Re: (ASCEND) radius & backup radius

To: ascend-users@max.bungi.com
Subject: Re: (ASCEND) radius & backup radius
From: Roger McClurg <roger.e.mcclurg@usa.dupont.com>
Date: Mon, 04 Aug 1997 11:18:19 -0400
In-Reply-To: <199708031052.MAA36526@fox.iprolink.ch>
References: <199708030545.WAA23025@max.bungi.com>
Sender: owner-ascend-users@max.bungi.com

At 12:52 PM 8/3/97 +0200, Mickey Coggins wrote:
>> > Troy Wollenslegel writes:
>> > > settings.  Is there any way to easily tell the ascend to look back
at the 
>> > > 1st radius server instead of the 2nd?
>> > Sure.  On the second box, kill radius for a minute. ;-)
>> Just remove the secondary by changing it on the Max to 0.0.0.0 and save.
>> The Max will immediately switch to the primary. Then enter the secondary's
>> IP address again and save.
>
>Hey Ascend dudes,  Doesn't the constant discussion of the behavior
>of the change between radius servers indicate that there might be
>an opportunity to improve the product?
>
>I you are looking for ideas, how about adding a metric on the server
>so that if they are all equal, it will follow the current behavior,
>but if they are different, it will keep checking to see if the
>primary server is alive again.
>
>Here is how I would see the menu look:
>
>90-B00 Mod Config           
> Auth...                   
> >Auth=RADIUS              
>  Auth Host #1=10.1.1.1 
>  Auth Port=1645           
>  Auth Src Port=0          
>  Auth Timeout=60         
>  Auth Key=*SECURE*
>  Auth Metric=10
>  Auth Host #2=10.1.2.1 
>  Auth Port=1645           
>  Auth Src Port=0          
>  Auth Timeout=60         
>  Auth Key=*SECURE*
>  Auth Metric=20
>  Auth Host #3=10.1.3.1 
>  Auth Port=1645           
>  Auth Src Port=0          
>  Auth Timeout=60         
>  Auth Key=*SECURE*
>  Auth Metric=20
>
>Which means, always use 10.1.1.1 if it is up, otherwise switch to
>10.1.2.1 or 10.1.3.1 at your leasure.  Notice the ability to 
>specify the src and dst ports for each server, which would be nice
>but not essential for our use.
>
>This should not be too much trouble, should it?
>
>-- 
>Mickey
>++ Ascend Users Mailing List ++
>To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
>To get FAQ'd:	<http://www.nealis.net/ascend/faq>

I agree. We have three Radius servers in various parts of the country. One
of them is actually a test Radius, but it is put on all our maxen just in
case something happens to the other two. An interesting thing happens when
we do an Update Remote Cfg; the Max cycles through all the Radius servers
until it finds one it likes. I am sure it is looking for the fastest
access. Unfortunately a number of production Maxen are located muck closer
to my test Radius than the production ones, so they end up with the test
box for authentication. If I remove the test radius forcing the Maxen to
use the production Radius, then re-enter the test Radius the Maxen stay
with the production radius, but not for long. In no time they have steeled
comfortably back to the test Radius. The scheme above would solve my
problem handily. It gets my vote.


Regards, 
Roger McClurg       Roger.E.McClurg@usa.dupont.com
Telecommunications Consultant
Computer Sciences Corporation
Phone: 1 302-774-8219     Fax: 1 302-594-3924         

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

References:

Re: (ASCEND) radius & backup radius

From: Mickey Coggins <mick@fox.iprolink.ch>

Prev by Date: Re: (ASCEND) disabling modems
Next by Date: Re: (ASCEND) disabling modems
Prev by thread: Re: (ASCEND) radius & backup radius
Next by thread: (ASCEND) Pipeline 75 and QuakeWorld
Index(es):
- Main
- Thread