[cisco-nas] MLP, Windows XP and thousands of registration CD's ..
Jaco Engelbrecht
bje at serendipity.org.za
Tue Jan 25 11:49:14 EST 2005
Hi,
I'm trying to find a possible workaround in RADIUS for a problem I'm having with the fact that Multilinking is enabled by default in Windows XP.
The problem:
- ISP printed a few thousand registration CDs, all making use of username register at serendipity
- Windows XP Home/Professional got Multilinking enabled by default (see http://support.microsoft.com/default.aspx?scid=kb;en-us;307849&sd=tech)
- Two users with WinXP dialing up with MLP enabled, will thus get "the same IP" - due to MPPP binding the two sessions together [1]
- The ISP do not know who the new, potential clients are -- so it's not as if they can tell them to disable MLP setting in Windows!
(In future they could distribute a note with the CDs?)
My current RADIUS entry for the ISP's register account is:
register Suffix="@serendipity"
Cisco-AVPair = "ip:addr-pool=serendipity",
Cisco-AVPair = "ip:inacl#1=permit ip any host 10.10.10.137",
Cisco-AVPair = "ip:inacl#2=permit ip any host 10.10.10.220",
Cisco-AVPair = "ip:inacl#3=permit ip any host 10.10.10.144",
Cisco-AVPair = "ip:inacl#4=permit ip any host 10.10.10.69",
Cisco-AVPair = "ip:inacl#5=permit udp any any eq 53",
Cisco-AVPair = "ip:inacl#6=deny ip any any",
Port-Limit = 1,
Fall-Through=1
I can force the number of Multilink sessions to one (see http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00800b5d50.html), but then only one user can connect at a time, if they've got the Multilinking option enabled. Not really a solution.
test-reg Suffix="@serendipity"
Cisco-AVPair = "multilink:max-links=1",
Cisco-AVPair = "ip:addr-pool=serendipity",
Cisco-AVPair = "ip:inacl#1=permit ip any host 10.10.10.137",
Cisco-AVPair = "ip:inacl#2=permit ip any host 10.10.10.220",
Cisco-AVPair = "ip:inacl#3=permit ip any host 10.10.10.144",
Cisco-AVPair = "ip:inacl#4=permit ip any host 10.10.10.69",
Cisco-AVPair = "ip:inacl#5=permit udp any any eq 53",
Cisco-AVPair = "ip:inacl#6=deny ip any any",
Port-Limit = 1,
Fall-Through=1
I'm currently running Cisco IOS 12.3(10) on AS5300/AS5400 kit, and I'm seeing the same behaviour on IOS 12.2(19).
The client insist that we changed something on the network (the fact that RANCID shows no changes is beside the point ;)) - any ideas to back up the fact that this was always the case? Or is there a work around??
I re-tested and managed to replicate the binding of MLP sessions with the same username on IOS 12.2(19) - this definately did not suddenly "break" due to the code upgrade to IOS 12.3(10).
FWIW, between 12.2(19) and 12.3(10) the following (new) attributes were being sent through in the RADIUS accounting stop packets:
> Acct-Link-Count = 1
> Ascend-Num-In-Multilink = 1
> Acct-Multi-Session-Id = "4154"
FWIW, here's the RADIUS start/stop accounting packets:
User #1:
Tue Jan 25 13:55:54 2005
Acct-Session-Id = "00125F46"
Framed-Protocol = PPP
Ascend-Connect-Progress = 10
cisco-avpair = "connect-progress=Call Up"
Acct-Authentic = RADIUS
Acct-Status-Type = Start
User-Name = "register at serendipity"
Acct-Multi-Session-Id = "000ADAD1"
Ascend-Multilink-ID = 711377
Acct-Link-Count = 3
Ascend-Num-In-Multilink = 2
Framed-IP-Address = 172.20.255.34
Calling-Station-Id = "0112335631"
Called-Station-Id = "8450006"
NAS-Port-Type = Async
Connect-Info = "19200 V34+/Async"
Cisco-NAS-Port = "Async18"
NAS-Port = 18
Service-Type = Framed-User
NAS-IP-Address = 192.168.120.128
Acct-Delay-Time = 0
Proxy-State = a542
Timestamp = 1106654154
Tue Jan 25 14:00:54 2005
Acct-Session-Id = "00125F46"
Framed-Protocol = PPP
Acct-Authentic = RADIUS
Ascend-Connect-Progress = 60
cisco-avpair = "connect-progress=LAN Ses Up"
Ascend-PreSession-Time = 29
Ascend-Xmit-Rate = 52000
Ascend-Data-Rate = 28800
Acct-Session-Time = 301
Acct-Input-Octets = 7572
Acct-Output-Octets = 10289
Ascend-Pre-Input-Octets = 227
Ascend-Pre-Output-Octets = 112
Acct-Input-Packets = 110
Acct-Output-Packets = 85
Ascend-Pre-Input-Packets = 6
Ascend-Pre-Output-Packets = 4
Acct-Terminate-Cause = User-Request
Ascend-Disconnect-Cause = 45
cisco-avpair = "disc-cause-ext=PPP Receive Term"
Acct-Status-Type = Stop
User-Name = "register at serendipity"
Acct-Multi-Session-Id = "000ADAD1"
Ascend-Multilink-ID = 711377
Acct-Link-Count = 3
Ascend-Num-In-Multilink = 2
Framed-IP-Address = 172.20.255.34
Calling-Station-Id = "0112335631"
Called-Station-Id = "8450006"
NAS-Port-Type = Async
Cisco-NAS-Port = "Async18"
NAS-Port = 18
Connect-Info = "52000/28800 V90/V42bis/LAPM"
Service-Type = Framed-User
NAS-IP-Address = 192.168.120.128
Acct-Delay-Time = 0
Proxy-State = af0a
Timestamp = 1106654454
User #2:
Tue Jan 25 13:53:44 2005
Acct-Session-Id = "00125F17"
Framed-Protocol = PPP
Ascend-Connect-Progress = 10
cisco-avpair = "connect-progress=Call Up"
Acct-Authentic = RADIUS
Acct-Status-Type = Start
User-Name = "register at serendipity"
Acct-Multi-Session-Id = "000ADAD1"
Ascend-Multilink-ID = 711377
Acct-Link-Count = 2
Ascend-Num-In-Multilink = 2
Framed-IP-Address = 172.20.255.34
Calling-Station-Id = "0112335070"
Called-Station-Id = "8450006"
NAS-Port-Type = Async
Connect-Info = "32000/21600 V90/V44/LAPM"
cisco-avpair = "v92-info=V.92 QC MOH/QC Short Train Success/0/0"
Cisco-NAS-Port = "Async147"
NAS-Port = 147
Service-Type = Framed-User
NAS-IP-Address = 192.168.120.128
Acct-Delay-Time = 0
Proxy-State = a157
Timestamp = 1106654024
Tue Jan 25 14:00:56 2005
Acct-Session-Id = "00125F17"
Framed-Protocol = PPP
Acct-Authentic = RADIUS
Ascend-Connect-Progress = 60
cisco-avpair = "connect-progress=LAN Ses Up"
Ascend-PreSession-Time = 18
Ascend-Xmit-Rate = 9600
Ascend-Data-Rate = 9600
Acct-Session-Time = 432
Acct-Input-Octets = 11173
Acct-Output-Octets = 13203
Ascend-Pre-Input-Octets = 226
Ascend-Pre-Output-Octets = 112
Acct-Input-Packets = 123
Acct-Output-Packets = 117
Ascend-Pre-Input-Packets = 6
Ascend-Pre-Output-Packets = 4
Acct-Terminate-Cause = User-Request
Ascend-Disconnect-Cause = 45
cisco-avpair = "disc-cause-ext=PPP Receive Term"
Acct-Status-Type = Stop
User-Name = "register at serendipity"
Acct-Multi-Session-Id = "000ADAD1"
Ascend-Multilink-ID = 711377
Acct-Link-Count = 3
Ascend-Num-In-Multilink = 1
Framed-IP-Address = 172.20.255.34
Calling-Station-Id = "0112335070"
Called-Station-Id = "8450006"
NAS-Port-Type = Async
cisco-avpair = "v92-info=V.92 QC MOH/QC Short Train Success/0/0"
Cisco-NAS-Port = "Async147"
NAS-Port = 147
Connect-Info = "9600 V34+/V42bis/LAPM"
Service-Type = Framed-User
NAS-IP-Address = 192.168.120.128
Acct-Delay-Time = 0
Proxy-State = af15
Timestamp = 1106654456
[1]:
cas1-dbn#sh caller ip
Vi132 register at serendipity \
172.20.147.241 - - in
Vi138 register at serendipity \
- 5604000 01146346xy in
cas1-dbn#sh caller
Vi132 register at serendipity PPP Bundle 00:06:45 00:02:06
Vi138 register at serendipity PPP L2F 00:04:52 -
cas1-dbn#sh caller user register at serendipity
User: register at serendipity, line Vi132, service PPP Bundle
Active time 00:08:16, Idle time 00:03:37
Timeouts: Absolute Idle
Limits: - 3d00h
Disconnect in: - 2d23h
PPP: LCP Open, multilink Open, IPCP
Idle timer 259200 secs, idle 217 secs
IP: Local 196.38.72.33, remote 172.20.147.241
Access list (I/O) is Virtual-Access132#0/101, default (I/O) 101/101
Counts: 146 packets input, 7616 bytes, 0 no buffer
0 input errors, 0 CRC, 0 frame, 0 overrun
111 packets output, 2291 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
User: register at serendipity, line Vi138, service PPP L2F
Active time 00:06:22, Idle time 00:04:14
Timeouts: Absolute Idle
Limits: - -
Disconnect in: - -
PPP: LCP Open, multilink Open, PAP (<- AAA)
VPDN: NAS isdnx2, MID 127, MID open
HGW isdnx2, NAS CLID 2293, HGW CLID 220, tunnel open
Counts: 60 packets input, 3387 bytes, 0 no buffer
0 input errors, 0 CRC, 0 frame, 0 overrun
24 packets output, 466 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
--
bje at serendipity.org.za
the faculty of making fortunate discoveries
More information about the cisco-nas
mailing list