Notes on using the DMS-100 Switching System interface =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= The DMS-100 is Digital Multiplex System made by Northern Telecom (NTI) with a nice commands interface that's pretty easy to use, overall. A lot of the material is still cryptic but some things can be peiced together and that's what's been done here. DMS has some online help, and that combined with hours of system use bring about this very cool, file for you priveleged elite d00ds you. Enjoy and use it respectfully and your access will last. Logging In: =-=-=-=-=-= The DMS system can be accessed by direct dialup, or on a data network. BOC OSS' s such as SCCS and RMA, LMOS, MARCH, PREDICTOR, EADAS, and GTE functions such as 4TEL for testing purposes, any many more systems, can be used to access the DMS system. The links are different for each one though, as I don't know of a way to connect to switch from EADAS and I'm not sure if that port is used for input or not. You will know a DMS-100 system by it's original prompting of a control-g character at the first connection point to any input except for the break signal. After sending a break, you will get a ? prompt and here you can enter a limited range of commands. Here, type LOGIN and you will be prompted for the username and password. ?login Enter User Name >(username) Enter Password > If it's good you will get access. If it's not you will see.. Invalid user name or password. Some common accounts for the DMS-100 and some background data: ADMIN/ADMIN - the ADMIN account with the highest privs in most cases I have seen. Probably wouldn't want to use ADMIN too often because it seems like it would be likely to be noticed by the real admin. OPERATOR/OPERATOR - The Maintenance & Adminstrative Position (MAP) user. Often logged in on long term basis. Wouldn't recomment long term use of this account. Might be good for getting a quick access to get the rest of the usernames. High privs. NTAS - Have not found a default password, but is Northern Technical Assistance Service's login to the switch. NTAS sometimes needs to log in to do things like patch admin and other technical support. Also try NTAS1, NTAS2, etc. ETAS - Emergency Technical Support, I think...Northern Telecom's 24 hour emergency support. Have not found default though I have also found PHANTOM to be a common username, along with things the names of various testing and operations support systems such as 4TEL, MARK (mechanized assignment and record keeping), and probably others in bell areas such as ALIT for Automatic Line Insulation Testing (commonly accessed over the Plant Service Center PSC port through PREDICTOR) can be good logins. Bureaus such as RCMAC and TRANSLATIONS are good also. Also geograhic locations and sites near or serving from the switch, like a university name, or one particular area of admin. Peoples names are also good. I have not found any username or password that is not in uppercase, so don't worry about case mixing. You might want to think about who uses the account and if they are going to notice it or not. An account access may leave a log and it's up to the person or system at the other end, or people viewing the report, if the last access time and device is noticed. If an account such as ALIT is logged in from a device other than the one it usually uses, the next access will say where the last login came from. So if it's the same device as usual then that's less to flag a persons attention. Of course if an account has not been used in a long time then it's password may be expired. In one case the switch did not let me on due to expiration. In other cases it let me change the password. I would recomment changing the password back to what it was before you changed it because that way the original user won't notice anything if they decide to logon again. The accessing of an account will possibly generate an entery in a table on the switch called ACTSYS. It will list the access time, logon, logoff, account name, and other information. Just to let you know it is logged and can be read. More about this in the report section. Eventually after the correct login/password pair, you will receieve the system banner message, if any, or just the information about the site, the CLLI code, the date, and the BCS version. I think BCS 36 is the highest at this present time. BCS is like a generic on the ESS switches. After login you will recieve the Command Interpreter level indication message (CI:) and the > prompt. Here you can enter commands and there are lots of interesting ones. 93/10/03 06:17 **** H0H214 CITYNAME BCS35 RTM Applied 23MAR93 **** CI: > A nice command is SHOW USERS. >show users NAME PRIO STACK NRDEV LANGUAGE PRIV CLASSES OPERATOR 4 10000 ENGLISH ALL ADMIN 4 10000 ENGLISH ALL NTAS 4 7000 ENGLISH ALL BILL 4 7000 ENGLISH ALL SSOCV 4 7000 ENGLISH ALL MARK 4 7000 ENGLISH 12 ETAS 4 7000 ENGLISH ALL NTAS1 4 7000 ENGLISH ALL DAVE 4 7000 ENGLISH 13 CNET 4 7000 ENGLISH ALL FRAME 4 7000 ENGLISH ALL SOI 3 7000 ENGLISH 15 PHANTOM 4 7000 ENGLISH ALL INQUIRE1 4 7000 ENGLISH 16 INQUIRE2 4 7000 ENGLISH 16 INQUIRE3 4 7000 ENGLISH 16 INQUIRE4 4 7000 ENGLISH 16 TSS 4 7000 ENGLISH ALL MX3 4 7000 ENGLISH ALL ONLINE 4 7000 ENGLISH ALL MONITOR 4 7000 ENGLISH ALL NTITMS 4 7000 ENGLISH ALL MAP5 4 7000 ENGLISH ALL MAP6 4 7000 ENGLISH ALL RECENT 4 5000 ENGLISH ALL CMAC 4 7000 ENGLISH 12 MSI 4 7000 ENGLISH 16 As you can see, all the users on the switch. You can show the users currently online by using the QUSER command. Most of the fields are pretty easy to understand. >quser all complete EITHER incorrect optional parameter(s) OR too many parameters. USER INPUT INPUT OUTPUT OUTPUT LAST U USER NAME DEVICE FILE DEVICE FILE LOGON P PROCID --------------- -------- -------- -------- -------- -------------- - ----------- OPERATOR MAP none MAP none 94/09/08 02:50 N #4511 #1031 BILL MAP1 none MAP1 none 94/09/08 00:34 N #4511 #5004 FRAME MFRAME none MFRAME none 94/09/08 02:51 N #4511 #1054 MX3 MACX none MACX none 94/09/08 05:43 N #4511 #105B This is a partial listing of what a complete information quser command looks like. I tried "all" above for the DEVICE field of input but it didn't like it and gave me that error. However, you can see the username, their input device (talked about in table TERMDEV), any input file or output file/device active, their last logon, and their process ID. So user Bill logged in at the MAP1 device at the switch. OPERATOR is generally the user logged in on the MAP most of the time. There can be restrictions placed upon the number of login retries a given port has as based on the login control tables. The table LGICNTL and TERMDEV show things about the devices and login processes, user associated with a device, and the like. >table termdevs TABLE: TERMDEV >lis all TOP TERMDES IOCNO CKTNO TERMTYPE BAUDRT INTYP EQPEC PRTY GUAR MODEM COMCLASS ---------------------------------------------------------------------------- MAP 0 8 VT100 B2400 CL 1X67BD NONE N NONE ALL MAP1 2 20 VT100 B2400 EIA 1X67BD NONE N NONE ALL MAP2 2 16 VT100 B9600 EIA 1X67BD NONE N NONE ALL >table lginctrl TABLE: LGINCTRL >lis all TOP TERMDES DISTIME MAXLOGIN MAXIDLE MAXRETRY DISABLON FRCOUT DIALBACK DIALTYPE NUMRINGS NUMCALLS ---------------------------------------------------------------------------- MAP -1 60 -1 4 NONE N DB_OFF AUTO 7 1 MAP1 -1 60 -1 4 NONE N DB_OFF AUTO 7 1 MAP2 -1 60 -1 4 NONE N DB_OFF AUTO 7 1 In this case, all the fields are the same except for the TERMDES terminal designation I would guess. Some other TERMDES listed include: MAPx, MFRAME, MAPPRT, LANx, ETASVDUx, and others. ETASVDU is I supposed a special interface to ETAS? I am not sure if it is always active or if there is some special connection made when ETAS is online. You can find out what login information is associcated with each console by using the logincontrol command (which accesses the data in the above table) to display the information in a more readable format (something the 1AESS is not good at). CI: >logincontrol all query full Console MAP enabled. User: OPERATOR. Autodisable Time: Forever, Max Login Time: 60 secs, Max Idle Time: Forever, Max Login Retries: 4, Open Condition Logout: N, Dialback: Off. No disable settings. Console MAP1 enabled. User: BILL. Autodisable Time: Forever, Max Login Time: 60 secs, Max Idle Time: Forever, Max Login Retries: 4, Open Condition Logout: N, Dialback: Off. No disable settings. Console MAP2 enabled. User: ALLEN. Autodisable Time: Forever, Max Login Time: 60 secs, Max Idle Time: Forever, Max Login Retries: 4, Open Condition Logout: N, Dialback: Off. No disable settings. Console MAP3 enabled. User: BILL. Autodisable Time: Forever, Max Login Time: 60 secs, Max Idle Time: Forever, Max Login Retries: 4, Open Condition Logout: N, Dialback: Off. No disable settings. Console MFRAME enabled. User: FRAME. Autodisable Time: Forever, Max Login Time: 60 secs, Max Idle Time: Forever, Max Login Retries: 4, Open Condition Logout: N, Dialback: Off. No disable settings. Console ETASVDU enabled. Autodisable Time: Forever, Max Login Time: 60 secs, Max Idle Time: Forever, Max Login Retries: 4, Open Condition Logout: N, Dialback: Off. No disable settings. Console MACX enabled. User: MX3. Autodisable Time: Forever, Max Login Time: 60 secs, Max Idle Time: Forever, Max Login Retries: 4, Open Condition Logout: N, Dialback: Off. No disable settings. Well, I guess that's enough about the factors around logging in. I will discuss the report outputs and switch security that I know of later. Let's move on to some pragmatic uses of the interface. Next, a good command to use is Query Directory Number, or QDN. > QDN 5555555 DN: 5555555 (NON-UNIQUE) TYPE: PILOT OF DLH HUNT GROUP SNPA: 608 SIG: DT LNATTIDX: N/A HUNT GROUP: 224 HUNT MEMBER: 0 LINE EQUIPMENT NUMBER: CENT 00 0 05 25 LINE CLASS CODE: IBN IBN TYPE: STATION CUSTGRP: WIUC SUBGRP: 0 NCOS: 2 CARDCODE: 6X17AC GND: N PADGRP: STDLN BNV: NL MNO: N PM NODE NUMBER : 124 PM TERMINAL NUMBER : 80 OPTIONS: CDC WIUC DGT GROUP OPTIONS: TFO RCVD MEMBER INFO: 1 CENT 00 0 03 15 ------------------------------------------------------------------------------- SNPA is the local Serving area code. SIG DT means DigiTone (touch-tone) signaling. LNATTIDX is Line Attribute Index. The number is a hunt group member with LEN CENTranet 00 0 05 25 and LCC Integrated Business Network, Northern Telecom's centrex-equivalent end station. I think these also relate to like Key System kind of things, end user equipment to go hand in hand with the services offered. The Customer Group is WIUC, a theoretical university. SUBGRP I am not sure what that relates to specifically. NCOS is Network Class of Service, as found in the NCOS table. The Cardcode is the type of card. I read somewhere that if you have a tap on the line the cardcode would reflect this but I have not found any instance of this personally. GND N I guess means it is not a ground start line. Not sure about the rest until it gets to OPTIONS, with CDC meaning Customer Data Change, a feature on the DMS that will let the customer of a Centrex/Centranet dial in and adminster their partition of the switch (from like 555-1000 to 555-1500 for instance). You may try the logins of CENTREX, CENTRANET, or combinations thereof. The rest has been explained. I am not sure what the GROUP OTIONS are though. The Member Info though is the list of Centranet member numbers. This can go on for a while therefore elimating the old problem of always needing hunt DN and tying up lines that way by hunting to a different centranet group instead of a DN. The next table we will look at is Test Line Control. It has the phone numbers for the test lines in that office in the SUBtable TLNOS. You use the SUB subcommand (see CMDS table) of TABLE to access the subtable and then list the data. Fields in a table in parenthesis often are subtables. >TABLE: TSTLCONT >sub tlnos >lis all TOP TESTLINE TLNUMBER TL_MFC_OG_SIG ----------------------------------------- T100 5555200 N T101 5555201 N T102 5555202 N T103 5555203 N TCLC 5555214 N TOPC 5555209 N TNSS 5555211 N TSYN 5555210 N TLPA 5555207 N BOTTOM > T100-T103 are those types of test lines. They aren't really much use that I have found unless you happen to own something like a CAROT system and want to connect with one to retrieve measurement data that will be pretty damn boring in most any case I would think. But, TLPA and TLPA are Test Loop Around port A and port B, the infamous loop lines. I am not sure what TL_MFC_OG_SIG means though. There seems to be a list of tables, sometimes only a partial list, in the table TABLES. I am not sure what all the different type of tables mean, but I have come across WRITE ONLY tables and I do not know how to use them. Also, sometimes the data in tables may only be a notepad for office data instead of the switch actually relying on the table for a function. For instance I have found switches that list test numbers where there are nothing but disconnected/not in service numbers. The same thing can be said of the CLIDN table which is all the numbers with the Calling Line Identification feature on them. See appendix 1 for the table TABLES. A CLIDN table looks like this: >table clidn TABLE: CLIDN >lis all TOP DIGITS ---------- 6085553200 6085555585 6085557112 BOTTOM > A QDN of any number in the above list will most likely result in you seeing the feature CLI listed at the bottom. This is not true in all cases though, as previously mentioned. The CLI numbers, when called, will elicit a response from the switch resulting in the calling number/trunk, called number, time, and other information. They are LINE and TRK messages. (CLLI)* LINE115 JUL17 01:57:49 8500 INFO CALLING LINE IDENT LEN HOST 03 0 09 23 DN 5553200 CALLING LINE = LEN HOST 00 0 17 02 DN 5552325 CALLID = 142413 (CLLI)* LINE117 JUL17 00:02:02 8200 INFO CALLING LINE IDENT LEN HOST 10 0 18 28 DN 5555585 INCOMING TRUNK = CKT (trunk CLLI) 29 CALLID = 654117 (CLLI)* LINE117 JUL17 00:07:30 1100 INFO CALLING LINE IDENT LEN HOST 12 0 12 24 DN 5555585 INCOMING TRUNK = CKT 4TEL 1 CALLID = 200990 As you can see, a 4TEL made an outgoing call for line testing purposes to the number 5555585 on July 17 at 7:30. The CALLID I guess is just a transaction number of some sort. I am not sure what the numbers after the time mean. The rest should be pretty easy to understand.