Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) P75s and 5.1
On 29 January 1998, Kevin A. Smith <kevin@ascend.com> wrote:
> At 08:26 PM 1/28/98 +0100, Thomas Falk Claezon wrote:
[Zap]
> >We realy need a stable P75, MAX 4K and Radius setup for our
> >telecomuting users. We are close, but there are still some annoying
> >problems with the P75 and Radius.
>
> I'll check into those....
We thought that our final Radius problem was solved by TR 250124 in
the 971105 release of Ascend Radius. But unfortunally there was a
new problem introduced in that release.
Anyway it's now in Ticket # 260788
>
> >---------------------------- Begin included text
> -----------------------------
> >Ticket # 260750
> >
> >Description: P75+NAT, Can't start new TCP-sessions after several hours
> uptime!
> >
> >We have an "old" Pipeline 75 (S/N 721xxxx), running 5.1Ap6 (b.p75) and
> >configured for single adress NAT. The problem usually occours after more
> >than 8 hours of usage, and usually shortly after renewed authentication.
>
> Aha....that's probably related then. Mine does add/drop the second channel
> during the 16 hours, but auth is straight PAP.
>
> >We use SAFEWORD and CACHE-TOKEN to authenticate our users. This makes the
> >problem worse, because we can *not* do a "system reset" within an
> >"authentication period" without loosing the "session shared secret" used by
> >the P75 and Radius. If we in this case do a system reset, then we must wait
> >untill the cached "session shared secret" expires from the radius cache,
> >before the P75 can be used again (in our setup this can be upto 8 hours).
>
> How is that? Why 8 hours?
A "normal workday" is 8 hours, and the user authenticates his/hers workday
with the SAFEWORD token card. The CACHE-TOKEN feature enables Radius to
cache the initial password for "re-use" in autenticating channels as they
are added to the call, or when a new call is made, within the defined period.
The Radius cache period is specified by the Ascend-Token-Expiry parameter.
You can add the Ascend-Token-Idle parameter to force an earlier
expiration of the cached password for idle users (doesn't work in
my current radius release).
Example radius user (using it right now with a working Framed-Address etc):
falk Password = "SAFEWORD", Ascend-Token-Expiry=480
Ascend-Token-Idle = 90,
Ascend-Idle-Limit = 190,
Ascend-Receive-Secret = "xxxx",
User-Service = Framed-User,
Framed-Protocol = MPP,
Framed-Address = 1nn.1nn.nn.nnn,
Framed-Netmask = 255.255.255.0
More detailed information at page 3-19, 3-26 in the MAX RADIUS Configuration
Guide and in the Pipeline Reference guide (page 2-160) available at:
http://www.ascend.com/private/488.html
>
> >The only circumvention that we have been able to use, are to do a preventive
> >system reset *between* "autentication periods".
>
> OK, I am confused. I'll check into the ticket to see who is working on it!
I just got a mail from EMEA-support with some items to check, and requesting
more information regarding my Pipeline problem.
I guess I will be busy for a while, testing and collecting information :-) !
>
>
> Kevin
>
>
> ++ Ascend Users Mailing List ++
> To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
> To get FAQ'd: <http://www.nealis.net/ascend/faq>
Thanks!
Regards Thomas
--
Thomas Falk Claezon ERICSSON, AXE Research and Development
Phone: +46 8 727 34 12 Box 1505
Mobile: +46 70 536 31 01 S-125 25 ALVSJO
Fax: +46 8 647 82 76 SWEDEN
Email: falk@uab.ericsson.se
URL: http://www.elfi.adbkons.se/~falk/
PGP Public Key: http://www.elfi.adbkons.se/~falk/PGP.html
PGP Fingerprint: 0E 0F 39 7C 1D C4 7E 2C 66 DB 20 49 9B DB BB 56
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
Follow-Ups:
References: