(RADIATOR) AuthPort & Cisco Questions

Frank Danielson fdanielson at dataonair.com
Tue Dec 17 19:15:14 CST 2002 

Just to beat Hugh to the punch- please send a trace 4 debug showing the
failure and your config file (no secrets) so the people on the list can see
what's going on. It would really help if you could snoop the traffic between
the NAS and the working RADIUS server with Ethereal(http://www.ethereal.com)
or something similar that would decode the RADIUS packets for you.

Frank Danielson
[Infrastructure Architect]
 
wireless: 407.467.7832
wireline: 407.515.8633
 
Data On Air
301 E. Pine St. Suite 450
Orlando, Fl 32801
http://www.dataonair.com


-----Original Message-----
From: Marcel Brown [mailto:lists at marcelbrown.com]
Sent: Tuesday, December 17, 2002 1:32 PM
To: radiator at open.com.au
Subject: (RADIATOR) AuthPort & Cisco Questions


I'm working with a client that I've set up Radiator for and am 
migrating them away from another RADIUS software. For reasons 
unknown, their previous administrator decided to set the auth and 
acct ports for their previous RADIUS server to 245 and 246. I've got 
all of the NAS boxes migrated to Radiator (and ports 1645 and 1646) 
except one. This particular server, a Cisco AS 5xxx, will not let 
them log in or do a password recovery (the config appears to be 
corrupted). Due to certain issues, they do not yet want to do a 
factory reset on this NAS. So this server (the "bad" Cisco) is stuck 
doing RADIUS on ports 245 and 246 for the time being and I can't yet 
take down their old RADIUS server.

With Radiator 3.4's release, which now do multiple Auth and Acct 
ports, I thought I could simply configure Radiator to the IP of the 
old RADIUS server and set it to listen on ports 245 and 246. So I 
installed and configured Radiator 3.4 in that manner. Radiator would 
receive the auth request from the Cisco box, process it correctly, 
then reply to the Cisco box. However, the Cisco box would apparently 
never hear the reply, as it would send more auth requests, no acct 
requests, and users could never log on. Another identically 
configured Cisco box (the "good" Cisco) does work with Radiator, 
although it is using ports 1645 and 1646.

Looking over some trace logs and doing further testing, I discovered 
the following behavior:

Radiator says it receives auth and acct requests from both the "good" 
and "bad" Cisco boxes on ports 1645 and 1646. As a comparison, it 
receives both auth and acct requests from some other Patton NAS's 
only on port 513. Radiator appears to reply to all NAS's on the same 
port it receives the requests.

Even if I changed the auth and acct ports on the "good" Cisco box to 
245 and 246, Radiator would always say that it received the requests 
from ports 1645 and 1646. So it appears that Cisco NAS's always send 
RADIUS requests from ports 1645 and 1646 and Patton NAS's send from 
port 513. Is this accurate?

Can anyone figure out a reason why the "bad" Cisco box would not hear 
the auth reply from Radiator?

Thanks!
Marcel
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list