* This is the VOP Radius mailing list *
We're talking about generating watchdog packets based on the user list on
their Radius Server FROM the Radius Server rather than the normal scenario
where the watchdog packet is generated based on the user list on the NAS
from the NAS.
It is known that GP doesn't use watchdog packets on their network (between
their NAS and Radius Servers) but this doesn't mean they can't be created by
their Radius Servers to be sent to us.
An example of this would be Slipstream Servers. I'm currently running a beta
version of their product that supports watchdog packets. Their standard
version didn't support them, I needed them (for many of the same reasons
stated here) and convinced them to add it (it took them less than a day btw)
and the functionality will be present in the next version. This really isn't
a huge thing we're asking for.
Brad Johnson
Systems Administrator
Local Link Network Operations
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of [EMAIL PROTECTED]
Sent: Thursday, May 20, 2004 3:55 PM
To: [EMAIL PROTECTED]
Subject: [VOPRadius] "Ghost users causing simultaneous login limit exceeded"
(wholesale ports)
* This is the VOP Radius mailing list *
Sure hardware matters. I don't want to single out GP because Cary is
absolutly right. But if your vendor is reselling someone else's NAS (Qwest,
UUNET, Level3...etc) then they have no ability to accurately send you a
packet saying that user is still connected. How would they know the user is
still connected?
Session timeouts and callingstationid's are much easier for vendors to
support. It would be a much easier battle to win with whoever your provider
is.
Ok, your missing the point. Let me be clear. GP DOESN'T SEND WATCHDOG
PACKETS ... EVER. This is known to be true and confirmed by GP.
This thread has nothing to do with a specific NAS. Hardware doesn't matter.
It has to do with wanting GP to START sending watchdog packets so we can
control ghost users in OUR radius servers when they don't send or we don't
receive a radius stop packet (for whatever reason).
I'm aware that watchdog packets are "normally" sent by a NAS but nothing
about GPs Radius Setup is "normal". Because of many variations of the same
issue, many here have ghost issues with GP and since most of us also have
several of our own NAS, the canned-response solution by GP (don't use port
limits) isn't realistic.
A realistic solution is for GP to have their radius servers generate the
watchdog packets. Because we configure the GP Radius Servers as a NAS in our
Radius Servers, the ONLY place the watchdog packet can come from IS the GP
Radius Servers.
Watchdog packets are small and stupid and sending them programmatically is
trivial. In a conversation today with one of their Radius Admins I asked for
this functionality and he gave me the canned response (no). Asking why got
me a general answer about him not being able to guarantee that all his NAS
support it, etc. and so I clarified what I wanted. When he realized what I
was asking for his tone changed and he said he would look into creating a
module to do just that.
Brad Johnson
Systems Administrator
Local Link Network Operations
**
To leave this list, send an email to [EMAIL PROTECTED]
and put the word "LEAVE" in the BODY of the email.
**
To leave this list, send an email to [EMAIL PROTECTED]
and put the word "LEAVE" in the BODY of the email.
