|
TCP/IP TELNET/TELNET 5250 Functionality Requirement When using fixed IP addresses, detailed access control with name assignment is possible. When using DHCP and daily dynamic address assignment it is only possible to work with IP address groups or with wildcards. If access is being performed via Internet, each access has different addresses. Name assignment therefore is only on a very general basis. It is allowed to concurrently work with fixed IP addresses, with IP address limit areas (from/to IP address) and wildcards. Internet accesses for example would be running via wildcard record *.*.*.* as long as the addresses are not stored.
Signon screen with generic name
Rejected TELNET access Dependencies from installed OS/400 release TELNET control is possible starting with OS/400 V4R3. PCSACC/400 V3R2M7 runs on OS/400 V4R3 or later. Generic names should be used carefully in V4R3 as eventually bottlenecks may occur in the interface Programm. If an interface program does not assign a device within 10 seconds or is rejecting the access, controlling is being terminated and a device like e.g. QPADEV... is being assigned. If an RPG error occurs in the interface program the same will be true. Starting with OS/400 V4R4 multiple QTVDEVICE jobs exist with activeexit programs. Therefore, performance bottlenecks should no longeroccur. What can be controlled TELNET access can be allowed or rejected for an IP address. A device name may be controlled if a name has been used in the PC definition. Controlling will be performed seperately for displays and printers, as well as checking the availability of the device. For display's, a name from a pool may be assigned. Assignment of a generic name may be performed optionally or enforced. This allows to relate specific names to the devices of PC users. Additionally, load balancing is possible by using separate subsystems with appropriate workstation entries, like e.g. all users GERM* will be working within subsystem GERMANY. For controlling of names and/or assignment, it is possible to limit the number of sessions. A weekly calendar is available. Autologon may also be controlled. How to define an IP address? An explicit IP address may be specified e.g. 172.16.1.24. address elements can be replaced by wildcard symbols from the rear like e.g. 172.16.1.*, 172.16.*.* or *.*.*.*. It is also possible to work with address groups like e.g. 172.16.1.10 - 172.16.1.39, like it is commonly used with DHCP. All IP addresses
are internally stored with 15 characters, e.g. 172.016.001.024. Appropriate Assignment of generic device names Dependencies from installed PC client programs Assignment of a generic name may be enforced, or may be optional if no name is being provided by the PC or if the device name contains character '#' at the end. When specifying the name BUSCH*, the program first searches for all existing devices starting with BUSCH. If one of these devices is available (Status = inactive or active pending) this device will be assigned. If no name has been selected, the program will search for names BUSCHA-BUSCHZ and BUSCH1-BUSCH9999. The next name available will be assigned. If only 1 free position exists e.g. ROLFBUSCH*, then only ROLFBUSCHA - ROLFBUSCHZ or ROLFBUSCH1 - ROLFBUSCH9 can be assigned. For 2 free positions assignment is possible up to .....99, for 3 free positions up to ....999 and for 4 free positions up to ...9999. Beginning
with Client Access Express V5R1 and
iSeries Access for Windows V5R2 and
V5R3 Client Access Express V4R4 and V4R5 support generic names. When specifying BUSCH*, the system will automatically assign BUSCHA and so on. For Client Access V3R2 clients the generic name BUSCH* will be replaced by BUSCH#. The interface program will detect this and will assign a generic name starting from BUSCHA. Name assignment When using generic names controlling of display names is not possible. If use of a specific name for PC printers shall be controlled, the field for printer name control should be set to '1', this will be effictive for printers only. This allows to specify a generic name and to additionally control printer names if both requests are from the same IP address. A file QPCS/DEVLOGP exists in order to prevent two active interface programs to compete concurrently for a device. As only the first program may use the name, the second program will have problems as the name already has been assigned. If a program detects an available device or an available free name, a record will be written into that file. If this has been performed successfully, the name is reserved. If a record for a name already exists in that file, the Programm will check whether this record is available. If it is available, the name will be reserved. If no reservation could be performed, further searching will take place. This file also contains the key of the record that has been selected for TELNET access control. The program for terminating LOGOFF a TELNET session will release this record if it is a name that is specified by PCSACC/400 for the first time. If this device already has been existing the record will be deleted. The physical file will reuse deleted records. Fixed assignment of device names For each IP record unlimeted number of device names can be defined. If a special name is specified by the PC, program PCSTEL checks whether this is an existing name in the name pool. If the name is allowed and available, it will be assigned. If not, the next free and available device name from the name pool will be used. Limit number of active sessions For controlling the number of active display sessions, on of both methodes for naming control must be selected and the number of sessions has to be specified greater than 0. The TELNET logon program PCSTEL checks that value, adds 1 to active sessions and writes a record to the device work file. The TELNET logoff Programm LOGOFF reduce this value. |
back to top