[rbak-nsp] Any one using ARADIAL Radius with SE800?

David Freedman david.freedman at uk.clara.net
Sat Aug 21 09:37:49 EDT 2010 

Are you certain that you are not sending SNMP reauth / RADIUS CoA from your
platform to the SE800?
I notice you have coa and bulk reauth configured.

Can you compare an auth request from a ³first time² user (i.e not previously
connected) with one of these ones you clam are are arriving whilst the user
is still connected? Are any of the attributes different? What does the
accounting say at this point? Does it indicate the user is being
disconnected/attempting reauthentication at all?

Dave.


On 21/08/2010 14:32, "Navin Nepali" <navin_n at yahoo.com> wrote:

> Before I was running 6.1.3.6 and just last week i upgraded to 6.1.3.8p3. But
> the problem is not solved and i am getting high cpu load...mostly consumed by
> aaad,statd and ism2.
>  
> aaa authentication administrator local
>  aaa authentication subscriber local radius
>  aaa accounting subscriber radius
>  aaa update subscriber 10
>  aaa accounting suppress-acct-on-fail
>  aaa reauthorization bulk radius
>  radius accounting server 192.168.117.16 encrypted-key 26BCF5890291563D
>  radius coa server 192.168.117.16 encrypted-key 26BCF5890291563D port 3799
>  
> radius server 192.168.117.16 encrypted-key 26BCF5890291563D
>  radius attribute nas-ip-address interface aradial
>  radius attribute calling-station-id format hostname agent-circuit-id
> agent-remote-id 
>  radius attribute calling-station-id separator /
>  radius attribute acct-session-id access-request
>  radius algorithm round-robin
>  radius accounting algorithm round-robin
>  radius strip-domain
>  
> as per Redback, they asked me to remove " aaa authentication subscriber local
> radius " and put  "aaa authentication subscriber radius"... i have done it but
> still no improvement.
>  
> Users are already connected but still the authen request is sent by se800 and
> these authen request are rejected by Radius and keeping the process busy.
>  
> That's why i want to make sure that if it's the problem of radius or se800
> version itself.
> 
> 
> --- On Sat, 8/21/10, David Freedman <david.freedman at uk.clara.net> wrote:
>> 
>> From: David Freedman <david.freedman at uk.clara.net>
>> Subject: Re: [rbak-nsp] Any one using ARADIAL Radius with SE800?
>> To: "Navin Nepali" <navin_n at yahoo.com>, redback-nsp at puck.nether.net
>> Date: Saturday, August 21, 2010, 6:53 PM
>> 
>> Do you have any form of re-authentication configured? (i.e custom/NetOP EMS?)
>> 
>> Are you sure user is connected when this auth request arrives? (i.e did you
>> confirm lack of accounting STOP before the request is dispatched?)
>> 
>> How long have you been running this release? Have you seen this before?
>> 
>> .
>> 
>> On 21/08/2010 14:17, "Navin Nepali" <navin_n at yahoo.com> wrote:
>> 
>>> Is there any bug relating to the Radius Authentication with the SEOS version
>>> 6.1.3.8p3?
>>>  
>>> I am having strange problem. even the user is already connected but still
>>> the SE800 is sending the authentication request to the Radius server.
>>> Because of this the CPU load is very high in my case.
>>>  
>>>  
>>> 
>>> --- On Sat, 8/21/10, David Freedman <david.freedman at uk.clara.net> wrote:
>>>> 
>>>> From: David Freedman <david.freedman at uk.clara.net>
>>>> Subject: Re: [rbak-nsp] Any one using ARADIAL Radius with SE800?
>>>> To: "Navin Nepali" <navin_n at yahoo.com>, redback-nsp at puck.nether.net
>>>> Date: Saturday, August 21, 2010, 6:39 PM
>>>> 
>>>> Navin,
>>>> 
>>>> The attributes you issue would be a combination of IETF and Redback ³Vendor
>>>> Specific² attributes as defined in the appendix of the appropriate SEOS
>>>> manual section.
>>>> 
>>>> The vendor of the Radius software should have nothing do with the content
>>>> of the attributes, just how you would issue them.
>>>>  
>>>> What exactly are you trying to achieve?
>>>> 
>>>> David.
>>>> 
>>>> 
>>>> On 21/08/2010 14:04, "Navin Nepali" <navin_n at yahoo.com> wrote:
>>>> 
>>>>> hello! 
>>>>> Anyone using ARADIAL Radius system with SE800?..if anyone using it...then
>>>>> can you provide me the Radius Attributes.
>>>>>  
>>>>> Thanks
>>>>> 
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> redback-nsp mailing list
>>>>> redback-nsp at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/redback-nsp
>>>> 
>>>> --
>>>> 
>>>> David Freedman
>>>> Group Network Engineering
>>>> 
>>>> david.freedman at uk.clara.net
>>>> Tel +44 (0) 20 7685 8000
>>>> 
>>>> Claranet Group
>>>> 21 Southampton Row
>>>> London - WC1B 5HA - UK
>>>> http://www.claranet.com <http://www.claranet.com/>
>>>> <http://www.claranet.com/>
>>>> 
>>>> Company Registration: 3152737 - Place of registration: England
>>>> 
>>>> All the information contained within this electronic message from Claranet
>>>> Ltd is covered by the disclaimer at http://www.claranet.co.uk/disclaimer
>>>> 
>>> 
>>> 
>> 
>> --
>> 
>> David Freedman
>> Group Network Engineering
>> 
>> david.freedman at uk.clara.net
>> Tel +44 (0) 20 7685 8000
>> 
>> Claranet Group
>> 21 Southampton Row
>> London - WC1B 5HA - UK
>> http://www.claranet.com <http://www.claranet.com/>
>> 
>> Company Registration: 3152737 - Place of registration: England
>> 
>> All the information contained within this electronic message from Claranet
>> Ltd is covered by the disclaimer at http://www.claranet.co.uk/disclaimer
>> 
> 
>  

--

David Freedman
Group Network Engineering

david.freedman at uk.clara.net
Tel +44 (0) 20 7685 8000

Claranet Group
21 Southampton Row
London - WC1B 5HA - UK
http://www.claranet.com

Company Registration: 3152737 - Place of registration: England

All the information contained within this electronic message from Claranet
Ltd is covered by the disclaimer at http://www.claranet.co.uk/disclaimer


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20100821/c30d62d9/attachment.html>

More information about the redback-nsp mailing list