












                    DEFENSE INFORMATION SYSTEM NETWORK



                           DIAL-IN DATA SERVICE





                            PILOT INSTALLATION


                                USER GUIDE








                             January 13, 1995









                     Defense Information System Agency
            Joint Interoperability and Engineering Organization
                       Center For System Engineering
              Data Networks System Engineering Division(TEFE)
                                Parkridge 3
                           10701 Parkridge Blvd
                       Reston, Virginia  22091-4398

                                     

                                     
Purpose   

The purpose of this document is to describe the pilot
implementation of the Defense Information System Network (DISN)
dial-in service. This pilot installation of the Communication
Server(CS)/Network Server(NS) combination will provide the future
subscribers a chance to familiarize themselves with the DISN
dial-in service  and allow them to develop the terminal
configuration best suited for using this service.  The pilot
implementation will stay active until the establishment of the
dial-in service on the router network.


Background

The Defense Data Network (DDN) is comprised of the Military
Network (MILNET), the Defense Secure Network (DSNET)1, DSNET2,
and DSNET3.  MILNET provides dial-in and dedicated ports for
users who require asynchronous, terminal connectivity to Host
computers.  This service is provided via a BBN C30 Terminal
Access Controllers (TAC).  The present MILNET users will
transition to a CS on the Unclassified but sensitive Internet
Protocol Router Network (NIPRNET) and the MILNET will be shut
down prior to Fiscal Year (FY) 96.  Presently, DSNET1 does not
provide a dial-in capability but does support directly connected
terminals.  A dial-in service will be implemented on the Secret
Internet Protocol Router Network (SIPRNET).  The SIPRNET will be
replacing the DSNET1, which will be deactivated prior to FY 96. 
NIPRNET and SIPRNET are part of the DISN.

The CS will provide the subscriber access to the NIPRNET and the
SIPRNET.  This access from the subscriber equipment to the CS
will be via dial-in asynchronous lines.  V.3225 modems are
planned for use on the NIPRNET access lines and will be capable
of evoking compression to achieve a maximum throughput rate of
19.2kbps while having a line rate (modem to modem) of 9.6kbps. 
Access to the SIPRNET will be via a Secure Telephone Unit III
(STU-III) utilizing the Secure Access Control System (SACS).  The
STU-III will operate at a 14.4kbps line rate (STU-III to STU-III)
and can achieve up to 38.4kbps throughput when using the
compression mode of operation.


Terminal Support

The less sophisticated terminal, sometimes referred to as a "dumb
terminal", can communicate with a remote host via the CS by
utilizing the Telnet and TCP/IP protocols provided in the CS. The
terminal user would issue the necessary Telnet commands from the
keyboard for opening and closing connections to remote hosts, and
performing the various data transfers allowed by the Telnet
protocol.    

The CS also supports access from subscriber equipment running
terminal emulation programs.  Since these units are more
sophisticated than the "dumb terminal" more intricate operations
can take place between the terminal and the remote hosts.  Thus, 
these terminals can support file transfer programs such as Kermit
over the dial-in lines.  The Attention Characters associated with
the CS can be disabled so that binary files can be transferred
through the CS without any adverse affects taking place. 

 
Host Support

For the users with equipment such as PCs and Workstations, they
can enjoy full internet capabilities by running TCP/IP suite of
protocols over a dial-in line that supports Serial Line Internet
Protocol (SLIP), Compressed SLIP (CSLIP), or Point-to-Point
Protocol(PPP) or Compressed PPP (CPPP).  While one must be aware
of the dial-in connection's line speed, these units are fully
functional hosts on the network.  These dial-in hosts have the
same networking capabilities as if they were directly connected
to the network.  In this case an IP address needs to be assigned
for that line since the TCP connection is now between the dial-in
host and the distant host, rather than between the CS and the
distant host.  The CS will be configured to provide the IP
address to the dial-in host.  Therefore, the dial-in host must be
capable of adopting that IP address on a call by call basis.


Subscriber Connection Process

In order to establish a connection to a distant host the
subscriber must first connect to the CS via a dial-up line.  The
subscriber establishes this connection through the switched
telephone network by dialing the number of the CS location. 
Generally, this number will be in a rotary hunt group as will all
phones/ports at that location.  SIPRNET subscribers will dial-in
with their STU-IIIs to a 14.4kpbs STU-III at the CS port which
will provide access control with its SAC feature.  Before the
subscriber is given access to the network, an authentication
procedure controlled by the CS must be completed.  The subscriber
must input an User ID and Access Code, which the CS will pass
along to the NS for verification.  The NS is located on the
network and the CS communicates with it via the XTACACS protocol. 
Once the ID and Password have been verified then the subscriber
is allowed to establish a connection through the network to any
distant host to which it has been authorized access.  

The distant host can then enforce its own access control
procedure and typically requires the user to present a proper
password.  Thus, the NIPRNET subscriber encounters two separate
logons: one to access the network and a second to access a
particular host on the network.  The SIPRNET subscriber
experiences three access control procedures.

When the operational dial-in service is provided on the NIPRNET
the user will be able to access the CS via a 1-800 service or by
a local dial-in service in CONUS.  Not everyone will have access
to a local CS so the 1-800 service is required for these
individuals.  It is also available for anyone who is on temporary
duty (TDY) such that they cannot access their local CS.  The
SIPRNET will also use a 1-800 service in CONUS.  Both networks
will deploy at least one or two CSs in each foreign country where
major US forces are deployed.

Pilot Dial-in Service

Prior to installing the dial-in service on the router networks a
pilot implementation is being provided so that users can
familiarize themselves with this service.  The CS and NS are
located at the Center For System Engineering (CFSE)lab in the
Parkridge III building in Reston, VA.  One purpose for providing
this pilot capability is to allow existing DDN dial-in
subscribers to modify their terminal configuration and scripts to
verify that they will be compatible with the dial-in service that
will be provided on the router networks.  Since this is a COTS
product and not built to be an exact replica of the present TACs
there will be some differences in the operational procedures.  In
addition, the new service will provide added features such as the
SLIP and PPP protocols, so users can test any new implementations
that they my want to acquire and configure to take advantage of
these added capabilities.  Also, compression software can be
activated to take advantage of the faster compressed speeds.

The CS is a Cisco 2511 model which has a Motorola 68030
microprocessor @ 20MHz, 2Mb of RAM, and 16 asynchronous ports.  
Thirteen asynchronous ports will be equipped with a Motorola
V.3225 modem (the same modem used with the TACs).  The ports will
be configured for 9600bps which is the speed presently supported
on the TACs.  The compression feature will allow throughput rates
up to 19.2kbps.  Two asynchronous ports will be equipped with
AT&T Model 1910 STU-III SACS to permit future SIPRNET subscribers
to emulate operation of that network. 

The CS supports the Telnet Virtual Terminal protocol along with
the TCP/IP protocols.  The Extended Terminal Access Controller
Access Control System (XTACACS) protocol is used by the CS to
communicate with the associated network server to perform the
authentication and access control function.  On the SIPRNET the
XTACACs protocol will be used for audit purposes only as the STU-
III will perform the authentication and access control function.

Two SUN SPARC workstations will be installed as Network Servers
(NS) to house the User ID and Access Code database.  One SUN
SPARC workstation will be located at the Parkridge site and the
other unit will be located at the NIC in Chantilly, VA.  The
Parkridge unit will be the primary NS while the Chantilly unit
will be the alternate NS.  The NIC personnel will handle the
additions and deletions to the databases.  As noted above the NS
in conjunction with the CS will be used to perform the
authentication and access control function. 

Telephone Numbers

The pilot installation will not provide a 1-800 number but will
only provide local numbers.  The CS has 15 active ports with 13
of them assigned to the NIPRNET and 2 assigned to SIPRNET.  

The commercial telephone number for the NIPRNET is 703-487-3216
commercial and 364-3216 for the Defense Switched Network (DSN). 
This is rotary hunt group of 13 lines.  

The SIPRNET numbers are 703-487-3369 and 364-3369 (DSN).  This is
a rotary hunt group of 2 lines.  The SIPRNET users must access
the CS via a STU III phone.  The pilot STU-IIIs will be operated
with unclassified key material.

NOTE: The telephone prefixes for the above numbers will change
March 4, 1995.  487 will be changed to 735 and 364 will be
changed to 653. 

Modem Option Selection

Modems are shipped configured with a factory set of options
already selected which is usually referred to as the default
settings.  Because of the number and variety of applications most
modems require some option changes to fit to a particular
application.   Normally, the options can be changed or selected
by the front panel controls on the modem or by AT commands from
the terminal.  One must refer to the particular modem manual for
the various controls and AT commands since they are not standard
across all vendor products.  

The AT commands are preceded by the AT characters which serve as
the attention code telling the modem that a command statement
follows.  So that, ATD555-1212 instructs the modem to dial the
number 555-1212.  AT informs the modem that a command will follow
and in this case D is the dial command followed by the number. 

A typical terminal/modem configuration is shown below.  These
settings are recommended but may not be the best options for all
implementations.  Cisco requires that XON/XOFF software flow
control be disabled and that CTS/RTS hardware flow control be
enabled.

  - DTE data rate set to 19,200
  - DCE line speed set to 9,600
  - Data compression is enabled
  - XON/XOFF flow control is disabled (see note)
  - CTS/RTS flow control is enabled
  - Data Carrier Detect (DCD) is turned on when carrier is
present 
  - Modem disconnects when Data Terminal Ready (DTR) drops 

NOTE: When using SLIP or transmitting binary data it is 
necessary that the XON/XOFF flow control be disabled.

Registration

Anyone wishing to participate in this pilot program must first
register to use the pilot installation.  Present MILNET users who
are transitioning to the NIPRNET can have their User IDs and
Access Codes, as specified on their DDN TAC Access Cards, honored
by the pilot installation.  A potential NIPRNET user without a
TAC Access Card can obtain one through normal channels by
contacting his/her host administrator.  The User ID and Access
Code from the card must then be installed in the database of the
NS associated with this pilot installation.  This can be
accomplished by sending an e-mail to Registrar@nic.ddn.mil.  The
NIC will place the User ID and Access Code into the NS database
for a 30 day period.  If more than 30 days are required for
testing, then an extension can requested. Please allow 3 working
days for this entry into the database to occur.

The situation is different for present day users on DSNET1 who
are transitioning to the SIPRNET.  They do not possess a TAC
Access Card.  Therefore, a temporary or guest card will be made
available for these individuals who wish to utilize the pilot
installation.  Points of contact for obtaining these cards are
listed below.
               Anthony Brewer       703-487-3238
               LCDR Dorothy Fricke  703-487-3236
               James Nostrant       703-487-3238
               John Staple          703-487-3236

NOTE: The prefix for the above numbers will change on March 4,
1995.  487 will be changed to 735.


There will be guest cards available for the duration of this
pilot installation.  Everyone should be aware that the normal
security procedures that apply to the regular TAC Access Cards
also apply to these guest cards.  Each person will be required to
complete a questionnaire before the guest card is issued.  A
sample form is attached as Appendix F.  When the guest card is
issued, the DISA POC shown above, will contact the NIC and have
the User ID and the Access Code entered into the NS database. 

Since this application utilizes the STU-III, the Crypto Ignition
Key (CIK) Serial Number will be required.  This number will be
listed in the Secure Access Control System (SACS) as noted in the
section entitled SIPRNET Security Requirements.    


Traffic Restrictions

Since this pilot installation is connected to the operating
network it is requested that only test traffic be sent over this
configuration. This is a test set up and is not equipped to
support operational traffic loads.  Also, to prevent congestion
on the pilot CS, it is requested that a time limit of 30 minutes
be observed for each session.  This time limit should provide
enough time for users to modify, test, and verify new login and
logout scripts.  Of course, if there are applications that
require more time then feel free to take all the time required to
sufficiently test that particular application.

NOTE:  Use of the Pilot Communication Server is subject to the
same security precautions and restrictions as used on the DDN
TACs.  User IDs and Access Codes should be protected and not
shared.  This service is for official DOD business only.

SIPRNET Security Requirements  

This pilot installation is providing connectivity to the
Unclassified but Sensitive Internet Protocol Router Network
(NIPRNET).  As such, all traffic and equipment (hardware and
software) must be unclassified.  This will require potential
SIPRNET users to conduct their tests using unclassified hardware
and software.  The distant hosts that they connect to must also
be unclassified.  They should contain the same application that
would be used in an operational SIPRNET host but has never been
connected to a secret network.  The STU-III at the CS will be
keyed to the unclassified level and the Secure Access Control
System (SACS) of the STU-III will be used to block any calls from
non registered users.  In order that the STU-III be included in
this SAC Database, the Crypto Ignition Key (CIK) Serial Number of
the unit must be provided.   Any STU-III Type1 device may be
utilize.  The user's STU-III is not required to have the SACS
feature, only the STU-III attached to the CS needs this feature.


User Interface

The command interpreter in the Cisco CS is called the EXEC.  The
EXEC interprets the commands that you type and carries out the
corresponding operations.  You must log into the CS before you
can enter the EXEC commands.  For security purposes, the EXEC has
two levels of commands: user and privileged. This section focuses
on the user EXEC mode.  The privileged EXEC mode is reserved for
use by the system administrator.  The user EXEC commands are a
subset of the privileged EXEC command set.  The user EXEC mode
prompt is indicated by the greater than sign (>) while the
privileged EXEC mode prompt is indicated by the number sign (#). 

The EXEC commands at the user level are generally utilized to
connect to remote systems, temporarily change terminal settings,
perform basic tests, and list system information.  A list of the
user EXEC commands can be obtained by entering a question mark
(?) at the user EXEC mode prompt (cfse-2511>).  A list and
description of the user commands are shown in Appendix D.
The user EXEC mode prompt is presently configured as shown for
the pilot installation but will change on the operational network
to indicate the name or number of each particular CS.

Terminal Commands

The terminal commands allow you to change the terminal parameters
and line settings locally.  The local settings temporarily
override those made by the system administrator and they remain
in effect only for the duration of the connection.  

To obtain information about the current terminal configuration
parameter settings, enter the show terminal command.  

Settings can be changed or removed by using the keyword no 
before the command.  For example, the following command will
remove any padding characters that were previously set in the
data stream.

cfse-2511>terminal no padding 


The terminal download command temporarily sets the line to act as
a transparent pipe for file (binary data) transfers.  You can use
this feature to run a program such as Kermit, Xmodem, or
Crosstalk that allows a transfer of a file in either direction
(from host to terminal or from the terminal to the host) through
the CS.  This command has the following format.

cfse-2511>terminal download

The terminal no download command removes this feature and returns
the line to the original parameter settings.
  
To display a list of supported terminal commands, enter the
terminal ? command.

A list and description of the terminal commands are shown in 
Appendix E.


Terminal Operation

As noted above, there are three broad categories of units that
can utilize the dial-in service.  The first is the basic or "dumb
terminal" that will be utilizing the Telnet and TCP/IP protocols
capabilities of the CS.  In this type of arrangement the user
would dial into the CS, enter the User ID and Access Code at the
appropriate prompts, connect to the remote host using the CS
commands, perform the necessary data transfer, disconnect from
the remote host, and then disconnect form the CS, and eventually
hang up the phone.  A further description of this process is
outlined in Appendix A on a step by step basis.  It should be
noted that although this appendix is written with Telnet in mind
the connection process applies to any protocol that may be used.  
 
For a file transfer application such a Kermit, the connection
process to the remote host is basically the same except that the
Kermit protocol must be activated in both the terminal and the
remote host.  Appendix B has a detailed description of a typical
connection process that will use file transfer protocols such as
Kermit.  Again, it should be noted that since implementations
differ in the hardware and software utilized the description may
not apply to all cases. 

Appendix C deals with the end user that will be utilizing the
TCP/IP suite of protocols along with SLIP or PPP.  Again it
should be noted, that Appendix C describes two particular vendor
implementations of the TCP/IP stack of protocols.  Details will
differ from other vendor products but Appendix C can serve as a
general outline of the procedures involved when using this suite
of protocols.


 

                                 APPENDIX A

This appendix deals with the Telnet protocol and how one would
connect to a remote host via the Communication Server (CS).  The
first step is to make a telephone connection to the CS and then
login to the CS using the user ID and password associated with
the CS.


1.  Dial the number of the CS from the list provided in the main
body of the document.  The dial-in sequence can be a manual
operation or done via the terminal using the AT commands
associated with the modem.  A typical command is ATDT 487-3216,
where AT is the Attention Code telling the modem that a command
follows.  D is the dial command and T is the tone command.  The
attention code (AT) maybe upper or lower case, but not a
combination of both such as aT. 


2.  Once the phone connection has been established then the CS
will respond noting the speed of the connection [such as CONNECT
19200], with a User Access Verification prompt asking for the
user name and then the password.  It should be noted that the
user name and password are case sensitive, so care should be
taken when entering these items.  In some cases, it maybe
necessary to enter a few carriage returns (CRs) to establish the
correct data rate between the modems before the User Access
Verification is displayed.

If an incorrect user name or password is entered, the CS will
respond with "%Access denied", and then ask for the user name and
password again.  The CS will disconnect a user after the third
incorrect login attempt.

After the CS has verified that this is a registered user then the
CS will respond with a herald noting that use of the system
constitutes an express consent to monitoring at all times and
that the system is for official use only.  The prompt will follow
the herald.

cfse-2511>

This prompt is presently configured as shown for the pilot
installation but will change on the operational network to
indicate the name or number of each particular CS.  The user is
now allowed access to the network and can make connections to
hosts located on the network.


3.  Connection to a host can be made using the connect or telnet
command and the host name or Internet address.  At the prompt
enter the command.

cfse-2511>{connect|telnet}host[port]/keyword

The argument host is a host name or Internet address.  The
optional argument port is a decimal TCP port number, the default
value is 23, the Telnet server port.  The optional argument
keyword is one of the following.

     /route:path - specifies loose source routing
     /line - enables Telnet line mode
     /debug - enables Telnet debugging mode
     /stream - turns on stream processing, which allows a raw TCP
               stream with no Telnet control sequences.

If you prefer, just enter the host name or Internet address
without the command since the Cisco implementation does not
require the command word to establish a Telnet connection.  Thus,
a Telnet connection can be made in one of the following ways.

       cfse-2511>connect [enter host name]
       cfse-2511>[enter host name]
       cfse-2511>telnet [enter host name]
       cfse-2511>[enter IP address]
       cfse-2511>connect[enter IP address] 
       cfse-2511>telnet [enter IP address]

where [host name] is the name of a particular host and [IP
address] is the Internet Address assigned to that particular
host.

4.  When a connection has been made to the remote host, then the
host will respond with a login and password sequence to ensure
that this is an authorized user.  After the user has successfully
logged onto the host, then the host will respond with a 
prompt such as follows.

Host Name%

The user can now enter the appropriate Telnet commands at the
host prompts to effect the necessary data transfers.  


5.  When the session is completed, enter the logout command at
the host prompt.  The host will respond with a message that the
connection has been closed and the CS prompt will appear.

cfse-2511>

enter the quit, exit, or logout command.

This terminates the connection from the terminal to the CS.  The
CS will respond with the message NO CARRIER.  The user can now
hang up the phone.



6.  To issue a Special Telnet command, type the escape sequence
(Crtl^) and then the command character.  You can type the command
character while you hold down Ctrl or with Ctrl released; you can
type lower case or upper case.  The special commands are as
follows.

              Break                     Ctrl^B
              Interrupt Process (IP)    Ctrl^C
              Erase Character (EC)      Ctrl^H
              Abort Output (AO)         Ctrl^O
              Are You There (AYT)       Ctrl^T
              Erase Line (EL)           Ctrl^U

At any time during the active Telnet session, a list of the
commands can to seen by entering Ctrl^? at the system prompt.

7.  The CS has two timers to detect for idle conditions, a user
EXEC mode timer and a terminal line session timer.  The user EXEC
mode timer is set for 5 minutes and will time out when the
connection between the CS and the terminal remains idle for 5
minutes.  A "NO CARRIER" message will be displayed on the screen.

The terminal line session timer is set for 15 minutes and will
expire when the session with the remote host remains idle for 15
minutes.  When the timer expires the message [Connection to (host
name) idle too long; timed out] will be displayed and then the
"NO CARRIER" message will be displayed. 
                                APPENDIX B

This appendix deals with the Kermit protocol and how one would
connect to a remote host via the Communication Server. The user
must be verified by the Network Server via the TACACS process and
then the connection to remote host can be established.  The
remote host must be capable of running the Kermit protocol since
both ends of the connection need to be running the Kermit
protocol.  A file transfer from the terminal to the host is
accomplished via the Kermit protocol. The connection to the host
is then terminated.

Note: The procedures listed below apply to the particular Kermit
implementation utilized in the Parkridge Lab.  The procedures for
other Kermit implementations may vary somewhat depending on the
vendor products.  These procedures are listed as a typical
example and not meant to be applicable in all cases.    

I.  The procedures for activating the Kermit protocol and dialing
up a connection to the CS with the software package used at the
Parkridge Lab are listed below. The Kermit software (version 3.1)
was obtained from Columbia University in New York City, the
developer of this protocol.  A UNIX version was obtained for the
Hosts and a DOS version for the Terminals.  The software is in
the public domain and available free of charge and is available
from sources on the Internet.  For an up-to-date list of
available Kermit programs write to:
      
                       Kermit Distribution
                       Columbia University 
                       Center for Computing Activities
                       612 West 115th Street
                       New York, NY 10025
                        

The parameters used in this particular case for Kermit are 8 bits
per character, no parity, 1 stop bit, and 9600bps.  As mentioned
above, these parameters may not apply for other Kermit
applications.  Kermit resides in the terminal and the remote host
and the data transfer is via the CS.  In order to activate Kermit
at the terminal the following steps are required.

1. Press ALT, CONT, and DEL

2. At the prompt C:\> enter "cd kermit2"

3. At the prompt C:\kermit> enter "kermit"

4. At the prompt MS-kermit> enter "set port com1"

5. At the prompt MS-kermit> enter "set speed 9600"

6. At the prompt MS-kermit > enter "status"

  Check that the parameters are properly set.

7. At the prompt MS-kermit> enter "c"
                          and press Return 

8. Screen goes blank - enter phone number  atd xxxxxxxxx

The CS will respond with the message - CONNECT 

   


II.  The user now needs to be verified by the authentication
scheme which in this case is XTACACS.

1. From the terminal location press the CR (or Enter) key. 

2. The CS will respond with the prompt - Username:

3. Enter a valid user ID.

4. The CS will respond with the prompt - Password:

5. Enter a valid Password. 

6. When the ID and Password have been verified the CS will
respond with the prompt - cfse-2511>

7. Open the connection to the Host using the appropriate command.

a. At the prompt enter the  name or address of the remote host.  

b. Host responds with prompt - login:  enter ID

c. Host responds with prompt - password:  enter password

d. Host responds with prompt - host name (user name)12: enter "cd
kermit".

   This command changes the host to the Kermit directory where 
   12 is a line number.
    
e. Host responds with prompt - antares (user name)13: enter
"wermit".

    This command causes Kermit to execute.  

f. Host responds with prompt - C-kermit> enter "server".

    This results in the host being the server in a client/server
relationship.

g. Host responds with - "Kermit ready to Serve".



8. Perform the appropriate data exchange between the terminal and
the host.

a. Activate the client Kermit protocol in the terminal.  Enter
the Escape Sequence ( by pressing the "Control" and "]" keys
simultaneously).

b. Then press the "c" key

c. The following prompt should appear - MS-Kermit>

  Select a file from the Kermit directory by entering the "dir"
command.

d. At the prompt MS-Kermit> enter "send (file name)"

e. Information on the screen will indicate when the transmission
is complete.


9. Close the connection to the host.

a. At the prompt MS-Kermit>  - enter "finish"

b. At the prompt MS-Kermit>  - enter "c"

c. At the prompt C-Kermit>   - enter "quit"

d. At the host name(user name)14: prompt - enter "logout"

The following message appears.

[Connection to [IP address of host is listed] closed by foreign
host]

e. At the prompt cfse-2511> enter the Escape Sequence ("Control"
and "]")

f. Press "c"

g. At the prompt MS-Kermit> enter "hangup"

h. At the prompt MS-kermit> enter "quit"

i. At the prompt C:\kermit> enter "cd\"

j. The prompt c:\> should appear.


                                 APPENDIX C


The Serial Line Internet Protocol (SLIP) and the Point-to-Point
Protocol (PPP) define methods for sending IP packets over
standard RS-232 asynchronous serial lines.  These protocols
encapsulate the IP datagrams for transmission over the point-to-
point links and can be used with asynchronous dial-up modems,
allowing access to a network without the cost of a leased line.  

The interfaces are configured in the interactive mode as defined
by Cisco.  In this mode a line can be used to make any type of
supported connection, depending on the command entered by the
user.  For example,  depending on its configuration, the line can
be used for Telnet connections or SLIP/PPP connections.

The default addressing scheme will be used at the interfaces,
which means that the CS will assign the IP address.  The assigned
default address is implemented when the user enters the slip
default or the ppp default command.

In order to use the SLIP and PPP features associated with the CS
the terminal must be equipped with the TCP/IP protocols and
either the SLIP or PPP protocol.  Either SLIP or PPP is used on a
given line during a connection.  A number of software packages
are available for installation on a PC or Workstation that
provide SLIP and PPP.  The two popular PC networking applications
have been reviewed, Trumpet Winsock version 2.0 and the Internet
Chameleon from NetManage Inc.  

TRUMPET WINSOCK

The Trumpet Winsock is a networking software which provides a
TCP/IP stack for PC networking applications running on a Windows
environment.  The Trumpet Winsock provides facilities to allow
Async serial SLIP, PPP, ftp and Telnet over IP connections.  The
product is a shareware item and available for using the Internet
World Wide Web (WWW) at the site "tbone.biol.scarolina.edu".  Use
a WWW Browser to connect to the HTTP Server at that site and
check the Home Page (index.html) for the "PC Internet Kit" 
entry.  The product is also available by anonymous FTP from the
Server "tbone.biol.scarolina.edu in directory /pub/kit.  The
"00README.DOC" in that directory shall provide instructions on
which files to fetch, how to unpack them onto floppy disks and
how to install the software.  The product is free for evaluation
purpose up to 30 days period.  A registration fee is required if
using the software within the organization: 
  Single user license $20 US
  Multi User license for commercial users
     1-99         $20 US per user
     100-499      $2000 US + $10 US per additional user over 100
     500-999      $6000 US + $5  US per additional user over 500
     1000+ users  $8500 US + $2 US per additional user over 1000

  Unlimited Commercial Site License
     $10000 US for first year
     subsequent years, %25 of unlimited site license fee for that 
      year.
     site restriction 100km radius (negotiable)

  License for educational users
     1-100 users   $20 US per user
     100+          $2000 US
     site restriction unlimited

   Support for site license is up to 12 months from the date of 
   purchase.  Such support will include upgrades and bug fixed
   within that 12 months within the constraints of the program's
   existing capabilities.  Future upgrades will be 25% of the 
   original license fee per annum.  

CHAMELEON

The other networking software is the Internet Chameleon from
NetManage Inc. which also provides the broadest suite of Windows
TCP/IP applications in the industry in addition to a TCP/IP
protocol stack that takes only 6KB of base memory.  All NetManage
applications give users an easy to use Windows interface while
providing an advanced set of features.  The following information
highlights some of the new and enhanced features and performance
improvements in the 4.01 release. 

*    The NetManage BOOTP client operates over serial lines.  This
function allows dynamic configuration at connection time for
remote hosts. 

*    ODI operation has been improved for faster performance and
reliability.

*    TN3270 -  NetManage's TN3270 supports APA Graphics.  This
high end feature allows TN3270 to emulate an IBM 3179G and 3192G
terminal .  When a graphic picture is displayed, you may use
Print option to print a graphic.

*    TN5250 - NetManage's TN5250 is currently the only 5250
emulation being shipped with a bundled suite of TCP/IP
applications.  The TN5250 application has been upgraded to
support IBM Office Vision commands, including support for
additional control keys.

The Chameleon is available as COTS product for about $200 for a
single copy.  GSA price is not available yet.  NetManage Inc. can
be reached at the following:

o Phone   (408) 973-7171
o Fax          (408) 257-6405
o Internet     support@netmanage.com, intl_support@netmanage.com
o Compuserve   70640,1074
o BBS          (408) 257-3794, 8-N-1

NETMANAGE Inc.
10725 DeAnza Blvd.
Cupertino, CA 95014  USA

The product is also available free for evaluation purpose only up
to 30 days trial period.  The evaluation version can be download
via anonymous FTP from "ftp.netmanage.com".

SLIP Connections

The Trumpet Winsock and Chameleon both provide setup and dial-up
menu options for SLIP connection.  The users need to configure
his/her system with the following parameters:

o  IP address/Netmask - 
                Internet IP address.  The IP address and Maximum
                Transmission Unit (MTU) size will be assigned by  
                the Communication Server.  User must enter the
                assigned IP address in order to access the 
                network.  Also, the user can take advantage of 
                the BOOTP feature to obtain the IP address from
                the Communication Server. 

o   Name Server -  Name Server IP address for DNS searches.  
                 This value can be obtained via BOOTP

o   Domain suffix -  the domain suffixes to be used when 
                     resolving names in the DNS system.

o   MTU  -  Maximum Transmission Unit.  This value is computed by
            subtracting 40 from the TCP Maximum Segment Size 
            (TCP MSS) which is set in the Comm Server to 600.  
            Therefore the users should set their value to 560.

o   TCP RWIN -  TCP Receive Window.  It is recommended that this
                value be roughly 3 to 4 times the value of TCP
                MSS.

o   TCP MSS  -  TCP Maximum Segment Size.  The Comm Server will
                provide the MTU size 

o   SLIP port -  Comm Server port number

o   Baud Rate -  the speed you wish to run

The Trumpet Winsock and Chameleon allow manual login or automatic
scripting to access the communication server.  Both provides a
generic script file for dial-up connection.  The generic script
file provided by Trumpet Winsock is the "login.cmd" and the file
provided by Chameleon is "slip.ini".  Users may create their
automatic dialling script from the generic script files described
above or the sample of the Trumpet Winsock auto script file
attached below:

#################################################################
#
# check modem
output ATZ\13
input 10 OK\n
output AT&c1&d2\13
input 10 OK\n

%number = 0
%connected = 0

repeat

   # Increase limit below to dial more numbers
   %number = %number + 1
   if %number > 3
      %number = 1
   end

   # First 
   if %number = 1
      output ATDT4873346\r
   end

   # Second
   if %number = 2
      output ATDT4873348\r
   end

   # Third 
   if %number = 3
      output ATDT4878249\r
   end

   if [input 15 BUSY]
      display =Busy, busy, busy... 
      %connected = 0
   else
      if [input 30 CONNECT]
         %connected = 1
      else
         display =Does not answer...\r\n
      end
   end

   sleep 1

until %connected = 1

display \7
#
#  wait till it's safe to send because some modem's hang up
#  if you transmit during the connection phase
#
wait 30 dcd
#
# now prod the terminal server
#
output \13
#
#  wait for the username prompt
#
input 30 Username:
username Enter your username
output \u\13
#
# and the password
#
input 30 Password:
password Enter your password
output \p\13
#
# we are now logged in
#
input 30 >
#
# see who on for informational reasons.
#
output who\13
input 30 >
#
# jump into slip mode
#
output slip default\13
#
# wait for the address string
#
input 30 Your IP address is
#
# parse address
#
address 30
input 30 \n
#
# we are now connected, logged in and in slip mode.
#
display \n
display Connected.  Your IP address is \i.\n
#
#  ping a well known host locally...  
#exec pingw 128.19.0.4
#
# now we are finished.
#

  
 #######################################################


PPP Connection

The setting for the PPP connection is similar to the SLIP
connection.  All the parameters described in the SLIP connection
are also required to fill in for the PPP connection except the IP
address and the NetMask.  The IP address and NetMask will be
resolved and filled in automatically by the software after
successfully making a PPP connection to a remote host via
XTACACS. 


                                 APPENDIX D

The commands available to the user are listed below.  A list of
the commands can be obtained by entering a question mark ? at the
user EXEC mode prompt.  Example cfse-2511>?  This prompt can be
configured to reflect the system name, number, etc so it may
change over the course of time but the user EXEC mode prompt
always ends with the greater than sign >.


     -connect - use this command to open a connection to a remote
host by specifying the host name or Internet Address.  Several
concurrent connections can be open at one time and you can switch
back and forth between them using the Connection escape sequence
(Ctrl^X).

     -disconnect - this command closes a connection.  A
connection name or number can be specified; the default is the
current connection.

     -enable - use this command to turn on the privileged
commands.  Note: This command is reserved for the system
administrator and should not be used by the terminal subscriber.

     -exit/quit - these commands close any active terminal
sessions.  The commands are synonymous, enter either command when
you are through with your session.

     -help - this command provides a description of the
interactive help system.

     -lat - this command is used to open a lat connection which
is associated with DEC hosts.  Note: lat connections will not be
supported on the DISN router network.

     -lock - use this command to prevent access to your session
while keeping your connection open.  This command locks your
keyboard.  When you lock a session, you are prompted for a
password, which can be any arbitrary string.  Enter the password
you want assigned.  The screen clears and displays the word
"locked".  To regain access to your session, re-enter the
password.

     -login - use this command to login to a system with a
specific user name.  

     -logout - use this command to exit from the user EXEC
command mode.

     -name-connection - use this command to assign a logical name
to a connection.

     -pad - use this command to open a X.29 pad connection.
Note: This command is not supported on the DISN router network.

     -ppp - use this command to start the Internet Engineering
Task Force (IETF) Point-to-Point Protocol (PPP).

     -ping - use this command to send echo messages.  This
command must be accompanied with a name or Internet Address of
the remote host.

     -resume - use this command to return to a previous
connection.  The optional argument is the connection name or
number, the default being the most recent connection.  Pressing
the Return key also resumes the previous connection.  You can use
only the connection number to resume a particular session.  This
is a short cut version of the resume command.

     -rlogin - Open a rlogin connection.  rlogin is a terminal
emulation program, similar to Telnet, offered in most UNIX
implementations. 

     -show - use this command to show running system information. 
Show ? will list the information commands available.  Some of the
more common commands are shown below.  

     -show sessions - to display information about your active
terminal sessions use this command.

     -show terminal - this command displays the configuration
parameters settings for the current terminal.

     -show users - this commands displays information about
active ports of the communication server.  Inclusion of the
keyword all requests information for both active and inactive
ports.

     -slip - start serial line IP (SLIP).

     -systat - this command provides the same information as the
show users command.

     -telnet - use this command to open a telnet connection to a
remote host by specifying the host name or Internet Address.

     -terminal - use this command to set terminal parameters.  
The terminal parameters are discussed in another section of this
document.

     -tn3270 - this command is used to open a tn3270 connection
which is associated with IBM hosts.  

     -trace - use this command with the appropriate address to
trace the route to the destination host.

     -where - this command displays information about all open
connections associated with the current terminal line.

     -X3 - set X.3 parameters on the PAD.  Note: This command is
not supported on the DISN router network.
 
     -Xremote - enter Xremote mode.  Note: This command will not
be supported on the DISN router network.



                                 APPENDIX E


This Appendix contains a description of the terminal commands.  A
list of the terminal commands can be obtained by entering
terminal ? at the user EXEC mode prompt.  Example cfse-
2511>terminal ?.


     -terminal autohangup

Automatically hangup up when the last connection closes.


     -terminal data-character-bits

This command sets the number of data bits per character to either
7 or 8.  The default setting is 8.  This command is used
primarily to strip parity bits from X.25 connections on the Cisco
IGS and 3000 routers with the protocol translation software
option.  Thus, it appears that this command has no application on
the pilot installation.    


     -terminal databits

The options are 5, 6, 7, or 8.  If parity is being specified set
7 data bits per character.  If no parity generation is in effect,
specify 8 data bits per character.  The default is 8 data bits
per character.  The 5 and 6 bit options are supplied for
compatibility with older devices and are generally not used.


     -terminal dispatch-character decimal-number1 [decimal-
                                  number2...decimal-numberx]
     -terminal no dispatch-character

This command causes the communication server to buffer characters
into larger sized packets for transmission to the remote host. 
The communication server normally dispatches each character as it
is typed.  The argument decimal-number is the ASCII decimal
representation of the character or string; any number of
characters can be defined as the dispatch character.  Specifying
the Carriage Return character (ASCII 13) will result in a line-
at-a-time transmission.  The terminal no dispatch-character
disables the dispatch character feature.








     -terminal dispatch time out 

This command sets the dispatch timer to the value specified in
milliseconds.  The value of the timer specifies the number of
milliseconds that the CS will wait (without seeing a dispatch
character) after putting the first character into a packet buffer
before sending the packet.



     -terminal download
     -terminal no download

This command sets the line to the transparent mode for file
transfers using protocols such as Kermit, XMODEM, CrossTalk, etc.
This allows for binary transmission from the host to the terminal 
and from the terminal to the host.  The terminal no download
command restores the line's original parameters.



     -terminal editing

This command enables the enhanced command line editing.  Although
the enhanced editing mode is automatically enabled with this
software release, you can disable it and revert to the editing
mode of previous software releases by using the terminal no
editing command.  The command terminal editing returns you to the
enhanced command line editing mode.



     -terminal escape-character decimal number
     -terminal no escape-character

The argument decimal number is the ASCII decimal representation
of the desired escape character or control sequence.  The default
escape characters are Ctrl^.   The terminal no escape-character
command makes the break key function as the escape sequence.  



     -terminal exec-character-bits

This command sets the size of the ASCII characters entered at the
Cisco CS EXEC command mode.  The options are 8 or 7.


 




     -terminal flowcontrol

The arguments are none, software in/out, and hardware.  Software
sets software flow control.  An additional keyword specifies the
direction: in causes the communication server to listen to flow
control from the attached device, and out causes the
communication server to send flow control information to the
attached device.  If you do not specify a direction, both
directions are assumed.  For the software control, the default
stop and start characters are Ctrl-S and Ctrl-Q (XOFF and XON).



     -terminal full-help

this command provides help in the user EXEC mode.  The terminal
full-help command enables (or disables ) a display of all help
messages available from the terminal.  It is used with the show
command in the following manner.

     cfse-2511>terminal full-help

     cfse-2511>show?


 

     -terminal help

This command provides a description of the interactive help
system.



     -terminal history decimal number

This command sets the size of the command history buffer.  the
argument decimal number specifies the number lines in the command
buffer.



     -terminal hold-character decimal-number
     -terminal no hold-character

The argument decimal-number is either the ASCII decimal
representation of the desired hold character or else a control
sequence (for example, Ctrl-C).  Typing the hold character
temporarily halts the output at the terminal.  To continue the
output, type any other character.  To send the hold character to
the host precede it with the escape character.  The terminal no
hold-character command clears the hold character.



     -terminal keymap-type keymap type

Use this command to set the keyboard type.  The default value is
VT100.



     -terminal lat

DEC LAT protocol specific configuration.  NOTE: LAT connections
will not be supported in the DISN router networks.


 
    -terminal length screen length

Use this command to set the screen length.  The argument screen
length is the desired number of lines.  The default length is 24
lines.


     -terminal notify
     -terminal no notify

When you have multiple concurrent connections, you might want to
know when output is pending on a connection other than the
current connection.  For example, you might want to know when
another connection receives mail or a message.  The terminal
notify command causes the communication server to notify you of
pending output.  The terminal no notify command ends such
notifications.


     -terminal padding  decimal-number count
     -terminal no padding  decimal-number

Use this command to set the padding for a specified output
character.  The argument decimal-number is the ASCII decimal
representation of the character, and can be any of the 127 ASCII
characters.  The argument count is the number of NULL bytes sent
after the character, up to 255 padding characters in length.  Use
the terminal no padding command to end the padding after the
character represented by decimal-number.






     -terminal parity 

The options are none, even, odd, space, or mark.  The default
setting is none.



     -terminal rxspeed baud

This command is used to set the terminal receive speed (from the
terminal to the CS).  The Pilot installation modems will support
terminal speeds of 2400 to 19,200 (default is set to 19,200) for
the NIPRNET ports and the STU-IIIs will support terminal speeds
of 2400 to 38,400 (default is set to 38,400) for the SIPRNET
ports.  The data compression feature of the modem and the STU-III
allows the terminal (DTE) speed to be at a higher rate than the
line rate (DCE)(from modem to modem).


     -terminal special character bits

Use this command to change the ASCII character widths for special
characters.  The options are 7 or 8.  The default value is 7.



     -terminal speed baud

This command will set both the receive and the transmit terminal
speeds.  The argument baud is typically set to 2400, 4800, 9600,
19200, or 38400.  The Pilot installation modems will support
terminal speeds of 2400 to 19,200 (default is set to 19,200) for
the NIPRNET ports and the STU-IIIs will support terminal speeds
of 2400 to 38,400 (default is set to 38,400) for the SIPRNET
ports.   The data compression feature of the modem and the STU-
III allows the terminal (DTE) speed  to be at a higher rate than
the line rate (DCE)(from modem to modem).


     -terminal start-character  decimal-number
     -terminal no start character

Use this command to change the character that signals the start
of data transmission when software flow control is in effect. 
The argument decimal-number is the ASCII decimal representation
of the desired start character.  The default start character is
Ctrl-Q (ASCII 17).  Use the terminal no start-character command
to remove the start character.





     -terminal stop-character   decimal-number
     -terminal no stop-character

Use this command to change the character that signals the end of
data transmission when software flow control is in effect.  The
argument decimal-number is the ASCII decimal representation of
the desired stop character.  The default stop character is Ctrl-
S(ASCII character 19).  Use the terminal no stop-character
command to remove the stop character.

     -terminal stopbits

The options are 1, 1.5, 2.  The default value is 2.


     -terminal telnet-transparent
     -terminal no telnet-transparent

This command causes the current terminal line to send a Return
(CR) as a CR followed by a NULL instead of a CR followed by a
Line Feed (LF).  This scheme permits interoperability with
different interpretations of end-of-line handling in the Telnet
protocol specification.  Use the terminal no telnet-transparent
to remove this scheme.


     -terminal terminal-type terminal name
     -terminal no terminal-type

The argument terminal name records the type of current terminal. 
Indicate the terminal type if it is different from the default of
VT100.  This name is used by Telnet and rlogin to inform the
remote host of the terminal type.  Use the terminal no terminal-
type command to remove the terminal type.  
 


     -terminal transport

Use this command to select the transport protocol for the line. 
The options are telnet, pad, none.  The default is telnet.



     -terminal txspeed

This command is used to set the terminal transmit speed (from the
CS to the terminal).  The Pilot installation modems will support
terminal speeds of 2400 to 19,200 (default is set to 19,200) for
the NIPRNET ports and the STU-IIIs will support terminal speeds
of 2400 to 38,400 (default is set to 38,400) for the SIPRNET
ports.  The data compression feature of the modem and the STU-III
allows the terminal (DTE) speed to be at a higher rate than the
line rate (DCE)(from modem to modem).
 



     -terminal width columns

Use this command to set the columns on the terminal screen.  The
argument columns is the desired number of columns.  the default
is 80.







 
                               APPENDIX F
                                    
                   Defense Information Systems Agency
                   DISN Data Network Support Division
                        11440 Isaac Newton Square
                         Reston, Virginia  22090
                                    
        DISN SIPRNET Pilot Dial-In Service User Registration Form


1.  Name of User:____________________________________________
2.  User's Phone Number: DSN:_____________ Comm:_____________
3.  User's Work
        Address:_________________________________________________
                _________________________________________________
           City:_________________ State:______ ZIP Code:_________
4.  User's E-mail Address:_______________________________________

5.  Sponsoring Agency: ___ USAF ___ USA ___ USN ___ DOD
6.  Sponsoring 
    Command/Organization:_______________________________________
7.  Command AUTODIN
        Address:_______________________________________________

8.  COMSEC Account Number:____________________ 
9.  COMSEC Custodian:___________________________________________
10. Custodian Phone Number: DSN:_____________ Comm:_____________
11. Custodian E-mail Address:___________________________________
12. Custodian AUTODIN:_________________________________
13. Custodian Work
        Address:_________________________________________________
                _________________________________________________
          City:_________________ State:______ Zip Code:_________

14. STU-III Manufacturer:______________________________________
15. STU-III Model Number:________________________
16. STU-III Cryptographic Ignition Key (CIK) 
     Serial Number:__________________________________

17. Completed By (Print):______________________________________
18. Signature:________________________________________________
19. Phone Number: DSN:_____________ Comm:_____________

-----------------------------------------------------------------

FOR DISA USE ONLY

20. IP Address:_______________  21. Domain Name:_______________
22. User ID:__________________  23. Password:_______________



