Re: (ASCEND) Merit radius and Ascend .. hints?

To: Gilles Melanson <gilles@icewall.vianet.on.ca>, ascend-users@bungi.com
Subject: Re: (ASCEND) Merit radius and Ascend .. hints?
From: Kevin Smith <kevin@ascend.com>
Date: Mon, 29 Sep 1997 11:28:46 -0700
In-Reply-To: <Pine.GSO.3.96.970925224544.8453A-100000@icewall.vianet.on.ca>
Sender: owner-ascend-users@max.bungi.com

At 10:53 PM 9/25/97 -0400, Gilles Melanson wrote:
>Heya.
>
> I've sat back and decided 'Hey, I'm going to try Merit's radiusd and see
> what happens' .. my Ascend boxes are non-critical, in the sense that they
> only run dedicated ISDN, so accounting wasn't much of an issue .. that and
> the fact that I'm putting Merit's Realm-roaming feature to good use.. I
> actually have yet to try and see if I can use Ascend's 1.16 along with the
> roam.. maybe, maybe not.

If you are looking for a version of RADIUS that supports the Merit concept
of "realms" then you would need to look at Ascend Access Control [it is not
free but you can get a free 30-day demo].

Ascend RADIUS [based on Livingston RADIUS 1.16] is not suitable for a roaming
environment.  It does not include support for proper use of the Proxy-State
attribute.

> I'm trying different variations of RADIUS auth/acct, and RADIUS/LOGOUT
> (which disabled accting for some weird reason), and I was getting some
> strange results (in RADIUS only mode)
> 
> Thu Sep 25 22:46:56 1997: rad_recv:* MISSING User-Name (1) in acct-req
(type 4) request 238 from 209.91.x.x via. 209.91.x.x[1026]
> Thu Sep 25 22:46:56 1997: Accounting: 238/133 '?reboot?' via 209.91.x.x
from 209.91.x.x port 10501 Stop - OK

Accounting has two widely used purposes.

The first is for billing - keeping track of the amount of resources used by
a connection (length of call, amount of traffic) so that regular billing
records can be generated.

The second purpose is network management - keeping track of the number of
modems in use, the reasons why connections are being closed, and other
operational issues.

The Ascend boxes, use RADIUS accounting for both purposes.  This means that
if a connection is established to an Ascend box, but authentication never
completes then a RADIUS Accounting-Request will be sent that has an
Acct-Status-Type value of Stop, but without a User-Name attribute.  This
allows the operations group to watch for ports that seem to have problems.

Merit RADIUS tries to verify each Accounting-Requst packet that it receives
has a User-Name attribute.  You can modify the Merit RADIUS code to remove
this test and then you will not see the error messages any more and you will
be able to track possible "bad ports" with RADIUS accounting.

An as-yet unreleased new feature has been added to the Ascend boxes that
allow the administrator to turn off these Stop messages that do not have
a User-Name.

    The "Allow Stop Only" field will be added to the Ethernet->Mod Config->
    Accounting submenu. This field allows the administrator to toggle
    whether Stop Accounting packets with no username should be sent to
    the RADIUS Accounting server.

Kevin

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

References:

(ASCEND) Merit radius and Ascend .. hints?

From: Gilles Melanson <gilles@icewall.vianet.on.ca>

Prev by Date: (ASCEND) Zoltrix modems to Ascend Max 4060
Next by Date: (ASCEND) simultaneous CSV dialing
Prev by thread: Re: (ASCEND) Merit radius and Ascend .. hints?
Next by thread: (ASCEND) BRAIN DEAD MAX on Re-Boot
Index(es):
- Main
- Thread