* This is the VOP Radius mailing list *
Ok, your missing the point. Let me be clear. GP DOESN'T SEND WATCHDOG
PACKETS ... EVER. This is known to be true and confirmed by GP.
This thread has nothing to do with a specific NAS. Hardware doesn't matter.
It has to do with wanting GP to START sending watchdog packets so we can
control ghost users in OUR radius servers when they don't send or we don't
receive a radius stop packet (for whatever reason).
I'm aware that watchdog packets are "normally" sent by a NAS but nothing
about GPs Radius Setup is "normal". Because of many variations of the same
issue, many here have ghost issues with GP and since most of us also have
several of our own NAS, the canned-response solution by GP (don't use port
limits) isn't realistic.
A realistic solution is for GP to have their radius servers generate the
watchdog packets. Because we configure the GP Radius Servers as a NAS in our
Radius Servers, the ONLY place the watchdog packet can come from IS the GP
Radius Servers.
Watchdog packets are small and stupid and sending them programmatically is
trivial. In a conversation today with one of their Radius Admins I asked for
this functionality and he gave me the canned response (no). Asking why got
me a general answer about him not being able to guarantee that all his NAS
support it, etc. and so I clarified what I wanted. When he realized what I
was asking for his tone changed and he said he would look into creating a
module to do just that.
Brad Johnson
Systems Administrator
Local Link Network Operations
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of [EMAIL PROTECTED]
Sent: Thursday, May 20, 2004 3:00 PM
To: [EMAIL PROTECTED]
Subject: [VOPRadius] "Ghost users causing simultaneous login limit exceeded"
(wholesale ports)
* This is the VOP Radius mailing list *
Interim packets are generated by the NAS while a clients connection is still
live...the NAS watches the client using watchdog packets. Whatever RADIUS
program GP is running (it's either freeradius or radiator if I remember
correctly) would only proxy the interim packets...not generate them. To be
fair you can't really say if GP is responsible for the watchdog packets
without knowing two things...if the NAS is truely theirs...(look at your
accounting and verify the NAS IP belongs to them [I'll wager it
doesn't])...or what type of hardware they're using, some hardware won't send
watchdog/interim packets. There are a few backbones out there that support
interim packets ...without replacing hardware, I doubt GP is one of them.
Yup! And its not a problem with a NAS, it's the fact that GP doesn't send
watchdog packets.
Brad Johnson
Systems Administrator
Local Link Network Operations
**
To leave this list, send an email to [EMAIL PROTECTED]
and put the word "LEAVE" in the BODY of the email.
**
To leave this list, send an email to [EMAIL PROTECTED]
and put the word "LEAVE" in the BODY of the email.
