Real Time Ascend Maling List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [(ASCEND) Radius from a Class B Interface address]



Shane,

Something I have always thought about doing is to put the max behind a linux box 
running ip masquerading.  The linux could run the dns for the local domain so 
everyone logging in could see and use the local machines.  This means that the 
dns tables in the linux box would have to include the non-routable ip address on 
the max, but all browsing, ftp etc would be masqued by the linux boxes single 
real ip address. There may be other issues to deal with, but I don't think there 
would be anything that can't be handled.

I have not done this, but it is probably doable.


-----------------------------
Dave McFerren davem@solve.net
System Administrator
Net Solutions, Inc.
816-220-0303 fax 816-220-0333
-----------------------------
"It never hurts to help!" 

 
> X-Authentication-Warning: max.bungi.com: majordom set sender to 
owner-ascend-users using -f
> Date: 28 Apr 99 10:52:58 PDT
> From: Maverick <maverickthegreat@netscape.net>
> To: kid@actioninternet.net, ascend-users@bungi.com
> Subject: Re: [(ASCEND) Radius from a Class B Interface address]
> Mime-Version: 1.0
> Content-Transfer-Encoding: 8bit
> X-MIME-Autoconverted: from quoted-printable to 8bit by max.bungi.com id 
KAA22486
> 
> 
> Shane,
> 
> First let's make onr thing clear, Max 400 DOES NOT do NAT (Network
> Address Translation) or proxy for the WAN clients. Having said
> that, the WAN clients need to have a real internet-routable
> address if they need to access the internet. If the wan clients
> have the real interent routable address then make sure that
> your up-stream provider knows about that class-B network
> either via RIP or static routes.
> 
> For the radius issue make sure that you can ping the radius
> server from the MAX and the radius is up and running on the machine.
> The radius log file will tell you if it is accepting
> authentication requests.
> 
> "Shane Newberg" <kid@actioninternet.net> wrote:
> Has anyone ever dealt with a non-routable class b IP address for the wan
> interface on a 4000?
> 
> Basically, my upstream on a new connection assigned us an IP address for the
> interface that we cannot traceroute to, ping, or otherwise. We can
> traceroute to any of the Class c we were assigned for the Lan. We default
> gatewayed the maxx unit to the ip on the upstream side and All the local
> clients are happy untill.........
> 
> I tried to authenticate a dial up user into this max unit over radius, it
> failed miserably.
> Radius logs show that the interface address is making the request, fine,
> added it as a client ect...
> 
> Now there are tons of errors I have never seen before that repeat over and
> over........
> 
> Tue Apr 27 20:06:45 1999: Authentication: 137/0 'ipxroute-mi4048-1' via
> 172.x.x.26 from 207.x.x.1 port 0 Authenticate-Only - FAILED -- total 0,
> holding 0
> Tue Apr 27 20:07:01 1999: Authentication: 138/1 'initial-banner' via
> 172.x.x.26 from 207.x.x.1 port 0 Authenticate-Only - FAILED -- total 0,
> holding 0
> Tue Apr 27 20:07:06 1999: Authentication: 139/2 'bridge-mi4048-1' via
> 172.x.x.26 from 207.x.x.1 port 0 Authenticate-Only - FAILED -- total 0,
> holding 0
> Tue Apr 27 20:07:34 1999: Authentication: 136/4 'dovbs-mi4048-1' via
> 172.x.x.26 from 207.x.x.1 port 0 Authenticate-Only - FAILED -- total 0,
> holding 0
> Tue Apr 27 20:08:16 1999: Authentication: 141/8 'permconn-mi4048-1' via
> 172.x.x.26 from 207.x.x.1 port 0 Authenticate-Only - FAILED -- total 0,
> holding 0
> Tue Apr 27 20:08:33 1999: Authentication: 140/9 'frdlink-mi4048-1' via
> 172.x.x.26 from 207.x.x.1 port 0 Authenticate-Only - FAILED -- total 0,
> holding 0
> Tue Apr 27 20:08:37 1999: Received-Authentication: 143/11 'pools-mi4048' via
> 172.x.x.26 from 207.x.x.1 port 0 Authenticate-Only
> Tue Apr 27 20:08:45 1999: Authentication: 144/12 'ipxroute-1' via 172.x.x.26
> from 207.x.x.1 port 0 Authenticate-Only - FAILED -- total 0, holding 0
> Tue Apr 27 20:08:57 1999: Authentication: 145/13 'banner' via 172.x.x.26
> from 207.x.x.1 port 0 Authenticate-Only - FAILED -- total 0, holding 0
> 
> any suggestions on how to change the setup to authorize users?
> 
> Shane Newberg
> Action Internet
> 1919 Sand Lake Rd
> Orlando, FL 32809
> 407-850-0201
> administrator@actioninternet.net
> 
> ++ Ascend Users Mailing List ++
> To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
> To get FAQ'd:	<http://www.nealis.net/ascend/faq>
> 
> 
> ____________________________________________________________________
> Get your own FREE, personal Netscape WebMail account today at 
http://webmail.netscape.com.
> ++ Ascend Users Mailing List ++
> To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
> To get FAQ'd:	<http://www.nealis.net/ascend/faq>

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>