Re: (ASCEND) Virtual Logins

To: Marc Paust <mpaust@globalsite.net>
Subject: Re: (ASCEND) Virtual Logins
From: Jason Nealis <nealis@babylon.erols.com>
Date: Thu, 3 Sep 1998 11:42:14 -0400 (EDT)
cc: ascend-users@max.bungi.com
In-Reply-To: <000201bdd73c$97617c80$013dd2d0@dilligaf.globalsite.net>
Reply-To: Jason Nealis <nealis@babylon.erols.com>
Sender: owner-ascend-users@max.bungi.com

 We had the same problem here, You MUST ensure that your radius is
replying with a code-3, Access Reject.

This was a feature that Ascend placed in without telling any of us, what 
the max does, when it boots up it sends radius requests to the radius
server looking for boot-options. What happens is if IT DOES NOT get 
and code-3 back it continues to KEEP asking. It keeps asking and keeps
asking.

I have included a message below from here to ascend pretty much
summarizing what happened here. 

Jason Nealis
Director Internet Operations / Network Access
Erols Internet (An RCN Company)

****ATTACHED MESSAGE****

Here's an email summarizing what happened here.

Subject: update 7/8 - 7/9

All,

Here is a quick run down of the past couple of days.

The new code was released on just over 50 boxes immediately.  It was
discovered that the boxes were sending invalid info to the radius server
in a constant stream.  This had been witnessed (to a smaller extent) by
Brian Cully on 7/7/98 (as expressed through email) in the TNT's
(running 2.1.0).  Upon further investigation, it was found that the
Ascend boxes were polling the radius server for config info as
implemented in the new code versions.  The boxes were expecting to
receive a code=3 from the radius servers for rejected login attempts. 
Instead, the radius server was sending a code=9 which was not
recognized.  This caused the boxes to keep sending info and waiting
for a valid response.  We tested an incorrect login today on TNT's
using the radauth command.  We received a request timed out message;
showing that the box was not receiving the code it expected.  Erols is
changing their radius servers to send a code=3 where expected.  Jason
expressed his belief that this would alleviate the flood of failed
logins by the boxes.  We will look at this further after the change

On Thu, 3 Sep 1998, Marc Paust wrote:

> First of all,  I am new to this list and glad to see it available and to be
> part of it.
> 
> I have several Max's, 4004's 4048's and 4002's.  All are running 6.1.7.  My
> radius is receiving thousands of requests an hour from the each Max with
> UsreID's like...
> 
> bridge-max1-1
> initial-banner-m
> frdlink-max2-1
> permconn-max1-1
> pools-max2
> (+Various Others)
> 
> The  NAS-Port-Type = Virtual (Always)
> User-Service = Dialout-Framed-User (Always)
> 
> Does anyone have any idea why it is doing this, how to stop it, is it a
> radius problem or an Ascend problem.  It is not causing any downtime, just
> makes for huge logs, eats up bandwidth and it is a problem to sort thru all
> of these logins in the logs looking for a user with a problem.
> 
> Any help or places to look for help would be greatly appreciated.
> 
> Thank you,
> 
> Marc Paust
> Director of Operations
> Globalservices
> 
> ++ Ascend Users Mailing List ++
> To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
> To get FAQ'd:	<http://www.nealis.net/ascend/faq>
> 

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

References:

(ASCEND) Virtual Logins

From: "Marc Paust" <mpaust@globalsite.net>

Prev by Date: Re: (ASCEND) 1800's and how hard they blow.
Next by Date: Re: (ASCEND) Virtual Logins
Prev by thread: (ASCEND) Virtual Logins
Next by thread: Re: (ASCEND) Virtual Logins
Index(es):
- Main
- Thread