For permanently-connected customers we just set the idle-timeout to the
maximum limit on the NAS and issue idle-timeouts out of radius on a user or
group basis.
Eg
interface Dialer 1
ip unnumbered FastEthernet0
no ip directed-broadcast
ip tcp header-compression passive
encapsulation ppp
dialer in-band
dialer idle-timeout 2147483 either
dialer-group 1
dialer rotary-group 1
ppp authentication chap pap
!
dialer-list 1 protocol ip permit
!
! or similar config
What this will do is look at any traffic passing through the dialer
interface in either direction and reset the idle-timeout value, effectively
never disconnecting the client unless there is a network outage or until
the counter reaches the limit.
Beware that aaa accounting is sent when the interface goes down, so if you
rely on radius accounting with the byte stats make sure you clear the
interface administratively or shutdown the E1 controllers before reloading.
I am not sure why you are getting the errors on request packets, but if you
are setting idle-timeouts you have to be using virtual interfaces or you
will get authorization failures which will drop the connection. Debug ppp
authentication and ppp authorization as well as debug aaa authentication
and aaa authorization on the NAS to see if this idle-timeout is causing the
problem. I have found this before, and if you want to issue these via
radius, you have to have in the config
virtual-profile aaa
virtual-profile virtual-template 1
and define minimum configs for the virtual-template such as:
interface Virtual-Template1
ip unnumbered FastEthernet0
ip tcp header-compression passive
!
Hope this helps
Matt
At 12:54 PM 05/08/99 +0930, you wrote:
>Hi All,
>
>Does anybody know why the 5260 will not allow people on when it receives
>this reply packet? The user can login fine on the pm3's. Does the
>Attribute 0 with length 0 thing have anything to do with it? Maybe the
>zero for the Idle-Timeout? If you can't use zero though, how do you say
>"no timeout" for permanent customers ?
>
>TIA
>
>Code: Access-Accept
>Identifier: 71
>Authentic: <223><150>37<142><23><191><210>^
><159><140><178><146><166><232>
>Attributes:
> Framed-IP-Address = 210.8.138.20
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Idle-Timeout = 0
>
>Thu Aug 5 12:32:29 1999: WARNING: Malformed request packet: Attribute 0
>with length 0: ignored
>
>
>Simon Lindsay [EMAIL PROTECTED]
>Technical Manager Icq. 1485568
>The Internet Company Pty. Ltd. http://www.iweb.net.au/~simon
>InterWeb Connections and Portal.net Ph. (08) 8221 5444
>------- Speed with Service -------- Fx. (08) 8221 5450
>
>
>===
>Archive at http://www.thesite.com.au/~radiator/
>To unsubscribe, email '[EMAIL PROTECTED]' with
>'unsubscribe radiator' in the body of the message.
---
Matthew Nichols - CCNA
Network / Systems Engineer
HunterLink Pty Ltd
Newcastle NSW Australia
Phone: +61 2 4969 0122 Fax: +61 2 4969 0133
Reply To: [EMAIL PROTECTED]
PGP Public Key: http://moonah.hunterlink.net.au/~matt/pgp/pgpkey.html
HunterLink Web Site: http://www.hunterlink.net.au
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
