Net/Rom Node Information for the Sysop - Part Two
by Andy Nemec, KB9ALN
This series is intended to assist TheNet (Net/Rom) node operators understand
the complexities of the X-1J series of nodes used widely throughout Wisconsin.
We'll discuss each of the commands intended for node Sysops alphabetically.
Part one started with the ACL command, and we continue our discussion in
Part Two.
To Re-Cap
ACL is a mechanism for controlling access and functions of the
node based on call-signs. This is done based on two numerical values, the
"Mask" value and the "Default" value.
Permit or Deny?
The ACL list of call-signs can be configured as an "Access" list
or a "Deny" list. It all depends on the Default and Mask values
you use. Naturally, one must be very careful when using it, a Sysop could
very well lock him or herself from the node if the command is not entered
correctly. This means that a trip to the node site may be necessary to
reset the node before radio access can again be gained.
The Default Value
This is a number chosen that reflects a "no action taken" in response to
call-signs that match this value.
For example, if you enter your own call-sign with the default value,
you get access under all circumstances. If you enter a call-sign with a
value higher than the Default value, it is subject to evaluation with the
Mask Value.
The Mask Value
This value tells the node which ACL functions are to be used. This is based
on the bit values mentioned in Part
One. Mask values are these bit values plus 1. Look at the list of these
values in part one while we discuss the Mask.
The Deny List Configuration
Let's say that we want the Default Value to be 0, and
we want a Mask value of 127. Now let's suppose we have a
distant node that is not a good path, one that we wish to prevent from
connecting to the node. In our example, the node call is WX9BAD-5. We will
enter a default value and then assign a value of 127 to this call-sign
with these commands (executed in the Sysop mode):
ACL * 0
< Assigns an ACL Default value
ACL & 127
< Assigns an ACL Mask value
ACL WX9BAD + 127 <
Enters this call-sign and value to the ACL list
This means that WX9BAD will not be able to make an incoming or outgoing
AX.25 connection (necessary to initiate a Net/Rom circuit), and will ignore
the SSID. This corresponds to bit 0 +1, bit 1 +1, and bit 6 +1, which is
127.
The Mask means that your our node will only bar incoming and
outgoing AX.25 connections, and will ignore the SSID of the listed station
when checking the call-sign. Now we can get a little tricky.
I mentioned before that it is possible to keep everyone (including the
sysop) from connecting to the node. Let's say, for examlple, that I am
the Sysop of this node. I can prevent this from happening by the addition
of this command:
ACL KB9ALN + 0
This places may call-sign at the Default level, and the Mask value (hence
ACL) has no effect when the node encounters my call-sign.
The Access List Configuration
We can also select Default and Mask values to achieve the opposite effect.
Let's say that our node wishes to communicate with another node for Level
3 and 4 connections. We'll call this node WX9GUD-5. Here are what the commands
look like for ACL access list:
ACL * 7
< Set the Default value at 7
ACL & 0
< Set the Mask value at 0 - No Mask used
ACL WX9GUD-5 + 64 < Set the ACL Value for this
station to 64
Now we are guaranteed to be able to connect and make Level 3 and 4 connections
to WX9GUD-5. Note that we have not set the "Ignore the SSID" Bit, so this
entry only applies to WX9GUD-5. WX9GUD-3 would not be permitted these priveleges.
Why?
There are reasons for doing this, mostly for network management. In
the first example, we denied access to and from a node that is unreliable.
In the second, we guaranteed access to a known, reliable node and made
sure it was part of the network.
Removing an ACL Entry
Call-Signs are added to the ACL List with the "+" modifier, and
removed with the "-" modifier. No other information need be entered
when removing a call-sign from the list.
To change or deactivate the Default or Mask values, just enter a new
value of 0. Here are a few examples:
ACL WX9BAD - < Removes WX9BAD from
the ACL list.
ACL * 0
< Removes the Default value.
ACL & 0
< Removes the Mask value.
ACL -
< Shuts off all ACL functions.
WAPR Recommendations
ACL is difficult to understand and can be tricky to implement. For that
reason, WAPR recommends you not use it if there is another way to accomplish
your goal. As was cautioned before, you can effectively lock yourself
and everyone else out of the node if you don't get it right. This has
happened, and it made for quite a problem when trying to change anything
on this node.
If you must use it, be sure to make certain that you use the above example
of 0 default, your desired mask, and set several call-signs as 0
so that selected Sysops can connect to the node. I say "selected Sysops"
just in case something happens when you are out of town or something prevents
you from operating the node. You should have at least two other people
set up to be able to Sysop the node if something keeps you from maintaining
the node. Otherwise, your node may be inaccessable to the rest of the network.
In Part
3, we'll continue our discussion with ADC.
Proceed
to Part 3
Back
to Part 1
Back
to the Node Sysop Information Index
Back to
the WAPR Home Page