Re: [(ASCEND) Radius from a Class B Interface address]

To: kid@actioninternet.net, ascend-users@bungi.com
Subject: Re: [(ASCEND) Radius from a Class B Interface address]
From: Maverick <maverickthegreat@netscape.net>
Date: 28 Apr 99 10:52:58 PDT
Sender: owner-ascend-users@max.bungi.com


Shane,

First let's make onr thing clear, Max 400 DOES NOT do NAT (Network
Address Translation) or proxy for the WAN clients. Having said
that, the WAN clients need to have a real internet-routable
address if they need to access the internet. If the wan clients
have the real interent routable address then make sure that
your up-stream provider knows about that class-B network
either via RIP or static routes.

For the radius issue make sure that you can ping the radius
server from the MAX and the radius is up and running on the machine.
The radius log file will tell you if it is accepting
authentication requests.

"Shane Newberg" <kid@actioninternet.net> wrote:
Has anyone ever dealt with a non-routable class b IP address for the wan
interface on a 4000?

Basically, my upstream on a new connection assigned us an IP address for the
interface that we cannot traceroute to, ping, or otherwise. We can
traceroute to any of the Class c we were assigned for the Lan. We default
gatewayed the maxx unit to the ip on the upstream side and All the local
clients are happy untill.........

I tried to authenticate a dial up user into this max unit over radius, it
failed miserably.
Radius logs show that the interface address is making the request, fine,
added it as a client ect...

Now there are tons of errors I have never seen before that repeat over and
over........

Tue Apr 27 20:06:45 1999: Authentication: 137/0 'ipxroute-mi4048-1' via
172.x.x.26 from 207.x.x.1 port 0 Authenticate-Only - FAILED -- total 0,
holding 0
Tue Apr 27 20:07:01 1999: Authentication: 138/1 'initial-banner' via
172.x.x.26 from 207.x.x.1 port 0 Authenticate-Only - FAILED -- total 0,
holding 0
Tue Apr 27 20:07:06 1999: Authentication: 139/2 'bridge-mi4048-1' via
172.x.x.26 from 207.x.x.1 port 0 Authenticate-Only - FAILED -- total 0,
holding 0
Tue Apr 27 20:07:34 1999: Authentication: 136/4 'dovbs-mi4048-1' via
172.x.x.26 from 207.x.x.1 port 0 Authenticate-Only - FAILED -- total 0,
holding 0
Tue Apr 27 20:08:16 1999: Authentication: 141/8 'permconn-mi4048-1' via
172.x.x.26 from 207.x.x.1 port 0 Authenticate-Only - FAILED -- total 0,
holding 0
Tue Apr 27 20:08:33 1999: Authentication: 140/9 'frdlink-mi4048-1' via
172.x.x.26 from 207.x.x.1 port 0 Authenticate-Only - FAILED -- total 0,
holding 0
Tue Apr 27 20:08:37 1999: Received-Authentication: 143/11 'pools-mi4048' via
172.x.x.26 from 207.x.x.1 port 0 Authenticate-Only
Tue Apr 27 20:08:45 1999: Authentication: 144/12 'ipxroute-1' via 172.x.x.26
from 207.x.x.1 port 0 Authenticate-Only - FAILED -- total 0, holding 0
Tue Apr 27 20:08:57 1999: Authentication: 145/13 'banner' via 172.x.x.26
from 207.x.x.1 port 0 Authenticate-Only - FAILED -- total 0, holding 0

any suggestions on how to change the setup to authorize users?

Shane Newberg
Action Internet
1919 Sand Lake Rd
Orlando, FL 32809
407-850-0201
administrator@actioninternet.net

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>


____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: Re: (ASCEND) Problem getting MRTG reading OIDs from DSLTNT cards ?
Next by Date: Re: [(ASCEND) Radius from a Class B Interface address]
Prev by thread: (ASCEND) pipeline and snmp
Next by thread: Re: [(ASCEND) Radius from a Class B Interface address]
Index(es):
- Date
- Thread