> > > On the other hand: why not just let the MAX distribute the IPs? make a > > > pools-NAS-NAME entry which assigns your pools to the NAS and choose > > > the pool via the Ascend-Assign-IP-Pool attribute. Works fine (I have > > > about a dozend MAX 2000/4000/6000/TNT with this setup). > > > > So let me see if I get this straight. I should create something like: > > > > pools-nas1 Ascend-Assign-IP-Pool := "nas1_pool" ?
> No. > Example (makes three pools on nas1 and has 3 test users which each get > an ip from a different pool): > pools-nas1 Auth-Type := Local, User-Password == "ascend" > Service-Type = Outbound-User, > Ascend-IP-Pool-Definition = "1 10.10.10.1 126", > Ascend-IP-Pool-Definition = "2 10.10.20.1 126", > Ascend-IP-Pool-Definition = "3 10.10.30.1 126" > user1 Auth-Type := Local, User-Password == "test1" > Service-Type = Framed, > Framed-Protocol = MPP, > Ascend-Maximum-Channels = 2, > Ascend-Assign-IP-Pool = 1, > Ascend-Idle-Limit = 3600, > Ascend-Client-Primary-DNS = 10.1.1.1, > Ascend-Client-Secondary-DNS = 10.2.1.1, > Ascend-Client-Assign-DNS = DNS-Assign-Yes > > user2 Auth-Type := Local, User-Password == "test2" > Service-Type = Framed, > Framed-Protocol = MPP, > Ascend-Maximum-Channels = 2, > Ascend-Assign-IP-Pool = 2, > Ascend-Idle-Limit = 3600, > Ascend-Client-Primary-DNS = 10.1.1.1, > Ascend-Client-Secondary-DNS = 10.2.1.1, > Ascend-Client-Assign-DNS = DNS-Assign-Yes > user3 Auth-Type := Local, User-Password == "test3" > Service-Type = Framed, > Framed-Protocol = MPP, > Ascend-Maximum-Channels = 2, > Ascend-Assign-IP-Pool = 3, > Ascend-Idle-Limit = 3600, > Ascend-Client-Primary-DNS = 10.1.1.1, > Ascend-Client-Secondary-DNS = 10.2.1.1, > Ascend-Client-Assign-DNS = DNS-Assign-Yes > This works well with fallback defaults / sql group replies. I see. I will forward these changes to see whether the problems are totally solved and let you know of the outcome. This hole issue with the IP Pools has been in my mind since I first started working along with Radius. > > I don't know if I understood exactly what you mean. I've never worked > > with ascend before. If however it's pretty much the above has this > > anything to do with the countless auth requests regarding > > pools-nas1/ascend I receive or have I screwed everything badly? :-) > Oh, missed that paragraph... > Yep. pool defs must go to the pools user of the nas. As soon as the max > powers up, it asks for its pools. If it gets a user reply which has a > unknown pool, it should ask again. Another helpful tip. Browsing the archives this subject had been mentioned before but the answer was simply to put this user in Service-Type = REJECT to avoid the logging of these connections. Let along the manuals of the NAS equipment have been lost through the centuries making my life much more difficult :-) > I don't trust freeradius to assign IP addresses, cause the NAS is the one > who knows if a session is there or if it is not. There is no real point in > letting the radius assign ip adresses if your NAS equipment can do it. And > if you are changing pools often, this is also no problem if your running > some sort of dynamic routing protocol, cause the nas will announce it's > learned pools via this way... Well you may actually be correct but from what I have read during the past months some NAS equipment didn't have any problems with the ip management via the radius server so I though this should be a most applicable method to setup radius. > Oliver. Thank you very much for all your help. Regards, Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
