[Ascend] (ASCEND) Re: RADIUS authentication of SDSL connections

[Peter Lalor]

>  > >a static dial-out route, for example. However, I can't for the heck of it
>>  >get the thing to authenticate either incoming calls, or use RADIUS for the
>
>After a lot of debugging sessions yesterday, I finally found the culprit. I
>had Ethernet->Answer->PPP options->Recv Auth=None. The reason why the logins
>worked with the local connection profile was the match on the IP address.
>Sigh...

It's amazing how these little things always slip by...

>  > 1. If you want call accounting information, set the unit to send
>>  RADIUS accounting checkpoint records every hour or so. Those records
>>  should give you any information you could want to track and will
>>  allow you to use a more natural nailed transport such as Frame Relay.
>
>I'll set the checkpoint option, will likely have to tweak some scripts
>after that. Oh, I don't consider Frame Relay as to be particular "natural"
>though:-)

Yeah, I guess not. We typically use Frame to give the option of PVCs 
if desired later. There was another reason... now what was it...?

>  > 4. If you're doing SDSL over dry copper (as opposed to aggregating
>>  from a telco over DS-3 or something), I strongly suggest that you use
>>  local profiles and use RADIUS only for accounting. As you can only
>
>Maxen are dreadful to configure in their "GUI", things get even hairier when
>static routes and potentially filters are added. Also, RADIUS profiles can
>be generated out of a database (or even reside in a database); things are
>considerably trickier if you want to automatically configure routers
>locally (more so with this GUI, Ciscos I can handle that way).

Your point about the DB is well taken, and for that reason (and 
others) we use RADIUS with our DSL Terminator. And pay the price for 
wall the related bugs. For the Max 20s with inherently few 
connections to manage we choose the reliability of RADIUS. If I had a 
bunch of them I'd use RADIUS. As you're not using numbered 
interfaces, you should be fine.

>  > have 32 physical connections and TAOS 8.0.3 allows 100 local
>>  profiles, you should be able to accomplish anything you need without
>>  resorting to RADIUS authentication.
>>  5. If you use interface-based routing in RADIUS profiles, routing
>>  will fail whenever you change anything related to routes, as I've
>>  posted here before. One word: don't.
>
>Not using that, just point-to-point or "unnumbered" routes.

The prime limitation there is the inability to query the Max via SNMP 
for traffic stats for individual profiles. If one uses numbered 
interfaces MRTG can then be pointed at them. Pretty graphs for the 
NOC and the customer.
-- 

Peter Lalor           Infoasis
plalor at infoasis.com   http://www.infoasis.com/

"Where's my burrito?" -- Homer
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request at bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>