1. Set the QAUTOVRT value to 32500, the maximum value allowed, or use the
*NOMAX value.
2. Let your users use pass-through, Telnet, and the virtual terminal application
program interface until you decide that the number of virtual devices created is
sufficient for normal system operation.
3. Change the QAUTOVRT value from 32500 to the number of virtual devices you
require for normal system operation.
If you have never allowed automatic configuration of virtual devices on your system,
the QAUTOVRT value is 0. A Telnet connection attempt with a dependence on
automatic creation of the virtual device then fails because the Telnet server does
not create more than the specified QAUTOVRT devices (zero). If you try to connect,
you receive a message (TCP2504) indicating that the Telnet client session has
ended and the connection is closed. In addition, the QTGTELNETS job in the
QSYSWRK subsystem on the AS/400 Telnet server sends a message (CPF8940)
indicating that a virtual device cannot be automatically selected.
If you change the QAUTOVRT value to 10, the next Telnet connection attempt
causes the Telnet server to create a virtual device. This virtual device is created
because the number of virtual devices on the controller (0) is less than the number
specified in the QAUTOVRT (10). Even if you change the specified number to 0
again, the next user attempting a Telnet connection succeeds. When a Telnet
connection attempt fails, the CPF87D7 message is sent to the system operator
message queue on the Telnet server system. The CPF87D7 message indicates that
the AS/400 server is not able to create a virtual device.
Security Considerations for VTxxx Full-Screen Mode:
The number of sign-on
attempts allowed increases if virtual devices are automatically configured. The
number of sign-on attempts is equal to the number of system sign-on attempts
allowed multiplied by the number of virtual devices that can be created. The number
of system sign-on attempts allowed is defined by the QMAXSIGN system value.
The number of virtual devices that can be created is defined by the QAUTOVRT
system value.
In Version 4 Release 2, the following level of support has been added with regard
to security of virtual devices:
v With a user-supplied exit program, you can audit the number of sign-on attempts
v You have the ability to deny connections
v You have the ability to allow bypassing of the sign-on screen
For more information on Telnet exit points and how to use them, see “TELNET Exit
Points” on page 541 in Appendix E. TCP/IP Application Exit Points and Programs.
Telnet and SNA 5250 Pass-Through Considerations for VTxxx Full-Screen
Mode:
The AS/400 system supports 5250 pass-through. 5250 pass-through is
similar to Telnet but runs on an SNA (Systems Network Architecture) protocol
network rather than a TCP/IP network. 5250 pass-through uses virtual displays to
direct output to the physical devices just as Telnet does. In 5250 pass-through, the
AS/400 system automatically creates virtual devices in the same way that it does
for Telnet. Therefore, the QAUTOVRT system value controls the number of
automatically configured virtual devices for both 5250 pass-through and Telnet. For
more information about 5250 pass-through, see the
Remote Work Station Support
,
SC41-5402-00 book.
198 OS/400 TCP/IP Configuration and Reference V4R4