<div class="gmail_quote"><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Sat, 17 Apr 2010 12:36:31 -0400<br>
From: "Greg GOUDOU" <<a href="mailto:greg.goudou@gmail.com">greg.goudou@gmail.com</a>><br>
To: "'Denis Mikhaylovskiy'" <<a href="mailto:denis.mikhaylovskiy@ericsson.com">denis.mikhaylovskiy@ericsson.com</a>>,<br>
<<a href="mailto:redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</a>><br>
Subject: Re: [rbak-nsp] problem of authentification on last-resort<br>
interface<br>
Message-ID: <<a href="mailto:4bc9e38f.9653f10a.3be1.ffffade6@mx.google.com">4bc9e38f.9653f10a.3be1.ffffade6@mx.google.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi<br>
<br>
Thanks for your answer.<br>
<br>
I don?t understand why, when I configure the both interfaces into multibind, (without last resort) , neither the client1 nor the client2 cannot authenticate.<br></blockquote><div><br>try debug aaa authentication, if that gives you no hint, send your full config and the full show subscriber info. don't hide the domain names or the IP's. you probably have something missing that means you can't bind. A domain name error is a common one. or maybe a radius profile error. someone can spot it if you send the full information.<br>
<br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
Whereas when I configure one of them into the multibind lastresort, the both can authenticate but they have bound to the same interface.<br>
<br></blockquote><div><br>Last resort interface by design is the last resort. there is only one last resort, thats the whole point.<br><br>if you want them to bind to differnet interfaces, then you have to set their ip addresses so that they match the addresses of the two different interfaces (use non-loopback subscriber interfaces, with a netmask that includes the subscriber ip).<br>
<br>that said, there isn't much reason to want two subscribers to bind to two different interfaces in the same context. one binding interface does for 99% of designs.<br> <br>cheers<br>Ian<br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
Regards,<br>
<br>
<br>
<br>
Gr?gory<br>
<br>
<br>
<br>
De : Denis Mikhaylovskiy [mailto:<a href="mailto:denis.mikhaylovskiy@ericsson.com">denis.mikhaylovskiy@ericsson.com</a>]<br>
Envoy? : samedi 17 avril 2010 04:21<br>
? : '<a href="mailto:greg.goudou@gmail.com">greg.goudou@gmail.com</a>'; '<a href="mailto:redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</a>'<br>
Objet : Re: [rbak-nsp] problem of authentification on last-resort interface<br>
<br>
<br>
<br>
Hi,<br>
It is not possible to have more than one last-resort interface by design in context.<br>
Actually SmartEdge doesn't pass clients through multibind interfaces at all :).<br>
<br>
As per 'show subs active' output I can conclude that both clients got fixed ip assignment by raidus. And I do not understand what is the problem.<br>
<br>
<br>
/denis<br>
<br>
_____<br>
<br>
From: <a href="mailto:redback-nsp-bounces@puck.nether.net">redback-nsp-bounces@puck.nether.net</a><br>
To: <a href="mailto:redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</a><br>
Sent: Fri Apr 16 11:22:01 2010<br>
Subject: [rbak-nsp] problem of authentification on last-resort interface<br>
<br>
<br>
<br>
Hi,<br>
<br>
<br>
<br>
I meet a problem about a configuration. I cannot create in a same context, 2 multibind last-resort interfaces.<br>
<br>
But, I already have a PPPoE client connected in this context (we will called ?context A?). Below, his configuration:<br>
<br>
<br>
<br>
Context A vpn-rd XXXX:6<br>
<br>
interface Loop_client1 loopback<br>
<br>
ip address A.B.C.D/32 with A.B.C.D/32 is a public IP address<br>
<br>
<br>
<br>
interface PPP-client1 multibind lastresort<br>
<br>
ip unnumbered Loop_client1<br>
<br>
<br>
<br>
the second client is configured as defined below :<br>
<br>
<br>
<br>
Context A vpn-rd XXXX:6<br>
<br>
interface Loop_client2 loopback<br>
<br>
ip address A.B.F.G/32 with A.B.F.G/32 is a public IP address<br>
<br>
<br>
<br>
interface PPP-client2 multibind<br>
<br>
ip unnumbered Loop_client2<br>
<br>
<br>
<br>
when we verify the state of the connection of the clients, we notice :<br>
<br>
For client 1:<br>
<br>
client1@realm.xx<br>
<br>
Agent Remote ID "client1"<br>
<br>
Circuit 4/8 vlan-id 426 pppoe 21240<br>
<br>
Internal Circuit 4/8:1023:63/6/2/44395<br>
<br>
Interface bound PPP-client1<br>
<br>
Current port-limit unlimited<br>
<br>
context-name A (applied)<br>
<br>
dns primary X.X.X.X (applied)<br>
<br>
dns secondary Y.Y.Y.Y (applied)<br>
<br>
ip address A.B.C.D (applied)<br>
<br>
forward policy in FORWARD_FIRSTBOOT (applied)<br>
<br>
<br>
<br>
For client2, I receive this state of connection:<br>
<br>
client2@realm.xx<br>
<br>
Agent Remote ID "Client2"<br>
<br>
Circuit 4/8 vlan-id 401 pppoe 16731<br>
<br>
Internal Circuit 4/8:1023:63/6/2/34556<br>
<br>
Interface bound PPP-client1<br>
<br>
Current port-limit unlimited<br>
<br>
context-name A (applied)<br>
<br>
dns primary X.X.X.X (applied)<br>
<br>
dns secondary Y.Y.Y.Y (applied)<br>
<br>
ip address A.B.F.G (applied)<br>
<br>
forward policy in FORWARD_FIRSTBOOT (applied)<br>
<br>
<br>
<br>
Therefore, I would like these clients have each of them, a public IP address and pass through their own interface bound.<br>
<br>
<br>
<br>
If somebody have a solution, let me know.<br>
<br>
<br>
<br>
Regards,<br>
<br>
<br>
<br>
gOOdman<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="https://puck.nether.net/pipermail/redback-nsp/attachments/20100417/9a7a9c03/attachment-0001.html" target="_blank">https://puck.nether.net/pipermail/redback-nsp/attachments/20100417/9a7a9c03/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Sat, 17 Apr 2010 13:14:41 -0400<br>
From: Denis Mikhaylovskiy <<a href="mailto:denis.mikhaylovskiy@ericsson.com">denis.mikhaylovskiy@ericsson.com</a>><br>
To: "'<a href="mailto:greg.goudou@gmail.com">greg.goudou@gmail.com</a>'" <<a href="mailto:greg.goudou@gmail.com">greg.goudou@gmail.com</a>>,<br>
"'<a href="mailto:redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</a>'" <<a href="mailto:redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</a>><br>
Subject: Re: [rbak-nsp] problem of authentification on last-resort<br>
interface<br>
Message-ID:<br>
<<a href="mailto:2B6B8CA0ACA1B243820A777B0DBA53255007D5F86F@EUSAACMS0703.eamcs.ericsson.se">2B6B8CA0ACA1B243820A777B0DBA53255007D5F86F@EUSAACMS0703.eamcs.ericsson.se</a>><br>
<br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
I'm not 100% sure because ip addressing is hidden in your config but anyway...<br>
Your clients fail to bind without last-resort because ip address given by radius is not within subnet of any 'normal' multibind interfaces of context.<br>
If ip address assignment goes from radius then SmartEdge does lookup through subnets of all multibind interfaces. If lookup fails then binding fails too until you have last-resort.<br>
<br>
HIH<br>
/denis<br>
<br>
________________________________<br>
From: Greg GOUDOU<br>
To: Denis Mikhaylovskiy; <a href="mailto:redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</a><br>
Sent: Sat Apr 17 11:36:31 2010<br>
Subject: RE: [rbak-nsp] problem of authentification on last-resort interface<br>
Hi<br>
Thanks for your answer.<br>
I don?t understand why, when I configure the both interfaces into multibind, (without last resort) , neither the client1 nor the client2 cannot authenticate.<br>
Whereas when I configure one of them into the multibind lastresort, the both can authenticate but they have bound to the same interface.<br>
<br>
Regards,<br>
<br>
Gr?gory<br>
<br>
De : Denis Mikhaylovskiy [mailto:<a href="mailto:denis.mikhaylovskiy@ericsson.com">denis.mikhaylovskiy@ericsson.com</a>]<br>
Envoy? : samedi 17 avril 2010 04:21<br>
? : '<a href="mailto:greg.goudou@gmail.com">greg.goudou@gmail.com</a>'; '<a href="mailto:redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</a>'<br>
Objet : Re: [rbak-nsp] problem of authentification on last-resort interface<br>
<br>
<br>
Hi,<br>
It is not possible to have more than one last-resort interface by design in context.<br>
Actually SmartEdge doesn't pass clients through multibind interfaces at all :).<br>
<br>
As per 'show subs active' output I can conclude that both clients got fixed ip assignment by raidus. And I do not understand what is the problem.<br>
<br>
<br>
/denis<br>
<br>
________________________________<br>
From: <a href="mailto:redback-nsp-bounces@puck.nether.net">redback-nsp-bounces@puck.nether.net</a><br>
To: <a href="mailto:redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</a><br>
Sent: Fri Apr 16 11:22:01 2010<br>
Subject: [rbak-nsp] problem of authentification on last-resort interface<br>
<br>
Hi,<br>
<br>
I meet a problem about a configuration. I cannot create in a same context, 2 multibind last-resort interfaces.<br>
But, I already have a PPPoE client connected in this context (we will called ?context A?). Below, his configuration:<br>
<br>
Context A vpn-rd XXXX:6<br>
interface Loop_client1 loopback<br>
ip address A.B.C.D/32 with A.B.C.D/32 is a public IP address<br>
<br>
interface PPP-client1 multibind lastresort<br>
ip unnumbered Loop_client1<br>
<br>
the second client is configured as defined below :<br>
<br>
Context A vpn-rd XXXX:6<br>
interface Loop_client2 loopback<br>
ip address A.B.F.G/32 with A.B.F.G/32 is a public IP address<br>
<br>
interface PPP-client2 multibind<br>
ip unnumbered Loop_client2<br>
<br>
when we verify the state of the connection of the clients, we notice :<br>
For client 1:<br>
client1@realm.xx<mailto:<a href="mailto:client1@realm.xx">client1@realm.xx</a>><br>
Agent Remote ID "client1"<br>
Circuit 4/8 vlan-id 426 pppoe 21240<br>
Internal Circuit 4/8:1023:63/6/2/44395<br>
Interface bound PPP-client1<br>
Current port-limit unlimited<br>
context-name A (applied)<br>
dns primary X.X.X.X (applied)<br>
dns secondary Y.Y.Y.Y (applied)<br>
ip address A.B.C.D (applied)<br>
forward policy in FORWARD_FIRSTBOOT (applied)<br>
<br>
For client2, I receive this state of connection:<br>
client2@realm.xx<mailto:<a href="mailto:client2@realm.xx">client2@realm.xx</a>><br>
Agent Remote ID "Client2"<br>
Circuit 4/8 vlan-id 401 pppoe 16731<br>
Internal Circuit 4/8:1023:63/6/2/34556<br>
Interface bound PPP-client1<br>
Current port-limit unlimited<br>
context-name A (applied)<br>
dns primary X.X.X.X (applied)<br>
dns secondary Y.Y.Y.Y (applied)<br>
ip address A.B.F.G (applied)<br>
forward policy in FORWARD_FIRSTBOOT (applied)<br>
<br>
Therefore, I would like these clients have each of them, a public IP address and pass through their own interface bound.<br>
<br>
If somebody have a solution, let me know.<br>
<br>
Regards,<br>
<br>
gOOdman<br>
<br>
<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="https://puck.nether.net/pipermail/redback-nsp/attachments/20100417/73d33502/attachment.html" target="_blank">https://puck.nether.net/pipermail/redback-nsp/attachments/20100417/73d33502/attachment.html</a>><br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
redback-nsp mailing list<br>
<a href="mailto:redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/redback-nsp" target="_blank">https://puck.nether.net/mailman/listinfo/redback-nsp</a><br>
<br>
<br>
End of redback-nsp Digest, Vol 28, Issue 15<br>
*******************************************<br>
</blockquote><br></div><br>