For permanently-connected customers we just set the idle-timeout to the maximum limit on the NAS and issue idle-timeouts out of radius on a user or group basis. Eg interface Dialer 1 ip unnumbered FastEthernet0 no ip directed-broadcast ip tcp header-compression passive encapsulation ppp dialer in-band dialer idle-timeout 2147483 either dialer-group 1 dialer rotary-group 1 ppp authentication chap pap ! dialer-list 1 protocol ip permit ! ! or similar config What this will do is look at any traffic passing through the dialer interface in either direction and reset the idle-timeout value, effectively never disconnecting the client unless there is a network outage or until the counter reaches the limit. Beware that aaa accounting is sent when the interface goes down, so if you rely on radius accounting with the byte stats make sure you clear the interface administratively or shutdown the E1 controllers before reloading. I am not sure why you are getting the errors on request packets, but if you are setting idle-timeouts you have to be using virtual interfaces or you will get authorization failures which will drop the connection. Debug ppp authentication and ppp authorization as well as debug aaa authentication and aaa authorization on the NAS to see if this idle-timeout is causing the problem. I have found this before, and if you want to issue these via radius, you have to have in the config virtual-profile aaa virtual-profile virtual-template 1 and define minimum configs for the virtual-template such as: interface Virtual-Template1 ip unnumbered FastEthernet0 ip tcp header-compression passive ! Hope this helps Matt At 12:54 PM 05/08/99 +0930, you wrote: >Hi All, > >Does anybody know why the 5260 will not allow people on when it receives >this reply packet? The user can login fine on the pm3's. Does the >Attribute 0 with length 0 thing have anything to do with it? Maybe the >zero for the Idle-Timeout? If you can't use zero though, how do you say >"no timeout" for permanent customers ? > >TIA > >Code: Access-Accept >Identifier: 71 >Authentic: <223><150>37<142><23><191><210>^ ><159><140><178><146><166><232> >Attributes: > Framed-IP-Address = 22.214.171.124 > Service-Type = Framed-User > Framed-Protocol = PPP > Idle-Timeout = 0 > >Thu Aug 5 12:32:29 1999: WARNING: Malformed request packet: Attribute 0 >with length 0: ignored > > >Simon Lindsay [EMAIL PROTECTED] >Technical Manager Icq. 1485568 >The Internet Company Pty. Ltd. http://www.iweb.net.au/~simon >InterWeb Connections and Portal.net Ph. (08) 8221 5444 >------- Speed with Service -------- Fx. (08) 8221 5450 > > >=== >Archive at http://www.thesite.com.au/~radiator/ >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. --- Matthew Nichols - CCNA Network / Systems Engineer HunterLink Pty Ltd Newcastle NSW Australia Phone: +61 2 4969 0122 Fax: +61 2 4969 0133 Reply To: [EMAIL PROTECTED] PGP Public Key: http://moonah.hunterlink.net.au/~matt/pgp/pgpkey.html HunterLink Web Site: http://www.hunterlink.net.au === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.