[prev in list] [next in list] [prev in thread] [next in thread]
List: inet-access
Subject: Re: PM3/Radius issue.
From: Scott Call <scall () devolution ! com>
Date: 2003-11-02 0:12:44
[Download RAW message or body]
What's most likely happening is the radius return is sourced from exp1,
since that is the best route from the radius server to the PM3s.
Try changing the radius server in the PM3s to point to the exp1 address.
If that doesn't work, try getting your radiusd to bind to all addresses on
the box, or at least exp1 instead of exp0.
-S
On Sat, 1 Nov 2003, Keith Woodworth wrote:
>
> Wierd routing...maybe.
>
> Radius server w/ two ethernet ports, exp0 and exp1. Radius listens on exp0
> as does dhcpd. Fine..works well for last 2 yrs.
>
> Wanting to change some stuff around and put Radius server directly
> connected to same switch as the PM3's.
>
> Switch is a 3550, Vlan 5 is for PM3's, ports on that Vlan are setup:
>
> interface FastEthernet0/15
> switchport access vlan 5
> switchport mode access
> no ip address
>
> All PM3's on Vlan5 are part of 204.244.99.0/24. So I assign 204.244.99.1
> to exp1 on radius server and plug into the above port. Ok quick bit of
> pinging from PM3's can see 204.244.99.1 since it directly connected.
>
> Radius is on 64.114.55.100 assigned to exp0. I can ping it from the
> PM3's. So thinking I'll leave it till early, early Sunday morn to reconfig
> PM3's and radius to listen on exp1.
>
> Little while later start getting calls cant login, auth fails etc. Still
> can ping radius listening on 64.114.55.100 from the PM3, but radius is not
> authenticating.
>
> So I ifconfig exp1 down and now people can authenticate. Ok so ifconfig
> exp1 up, back to not auth'ing, but still can ping 64.114.55.100. ifconfig
> down again and can auth again.
>
> It looks like requests are hitting the exp0 interface like they should but
> not making it back. I'm thinking that the radius server is sending the
> reply back via exp1 which is not right and thats where the auth fails.
>
> Would that be whats happening? PM3 is sending request to right server but
> the server is sending the reply back on the wrong interface? I didnt
> tcpdump the connection since I had to get it back operational ASAP, but
> would like have 204.244.99.1 be the radius server, on same subnet, on the
> same switch/vlan etc.
>
> thanks for a clue or two here...
>
>
> _______________________________________________
> "Eat sushi frequently". - Avi
> inet@inet-access.net is the human contact address.
> list@inet-access.net is the list posting address.
> See below URL for subscribe/unsubscribe and list options:
> http://inet-access.net/mailman/listinfo/list
>
>
>
> !DSPAM:3fa4425068072086761734!
>
>
>
--
Scott Call Router Geek, ATGi, home of $6.95 Prime Rib
"These are the last days of peace in America as you know it.
And we will never be the same." -Mark Morford
_______________________________________________
"Eat sushi frequently". - Avi
inet@inet-access.net is the human contact address.
list@inet-access.net is the list posting address.
See below URL for subscribe/unsubscribe and list options:
http://inet-access.net/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic