(RADIATOR) AuthPort & Cisco Questions

Hugh Irvine hugh at open.com.au
Tue Dec 17 23:06:13 CST 2002


Hello Marcel -

As Frank says (thanks Frank), we will need to see a copy of your 
configuration file (no secrets), together with a trace 4 debug from 
Radiator showing what is happening in all cases.

The simplest thing to do in any case, is to simply run two instances of 
Radiator, one listening to 1645 and 1646, and the other on 245 and 246.

regards

Hugh


On Wednesday, Dec 18, 2002, at 05:32 Australia/Melbourne, Marcel Brown 
wrote:

> I'm working with a client that I've set up Radiator for and am 
> migrating them away from another RADIUS software. For reasons unknown, 
> their previous administrator decided to set the auth and acct ports 
> for their previous RADIUS server to 245 and 246. I've got all of the 
> NAS boxes migrated to Radiator (and ports 1645 and 1646) except one. 
> This particular server, a Cisco AS 5xxx, will not let them log in or 
> do a password recovery (the config appears to be corrupted). Due to 
> certain issues, they do not yet want to do a factory reset on this 
> NAS. So this server (the "bad" Cisco) is stuck doing RADIUS on ports 
> 245 and 246 for the time being and I can't yet take down their old 
> RADIUS server.
>
> With Radiator 3.4's release, which now do multiple Auth and Acct 
> ports, I thought I could simply configure Radiator to the IP of the 
> old RADIUS server and set it to listen on ports 245 and 246. So I 
> installed and configured Radiator 3.4 in that manner. Radiator would 
> receive the auth request from the Cisco box, process it correctly, 
> then reply to the Cisco box. However, the Cisco box would apparently 
> never hear the reply, as it would send more auth requests, no acct 
> requests, and users could never log on. Another identically configured 
> Cisco box (the "good" Cisco) does work with Radiator, although it is 
> using ports 1645 and 1646.
>
> Looking over some trace logs and doing further testing, I discovered 
> the following behavior:
>
> Radiator says it receives auth and acct requests from both the "good" 
> and "bad" Cisco boxes on ports 1645 and 1646. As a comparison, it 
> receives both auth and acct requests from some other Patton NAS's only 
> on port 513. Radiator appears to reply to all NAS's on the same port 
> it receives the requests.
>
> Even if I changed the auth and acct ports on the "good" Cisco box to 
> 245 and 246, Radiator would always say that it received the requests 
> from ports 1645 and 1646. So it appears that Cisco NAS's always send 
> RADIUS requests from ports 1645 and 1646 and Patton NAS's send from 
> port 513. Is this accurate?
>
> Can anyone figure out a reason why the "bad" Cisco box would not hear 
> the auth reply from Radiator?
>
> Thanks!
> Marcel
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list