Aga 12.3

UniGuard AES
Manual
UniGuard AES
Rev 303E2
Communication Devices Inc.

85 Fulton Street
Boonton, NJ 07005
USA
Phone: +1 973 334-1980
Fax: +1 973 334-0545
Internet:support@commdevices.com
Copyright Communication Devices Inc. UniGuard
1-1
UNIGUARD/UNIGUARD V34, TABLE OF CONTENTS

1
DIFFERENCES BETWEEN UNIGUARD V.34 AND UNIGUARD V.90 ................................... 1-7
GENERAL ......................................................................................................................................... 2-1

2.1
UNIGUARD CLIENT (ENCRYPTION)............................................................................................... 2-1
2.2
UNIGUARD DEMAND DIAL ROUTING DDR.................................................................................. 2-1
2.3
ENCRYPTION ................................................................................................................................ 2-1
2.3.1
Session Keys ........................................................................................................................ 2-1
2.4
CALLER AUTHENTICATION ACCESS CONTROL ............................................................................. 2-1
2.4.1
Challenge/Response with Encryption .................................................................................. 2-1
2.4.2
Challenge/Response with a Token.................................................................................. 2-2
2.5
TYPES OF TOKENS ........................................................................................................................ 2-2
2.5.1
RSA SecurID Token ............................................................................................................. 2-2
2.5.2
PC Token ............................................................................................................................. 2-2
2.5.3
Soft Token ............................................................................................................................ 2-2
2.5.4
Pager Token......................................................................................................................... 2-2
2.5.5
Challenge/Response without a Token............................................................................. 2-2
2.6
TYPICAL SESSION ......................................................................................................................... 2-3
2.6.1
PC Token or Soft Token Caller with Password ................................................................... 2-3
2.6.2
Non Token Callers ............................................................................................................... 2-4
2.7
HOST ACCESSING A MODEM ........................................................................................................ 2-4
USING THE RSA SECURID TOKEN............................................................................................ 3-1

3.1
RSA SECURID TOKEN TYPES....................................................................................................... 3-1
3.2
LOGIN IN ...................................................................................................................................... 3-1
3.3
CONNECTING TO THE ACCESS CONTROL MODULE ....................................................................... 3-1
3.3.1
Enter Passcode:................................................................................................................... 3-1
3.3.2
Getting Your PIN ................................................................................................................. 3-1
3.3.3
Receiving a System-Generated PIN..................................................................................... 3-2
3.4............................................................................................................................................................ 3-2
3.5............................................................................................................................................................ 3-2
3.5.1
Making Up Your Own PIN .................................................................................................. 3-3
3.6
LOGGING IN WITH A STANDARD (NON PIN PAD) CARD .............................................................. 3-4
3.6.1
Logging in with a Standard Card ........................................................................................ 3-4
3.7
LOGGING IN WITH A PINPAD CARD ............................................................................................ 3-5
3.8
LOGOFF ........................................................................................................................................ 3-6
SYSTEM REPORTS AND DEFAULTS ......................................................................................... 4-1

4.1
DEFAULTS .................................................................................................................................... 4-1
4.1.1
HOST/Link Port Defaults .................................................................................................... 4-1
4.1.2
Modem ................................................................................................................................. 4-1
4.2
GETTING STARTED ....................................................................................................................... 4-1
DISPLAYS ......................................................................................................................................... 5-1

5.1
DISPLAYS ..................................................................................................................................... 5-1
5.2
LED FUNCTIONS .......................................................................................................................... 5-1
5.2.1
DTR LED (Data Terminal Ready) ....................................................................................... 5-1
5.2.2
DCD LED (Data Carrier Detect) ........................................................................................ 5-1
5.2.3
Bypass LED ......................................................................................................................... 5-1
5.2.4
Power LED .......................................................................................................................... 5-1
5.3
MODEM LED FUNCTIONS (V34 ONLY)...................................................................................... 5-1
5.3.1
Tx LED................................................................................................................................. 5-1
5.3.2
Rx LED ................................................................................................................................ 5-2
5.3.3
DCD LED ............................................................................................................................ 5-2
5.3.4
28 LED................................................................................................................................. 5-2
5.3.5
14 LED................................................................................................................................. 5-2
Copyright Communication Devices Inc. UniGuard 1-2
5.3.6
96 LED................................................................................................................................. 5-2
5.3.7
OH LED............................................................................................................................... 5-2
5.3.8
DTR LED ............................................................................................................................. 5-2
5.3.9
EC LED ............................................................................................................................... 5-2
5.3.10 FX LED................................................................................................................................ 5-2
5.4
DIFFERENCES IN V.90 MODEM LED FUNCTIONS ......................................................................... 5-2
5.4.1
56 LED................................................................................................................................. 5-2
5.4.2
33 LED................................................................................................................................. 5-2
5.4.3
14 LED................................................................................................................................. 5-2
5.5
UNIGUARD CONNECTORS ............................................................................................................ 5-3
5.5.1
Host Port Connector............................................................................................................ 5-3
5.5.2
Link Port Connector ............................................................................................................ 5-3
5.5.3
IP Port (10BASE-T)............................................................................................................. 5-3
5.5.4
TELCO (V34) or Modem (Std) Connectors ......................................................................... 5-3
5.5.5
Cabling ................................................................................................................................ 5-3
5.5.6
Wall Mounted Power Supply ............................................................................................... 5-4
5.5.7
Installation........................................................................................................................... 5-4
6
UNIGUARD RACK ADAPTOR KIT.............................................................................................. 6-1

6.1
6.2
PREPARING THE UNIGUARD ......................................................................................................... 6-1

MOUNTING A UNIGUARD IN THE EXPANSION PANEL, ................................................................... 6-1
CONFIGURING THE UNIGUARD................................................................................................ 7-1
UNIGUARD PARAMETERS .......................................................................................................... 8-1

8.1
LOADING PARAMETERS ................................................................................................................ 8-1
8.2
USER FUNCTIONS ......................................................................................................................... 8-1
8.2.1
Add Users ............................................................................................................................ 8-1
8.2.2
User ID ................................................................................................................................ 8-1
8.3
TYPE OF USER .............................................................................................................................. 8-1
8.3.1
Call Back User..................................................................................................................... 8-1
8.3.2
Roving User ......................................................................................................................... 8-1
8.3.3
Secure Call Through User ................................................................................................... 8-1
8.3.4
Secure Call Through User w/Encryption............................................................................. 8-1
8.3.5
Pager User........................................................................................................................... 8-2
8.3.6
Token User........................................................................................................................... 8-2
8.3.7
Calculator Token User ........................................................................................................ 8-2
8.3.8
RSA SecurID Token ............................................................................................................. 8-3
DEFINE MESSAGE FUNCTIONS ................................................................................................. 9-1

9.1
PRIMARY MESSAGE ...................................................................................................................... 9-1
9.1.1
Primary messages can be up to 1000 characters in length; backspaces may be used for
editing Secondary Message ................................................................................................................. 9-1
9.2
HOST CONNECT MESSAGE ........................................................................................................... 9-1
10
SYSTEM OPTIONS.................................................................................................................... 10-1
10.1 SET SECURITY LEVEL ................................................................................................................. 10-1

10.2 FIRST USER MESSAGE DELAY .................................................................................................... 10-1
10.3 SET INACTIVITY TIME ................................................................................................................ 10-1
10.4 SET TIME AND DATE .................................................................................................................. 10-1
10.5 MODIFY SYSTEM PASSWORD ..................................................................................................... 10-1
10.6 HOST PORT, DTR OPTIONS ........................................................................................................ 10-1
10.6.1 Host Port DTR, Monitor .................................................................................................... 10-1
10.6.2 Host Port DTR, Ignore ...................................................................................................... 10-1
10.7 HOST DIAL-OUT OPTIONS .......................................................................................................... 10-1
10.7.1 Host Dial-out, Disabled..................................................................................................... 10-1
10.7.2 Host Dial-out, Enabled...................................................................................................... 10-2
10.7.3 Host Dial-out, Auto Authentication ................................................................................... 10-2
1-3
10.8 HOST AT COMMAND ACCESS ................................................................................................. 10-2

10.8.1 Host AT Command Access, Disable .............................................................................. 10-2
10.8.2 Host AT Command Access, Enabled with CDI Reset.................................................... 10-2
10.8.3 Host AT Command Access, Enabled Transparent......................................................... 10-2
10.9 ENABLE/DISABLE TRIPLE DES/AES ......................................................................................... 10-2
10.10
SYSTEM KEY .......................................................................................................................... 10-2
10.11
ASSIGN X917 ID'S: USER/BOX ............................................................................................... 10-2
10.12
POWER/IP OPTION .................................................................................................................. 10-2
10.13
IP DIALOUT 10(BASE-T INTERFACE) .................................................................................... 10-3
10.14
IP (BASE-T INTERFACE) CONNECTION .................................................................................. 10-3
10.14.1
Break Sequence Enable ................................................................................................. 10-3
10.15
IP FILTER ............................................................................................................................... 10-3
10.15.1
Radius Services.............................................................................................................. 10-3
11
NETWORK SERVICES AVAILABLE .................................................................................... 11-1
11.1 DESCRIPTION OF THE NETWORK SERVICE ................................................................................... 11-1

11.1.1 Health Status ..................................................................................................................... 11-1
11.1.2 Radius\RSA ACE Support .................................................................................................. 11-1
11.1.3 Remote Ping....................................................................................................................... 11-1
11.1.4 Break Sequence.................................................................................................................. 11-1
11.1.5 DNS Support...................................................................................................................... 11-1
11.1.6 In-band User Authentication ............................................................................................. 11-1
11.1.7 Remote Telnet .................................................................................................................... 11-2
11.1.8 Point to Point (PPP).......................................................................................................... 11-2
11.1.9 Syslog Messages ................................................................................................................ 11-2
12
12.1
12.2
12.3
12.4
13
13.1
REPORTS .................................................................................................................................... 12-1

AUDIT TRAIL .............................................................................................................................. 12-1
STATUS REPORT ......................................................................................................................... 12-1
MODIFY REPORT SETTINGS ........................................................................................................ 12-1
RESET AUDIT TRAIL ................................................................................................................... 12-1
MAINTENANCE ........................................................................................................................ 13-1
BATTERY REPLACEMENT ............................................................................................................ 13-1
APPENDIX A
V.32 AT COMMANDS BY FUNCTION...................................................................B
APPENDIX B
V.32 SPECIFICATIONS.............................................................................................D
14
APPENDIX C V.32 MODEM DEFAULTS.................................................................................E
15
APPENDIX D V.32 S-REGISTER DEFAULTS............................................................................ F
16
APPENDIX E V.32 AT COMMAND SUMMARY ...................................................................... G
17
APPENDIX F V.32 S-REGISTER SUMMARY ............................................................................L
18
APPENDIX G
V.32 RESULT CODE SUMMARY .................................................................M
19
APPENDIX H
V.32 MULTI-TECH SYSTEMS' ESCAPE METHODS INTRODUCTION O
20
APPENDIX I FCC, DOC, AND BABT INFORMATION ......................................................... Q
21
APPENDIX J V.90 MODEM AT COMMANDS, S-REGISTERS & RESULT CODES ..........T
Table of Figures
FIGURE 5-1UNIGUARD, FRONT .................................................................................................................... 5-1
FIGURE 5-2 UNIGUARD V34 REAR
UNIGUARD REAR ........................................................................... 5-3
FIGURE 5-3 CABLING ................................................................................................................................... 5-3
FIGURE 5-4 WALL MOUNTED POWER SUPPLY ............................................................................................. 5-4
1-5
Regulation Compliance, Export Restrictions, Copyright Notice, Warranty and

Disclaimers
A.1 Regulation Compliance
This equipment complies with part 15 of the FCC rules and does not exceed the class B limits for radio
noise emissions from digital apparatus as set out in the Department of Communications standards,
ICES-003. On the outside surface of this equipment is a label that contains, among other information,
the FCC registration number and ringer number (REN). If requested, this information must be provided
to the Telephone Company.
The ringer equivalence number (REN) is used to determine the quantity of devices that may be
connected to the telephone line. Excessive RENs on the line may result in the devices not ringing in
response to an incoming call. In most areas the sum of the RENs should not exceed five (5).
NOTE: Regulations and Compliance for the Modem contained in this product will be found in
appendix H
WARNING: Changes or modifications to this unit not expressly approved by the party responsible for
compliance could void the user's authority to operate the equipment.
A.2 Export Restrictions

This device contains cryptographic DES integrated circuits.
Devices containing these circuits are subject to US Federal Government controls and are covered under
Title 22, Code of Federal Regulations, part 121 through 128. These devices may not be exported from
the Continental United States without proper export license.
A.3 Copyright Notice

This equipment and all software and firmware are the copyright property of Communication Devices Inc.,
Boonton, NJ 07005 USA, 1996 with all rights reserved. The information contained in this manual is
considered proprietary to Communication Devices Inc. And is intended for the exclusive use of the original
purchaser of the equipment.
A.4 Warranty
Communication Devices Inc. warranties to the original purchaser that these devices are free from
defects in material or faulty workmanship, in normal use for a period of one (1) year from the date of
purchase.
This warranty is limited to repair or replacement at the option of Communication Devices Inc., of any
defective part or component which within one (1) year of the original purchase is determined by
Communication Devices Inc. to be defective. All warranty repairs will be made at Communication
Devices Inc.'s Main factory in Boonton, NJ 07005..
A.5 Disclaimer
While extreme care has been taken in the preparation of the design, software, firmware, hardware and
documentation, no liability is accepted by Communication Devices Inc. for loss of profits or any other
incidental, special or consequential damage suffered by the purchaser, even if Communication Devices Inc.
has been advised of the possibility of such damages, nor for the claim against the purchaser by any other
party.
Differences between UniGuard V.34 and UniGuard V.90
The UniGuard V.34 contains a V.34 modem and the UniGuard V.90 contains a V.90 modem. The V.90
modem incorporates both the newer ITU-T V.90 and the older K56flex protocols. Using either of these
protocols, Internet service providers (ISP) can send data down stream to a computer at 56K bps speeds
because the data normally is converted from digital to analog only once before it reaches the modem.
Upstream transmissions and transmissions between client modems are limited to data rates of 33.6K bps, as
are downstream transmissions that are converted more than once on the telephone network.
The front panel LED displaying the speed of the V.90 modem is different than the V.32 modem
Some of the AT commands are different for the V.90.
1-7
General
The UniGuard is a member of the extensive CDI product line of authentication and encryption devices for
dial accessible systems. The UniGuard V.34 and V.90 have been certified by NIST (National Institute of
Standard Technology) for ANSI X9.17, the unit has also been approved for FIPS 140-1. It is designed to
protect a single host system and has a database capacity of 150 users. The UniGuard V34 includes an
internal Multi-Tech modem. Except for the modem functions, all parameters apply to both units.
If you have a UniGuard V34, wherever your communications software or operating system provides for
modem selection, select "MultiModem MT2834ZDX". If this choice is not available, select "Standard
Modem".
If you have a UniGuard V90, wherever your communications software or operating system provides for
modem selection, select "MultiModem MT5634ZBA". If this choice is not available, select "Standard
Modem".
2.1
UniGuard Client (encryption)
A special case of the UniGuard (V34 or V90) is a UniGuard Client. This unit can perform most of the
encryption functions of the TDES-Modem. The TDES-Modem cannot be loaded from the DDM software
but the UniGuard Client can.
2.2
UniGuard Demand Dial Routing DDR
The UniGuard Demand Dial Routing is a special case of the UniGuard. It contains different hardware to
enable it to encrypt at higher speeds. The maximum data rate that can be encrypted is 56KBBS.
It can perform all the functions of the UniGuard.
2.3
Encryption
The UniGuard V34 and/or UniGuard V90 is an authenticator as well as an Encryptor and Modem contained
within one enclosure. The system provides Cipher Feedback, DES based encryption between a Remote
Unit. The system also provides for DES Key management in accordance with ANSI X9.17 for which CDI
has been certified by NIST (National Institute of Standard Technology).
Each UniGuard V34 and/or UniGuard V90 unit contains a unique ID and a private key.
2.3.1
Session Keys
Key management is CDIs NIST certified X9.17, where each session is transmitted using a different key.
When the UniGuard V34 and/or UniGuard V90 calls the Host, the called unit sends a tag indicating that the
calling unit has reached an X9.17 Unit. The calling unit then sends its ID. The called unit looks up the ID
of the calling unit in the database and if found, encrypts a new randomly generated key (the session key) in
the key of the caller and sends it to the calling unit. The calling unit decrypts the session key. Both units
will use this new session key for the duration of this transaction. At the end of the transaction (session) this
session key is erased.
This key management takes place transparent to both users.
2.4
Caller Authentication Access Control
Caller authentication access control is a method where only a number of select users can gain access to a
dial up system. Many schemes are available but after careful analysis they break down into three forms:
Challenge/Response with complete session Encryption, Challenge/Response with a Token and
Challenge/Response without a Token. A token is essentially an encryption/decryption key.
2.4.1
Challenge/Response with Encryption
Challenge Response with Encryption provides the highest degree of security. Once the user has logged on
with the User ID and Password, the entire session is encrypted. The user must have one of CDIs DES
(Data Encryption Standard) devices installed at the remote PC.
2-1
2.4.2
Challenge/Response with a Token
Challenge/Response with a Token provides the second highest degree of security. It is analogous to using
an ATM card in a bank machine. The Challenge is the request for a PIN number and the response is the
PIN number; the Token is the bank ATM Card. Neither the PIN number nor the Bank ATM Card alone will
allow access to the machine. CDIs Tokens provide a high level of security in that all information passing
to and from the caller and the system during the authentication process is encrypted in a unique key for
each session. The session itself, however, is not encrypted.
2.5
2.5.1
Types of Tokens
RSA SecurID Token
The RSA SecurID Token is a patented Token based on time. The Token contained a time clock together
with an encryption KEY. The KEY is used to encrypts the time, which is displayed in a window on the
token. The caller enters the encrypted displayed information when signing on. The system looks up the
Users Key and compares the encrypted information to the information generated by the system with the
Users Key. If a match is found the User is authenticated.
2.5.2
PC Token
The PC Token is a system developed by CDI that takes a virtual fingerprint of a caller's PC (or Laptop) and
uses this as a Encryption key (token) to encrypt and store the caller's private DES (Data Encryption
Standard) KEY on the PCs hard drive. When the caller dials up the UniGuard, the WinGuard software (a
TSR program running in the background on the user's PC) sends a user ID (usually the user's name) which
the UniGuard uses to locate the caller's private DES Key in its database. A one time session KEY is
encrypted with the caller's private DES Key and sent to the caller's PC. CDIs software takes over and
decrypts the session key and uses it to encrypt the user's password. The encrypted password is sent to the
UniGuard which decrypts the password using the session KEY and if a match is found the caller is
authenticated.
2.5.3
Soft Token
The Soft Token is contained on a 3.5-inch disk. It provides all the functions of the PC Token except that the
disk can be transported and used on any PC. In contrast, the PC Token is unique to a specific computer.
The floppy is copy protected.
2.5.4
Pager Token
The Pager Token application was developed to allow callers to use a device that they already have in their
possession: a pager.
When a Pager User calls, the system looks up the pager phone number associated with the caller's user
ID. A random number is generated, the pager number is dialed and the random number is sent. The caller
receives this random number on the pager, calls back the UniGuard and enters this number when requested
by the system. If the numbers match, the caller is allowed access to the system. The random number is
different for each session.
2.5.5
Challenge/Response without a Token
Challenge/Response without a Token (ID and/or Password alone) is similar to a telephone credit card call.
The Challenge is the request for the card and PIN number and the Response is to enter those numbers.
These can be entered without the caller actually presenting the physical credit card (token) to phone.
Anyone having knowledge of the credit card number and PIN number can place calls.
Other versions of Challenge/Response without Tokens are ID and password with dial back access. A
remote caller's ID and password along with the caller's telephone number is stored in the UniGuards
database. A remote caller places a call and sends an ID and password when prompted. If the ID and
password is valid, the caller is disconnected and the UniGuard initiates a call to the phone number listed in
the database.
This method only insures that the caller has knowledge of the ID and password.
There is no TOKEN in this scheme to positively insure that the remote caller is actually the
authorized remote user and not a Hacker.
2.6
Typical Session
After the UniGuard has been configured with user profiles, a typical session would be as follows:
A. A Caller dials into the UniGuards modem port.
B. The UniGuard sends the (optional) primary message (which can be anything the system supervisor
wants it to be)
Example: Welcome to the Acme Widget Company. This is a closed
and private network. If you do not belong on this network please
disconnect. Attempting to break into this network can get you into
serious trouble.
If you need to talk to a security officer, call 800 555 0000.
The system then prompts: Enter User ID>

Upon receipt of the caller's ID, the System determines the type of user and proceeds as follows:
2.6.1
PC Token or Soft Token Caller with Password
The caller is identified as a Token user by the ID.

The same password entered into the UniGuards database will have been entered into the CDI WinGuard
software package located in the caller's PC.
Using a random key generator, UniGuard issues a session key and encrypts it with the private DES
(Data Encryption Standard) key located in the caller's PC Token and sends it to the caller's PC.
The WinGuard software passes the encrypted session key to the PC Token where it is decrypted and used
to encrypt the caller's password. The PC Token passes the user's password that has been encrypted in the
current Session Key back to WinGuard which sends it to the UniGuard system. UniGuard receives this
and decrypts the password. If a match is found, the caller will be authenticated.
All data that pertains to authentication has been transmitted in encrypted form using a unique session key.
At no time is the PC Token Key or the Session key visible or stored in the PC or WinGuard software.
Each time a PC Token user accesses the system the data is encrypted in a new, unique session key. This
takes place behind the scenes without the caller's intervention (key strokes).
2-3
2.6.2
Non Token Callers
If the caller is not a token user the (optional) secondary message (which is composed by the supervisor)
will be sent to the caller:
Example: We anticipate the computer being down for a disk
maintenance from Friday 11/19 at 16:00 through Saturday 11/20
at 14:00. If you need further assistance call 800 555 0001.
The system then prompts: Enter password>

NOTE: If the password is incorrect, the user will again be prompted for his user ID. After 3
incorrect attempts the UniGuard will terminate the call.
During the logon process the UniGuard will determine what type of user is calling.
If the password is correct and the user is:
A.
Secure Call through User, the UniGuard will connect the user to the host computer.
B. Secure Call through User with Encryption User, the UniGuard will authenticate in the same manner as a
Call through User. The UniGuard will then encrypt the entire session in conjunction with the user's remote
DES device.
C. A Roving User, the UniGuard will send a request for the number at which the roving user can be
reached. After hanging up, this number will be dialed and will connect this user to the host computer. At
the completion of the session the dialed number will be deleted from memory. If the Roving user enters a
Return for the phone number, the system will use the default number stored in the database.
D. A Call Back user, the system will look up the phone number in memory. This number will then be
dialed and the user will be connected to the host computer.
E. A Pager User, the UniGuard will disconnect and dial the user's pager and insert a random generated
number. When the user calls back, re-enters the ID and enters this number correctly at the prompt,
connection to the host will be established.
All transactions, including the user ID, time, date and action will be placed into the Audit trail.
2.7
Host Accessing a Modem
If the modem is not busy with a call (Carrier not high), the Host can access a modem and use this modem to
place a call or check its configuration or anything else one can do with a modem.
Access to a modem is accomplished by keying in an AT [CR][LF]. The initial AT will not be visible on
the Host terminal but the OK response from the modem will be.
2.8
AES (Advanced Encryption Standard)
The Advanced Encryption Standard (AES) is an encryption algorithm securing sensitive
but unclassified (SBU) material by U.S. Government agencies and, as a likely
consequence, may eventually become the de facto encryption standard for commercial
transactions in the private sector.
In January of 1997, a process was initiated by the National Institute of Standards and
Technology (NIST), to find a more robust replacement for the Data Encryption Standard
(DES) and to a lesser degree Triple DES. The specification called for a symmetric
algorithm (same key for encryption and decryption) using block encryption of 128 bits in
size, supporting key sizes of 128, 192 and 256 bits. The algorithm was required to be
royalty-free for use worldwide and offer security of a sufficient level to protect data for
the next 20 to 30 years. On October 2, 2000, NIST announced that Rijndael (pronounced
"rain doll" or "Rhine Dahl") had been selected as the proposed standard. On December 6,
2001, the Secretary of Commerce officially approved Federal Information Processing
Standard (FIPS) 197, which specifies that all sensitive, unclassified documents will use
Rijndael as the Advanced Encryption Standard.
2-5
Using the RSA SecurID Token
3.1
RSA SecurID Token Types
RSA SecurID provides a variety of Tokens. Displayed above are (1) The PINPAD, (2) The Hardware
Token, (3) The Key Fob and (4) The Palm Computing Platform.
3.2
Login In
The UniGuard, Port Authority or other CDI authentication device, requires entering a valid PASSCODE
before allowing you access to a protected computer. The PASSCODE is made up of two elements that only
you should be able to supply:
Your secret PIN, and the code currently generated and displayed by the SecurID card assigned to you.
3.3
Connecting to the Access Control Module
Before any login data can be entered and authenticated, you must be able to communicate with the
UniGuard, Port Authority or other CDI authentication devices. It works with the communications
equipment already installed for your host system. This means you can dial up the host system and connect
to it the way you did before the UniGuard, Port Authority or other CDI authentication device, was installed.
Once you have contacted the UniGuard, Port Authority or other CDI authentication devices, press the
<Return> key (sometimes-labeled Enter or CR) once or twice, until the following appears:
3.3.1
Enter Passcode:
This prompt means the UniGuard, Port Authority or other CDI authentication device, is ready to
communicate.
3.3.2
Getting Your PIN
On some systems users will be assigned PINs generated by the UniGuard, Port Authority or other CDI
authentication device, (which is preferable for security), while other systems let each cardholder make up
his or her own. Ask your security administrator which is the case with your system. In either situation your
status is of a first-time cardholder without a PIN.
If the system lets you only receive a PIN, read the next subsection, Receiving a System-Generated PIN.
If the system has you make up (that is, create) your own PIN, skip over the next subsection to the one
following, called Make Up Your Own PIN.
3-1
3.3.3
1.
Receiving a System-Generated PIN

At your terminal keyboard (provided no one else can see your screen), press <Return>. The
system will prompt you to enter a PASSCODE.
2.
At the Enter PASSCODE prompt, type a delimiter like a frontslash (/) or comma (,) followed by
the serial number on the back of your card (the numbers only, not any preceding letter).
Conclude with another delimiter. But dont press <Return>.
(Delimiters are a separator character between two strings of numbers. Other permissible ones are listed
in the upcoming Logging In subsection. Note that the leading delimiter is essential when the system
is set for varying length PINs. In a fixed length PIN system, leading delimiters are optional.)
3. Now type the cardcode currently displaying on the LCD.
Type carefully, and dont enter anything but the cardcode, even though you were asked for a
PASSCODE. This is what you do whenever your card is in new PIN mode, as it is now.
PINPAD cardholders: First clear your cards display by entering any digit and pressing the P on the
lower right. Wait; and then type in the new code that next displays in the LCD.
3.4
Example
If you have a card with s / n 0123456 and the display is currently showing cardcode 956283, you would
type:
3.5
/0123456/956283
As you type, you will not see the data you enter; for security, the characters are displayed as asterisks
(*). If you can delete with Delete or Backspace key.
Press <Return>.
The UniGuard, Port Authority or other CDI authentication device, will display, if your input was valid:
If You Respond in the Affirmative, You Will Have Ten Seconds To Memorize Your New PIN
Are You Ready To Receive Your PIN? (y/n):
If incorrect information gets entered, the system displays
Access Denied
Try again.
If no one else can see your screen, type `y`.
Answer yes only if no one else can see your screen. Otherwise type `n`, to cancel the operation and
leave your card in new PIN mode.
The system will treat the login as if it were unsuccessful and redisplay Enter PASSCODE. Wait until
this terminal is more private or go find one that is.
Once you type, your new PIN will be displayed:
PIN: 3149
It will be onscreen for 10 seconds.
Memorize your new PIN. Dont write it down.
If you memorize your new PIN before the 10 seconds are up, press <Return> to remove it from view.
Once you respond to the new PIN prompt and your PIN is displayed, theres no way in this session to
view it again or to receive another PIN. If you forget the new PIN, you must notify your security
administrator that you need to be put back into PIN mode and repeat this transaction.
After the PIN disappears, youll be prompted to enter a real SecurID PASSCODE (which is your PIN
followed by your cardcode---in this case separated by a delimiter like`/` if the systems PIN length is
set to be variable).
Wait for your cardcode to change. You are now ready to log in with your new PIN.
Turn to the Logging In subsection next that applies to your card type, standard or PINPAD.
Important: Do not reveal your PIN to anyone. Memorize it; dont write it down. Even if the system
generates a PIN for you, only you will know what it is. Nobody, not even the system administrator,
can obtain your PIN except from you.
It is your responsibility to protect its secrecy.
If your SecurID card is ever missing, or if for any reason you feel someone knows your PIN, report
it immediately. The security administrator can disable the card or issue a new PIN immediately, and
can watch for unauthorized attempts at access.
3.5.1
Making Up Your Own PIN

If your administrator tells you that you can create your own PIN, instead of the system generating
one for you, follow the steps in this subsection. Before proceeding, make sure your administrator
has told you also how long your PIN can be and whether it can include letters or must be all digits.
Give some thought beforehand to what your PIN will be:
Dont make up an obvious one like your address, birthday, or phone or office number. Such a PIN
has potential to compromise system security. Dont start with zero, either. (A zero may be used
anywhere else.) If the system allows alphanumeric PINs, you may include A-Z/a-z. Such PINs are
not case sensitive: À` is the same as à`. Symbols (+, #, *, etc.) are not valid. Unless the system
is set for all PINs to be the same length, you may make up one from 4 through 8 characters.
1.
At your terminal keyboard (provided no one else can see your screen), press <Return>.
The system will prompt you to enter a PASSCODE.
2.
AT the Enter PASSCODE prompt, type a delimiter like a frontslash (/) or comma (,)
followed by the serial number on the back of your card (the numbers only, not any preceding
letter). Conclude with another delimiter, but dont press <Return>.
(Delimiters are a separator character between two strings of numbers. Other permissible ones are
listed in the upcoming Logging In subsection. Note that the leading delimiter is essential when
the system is set for varying length PINs, which is the shipment default in this release. In a fixed
length PIN system, leading delimiters are optional.)
3.
Now type the cardcode currently displaying on the LCD.

Type carefully, and dont enter anything but the cardcode, even though you were asked for a
PASSCODE. This is what you do whenever your card is in new PIN mode, as it is now.
PINPAD cardholders: First clear your cards display by entering any digit and pressing the P on
the lower right. Wait; and then type in the new code that next displays in the LCD. (There is more
on PINPAD cards in later sections.)
Example
If you have a card with s / n 0123456 and the display is currently showing cardcode 956283, you
would type:
3-3
/0123456/956283
As you type, you will not see the data you enter; for security, the characters are displayed as asterisks (*). If you can delete with
Delete or Backspace key.
Press <Return>.
If your input was valid, the UniGuard, Port Authority or other CDI authentication device, will
display:
Enter New PIN
If your input was NOT valid, the system displays
Access Denied
Try again.
Assuming no one else can see your screen, type the PIN you would like to have.
What you type will not be displayed.
To confirm the PIN, the UniGuard, Port Authority or other CDI authentication device, will ask
you to re-enter it.
If the two entries match (and the PIN is acceptable to the system), it will acknowledge that the
new PIN transaction has been completed.
There are a few more restrictions on what PIN types are allowed, so if the PIN you made up is not
accepted, you will receive an error message, and must create a different one.
When your PIN is accepted and a new code appears an your SecurID card, you are ready to log in to
the system using a real SecurID PASSCODE (which is your PIN followed by your cardcode-in this
case separated by a delimiter like `/` if the systems PIN length is set to be variable). To find out how,
read the Logging In subsection that applies to your card type, standard or PINPAD.
3.6
Logging In with a Standard (Non PIN PAD) Card
3.6.1
Logging in with a Standard Card

If you have a standard (non-PINPAD) card, follow these steps.
1.
At the Enter Passcode prompt, type your PIN. Do not press <Return>.
If your PIN contains letters, they can be entered upper-or lowercase:
à` is the same as À`.
2.
Type in a delimiter; still do not press <Return>.

As mentioned, delimiters really are required only with varying length PIN systems (the default);
theyre optional in systems with fixed length PINs. Your administrator will tell you what the
situation is.
3.
Type the code currently displayed in the LCD of your SecurID card.
For example, if your PIN is 20140c and your card is currently displaying 2599343, the procedure
up to this point could go like this:
Enter PASSCODE: 20140c,2599343
[The numbers dont actually appear]
If the PASSCODE contains letters, as with a hexadecimal card, they can be entered in either
upper-or lowercase: à` is the same as À`.
4.
Now press <Return>.

Once you enter a valid PASSCODE, a confirming message will appear if no one was set by your
administrator, saying that you can access the system. The host-computer prompt will appear in any
case, indicating a successful login.
You are ready to use the host system just as you usually do. If you enter an invalid data, the
system will display:
Access Denied
Try again. Usually you have three chances, although this is administrator-settable. Use the Delete
or Backspace key as necessary.
For security, once accepted, a SecurID PASSCODE cannot be reused. If you log out and try to log
in again before the cardcode changes, you wont succeed the second time and will have to wait
until it does change.
3.7
Logging in with a PINPAD Card

If you have a PINPAD card, follow these steps:
1.
Enter your PIN into the card by pressing the keys along the bottom. Then press the
diamond below the keys.
Make sure the LCD cannot be viewed by anyone else.
The code generated by the card and showing in the LCD is your PASCODE, your PIN hidden
within it.
2.
At the terminal keyboard, type a delimiter. Do not press <Return>.

As mentioned, delimiters really are required only with varying length PIN systems (the default);
theyre optional in systems with fixed length PINs. Your administrator will tell you what the
situation is.
Permitted delimiters include:
Comma [,], frontslash [/], backslash [\], space, tab [TAB], colon [:], semicolon [;], plus sign [+],
minus sign/hyphen [-], pound/ space sign [#], asterisk [*], vertical bar [ | ].
3.
Type the 6 8 digit serial number on the back of your card, concluding with another
delimiter; still do not press <Return>.
4.
Then type the PASSCODE currently displayed in the LCD of your SecurID card.
As an example with card 1987654: Type your PIN into the PINPAD, press the diamond, and
observe the cardcode to, say 5368127
At your keyboard, at the Enter PASSCODE prompt, type:
/1987654/5368127 [the screen displays only asterisks]
If the PASSCODE contains letters, as with a hexadecimal card, they can be entered in either
upper- or lowercase: à` is the same as À`. If you mistype, you can delete with the Delete or
Backspace key.
5.
Now press <Return>.
3-5
Once you enter a valid PASSCODE, a confirming message will appear if no one was set by your
administrator, saying that you can access the system. The host-computer prompt will appear in any
case, indicating a successful login.
You are ready to use the host system just as you usually do. If you enter an invalid data, the
system will display:
Access Denied
Try again. Usually you have three chances, although this is administrator-settable. Use the Delete
or Backspace key as necessary.
For security, once accepted, a SecurID PASSCODE cannot be reused. If you log out and try to log
in again before the cardcode changes, you wont succeed the second time and will have to wait
until it does change.
Note: As you should be clear from the preceding sentences, the next few codes displayed in the
LCD may be valid PASSCODEs. So as soon as youve logged in, clear your card by pressing the
P key. If you didnt and someone else got hold of the card during this time, he or she might be able
to use it to log in and gain access as you.
The Next Code Prompt
Sometimes after youve typed your PASSCODE correctly, the system may still ask you to enter
the next cardcode that comes up:
Please Enter the Next Code Displayed on Your Card.
Next Code:
Standard cardholders
Wait until the cardcode changes, then go ahead and carefully type it in, followed by <Return>. Do
not enter your PIN. Now you should be able to gain access.
PINPAD cardholders
Wait until the time indicator stack counts down and reappears at full height. Then re-key your
PIN into the card, press the diamond (not the P), and type this second PASSCODE, followed by
<Return>. Now you should be able to gain access.
This request is not necessarily due to an error on either your part or the UniGuard, Port Authority
or other CDI authentication device; its a step in the systems evasive action strategies. The
prompt also may appear if your card hasnt been used to log in for a few weekends or more.
3.8
Logoff
To log off from an UniGuard, Port Authority or other CDI authentication devices - protected
system, it is essential to system security that you follow your usual good logoff procedures. The
security exposure that results from a users failure to log off properly is quite serious and renders
the computers system vulnerable to attack. Such a user breach creates a route into the system
security measures.
If you have any uncertainty about what the proper procedure is for a clean session termination and
communications disconnect, see your system administrator.
System Reports and Defaults
The report section provides information for the systems manager on the use of the system. The statistics
provided by these reports are useful when attempting to estimate hardware requirements for future similar
systems.
The report section also provides an Audit Trail, Trouble Report and a number of reports pertaining to
various types of Users and their access to the system.
NOTE: Some of the reports and use of Tokens are covered by CDI Patents or Patent Pending.
4.1
Defaults
The system is asynchronous, defaulting to 9600 baud, with 8 data bits, no parity, one stop bit and port
security enabled. The unit is capable of operating at speeds (limited by the modem) up to 33.6K baud. For
non-encrypted use, the host port can be set as high as 57.6K baud. For encrypted use it should not be set
higher than 19.2K baud. Any speed above 19.2K Baud will yield a data rate of about 22K.. Operation,
including key management is totally transparent to the user.
4.1.1
HOST/Link Port Defaults
The data structure of the HOST port defaults 9600 baud, 1 Start Bit, 8 Data Bits, no Parity and 1 Stop Bit.
The data structure of the linke port is fixed at those parameters. This is configured through the DDM
Distributed Database software.
4.1.2
Modem
The data structure of the Modem defaults to the same as the HOST Port: 1 Start Bit, 8 Data Bits, no Parity
and 1 Stop Bit. This is configured through the DDM Distributed Database software.
4.2
Getting Started
The UniGuard unit MUST be delivered to the Security Officer. He or she will have the responsibility of
maintaining the database and initially loading the user parameters. This is configured through the DDM
Distributed Database software.
4-1
4-1
Displays
Figure 5-1UniGuard, Front
5.1
Displays
The unit contains 4 LEDs located on the Front panel. They are DTR, DCD, BYPASS, and POWER.
5.2
LED Functions
5.2.1
DTR LED (Data Terminal Ready)
The DTR LED is yellow and is in the ON condition when the device is connected to a host device that has
DTR in the active (ON) state.
5.2.2
DCD LED (Data Carrier Detect)
The DCD LED is yellow providing dual functions;

When DCD (Carrier) from the modem is in the ON condition the LED will blink (during logon). When the
caller is authenticated the LED will be ON (steady).
5.2.3
Bypass LED
The Bypass LED is red and provides a dual function.

NOTE: This LED will only function if the Authentication switch is enabled in the System Options
setup. This is configured through the DDM Distributed Database software.
When the Authenticate Enable/Disable switch is placed in the Disable (down) position the Bypass LED
will blink for approximately three (3) seconds. During this time if the Enable/Disable switch is placed
back into the Enable (up) position the Default Link Password (which is password) and the default
Seed Key will be installed.
If the Enable/Disable switch is left in the disable position the Bypass LED will be in the ON position
(not blinking) after the three (3) second period (if switch is Enabled).
NOTE: When the Authentication Enable/Disable is in the Disable position (down), the UniGuard provides
NO PROTECTION. Callers will have direct access to the host through the modem.
5.2.4
Power LED
The Power LED is green and will be in the ON condition when the wall mounted supply is properly
connected to the unit and the power switch is in the On position.
5.3
Modem LED Functions (V34 ONLY)
The Front Panel also contains 10 smaller LEDs for the Modem Functions. They are Tx, Rx, DCD, 28, 14,
96, OH, DTR, EC and FX.
5.3.1
Tx LED
The Tx LED is illuminated when the modem is transmitting.
5-1
5.3.2
Rx LED
The Rx LED is illuminated when the modem is receiving data.
5.3.3
DCD LED
The DCD LED is illuminated when the modem detects a valid carrier signal from another modem.
5.3.4
28 LED
The 28 LED is illuminated when the modem is set for 28,800 BPS operation. Unless another baud rate is
selected and stored, the 28 LED lights when the modem is powered. The 28 and 14 LED's both will be
illuminated when the modem operates at 26,400, 24,000, 21,600, 19,200 or 16,800 BPS.
5.3.5
14 LED
The 14 LED is illuminated when the modem is set for 14,400 BPS operation. The 14 and 96 LED's will
both be illuminated when the modem is operating at 12,000 BPS.
5.3.6
96 LED
The 96 LED is illuminated when the modem is set for 9,600 BPS operation. No Speed LED will be
illuminated when the modem operates below 9600 BPS.
5.3.7
OH LED
The OH LED will be illuminated when the modem is off-hook, which occurs when the modem is dialing,
on-line, answering a call or busied out. The LED will flash when the modem pulse dials.
5.3.8
DTR LED
The DTR LED will be illuminated when the UniGuard initializes the internal modem. It is on all the time
in the UniGuard-V34. Actual DTR is indicated by the yellow DTR LED on the UniGuard display.
EC LED
5.3.9
The EC LED will be illuminated when the modem is in the error correction mode. It will flash on and off
when compression is activated.
5.3.10
FX LED
The FX LED will be illuminated when the modem is in the fax mode.
NOTE: When the modem is first powered the speed LEDs flash briefly as the modem performs a self test,
then the LED for the default baud lights.
5.4
Differences in V.90 Modem LED Functions
The differences in the modem LEDs are all in the numbered LEDs
5.4.1
56 LED
The 56 LED is illuminated when the modem is set for or connects using either K56flex or the V.90 protcol.
The actual connection speed depends on ISP server capabilities and line conditions
5.4.2
33 LED
The 33 LED is illuminated when the modem connects using the V.34 protocol.
5.4.3
14 LED
The 14 LED is illuminated when the modem connects using the V.32bis protocol.
5.5
UniGuard Connectors
The connectors, Host, Link, TELCO and Power are located on the back panel of the unit. (V34)
For standard UniGuard, the ports are Modem, Host, Link and Power. For Units containing an IP interface
the LINK Port is labeled NETWORK and contains the 10BASE-T Interface.
Communic ation Devices Inc. Clifton, NJ 07011
HOST
LINK
Communication Devices Inc. Clifton, NJ 07011 Made in USA
Mad e in USA
TELCO
Modem
17.5 VAC CT
Figure 5-2 UniGuard V34 Rear
Host
Link
17.5 VAC CT
UniGuard Rear
NOTE: There is no currently accepted standard for RJ45 connectors. Therefore, CDI cables and
adapters MUST be used in all interfaces with CDI equipment.
5.5.1
Host Port Connector
The Host connector is a RJ45 receptacle. This should be connected to the Dial in port of the host device
being protected by authentication. There are different types of connectors and cables depending on the
application.
5.5.2
Link Port Connector
The Link port connector is also a RJ45 female. This port is used to load set up parameters into the
UniGuardV34 through the DDMs serial port connector. . For Units containing an IP interface the LINK
Port is labeled NETWORK and contains the 10BASE-T Interface.
5.5.3
IP Port (10BASE-T)
. For Units containing an IP interface the LINK Port is labeled NETWORK and contains the 10BASE-T
Interface.
5.5.4
TELCO (V34) or Modem (Std) Connectors
The Telco port connector is an RJ11 receptacle. This should be connected directly to the Phone Company
line with the cable provided. On the standard UniGuard, the Modem port connector is an RJ45 receptacle.
This should be connected to an external modem with the cable and adapters provided.
5.5.5
Cabling
DB9 or DB25 to
RJ45 Ada ptor
RJ45 Receptac le
RJ45 Plugs
RJ45/RJ45 four feet.
To Host/Link Devic e
To UniGuard Host Port

RJ45 Receptac le
Figure 5-3 Cabling
5-3
2.5.4.1
Host Port and Link Port Cable and adapters
Two (three with STD unit) four foot, 8 pin Silver Satin cables with an RJ45 male plug on each end are
supplied. One is for connection to the Host port of the UniGuard and the Dial in port of the host device
being protected using (usually) the RJ45/DB25M connector. The other is for connection between the link
port of the UniGuard and the RS-232 port of the link terminal (The third with the standard unit is for
connection to the serial port of a modem). Use the included adapters as required by the specific installation.
A standard TELCO cable (V34) containing an RJ11 male plug on one end and an RJ11 male plug on the
other for connection between the Telephone line and the TELCO port of the unit is included.
2.5.4.2
Host and Link Port Interface
DCE Pinouts
1
Pin
Function
DSR
CTS
GND
RX
TX
DCD
RTS
DTR
RJ45 (Plug)
Cable Head
RJ45 (8 pin modular) socket connector
5.5.6
Wall Mounted Power Supply
The UniGuard is delivered with a wall mounted power supply

containing a MiniDIN 3 pin male plug for insertion in the
MiniDIN 3 pin female connector on the unit. The unit will be
supplied with the proper wall plug and voltage for the country
in which the unit will operate. The output of the supply is
17.5Vac CT @ 500 ma.
Wall Mounted
Power Unit
DIN Power
Connector
Figure 5-4 Wall Mounted Power Supply
5.5.7
1.
2.
3.
4.
5.
6.
Installation
Power connection. Connect the MiniDIN connector from the Wall Mounted Power Supply to
the MiniDIN connector on the rear of the UniGuard labeled 17.5VAC CT.
Telephone Line connection. For UniGuardV34 units, connect the RJ11 cable from the
TELCO connector to the Telephone line.
Modem connection. For UniGuard units (without self-contained modems) connect the RJ45
cable connector to the port on the rear of the UniGuard labeled Modem and the other end to the
data port of the modem.
Host Port connection. Connect the RJ45 cable with appropriate adapter from the Host port on
the rear of the UniGuard to the proper port on the Host.
Link Port. The Link port is used to Link other UniGuards.
I/P Port. . For Units containing an IP interface the LINK Port is labeled NETWORK and contains
the 10BASE-T Interface.
UniGuard Rack Adaptor Kit
The UniGuard Rack Adaptor Kit will provide a method of mounting up to four (4) UniGuards (any type of
UniGuard) in a standard 19-inch Rack cabinet. The Kit consists of an 18.95 inch wide by 1.72 inches in
height panel together with two mounting plates. The plates are used as spacers to allow the assembly to
align up with other equipment in the rack.
18.95 in..
1.72in.
Rack Panel Part # 01=02-0790
Material: 18996 AL EXTRUSION
Plate (2) to accommodate mounting screws
Figure 6-2 UniGuard with front

panel and Bezel removed
6.1
Figure 6-1 UniGuard Expansion kit drawing
Preparing the UniGuard
To mount any version of UniGuard, the front panel and bezel must be removed. This will result in the
internal RAM information being erased.
6.2
Mounting a UniGuard in the expansion panel,

1.
2.
3.
Figure 6-3 One UniGuard mounted in the

panel plus a 2nd UniGuard ready to be
mounted
4.
5.
Remove the front panel and bezel by

removing the front two (2) screws.
Place the UniGuard, less the front panel
and bezel behind the Kit panel with the
screw holes aligned with the holes in the
UniGuard.
Place the UniGuard front panel on the
expansion panel aligning it with the
UniGuard and the mounting holes and
screws the UniGuard front panel on the
assembly.
The Bezel is not required but should be
stored for use later if the unit is removed
from the expansion panel.
The UniGuard RAM must be reloaded.
6-1
Configuring the UniGuard
UniGuards can be configured using the DDM Distributed Database Manager software supplied by CDI.
The configuration also includes the loading of encryption Keys.
A special case of the UniGuard (V34 or V90) is a UniGuard Client performs the same full encryption as the
CDI TDES Modem. Any UniGuard V.34 or V.90 can be configured as a UniGuard Client from the DDM
software.
The DDM software can also set up and extract the various reports.
7-1
UniGuard Parameters
8.1
Loading Parameters
The loading of parameters will be made from the DDM Distributed Database software as a dial up
connection or serial port connection.
8.2
User Functions
The User Functions will be made from the DDM Distributed Database software as a dial up connection or
serial port connection.
8.2.1
Add Users
Users (up to 150), including all their parameters, can be added.
8.2.2
User ID
The User ID. This can be up to 10 characters in length and is usually a name by which the user wishes to be
identified.
8.3
Type of User
The type of user is entered. Options are Call Back, Roving, Secure Call Through, Secure Call Through
w/Encryption, Pager, Token, Calculator, RSA SecurID.
8.3.1
Call Back User
A Call Back User will be prompted to enter the ID and password. If valid, the UniGuard will hang up and
dial the fixed call back number connecting the user to the system. The call back number for a user can
contain up to 30 digits. This is the number that will be called once a user has been authenticated.
8.3.2
Roving User
A Roving User is treated the same as a Call Back user with the exception that the call back number is a
variable that the user is prompted to enter. The user will be prompted to enter the ID, password and the
number (up to 30 digits) for UniGuard to call back. (This number will be deleted at the completion of the
call). Once the ID and password have been authenticated, the UniGuard will hang up and dial the entered
phone number.
A default phone number should be entered during setup that the roving user can select by entering a [CR]
when prompted for the location number. If the user presses [CR] the call is treated exactly the same as with
a Call Back User.
8.3.3
Secure Call Through User
A Secure Call Through User will be prompted to enter the ID and password and the UniGuard will
acknowledge the caller as a Secure Call Through User and allow direct access to the system.
8.3.4
Secure Call Through User w/Encryption
This type of user will call using a CDI DES-Modem or DES-Guard Encryptor and/or a UniGuard V34 or
V90. Configured as a UniGuard Client via. the DDM software. (These are CDI remote encryption devices:
With one of these devices installed, the entire transaction between the remote and host systems can be
encrypted).
The following two-stage process takes place between a remote CDI Encryptor and the central site
UniGuard device.
8-1
The caller will enter the User ID in the same manner as a Secure Call through User. If the user ID is in
the UniGuard database, the remainder of the session including the Password will be encrypted.
The user's DES (Data Encryption Standard) unit contains a unique 6 digit Unit ID plus a 16 HEX
Character X9.17 Private KEY* (also referred to as a Seed Key). When the User ID has been processed,
The UniGuard will send a CSM (cryptographic service message) tag to the remote (callers) encryption
device requesting its 6-digit unit ID.
The remote encryption unit replies by sending its 6 digit ID to the UniGuard.
The UniGuard looks up the caller's ID in its database and generates a random session KEY. It then
encrypts this key using the remote callers private (x9.17) KEY and sends this session KEY to the
caller.
The remote caller's unit decrypts the session KEY and the two units will use this KEY for encrypting
this session.
UniGuard will then request the User Password. If the Password is valid the session can proceed.
At the end of the transaction the session KEY will be deleted.
All transmission with the exception of the caller's 6 digit ID is encrypted.
NOTE: If the private key and/or 6 digit unit ID is not the same as defined in UniGuards database, the call
will be dropped.
*If Triple-DES is enabled the Private Key will consist of three 16 digit HEX character keys.
8.3.5
Pager User
A Pager User will be prompted to enter the ID. The UniGuard will drop the call and generate an 8 digit
random number. The UniGuard will then call the user's pager number and send the random number to the
Pager Company, which will then display the number on the user's pager. Upon receipt of this number, the
user will re-dial the UniGuard and re-enter the ID when prompted. UniGuard will then prompt to enter
number on pager. If the numbers match, access will be provided to the host computer.
When a Pager user is added, the Pager Number can be up to 30 digits (9,1800,5555555,,,,,)
Each comma (,) will insert a 2 second pause to allow the paging system's voice response to send the "Please
enter your phone number at the tone" prompt. Paging systems vary in the amount of delays required. It is
suggested a string of 5 commas be placed at the end of the pager number. Add or subtract commas as
required to customize the call for the pager system being accessed.
8.3.6
Token User
The remote PC of a Token User will have WinGuard (a TSR program that runs in the background)
software installed. A PIN number will be requested by the Token when WinGuard is started to be sure
that the user and not someone else is using the PC to access UniGuards host.
Once the correct PIN is entered, all authentication transactions between the UniGuard and the Token
equipped remote take place encrypted, behind the scenes and invisible to the user. The token key is entered
into UniGuard using the same format as the X917 private key for an Encrypted user. A one time session
KEY is encrypted with the remote caller's private DES Token Key and sent to the remote PC. CDIs
software takes over and decrypts the session key and uses it to encrypt the user password. The encrypted
password is sent to the UniGuard which decrypts the password using the session KEY and if a match is
found the caller is authenticated.
It should be noted that once issued, the private DES Token Key and PIN number cannot be changed by the
user. If a change is desired, a new Token will have to be issued.
8.3.7
Calculator Token User
A Calculator Token User is a variation of the Token User. The system allows for two types of Calculator
Tokens: A DPI Calculator or a Cryptocard Calculator Token. These tokens differ only in their internal
encryption algorithms; they are operated in the same manner.
The remote user has a calculator type device that contains DES encryption. When the user attempts to log
on, the UniGuard generates a random 8-digit challenge number and sends it to the remote user. Just as with
the software Token, the user must enter the correct PIN number to access the Calculator Token. The 8digit challenge is then keyed into the calculator token, encrypted and displayed. The displayed result, the
Response, is keyed into the PC and sent back to the UniGuard. If the response is correct the user is
authenticated and connected to the host.
In adding a Calculator Token user to the UniGuard database, the only unique information required is the
user's ID and Token Key.
8.3.8
RSA SecurID Token
The RSA SecurID Token is a patented Token based on time. The Token contained a time clock together
with an encryption KEY. The KEY is used to encrypts the time, which is displayed in a window on the
token. The caller enters the encrypted displayed information when signing on. The system looks up the
Users Key and compares the encrypted information to the information generated by the system with the
Users Key. If a match is found the User is authenticated
8-3
Define Message Functions
The Network Administrator can enter two (2) messages that will be sent to a caller when the request for ID
and password are presented. These messages are defined as Primary and Secondary. The purpose of these
messages is to allow the network manager to disseminate information to callers: to warn potential intruders,
inform authorized users of possible link down time or any other pertinent messages.
9.1
Primary Message
The Primary message is optional and is sent to an incoming caller when the modem connects. The user ID
request follows this message. A delay before sending this message can be set using the System Options
menu.
There is no message in the system until installed by the administrator.
9.1.1
Primary messages can be up to 1000 characters in length; backspaces may be

used for editing Secondary Message
The Secondary message (also optional) will be sent after the user has entered a proper user ID. The
Password request follows this message.
There is no default message in the system. Secondary messages can be up to 1000 characters in length;
backspaces may be used for editing
9.2
Host Connect Message
The Host Connect Message is optional and can be 32 characters in length. It will be transmitted to the Host
terminal when a connection is made. This message will insure that the "CONNECT" message normally
coming from the modem is not garbled. It is intended for host systems that require this or any other
message upon connection.
By default there is no message installed.
9-1
10
System Options
The System Options allow for various settings of the system parameters
10.1 Set Security Level

The security level can be set for:
(0)
(1)
User ID only
User ID and Password
Selecting option (0) will only prompt callers for their ID. Option (1) will prompt for the user ID and
original programmed password, without asking for a change.
10.2 First User Message Delay

The First User Message Delay is the delay time in seconds after the call is connected (Carrier high on the
modem port) until the Enter User ID> prompt is sent. The default is 5 seconds. This option is normally
left at the default.
Some modems continue to handshake even after carrier is high. This is often the case with modems using
MMP.
Prior to sending information to the incoming caller, a delay is usually required after the call has been
established and carrier raised. This will allow the system to accept a complete message without the first few
characters being garbled. The maximum delay time is 50 seconds.
10.3 Set Inactivity Time

Is a period of time during which, if there is no data flow between the user and host, the call will be
terminated. This inactivity only relates to the Log on process; once the caller is authenticated and connected
to the Host there is no time out function.
10.4 Set Time and Date

The time and datecan be entered into the system from the DDM Distributed Database software.
10.5 Modify System Password

The system password (the password that the system administrator uses to program the UniGuard through
the dial up port) is entered into the system from the DDM Distributed Database software.
NOTE: If the password is forgotten, the default password can be re-installed with the Authenticate
Enable/Disable switch.
10.6 Host Port, DTR Options

10.6.1 Host Port DTR, Monitor
Device monitors all signals from the Host Application.
10.6.2 Host Port DTR, Ignore

Device ignores DTR signal from the Host Application.
10.7 Host Dial-out Options

10.7.1 Host Dial-out, Disabled
Excluded from dialing out from the modem.
10-1
10.7.2 Host Dial-out, Enabled

Ability to dial-out from the modem.
10.7.3 Host Dial-out, Auto Authentication

Provide two methods of use.
a) Dial-in user will request to authenticate for remote console management.
b) Ability to dial-out to a Client device for Auto Authentication Encryption.
10.8 Host AT Command Access

10.8.1 Host AT Command Access, Disable
This option gives the device full control of the modem for management purposes.
10.8.2 Host AT Command Access, Enabled with CDI Reset

This option gives the Host application access of the modem but when call is dropped UniGuard will resynch the modem with an AT Command.
10.8.3 Host AT Command Access, Enabled Transparent

This option gives the Host Application full access of the modem.
10.9
Enable/Disable Triple DES/AES
Enabling this option will increase security by requiring three 16-digit hexadecimal Private Keys (if Triple
DES/AES is enabled in the remote Encryptor) instead of just one. Once enabled, the system will prompt
for the 3 keys any time a user is added. The default is enabled.
10.10 System Key

The System Key is used in the encrypted communication between the UniGuard Manager and a remote
UniGuard Box. This Key MUST be the same in both the Units.
This encryption occurs when the Manager is sending new parameters and/or extracting the Audit Trail from
remote units.
This is essentially the same format and principle as the X9.17. The default Key is 0123456789ABCDEF.
10.11 Assign X917 ID's: User/Box

This option will determine whether each encrypted User is assigned a specific remote DES encryption
device (default) or if one or more DES Boxes are entered into UniGuards database, through any of which
multiple encrypted users can access UniGuards host. The database has a capacity of 25 DES boxes.
The Box scenario would be desired if there is a remote location with a multiple encryption users accessing
the UniGuard through any one of a group of encryption devices. A user could call in through whichever
Encryptor is available.
This can be entered into the system from the DDM Distributed Database software.
10.12 Power/IP Option
Power Port Connection

(Link Port becomes a Power Port for remote power reset to a Host Application.)
IP Authentication
(Provide In-band Strong User Authentication for remote console management.)
Copyright Communication Devices Inc. UniGuard10-2
IP Dial-out
(Ability to access the modem via In-band for dial-up access.)
10.13 IP Dialout 10(BASE-T Interface)

The IP Dialout can be used when the unit has been ordered with the IP Option. This option will allow the
device to use the LAN for programming purposes and other communications.
The IP Dialout can be configured as disabled, Enabled with out encryption or enabled with encryption.
10.14 IP (BASE-T Interface) Connection

UniGuard now allows for an IP (BASE-T)Interface, which will allow connection from the Auxiliary Port of
the Router to the Link Port of the UniGuard, internally authenticate through the Host port of the UniGuard
into the Console Port of the Router. This is accomplished with a TELENET Session.
Router
Console
Link
Auxiliary
Host
UniGuard
10.14.1 Break Sequence Enable

If the Break sequence command via Dialup and Inband through all Host Ports for remote Application is
required, make sure to set the Port number on the IP properties to 23. This is the only port that supports the
Break Sequence command.
10.15 IP Filter
Exclude
(Exclude a range of IP Addresses from accessing the device.)
Include
(Include a range of IP Addresses to access the device.)
10.15.1 Radius Services

If the unit has an IP Interface installed The unit supports Radius Authentication onto a Radius Server.
10-3
11 Network Services available

The UniGuard provides the following Network Services when the IP Option board has been delivered with
the unit.
The following services supported in IP boards containing Rev 4.03 and above
Health Status *
Radius-RSA ACE Server support
Remote Ping
* Note: For Health Status service to work, the UniGuard firmware needs to be 8.16 or above.
The following services supported in IP boards containing Rev 3.04 and above
Break Sequence
DNS/NET BIOS Support
In-band User Authentication
Radius
Remote Telnet
Point to Point (PPP)
Syslog
NET BIOS
NOTE: IP Boards support SNMP Simple Network Management Protocol Traps
11.1 Description of the Network service

11.1.1 Health Status
The Health Status will enable the Unit to report back real time Alert messages to the Distributed Database
Manager and Syslog Server for system activities and unexpected behaviors.
For Health Status service to work, the UniGuard firmware needs to be 8.16 or above.
11.1.2 Radius\RSA ACE Support

IP Interface supports all types of Radius Servers including RSA ACE Server.
11.1.3 Remote Ping

Once authenticated into a CDI unit the IP Interface allows the ability to remotely ping an application.
11.1.4 Break Sequence

The Break Sequence allows the Ability to send a break sequence via the LAN. Only Port 23 on the IP
allows this function.
11.1.5 DNS/NET BIOS Support

DNS Support allows the ability to provide a Domain Name system (DNS) IP Address for translation use
between Domain Names and IP Addresses.
11.1.6 In-band User Authentication

In-band User Authentication provides the ability to authenticate via the LAN into a CDI unit for Console
Management.
11-1
11.1.7 Remote Telnet

Remote Telnet provides for Strong User Authentication security via a telnet session for InBand host access.
11.1.8 Point to Point (PPP)

Point to Point (PPP) provides the ability to establish a Point to Point (PPP) for remote network access.
11.1.9 Syslog
Syslog Messages can be sent to the Syslog Server and/or the DDM and will report back real time Logs for
all activities on a device.
Copyright Communication Devices Inc. UniGuard11-2
12
Reports
There is a variety of Reports available. They can be accessed from the DDM Distributed Database
software.
12.1 Audit Trail

The Audit Trail report lists the entire activity report since the last time the log was cleared. The log in time,
log off time, user ID and the results (action) of each access is listed.
12.2 Status Report

The Status Report displays the current port status of the host and modem.
12.3 Modify Report Settings

Modify Report Settings allows the enabling or disabling of real time audit displays as well as setting the
time interval in seconds for the update of the real time display. If enabled, a new report will be generated
every 0 to 60 seconds (as selected) which can be monitored by a terminal connected to the link port.
12.4 Reset Audit Trail

This can be entered into the system from the DDM Distributed Database software.
12-1
13
Maintenance
13.1 Battery replacement

Located on the internal circuit board is a coin type battery 3.0 Volts D.C. When replacing the battery it MUST be replaced with a similar
battery (model BR2330 or equivalent).
NOTE: REPLACEING THE BATTERY WITH AN INCORRECT TYPE MAY

RESULT IN AN EXPLOSION.
13-1
Appendix Summary
The Appendixes apply to the Multi-Tech modem enclosed within the UniGuard V34.
NOTE: Wherever your communications software or operating system provides for modem selection,
select "MultiModem MT2834ZDX". If this choice is not available, select "Standard Modem".
Appendix A, AT COMMANDS BY FUNCTION
Appendix A is a set of the AT Commands listed by Function.
Appendix B, MODEM SPECIFICATIONS
Appendix B contains the Specifications for the Multi-Tech Modem contained within the equipment.
Appendix C, MODEM DEFAULTS
Appendix C contains the default settings of the modem.
Appendix D, S-REGISTER DEFAULTS
Appendix D contains the default settings for the S-Register.
Appendix E, AT COMMAND SUMMARY
Appendix E contains a complete description of the AT Commands.
Appendix F, S-REGISTER SUMMARY
Appendix F contains the S register Summary.
Appendix G, RESULT CODE SUMMARY
Appendix G contains the Result Code Summary (Terse and Verbose)
Appendix H, MULTI-TECH SYSTEM ESCAPE METHODS
Appendix H contains the method use by Multi-Tech for Escape Commands.
Appendix I, FCC, DOC and BABT INFORMATION
Appendix I pertains to FCC, DOC and BABT regulations.
The suggested AT Command string for the MultiTech modem is:
AT&C1&D2&E14#L1X4&W<CR>
Appendix A
V.32 AT COMMANDS BY FUNCTION
TOPIC COMMAND
Dialing
D
Action
$D
A:
H
DESCRIPTION
Dial
DTR dialing
Continuous redial
On-hook/off-hook
Dial
Modifiers
W
R
,
:
;
!
@
$
Pulse dial
T
Tone dial
Wait for new dial tone
Reverse originate/answer mode
Dialing pause
Continuous redial
Return to command mode after dialing
Flash on-hook
Quiet answer
Call card tone detect
Phone Number
Memory
D...N
N
N...N
L
Store phone number

Dial a stored number
Number linking
List stored telephone numbers
Configuration
& Default
Storage
&W
Store configuration
&F
Load default config.
Modem reset
Modem
Response
Commands
V
X
&A
M
#T
#F
Y
&G
&P
B
#A
Echo command mode characters

Q
Result codes enable/disable
&Q
Result codes (Multi- Tech or standard)
Result codes (verbose/terse)
Result codes and call progress
Answerback caller ID
Modem speaker control
Trellis coded modulation
Fallback modes when on- line
Long space disconnect
Guard tones
Set pulse dial ratios
Answer tone
Auto speed detection
RS-232c
Interface
Controls
&C
&D
&R
&S
&RF
&SF
Carrier Detect control

Data Terminal Ready control
Clear to Send control
Data Set Ready control
CTS/RTS interaction control
DSR/CD interaction control
Error
Correction
&E0
Non-Error Correction mode

&E1
Auto-Reliable mode and Data
Reliable mode Compression
&E15 Data compression enabled
V.42 error correction modes
Auto-Reliable buffering
Auto-Reliable fallback character
Retransmit count
Phone Line
Conditioning
&E2
disabled
#L
$A
$F
$R
&E14
Data compression
enable/disable
Speed
Conversion
$E
V.42 error correction at 300 bps
$BA
Baud adjust on/off

$MB
Modem baud rate
Serial port baud rate
$SB
Immediate
Action
Commands
Flow Control
L6
L8
A/
$H
Help screens
Inquire product code
L5
List current operating parameters
List S-Register values
List on-line diagnostics
Repeat last command
&BS
$EB
&E3
&E4
&E5
&E6
&E7
&E8
&E9
&E10
&E11
&E12
&E13
#X
Maximum Reliable block size

Asynchronous word length (10/11-bit)
Flow control disabled
Hardware flow control
Xon/Xoff flow control
Xon/Xoff no pass-thru
Xon/Xoff pass-through
Hewlett Packard ENQ/ACK pacing off
Hewlett Packard ENQ/ACK pacing on
Non-Error Correction mode flow control
Non-Error Correction mode flow control
Pacing off
Pacing on
Number of Xoff characters sent
off
on
Escape
+++AT<CR>
Default in-band escape code
Sequences
<BREAK>AT<CR> Alternate out-of-band escape code
%E
Escape sequence options
A
Force answer mode
O
Go back on-line
Diagnostics
&T
U
Respond to remote digital loopback signal

Loopback test modes
Appendix B
V.32 Specifications
Model Number:
Data Rates (Modem):
MT2834ZDX
0-300, 1200, 2400, 4800, 9600, 12,000, 14,400bps, 16,800 19,200 BPS, 21,600,
24,000, 26,400, 28,800 and 33,600
Data Rates (Fax):
4800, 9600, 14,400 BPS
Data Format (Modem): Serial, binary, asynchronous
Compatibility (Modem): Bell 212A and 103/113, ITU V.22; V.22bis, V.29, V.32, V.32bis, V.42, .42bis,
AT&T V.32 terbo, and V.34
Compatibility (Fax):
ITU Group 3, T.4, T.30, V.21, V.27ter, V.29, V.17, and EIA TR 29.2
Error Correction:
ITU V.42 (LAP-M or MNP 2- 4)
Data Compression:
ITU V.42 (4:1 throughput) or MNP 5 (2:1 throughput)
Speed Conversion:
Serial port data rates adjustable to 300, 1200, 2400, 4800, 9600, 12,000, 19,200,
38,400, 57,600, and 115,200 BPS
Mode of Operation:
Half or full duplex over dial-up lines; automatic or manual dialing and answer
Flow Control:
Xon/Xoff, hardware (RTS/CTS), (HP)ENQ/ACK
Intelligent Features:
Fully AT command compatible, autodial, redial, repeat dial, pulse or tone dial,
dial pauses, call status display, autoparity and data rate selections, keyboardcontrolled modem options, on-screen displays for modem option parameters and
command lines, help menus
Command Buffer:
60 characters
Modulation (Modem):
FSK at 300 BPS, PSK at 1200 BPS, QAM at 2400,4800, and 9600 BPS (nontrellis),QAM with trellis-coded modulation (TCM at 9600, 12,000, 14,400,
16,800, 19,200, 21,600, 24,000, 26,400, 28,800, 31,200 and 33,600 BPS
Fax Modulations:
V.21 CH2 FSK at 300 BPS
V.27ter DPSK at 2400 and 4800 BPS
V.29 QAM at 7200 and 9600 BPS
V.17 TCM at 7200, 9600, 12,000, and 14,400 BPS
Carrier Frequencies,
28.8K/16.8K BPS: 1700/1800 Hz V.34
Carrier Frequencies
19.2K/16.8K/14.4K/ 12K/9.6K/4.8K BPS: 1800 Hz V.32/V.32bis/V.32 terbo
2400 & 1200 BPS (V.22bis/V.22 or Bell 212A Standard):
Transmit originate:
1200 Hz
Transmit answer:
2400 Hz
Receive originate:
2400 Hz
Receive answer:
1200 Hz
300 BPS (Bell Standard): 1270 Hz mark, 1070 Hz space for transmit originate
2225 Hz mark, 2025 Hz space for receive originate
2225 Hz mark, 2025 Hz space for transmit answer
1270 Hz mark, 1070 Hz space for receive answer
Fax Carrier Frequencies: V.21 Ch2 (Half Duplex) 1650 Hz mark, 1850 Hz space for transmit originate
1650 Hz mark, 1850 Hz space for transmit answer
V.27ter 1800 Hz originate/answer
V.29 QAM 1700 Hz originate/answer
V.17 TCM 1800 Hz originate/answer
Transmit Level:
-13 dBm
Frequency Stability:
0.01%
Receiver Sensitivity:
-43 dBm under worst case conditions
AGC Dynamic Range:
43 dB
Interface:
EIA RS-232C/ITU V.24/V.28
Diagnostics:
Power-on self test, local analog loop, local
digital loop, remote digital
loop.
Indicators:
LEDs for Transmit Data, Receive Data, Carrier Detect, 28,800,Off-Hook,
Terminal Ready, Error Correction, and Fax.
Speaker:
Command-controlled speaker for call progress monitoring.
Environmental:
Temperature range 0 to 50 C (32 to 120 F); humidity range 20-90% (noncondensing)Power Requirements: 100-130VAC, 50/60 Hz, 0.1A/5W
14
Appendix C
V.32 MODEM DEFAULTS
$A0
#A0
Auto-Reliable Buffering: Discard data received during establishment of Reliable connection.

Auto Speed Detection in Answer Mode: Start at maximum speed and fall back incrementally to
14400 to 12000 to 9600 to 4800 to 2400 to 1200 to 300 BPS.
B0
Answer Tone: ITU answer tone.
&BS1 Maximum Reliable Block Size: 256 characters.
$BA0 Baud Adjust: Baud adjust off, serial conversion on &C1 Carrier Detect Control: CD goes high
when carrier is detected, low when carrier islost.
&D2
Data Terminal Ready Control: Modem hangs up when DTR drops and returns to command mode
when DTR goes high again.
$D0
DTR Dialing: Disabled.
E1
Echo Command Mode Characters: Off.
&E1
V.42 Error Correction: Auto-Reliable mode.
&E4
Modem-Initiated Flow Control: Hardware flow control
&E6
Xon/Xoff Pass-Through: Off.
&E8
Hewlett-Packard ENQ/ACK Pacing: Off.
&E10 Non-Error Correction Mode Flow Control: Off.
&E12 Pacing (Computer-Initiated Flow Control): Off.
&E15 Data Compression: On.
$EB0 Asynchronous Word Length: 10-bit mode.
$E0
V.42 Error Correction at 300 BPS: Off.
%E1
Escape Sequence Options: +++ method.
&F8
Load Default Configurations: Read factory defaults in ROM.
$F1
Auto-Reliable Fallback: Fall back to Non-Error Correction mode connect if <CR> received.
#F2
Fallback Modes When On-Line: Fall back incremen tally to 4800 BPS; fall forward when line
improves.
#L0
V.42 Error Correction Mode: Modems negotiate V.42 mode.
M1
Modem Speaker Control: Speaker on until carrier signal detected.
$MB
28800 Modem Baud Rate: 28,800 BPS (MT2834ZDX).
P
Pulse Dial.
&P0 or Set Pulse
&P1
&P1 (67-33 ratio) only.
Q0
Result Codes Enable/Disable: Result codes sent.
&Q0
Result Codes (Multi-Tech or Standard AT): MultiTech responses with modifiers.
R0
Reverse Originate/Answer Modes: Off.
&R1
Clear to Send Control: Force CTS high (on).
$R0
Retransmit Count: Disconnect after 12 retransmits.
&RF1 CTS/RTS Interaction Control: CTS acts independently.
&S1
Data Set Ready Control: DSR follows CD.
$SB57600 Serial Port Baud Rate: 57,600 BPS.
&SF0 DSR/CD Interaction Control: DSR follow CD.
&T5
Respond to Remote Digital Loopback Signal: Off.
#T1
Trellis Coded Modulation: On.
V1
Result Codes (Verbose/Terse): Verbose response.
&W1 Store Configuration: Off.
X0
Result Codes and Call Progress Selection: Basic result codes (CONNECT only); modem does
not look for dial or busy tones.
#X0
Number of Xoff Characters Sent After Buffer Is Full: One.
Y0
Long Space Disconnect: Disable sending or responding to long space break signal on disconnect
15
S0 = 1
S1 = 0
S2 = 43
S3 = 13
S4 = 10
S5 = 8
S6 = 2 or 4
S7 = 45 or 55
S8 = 2 or 4
S9 = 6
S10 = 7
S11 = 70
S13 = 37
S17 = 25
S24 = 20
S26 = 0
S30 = 0
S32 = 20
S34 = 10
S36 = 0
S37 = 5
Appendix D
V.32 S-REGISTER DEFAULTS
Number of rings until modem answers.

Ring count.
Escape code character (+).
Return character (^M).
Line feed character (^J).
Backspace character (^H).
Dial tone wait: 2 seconds ZDX, 4 seconds ZDXK and ZDXI models.
Wait for carrier: 45 seconds ZDX and ZDXI, 55 seconds ZDXK models.
Comma pause time: 2 seconds ZDX, 4 seconds ZDXK and ZDXI models.
Carrier detect response time: 600 ms.
Disconnect delay time: 700 ms.
Tone duration and spacing: 70 ms ZDX, 80 ms all or 80 other models, including ZDX
DOC.
Remote configuration escape character (%).
Length of break time to PC: 250 ms.
DSR/CTS/CD dropout time: 1 second.
Number of failed attempts allowed.
Inactivity timer: disabled.
Time modem will wait for <CR> during escape sequence execution: 2 seconds.
Buffer length of command mode after on-line escape sequence: 10 characters.
Time between DTR inactive and modem off-hook.
Time between DTR active and modem on-hook. S48 = 0 V.34 maximum connect speed.
16
Appendix E
Command Values
AT
V.32 AT COMMAND SUMMARY
Default Description
Attention Code The attention code precedes all command lines except A/, A:
and escape codes.
RETURN
RETURN Key Press the RETURN (ENTER) key to execute most commands.
A
Force Answer Mode Answer call immediately without waiting for ring.
A/
Repeat Last Command. Do not precede this command with AT. Do not hit
RETURN to execute.
A:
Continuous Redial (10 redials in DOC modems) of last number until
answered.
&An n = 0 or 1
Answerback Caller ID
***
&A0 Answerback off.
&A1 Answerback on.
$An n = 0 or 1
Auto-Reliable Buffering
***
$A0 Discard data received during establishment of Reliable connection
$A1 Buffer data received during establishment of Reliable connection
#An
n = 0-3
Auto Speed Detection in Answer Mode
***
#A0 Start at maximum speed and fall back to 14400 to 12000 to 9600 to 4800
to 2400 to 1200 to 300 BPS.
#A1 Maximum speed only.
#A2 Start at maximum speed and fall back incrementally to 4800 BPS only.
#A3 Start at 2400 BPS and fall back to 1200 to 300 BPS only.
Bn
n = 0 or 1
Answer Tone (ZDXI modems only)
***
B0 Select ITU V.21 answer tone.
B1 Select Bell 103 answer tone.
&Bsn n = 0 or 1
Maximum Reliable Block Size
&BS0 Maximum transmit block size of 64 characters.
***
&BS1 Maximum transmit block size of 256 characters.
$Ban n = 0 or 1
Baud Adjust
***
$BA0 Set baud adjust off, speed conversion on. (Serial port speed is
independent of modem data rate.)
$BA1 Set baud adjust on, speed conversion off. (Serial port speed is same as
modem data rate.)
&Cn n = 0, 1, 2,
Carrier Detect Control
or 4
&C0 Force Carrier Detect on.
***
&C1 Let Carrier Detect follow carrier signal.
&C2 Let Carrier Detect drop (time set by S24) on disconnect, then go high
gain.
&C4 Reset modem when Carrier Detect drops.
Ds s = phone #
Dial telephone number s, where s may include up to 60 digits or T, P, R,
comma, colon, and semicolon characters.
DsNd s = phone #
Store Phone Number
d = 0 or 1
To store, enter D followed by telephone number s, then N followed by directory
number d.
&Dn n = 0, 1, 2,
Data Terminal Ready Control
or 3
&D0 Modem ignores DTR signal.
&D1 Modem hangs up when DTR drops, disables auto-answer, and returns to
command mode when DTR goes high again.
***
&D2 Modem hangs up when DTR drops and returns to command mode when
DTR goes high again.
&D3 Modem hangs up and resets to default parameters when DTR drops.
$Dn
n = 0 or 1
DTR Dialing
***
$D0 Disable DTR dialing.
$D1 Enable DTR dialing.
En
n = 0 or 1
Echo Command Mode Characters
E0 Do not echo command mode characters.
***
E1 Do echo command mode characters.
G
&En
n = 0 thru
15
***
V.42 Error Correction Modes

&E0 Non-Error Correction mode (V.42 disabled).
&E1 Auto-Reliable mode.
&E2 Reliable mode (V.42 enabled).
Modem-Initiated Flow Control
&E3 Flow control disabled.
***
&E4 Hardware flow control.
&E5 Xon/Xoff flow control.
Xon/Xoff Pass-Through (&E5 selected)
***
&E6 Xon/Xoff not passed through.
&E7 Xon/Xoff passed through.
Hewlett-Packard ENQ/ACK Pacing
***
&E8 ENQ/ACK pacing off.
&E9 ENQ/ACK pacing on.
Non-Error Correction Mode Flow Control
***
&E10 Non-Error Correction mode flow control off.
&E11 Non-Error Correction mode flow control on.
Pacing (Computer-Initiated Flow Control)
***
&E12 Pacing off.
&E13 Pacing on.
Data Compression
&E14 Data compression disabled.
***
&E15 Data compression enabled.
$En
n = 0 or 1
V.42 Error Correction at 300 BPS
***
$E0 V.42 error correction at 300 BPS disabled.
$E1 V.42 error correction at 300 BPS enabled.
$Ebn n = 0 or 1
Asynchronous Word Length
***
$EB0 10-bit mode enabled.
$EB1 11-bit mode enabled.
%En
n = 0 thru
Escape Sequence Options
5
%E0 Modem won't escape.
***
%E1 +++ method.
%E2 Break method.
%E3 Either +++ or Break methods.
%E4 No "OK" response to +++.
%E5 "OK" response to +++.
&Fn
n = 0, 8,
Load Default Configuration
or 9
&F0 Load factory default values from ROM.
***
&F8 Read factory default values and DIP switch settings when &F is issued.
&F9 Read parameters stored in nonvolatile memory when &F is issued.
$Fn
n = 0 or 1
Auto-Reliable Fallback Character nable/Disable
$F0 Do not fall back to Non-Error Correction mode
connect if CR received.
***
$F1 Fall back to Non-Error Correction mode connect if CR received.
Fn
n = 0, 1,
Fallback Modes When On-Line
or 2
#F0 No fallback when on-line.
#F1 Fall back incrementally from maximum speed to 4800 BPS.
***
#F2 Fall back incrementally to 4800 BPS, fall forward when line improves.
&Gn n = 0, 1,
Guard Tones (International only)
or 2 ***
&G0 Turn off ITU guard tones.
&G1 Turn on ITU 550 Hz guard tone.
&G2 Turn on ITU 1800 Hz guard tone
NOTE: The ZDXK is locked to &G2, which turns on the ITU 1800 Hz guard tone.
Hn
n = 0 or 1
On-Hook/Off-Hook
H0 Go on-hook (hang up).
H1 Go off-hook.
$Hn
n = 1, 2,
Help Screens
or 3
$H1 Bring up Help Screen #1.

Inquire Product Code
I0 Request modem ID #.
I1 Request firmware revision #.
I2 Request modem description.
Ln
n = 0, 5, 6,
List Commands
7, or 8L
List stored telephone numbers.
L5 List current operating parameters.
L6 List current S-Register values
L7 List additional parameters
L8 List on-line diagnostic parameters
#Ln n = 0, 1, 2,
V.42 Error Correction Modes
3, or 8 ***
#L0 Modems negotiate V.42 mode.
#L1 MNP on and LAP-M off (originate mode only).
#L2 LAP-M on and MNP off (originate mode only).
#L3 Disable detection phase and go directly to LAP-M.
Mn n = 0, 1, 2,
Modem Speaker Control
or 3
M0 Modem speaker always off.
***
M1 Modem speaker on until carrier signal detected.
M2 Modem speaker always on.
M3 Monitor speaker on during dialing, off during
handshaking.
$Mbn n = speed
Modem Baud Rate
$MB75 Select CCITT V.23 mode.
$MB300 Select 300 BPS on-line.
$MB12000 Select 12,000 BPS on-line.
***
***
***
Nd d = 0 or 1
Dial a Stored telephone number d.
NdNe... d = 0 or 1
Number Linking
e = 1 or 0
If first number dialed is busy, other stored numbers may be automatically
dialed..
O
Go Back On-Line Exit command mode and go into on line mode after using the
escape code to do the reverse.
P In dialing ***
Pulse-Dial
command
Modem will pulse-dial numbers that follow the P.
&Pn
n = 0 or 1
Set Pulse Dial Ratios
***
&P0 60-40 pulse ratio.
&P1 67-33 pulse ratio.
NOTE: The ZDXK is locked to &P1, a 67-33 pulse ratio.
Qn n = 0, 1,
Result Codes Enable/Disable
or 2 ***
Q0 Result codes sent.
Q1 Result codes suppressed (quiet).
Q2 No Response answer mode.
&Qn n = 0 or 1
Result Codes (Multi-Tech or Standard AT)
***
&Q0 Multi-Tech responses with modifiers.
&Q1 AT responses with no modifiers
Rn
n = 0 or 1
Reverse Originate/Answer Mode
***
R0 Modem will not reverse modes.
R1 Modem will reverse modes.
&Rn n = 0, 1,
Clear to Send Control
or 2
&R0 Let CTS state follow RTS state when on-line.
In
n = 0, 1,
or 2
***
$Rn
n = 0 or 1
***
&Rfn
n = 0 or 1
***
Sr=n r = 0-11, 13,
24, 25, 30,
32, 34, 36,
37 or 48; format.
n varies
Sr? r = 0-11, 13,
24, 25, 30,
32, 34, 36,
37 or 48;
n varies
&Sn
n = 0, 1,
or 2
***
$Sbn
n = speed
Baud Adjust
***
&Sfn
n = 0 or 1
***
T
&Tn
n = 4 or 5
#Tn
***
n = 0 or 1
Un
***
n = 0, 1, 2,
or 3
Vn
n = 0 or 1
***
&Wn
n = 0 or 1
***
&R1 Force CTS high (on).

&R2 Let CTS drop on disconnect for time set by S24, then go high again.
Retransmit Count
$R0 Disconnect after 12 retransmits.
$R1 Do not disconnect after 12 retransmits.
CTS/RTS Interaction Control
&RF0 Let CTS follow RTS.
&RF1 Let CTS act independently.
Set Register Value
Set value of S-Register r to value
of n, where n is entered in decimal
Read Register Value

Read value of S-Register r and
display value in 3-digit decimal
format.
Data Set Ready Control
&S0 Force DSR high (on).
&S1 Let DSR follow CD.
&S2 DSR drops on disconnect for time set by S24, then goes high again.
Serial Port Baud Rate
$SB300 Select 300 BPS at serial
($BA) must port be off.
$SB1200 Select 1200 BPS at serial port.
$SB12000 Select 12,000 BPS at serial port.
DSR/CD Interaction Control
&SF0 Select DSR to follow CD.
&SF1 Select DSR to be independent.
Tone-Dial, Modem tone-dials numbers following the T.
Respond to Remote Digital Loopback Signal
&T4 Enable response to remote digital loopback signal.
&T5 Disable response to remote digital loopback signal.
Trellis Coded Modulation
#T0 Disable Trellis Coded Modulation.
#T1 Enable Trellis Coded Modulation.
Loopback Test Modes
U0 Enable analog loop originate mode.
U1 Enable analog loop answer mode
U2 Enable remote digital loopback mode.
U3 Enable local digital loopback mode.
Result Codes (Verbose/Terse)
V0 Result codes sent as digits (terse response).
V1 Result codes sent as words (verbose response).
Wait for New Dial Tone Inserted in dialing command, causes modem to wait for
new dial tone.
(X2 or X4 must be selected.)
Store Configuration
&W0 Store current settings in NVRAM; modem will load these at power-on or
with the ATZ command instead of reading factory ROM defaults.
&W1 Do not store settings.
Xn
n = 0 thru
***
Result Codes and Call Progress 4 Selection

X0 Basic result codes (CONNECT only); does not look for dial tone or busy.
X1 Extended result codes (w/CONNECT 1200, CONNECT 2400, etc.); does
not look for dial tone or busy signal
X2 Extended result codes with NO DIAL TONE; does not look for busy signal
X3 Extended result codes with BUSY; does not look for dial tone.
X4 Extended result codes with NO DIAL TONE and BUSY.
#Xn
n = 0 or 1
Number of Xoff Characters Sent
***
#X0 Single Xoff character sent after buffer is full.
#X1 Multiple Xoff characters sent (one for every character received after buffer
is full)
Yn
n = 0 or 1
Long Space Disconnect
***
Y0 Disable sending or responding to long space break signal on disconnect.
Y1 Enable sending or responding to long space break signal on disconnect.
(Both modems must have Y1 set.)
Z
Modem Reset to default values. Defaults come from NVRAM if &W0 is set,
from factory ROM if &W1 is set.
,
In Dial Dialing Pause
command
Comma; causes dialing pause for time set by S8.
: At end of
Continuous Redial Dial command. Colon; causes continuous redial (10 in
DOC modems) of number until answered.
;
At end of
Return to Command Mode After Dial command. Dialing Semi-colon;
causes immediate return to command mode after dialing.
! In Dial
Flash On-Hook command Exclamation point; causes modem to flash on-hook.
@ In Dial
Quiet Answer command Causes modem to wait for a ring back, then 5 seconds
of silence before processing next part of command.
+++AT<CR>
Escape Code, Puts modem in command mode while still remaining on-line.
Enter +++ followed by the letters A and T, up to ten command characters (or as
defined by S34), and a RETURN.
<BREAK>AT<CR>
Break Escape Code, Alternate escape method. Puts modem in command mode
while still remaining on-line. Enter BREAK followed by the letters A and T, up
to sixty command characters, and RETURN.
17
Appendix F
Register
S0
S1
S2
S3
S4
S5
S6
S7
Unit
1 ring
1 ring
decimal
decimal
decimal
decimal
1 sec.
1 sec.
S8
1 sec.
S9
S10
100 ms
100 ms
S11
1 ms
S13
S17
S24
decimal
10 ms
50 ms
S25
S30
S32
100 ms
1 min.
100 ms
S34
No. of
S36
S37
S48
1 sec.
1 sec.
decimal
Range
0-255
0-255
0-127
0-127
0-127
0-127
2-255
1-255
1-45*
1-55**
0-255
V.32 S-Register Summary

Default
1
0
43 (+)
13 (^M)
10 (^J)
8 (^H)
2
45
45*
55**
2
Description
Sets number of rings until modem answers.
Counts rings that have occurred.
Sets escape code character.
Sets character recognized as carriage return.
Sets character recognized as line feed.
Sets character recognized as backspace.
Determines wait-time for dial tone.
Determines how long modem will wait for carrier before
aborting call.
Sets pause time caused by a comma character in a dial

command.
1-255
6
Sets carrier detect response time.
0-255
7
Sets delay time between when carrier is lost and when
modem disconnects.
1-255 70
Sets time duration of and spacing between tones in tonedialing.
0-127 37 (%) Determines remote configuration escape character.
1-255 25
Determines length of break time (space) sent to local PC.
0-255 20
Sets DSR/CTS/CD dropout time. 20 default equals one
second.
0, 1-255
0
Sets DTR dropout time. 0 default equals 50 ms.
0-255
0
Inactivity timer used to disconnect modem.
0-255 20
Sets duration in which modem will wait for a RETURN to be
entered during escape sequence execution.
0-60
10
Buffer length of command characters after on-line escape
sequence.
0-255
0
Time between DTR inactive and modem off-hook.
0-255
5
Time between DTR active and modem on-hook.
28, 26, 0
Maximum V.34 connect speed.
21, 19,
16, 14,
12, 96,
or 48
* Values for ZDXI modems and ZDX-DOC modems only.

** Values for ZDXI modems only. *** Values for ZDXK modems only
18
Appendix G
Terse Verbose
0
OK
1 CONNECT
2 RING
3 NO CARRIER
4 ERROR
5 CONNECT 1200
6 NO DIAL TONE
7 BUSY
8 NO ANSWER
9 CONNECT 2400
10 (Not used)
11 CONNECT 4800
12 CONNECT 9600
13 CONNECT 14400
19 CONNECT 19200
21 CONNECT 21600
24 CONNECT 24000
26 CONNECT 26400
28 CONNECT 28800
V.32 RESULT CODE SUMMARY
Meaning
Command was executed without error, ready for next command.
Modem has detected carrier and gone on-line.
Modem has detected ring caused by incoming call.
No carrier signal has been detected within allowed time.
Error in command line (too many, or invalid characters).
Modem has detected carrier at 1200 BPS and gone on-line.
No dial tone has been detected.
A busy signal has been detected.
Remote system did not answer
Modem has detected carrier at 2400 BPS and gone online.
Modem detected carrier at 4800 BPS and on-line.
Modem detected carrier at 9600 BPS and on- line
Modem detected carrier at 14400 BPS and on-line
Modem detected carrier at 19200bps and on-line
Reliable Mode: If the ZDX is used in Reliable mode, the following responses change:
1R
CONNECT
(As above, except Reliable.)
RELIABLE
5R
CONNECT 1200
RELIABLE
9R
CONNECT 2400
RELIABLE
11R
CONNECT 4800
RELIABLE
12R
CONNECT 9600
RELIABLE
13R
CONNECT 14400
RELIABLE
19R
CONNECT 19200
RELIABLE
21R
CONNECT 19200
RELIABLE
24R
CONNECT 24000
RELIABLE
26R
CONNECT 26400
RELIABLE
28R
CONNECT 28800
RELIABLE
LAP-M Reliable mode: If the ZDX is used in LAP-M Reliable mode, the following responses change:
1L
CONNECT LAPM
5L
CONNECT 1200 LAPM
9L
CONNECT 2400 LAPM
11L
CONNECT 4800 LAPM
12L
CONNECT 9600 LAPM
13L
CONNECT 14400 LAPM
19L
CONNECT 19200 LAPM
21L
CONNECT 21600 LAPM
24L
CONNECT 24000 LAPM
26L
28L
CONNECT 26400 LAPM

CONNECT 28800 LAPM

Data Compression: If the ZDX is used with data compression, the word COMPRESSED or letter C will be
added to result codes 1, 5, 9, 11, 12, 13, 19, 21, 24, 26, and 28.
Standard AT Responses: If standard AT command set 2400 responses are selected with the &Q1 command,
the following responses change:
9
10
(Not used)
CONNECT 2400
Modem has detected carrier at 2400 BPS and gone on-line
19
Appendix H
V.32 MULTI-TECH SYSTEMS' ESCAPE
METHODS INTRODUCTION
You may sometimes find it necessary to issue AT commands to your modem, while you are on-line with a
remote modem, without disconnecting the call. If so, you will want to take advantage of escape methods
that allow you to change the modem's mode of operation from on-line mode to command mode. After you
issue your AT commands, you may return to on-line mode, but typically most users escape so that they
may hang up a modem upon completion of a call.
The modems offer two escape methods: in-band and out-ofband. Both incorporate Time Independent
Escape Sequence (TIES) methodology. An escape sequence is a pattern or sequence that the modem
recognizes as its signal to shift from on-line mode to command mode. "Time independent" means that the
modem recognizes the escape sequence without a prefixed and/or suffixed delay.
In an in-band escape, the modem recognizes the escape sequence as a pattern sent to it as part of the data
stream or band (hence its name). In an out-of-band escape, the escape sequence is a pattern that cannot and
does not occur in the data stream.
The in-band escape method is +++AT<CR>
The out-of-band escape method is <BREAK>AT<CR>
A break signal cannot be sent as part of a data file; instead it is sent by a direct program command to the
UART used by the computer.
The break signal is defined as either the transmission of binary 0 for a minimum of 10 bits; or as a
minimum interval of 135 milliseconds as established in the ITU X.28 standard. There are routines in high
level languages and keys on most computers that have been established to send BREAK for fixed intervals,
but you may control the break's duration by referring to your UART's specifications.
HOW TO SELECT AN ESCAPE METHOD
If you want your modem to escape and then wait for you to issue a command before it will return to on-line
mode, then use +++AT<CR>. You might use this method if you find you need to review a help screen in
the middle of a
communications session. If you wish to combine the escape with a command (or commands) and with an
immediate return to on-line mode, then use the <BREAK>AT<CR> method. You may also use this method
to have the modem wait before it will return on-line.
The following AT commands are used to select the modem's escape method: %E0 = Escape disabled
%E1 = +++AT method (default)
%E2 = BREAK AT method
%E3 = Both methods enabled
%E4 = Disable "OK" to +++ escape
%E5 = Enable "OK" to +++ escape
METHOD 1: +++AT<CR>
In the following example, a user who is in on-line mode decides to set S0 to 1 to configure the modem to
answer on the first ring.
1. The user enters the sequence +++AT<CR>. The sequence is sent to the modem
2. The modem transmits the +++.
3. The modem buffers AT and starts the Wait for <CR> Timer.
4. Upon receiving the <CR> the modem escapes to command mode.
5. The modem responds OK.
6. The user enters the command ATS0=1<CR>. This sequence is sent to the modem.
7. The modem buffers ATS0=1<CR> and identifies it as a valid command.
8. The modem executes the command, setting S0=1.
9. The user sends ATO<CR> to the modem.
10. The modem returns to on-line mode.
ESCAPE METHOD 2: <BREAK>AT<CR>
In the following example, a user who is in on-line mode decides to set S0 to 1, to configure the modem to
answer on the first ring.
1. The BREAK signal is sent to the modem.
2. The modem buffers BREAK .
3. The modem starts the S32 Wait for <CR> Timer.
4. ATS0=1<CR> is sent to the modem.
5. The modem buffers ATS0=1<CR> and identifies it as a valid command.

6. The modem escapes to command mode.
7. The modem executes the command, setting S0=1.
8. The modem returns to on-line mode.
S-REGISTERS AND ESCAPE SEQUENCE
There are two S-Registers that you may set to modify the functioning of your escape sequences. The first is
SRegister S32, which establishes a value for how much time may elapse between the receipt of the
beginning of the escape sequence, whether BREAK AT or +++AT, and the receipt of a <CR>. This interval
is known as wait-for-<CR>-time, or BREAK passthrough.
You may assign a value to S32 in increments of 100 milliseconds. The default value is 20, or 2 seconds.
In the +++AT<CR> method, the wait-for-<CR>-time interval begins once the A in +++AT is received.
In the BREAK AT method, the wait-for-<CR>-time interval begins once the modem has received the break
signal.
The S-Register S34 may be used in conjunction with our in-band escape sequence, +++AT<CR>, to
establish the maximum number of characters that your modem can buffer following an AT, before a <CR>
must be received. The default value is 10 characters. Do not confuse this buffer size with our regular
command mode buffer length of 60 characters. S-Register S34 does not affect our out-of-band escape
sequence's buffer length, which is fixed at 60 characters.
ABORTING AN ESCAPE SEQUENCE
The +++AT<CR> escape will abort if you do not issue a <CR> before the wait-for-<CR>-time interval
expires.
The <BREAK>AT<CR> method will also abort if you do not issue a <CR> before the wait-for-<CR>-time
interval expires, and also if any of the following occurs:
1. An illegal sequence is detected, including:
a)
A character other than A follows the BREAK ;
b)
A character other than T follows BREAK A;
c)
Two BREAK s are received in succession;
2. The command buffer overflows before a <CR> occurs
20
Appendix I
FCC, DOC, and BABT Information
FCC REGULATIONS FOR TELEPHONE LINE INTERCONNECTION
This equipment complies with Part 68 of the Federal Communications Commission (FCC) rules. On the
outside surface of this equipment is a label that contains, among other information, the FCC registration
number and ringer equivalence number (REN). If requested, this information must be provided to the
telephone company.
The suitable USOC jack (Universal Service Order Code connecting arrangement) for this equipment is
shown below.
The ringer equivalence number (REN) is used to determine the quantity of devices that may be connected
to the telephone line. Excessive RENs on the telephone line may result in the devices not ringing in
response to an incoming call. In most, but not all areas, the sum of the RENs should not exceed five (5.0).
To learn the number of devices that may be connected to the line, contact the telephone company to
determine the maximum REN for the calling area.
If this equipment causes harm to the telephone network, the telephone company will notify you in advance.
But if advance notice isn't practical, the telephone company will notify you as soon as possible. Also, you
will be advised of your right to file a complaint with the FCC if you believe it is necessary.
The telephone company may make changes in its facilities, equipment, operations, or procedures that could
affect the operation of the equipment. If this happens, the telephone company will provide advance notice
in order for you to make necessary modifications in order to maintain uninterrupted service.
If trouble is experienced with this equipment please contact Multi-Tech Systems, Inc. at the address shown
for details of how to have repairs made. If the trouble is causing harm to the telephone network, the
telephone company may request you remove the equipment until the problem is resolved. No repairs are to
be made by you. Repairs are to be made only by Multi-Tech Systems or its licensees. Unauthorized repairs
void registration and warranty.
This equipment cannot be used on the public coin service provided by the telephone company. Connection
to Party Line Service is subject to state tariffs. (Contact the state public utility commission, public service
commission or corporation commission for information.)
Manufacturer:
Multi-Tech Systems, Inc.
Model Number:
MT1432ZDX, MT1932ZDX, or MT2834ZDX
FCC Registration No:
U7USA-75711-MM-E (MT1432ZDX and MT1932ZDX)
AU7USA-20673-MM-E (MT2834ZDX)
Ringer Equivalence:
0.5B
Modular Jack (USOC): RJ11C or RJ11W (single line)
Service Center in USA: Multi-Tech Systems Inc.
2205 Woodale Drive
Mounds View, MN 55112
(800) 328-9717 (612) 785-3500
DOC TERMINAL EQUIPMENT WARNINGS
NOTICE: The Canadian Department of Communications label identifies certificated equipment. This
certification means that the equipment meets certain telecommunications network protective, operational
and safety requirements. The Department does not guarantee the equipment will operate to the user
satisfaction.
Before installing this equipment insure that it is permissible to be connected to the facilities of the local
telecommunications company. The equipment must also be installed using an acceptable method of
connection. In some cases, the company's inside wiring associated with a single line individual service may
be extended by means of a certified connector assembly. The customer should be aware that compliance
with the above conditions may not prevent degradation of service in some situations.
Repairs to certified equipment should be made by an authorized Canadian link facility designated by the
supplier. Any repairs or alterations made by the user to this equipment; or equipment malfunctions, may
give the telecommunications company cause to request the user to disconnect the equipment.
Users should insure for their own protection that the electrical ground connections of the power utility,
telephone lines and internal metallic water pipe system, if present, are connected together. This precaution
may be particularly important in rural areas.
The Load Number (LN) assigned to each terminal device denotes the percentage of the total load to be
connected to a telephone loop which is used by the device, to prevent overloading. The termination on a
loop may consist of any combination of devices subject only to the requirement that the total of
the Load Numbers of all the devices does not exceed 100. The Load Number for this product is 4.
CAUTION: Users should not attempt to make such connections themselves, but should contact the
appropriate electric inspection authority, or electrician, as appropriate.
This digital apparatus does not exceed the Class B limits for radio noise for digital apparatus set out by the
Department of Communications.
COMPLIANCE WITH BABT REQUIREMENTS
Approved for connection to telecommunications system specified in the instructions for use subject to the
conditions set out in them.
EUROPEAN LOW VOLTAGE DIRECTIVE
When correctly installed and maintained, the modem will present no hazard to the user. When correctly
installed, the modem will be connected to the PSTN and to a Data Terminal Equipment (DTE), whose
modem connections comply with ITU recommendations V.28. The DTE connections are therefore taken to
be safe voltages (less than (30 volts).
COMPLIANCE WITH BS6305 CLAUSE 6.2, BS6320 CLAUSE 7.2, AND BABT/SITS/82/005S/D
a. The modem is suitable for connection to the Public Switched Telephone Network (PSTN) provided by
British Telecommunications plc or Kingston Communications (Hull) plc. Circuit supply by British
Communications, Mercury Communication, or Hull City Council. Only direct exchange lines may be used,
not shared service.
b. The modem is suitable for household, office, and similar general indoor use. It is not suitable for use as
an extension to a pay phone.
c. BT lines supplied must support either loop disconnect or multifrequency tone signaling.
d. REN (Ringer Equivalence Number). The REN value of a unit is calculated from 3/n where n is the total
number of units which can be connected in parallel which will still cause the standard bell (as defined in
BS6305 ) to ring.
REN values of less than 0.3 cannot be assigned.
For apparatus which is not capable of forming part of multiple installation, a REN value of 3 is assigned.
REN = 1
If a telephone or other device is connected in parallel with the modem, the combined REN must not exceed
4. A BT supplied telephone may be assumed
to have REN of 1.0 unless otherwise noted.
The approval of this modem for connection to the British Telecom public switched telephone network is
INVALIDATED if the apparatus is subject to any modification in any material way not authorized by
BABT or if it is used with or connected to:
i. internal software that has not been formally accepted by BABT.
ii. external control software or external control apparatus which cause the operation of the modem
associated call set-up equipment to contravene the requirements of the standard set out in
BABT/SITS/82/005S/D.
indirectly to the British Telecom public switched telephone network must be approved apparatus as defined
in Section 22 of the British Telecommunications Act 1984. All apparatus connected to this modem and
thereby connected directly or
COMPLIANCE WITH BS6789: SECTION 3.1 AND PART 2
a. The modem is not capable of allowing Auto Call using '999' or other PABX emergency numbers.
b. Modes other than modes 1, 2, or 3 should not be used on the BT PSTN. This modem is a mode 1 device.
c. Users are advised to check the numbers entered during the Auto Call set up phase prior to dialing.
d. The user should not issue any sequence of commands to the modem which would cause the modem to
exceed the maximum allowable pause of 8 seconds from the time the modem goes off-hook until dialing
begins.
COMPLIANCE WITH DTI 83/009
a. The apparatus is only approved for compatible PBXs. Consult the supplier for an up-to-date list of
compatible PBXs.
b. There is no guarantee of correct working in all circumstances. Any difficulties should be referred to
Multi-Tech Systems.
c. If sockets are required for connexion to the PBX, use the BT post card only if BT owns the wiring to the
PBX.
This apparatus has been approved for the use of the following facilities:
* Auto-calling
* Loop disconnect and MF dialing
* Phone number storage and retrieval by a predetermined code
* Operation in the absence of proceed indication
* Automatic storage of last number dialed

* Tone detection-busy
* Auto clear from the originating end
* DTR dialing
* Modem
* PBX timed break register recall
Any other usage will invalidate the approval of the apparatus if, as a result, it then ceases to comply with
the standards against which approval was granted.
21
Appendix J V.90 Modem AT Commands, S-Registers &

Result Codes
AT Commands, S-Registers, and Result Codes

Multi-Tech Systems, Inc. MT5634ZBA/ZBAV User Guide
PN S0000170 Rev. A
Understanding AT Commands
AT commands are used to control the operation of your modem. They are so called
because each command must be preceded by the characters AT to get the ATtention
of the modem.
AT commands can be issued only when the modem is in command mode or online
command mode. The modem is in command mode whenever it is not connected to
another modem. The modem is in data mode whenever it is connected to another
modem and ready to exchange data. Online command mode is a temporary state in
which you can issue commands to the modem while connected to another modem.
To put the modem into online command mode from data mode, you must issue an
escape sequence (+++) followed immediately by the AT characters and the command,
e.g., +++ATH to hang up the modem. To return to data mode from online command
mode, you must issue the command ATO.
To send AT commands to the modem you must use a communication program, such
as the HyperTerminal applet in Windows 95, 98, and NT 4.0, or the communication
program included with your modem. You can issue commands to the modem either
directly, by typing them in the terminal window of the communication program, or
indirectly, by configuring the operating system or communication program to send
the commands automatically. Fortunately, communication programs make daily
operation of modems effortless by hiding the commands from the user. Most users,
therefore, need to use AT commands only when reconfiguring the modem, e.g., to
turn autoanswer on or off.
The format for entering an AT command is ATXn, where X is the command and n is
the value for the command, sometimes called the command parameter. The value is
always a number. If the value is zero, you can omit it from the command; thus,
AT&W is equivalent to AT&W0. Most commands have a default value, which is the
value that is set at the factory. The default values are shown in the AT Commands
section, which begins on the next page.
You must press ENTER to send the command to the modem. Any time the modem
receives a command, it sends a response known as a result code. The most common
result codes are OK, ERROR, and the CONNECT messages that the modem sends
the computer when it is connecting to another modem. For a table of valid result
codes, see Result Codes at the end of this chapter.
You can issue several commands in one line, in what is called a command string. The
command string begins with AT and ends when you press ENTER. Spaces to separate
the commands are optional; they are ignored by the command interpreter. The most
familiar command string is the initialization string, which is used to configure the
modem when it is turned on or reset, or when your communication software calls
another modem.
AT Commands
Command:
Values:
Description:
AT
Command:
Values:
Description:
Enter Key
n/a
Press the ENTER or RETURN key to execute most commands.
Command:
Values:
Description:
Answer
n/a
Answer an incoming call before the final ring.
Command:
Values:
Description:
A/
Repeat Last Command

n/a
Repeat the last command string. Do not precede this command
with AT. Do not press ENTER to execute.
Command:
Values:
Bn
Description:
B0
B1
B2
B3
B15
B16
Communication Standard Setting

n = 03, 15, 16
Default: 1 and 16
Select ITU-T V.22 mode when modem is at 1200 bps.
Select Bell 212A when modem is at 1200 bps.
Deselect V.23 reverse channel (same as B3).
Deselect V.23 reverse channel (same as B2).
Select V.21 when the modem is at 300 bps.
Select Bell 103J when the modem is at 300 bps.
Command:
Values:
Default:
Description:
Cn
Command:
Values:
Default:
Description:
C0
C1
Ds
Attention Code
n/a
The attention code precedes all command lines except A/, A:,
and the escape sequence.
Carrier Control
n=1
1
Transmit carrier always off. (Not supported.)
Normal transmit carrier switching (included for backward
compatibility with some software).
Dial
s = dial string (phone number and dial modifiers)
none
Dial telephone number s, where s may up to 40 characters long
and include the 09, *, #, A, B, C, and D characters, and the L,
P, T, V, W, S, comma (,), semicolon (;), !, @, ^ and $ dial string modifiers.
Dial string modifiers:
L
Redial last number. (Must be placed immediately after ATD.)
P
Pulse-dial following numbers in command.
T
Tone-dial following numbers in command (default).
V
Switch to speakerphone mode and dial the following number.
Use ATH command to hang up.
W
Wait for a new dial tone before continuing to dial. (X2, X4,X5, X6, or
X7 must be selected.)
,
Pause during dialing for time set in register S8.
;
Return to command mode after dialing. (Place at end of dial string.)
!
Hook flash. Causes the modem to go on-hook for one-half second, then
off-hook again.
@
Wait for quiet answer. Causes modem to wait for a ring back, then 5
^
$
seconds of silence, before processing next part of command. If silence

is not detected, the modem returns a NO ANSWER code.
Disable data calling tone transmission.
Detect AT&T call card bong tone. The character should follow the
phone number and precede the users call card number:
ATDT1028806127853500$123456789
Command:
Values:
Default:
Description:
DS= y
Dial Stored Telephone Number

y = 03
none
Dials a number previously stored in directory number y by the &Zy=x
command. Example: ATDS=3.
Command:
Values:
Default:
Description:
En
Echo Command Mode Characters

n = 0 or 1
1
Do not echo keyboard input to the terminal.
Do echo keyboard input to the terminal.
E0
E1
Command:
Values:
Default:
Description:
Fn
Echo Online Data Characters

n=1
1
F0 Enables online data character echo. (Not supported.)
F1 Disables online data character echo (included for backward
compatibility with some software).
Command:
Values:
Default:
Description:
Hn
Hook Control
n = 0 or 1
0
H0 Goes on-hook (hangs up).
H1 Goes off-hook (makes the phone line busy).
Command:
Values:
Default:
Description:
In
Information Request
n = 05, 9, 11
None
I0 Displays default speed and controller firmware version.
I1 Calculates and displays ROM checksum (e.g., 12AB).
I2 Checks ROM and verifies the checksum, displaying OK or ERROR.
I3 Displays default speed and controller firmware version.
I4 Displays firmware version for data pump (e.g., 94).
I5 Displays the board ID: software version, hardware version, and
country ID.
I9 Displays the country code (e.g., NA Ver. 1).
I11 Displays diagnostic information for the last modem connection,
such as DSP and firmware version, link type, line speed, serial speed,
type of error correction/data compression, number of past retrains, etc.
Command:
Values:
Default:
Description:
Mn
Monitor Speaker Mode

n = 0, 1, 2, or 3
1
M0 Speaker always off.
M1 Speaker on until carrier signal detected.
M2 Speaker always on when modem is off-hook.
M3 Speaker on until carrier is detected, except while dialing.
Command:
Nn
Modulation Handshake
Values:
Default:
Description:
n = 0 or 1
1
N0 Modem performs handshake only at communication standard
specified by S37 and the B command.
N1 Modem begins handshake at communication standard specified
by S37 and the B command. During handshake, fallback to a lower
speed can occur.
Command:
Values:
Default:
Description:
On
Return Online to Data Mode

0, 1, 3
None
O0 Exits online command mode and returns to data mode (see
+++AT<CR> escape sequence ).
O1 Issues a retrain and returns to online data mode.
O3 Issues a rate renegotiation and returns to data mode.
Command:
Values:
Default:
Description:
Pulse Dialing
P, T
T
Configures the modem for pulse (non-touch-tone) dialing.
Dialed digits are pulsed until a T command or dial modifier is received.
Command:
Values:
Default:
Description:
Qn
Result Codes Enable/Disable

n = 0 or 1
0
Q0 Enables result codes.
Q1 Disables result codes.
Q2 Returns an OK for backward compatibility with some software.
Command:
Values:
Default:
Description:
Sr= n
Set Register Value

r = S-register number; n varies
None
Sets the value of register Sr to the value of n, where n is entered
in decimal format. E.g., S0=1.
Command:
Values:
Default:
Description:
Sr?
Read Register Value

r = S-register number
None
Reads the value of register Sr and displays it in 3-digit decimal form.
E.g., S2? gives the response 043.
Command:
Values:
Default:
Description:
Tone Dialing
P, T
T
Configures the modem for DTMF (touch-tone) dialing. Dialed
digits are tone dialed until a P command or dial modifier is received.
Command:
Values:
Default:
Description:
Vn
Result Code Format

n = 0 or 1
1
V0 Displays result codes as digits (terse response).
V1 Displays result codes as words (verbose response).
Command:
Values:
Default:
Wn
Result Code Options

n = 0, 1, or 2
2
Description:
W0 CONNECT result code reports serial port speed, disables protocol

result codes.
W1 CONNECT result code reports serial port speed, enables protocol
result codes.
W2 CONNECT result code reports line speed, enables protocol result
codes.
Command:
Values:
Default:
Description:
Xn
Result Code Selection

n = 07
4
X0 Basic result codes (e.g., CONNECT); does not look for dial tone or
busy signal.
X1 Extended result codes (e.g., CONNECT 46000 V42bis); does not
look for dial tone or busy signal.
X2 Extended result codes with NO DIALTONE; does not look for
busy signal.
X3 Extended result codes with BUSY; does not look for dial tone.
X4 Extended result codes with NO DIALTONE and BUSY.
X7 Basic result codes with NO DIALTONE and BUSY.
Command:
Values:
Default:
Description:
Yn
Long Space Disconnect

n=0
0
Y0 Disables sending or responding to long space break signal on
disconnect.
Y1 Enables sending or responding to long space break signal on
disconnect. (Not supported.)
Command:
Values:
Default:
Description:
Zn
Modem Reset
n = 0 or 1
None
Z0 Resets modem to profile saved by the last _W command.
Z1 Same as Z0.
Command:
Values:
Default:
Description:
&Bn
V.32 Auto Retrain

n=1
1
&B0 Disables V.32 auto retrain. (Not supported.)
&B1 Enables V.32 auto retrain.
Command:
Values:
Default:
Description:
&Cn
Data Carrier Detect (DCD) Control

n = 0, 1, or 2
1
&C0 Forces the DCD circuit to be always high.
&C1 DCD goes high when the remote modems carrier signal is
detected, and goes low when the carrier signal is not detected.
&C2 DCD drops on disconnect for time set by S18, then goes high
again (for some CBX phone systems).
Command:
Values:
Default:
Description:
&Dn
Data Terminal Ready (DTR) Control

n = 0, 1, 2, or 3
2
&D0 Modem ignores the true status of the DTR signal and responds
as if it is always on.
&D1 If DTR drops while in online data mode, the modem enters
command mode, issues an OK, and remains connected.
&D2 If DTR drops while in online data mode, the modem hangs up.
If the signal is not present, the modem will not answer or dial.
&D3 If DTR drops, the modem hangs up and resets as if an ATZ
command were issued.
Command:
Values:
Default:
Description:
&En
XON/XOFF Pacing Control

n = 12 or 13
12
&E12 Disables XON/XOFF pacing.
&E13 Enables XON/XOFF pacing. (_K4 must also be set.)
Note: &E13 has no effect if hardware control (_K3) is selected.
Command:
Values:
Default:
Description:
&Fn
Load Factory Settings

n=0
None
&F0 Loads factory settings as active configuration.
Note: See also the Z command.
Command:
Values:
Default:
Description:
&Gn
V.22bis Guard Tone Control

n = 0, 1, or 2
0
&G0 Disables guard tone.
&G1 Sets guard tone to 550 Hz.
&G2 Sets guard tone to 1800 Hz.
Note: The &G command is not used in North America.
Command:
Values:
Defaults:
Description:
&Kn
Flow Control Selection

n = 0, 3, or 4
3
&K0 Disables flow control.
&K3 Enables CTS/RTS hardware flow control.
&K4 Enables XON/XOFF software flow control.
Command:
Values:
Default:
Description:
&Qn
Asynchronous Communications Mode

n = 0, 5, 6, 8, or 9
5
&Q0 Asynchronous with data buffering. Same as \N0.
&Q5 Error control with data buffering. Same as \N3.
&Q6 Asynchronous with data buffering. Same as \N0.
&Q8 MNP error control mode. If MNP error control is not established,
the modem falls back according to the setting in S36.
&Q9 V.42 or MNP error control mode. If neither error control is
established, the modem falls back according to the setting in S36.
Command:
Values:
Default:
Description:
&Sn
Data Set Ready (DSR) Control

n = 0 or 1
0
&S0 DSR is always high (on).
&S1 DSR goes high only during a connection.
Command:
Values:
Default:
Description:
&Tn
V.54 Test Commands

n = 0, 1, 3 or 6
None
&T0 Abort. Stops any test in progress.
&T1 Initiates local analog loopback test.

&T3 Initiates local digital loopback test.
&T6 Initiates remote digital loopback test.
Note: To stop a test, you must use the escape sequence (+++AT)
before typing AT&T0.
Command:
Values:
Description:
&V
Display Current Settings

n/a
Displays the active modem settings, including the callback security
settings if callback security is enabled. If the setup password
has been entered, it also displays the callback security passwords.
Command:
Values:
Default:
Description:
&Wn
Store Current Configuration

n=0
None
&W0 Stores current modem settings in nonvolatile memory and
causes them to be loaded in place of the factory defaults at
power-on or following the ATZ command. See also &F.
&W1 Clears user default settings from nonvolatile memory and
causes the factory defaults to be loaded at power-on or following
the ATZ command.
Command:
Values:
&Z y=x
Store Dialing Command

y = 03 (callback security disabled) or 029 (callback security enabled)
x = Dialing command string
None
Stores dialing command x in memory location y. Dial the
stored number using the command ATDS=y. See also the
#CBSn command.
Command:
Values:
Description:
&&S
Speaker Codec Loopback

n/a
Provides a loopback from the microphone to the speaker. For
testing and debugging only.
Command:
Values:
Default:
Description:
\An
Select Maximum MNP Block Size

n = 0, 1, 2, or 3
3
\A0 64-character maximum.
Command:
Values:
Default:
Description:
\Bn
Transmit Break
n = 09 in 100 ms units
3
In non-error-correction mode only, sends a break signal of the specified
length to a remote modem. Works in conjunction with the \K command.
Command:
Values:
Default:
Description:
\Jn
Data Buffer Control

n=0
0
\J0 Enables data bufferserial port speed is independent of connect
speed.
\J1 Disables data bufferserial port speed is forced to the line speed.
Default:
Description:
Command:
Values:
Default:
Description:
\Kn
Break Control
n = 05
5
Controls the response of the modem to a break received from
the computer, the remote modem, or the \B commnd. The response
is different for each of three different states.
Data mode. The modem receives the break from the computer:
\K0 Enters online command mode, no break sent to the remote modem.
\K1 Clears data buffers and send break to the remote modem.
\K2 Same as \K0.
\K3 Sends break immediately to the remote modem .
\K4 Same as \K0.
\K5 Sends break to the remote modem in sequence with the transmitted
data.
Data mode. The modem receives the break from the remote modem:
\K0 Clears data buffers and sends break to the computer.
\K1 Same as \K0.
\K2 Sends break immediately to the computer.
\K3 Same as \K2.
\K4 Sends break to the computer in sequence with the received data.
\K5 Same as \K4.
Online command mode. The modem receives a \Bn command
from the computer:
\K0 Clears data buffers and sends break to the remote modem.
\K1 Same as \K0.
\K2 Sends break immediately to the remote modem.
\K3 Same as \K2.
\K4 Sends break to the remote modem in sequence with the transmitted
data.
\K5 Same as \K4.
Command:
Values:
Default:
Description:
\Nn
Error Correction Mode Selection

n = 05, or 7
3
\N0 Non-error correction mode with data buffering (buffer mode;
same as _Q6).
\N1 Direct mode.
\N2 MNP reliable mode. If the modem cannot make an MNP
connection, it disconnects.
\N3 V.42/MNP auto-reliable mode. The modem attempts first to
connect in V.42 error correction mode, then in MNP mode, and
finally in non-error-correction (buffer) mode with continued operation.
\N4 V.42 reliable mode.If the modem cannot make a V.42 connection,
it disconnects.
\N5 V.42, MNP, or non-error correction (same as \N3).
\N7 V.42, MNP, or non-error correction (same as \N3).
Command:
Values:
Default:
Description:
\Qn
Flow Control Selection

n = 0, 1, or 3
3
\Q0 Disables flow control (same as _K0).
\Q1 XON/XOFF software flow control (same as _K4).
\Q2 CTS-only flow control. Not supported.
\Q3 RTS/CTS hardware flow control (same as _K3).
Command:
\T n Inactivity Timer
AA
Values:
Default:
Description:
n = 0, 1255
0
\Tn Sets the time (in minutes) that the modem waits after the last
character is sent or received before it disconnects. A value of
zero disables the timer. Applies only in buffer mode.
Note: You can also set the inactivity timer by changing the value of
S30.
Command:
Values:
Default:
Description:
\Vn
Protocol Result Code

n = 0, 1, or 2
1
\V0 Disables the appending of the protocol result code to the DCE
speed.
\V1 Enables the appending of the protocol result code to the DCE
speed.
\V2 Same as \V1.
Command:
Values:
Defaults:
Description:
\Xn
XON/XOFF Pass-Through
n = 0 or 1
0
\X0 Modem responds to and discards XON/XOFF characters.
\X1 Modem responds to and passes XON/XOFF characters.
Command:
Values:
Defaults:
Description:
-Cn
Data Calling Tone

n = 0 or 1
0
-C0 Disables V.25 data calling tone to deny remote data/fax/voice
discrimination.
-C1 Enables V.25 data calling tone to allow remote data/fax/voice
discrimination.
Command:
Values:
Default:
Description:
%A
Adaptive Answer Result Code Enable

n = 0 or 1
0
The %A command controls whether the DATA and FAX result
codes will be sent by the modem. The modem must be in fax
mode for this command to work. Also, the modem must be set
to +FAA=1, which enables the modem to distinguish between
a fax and a data call. When these commands are enabled, the
modem sends DATA to the computer when it detects data tones,
and FAX when it detects fax tones. These strings are used by
some servers to select the appropriate communication program.
%A0 Disables adaptive answer result codes.
%A1 Enables adaptive answer result codes.
Note: For descriptions of the +FAA= and other fax commands, see the
Multi-Tech Fax Class 2 Developers Kit.
Command:
Values:
Description:
%B
View Numbers in Blacklist

n/a
If blacklisting is in effect, AT%B displays the numbers for
which the last call attempted in the previous two hours failed.
In countries that do not require blacklisting, the ERROR result
code appears.
Command:
Values:
%Cn
Data Compression Control

n = 0 or 1
Copyright Communication Devices Inc. UniGuard BB
Default:
Description:
1
%C0 Disable sV.42bis/MNP 5 data compression.
%C1 Enables V.42bis/MNP 5 data compression.
Command:
Values:
Default:
Description:
%DCn
AT Command Control
n = 0 or 1
0
%DC0 The modem responds to AT commands.
%DC1 The modem ignores AT commands.
Note: The modem will respond to AT%DC for 10 seconds after it is
turned on.
Command:
Values:
Default:
Description:
%En
Fallback and Fall Forward Control

n = 0, 1, or 2
2
%E0 Disables fallback and fall-forward.
%E1 Enables fallback, disables fall-forward.
%E2 Enables fallback and fall-forward.
Command:
Values:
Default:
Description:
$Dn
DTR Dialing
n = 0 or 1
0
$D0 Disables DTR dialing.
$D1 Dials the number in memory location 0 when DTR goes high.
Command:
Values:
Default:
Description:
$EBn
Asynchronous Word Length

n = 0 or 1
0
$EB0 Enables 10-bit mode.
$EB1 Enables 11-bit mode.
Command:
Values:
Default:
Description:
$SBn
Serial Port Baud Rate

n = speed in bits per second
57600
$SB300 Set serial port to 300 bps.
Command:
Values:
Default:
Description:
+ES=n
Enable Synchronous Buffered Mode

n=6
None
Allows an H.324 video application direct access to the synchronous
data channel. On underflow, the modem sends HDLC
flag idle (0x7E) to the remote modem.This special error control
mode is overridden by any of the following commands:
_F, _M, _Q, or \N.
AT+ES=? shows the only allowed value.
AT+ES? shows the current value.
CC
Command:
Values:
Default:
Description:
+VCID=n
Caller ID Selection
n = 0, 1, or 2
0
Enables Caller ID detection and configures the reporting and
presentation of the Caller ID data that is detected after the first
ring. The reported data includes the date and time of the call,
the caller's name and number, and a message.
+VCID=0 Disables Caller ID
+VCID=1 Enables Caller ID with formatted data
+VCID=2 Enables Caller ID with unformatted data
Command:
Values:
Default:
Description:
#CBAn
Callback Attempts
n = 1255
4
Sets the number of callback attempts that are allowed after
passwords have been exchanged between modems.
Command:
Values:
Default:
Description:
#CBDn
Callback Delay
n = 0255
15
Sets the length of time (in seconds) that the modem waits before
calling back the remote modem.
Command:
Values:
Default:
Description:
#CBF?
Callback Failed Attempts Display

n/a
n/a
Requests the number of failed callback passwords since reset
or power-up. This number can be stored to nonvolatile
memory using the _W command.
Command:
Values:
Default:
Description:
#CBFR
Callback Failed Attempts Reset

n/a
n/a
Resets the number of failed callback passwords to 0. This does
not reset the number stored in nonvolatile memory.
Command:
Values:
Default:
Description:
#CBIn
Local Callback Inactivity Timer

n = 1255
20
Sets the time (in minutes) that the modem waits for a command
before forcing the user to enter the setup password again.
Command:
Values:
#CBN y= x
Store Callback Password

y = 029
x = password
None
Sets the callback security password for the y memory location.
The password must have 6 to 10 characters, and cannot include
the + or - characters.
#CBPn
Callback Parity
n = 0, 1, or 2
0
Sets parity for the callback security messages.
#CBP0 No parity.
#CBP1 Odd parity.
Defaults:
Description:
Command:
Values:
Default:
Description:
Copyright Communication Devices Inc. UniGuard DD
#CBP2 Even parity.

Command:
Values:
Default:
Description:
#CBRy
Callback Security Reset

y = 029
None
Clears the password and phone number in the y memory location.
Command:
Values:
Default:
Description:
#CBS n
Callback Enable/Disable
n = 0, 1, 2, or 3
0
#CBS0 Disables callback security.
#CBS1 Enables local and remote callback security.
#CBS2 Enables remote callback security only.
#CBS3 Disables callback security until local hangup or reset.
Command:
Values:
Default:
Description:
#P n
Set 11-bit Parity

n = 0 or 1
2
#P0 No parity.
#P1 Odd parity.
#P2 Even parity.
Command:
Values:
Default:
Description:
#S x
Enter Setup Password

x= password (18 characters, case sensitive)
MTSMODEM
Enters the callback security setup password.
Command:
Values:
Default:
Description:
#S= x
Store Setup Password

x= password (18 characters, case sensitive)
MTSMODEM
Stores a new callback security and remote configuration setup
password.
Command:
Values:
Description:
+++AT<CR>
Escape Sequence
n/a
Puts the modem in command mode (and optionally issues a
command) while remaining online. Type +++AT and up to ten
command characters, then press ENTER. Used mostly to issue
the hang-up command: +++ATH<CR>.
Command:
Values:
Description:
%%%AT<CR> Remote Configuration Escape Sequence

n/a
Initiates remote configuration mode while online with remote
modem. The remote configuration escape character (%) is defined
in register S13.
EE
S-Registers
Certain modem values, or parameters, are stored in memory locations called S-registers.
Use the S command to read or to alter the contents of S-registers (see previous section).
Register Unit Range Default Description
S0 1 ring 0, 1255 1 Sets the number of rings until the modem
answers. ATS0=0 disables autoanswer
completely.
S1 1 ring 0255 0 Counts the rings that have occurred.
S2 decimal 0127 43 (+) Sets ASCII code for the escape sequence char128255 acter. Values greater than 127 disable escape.
S3 decimal 0127 13 (^M) Sets the ASCII code for the carriage return
character.
S4 decimal 0127 10 (^J) Sets the ASCII code for the line feed character.
S5 decimal 032 8 (^H) Sets the ASCII code for the backspace char33127 acter. Values over 32 disable backspace.
S6 seconds 265* 2* Sets the time the modem waits after it goes
off-hook before it begins to dial the telephone
number.
S7 seconds 1255* 50* Sets the time the modem waits for a carrier
signal before aborting a call. Also sets the
wait-for-silence time for the @ dial modifier.
S8 seconds 265 2 Sets the length of a pause caused by a
comma character in a dialing command.
S9 decimal 0, 1127 37 (%) Sets ASCII code for remote configuration
escape character. S9=0 disables remote
configuration.
S10 100 ms 1254 20 Sets how long a carrier signal must be lost
before the modem disconnects.
S11 1 ms 50150* 95* Sets spacing and duration of dialing tones.
S18 50 ms 0255 20 Sets the time the CD signal drops before
going high again. Used for some PBX and
CBX phone systems. See _C2 command.
S28 decimal 0, 1255 1 0 disables, 1255 enables V.34 modulation.
S30 1 minute 0, 1255 0 Sets the time the modem waits before it
disconnects when no data is sent or received.
A value of zero disables the timer. See also
the \T command
S35 decimal 01 0 0 disables, 1 enables the V.25 data calling
tone, which allows remote data/fax/voice
discrimination.
These values may be different outside North America.
S36 decimal 07 7 Specifies the action to take in the event of a
negotiation failure when error control is
selected. (See S48.)
S37 decimal 019 0 Sets the maximum V.34 upstream speed at
which the modem attempts to connect.
Value Speed
0 maximum modem speed
1 reserved
2 1200/75 bps
3 300 bps
4 reserved
5 1200 bps
6 2400 bps
7 4800 bps
Copyright Communication Devices Inc. UniGuard FF
8 7200 bps
9 9600 bps
10 12000 bps
11 14400 bps
12 16800 bps
13 19200 bps
14 21600 bps
15 24000 bps
16 26400 bps
17 28800 bps
18 31200 bps
19 33600 bps
S38 decimal 023 1 Sets the maximum 56K downstream speed
at which the modem attempts to connect.
The default maximum speed is 56K bps.
Value V.90 mode K56flex mode
0 56K disabled 56K disabled
1 56K autorate 56K autorate
2 28000 bps 32000 bps
3 29333 bps 34000 bps
4 30666 bps 36000 bps
5 32000 bps 38000 bps
6 33333 bps 40000 bps
7 34666 bps 42000 bps
8 36000 bps 44000 bps
9 37333 bps 46000 bps
10 38666 bps 48000 bps
11 40000 bps 50000 bps
12 41333 bps 52000 bps
13 42666 bps 54000 bps
14 44000 bps 56000 bps
15 45333 bps
16 46666 bps
17 48000 bps
18 49333 bps
19 50666 bps
20 52000 bps
21 53333 bps
22 54666 bps
23 56000 bps
S42 decimal 01 1 Enables/disables the 56K auto rate. When
56K auto is disabled, fallback to V.34 is also
disabled. 0 = disable; 1 = enable.
S48 decimal 7 or 128 7 Enables (7) or disables (128) LAPM negotiation.
The following table lists the S36 and
S48 configuration settings for certain types
of connections.
S48=7 S48=128
LAPM or async Async
LAPM or hangup Do not use
LAPM, MNP, or aysnc
LAPM, MNP, or hangup MNP or hangup
MNP or async
S36=0, 2
S36=1, 3
S36=4, 6
S36=5, 7
GG
S89 seconds 0, 5255 10 Sets the length of time in the off-line command
mode before the modem goes into standby
mode. A value of zero prevents standby
mode; a value of 14 sets the value to 5.
S108 decimal 03, 6, 7 6 Selects the 56K digital loss if using the modem
thru a PBX line. The default value is -6
dB loss, the value used when calling from a
typical POTS line long distance.
Value Digital loss
0 -0 dB digital loss, no robbed-bit
signaling
1 -3 dB PBX digital loss
2 -2 dB digital loss
7 -0 dB digital loss with robbed-bit
signaling
S109 decimal 02 1 Selects the 56K operating mode.
Value 56K mode
0 K56flex mode (V.90 disabled)
1 Dual mode (K56flex or V.90)
2 V.90 mode (K56flex disabled)
Result Codes
In command mode your modem can send responses called result codes to your computer.
Result codes are used by communications programs and can also appear on
your monitor.
Terse Verbose Description
0 OK Command executed
1 CONNECT Modem connected to line
2 RING Ring signal detected
3 NO CARRIER Carrier signal lost or not detected
4 ERROR Invalid command
5 * CONNECT 1200 Connected at 1200 bps
6 NO DIALTONE No dial tone detected
7 BUSY Busy signal detected
8 NO ANSWER No answer at remote end
70 * CONNECT 32000 Connected at 32000 bps, 56K rate
Copyright Communication Devices Inc. UniGuard HH

88 DELAYED Delay is in effect for the dialed number
89 BLACKLISTED Dialed number is blacklisted
* EC is added to these result codes when the extended result codes configuration option is enabled. EC is replaced
by one of the following codes, depending on the type of error control connection:
V42bis V.42 error control (LAP-M) and V.42bis data compression
V42 V.42 error control (LAP-M) only
MNP5 MNP 4 error control and MNP 5 data compression
MNP4 MNP 4 error control only
NoEC No error control protocol).
90 BLACKLIST FULL Blacklist is full

100 * CONNECT 28000 Connected at 28000 bps, 56K rate (V.90)
Terse Verbose Description
* EC is added to these result codes when the extended result codes configuration option is enabled. EC is replaced
by one of the following codes, depending on the type of error control connection:
V42bis V.42 error control (LAP-M) and V.42bis data compression
V42 V.42 error control (LAP-M) only
MNP5 MNP 4 error control and MNP 5 data compression
MNP4 MNP 4 error control only
NoEC No error control protocol).
II
INDEX
Add Users, 24
Audit trail, 10
Audit Trail, 17, 29, 30
Authenticate, 18
authentication, 7, 8, 9, 20, 25, 28
baud rate, 19
Boxes, 29
Bypass, 18, 20
Calculator Token, 25, 26
Call Back user, 10, 24
Call Back User, 24
Connectors, 20
Cryptocard Calculator, 25
DCD, 18, 19
default Key, 29
Default Password, 20
Defaults, 17
Define Message Functions, 27
DES, 5, 7, 8, 9, 10, 24, 25
Displays, 18
DPI Calculator, 25
DTR, 18, 19
Encryption, 7, 8, 9, 10, 24, 25
First User Message Delay, 28
Host Accessing a Modem, 10
Host Connect Message, 27
Host Dial Out, 29
Host Port, 20, 21
Host to Modem Access, 28
Inactivity Time, 28
LED, 18
Maintenance Port, 17, 20, 21
modem, 32, 35, 36, 37, 38, 40, 41, 42, 43, 46, 47, 49
Modem Functions, 18
Modify Report Settings, 30
Pager User, 8, 10, 25
Password, 7, 8, 9, 18, 20, 27, 28
PC Token, 8, 9
Power, 18, 20, 22
power supply, 22
primary message, 9
Primary message, 27
private key, 25, 29
Reports, 17, 30
RJ45, 21
Roving User, 10, 24
Secondary message, 27
Secure Call Through, 24
Secure Call through User, 10, 25
Secure Call Through User w/Encryption, 24
security level, 28
Soft Token, 9
switches, 19
System Key, 29
System Options, 27, 28
System Password, 28
terminal, 10, 21, 27, 30
time and date, 28
Token, 7, 8, 9, 10, 24, 25, 26
Token User, 25
Type of User, 24
User Functions, 24
User ID, 24
user profiles, 9
WinGuard, 8, 9, 25
X9.17, 25, 29
JJ

Aga 12.3

Cargado por

Información del documento

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Aga 12.3

Cargado por

Copyright:

Formatos disponibles

UniGuard AES

Communication Devices Inc.

Copyright Communication Devices Inc. UniGuard

UNIGUARD/UNIGUARD V34, TABLE OF CONTENTS

DIFFERENCES BETWEEN UNIGUARD V.34 AND UNIGUARD V.90 ................................... 1-7

GENERAL ......................................................................................................................................... 2-1

USING THE RSA SECURID TOKEN............................................................................................ 3-1

SYSTEM REPORTS AND DEFAULTS ......................................................................................... 4-1

DISPLAYS ......................................................................................................................................... 5-1

UNIGUARD RACK ADAPTOR KIT.............................................................................................. 6-1

PREPARING THE UNIGUARD ......................................................................................................... 6-1

CONFIGURING THE UNIGUARD................................................................................................ 7-1

UNIGUARD PARAMETERS .......................................................................................................... 8-1

DEFINE MESSAGE FUNCTIONS ................................................................................................. 9-1

SYSTEM OPTIONS.................................................................................................................... 10-1

10.1 SET SECURITY LEVEL ................................................................................................................. 10-1

10.8 HOST AT COMMAND ACCESS ................................................................................................. 10-2

NETWORK SERVICES AVAILABLE .................................................................................... 11-1

11.1 DESCRIPTION OF THE NETWORK SERVICE ................................................................................... 11-1

REPORTS .................................................................................................................................... 12-1

V.32 AT COMMANDS BY FUNCTION...................................................................B

APPENDIX C V.32 MODEM DEFAULTS.................................................................................E

APPENDIX D V.32 S-REGISTER DEFAULTS............................................................................ F

APPENDIX E V.32 AT COMMAND SUMMARY ...................................................................... G

APPENDIX F V.32 S-REGISTER SUMMARY ............................................................................L

V.32 RESULT CODE SUMMARY .................................................................M

V.32 MULTI-TECH SYSTEMS' ESCAPE METHODS INTRODUCTION O

APPENDIX I FCC, DOC, AND BABT INFORMATION ......................................................... Q

APPENDIX J V.90 MODEM AT COMMANDS, S-REGISTERS & RESULT CODES ..........T

Copyright Communication Devices Inc. UniGuard 1-4

Copyright Communication Devices Inc. UniGuard

Regulation Compliance, Export Restrictions, Copyright Notice, Warranty and

A.2 Export Restrictions

A.3 Copyright Notice

Copyright Communication Devices Inc. UniGuard 1-6

Differences between UniGuard V.34 and UniGuard V.90

Copyright Communication Devices Inc. UniGuard

UniGuard Client (encryption)

UniGuard Demand Dial Routing DDR

Caller Authentication Access Control

Challenge/Response with Encryption

Copyright Communication Devices Inc. UniGuard

Challenge/Response with a Token

Challenge/Response without a Token

The system then prompts: Enter User ID>

PC Token or Soft Token Caller with Password

The caller is identified as a Token user by the ID.

Copyright Communication Devices Inc. UniGuard

Non Token Callers

The system then prompts: Enter password>

Host Accessing a Modem

Copyright Communication Devices Inc. UniGuard 2-4

Copyright Communication Devices Inc. UniGuard

Using the RSA SecurID Token

RSA SecurID Token Types

Connecting to the Access Control Module

Getting Your PIN

Copyright Communication Devices Inc. UniGuard

Receiving a System-Generated PIN

Making Up Your Own PIN

Now type the cardcode currently displaying on the LCD.

Logging In with a Standard (Non PIN PAD) Card

Logging in with a Standard Card