[j-nsp] C2000 and E320 interaction problem
Bjørn Mork
bjorn at mork.no
Sat Oct 3 15:45:05 EDT 2009
Joe Shen <sj_hznm at yahoo.com.cn> writes:
> hi,
>
> we use C2000 with E320 to provide web based authentication service.
>
> On a new site we found C2000 could not control E320 even after we
> tried to configure both sides serval times.
>
> If E320 is configured with
>
> ' sscc enable' , client could acquire IP address by DHCP (DHCP server
> runs on E320) but no access control policy is pushed to sub-interface
> , so our customer could accesss internet without any authentication ;
>
> if E320 is configured with 'sscc enable cops-pr', client could not
> get IP address at all. At this time , C2000 logs like
I would strongly recommend always using COPS PR, to enable shared
policies etc. But I guess you already knew that, and that using XDR was
just for testing.
> '21:17:56.322 CST 29.09.2009 [CopsHandler-165/0x30003625] [AddressCtx] [10] Will refuse address since SAP JunosESap { routerName = VR_WLAN at BAS-E320-3.MAN, interfaceName = GigabitEthernet12/0/2.13311073} is not managed;
>
>
> While, the interface is surely configured to be managed by C2000.
>
>
> Would anybody do some favor to give some hints?
Does
C2K-2> show configuration shared network device BAS-E320-3.MAN interface-classifier
give you anything useful? How do you decide which interfaces should be
managed?
Bjørn
More information about the juniper-nsp
mailing list