(ASCEND) LAN security errors (c=101, p=67) (was: Max 6000 - LAN security errors during heavy load)

To: J-Mag Guthrie <j-mag@brokersys.com>
Subject: (ASCEND) LAN security errors (c=101, p=67) (was: Max 6000 - LAN security errors during heavy load)
From: "J. Wells" <jwells@sd79.bc.ca>
Date: Wed, 14 Apr 1999 15:58:59 -0700
Cc: ascend-users@bungi.com
In-Reply-To: <Pine.LNX.4.05.9904131510300.20621-100000@weck.brokersys.com>
References: <3.0.6.32.19990413130131.007f4ab0@mail.sd79.bc.ca>
Sender: owner-ascend-users@max.bungi.com

At 03:13 PM 4/13/99 -0500, J-Mag Guthrie wrote:
>On Tue, 13 Apr 1999, J. Wells wrote:
>> At 02:10 PM 4/12/99 -0500, J-Mag Guthrie wrote:
>> >On Fri, 9 Apr 1999, J. Wells wrote:
>> >> We have a related problem with a MAX 2024, running 7.0.3 (but the
problem
>> >> has likely been there with various 6.x.x releases too)
>> >> 
>> >> Some users, some times, get immediately disconnected after 
>> >> authenticating.
>> >> Syslog shows these calls connecting, and following modem negotiation the
>> >> RADIUS server log shows that authentication was successful. However, the
>> >> MAX then immediately disconnects the user. Syslog then gets warning 
>> >> saying
>> >> "LAN security error" for the username. A few seconds later syslog and
>> >> RADIUS accounting record the end of the call, with the username and a
>> >> disconnect code of 101 (invalid user) and progress code of 67. (The 
>> >> RADIUS
>> >> accounting log has only a STOP record and doesn't show the username.)
>> >
>> >In every case where I've encountered this, resetting the client's computer
>> >and/or modem fixed it.  This particular error is in the group of raw TCP
>> >and telnet errors, so I would suspect that it's either a corrupted TCP
>> 
>> Thanks for the suggestion. While it's certainly possible, then the problem
>> becomes one of a very misleading response from the MAX. Why call such a
>> problem a "LAN security error" and disconnect with "invalid user"?
>
>Because the MAX, for whatever reason, thinks they're trying to establish a
>telnet session rather than a PPP connection.  That's why I think the
>client is sending bogus information.

I can't rule out a client problem, but if it is then it doesn't take long
to manifest itself. I just did a test where I dialed in 12 times to our MAX
from my local Win95 PC (using a otherwise unused test account). My 8th and
12th calls both disconnected immediately with the expected c=101, p=67
codes in the syslog. 

I then power cycled my modem and rebooted the PC, and did another 12 calls.
This time it was the 11th call which gave me c=101, p=67 (the 12th was ok).

John Wells
School District 79 - Cowichan Valley
Duncan, BC, Canada
jwells@sd79.bc.ca

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

References:
- Re: (ASCEND) Max 6000 - LAN security errors during heavy load
  - From: "J. Wells" <jwells@sd79.bc.ca>
- Re: (ASCEND) Max 6000 - LAN security errors during heavy load
  - From: J-Mag Guthrie <j-mag@brokersys.com>

Prev by Date: Re: (ASCEND) Disconnect Code
Next by Date: Re: (ASCEND) hi
Prev by thread: Re: (ASCEND) Max 6000 - LAN security errors during heavy load
Next by thread: (ASCEND) Empty Radius entries with Ascend Max 6000
Index(es):
- Date
- Thread