[cisco-nas] MLP, Windows XP and thousands of registration CD's ..

Tassos Chatzithomaoglou achatz at forthnet.gr
Tue Jan 25 12:05:57 EST 2005 

Hi,

Maybe, try to experiment with the following :

Cisco(config)#multilink bundle-name ?
   authenticated  Use peer's authenticated name
   both           Use peer's authenticated name and endpoint discriminator
   endpoint       Use peer's endpoint discriminator


Jaco Engelbrecht wrote on 25/1/2005 6:49 μμ:

> Hi,
> 
> I'm trying to find a possible workaround in RADIUS for a problem I'm having with the fact that Multilinking is enabled by default in Windows XP.
> 
> The problem:
> 
>   - ISP printed a few thousand registration CDs, all making use of username register at serendipity
>   - Windows XP Home/Professional got Multilinking enabled by default (see http://support.microsoft.com/default.aspx?scid=kb;en-us;307849&sd=tech)
>   - Two users with WinXP dialing up with MLP enabled, will thus get "the same IP" - due to MPPP binding the two sessions together [1]
>   
>   - The ISP do not know who the new, potential clients are -- so it's not as if they can tell them to disable MLP setting in Windows!
>     (In future they could distribute a note with the CDs?)
> 
> 
> My current RADIUS entry for the ISP's register account is:
> 
> register        Suffix="@serendipity"
>                 Cisco-AVPair = "ip:addr-pool=serendipity",
>                 Cisco-AVPair = "ip:inacl#1=permit ip any host 10.10.10.137",
>                 Cisco-AVPair = "ip:inacl#2=permit ip any host 10.10.10.220",
>                 Cisco-AVPair = "ip:inacl#3=permit ip any host 10.10.10.144",
>                 Cisco-AVPair = "ip:inacl#4=permit ip any host 10.10.10.69",
>                 Cisco-AVPair = "ip:inacl#5=permit udp any any eq 53",
>                 Cisco-AVPair = "ip:inacl#6=deny ip any any",
>                 Port-Limit = 1,
>                 Fall-Through=1
> 
> I can force the number of Multilink sessions to one (see http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00800b5d50.html), but then only one user can connect at a time, if they've got the Multilinking option enabled.  Not really a solution.
> 
> test-reg        Suffix="@serendipity"
>                 Cisco-AVPair = "multilink:max-links=1",
>                 Cisco-AVPair = "ip:addr-pool=serendipity",
>                 Cisco-AVPair = "ip:inacl#1=permit ip any host 10.10.10.137",
>                 Cisco-AVPair = "ip:inacl#2=permit ip any host 10.10.10.220",
>                 Cisco-AVPair = "ip:inacl#3=permit ip any host 10.10.10.144",
>                 Cisco-AVPair = "ip:inacl#4=permit ip any host 10.10.10.69",
>                 Cisco-AVPair = "ip:inacl#5=permit udp any any eq 53",
>                 Cisco-AVPair = "ip:inacl#6=deny ip any any",
>                 Port-Limit = 1,
>                 Fall-Through=1
> 
> 
> I'm currently running Cisco IOS 12.3(10) on AS5300/AS5400 kit, and I'm seeing the same behaviour on IOS 12.2(19).
> 
> The client insist that we changed something on the network (the fact that RANCID shows no changes is beside the point ;)) - any ideas to back up the fact that this was always the case?  Or is there a work around??
> 
> I re-tested and managed to replicate the binding of MLP sessions with the same username on IOS 12.2(19) - this definately did not suddenly "break" due to the code upgrade to IOS 12.3(10).
> 
> FWIW, between 12.2(19) and 12.3(10) the following (new) attributes were being sent through in the RADIUS accounting stop packets:
> 
> 
>>Acct-Link-Count = 1
>>Ascend-Num-In-Multilink = 1
>>Acct-Multi-Session-Id = "4154"
> 
> 
> 
> FWIW, here's the RADIUS start/stop accounting packets:
> 
> 
> User #1:
> 
> Tue Jan 25 13:55:54 2005
>     Acct-Session-Id = "00125F46"
>     Framed-Protocol = PPP
>     Ascend-Connect-Progress = 10
>     cisco-avpair = "connect-progress=Call Up"
>     Acct-Authentic = RADIUS
>     Acct-Status-Type = Start
>     User-Name = "register at serendipity"
>     Acct-Multi-Session-Id = "000ADAD1"
>     Ascend-Multilink-ID = 711377
>     Acct-Link-Count = 3
>     Ascend-Num-In-Multilink = 2
>     Framed-IP-Address = 172.20.255.34
>     Calling-Station-Id = "0112335631"
>     Called-Station-Id = "8450006"
>     NAS-Port-Type = Async
>     Connect-Info = "19200 V34+/Async"
>     Cisco-NAS-Port = "Async18"
>     NAS-Port = 18
>     Service-Type = Framed-User
>     NAS-IP-Address = 192.168.120.128
>     Acct-Delay-Time = 0
>     Proxy-State = a542
>     Timestamp = 1106654154
>  
> Tue Jan 25 14:00:54 2005
>     Acct-Session-Id = "00125F46"
>     Framed-Protocol = PPP
>     Acct-Authentic = RADIUS
>     Ascend-Connect-Progress = 60
>     cisco-avpair = "connect-progress=LAN Ses Up"
>     Ascend-PreSession-Time = 29
>     Ascend-Xmit-Rate = 52000
>     Ascend-Data-Rate = 28800
>     Acct-Session-Time = 301
>     Acct-Input-Octets = 7572
>     Acct-Output-Octets = 10289
>     Ascend-Pre-Input-Octets = 227
>     Ascend-Pre-Output-Octets = 112
>     Acct-Input-Packets = 110
>     Acct-Output-Packets = 85
>     Ascend-Pre-Input-Packets = 6
>     Ascend-Pre-Output-Packets = 4
>     Acct-Terminate-Cause = User-Request
>     Ascend-Disconnect-Cause = 45
>     cisco-avpair = "disc-cause-ext=PPP Receive Term"
>     Acct-Status-Type = Stop
>     User-Name = "register at serendipity"
>     Acct-Multi-Session-Id = "000ADAD1"
>     Ascend-Multilink-ID = 711377
>     Acct-Link-Count = 3
>     Ascend-Num-In-Multilink = 2
>     Framed-IP-Address = 172.20.255.34
>     Calling-Station-Id = "0112335631"
>     Called-Station-Id = "8450006"
>     NAS-Port-Type = Async
>     Cisco-NAS-Port = "Async18"
>     NAS-Port = 18
>     Connect-Info = "52000/28800 V90/V42bis/LAPM"
>     Service-Type = Framed-User
>     NAS-IP-Address = 192.168.120.128
>     Acct-Delay-Time = 0
>     Proxy-State = af0a
>     Timestamp = 1106654454
>  
> User #2:
>  
> Tue Jan 25 13:53:44 2005
>     Acct-Session-Id = "00125F17"
>     Framed-Protocol = PPP
>     Ascend-Connect-Progress = 10
>     cisco-avpair = "connect-progress=Call Up"
>     Acct-Authentic = RADIUS
>     Acct-Status-Type = Start
>     User-Name = "register at serendipity"
>     Acct-Multi-Session-Id = "000ADAD1"
>     Ascend-Multilink-ID = 711377
>     Acct-Link-Count = 2
>     Ascend-Num-In-Multilink = 2
>     Framed-IP-Address = 172.20.255.34
>     Calling-Station-Id = "0112335070"
>     Called-Station-Id = "8450006"
>     NAS-Port-Type = Async
>     Connect-Info = "32000/21600 V90/V44/LAPM"
>     cisco-avpair = "v92-info=V.92 QC MOH/QC Short Train Success/0/0"
>     Cisco-NAS-Port = "Async147"
>     NAS-Port = 147
>     Service-Type = Framed-User
>     NAS-IP-Address = 192.168.120.128
>     Acct-Delay-Time = 0
>     Proxy-State = a157
>     Timestamp = 1106654024
>  
> Tue Jan 25 14:00:56 2005
>     Acct-Session-Id = "00125F17"
>     Framed-Protocol = PPP
>     Acct-Authentic = RADIUS
>     Ascend-Connect-Progress = 60
>     cisco-avpair = "connect-progress=LAN Ses Up"
>     Ascend-PreSession-Time = 18
>     Ascend-Xmit-Rate = 9600
>     Ascend-Data-Rate = 9600
>     Acct-Session-Time = 432
>     Acct-Input-Octets = 11173
>     Acct-Output-Octets = 13203
>     Ascend-Pre-Input-Octets = 226
>     Ascend-Pre-Output-Octets = 112
>     Acct-Input-Packets = 123
>     Acct-Output-Packets = 117
>     Ascend-Pre-Input-Packets = 6
>     Ascend-Pre-Output-Packets = 4
>     Acct-Terminate-Cause = User-Request
>     Ascend-Disconnect-Cause = 45
>     cisco-avpair = "disc-cause-ext=PPP Receive Term"
>     Acct-Status-Type = Stop
>     User-Name = "register at serendipity"
>     Acct-Multi-Session-Id = "000ADAD1"
>     Ascend-Multilink-ID = 711377
>     Acct-Link-Count = 3
>     Ascend-Num-In-Multilink = 1
>     Framed-IP-Address = 172.20.255.34
>     Calling-Station-Id = "0112335070"
>     Called-Station-Id = "8450006"
>     NAS-Port-Type = Async
>     cisco-avpair = "v92-info=V.92 QC MOH/QC Short Train Success/0/0"
>     Cisco-NAS-Port = "Async147"
>     NAS-Port = 147
>     Connect-Info = "9600 V34+/V42bis/LAPM"
>     Service-Type = Framed-User
>     NAS-IP-Address = 192.168.120.128
>     Acct-Delay-Time = 0
>     Proxy-State = af15
>     Timestamp = 1106654456
>     
>     
> 
> [1]:
> 
> cas1-dbn#sh caller ip
> 
>   Vi132          register at serendipity \
>                           172.20.147.241 -               -               in
>   
>   Vi138          register at serendipity \
>                           -               5604000         01146346xy      in
> 
> 
> cas1-dbn#sh caller
>   Vi132          register at serendipity        PPP   Bundle  00:06:45  00:02:06
>   
>   Vi138          register at serendipity        PPP   L2F     00:04:52  -
> 
> 
> cas1-dbn#sh caller user register at serendipity
> 
>   User: register at serendipity, line Vi132, service PPP Bundle
>         Active time 00:08:16, Idle time 00:03:37
>   Timeouts:            Absolute  Idle
>       Limits:          -         3d00h
>       Disconnect in:   -         2d23h
>   PPP: LCP Open, multilink Open, IPCP
>        Idle timer 259200 secs, idle 217 secs
>   IP: Local 196.38.72.33, remote 172.20.147.241
>       Access list (I/O) is Virtual-Access132#0/101, default (I/O) 101/101
>   Counts: 146 packets input, 7616 bytes, 0 no buffer
>           0 input errors, 0 CRC, 0 frame, 0 overrun
>           111 packets output, 2291 bytes, 0 underruns
>           0 output errors, 0 collisions, 0 interface resets
> 
>   User: register at serendipity, line Vi138, service PPP L2F
>         Active time 00:06:22, Idle time 00:04:14
>   Timeouts:            Absolute  Idle
>       Limits:          -         -
>       Disconnect in:   -         -
>   PPP: LCP Open, multilink Open, PAP (<- AAA)
>   VPDN: NAS isdnx2, MID 127, MID open
>         HGW isdnx2, NAS CLID 2293, HGW CLID 220, tunnel open
>   Counts: 60 packets input, 3387 bytes, 0 no buffer
>           0 input errors, 0 CRC, 0 frame, 0 overrun
>           24 packets output, 466 bytes, 0 underruns
>           0 output errors, 0 collisions, 0 interface resets
> 
>

More information about the cisco-nas mailing list