Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (ASCEND) RADIUS IP pools: Adding second MAX



> I'm adding a second MAX to my network and I need to know how to use my
> RADIUS IP Pool assignments with both MAXes.
...
> pools-max01 Password = "ascend", User-Service = Dialout-Framed-User
>             Ascend-IP-Pool-Definition = "1 208.15.109.133 100"
> 
> pools-max02 Password = "ascend", User-Service = Dialout-Framed-User
>             Ascend-IP-Pool-Definition = "1 208.15.109.133 100

No, you do not want to do this.  The pools on separate MAXes should not
use the same range of addresses.  This would cause the same address to
be used by two remote users at the same time and thus would fail.

You need to use non-overlapping address ranges.  You do not need to
provide more addresses per pool than you can have connect to the MAX
at one time.  This would typically be 23 per PRI.  Thus if you have
two MAXes, each with two PRIs, you could use:

pools-max01 Password = "ascend", User-Service = Dialout-Framed-User
            Ascend-IP-Pool-Definition = "1 208.15.109.133 46"

pools-max02 Password = "ascend", User-Service = Dialout-Framed-User
            Ascend-IP-Pool-Definition = "1 208.15.109.180 46"

If you have more than one address pool per MAX, you can even reduce the
number, at the risk of denying users who call a machine whose pool is
exhausted.

Alternatively, if you really want to have a single address pool split
between multiple MAXes, you need to use the Global-IP-Address-Pool option
in Ascend RADIUS that makes use of the RADIUS IP Address Daemon (radipad).

In my opinion, global IP address pools are more trouble than they are worth.
This is in terms of having to use additional software and in terms of the
routing headaches inherent in it.
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>


Follow-Ups: