[j-nsp] C2000 and E320 interaction problem

Bjørn Mork bjorn at mork.no
Sat Oct 3 15:45:05 EDT 2009

Joe Shen <sj_hznm at yahoo.com.cn> writes:

> hi,
> we use  C2000 with E320 to provide  web based authentication service.
> On a new site we found C2000 could not control E320 even after we
> tried to configure both sides serval times.
> If E320 is configured with 
> ' sscc enable' , client could acquire IP address by DHCP (DHCP server
> runs on E320) but no access control policy is pushed to sub-interface
> , so our customer could accesss internet without any authentication ;
>  if E320 is configured with 'sscc enable cops-pr', client could not
>  get IP address at all. At this time , C2000 logs like

I would strongly recommend always using COPS PR, to enable shared
policies etc.  But I guess you already knew that, and that using XDR was
just for testing.

> '21:17:56.322 CST 29.09.2009 [CopsHandler-165/0x30003625] [AddressCtx] [10] Will refuse address since SAP JunosESap { routerName = VR_WLAN at BAS-E320-3.MAN, interfaceName = GigabitEthernet12/0/2.13311073} is not managed;
> While, the interface is surely configured to be managed by C2000.
> Would anybody do some favor to give some hints?


 C2K-2> show configuration shared network device BAS-E320-3.MAN interface-classifier

give you anything useful?  How do you decide which interfaces should be


More information about the juniper-nsp mailing list