Net/Rom Node Information for the Sysop - Part Two

by Andy Nemec, KB9ALN

This series is intended to assist TheNet (Net/Rom) node operators understand the complexities of the X-1J series of nodes used widely throughout Wisconsin. We'll discuss each of the commands intended for node Sysops alphabetically. Part one started with the ACL command, and we continue our discussion in Part Two.

To Re-Cap

ACL is a mechanism for controlling access and functions of the node based on call-signs. This is done based on two numerical values, the "Mask" value and the "Default" value.

Permit or Deny?

The ACL list of call-signs can be configured as an "Access" list or a "Deny" list. It all depends on the Default and Mask values you use. Naturally, one must be very careful when using it, a Sysop could very well lock him or herself from the node if the command is not entered correctly. This means that a trip to the node site may be necessary to reset the node before radio access can again be gained.

The Default Value

This is a number chosen that reflects a "no action taken" in response to call-signs that match this value.

For example, if you enter your own call-sign with the default value, you get access under all circumstances. If you enter a call-sign with a value higher than the Default value, it is subject to evaluation with the Mask Value.

The Mask Value

This value tells the node which ACL functions are to be used. This is based on the bit values mentioned in Part One. Mask values are these bit values plus 1. Look at the list of these values in part one while we discuss the Mask.

The Deny List Configuration

 Let's say that we want the Default Value to be 0, and we want a Mask value of 127. Now let's suppose we have a distant node that is not a good path, one that we wish to prevent from connecting to the node. In our example, the node call is WX9BAD-5. We will enter a default value and then assign a value of 127 to this call-sign with these commands (executed in the Sysop mode):

ACL * 0                         < Assigns an ACL Default value

ACL & 127                     < Assigns an ACL Mask value

ACL WX9BAD + 127        < Enters this call-sign and value to the ACL list

This means that WX9BAD will not be able to make an incoming or outgoing AX.25 connection (necessary to initiate a Net/Rom circuit), and will ignore the SSID. This corresponds to bit 0 +1, bit 1 +1, and bit 6 +1, which is 127.

The Mask means that your our node will only bar incoming and outgoing AX.25 connections, and will ignore the SSID of the listed station when checking the call-sign. Now we can get a little tricky.

I mentioned before that it is possible to keep everyone (including the sysop) from connecting to the node. Let's say, for examlple, that I am the Sysop of this node. I can prevent this from happening by the addition of this command:

ACL KB9ALN + 0

This places may call-sign at the Default level, and the Mask value (hence ACL) has no effect when the node encounters my call-sign.

The Access List Configuration

We can also select Default and Mask values to achieve the opposite effect. Let's say that our node wishes to communicate with another node for Level 3 and 4 connections. We'll call this node WX9GUD-5. Here are what the commands look like for ACL access list:

ACL * 7                       < Set the Default value at 7

ACL & 0                      < Set the Mask value at 0 - No Mask used

ACL WX9GUD-5 + 64    < Set the ACL Value for this station to 64

Now we are guaranteed to be able to connect and make Level 3 and 4 connections to WX9GUD-5. Note that we have not set the "Ignore the SSID" Bit, so this entry only applies to WX9GUD-5. WX9GUD-3 would not be permitted these priveleges. Why?

There are reasons for doing this, mostly for network management. In the first example, we denied access to and from a node that is unreliable. In the second, we guaranteed access to a known, reliable node and made sure it was part of the network.

Removing an ACL Entry

Call-Signs are added to the ACL List with the "+" modifier, and removed with the "-" modifier. No other information need be entered when removing a call-sign from the list.

To change or deactivate the Default or Mask values, just enter a new value of 0. Here are a few examples:

ACL WX9BAD -     < Removes WX9BAD from the ACL list.

ACL * 0                < Removes the Default value.

ACL & 0               < Removes the Mask value.

ACL -                 < Shuts off all ACL functions.

WAPR Recommendations

ACL is difficult to understand and can be tricky to implement. For that reason, WAPR recommends you not use it if there is another way to accomplish your goal. As was cautioned before, you can effectively lock yourself and everyone else out of the node if you don't get it right. This has happened, and it made for quite a problem when trying to change anything on this node.

If you must use it, be sure to make certain that you use the above example of 0 default, your desired mask, and set several call-signs as 0 so that selected Sysops can connect to the node. I say "selected Sysops" just in case something happens when you are out of town or something prevents you from operating the node. You should have at least two other people set up to be able to Sysop the node if something keeps you from maintaining the node. Otherwise, your node may be inaccessable to the rest of the network. In Part 3, we'll continue our discussion with ADC.

Proceed to Part 3 

Back to Part 1

Back to the Node Sysop Information Index

Back to the WAPR Home Page