[RadiusNT] SNMP Concurrency Allowing All Calls

Blair Bailey ( (no email) )
Thu, 09 Mar 2000 19:00:30 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Graeme Slogrove: "RE: [RadiusNT] Modifying RadCheckPort"
Next message: NCKCN: "Re: [RadiusNT] SNMP Concurrency Allowing All Calls"
Next in thread: NCKCN: "Re: [RadiusNT] SNMP Concurrency Allowing All Calls"

We are evaluating RadiusNT 3.0 Pro (our live system is Radius 2.5 =
Standard) for its SNMP Concurrency Check feature. RadiusNT is up and =
running. Concurrency and variable login limits are working. The SNMP =
check, however, always overides the over limit reject. Thus, users who =
should be rejected because they are already logged in are being allowed to =
login again (in our test case).

The NAS is a Cisco 5248.

Watching the -x18 debug, I see:
Server: x.x.x.x SNMPUser: .1.3.6.1.4.1.9.2.9.2.1.18.1 User: yyyyy
Sending Ack of id 129 to 7f000001 (localhost)

Using the snmputil utility in the NTResKit:
C:\NTRESKIT>snmputil get x.x.x.x zzzzzz .1.3.6.1.4.1.9.2.9.2.1.18.1
Variable =3D .iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.1
Value =3D OCTET STRING - yyyyy

x.x.x.x is the correct IP of the NAS
yyyyy is the username in question who is on port 1 of the NAS
zzzzz is the community name that is also listed in the Servers table
The first connection is a live user connection.
The second connection attempt is being made from radlogin.

Am I missing something?

Is testing with radlogin valid here?

Any thing else I should look at?

Thanks much
Blair

For more information about this list (including removal) go to:
http://www.iea-software.com/support/maillists/liststart

Previous message: Graeme Slogrove: "RE: [RadiusNT] Modifying RadCheckPort"
Next message: NCKCN: "Re: [RadiusNT] SNMP Concurrency Allowing All Calls"
Next in thread: NCKCN: "Re: [RadiusNT] SNMP Concurrency Allowing All Calls"