AW: (RADIATOR) Some users got connected without IP in NAS.
Martin Wallner
Martin.Wallner at eunet.co.at
Sun Aug 13 16:26:09 CDT 2006
Hm, well... actually, you can have more than one pool on a CISCO (and use a cisco-av-pair command sent from RADIATOR to decide, which pool will be used from the router for this customer) ... But I see your dilemma, when you have more than 10-15 such usergroups having the pools set up on the router is getting a bit complicated and is not easy in the handling... (Static IP's don't count in this matter, they are given by Radius anyways... what would be interesting: is this Problem also showing with the static customers? or is it only dynamic allocations that show the problem?)
Basically, when you use RADIATOR for the dynamic pool, the way RADIATOR gives the command to the Router for a static IP-Address (even if this address is dynamically decided when the customer authenticates). So if you have problems with static IP-addresses too on the router (as in not getting the address set up), or if always the same customers have the problem... the problem lies probably on the router or the access side, like it takes too long and the ppp process on the router runs in a timeout.... even LCP can run in a timeout... (happens sometimes when you get the connection via L2TP and the NAS has a fu.... er... inproper setup...)
If that's not the case I see a lot of trace 4 and 'debug ppp authentication' 'debug ppp negotiation' and probably a 'debug aaa authentication' in your future :-< especially, because this problem seems to only be imminent when you reboot the RADIUS... (which should not be so often....)
=mw=
________________________________
Von: Nayeem [mailto:nayeem at ksa.zajil.com]
Gesendet: So 13.08.2006 15:10
An: Martin Wallner; radiator at open.com.au
Betreff: RE: (RADIATOR) Some users got connected without IP in NAS.
Thanks for reply,
Actually we have different IP Pools for different domains like 256.domain.com or 128.domain.com or 64.domain.com that why we cannot use Router Pool and some users had static IP also but presently we are facing this problem very frequent. So how can we solve this issue.
Regards,
Nayeem.
________________________________
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On Behalf Of Martin Wallner
Sent: Sunday, August 13, 2006 1:03 AM
To: Nayeem (ZajilCom); radiator at open.com.au
Subject: AW: (RADIATOR) Some users got connected without IP in NAS.
Are you using dynamic IP pool? If yes, are you using the pool on the router or do you let RADIATOR do the dirty deed of giving out IP-Adresses?
IMHO the best way is to let the router deal with the dynamic IP's....
On a CISCO router it sometimes happens that the user don't get a dynamic IP-Address when the PPP Negotiation takes too long or the client demands an IP Address the router is not willing to give (we had some time ago a 64k dial in demanding our main DNS servers address... brrr :-), so client and router couldn't agree on an address, and the connection stays LCP up/negotiating for a bit.... in the 'show user' on a cisco it's shown as a virtual interface without an IP.....
Another possibility is, that the router runs out of dynamic IP-Adresses... (all used), that is easyly checked by a 'sh ip local pool' ... if yes, just add some more addresses to the pool - you can do that on the fly...)
If RADIATOR gives out the (dynamic) addresses, it can be that some addresses are not stored in the database, and RADIATOR dishes out the addresses twice... making a mess on the router... (that's why I don't like the Idea of Radiator giving out the Addresses, makes the router more vulnerable to such errors...)
=mw=
________________________________
Von: owner-radiator at open.com.au im Auftrag von Nayeem (ZajilCom)
Gesendet: Sa 12.08.2006 22:21
An: radiator at open.com.au
Betreff: (RADIATOR) Some users got connected without IP in NAS.
Dear All,
Presently I'm facing problem that when ever I restart radius then some users
got connected without IP address in NAS, so what could be the reason that
users didn't get IP in NAS?
I check the trace 4 logs also but could not find this problem.
Thanks,
Regards,
Nayeem.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060813/f6d0e8f8/attachment.html>
More information about the radiator
mailing list