Re: Change of network adapters in radius server
On 2011/12/02 09:52 AM, Alan DeKok wrote: I've done tests with 50K requests/s for days straight. My smartphone could do 200 requests/s. I must say, freeradius running on a smartphone is quite cool! -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 Before acting on this email or opening any attachments you should read Cape PC Service's email disclaimer at: http://www.pcservices.co.za/disclaimer.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Change of network adapters in radius server
On Fri, Dec 2, 2011 at 3:28 PM, Johan Meiring jmeir...@pcservices.co.za wrote: On 2011/12/02 09:52 AM, Alan DeKok wrote: I've done tests with 50K requests/s for days straight. My smartphone could do 200 requests/s. I must say, freeradius running on a smartphone is quite cool! Yes, it is :) Although more practical users will opt for smart (i.e. flashable-with-custom-linux-firmware) AP or *plugs instead, which should be more affordable and better suited for embedded server tasks. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Change of network adapters in radius server
On 12/02/2011 08:52 PM, Alan DeKok wrote: Roland Pinches wrote: Is there something I have missed that binds radius to a specific MAC address? No. It *does* bind to a specific IP address, if you've configured it to do that. Can anyone offer suggestions? I can provide the output from radiusd -X if needed but will take me a day or two to get it since this is on a production server that can only be worked on at 3am! You can run the server in debugging mode on a different port. Ah, I didn't know that. I'll grab the debug output as soon as I can, thanks. The VM is configured with 2 vCPU and 4GB RAM. The cisco NAS is reporting approx 2000 requests a minute, so not exactly super busy. I've seen other posts in the mailing list suggesting FreeRADIUS can cope with 1000's per second! I've done tests with 50K requests/s for days straight. My smartphone could do 200 requests/s. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Change of network adapters in radius server
Hi, We've run into a problem with our freeradius server virtual machine. It's a RHEL5.5 VM running on ESXi 4.1 and it talks to a cisco NAS. It currently works but we have performance issues, which I have partly tracked down to a very specific VMware issue - if running linux with more than 1 vCPU, vmxnet3 NIC connected to a distributed vSwitch. The work around is to change the network adapters to something other than a vmxnet3 adapter. However, this is where my radius problem comes in. When I change the NICs, the MAC address changes, which means I need to setup the static IP addresses again. Not a problem and I can then ping the cisco device and the cisco device can ping the radius server. The problem is, no radius traffic flows between them. Since this is a VM, I took a snapshot first, so rolling back to the snapshot started radius working again with the vmxnet3 adapter and the old MAC address. iptables is disabled so there are no firewall issues. The arp table on the cisco device has had the old MAC address entry for the radius server removed and it detects the new MAC address correctly after a ping. Is there something I have missed that binds radius to a specific MAC address? The MAC address change is the only thing I can think of, but may have nothing to do with it. Running radtest on the radius server would appear to show that radius is authenticating successfully and the radius.log shows radius started and ready to accept connections. Can anyone offer suggestions? I can provide the output from radiusd -X if needed but will take me a day or two to get it since this is on a production server that can only be worked on at 3am! The VM is configured with 2 vCPU and 4GB RAM. The cisco NAS is reporting approx 2000 requests a minute, so not exactly super busy. I've seen other posts in the mailing list suggesting FreeRADIUS can cope with 1000's per second! Many thanks, Roly. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Change of network adapters in radius server
Roland Pinches rolyp...@ihug.co.nz wrote: We've run into a problem with our freeradius server virtual machine. It's a RHEL5.5 VM running on ESXi 4.1 and it talks to a cisco NAS. It currently works but we have performance issues, which I have partly tracked down to a very specific VMware issue - if running linux with more than 1 vCPU, vmxnet3 NIC connected to a distributed vSwitch. The work around is to change the network adapters to something other than a vmxnet3 adapter. However, this is where my radius problem comes in. When I change the NICs, the MAC address changes, which means I need to setup the static IP addresses again. Not a problem and I can then ping the cisco device and the cisco device can ping the radius server. The problem is, no radius traffic flows between them. You can override the generated MAC. Try putting in the one fromt the vmxnet3 NIC and see what happens. Grüße, Sven. -- Sigmentation fault. Core dumped. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Change of network adapters in radius server
On 12/02/2011 12:21 PM, Sven Hartge wrote: Roland Pinches rolyp...@ihug.co.nz wrote: We've run into a problem with our freeradius server virtual machine. It's a RHEL5.5 VM running on ESXi 4.1 and it talks to a cisco NAS. It currently works but we have performance issues, which I have partly tracked down to a very specific VMware issue - if running linux with more than 1 vCPU, vmxnet3 NIC connected to a distributed vSwitch. The work around is to change the network adapters to something other than a vmxnet3 adapter. However, this is where my radius problem comes in. When I change the NICs, the MAC address changes, which means I need to setup the static IP addresses again. Not a problem and I can then ping the cisco device and the cisco device can ping the radius server. The problem is, no radius traffic flows between them. You can override the generated MAC. Try putting in the one fromt the vmxnet3 NIC and see what happens. Grüße, Sven. I tried that, but it won't let me take the previous mac address since it's outside the range VMware allows you to allocate (it comes up with a message saying it outside the range allowed). Roly. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Change of network adapters in radius server
Roland Pinches wrote: Is there something I have missed that binds radius to a specific MAC address? No. It *does* bind to a specific IP address, if you've configured it to do that. Can anyone offer suggestions? I can provide the output from radiusd -X if needed but will take me a day or two to get it since this is on a production server that can only be worked on at 3am! You can run the server in debugging mode on a different port. The VM is configured with 2 vCPU and 4GB RAM. The cisco NAS is reporting approx 2000 requests a minute, so not exactly super busy. I've seen other posts in the mailing list suggesting FreeRADIUS can cope with 1000's per second! I've done tests with 50K requests/s for days straight. My smartphone could do 200 requests/s. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
