[rbak-nsp] problem of authentification on last-resort interface
Denis Mikhaylovskiy
denis.mikhaylovskiy at ericsson.com
Sat Apr 17 13:14:41 EDT 2010
I'm not 100% sure because ip addressing is hidden in your config but anyway...
Your clients fail to bind without last-resort because ip address given by radius is not within subnet of any 'normal' multibind interfaces of context.
If ip address assignment goes from radius then SmartEdge does lookup through subnets of all multibind interfaces. If lookup fails then binding fails too until you have last-resort.
HIH
/denis
________________________________
From: Greg GOUDOU
To: Denis Mikhaylovskiy; redback-nsp at puck.nether.net
Sent: Sat Apr 17 11:36:31 2010
Subject: RE: [rbak-nsp] problem of authentification on last-resort interface
Hi
Thanks for your answer.
I don’t understand why, when I configure the both interfaces into multibind, (without last resort) , neither the client1 nor the client2 cannot authenticate.
Whereas when I configure one of them into the multibind lastresort, the both can authenticate but they have bound to the same interface.
Regards,
Grégory
De : Denis Mikhaylovskiy [mailto:denis.mikhaylovskiy at ericsson.com]
Envoyé : samedi 17 avril 2010 04:21
À : 'greg.goudou at gmail.com'; 'redback-nsp at puck.nether.net'
Objet : Re: [rbak-nsp] problem of authentification on last-resort interface
Hi,
It is not possible to have more than one last-resort interface by design in context.
Actually SmartEdge doesn't pass clients through multibind interfaces at all :).
As per 'show subs active' output I can conclude that both clients got fixed ip assignment by raidus. And I do not understand what is the problem.
/denis
________________________________
From: redback-nsp-bounces at puck.nether.net
To: redback-nsp at puck.nether.net
Sent: Fri Apr 16 11:22:01 2010
Subject: [rbak-nsp] problem of authentification on last-resort interface
Hi,
I meet a problem about a configuration. I cannot create in a same context, 2 multibind last-resort interfaces.
But, I already have a PPPoE client connected in this context (we will called “context A”). Below, his configuration:
Context A vpn-rd XXXX:6
interface Loop_client1 loopback
ip address A.B.C.D/32 with A.B.C.D/32 is a public IP address
interface PPP-client1 multibind lastresort
ip unnumbered Loop_client1
the second client is configured as defined below :
Context A vpn-rd XXXX:6
interface Loop_client2 loopback
ip address A.B.F.G/32 with A.B.F.G/32 is a public IP address
interface PPP-client2 multibind
ip unnumbered Loop_client2
when we verify the state of the connection of the clients, we notice :
For client 1:
client1 at realm.xx<mailto:client1 at realm.xx>
Agent Remote ID "client1"
Circuit 4/8 vlan-id 426 pppoe 21240
Internal Circuit 4/8:1023:63/6/2/44395
Interface bound PPP-client1
Current port-limit unlimited
context-name A (applied)
dns primary X.X.X.X (applied)
dns secondary Y.Y.Y.Y (applied)
ip address A.B.C.D (applied)
forward policy in FORWARD_FIRSTBOOT (applied)
For client2, I receive this state of connection:
client2 at realm.xx<mailto:client2 at realm.xx>
Agent Remote ID "Client2"
Circuit 4/8 vlan-id 401 pppoe 16731
Internal Circuit 4/8:1023:63/6/2/34556
Interface bound PPP-client1
Current port-limit unlimited
context-name A (applied)
dns primary X.X.X.X (applied)
dns secondary Y.Y.Y.Y (applied)
ip address A.B.F.G (applied)
forward policy in FORWARD_FIRSTBOOT (applied)
Therefore, I would like these clients have each of them, a public IP address and pass through their own interface bound.
If somebody have a solution, let me know.
Regards,
gOOdman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20100417/73d33502/attachment-0001.html>
More information about the redback-nsp
mailing list