| |
How you configure an on-demand PPP connection depends on the decisions you make concerning the following topics:
You should choose the transport that will best serve the needs of your NetWare® Link/PPPTM connection.
Voice-grade telephone lines can be used to establish low-bandwidth (typically 2,400 bps to 28,800 bps) on-demand connections. Integrated Services Digital Network (ISDN) lines can be used to establish medium-bandwidth (56/64 Kbps to 112/128 Kbps) on-demand connections. Depending on bandwidth requirements, on-demand connections placed over Public Switched Telephone Network (PSTN) lines can be a simple and quick way to establish temporary connectivity between remote LANs.
If low-bandwidth connections do not suffice, you can consider a switched data service, such as switched/56 or switched/256. Switched services can offer significant cost savings over dedicated circuits with the same bandwidth.
Synchronous interfaces operating over ISDN lines are excellent for on-demand connections because they provide 2 to 30 times the bandwidth of analog connections at significantly lower error rates.
Standard network protocols generally expect each WAN circuit to provide permanent connections to all remote systems. The reason is that the network protocols rely on periodic communication with remote systems to dynamically exchange routing updates and, in the case of the Internetwork Packet ExchangeTM (IPXTM ) protocol, service advertising updates. These periodic exchanges identify the network routes and services that are known on each remote LAN accessed over the WAN connections.
Depending on the size of each remote LAN and the speed of the WAN connection, periodic maintenance exchanges can result in a constant stream of data across the NetWare Link/PPP connection. This constant stream of data prevents on-demand connections from terminating using idle-link detection. However, without the maintenance exchanges, Network-layer protocols do not have the information required to route data to the proper remote systems, and on-demand connections are never established because the local network protocols are not aware of the accessible WAN routes and services.
To provide the required route and service information without tying up the on-demand connection, the Novell Internet Access Server 4.1 routing software offers two alternatives:
Static route and service databases ---Each database is network protocol-specific and contains a manually configured subset of the route and service information. Manual configuration eliminates the need for periodic maintenance updates because the required route and service information is already available in the static databases of each system.
A single static route is also useful as a default route for IPX or TCP/IP hosts. In this way, the only routing information crossing the link is that required by users to access a specified set of services.
For information about configuring static routes and services, refer to the documentation that describes configuration for the network protocol that will run over the WAN connection.
Routed on-demand calls (with IPX and IP protocols) ---Rather than using static routing information, a routed on-demand call runs the IPX or IP routing protocol over the link. Because routing protocols would produce steady traffic over a link, the timeout for a routed on-demand call is based on the receipt of Network-layer data packets. Routed on-demand calls are well-suited for large corporate networks that have many branch offices. For information about protocol configuration for routed on-demand calls, refer to "Setting Up" in the appropriate protocol documentation.
The use of public-switched data or telephone networks introduces the possibility of call attempts by unauthorized remote systems. To provide protection against unauthorized router access, the PPP specification defines two optional authentication protocols that authenticate inbound call attempts: the Password Authentication Protocol (PAP) and the Challenge Handshake Authentication Protocol (CHAP). These protocols ensure that the local system can accept calls from only authorized remote systems. Authentication is based on a remote system identified by a user ID and a password.
With NetWare Link/PPP, you can configure each interface to support one of the following methods for inbound call authentication:
The main difference between PAP and CHAP is that PAP sends the password string across the WAN in clear text, whereas CHAP is a more secure authentication protocol because it uses the password to encrypt a challenge string. Note, however, that not all PPP products currently support CHAP authentication.
For on-demand connections, you must configure outbound calls to specify an authentication protocol type, an ID, and a password. To accept inbound on-demand connections, you must configure the PPP interface to validate the authentication information supplied by the calling system.
For more information about NetWare Link/PPP and call authentication, refer to Understanding.
Each permanent outbound call configuration identifies a specific NetWare Link/PPP interface that is used to place the call to a remote system. However, when supporting on-demand connections, you might want to have a group of interfaces that can be shared between outbound connections. If each interface in the group provides the same capabilities, any available interface can be used to establish an on-demand outbound connection to a remote system. Furthermore, if all the interfaces are attached to switched circuits that are represented by the same telephone number, inbound calls placed to that telephone number can be accepted over any available interface in the interface group. This is similar to a multiple-line business telephone. To place an outbound call, you select any available line. Multiple inbound calls placed to the main office number are directed to any available line.
NetWare Link/PPP lets you assign a symbolic name to a group of interfaces that have similar characteristics. At configuration, you can select an interface group name rather than a specific interface name for making outbound calls. Selecting an interface group name directs NetWare Link/PPP to use any available interface within the group to establish the connection.
Defining an interface group (F4 from the Network Interfaces screen in NIASCFG) lets you make an on-demand call on any of several network interfaces without creating an individual WAN call destination for each interface. All you need to do is specify the interface group name in place of the interface name in the WAN call destination. When the call is made, the specific interface is selected from the group. Because an interface is selected automatically when the call is made, you do not need to dedicate interfaces to specific destinations. This flexibility in selecting interfaces lets you use your WAN hardware more efficiently.
If you are dialing up and logging in to a dial-up service provider, you must decide whether you need to use a login script. Login scripts facilitate this process by defining a command/response dialog that takes place between a router and a remote server at dial-up. According to syntactical conventions, certain login script strings are interpreted as output to be sent by the router (a command to the remote server), whereas others are interpreted as input to be listened for by the router (an expected response from the remote server).
NetWare Link/PPP provides a login script for logging in to a network. For information about customizing a login script to meet your site's needs, refer to Customizing PPP Login Scripts.
| |