TCPware V5.7 NETCU Command Reference
- Introduction
- Running NETCU
- Summary of NETCU Commands
- ARP Commands
- Dynamic Host Configuration Commands
- Multicasting Commands
- NFS Commands
- Parameter Setting Command
- Routing Commands
- Service Commands
- Starting and Stopping Commands
- Token Authentication Commands
- Status Commands
- Security Commands
- Miscellaneous Commands
- MAIL-CONFIG Command Summary
- Creating Output Files
- Exiting NETCU
- Command Reference
- Troubleshooting NETCU
- NETCU and NETCP Startup Messages
- NETCP OPCOM Messages
- NETCP.LOG File
Chapter 1
Introduction
The Network Control Utility (NETCU) is the utility program system managers and operators use to configure and control networks that run TCPware.
This chapter summarizes the NETCU commands, by category, and describes how to run NETCU and send NETCU output to a file. Each command is described in detail in the next chapter, NETCU Commands.
Running NETCU
Run NETCU directly from a terminal or from a command procedure. To run NETCU from your terminal, enter the following command at the DCL prompt:
NETCU
or
RUN TCPWARE:NETCU
The system displays the NETCU> prompt. NETCU is ready to accept your commands.
To have a startup command file execute each time you invoke NETCU, do the following:
1 Create a file containing the commands you want performed at the beginning of each NETCU session.
2 Define the NETCU_STARTUP logical to point to the file.
For example, you can include the following in your LOGIN.COM file:
ASSIGN SYS$LOGIN:NETCUSTART.COM NETCU_STARTUP
When you start NETCU, the NETCU_STARTUP logical points to the specified file (SYS$LOGIN:NETCUSTART.COM for example) and processes all the commands. Note that they system ignores all commands following an EXIT or QUIT command in the file. NETCU ignores any "commented-out" command lines in files (such as SERVICES.COM) that are used as input to NETCU. The commented-out line in the file should begin with the !, #, or ; character. NETCU does not execute the command line until you remove the character.
Summary of NETCU Commands
This section lists each NETCU command and summarizes its purpose. Related commands appear together.
ARP Commands
Use commands listed in Table 1-1 to maintain the Address Resolution Protocol (ARP) table. You rarely need to enter these commands since ARP maintains the table automatically.
Table 1-1 NETCU ARP Commands (Continued)
|
Command |
Purpose |
|
Adds an entry to the ARP table |
|
|
Displays an entry from the ARP table |
|
|
Flushes the ARP table |
|
|
Deletes an entry from the ARP table |
|
|
Sets various ARP parameters for an interface |
|
|
Displays the ARP table for the specified line |
|
|
Displays the ARP parameters set |
Dynamic Host Configuration Commands
Use commands listed in Table 1-2 to maintain the Dynamic Host Configuration Protocol (DHCP) server.
Table 1-2 NETCU Dynamic Host Configuration Commands (Continued)
|
Command |
Purpose |
|
Releases an address lease record |
|
|
Performs various DHCP operations |
|
|
Displays various DHCP information |
|
|
Shuts down the DHCP server |
|
|
Instructs the Dynamic Host Configuration Protocol (DHCP) server to process the update file and add or remove the specified host and subclass declarations. |
Multicasting Commands
Use commands listed in Table 1-3 to join, leave, or show multicast host groups.
Table 1-3 NETCU Multicasting Commands (Continued)
|
Command |
Purpose |
|
Adds (joins) a multicast host group address to an interface or all interfaces |
|
|
Removes (leaves) a multicast host group address from an interface or all interfaces |
|
|
Displays the multicast host groups joined for an interface or all interfaces |
NFS Commands
Table 1-4 lists the NFS-related commands in NETCU. Each entry indicates whether the command is relevant to the NFS-OpenVMS Client, NFS-OpenVMS Server, or both.
Table 1-4 NETCU NFS Commands (Continued)
|
Command |
Purpose |
Relevant to |
|
Adds an OpenVMS directory and associated NFS pathname to the EXPORT database |
Server |
|
|
Adds an NFS group to the GROUP database |
Client |
|
|
Adds an NFS user to the PROXY database |
Client/Server |
|
|
Adds a host to the Network Status Monitor file (SM.DAT or SM_BAK.DAT) |
Server |
|
|
Creates an empty EXPORT database |
Server |
|
|
Creates an empty GROUP database |
Client |
|
|
Creates an empty PROXY database |
Client/Server |
|
|
Finds and displays a PROXY database entry |
Client/Server |
|
|
Implements changes made to the GROUP database |
Client |
|
|
Implements changes made to the PROXY database |
Client/Server |
|
|
Removes an entry from the EXPORT database |
Server |
|
|
Removes an entry from the GROUP database |
Client |
|
|
Removes an entry from the PROXY database |
Client/Server |
|
|
Removes a host from the Network Status Monitor file (SM.DAT or SM_BAK.DAT) |
Server |
|
|
Shows entries in the EXPORT database |
Client/Server |
|
|
Shows entries in the GROUP database |
Client |
|
|
Shows the pathnames of exported directories and the hosts that mounted them |
Client/Server |
|
|
Shows entries in the PROXY database |
Client/Server |
|
|
Shows entries in the Network Status Monitor file (SM.DAT or SM_BAK.DAT) |
Server |
|
|
Displays statistics information on the NFS Server |
Server |
|
|
Stops the NFS Server |
Server |
|
|
Removes the client’s mount list entries from one or more NFS servers |
Client |
Parameter Setting Command
Table 1-5 contains the TCPware parameters you can set using the NETCU SET command. You usually do not need to enter these commands because they are issued during configuration.
|
Command |
Sets |
|
SET parameter |
Connection backlog values Default IP datagram time-to-live value IP datagram time-out time Default type of service used Whether subnets are local Maximum size of TCP segments sent Minimum TCP retransmission time Maximum TCP retransmission time TCP persistence timer’s initial value Default time zone offset or name |
Routing Commands
Table 1-6 lists the commands that configure and maintain routes. If you enter the necessary routing commands in the TCPWARE:ROUTING.COM file, TCPware executes them automatically at startup. If using GateD, do not also include routes in the ROUTING.COM file by using the ADD ROUTE command.
Table 1-6 NETCU Routing Commands (Continued)
|
Command |
NETCU Routing Commands |
|
Adds an entry to the routing table |
|
|
Checks a GateD configuration file for syntax errors |
|
|
Dumps the state of the GATED process to a file |
|
|
Allows this host to act as a router between networks |
|
|
Disables this host from acting as a router between networks |
|
|
Allows this host to return ICMP redirects to source hosts |
|
|
Disables this host from returning ICMP redirects to source hosts |
|
|
Displays an existing route from the routing table |
|
|
Flushes the entire routing table |
|
|
Loads a GateD configuration file |
|
|
Deletes an entry from the routing table |
|
|
Controls tracing in GateD |
|
|
Defines the internet address of the default gateway |
|
|
Displays tracing in GateD |
|
|
Queries Open Shortest Path First (OSPF) gateways |
|
|
Queries Routing Information Protocol (RIP) gateways |
|
|
Displays the routing table |
|
|
Stops the GateD process |
|
|
Toggles tracing in GateD |
|
|
Rescans the GateD network interfaces |
Service Commands
Table 1-7 lists the commands that manage the master server of TCPware.
Table 1-7 NETCU Service Commands (Continued)
|
Command |
Purposes |
|
Lets you control host access to services |
|
|
NETCP listens for TCP or UDP connections on the specified port |
|
|
Modifies information associated with a service |
|
|
Removes server access restrictions |
|
|
NETCP stops listening for connections on the specified port(s) |
|
|
Prints or displays server access restrictions |
|
|
Displays information for the specified port(s) and protocol(s) |
Starting and Stopping Commands
Table 1-8 lists the commands that start and stop the network. You do not need to enter these commands under normal circumstances. STARTNET.COM and SHUTNET.COM perform these functions automatically.
Table 1-8 NETCU Starting and Stopping Commands (Continued)
|
Command |
Purpose |
|
Resets the TCP connection on specified device, address, or port |
|
|
Starts a DECnet-over-IP line |
|
|
Starts the INET device driver |
|
|
Starts the IP protocol for a particular interface |
|
|
Starts the PWIPDRIVER |
|
|
Starts the TCP protocol |
|
|
Starts UCX compatibility support |
|
|
Starts the UDP protocol |
|
|
Stops a DECnet-over-IP line or lines |
|
|
Stops the GateD process |
|
|
Stops the INET device driver |
|
|
Stops the IP protocol for a particular interface |
|
|
Stops the Network Control Process (NETCP) |
|
|
Stops the PWIPDRIVER |
|
|
Stops the NFS Server |
|
|
Stops the TCP protocol |
|
|
Stops UCX compatibility support |
|
|
Stops the UDP protocol |
Token Authentication Commands
Table 1-9 lists the commands that manage the TCPware ACE/Client user database used by Token Authentication. The TCPware ACE/Client user database is stored in the TCPWARE:ACECLIENT_USER.DAT file. If you create a new database, the existing database file is renamed to TCPWARE:ACECLIENT_USER_OLD.DAT.
Table 1-9 NETCU Token Authentication Commands (Continued)
|
Command |
Purpose |
|
Adds a username to the TCPware ACE/Client database |
|
|
Creates a new database and renames the old one |
|
|
Removes an entry from the database |
|
|
Shows the entries in the database |
Status Commands
Table 1-10 lists the commands that show the status of various network activities. The table also lists the UNIX netstart command that shows similar information. The DEBUG commands require LOG_IO privilege along with either SYSPRV or BYPASS privilege.
Table 1-10 NETCU Status Commands (Continued)
|
Command |
Purpose |
|
Displays information about IP datagrams sent and received over the network |
|
|
Displays information about TCP segments sent and received over the network |
|
|
Displays information about UDP datagrams sent and received over the network |
|
|
Controls logging of non-error events in the NETCP.LOG file or another specified log file. |
|
|
Shows values set using the SET parameters command |
|
|
Prints or displays server access restrictions |
|
|
Displays the entire ARP table for the specified lines |
|
|
Displays a list of the active internet connections (similar to the netstat -a command) |
|
|
Displays statistics counters for TCPDRIVER and UDPDRIVER |
|
|
Displays the current DHCP address lease records |
|
|
Displays information about currently configured DECnet over IP tunnels |
|
|
Displays tracing in GateD |
|
|
Displays the official host name, internet address(es), and alias host names for a specified host name or IP address |
|
|
Displays packet rate information for an interface |
|
|
Displays the multicast host groups joined for an interface or all interfaces |
|
|
Displays IPDRIVER network information for each line and IPDRIVER datagram counters (similar to the netstat -i command) |
|
|
Queries Open Shortest Path First (OSPF) gateways |
|
|
Queries Routing Information Protocol (RIP) gateways |
|
|
Displays the routing table |
|
|
Displays information about protocols and ports NETCP services |
|
|
Displays the SNMP counters maintained by the local host |
|
|
Displays statistics information on the NFS Server |
Security Commands
Table 1-11 lists the commands that control various security functions. Many of these commands are only available with the TCPware Security-Plus product.
Table 1-11 NETCU Security Commands (Continued)
|
Command |
Purpose |
|
Adds a Kerberos access control list (ACL) for accessing the Kerberos database (KDB) |
|
|
Adds an entry to the KDB |
|
|
Used by the Kerberos administrator to remotely add a user to the KDB |
|
|
Creates (initializes) the KDB |
|
|
Creates an encrypted service table file for authenticating principals |
|
|
Dumps the contents of the KDB into an ASCII text file |
|
|
Gets the ticket-granting ticket (TGT) used to obtain Kerberos service tickets |
|
|
Loads the KDB from an ASCII text file |
|
|
Modifies an entry in the KDB |
|
|
Used by the Kerberos administrator to remotely modify a Kerberos user’s password |
|
|
Removes a Kerberos ACL for gaining access to the KDB |
|
|
Removes an entry from the KDB |
|
|
Removes outstanding tickets from the KERBV4.TICKET file |
|
|
Loads the specified address filter file and associates the filter list with the specified line, or removes a previously associated filter list from specified line |
|
|
Enables (or disables) processing of IPSO labels (levels and protection authorities) for specific lines (ports or network interfaces) or for system processing |
|
|
Remotely changes a Kerberos user password |
|
|
Changes the KDB master password |
|
|
Loads (or removes) an outgoing access restrictions file |
|
|
Displays the current address filter list for specified line |
|
|
Displays IPSO information on datagrams |
|
|
Shows the Kerberos ACL entries for access to the ID |
|
|
Shows entries in the KDB |
|
|
Used by Kerberos administrator to remotely show users added to the KDB |
|
|
Shows all outgoing access restrictions |
|
|
Displays a list of active user tickets in the KERBV4.TICKET file |
|
|
Stashes the master password in a protected file |
Miscellaneous Commands
NETCU supports the miscellaneous commands listed in Table 1-12.
Table 1-12 Miscellaneous NETCU Commands (Continued)
|
Command |
Purpose |
|
Adds a secondary address, such as to implement cluster alias failover |
|
|
Removes a secondary address |
|
|
Associates an equivalence string and a set of attributes with a key on the keyboard |
|
|
Exits from NETCU and returns to DCL |
|
|
Displays NETCU online help |
|
|
Sets the local host’s domain name |
|
|
Sets (shows) interface related parameters and options |
|
|
Starts (or stops) NETCP logging |
|
|
Sets the TCPware software password for your system |
|
|
Display the SNMP counters maintained by the local host |
|
|
Displays the local time zone |
|
|
Displays the current version of TCPware for OpenVMS |
|
|
Executes DCL commands without exiting from NETCU |
For details on configuring electronic mail, refer to the Management Guide.
MAIL-CONFIG Command Summary
Table 1-13 lists the commands you can run from the MAIL-CONFIG prompt.
The DCL command $ TCPWARE CONFIGURE/MAIL brings up the MAIL-CONFIG prompt.
Table 1-13 MAIL-CONFIG Command Summary (Continued)
|
MAIL-CONFIG Command |
Description |
|
Adds a mail gateway to another domain. |
|
|
Adds a domain to a list of domains that the TCPware SMTP symbiont considers to be local. If users send mail to hosts beyond the local domains, TCPware forwards the mail to the mail hub specified by the FORWARDER parameter. The local domain list affects mail forwarding only when the FORWARD-REMOTE-MAIL parameter is TRUE. |
|
|
Forms a mail queue grouping of nodes in a cluster, or adds new nodes to an existing queue group. |
|
|
Attaches your terminal to another process. |
|
|
Erases all information from the current configuration; same as ERASE. |
|
|
Deletes a mail gateway. |
|
|
Deletes a domain from TCPware's list of local domains. |
|
|
Deletes a queue group or removes a node from a queue group. When a node is removed from a named queue group, it becomes part of the default queue group. |
|
|
Erases all information from the current configuration; same as CLEAR. |
|
|
Saves the configuration file and exits from MAIL-CONFIG. |
|
|
Reads in a TCPware SMTP configuration file. (Functionally equivalent to USE.) |
|
|
Invokes MAIL-CONFIG command help. |
|
|
Accesses the DCL command interpreter. |
|
|
Prompts you to save the configuration file if it has been modified, then exits MAIL-CONFIG. |
|
|
Functionally equivalent to DELETE GATEWAY. |
|
|
Functionally equivalent to DELETE QUEUE-GROUP. |
|
|
Saves the current configuration file. |
|
|
Identifies the file that holds mail aliases. |
|
|
Sets the domain name for DECnet mail. |
|
|
Specifies whether mail receipts are sent when incoming mail containing Delivery-Receipt-To: or Return-Receipt-To: headers is submitted to the SMTP queue. |
|
|
When TRUE, the TCPware SMTP symbiont looks for messages addressed through PSImail, usually of the form PSI%address::user, and returns them to the sender marked user unknown. |
|
|
When set to TRUE, prevents VMS MAIL users from setting a Reply-To: header address with the logical name TCPWARE_SMTP_REPLY_TO. |
|
|
Specifies the host that will forward mail messages to other hosts. |
|
|
Forwards mail addressed to users on the local host to a central mail hub specified by the FORWARDER parameter. |
|
|
Forwards mail addressed to users on non-local hosts to a central mail hub specified by the FORWARDER parameter. |
|
|
Specifies which RFC-822 message headers should be included in messages delivered to local VMS MAIL users. |
|
|
Specifies a file from which TCPware obtains a list of hosts aliases. |
|
|
Forwards local mail to a specific host. |
|
|
Identifies the user responsible for mail on the system. |
|
|
Specifies the number of mail processing queues that should be created on a particular system. |
|
|
Specifies how Internet mail headers should be mapped to the VMS MAIL "From" header. |
|
|
When FALSE, the TCPware SMTP symbiont omits the Resent-From, Resent-To, and Resent-Date headers that are usually included when a message is forwarded using a VMS MAIL forwarding address. |
|
|
Specifies the amount of time that elapses before another attempt is made to send a message after a failed attempt. |
|
|
Specifies the amount of time that a message can remain in the processing queue before it is returned to sender. |
|
|
Specifies the broadcast class to use to deliver immediate SEND messages. |
|
|
Sets the host name from which all outgoing mail appears to be sent and aliases for which this host accepts incoming mail. |
|
|
Determines whether START_SMTP.COM starts the VMS queue manager if it is not already running. |
|
|
Displays the current configuration. |
|
|
Executes a single DCL command. |
|
|
Indicates whether the SMTP configuration has been modified. |
|
|
Reads in a non-standard configuration file. |
|
|
Displays the MAIL-CONFIG version and release information. |
|
|
Saves the current configuration file. |
Creating Output Files
You can send output to a file for the DEBUG command and any SHOW command except SHOW EXPORT, SHOW GROUP, SHOW MOUNT, SHOW PROXY, and SHOW STATISTICS. Enter the /OUTPUT=filespec qualifier after the command. For example, the following command sends all output for the SHOW CONNECTIONS command to the file MYFILE.TXT:
SHOW CONNECTIONS/OUTPUT=MYFILE.TXT
Exiting NETCU
To exit NETCU, use the EXIT command or type Ctrl/Z. NETCU exits with the last error status, if any. DCL command procedures can use the $STATUS and $SEVERITY symbols to test for success or failure of the NETCU commands issued. A success status indicates that all commands succeeded. A warning, error, or severe status indicates that one or more commands failed to execute, either because of syntax errors or because of operational problems.
When possible, the status code is a System Service (defined in $SSDEF), RMS (defined in $RMSDEF), or shared (defined in $SHRDEF) status. In some cases, status codes are TCPware private codes with a facility number of 1577.
Command Reference
Each NETCU command is described in detail in the next chapter, NETCU Commands. The command descriptions include the command:
• Purpose, and any suggestions or restrictions that may apply
• Format
• Parameters (if any)
• Qualifiers (if any)
Troubleshooting NETCU
This section describes:
• Error messages that NETCU and NETCP can display at startup time
• NETCP error messages that OPCOM displays
NETCU and NETCP Startup Messages
This section lists messages that NETCU and NETCP may issue when you start-up the network.
%TCPWARE_NETCU-E-LPCNF, error configuring line port
-SYSTEM-F-BADPARAM, bad parameter
Meaning: Software other than TCPware might be using a TCP/IP protocol or your system might be running LAT without DECnet.
Action: Be sure TCPware is the only software using the TCP/IP protocols. If LAT is running without DECnet, perform one of the following steps:
• Start TCPware before starting LAT.
%TCPWARE_NETCU-E-LPSTART, error starting line port
-SYSTEM-F-IVADDR, invalid media address
Meaning: Two local lines have the same internet address.
Action: Be sure the internet addresses for all lines are valid, and that no duplicates exist. No two lines can use the same network (or subnet) number. Check the host for a bad SLIP line definition or ask if the host has two Ethernet interface cards. If there are two Ethernet cards, they cannot have the same network number, for example, 192.15.10.1 and 192.15.20.1.
NETCP OPCOM Messages
OPCOM messages inform you when a major event occurs on the network. Some messages are informational (such as when an Ethernet line is being restarted after a fatal error), while others alert you to a problem (such as when an error occurs in trying to restart a port).
NETCP sends a message to OPCOM when a network event occurs. OPCOM formats the messages and adds some information (such as a timestamp). It then displays the messages on the operator's console and writes them to the SYS$MANAGER: OPERATOR.LOG file. OPCOM messages should rarely occur.
All messages from NETCP OPCOM have the following prefix:
Status report from TCPware(R) for OpenVMS NETCP:
Most Important OPCOM Messages
The following are the most important NETCP OPCOM messages.
Line line-id restarted after fatal error
Meaning: The network controller reported a fatal error. The line was restarting automatically.
Action: Investigate the controller error, especially if it occurs repeatedly.
Error restarting line line-id (prot-id protocol) after fatal error
Meaning: The network controller reported a fatal error and TCPware could not recover from the error. An accompanying message displays the error reported by the controller during the restartattempt. After some failures, TCPware may periodically try to restart the controller. The prot-id value is IP, ARP, RARP, LTP (long trailer packets), or STP (short trailer packets).
Action: Investigate the controller error.
OPCOM Message for Interfaces
CAUTION! Maximum receive packet rate exceeded on line line-id (rate packets/second).
Meaning: The interface specified by line-id received more packets than were allowed. This may indicate that either the receive packet rate limit is too low or that a flood of packets were sent to the system and a network problem exists that should be corrected.
Action: If the limit is too low, raise it using SET INTERFACE /RECEIVE_LIMIT. If a network problem exists, investigate it and correct it.
OPCOM Messages for IP-over-DECnet Lines
OPCOM may display the following messages for IP-over-DECnet lines.
DECnet link lost on line line-id
Meaning: The communication path between systems is lost. Some possible causes can be that a modem line is down, a cable has been unplugged, or the peer system is shut down.
Action: If the problem persists, investigate the cause for the lost line.
DECnet line line-id reconnected to peer
Meaning: The lost line was reconnected. Network operation is back to normal.
MTU for line line-id too small, ignoring packets larger than mtu bytes
Meaning: The peer end of the IP over DECnet line is sending datagrams that are larger than TCPware can handle.
Action: Increase the maximum transmission unit (MTU) for the IP-over-DECnet line at the receiving host, or lower it at the sending host. You can reset the MTUs for the receiving host by using the NETCU START/IP command or by reconfiguring the network.
Shutting down line line-id after receiving fatal error
Meaning: A fatal error was detected. This message is usually accompanied by another OpenVMS message which specifies the exact error.
Action: See your OpenVMS documentation.
NETCP.LOG File
The TCPWARE:NETCP.LOG file logs each NETCP master server connection. You can use this file to obtain details on server errors, and to monitor access and security violations.
The NETCP.LOG file shows:
• When the connection was established
• Which protocol is servicing the connection
• The internet addresses of both hosts
• The name of the server process created
Before you examine the NETCP.LOG file, issue the NETCU SHOW SERVICES command. This command writes the current server information to the NETCP.LOG file.
Example 1-1 shows part of a sample NETCP.LOG file.
Example 1-1 NETCP.LOG File
TCPware(R) for OpenVMS NETCP Copyright (c) 2004 Process Software
** 1-JAN-2004 09:24:18 NETCP Master Server started.
