For permanently-connected customers we just set the idle-timeout to the 
maximum limit on the NAS and issue idle-timeouts out of radius on a user or 
group basis.

interface Dialer 1
  ip unnumbered FastEthernet0
  no ip directed-broadcast
  ip tcp header-compression passive
  encapsulation ppp
  dialer in-band
  dialer idle-timeout 2147483 either
  dialer-group 1
  dialer rotary-group 1
  ppp authentication chap pap
  dialer-list 1 protocol ip permit
! or similar config

What this will do is look at any traffic passing through the dialer 
interface in either direction and reset the idle-timeout value, effectively 
never disconnecting the client unless there is a network outage or until 
the counter reaches the limit.
Beware that aaa accounting is sent when the interface goes down, so if you 
rely on radius accounting with the byte stats make sure you clear the 
interface administratively or shutdown the E1 controllers before reloading.

I am not sure why you are getting the errors on request packets, but if you 
are setting idle-timeouts you have to be using virtual interfaces or you 
will get authorization failures which will drop the connection. Debug ppp 
authentication and ppp authorization as well as debug aaa authentication 
and aaa authorization on the NAS to see if this idle-timeout is causing the 
problem. I have found this before, and if you want to issue these via 
radius, you have to have in the config
virtual-profile aaa
virtual-profile virtual-template 1
and define minimum configs for the virtual-template such as:

interface Virtual-Template1
  ip unnumbered FastEthernet0
  ip tcp header-compression passive
Hope this helps


At 12:54 PM 05/08/99 +0930, you wrote:

>Hi All,
>Does anybody know why the 5260 will not allow people on when it receives
>this reply packet? The user can login fine on the pm3's. Does the
>Attribute 0 with length 0 thing have anything to do with it? Maybe the
>zero for the Idle-Timeout? If you can't use zero though, how do you say
>"no timeout" for permanent customers ?
>Code:       Access-Accept
>Identifier: 71
>Authentic:  <223><150>37<142><23><191><210>^
>         Framed-IP-Address =
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Idle-Timeout = 0
>Thu Aug  5 12:32:29 1999: WARNING: Malformed request packet: Attribute 0
>with length 0: ignored
>Simon Lindsay                                        [EMAIL PROTECTED]
>Technical Manager                                   Icq.       1485568
>The Internet Company Pty. Ltd. 
>InterWeb Connections and                 Ph. (08) 8221 5444
>------- Speed with Service --------                 Fx. (08) 8221 5450
>Archive at
>To unsubscribe, email '[EMAIL PROTECTED]' with
>'unsubscribe radiator' in the body of the message.

Matthew Nichols - CCNA
Network / Systems Engineer
HunterLink Pty Ltd
Newcastle NSW Australia
Phone: +61 2 4969 0122  Fax: +61 2 4969 0133
PGP Public Key:
HunterLink Web Site:

Archive at
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to