[j-nsp] ERX lcp keepalive timeout... PPPOE
Bernd Goldschmidt
bwg at juniper.net
Thu Nov 16 13:30:39 EST 2006
Hi Peter,
The ERX has all active subscribers in his subscriber table, but during the authentication he doesn't check the username against this table.
So it is possible that multiple subscribers login in with the same username (that's a feature).
The only other device, which has the knowledge of a session state is the radius.
So there are some possibilites.
The first one is that the radius blocks a second login with the same username, and sent a access deny till he receives a accounting-stop for the "old" session.
A second option could be, that the radius sents a RID (Radius Initiated Disconnect) for the "old" subscriber, when it receives the second request for that username.
If the radius receives the ACK for that RID, the radius could then send the Access-Grant for the "new" session.
In your case the first one will solve your problem in my opinion.
RID:
http://www.juniper.net/techpubs/software/erx/junose73/swconfig-broadband/html/radius-dynamic-request6.html#125623
Gruss
Bernd.
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Peter Krupl
> Sent: Thursday, November 16, 2006 13:00
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] ERX lcp keepalive timeout... PPPOE
>
> Hi Group,
>
>
> I have some bad DSL connections which have to reinitialize
> several times each day.
> As the DSL line is dropped the CPE drops the PPPoE connection
> instantly, at it senses the DSL interface is down.
>
> When the DSL interface comes back up the CPE tries to
> authenticate again, but the
>
> ERX refuses the client access:
> INFO 11/16/2006 11:55:22 aaaUserAccess: User: EN125203; id:
> GigabitEthernet 1/1.55:55; access denied: duplicate address detected
>
> Because the the old session has to time out first:
> INFO 11/16/2006 11:55:25 aaaUserAccess: User: EN125203; id:
> GigabitEthernet 1/1.55:55; type: 0; terminating: ppp lcp
> keepalive failure
>
> Has anyone knowledge of at way to terminate the old session
> when a new login attempt with the same username is accepted ?
> In the ERX ?
>
> I have thought about logout from the radius server as an
> alternative if the ERX is not able to do it.
>
>
>
>
> Med venlig hilsen/Kind regards
> Peter Åris Krüpl
> Netværksspecialist
> www.ventelo.dk
> <STUPID DISCLAIMER>
> This correspondence and any attached files are for the sole
> use of the intended recipient(s) and may contain confidential
> and proprietary information. If you receive the above
> communication in error, please delete the message and notify
> the sender immediately. Do not distribute any part of this
> e-mail as the confidentiality stipulation adheres even in the
> event of mistransmission. Ventelo reserves the right to
> monitor all email communications through its network.
> </STUPID DISCLAIMER>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list