Hi David, Sounds like you need to set up routes to your dial-in IP pool in your router. Sure, your router knows where the Max IP is (as you can ping from it) but does it know where to route packets to the dial-up IP pool? Mark ----- Original Message ----- From: <rte-ascend-request at lists.real-time.com> To: <rte-ascend at lists.real-time.com> Sent: Monday, December 03, 2001 8:24 AM Subject: rte-ascend digest, Vol 1 #492 - 3 msgs Send rte-ascend mailing list submissions to rte-ascend at lists.real-time.com To subscribe or unsubscribe via the World Wide Web, visit https://mailman.real-time.com/mailman/listinfo/rte-ascend or, via email, send a message with subject or body 'help' to rte-ascend-request at lists.real-time.com You can reach the person managing the list at rte-ascend-admin at lists.real-time.com When replying, please edit your Subject line so it is more specific than "Re: Contents of rte-ascend digest..." Today's Topics: 1. (ASCEND) APX 8000 / Radiator RADIUS Issue (DPascarella at solunet.com) 2. (ASCEND) Max-HP 4048 Routing Configuration (Clint Bridges) 3. Re: (ASCEND) Max-HP 4048 Routing Configuration (Dr. Wolfgang Beneicke) --__--__-- Message: 1 From: DPascarella at solunet.com To: ascend-users at bungi.com Date: Fri, 30 Nov 2001 16:15:09 -0500 Subject: [Ascend] (ASCEND) APX 8000 / Radiator RADIUS Issue Hi All, I have a problem that I hope someone can help me with. I installed an APX 8000 running 9.0.4 TAOS and use a RADIUS program called Radiator running on Unix. Some users are in the 'user' file and some authenticate via the default user using the UNIX password file. The Radiator authenticates all users for about 2 hours and then all of a sudden, it fails. I get an error in the APX log that states there was a "RADIUS client timeout (code=1) for user xxxxx host xxxxxx" This error repeats for every user trying to authenticate until the RADIUS server is reset. After the reset, authentication is successful for another ~2 hours and then the timeouts begin again. There is no interruption of IP connectivity between the APX and the server. The RADIUS log file and syslog report errors as well. Prior to installing the APX, this exact RADIUS server authenticated users dialing in on PM3's without fail for years. Something is interrupting the Client/Server communication between the APX and the Radiator server. Also, these are 2 replicated servers that this occurs on. Both behave the exact same way. If anyone has seen this before or has any idea what the cause/solution could be, I'd be thrilled if you would share it. Thank You, David Pascarella, CCNA MCSE LSCP A+ Network Support Engineer SOLUNET TAC 1571 Robert J. Conlan Blvd., Suite 110 Palm Bay, FL 32905-3562 888.449.5766 800.795.2814 fax: 321.308.7986 mailto:dpascarella at solunet.com www.solunet.com ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request at bungi.com Archives: http://www.nexial.com/mailinglists/ --__--__-- Message: 2 From: "Clint Bridges" <cbridges at moseslake-wa.com> To: <ascend-users at bungi.com> Date: Sat, 1 Dec 2001 21:42:56 -0800 Subject: [Ascend] (ASCEND) Max-HP 4048 Routing Configuration Hi List, Can anyone out there give me some pointers on configuring a MAX 4048 for dial-in Internet access? Here's what I have and what I have done so far: I have working DNS/Web servers on a 216.7.46.128/26 network. The servers are running FreeBSD version 4.2. I have my Max 4048 at 216.7.46.141/26. I have a 24-Channel T-1 connected to the Max (it has 56k modems in it) and can sucessfully dial in and connect to the Max. I am using Ascend Radius version 98XXXX, the latest off the old Ascend FTP site. I created users in a user file like this: mickeym Password = "abcdefg" User-Service = Framed-User, Framed-Protocol = PPP, Framed-Routing = None, Ascend-Idle-Limit = 720 I have a DEFAULT user profile at the end of the user file. I have added the name of the MAX to the client file with its shared secret. The radius server and the Max are communicatiing on ports 1812 and 1813. DNS works, the radius server authenticates and logs me in and dynamically assigns me an IP address out of a pool of addresses handled by the Max. I have two machine connected to the MAX. One as a dial-in station (pretending to be an Internet client) and one connected to the MAX's serial port directly using Hyperterm. Talking thru the MAX's serial port (local terminal server) I can ping the Max's ethernet port and any other hosts units on the network, and I can ping the dialed-in W95 machine. I can also ping out onto the Internet using either an Ip address or a domain name like www.yahoo.com. My problem is that from the dialed-in W95/98 Internet machine I cannot route or ping to anything beyond the ethernet interface of the MAX. It appears that I am mssing some essential piece of the setup or a route or something. I have re-built everything a dozen different ways this weeks trying to figure it out and I am stumped. I have tried four different flavors of Radius and they all so the same thing. I can log in but I cannot go anywhere. Can anyone tell me what I am missing? Laughter in the background... :-) I know, it is probably something so obvious that I will groan when I hear it. But I am at the end. I have read and re-read through the forums and lists, and have learned a huge amount about Unix, compiling programs and re-installing things. None of it has hurt me but I really would like the silly thing to work. Is there a trick or two with the MAX's and routing and Radius or have I missed the obvious? Clint Bridges cbridges at moseslake-wa.com DNS/WEB/RADIUS Servers: 216.7.46.132/26, 216.7.46.133/26 MAX: 216.7.46.141/26 ROUTER: 216.7.46.129/26 Dynamic IP POOL: 216.7.46.161 with ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request at bungi.com Archives: http://www.nexial.com/mailinglists/ --__--__-- Message: 3 Date: Sun, 02 Dec 2001 14:37:11 +0100 From: "Dr. Wolfgang Beneicke" <Wolfgang.Beneicke at mpimf-heidelberg.mpg.de> Reply-To: Wolfgang.Beneicke at mpimf-heidelberg.mpg.de To: ASCEND users list <ascend-users at max.bungi.com> Subject: [Ascend] Re: (ASCEND) Max-HP 4048 Routing Configuration Hi Clint, as you already suspect a routing problem it would have helped a lot if you had given any information about your routes. On the Max, there are static routes (most important, the default route) and dynamic routes (if a connection profile contains a static IP address the Max will generate a route to this subnet on dial-in). So what did you configure as your default route? Ethernet-Static Rtes-Default: Dest=0.0.0.0, Gateway=216.7.46.129 ? < Understand the next passage as for a configuration on the Max itself. Translate to RADIUS use accordingly. I would first try to get things straight with a local profile and then move on to a RADIUS entry). Then, make sure that your client gets this default route. Usually this is done by default but can be overridden with a "Client gateway" (Connection profile-IP options-Client gateway). If there is anything else than "0.0.0.0" this might cause trouble. OK, now the Max knows where to send packets to unknown destinations (e.g. the Internet). When a client connects, an IP from the pool (which?) is assigned and the Max becomes aware of a new route to this client. Check this in Terminal Server mode with "ipr sh". Then the client sends a packet to the Max. As it has received a Gateway address from the Max (does it have? check on a Windows machine with "winipcfg"/"ipconfig /all") it sends it to its modem and the packet reaches the Max. You know that this part works. Imagine the Max forwards this packet to the Internet and receives an answer. Does the Max know that the client on the (pool) IP address can be reached on a WAN port? Yes (see above). But does your router know? So next thing you check that on your router there is a route for the IP pool pointing to the Max. Otherwise, the router wouldn't know where to send the packet and would go and search this subnet on the Internet. Assuming your pool is 216.7.47.0/24 yielding remote host IPs .1 to .254. Then you would need a route for 216.7.47.0/24 (MASK 255.255.255.0) to 216.7.46.141 (your Max). Hope this helps. Best regards, Wolfgang _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- B · E · N · E · I · C · K · E EDV-Beratung ________________________________________________________________________ Netzwerk-Design Remote Access und WAN-Lösungen Storage-Lösungen (RAID, libraries, NAS/SAN) COMPAQ Server und PC Windows NT Implementation und Administration Dr. Wolfgang Beneicke fon +49-6223-97 07 20 Fasanenstrasse 16, D-69251 Gaiberg (Heidelberg) fax +49-6223-97 07 21 _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request at bungi.com Archives: http://www.nexial.com/mailinglists/ --__--__-- _______________________________________________ rte-ascend mailing list rte-ascend at lists.real-time.com https://mailman.real-time.com/mailman/listinfo/rte-ascend End of rte-ascend Digest