Mike Tindor wrote:
Hi Folks,
I have a problem that I need some help with, mainly setting the IEA Next Hop Gateway - to automatically set up users who want Xstop filtering to go through the Xstop unit rather than the main router.
We are running 4.1.59 HiperARCs with 3com SA 6.0.8x, with TC units and router (default gateway) on the same class C network.
I had read in the Knowledgebase where the Next Hop Gateway must lie outside the subnet of the main TC ethernet interface, and so I have made sure that the Xstop is not on the same subnet.
Hmmm, I would think you need the IP address of your Xstop machine on a subnet on the TC Ethernet interface, otherwise the router will not know how to talk to it and send all traffic out the default route. I am using IEA in 4.1.59-6 without any problems, I'm in processing of switching my upstream ISP and it's turned out to be a very nice feature. I just bound two different class C addresses to the Ethernet adapter. Maybe mine is working because I didn't read the knowledge base and figured everything out on my own.
I can run 'mon radius' on a user in question, and it shows: VPN-NEIGHBOR : -772795387 ^^^^^^^^^ should be an IP address
Yeah, mine does this, ignore it, it's got the right address in there, it's just not showing it as a human readable IP address, I suspect they just printf a signed long.
After the user is logged in I can run a 'show session username' and it will list IEA Next Hop Gateway : xxx.xxx.xxx.xxx like it should.
However, the problem is that it apparently isn't working -- I don't see it as the next hop in a traceroute, I can't see any reference to it in a 'list ip routes'.
Yeah, well, if it's on a different subnet I don't see how you can talk to it. Have you tried to ping your Xstop box from the HiPer ARC? Do a traceroute as well from the HiPer ARC, it shouldn't go through your default route. It looks like you're set up to use proxy arp IEA, that's also how I configured mine. I'd try giving the Xstop box an IP address inside of a subnet assigned to the Ethernet port of the HiPer ARC. -Ron GLISnet, Inc. +1 810/939.9885 - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.