Re: [Emerald] Radius junk logins from Ascend MAX 4000

daytondigital.net ( (no email) )
Wed, 10 Jul 2002 10:54:10 -0400

I just purchased a Max 4004 and am having similar issues...

I am using Emerald 2.5

Framed User
Framed Protocol PPP
Session Timeout
Idle Timeout

Do I need somthing different to get the username and password from the max?

I have the nas setup in emerald admin correct i think... 72 ports and they
are numbered automatically from the setup...

I see the calls coming in from the Max in radius -x15 but I don't see people
staying connected.... any help would be appreciated...My guess is my ppp
service type in emerald doesn't have the neccessary radius attributes for a
max to talk to it...

I have a Max 4004 and a Patton 2960/48 so I need to see that they both work
with the same service type ....

----- Original Message -----
From: "Mike Hale" <mhale@TOUA.net>
To: <emerald@iea-software.com>
Sent: Tuesday, July 09, 2002 12:07 PM
Subject: RE: [Emerald] Radius junk logins from Ascend MAX 4000

Output from radius -x15 -X.

radrecv: Request from host d8409a02 code=1, id=173, length=70 01 ad 00
46 ef e1 e0 2d 7f e2 ae da 23 91 a7 06 93 d1 aa 32
Packet Information: 50 bytes:
01 11 69 6e 69 74 69 61 6c 2d 62 61 6e 6e 65 72 00 02 09 00 c5 26 63 2a
c3 8a 04 06 d8 40 9a 02 05 06 00 00 00 00 3d 06 00 00 00 05 06 06 00 00
00 05

radrecv: Request from host d8409a02 code=1, id=173, length=70
User-Name = "initial-banner"
Password = ""
Authenticate: from sellstoua-rtr2.toua.net - Invalid Password Length
Request from sellstoua-rtr2.toua.net - Malformed Packet
Resp Time: 31 Auth: 0/0 -> 0 Acct: 0/0/0 -> 0

Hope this helps us track down what's causing this.

Michael Hale
Network Engineer TOUA.net
phone: 520-383-5849
fax: 520-383-2218
e-mail: mhale@toua.net
web: http://www.toua.net/

-----Original Message-----
From: Dale E. Reed Jr. [mailto:daler@iea-software.com]
Sent: Friday, July 05, 2002 8:55 PM
To: emerald@iea-software.com
Subject: Re: [Emerald] Radius junk logins from Ascend MAX 4000

> If enabling malformed just means having the box 'allow malformed'
> checked in radius admin, then we are already allowing malformed
> requests. Is there anything else that might make RADIUS not NAK the
> MAXs requests? Will RADIUS mention a NAK in the log for these
> interfaces?

It should log them. According to the RFC, malformed packets are to be
ignored/dropped not NAKed. Try running RadiusNT in "radius -x15 -X"
debug mode and them send me the output from the radrecv() line to the
next
radrecv() line where the lines in between containt the malformed error.
Send me the thoes lines (including the first radrecv() line).

Dale

------------

This is a user supported list. If you require assistance from IEA
Software's Support Engineers, please check out our Support resources at
http://www.iea-software.com/support.

For more information about this list (including removal) go to:
http://www.iea-software.com/support/maillists/liststart
------------

This is a user supported list. If you require assistance from IEA Software's
Support Engineers, please check out our Support resources at
http://www.iea-software.com/support.

For more information about this list (including removal) go to:
http://www.iea-software.com/support/maillists/liststart

------------

This is a user supported list. If you require assistance from IEA Software's
Support Engineers, please check out our Support resources at
http://www.iea-software.com/support.

For more information about this list (including removal) go to:
http://www.iea-software.com/support/maillists/liststart