode, the transmitting ACCELERATOR sends a
correcting chunk (for example, a data delivery assurance packet) for every
predefined number of transmitted chunks. The correcting chunk contains
information about the chunks preceding it, and the receiving side uses these
special chunks to recover lost chunks.
When a chunk is lost, two mechanisms operate simultaneously in an

attempt to recover the lost chunk:
! The retransmit mechanism explained in the previous paragraph (DRC
Semi).
! A recovering mechanism that uses the correcting chunks to recover lost
chunks.
The DRC Full mechanism requires more resources (CPU time per packet
handled) than DRC Semi. Transmitting the correcting chunks also costs in
terms of bandwidth. If the DRC rate (as described on the following page) is
1
set to x, then of the bandwidth is spent for DRC usage, causing a
( x + 1)
reduction in the provided acceleration ratio.
In this mode, as in the DRC Semi mode, when a chunk is lost, the packets
accumulate in the DRC until it can recover the lost data.
A-4
Chunk Size
The chunk size used can be determined using one of two possible methods:
! Automatic: DRC will use 1500 as the chunk size. This option should
be sufficient for most configurations, and is the default configuration.
! Manual: Choosing this option allows the user to manually specify the
required chunk size. The chunk size cannot be configured to be higher
than the interface MTU.
DRC Rate
This feature is only available when working in the DRC full mode. DRC
rate determines the transmission rate of correcting chunks. Setting this
1
value to x, means that of the bandwidth is spent for DRC
( x + 1)
correcting chunks, causing a reduction in the provided acceleration ratio.
1
For example, if the DRC rate is set to 12, then of the bandwidth is spent
13
for DRC usage.
The default setting is 12.
DRC Depth
This feature is only available when working in the DRC full mode. Setting
this value to x means that each correcting chunk contains information about
the x chunks that precede it. The default setting is 255. There is no reason
to change this field value.
Drop Recovery (DRC)
A-5
Configuring DRC
D rop Recovery
This section provides general guidelines about to how to configure the
DRC mode, chunk size, and rate over different lines. The main parameters
are the line BER and round-trip time. Many other factors influence the
required configuration, several of which are not commonly monitored in
most networks, and as such, they are omitted in this section. It should be
noted that these are general guidelines. The behavior on a specific line may
be different, and require more fine-tuning.
Mode Configuration
Use DRC Off over very reliable lines (for example, point-to-point leased
lines). It can be assumed that the line will not be "noisy", causing packet
loss.
On less reliable lines with a relatively low round trip time, use DRC Semi.
It should be noted that the retransmit mechanism works better when the
round-trip time is lower. This is very intuitive, since the success of this
mechanism heavily depends upon the time it takes from when a retransmit
request is sent until the lost data arrives.
When using lines with a relatively high BER, use DRC Full. It should be
noted that when a chunk is lost, two mechanisms attempt to recover it,
namely, retransmit, and the recovery mechanism using the correcting
chunks. The data is recovered when the first mechanism is successful.
When using lines with a low round-trip time, the retransmit mechanism is
usually used. This changes for lines with a higher round-trip time or if the
chunk size or rate value (as described in the following sections) is
decreased.
Chunk Size Configuration

When using DRC Off or DRC Semi, use the default chunk size method,
automatic. There is no benefit in manually configuring the chunk size to
a different size.
A-6
When using DRC Full over lines with a higher probability of packet loss,
especially lines with a higher round-trip time in which the retransmit
mechanism is limited, configure the chunk size manually to 500-1000
(assuming that the defined MTU is higher). This should usually be
performed concurrently when changing the DRC rate to a smaller value, as
described in the following section.
DRC Rate Configuration

Change the default DRC rate (12) only on lines with high chunk loss.
Changing the rate to x means that if there is a chunk loss, the DRC should
handle x/2 chunks on average (with low variance).
Changing the DRC rate should usually be performed when manually setting
the chunk size to a lower value (around 500). This is performed on lines
with high chunk loss and a relatively high round-trip time, in which the
retransmit mechanism is weaker.
IMPORTANT:
Do not trade a lower DRC rate for a higher chunk size. The bandwidth consumed by
the DRC will be higher, without improving the DRC function.
General Configuration Table

The table on the following page can be used to configure the DRC over
various lines, according to the line BER and the round-trip time. Note that
this table does not contain accurate values, since estimates are normally
used. In some extreme conditions, fine-tuning will be required.
General Configuration Tables

The first table below is based on bit error rate, or "BER". In order to
calculate the BER, packets ranging in size between 1050-1550 bytes were
used. The average packet has approximately 10,000 bits (104), so if the
BER to packet percentage loss conversion is performed, the "10E-6"
notation can be dropped, and you should regard the number as a percent.
For example, a number like 2.2*E-6 BER is the same is saying 2.2% packet
loss (according to settings mentioned above).
Drop Recovery (DRC)
A-7
In order to determine the proper DRC setting for your needs, match the line
D rop Recovery
round-trip time to the average error rate, and this is your recommended
setting for proper operation of the ACCELERATOR. Anything above this
figure is considered beyond the capability of the ACCELERATOR.
It is important to note that our lab simulation assumes that the drop rate is
constant. The ACCELERATOR can handle bursts of packet loss if they are
followed by periods of calm. Also, the figures given are lab simulation
results. Real world figures might be different.
NOTE:
-11
For lines with BER < 10 , you can use default settings. For other lines, refer to
the table below.
A-8
ROUND TRIP TIME BER (TWO DIRECTIONS) SETTINGS

100 (ms) < 1.7*10-6 I
1.7*10-6 < < 2*10-6 II
2*10-6 < < 11.5*10-6 III
11.5*10-6 < < 13.8*10-6 IV
200 (ms) < 0.9*10-6 I
0.9*10-6 < < 1.6*10-6 II
1.6*10-6 < < 7.2*10-6 III
7.2*10-6 < < 9.4*10-6 IV
300 (ms) < 0.6*10-6 I
0.6*10-6 < < 1.4*10-6 II
1.4*10-6 < < 5.7*10-6 III
5.7*10-6 < < 8.3*10-6 IV
400 (ms) < 0.5*10-6 I
0.5*10-6 < < 10-6 II
10-6 < < 4.1*10-6 III
4.1*10-6 < < 7.2*10-6 IV
500 (ms) < 0.3*10-6 I
0.3*10-6 < < 0.9*10-6 II
0.9*10-6 < < 3.2*10-6 III
3.2*10-6 < < 6.4*10-6 IV
600 [ms] < 0.2*10-6 I
0.2*10-6 < < 0.8*10-6 II
0.8*10-6 < < 2.3*10-6 III
2.3*10-6 < < 4.4*10-6 IV
Drop Recovery (DRC)
A-9
D rop Recovery
PACKETS: Minimum: 1050 (bytes)
Average: 1300 (bytes)
Maximum: 1550 (bytes)
CONFIGURATION DRC SETTINGS
I semi
II full, 1000, rate 12
III full, 500, rate 12
IV full, 500, rate 6
A-10
Show Commands
B-1
Appendix B
S how Commands
Show Commands
Overview
This appendix provides an analysis of the output generated by the show

command for a specific serial interface and serial subinterface, or by the
show accelerator command that displays which interfaces and
subinterfaces are currently connected to the ACCELERATOR. Core
allocation and acceleration percentages are also examined, as well as the
output for the show system memory.
This appendix includes the following sections:

! Show Interface Serial, page B-2.
! Show Subinterface Serial, page B-5.
! Show Acceleration, page B-8.
! Show Memory Command, page B-12.
! Show Tech Support, page B-15.
B-2
Show Interface Serial

Use the show interface serial 0/0 command to view the current serial
interface configuration information (for the purpose of this appendix, Serial
Interface 0/0 is viewed). The output is displayed as follows:
Bandwidth...........................2000000
Description: Actual line's speed on the DTE interface. Only applicable in
cases where an external clock is provided to the interface.
autodetect subinterfaces............enable
Description: This is applicable only for Frame Relay with subinterfaces. It
enables/disables creation of new DLCIs. In a point-to-point application, this
command will not be present.
mode................................DTE
Description: Read-only parameter.
acceleration........................on
Description: Sets acceleration on/off for interfaces and/or sub-interfaces.
clock rate..............................2000000
Description: DTE port’s clock rate. Please refer to the list of supported
rates. This value is not applicable when the clock source is set to rx external
tx external.
rx polarity.......................low
Description: Sets the sampling method on the Rx clock (rising or falling
edge of the clock signal).
source.....................rx external tx external

Description: Sets the clock source. Refer to Chapter 11, Command
Reference, for a detailed options description.
tx polarity.......................low
Description: Sets the sampling method on the Tx clock (rising or falling
edge of the clock signal).
Show Commands
B-3
counters period
performance.......................30
throughput........................30
S how Commands
Description: Interval of time during which data is calculated.
crc.................................16-bit
Description: CRC method (16-bit or 32-bit). Must be set according to the
Router settings.
description.....................(not configured)
Description: Configurable user description text string for the interface.
drc
chunk-size
method..........................manual
size............................550
depth.............................255
mode..............................full
rate..............................12
encapsulation..autodetect (frame-relay cisco)
Description: Refer to Appendix A for a detailed description of the DRC
feature.
queuing strategy....................fifo
Description: Sets the queuing mechanism used (FIFO, WFQ, PQ, CQ) for
the interface.
hardware type................Multi Bypass Rev: 7

Description: Indicates interface H/W revision.
ignore dcd..........................enable
Description: Indicates if the ACCELERATOR ignores (transmits data
regardless of the DCD signal) or enables (uses the DCD signal from the
WAN termination device).
keepalive-interval..................3
Description: Time interval between keepalive signals. This signal is sent
only when the interface status is connected.
B-4
keepalive-iterations................10
Description: Number of missed keepalive signals after which the status
changes to not connected (S/W bypass). The disconnection time can be
derived by multiplying the keepalive interval value by the keepalive
iterations value.
mtu.................................2000
Description: Defines the maximum packet size that the DCE serial
interface passes to ExpandOS. This parameter should be configured in
consideration of the MTU specified in the router. For further information,
refer to Chapter 3, Configuring the ACCELERATOR.
operational probe...............................5
Description: A packet that is sent from an ACCELERATOR to the other
end of a communications link to determine if another ACCELERATOR is
DCD=U DSR=U DTR=U RTS=U CTS=U

Description: Displays the current logic state of the signals.
type................................cable (v.35)
Description: Indicates the cable type connected to the interface throughput.

---------------+---------------+----------------+-------------
CRC Errors | 5,307 | 5,307 | 0 /Sec
Dropped Bytes | 1,825,474 | 1,825,474 | 0 /Sec
Dropped Packets| 25,426 | 25,426 | 0 /Sec
In Bytes | 35,731,687,024 | 35,731,687,024 |648.71 Kbps
In Packets | 88,756,767 | 88,756,767 | 108.13 /Sec
Out Bytes | 82,609,657,443 |82,609,657,443 | 606.78 Kbps
Out Packets | 129,697,431 | 129,697,431 | 90.9 /Sec
-------------+----------------+----------------+----------
Description: Displays various counters results in different intervals.
Show Commands
B-5
Show Subinterface Serial

Use the show interface serial 0/0.1 command to view the
S how Commands
current serial interface configuration information (for the purpose of this
appendix, Serial Subinterface 0/0.1 is viewed). The output is displayed as
follows:
acceleration..........................on
Description: Enable/Disable acceleration in a subinterface (Frame Relay
DLCI).
bandwidth.............................200000
Description: Rate of the logical interface.
description....................(not configured)
Description: Configurable user description text string for the interface.
drc
chunk-size method...................automatic
mode................................off
interface-dlci........................504
Description: Refer to Appendix A for a detailed description of the DRC
feature.
ip
address.............................0.0.0.0
mask................................0.0.0.0
Description : The subinterface's IP address.
keepalive-interval....................3
Description : Time interval between keepalive signals. This signal is sent
only when the interface status is connected.
keepalive-iterations..................10
Description : Number of missed keepalive signals after which status
changes to not connected (S/W bypass). The disconnection time can be
derived by multiplying the keepalive interval value by the keepalive
iterations value.
B-6
probe.................................5
Description: A packet that is sent from an ACCELERATOR to the other
end of a communications link to determine if another ACCELERATOR is
status
inbound.............................connected,
cores, self loopback
outbound............................connected,
cores, self loopback
transmit-direction....................duplex
Description: Displays the subinterface’s status:
Inbound means into the ACCELERATOR from a remote
ACCELERATOR.
Outbound means from the ACCELERATOR towards a remote
ACCELERATOR.
Loop back detection allows detecting and reporting of a state where the
interface is looped back. This state can be caused by a loop back in the
WAN termination device, for example, CSU/DSU or Modem. In addition,
physical loop back on the WAN interface enables testing.
The ACCELERATOR's detected loop-back state can be displayed via the

show interface command. In this case, the following options are
available:
! self loop back: A loop on the receive/transmit of the interface.
! external loop back: A loop against another interface of the
same machine.
throughput
------------+---------------+---------------+-------------
In Bytes | 4,112,447,714 | 4,112,447,714 | 114.02 Kbps
In Packets | 3,487,704 | 3,487,704 | 11.57 /Sec
Out Bytes | 4,112,451,493 | 4,112,451,493 | 114.02 Kbps
Out Packets | 3,487,709 | 3,487,709 | 11.57 /Sec
Show Commands
B-7
Description: Displays throughput counters data in various intervals:

System up: Since last boot.
Clear: Since last clear counters command issued.
S how Commands
performance
-----------------+-----------+-------------+-------------
in acceleration | +297% | +297% | N/A
lost packets | 1 | 1 | 0
out acceleration | N/A | N/A | N/A
retransmit packets
recovered packets
-----------------+-----------+-------------+-----
Description: Displays performance counters data in various intervals:
In acceleration – Acceleration figures for inbound traffic (into the
ACCELERATOR).
Lost packets: Number of inbound packets lost.
Out acceleration: Acceleration figures for outbound traffic (from the
ACCELERATOR).
Retransmit packets: Number of retransmitted packets.
Recovered packets: Number of packets recovered by the DRC mechanism.
counters period
performance.........................30
throughput..........................30
Description: Configurable period for the performance and throughput.
B-8
Show Acceleration
The show acceleration command shows which interfaces/
subinterfaces are currently connected, how many cores are allocated to each
one and the acceleration percentage in the last sampling period (defined by
the counters period). The output is displayed as follows:
+--------------+--------------+--------------+
|Interface |Resources |Performance |
+--------------+--------------+--------------+
| Outbound |
+-----------+----------+---------------+
| 0/0.10 | 1 | +340% |
| 0/0.9 | 1 | +339% |
| 0/0.8 | 1 | +337% |
| 0/0.4 | 1 | +339% |
| 0/0.7 | 1 | +338% |
| 0/0.2 | 1 | +338% |
| 0/0.6 | 1 | +338% |
| 0/0.3 | 1 | +338% |
| 0/0.5 | 1 | +341% |
+-----------+----------+---------------+
| Inbound |
+-----------+----------+---------------+
| 0/0.10 | 1 | +340% |
| 0/0.9 | 1 | +340% |
| 0/0.8 | 1 | +338% |
| 0/0.4 | 1 | +339% |
| 0/0.7 | 1 | +339% |
| 0/0.2 | 1 | +339% |
| 0/0.6 | 1 | +339% |
| 0/0.3 | 1 | +339% |
| 0/0.5 | 1 | +342% |
+-----------+----------+---------------+
Show Commands
B-9
Expand#
0/1
These are the parameters of the DCE interface:
S how Commands
Bandwidth...........................2000000
autodetect subinterfaces............enable
Mode................................DCE
acceleration........................on
bypass..............................disable
Description: H/W bypass enabling/disabling command.
clock
rate..............................2000000
rx polarity.......................low
source............................rx internal tx
internal
tx polarity.......................low
counters period
performance.......................30
throughput........................30
crc.................................16-bit
dcd.................................enable
description.........................(not configured)
drc`
chunk-size method.................automatic
mode..............................semi
encapsulation.......................autodetect (frame-
relay cisco)
queuing strategy....................fifo
hardware type.......................Multi Bypass Rev: 1
ignore dcd..........................enable
mtu.................................8000
operational
probe...............................5
DCD=U DSR=U DTR=U RTS=U CTS=U
type................................cable (v.35)
B-10
throughput
Data | System Up | Since Clear| Last 30 Secs
----------------+---------------+------------+------------
CRC Errors | 1,844 | 1,844 | 0 /Sec
Dropped Bytes | 0 | 0 | 0 /Sec
Dropped Packets | 0 | 0 | 0 /Sec
In Bytes | 81,883,449,647 | 81,883,449,647 | 606.73 Kbps
In Packets | 76,546,331 | 76,546,331 | 90.7 /Sec
Out Bytes | 37,231,940,341 | 37,231,940,341 | 648.77 Kbps
Out Packets | 76,577,116 | 76,577,116 | 108.33 /Sec
----------------+----------------+----------------+------------
0/1.1
acceleration........................on
bandwidth...........................666666
description.........................(not configured)
drc
chunk-size method.................automatic
mode..............................semi
interface-dlci......................600
ip
address...........................0.0.0.0
mask..............................0.0.0.0
probe...............................5
status
inbound...........................not connected
outbound..........................not connected
transmit-direction..................duplex
Show Commands
B-11
throughput
Data | System U | Since Clear | Last 30 Secs
------------+----------------+----------------+-------------
S how Commands
In Bytes | 81,866,251,961 | 81,866,251,961 | 606.62 Kbps
In Packets | 75,424,059 | 75,424,059 | 89.7 /Sec
Out Bytes | 37,216,284,534 | 37,216,284,534 | 648.65 Kbps
Out Packets | 75,496,299 | 75,496,299 | 107.33 /Sec
------------+----------------+----------------+-------------
performance
Nothing to display.
counters period
performance.......................30
throughput........................30
B-12
Show Memory Command

The show memory command displays the system memory information,
as follows:
memory
RAM size..............................131068
Kbytes
packet
maximum-free-block..................7340032
num-blocks..........................1
num-free-blocks.....................1
status..............................ok
total-get-blocks....................0
total-occupied-bytes................0
Show Commands
B-13
memory
RAM size.....................……....131068 KBytes
Description: The actual installed physical memory in the box. The rest is
S how Commands
internal information regarding the buffers used for packet storage. All
packets in the system, in every queue, interface and DRC module, share
one huge memory pool. These are the statistics for this pool.
packet
maximum-free-block........….7340032
Description: The largest empty block that is currently allocated. This
indicates the fragmentation status of the memory pool.
num-blocks................………1
Description: Into how many blocks the pool is currently divided. Like
maximum-free-block, num-blocks indicates the fragmentation
status. One block means that the whole pool is unfragmented, and the entire
space is contiguous.
num-free-blocks....……...…..1
Description: Same as num-blocks, but only indicates unallocated
blocks, or free space.
B-14
status...................…………....ok
Description: Status of the system. If "not OK" is displayed, the system is
probably about to crash shortly.
total-get-blocks.........……......0
Description: How many times the allocation function has been invoked
since the system was started. This counter increases by 1 every time a
buffer is allocated from the pool.
total-occupied-bytes........……0
Description: How many bytes are currently allocated in the system. This
gives the system wide buffer utilization.
Show Commands
B-15
Show Tech Support

The Show Tech Support command enables you to view a consolidated list
S how Commands
of the information that can assist Expand Networks Customer Support to
better diagnose your technical support queries. Invoking this command
displays the following output on the terminal screen:
! Show version
! Show time
! Show up-time
! Debug events long
! Debug tasks
! Show CPU counter
! Show memory
! Show interface
! Write terminal
For a detailed description of each parameter and examples see the
following:
show-version
ExpandOS, Accelerator 4000 Series
Version 3.5(0)Beta 4
Expand Networks, Inc.
Compiled at April 18 16:42:11 2001(Build 9)
Kernel version: 1.0.1 Compiled at Mon Aug 14
14:26:55 2000 (Build 0)
Bootrom version: No Bootrom info available.
With redundant power
Description: Displays the system version.
show-time
System time is: MON APR 23 08:42:25 2001
Time zone offset: 0 minutes
B-16
Description: Displays the current time.
show-up-time
System is up for 14 hours, 54 minutes and 22 seconds.
Description: Displays the system up time since the last reboot.
debug-events-long
22-APR-01 17:41:32 <info> #25 TrapBasic.cpp(11)
Interface Serial 0/1, changed
state to down
22-APR-01 17:44:43 <info> #25 TrapBasic.cpp(11)
Interface Serial 0/1, changed
state to up...
Description: Displays a full description of events.
debug-tasks
Description: Creates trace task data in a file.
show-cpu-counter
cpu-counter.............................302700
Description: Displays the utilization (in percentages) of the CPU.
show-memory Refer to page B-12 for a detailed explanation.
Description: Displays the amount of memory is available to the system.
show-interface Refer to page B-2 for a detailed explanation.
Description: Displays statistics for all interfaces (serial and Ethernet).
write-terminal
Description: Displays all system configuration changes (deltas from the

default factory-set configuration).
Show Commands
B-17
S how Commands
Calculating Acceleration
C-1
Appendix C
C alculating Acceleration
Calculating
Acceleration
Overview
This appendix includes the formula for calculating acceleration in the

ACCELERATOR, and includes three examples.
ACCELERATOR 2700 Acceleration

Calculation
Outbound acceleration percentage =((serial 0/0 output)/(serial 0/1 input))-1
For Frame Relay, do the calculation for each subinterface individually; that
is, serial 0/0.x and 0/1.x, where x is the subinterface number.
Example 1
The router’s output bytes (the ACCELERATOR’s serial 0/1 in bytes) is
256 Kbps, while the ACCELERATOR transmits to the WAN termination
device (through serial 0/0) at a rate of 128 Kbps. The result is:
(256/128)-1 = 1.00 = 100% acceleration
C-2
Example 2
The router’s output bytes (the ACCELERATOR’s serial 0/1 in bytes) is 4
Mbps, and the ACCELERATOR transmits to the WAN termination device
(through serial 0/0) at a rate of 1.5 Mbps. The result is:
(4/1.5)-1 = 1.666 = 166.66% acceleration
Example 3
The router’s output bytes (the ACCELERATOR’s serial 0/1 in bytes) is
512 Kbps, and the ACCELERATOR transmits to the WAN termination
device (through serial 0/0) at a rate of 512 Kbps. The result is:
(512/512)-1 = 0 = 0% acceleration
This is for outbound acceleration. For inbound acceleration, the reverse

calculation has to be performed, that is, divide the serial 0/1 output by the
serial 0/0 input.
Show Command Examples

The show acceleration command displays percentages that are
computed by looking at the In/Out data as captured by the
ACCELERATOR. The show interface command displays detailed
information about each interface and subinterface. To better understand
how the show acceleration command calculates the percentages, the
specific formulas as well as several examples are provided below.
ACCELERATOR 4000 Acceleration

Calculation
Outbound Acceleration Percentage = ((serial 0/1 input))/(serial 0/0 output))
- 1 x 100%
Inbound Acceleration Percentage = ((serial 0/1 output))/(serial 0/0 input))

- 1 x 100%
Calculating Acceleration
C-3
Byte Counts
Serial 0/0
In Bytes | 17,351,370| 17,351,370| 3.11 Kbps

Out Bytes | 12,107,210| 12,107,210| 1.55 Kbps
C alculating Acceleration
Serial 0/1
In Bytes | 44,819,315 | 44,819,315 | 4.75 Kbps

Out Bytes |104,924,826 | 104,924,826| 19.38 Kbps
Refer to the above right-hand side column (last 30 seconds) numbers for
this example.
Outbound Example
From the router, we received 4.75Kbps, and we output to the CSU
1.55Kbps. The result is (4.75/1.55)-1 = 2.06 x 100% = 206%
Inbound Example
From the CSU, we received 3.11Kbps, and we output to the router
19.38Kbps. The result is (19.38/3.11)-1 = 5.23 x 100% = 523%
This is the amount of data being sent over the WAN link via Serial 0/0, that
is, the ACCELERATOR transmits at 1.55 Kbps, and receives at 4.75 Kbps
at the other end.
The router is transmitting to the ACCELERATOR at 4.75 Kbps for Serial

0/1. The difference between 1.55 Kbps and 4.75 Kbps is the amount that
the ACCELERATOR is saving from transmitting. In this case, the
ACCELERATOR is saving transmitting 3.2 Kbps, a savings of 206%.
The same principle applies to the incoming bytes. The ACCELERATOR

receives 3.11 Kbps from the WAN link, and transmits 19.38 Kbps to the
router. The difference is 16.27 Kbps, a savings of 523%.
C-4
Password Recovery
D-1
Appendix D
Password
Recovery
P assword Recovery
Overview
This appendix describes how to recover a forgotten password. In order to

recover a forgotten password, you are required to delete the entire
configuration file. This can be achieved by accessing the ACCELERATOR
through a console and activating the BootROM commands.
! To recover a forgotten password:

1 Switch off the ACCELERATOR.
2 Reboot the ACCELERATOR, and while it is rebooting, press
<Control-C>.
3 At the Expand prompt, type cd system, and press <Enter>.
4 Type dir, and press <Enter> to display the list of directories:
size date time name

---- ---- ----- ----
4096 DEC-27-2000 15:04:46 <DIR>
4096 DEC-27-2000 15:06:05 <DIR>
1404 DEC-27-2000 15:04:46 EVENTDMP
6234 JUN-07-1997 11:21:16 TASKTR
0 MAY-28-1997 00:21:24 USRCONF
5 Type delete usrconf, to delete the file that contains the
configuration.
D-2
6 Type dir, and press <Enter> to display the updated list of directories:
size date time name
---- ----- ----- -----
4096 DEC-27-2000 15:04:46 <DIR>
4096 DEC-27-2000 15:06:05 <DIR>
1404 DEC-27-2000 15:04:46 EVENTDMP
6234 JUN-07-1997 11:21:16 TASKTR

7 Type reboot, to reboot the system and complete the process.
MAXIMUM PVCs
E-1
Appendix E
MAXIMUM PVCs
Maximum PVC
Overview
ACCELERATOR 4000 Maximum PVCs

The maximum number of supported PVCs per amount of SDRAM Memory
in the ACCELERATOR 4000 is:
128 Mb – 8 PVCs (Default)
192 Mb - 16 PVCs
256 Mb - 24 PVCs
384 Mb - 41 PVCs
512 Mb - 57 PVCs
ACCELERATOR 2700 Maximum PVCs

The maximum number of supported PVCs per amount of SDRAM Memory
in the ACCELERATOR 2700 Series is :
128Mb - 8 PVCs (Default)
192Mb - 16 PVCs
256Mb - 24 PVCs
Log File Events
F-1
Appendix F
Log File Events
L OG FILE EVENTS
Log File Events
Introduction
This chapter describes event log features and lists all commands related to
error messages.
NOTE:
For a list of all ExpandOS events, see the Event Log Reference Guide.
Event Logging
The logging commands allow you to record events such as errors,
warnings, and state transitions. Logging starts automatically when the
system boots up. The logging and notification settings enable you to
monitor the ACCELERATOR's activities on your network. The logging
feature in the ACCELERATOR can save messages in a local log file or
direct the messages to other devices. The logging functions include:
! Storage of logging information for monitoring and troubleshooting.
! Selection of the types of captured logging information.
! Definition of the destination for captured logging information.
F-2
Levels of Severity
The following logging levels are supported:
! Debug: Debugging messages
! Info: Informational messages
! Warning: Warning conditions exist
! Error: Error conditions exist
! Fatal: Unit failure
L OG FILE EVENTS
These levels are related to the severity levels used by e-mail and broadcast
functions. When used with these, the user can define the minimum and
maximum event logging (range) that will be emailed or broadcasted.
Debug Events
Events that are recorded to assist in diagnostics of issues within the
operation of the ACCELERATOR. These events are principally of a
technical support nature .For example:
21-OCT-00 10:39:49 <debug> #1 corehandler.cpp(521)

CoreHandlerR::CoreHandlerR Inbound connection
established at 0/0.1.
21-OCT-00 10:39:50 <debug> #1

corehandler.cpp(1389) CoreHandlerS::CoreHandlerS
Outbound connection established at 0/0.1.
Info Events
Status changes that occur in the normal operation of the system, for
example:
29-MAY-97 22:01:27 <info> #1 bundle.cpp(2620)

Bundle::Bundle System core was updated.
03-OCT-00 03:10:36 <info> #1 GeneralInfo.cpp(47)

RebootUCF::RebootUCF System has been shutdown at
user request.
Log File Events
F-3
Warning Events
Events that identify issues or configuration errors within the
ACCELERATOR. The system continues to run, but action may be required
to return the ACCELERATOR to normal operating standards, for example:
20-OCT-00 10:14:14 <warning>#1

MultiBypassDC.cpp(771) MultiBypassDC::MultiBypass
DC wrong emulation type.
20-OCT-00 10:14:21 <warning>#1 NetDevice.cpp(648)
L OG FILE EVENTS
PortOptionMultiType::PortOptionMultiType error
emulation type.
Error Events
Events that may occur sporadically but from which the ACCELERATOR
easily recovers, for example:
14-OCT-00 07:50:07 <error> #1 NtpClient.cpp(214)

NtpClient::NtpClient SNTP: Time couldn't be
updated.
20-OCT-00 23:22:02 <error> #6054

HitachiScaII.cpp(643) HitachiScaII::HitachiScaII
out of memory.
Fatal Events
Events for which corrective action must be taken before the
ACCELERATOR will return to operation, for example:
23-SEP-00 07:37:59 <fatal> #1

TWDSupervisor.cpp(26) TWDSupervisor::TWDSupervisor
Watch Dog: Reboot system due to a failure of
client, named: TelnetDaemon.
F-4
Log Message Formats

Log messages are displayed in the following format:
TIMESTAMP: <LEVEL of SEVERITY> #OCCURENCE: Message-text;

! Timestamp: Log date and time, in the following format:
dd/mmm/yy,hh:mm:ss
! Level of Severity: Debug, information, warning, error, or fatal.
L OG FILE EVENTS
! Occurrence: The number of times this log has been recorded.
! Message-text: Text string containing detailed information about the
event being reported.
The following are sample log messages:
25-NOV-00 11:27:20 <debug> #3 corehandler.cpp(583)

Inbound connection established.
20-OCT-00 10:14:14 <warning>#1

20-OCT-00 23:22:02 <error> #6054

HitachiScaII.cpp(643) HitachiScaII::HitachiScaII
out of memory.
TWDSupervisor.cpp(26) TWDSupervisor::TWDSupervisor
Watch Dog: Reboot system due to a failure of
client, named: TelnetDaemon.
Configuring Logging Commands

! To enter Logging configuration mode:
1 Type enable at the prompt, and press <Enter>. The enable prompt
is displayed.
2 Enter Primary Configuration mode.
Log File Events
F-5
3 Type logging at the prompt, and press <Enter>. The logging

prompt is displayed.
4 Type the required command, as described below, and press <Enter>.
NOTE:
For further information, refer to Chapter 11, Command Reference.
Autosave Period
Autosave period determines (in seconds) when the AutoSave function is
L OG FILE EVENTS
performed. This setting enables the ACCELERATOR to save its local log
files to the Flash.
! To configure autosave period:

1 In Logging configuration mode, type autosave period, followed
by a space, and type a number between 10-1000000.
2 Press <Enter>.
Broadcast
Broadcast configures how log messages are sent, the importance of each
message, and where they appear.
! To view the broadcast options:
In Logging configuration mode, type broadcast ?, and press <Enter>

to view the Broadcast options:
active Sets broadcast active state to yes or no.
priority Sets priority of users for sending messages

(between 1-15). This is related to the logged user
with this or higher privilige level.
Severity Sets severity limits to maximum or minimum.

F-6
terminal Defines to which terminal to send messages.
! To enable the broadcast state:

1 In Logging configuration mode, type broadcast active, followed
by a space and the required value setting:
# no, for a false value,
-or-
# yes, for a true value.
L OG FILE EVENTS
2 Press <Enter>.
! To set the broadcast priority:

1 In Logging configuration mode, type broadcast priority,
followed by a space and the priority level <1-15 (higher)>.
2 Press <Enter>.
! To set the broadcast severity:

1 In Logging configuration mode, type broadcast severity,
followed by a space and the required value setting:
# maximum, to set the severity of messages to send to maximum,
-or-
# minimum, to set the severity of messages to send to minimum.
2 Press <Enter>.
! To set the broadcast terminal:

1 In Logging configuration mode, type broadcast terminal,
followed by a space and then the required terminal:
# auxiliary,
-or-
# console,
-or-
# telnet,
2 Press <Enter>.
Log File Events
F-7
Show
Show enables the user to look at specific settings, as required, instead of
the entire log table. Aliases, autosave, broadcast, mail, and syslog
information can be located using the show command when in the Logging
configuration mode.
! To view specific settings:
1 In Logging configuration mode, type show, followed by a space and
then the required setting:
L OG FILE EVENTS
# alias, to view aliases defined for the logging mode,
-or-
# autosave, to view autosaved data,
-or-
# broadcast, to view broadcast information,
-or-
# mail, to view e-mail information,
-or-
# syslog, to view syslog information.
2 Press <Enter>.
Syslog
Syslog determines where the syslog server is located (IP address), what
types of levels are sent, and at what severity level. Configuring syslog
levels involves defining codes that will enable the syslog daemon to
interpret ACCELERATORs H/W ExpandOS events. Codes must be
defined for the facility (to identify the ACCELERATOR in the user
network level) and level error (identifies the level of the system event :
information, warning or error) parts of syslog messages.
! To configure syslog:
1 In Logging configuration mode, type syslog, followed by a space
and then the required setting:
# active, for the syslog active state,
F-8
-or-
# facility, for facility's data,
-or-
# level, for facility's level of sent messages,
-or-
# server, for syslog information,
-or-
# severity, for severity limits.
L OG FILE EVENTS
2 Press <Enter>.
! To configure syslog active:

1 In Logging configuration mode, type syslog active, followed by
a space and then the required value:
# no, for a false value,
-or-
# yes, for a true value.
2 Press <Enter>.
! To configure syslog facility:

1 In Logging configuration mode, type syslog facility, followed
by a space and then the required number <0-21>.
2 Press <Enter>.
! To configure syslog level:

1 In Logging configuration mode, type syslog level, followed by a
space and then the required setting. ExpandOS allows assignment of
levels to ACCELERATOR severity. ACCELERATOR severity has to
be mapped to a syslog level.
2 Press <Enter>.
! To configure the syslog server:

1 In Logging configuration mode, type syslog, followed by a space
and then the required entries:
Log File Events
F-9
# ip, to configure the syslog server IP,

-or-
# port, to configure the syslog server port.
2 Press <Enter>.
! To configure syslog severity:

1 In Logging configuration mode, type syslog severity, followed
by a space and:
# maximum, to set the severity of messages to send to maximum,
L OG FILE EVENTS
-or-
# minimum, to set the severity of messages to send to minimum.
2 Press <Enter>.
F-10
! To configure syslog facility

! In Logging configuration mode, type syslog facility followed by the
number for following codes:
KERNEL =0 , /* kernel messages */
USER =1 , /* random user-level messages */
MAIL =2 , /* mail system */
DAEMON =3 , /* system daemons */
AUTH =4 , /* security/authorization messages */
L OG FILE EVENTS
SYSLOG =5 , /* messages generated internally by syslogd */
LPR =6 , /* line printer subsystem */
NEWS =7 , /* network news subsystem */
UUCP =8 , /* UUCP subsystem */
CRON =9 , /* clock daemon */
/* other codes through 15 reserved for system use */
LOCAL0 =16 , /* reserved for local use */
LOCAL7 =23 /* reserved for local use */
Writing the Configuration

With logging capabilities configured within the ACCELERATOR, the
following is an example of what one could expect to see after performing
the write terminal command in Enable mode:
logging
mail recipient 1 active yes email
support@expand.com
mail domain expand.com
mail active yes
mail from accelerator@expand.com
syslog active yes
Log File Events
F-11
syslog level fatal 7

syslog level error 5
syslog level warning 3
syslog level info 2
syslog level debug 0
syslog server ip 192.168.1.1 port 514
autosave period 70
broadcast active yes
NOTE:
L OG FILE EVENTS
This is the only logging section of the configuration.
Showing Logging Configuration

Use the show or show logging command to view the current
configuration information.
! To view the current configuration information:
From Logging configuration mode, type show, and press <Enter>. The
current configuration information is displayed, as follows:
logging
autosave period.......................60
broadcast
active..............................no
priority............................1
severity
maximum...........................fatal
minimum...........................debug
terminal............................auxiliary,
console
mail
active..............................
domain..............................(not
configured)
from................................(not
configured)
recipient
F-12
active..........................no
email...........................(not
configured)
2
active..........................no
L OG FILE EVENTS
email...........................(not
configured)
3
active..........................no
email...........................(not
configured)
server
ip................................0.0.0.0
port..............................25
severity
maximum...........................fatal
minimum...........................debug
syslog
active..............................no
facility............................1
level
debug.............................15
error.............................11
fatal.............................10
info..............................14
warning...........................12
server
ip................................0.0.0.0
port..............................514
severity
maximum...........................fatal
minimum...........................debug
Log File Events
F-13
Viewing the Event Log

All events are stored within the ACCELERATOR in the flash memory
area. Log events display in time stamped order . If the memory buffer
becomes full, the oldest event in the buffer is replaced by the most recent
event.
The events within the log can be displayed using one of several commands.
Using the 'show events' or 'debug events' command group will define what
output is displayed regarding data stored in the event log.
L OG FILE EVENTS
Filtering allows the viewer to determine what type or types of events are
desired.
! To view events in the Events Log:

1 In Primary Configuration mode, type show events, followed by a
space and the required range, as follows:
# long, for the long format,
-or-
# short, for the short format,
-or-
# filter [message] or [severity], to filter the results by
required fields, for example: filter fatal, to receive only
fatal messages
-or-
# sortby, sorting the field.
2 Press <Enter>.
! To debug events:
1 In Enable mode, type debug events, followed by a space and the
required range, as follows:
# all, to display events giving the long format,
-or-
# long, to display events, giving the full description.
2 Press <Enter>.
F-14
! To filter events:
1 In Primary Configuration mode, type show events filter,
followed by a space and the required range, as follows:
# message, to display the message counter's range,
-or-
# severity, to display severity's range.
2 Press <Enter>.
L OG FILE EVENTS
NOTE:
To clear all entries in the Events Log, type clear events.
The following is a sample event log display:

DPFACC# debug events all
24-MAY-97 21:49:45 <debug> #1 corehandler.cpp(509)
24-MAY-97 21:49:46 <debug> #1
Bundle::Bundle System core was updated.
Bundle::Bundle System new image opened.
29-MAY-97 22:02:34 <debug> #1
Outbound disconnecting at 0/0.2 due to timeout of
peer keepalives.
29-MAY-97 22:02:37 <debug> #1
20-OCT-00 10:14:14 <error> #1 WanIc500.cpp(899)
DaughterCard::DaughterCard wrong emulation type.
20-OCT-00 10:14:14 <warning>#1
Log File Events
F-15
20-OCT-00 10:14:21 <warning>#1 NetDevice.cpp(648)

PortOptionMultiType::PortOptionMultiType error
emulation type.
20-OCT-00 10:15:22 <debug> #1
Outbound disconnecting at 0/0.4 due to timeout of
peer keepalives.
CoreHandlerR::CoreHandlerR Inbound disconnecting
at 0/0.4 due to timeout of peer keepalives.
L OG FILE EVENTS

Expand Accelarator - Exos4.0UserGuide

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Expand Accelarator - Exos4.0UserGuide

Hochgeladen von

Copyright:

Verfügbare Formate

Expand Networks

Toll Free: +1-888-892-1250

© 2001 Expand Networks

Copyright© 2001 Expand Networks Inc. All rights reserved.

Flex 2.5™ includes software developed by the University of California,

Terms and Conditions of Sale

Price and Payment

Title and Security Interest

About This Guide

This guide contains the following chapters:

! Chapter 10, Upgrading ExpandOS, describes how to upgrade

I ntroducing the Accelerator Series

About This Chapter

This chapter provides an introduction to Expand's ACCELERATORs and

This chapter includes the following sections:

What are ACCELERATORs?

The challenge is to have the capacity to transmit ever-increasing amounts

The Expand ACCELERATOR Series offers an effective solution for

How the ACCELERATOR Works

I ntroducing the Accelerator Series

Private Line Network

The following diagram shows a typical installation of a T1 private line

A data packet is passed from the router to the ACCELERATOR, where it is

Frame Relay Network

The ACCELERATOR automatically identifies if there is another

The following diagram shows typical integration of ACCELERATORs in a

Each ACCELERATOR can synchronize with every other

The possible number of PVCs handling accelerated data in a network is

I ntroducing the Accelerator Series

The ACCELERATOR can be located either On-Path or On-LAN.

ACCELERATOR 4800 ACCELERATOR 4800

In this configuration, Hot Standby Routing Protocol (HSRP) or Virtual

I ntroducing the Accelerator Series

Configuration and Management

The ACCELERATOR operating system, ExpandOS, provides a wide range

The ACCELERATOR requires some basic initial configuration in order to

Installing the ACCELERATOR

Connecting to the Console

! To connect the console interface:

I ntroducing the Accelerator Series

About This Chapter

Following successful installation of the hardware, the ACCELERATOR is

This chapter includes the following sections:

Accessing Configuration Options

5 In Enable mode, type configure terminal, and press <Enter>.

Defining the IP Address and the Default

! To define the default gateway:

3 Type ip default-gateway, followed by a space, and then the IP

Writing the Configuration to the Flash

ExpandOS maintains its software and configuration on a flash. In order to

! To configure a password for Initial Login mode:

4 To save the password, follow the Writing the Configuration to the

Configuring the Time and Date

! To configure the time and date of the ACCELERATOR:

2 Type clock, and press <Enter>. The clock prompt is displayed.

4 To save the configuration, follow the Writing the Configuration to the

Configuring the Modem

! To configure the modem:

3 Type modemcap edit, followed by a space and the name of the

! To alter the modem type:

Monitoring the Power Supplies

With the ACCELERATOR 4000 Revision B, this is conditional upon the

! To enable monitoring of the power supply and set the