Hiper ARC setup assistance please
I am in the midst of replacing my existing PRI/Quad/Netserver/NMC setup with a Hiper DSP/ARC/NMC. I have gone through, configured everything that I can figure and got the system to the point where it's answering calls and successfully authenticating users against our RADIUS (freeradius) server. The problem I am having is that once users are connected most of them are not able to do anything (and in fact the users that are not working I cannot even ping). The puzzling part is that the problem is not tied to a particular user (a user may dial in 10 times, and maybe one time out of the 10 everything works fine). The times when things do not work, I have had the users check winipcfg and it shows the correct IP, gateway, etc, etc. I'm sure there is probably some routing setting or somesuch that I have not set properly or routing isn't propagating to something it needs to propagate to that is causing this issue. The users are "firmly" connected, its not as if they are getting disconnected... and they are having no problems during the connection process. Side note that I did have to change the PPP authentication setting from "any" to "PAP" to get users to authenticate to the RADIUS server (the session was defaulting to CHAP and failing)... that is the only thing remotely convoluted that I tried changing :-) I thought everything had gone miraculously well when I saw users dialling in, being assigned IP addresses and connecting successfully... until the phone started ringing with people saying "I can connect but I can't do anything". I've tried to configure with HARM (which I hear everybody hates :-) after resetting to factory default. I'm more than happy to reset the ARC to factory defaults again(probably the best place to start :-) if someone is instead able to give me a quick rundown of the command line settings which I should enter from factory default to end up with a working configuration. Our needs are about as basic as it gets, so I'm guessing it *should* be about 10 or 15 command lines to configure. I'll give my working settings from the Netserver setup below, and hopefully this will give enough info... There are no users configured in the Netserver. IP addresses and DNS servers are assigned to the customers by the Netserver with the exception of a handful of users which receive a static IP courtesy of the RADIUS server (but still receive their DNS server settings courtesy of the Netserver). I've set the IP's for the new equipment not to conflict with the old so that all I have to do is unplug the PRI from the old chassis and plug it into the new one to do the switchover (or to test). The RADIUS server is all configured up to accommodate this setup. (IP's shortened below to save my fingers :-). - I have a single PRI with 23 channels - Existing Netserver is IP 1.1.1.226 with netmask 255.255.255.224 and gateway of 1.1.1.225 - Existing NMC is IP 1.1.1.130 with netmask 255.255.255.192 and gateway of 1.1.1.129 - Our single IP Pool for dialup users starts at 1.1.1.228 netmask 255.255.255.224 gw 1.1.1.225 and has 27 IP's available (will be using the same pool in new setup) - Hiper NMC will be IP 1.1.1.181 with netmask 255.255.255.192 and gateway of 1.1.1.129 - Hiper ARC with dual 10/100 NIC will be IP 1.1.1.227 with netmask 255.255.255.224 and gateway of 1.1.1.225 on the top ethernet port, the bottom ethernet port is not connected. - Radius server is 1.1.1.133 with a secret of blah for both accounting and authentication - DNS servers are 1.1.1.130 and 1.1.1.131 - Logging server is 1.1.1.133 - SNMP traps to 1.1.1.133 - 3.5.105 firmware on DSP, 5.3.107 on ARC and 8.6.3 on NMC I think that's about everything. Thanks in advance for your assistance! Cheers,
Mike <<<<<
I didn't see a response to your ? so I thought I'd try to help a little. There's a lot of info here so I'll just start off with some simple things and go from there. First...I don't see why you have your NMC and arc on different subnets? Not really related to your customers not routing but seems to me could be a problem for you down the road. There are some other unusual choices of subnets but hey...run with it. What's the upstream router from the arc tell you when you issue a route statement for the dialup pool? If it's a cisco....show ip route 1.1.1.228 255.255.255.227 Are you going to setup a routing protocol on the box? I'm not a big fan of setting up ip pools in the same subnet as the ethernet. I'd consider ospf instead of rip but it's really your choice. I'm thinking (but can't remember fully) that there's a statement like enable ip proxy_arp_all_dialin to get your ip pools routing when they're in the same subnet as the ether. Hope that helps. Todd ----- Original Message ----- From: "Mike Cisar" <mcisar@iul.net> To: <USR-TC@mailman.xmission.com> Sent: Wednesday, November 12, 2003 11:54 PM Subject: [USR-TC] Hiper ARC setup assistance please
I am in the midst of replacing my existing PRI/Quad/Netserver/NMC setup with a Hiper DSP/ARC/NMC. I have gone through, configured everything that I can figure and got the system to the point where it's answering calls and successfully authenticating users against our RADIUS (freeradius) server.
The problem I am having is that once users are connected most of them are not able to do anything (and in fact the users that are not working I cannot even ping). The puzzling part is that the problem is not tied to a particular user (a user may dial in 10 times, and maybe one time out of the 10 everything works fine). The times when things do not work, I have had the users check winipcfg and it shows the correct IP, gateway, etc, etc. I'm sure there is probably some routing setting or somesuch that I have not set properly or routing isn't propagating to something it needs to propagate to that is causing this issue. The users are "firmly" connected, its not as if they are getting disconnected... and they are having no problems during the connection process. Side note that I did have to change the PPP authentication setting from "any" to "PAP" to get users to authenticate to the RADIUS server (the session was defaulting to CHAP and failing)... that is the only thing remotely convoluted that I tried changing :-) I thought everything had gone miraculously well when I saw users dialling in, being assigned IP addresses and connecting successfully... until the phone started ringing with people saying "I can connect but I can't do anything".
I've tried to configure with HARM (which I hear everybody hates :-) after resetting to factory default. I'm more than happy to reset the ARC to factory defaults again(probably the best place to start :-) if someone is instead able to give me a quick rundown of the command line settings which I should enter from factory default to end up with a working configuration. Our needs are about as basic as it gets, so I'm guessing it *should* be about 10 or 15 command lines to configure.
I'll give my working settings from the Netserver setup below, and hopefully this will give enough info... There are no users configured in the Netserver. IP addresses and DNS servers are assigned to the customers by the Netserver with the exception of a handful of users which receive a static IP courtesy of the RADIUS server (but still receive their DNS server settings courtesy of the Netserver). I've set the IP's for the new equipment not to conflict with the old so that all I have to do is unplug the PRI from the old chassis and plug it into the new one to do the switchover (or to test). The RADIUS server is all configured up to accommodate this setup.
(IP's shortened below to save my fingers :-).
- I have a single PRI with 23 channels - Existing Netserver is IP 1.1.1.226 with netmask 255.255.255.224 and gateway of 1.1.1.225 - Existing NMC is IP 1.1.1.130 with netmask 255.255.255.192 and gateway of 1.1.1.129 - Our single IP Pool for dialup users starts at 1.1.1.228 netmask 255.255.255.224 gw 1.1.1.225 and has 27 IP's available (will be using the same pool in new setup)
- Hiper NMC will be IP 1.1.1.181 with netmask 255.255.255.192 and gateway of 1.1.1.129 - Hiper ARC with dual 10/100 NIC will be IP 1.1.1.227 with netmask 255.255.255.224 and gateway of 1.1.1.225 on the top ethernet port, the bottom ethernet port is not connected. - Radius server is 1.1.1.133 with a secret of blah for both accounting and authentication - DNS servers are 1.1.1.130 and 1.1.1.131 - Logging server is 1.1.1.133 - SNMP traps to 1.1.1.133 - 3.5.105 firmware on DSP, 5.3.107 on ARC and 8.6.3 on NMC
I think that's about everything. Thanks in advance for your assistance!
Cheers,
Mike <<<<<
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
I didn't see a response to your ? so I thought I'd try to help a little.
Thanks :-)
First...I don't see why you have your NMC and arc on different subnets? Not really related to your customers not routing but seems to me could be a problem for you down the road.
I could easily move the ARC to (for example 1.1.1.135), our old setup always had the Netserver on the same subnet as the dialup pool so I was just trying to mirror that setup (don't ask me why I did it that way 10 years ago :-). If I move the ARC to be in the same subnet as the NMC... where would I tell the ARC that the gateway for the IP pool is at .225 (whereas the gateway for the ARC would then be at .129).
There are some other unusual choices of subnets but hey...run with it.
We have 3 separate subnets coming in from our upstream, one of 64 IP's and 2 of 32. All come in over the same ethernet, and each have a separate gateway IP). The block of 64 houses our lan (workstations, servers, etc), 32 for a block of virtual web servers and the other 32 is for the dialup pool.
What's the upstream router from the arc tell you when you issue a route statement for the dialup pool? If it's a cisco....show ip route 1.1.1.228 255.255.255.227
That I couldn't tell you :-) We are on an ethernet over fiber connection and don't have access to the ISP's router. All we got at our end for equipment is one pretty red cable coming out of the wall :-) For what it's worth, with the Netserver at .226 and the IP pool starting at .228 everything works just peachy... so unless the ARC is sending something upstream to screw up the routing (or not sending something upstream that the Netserver is) that part should be remaining the same (the IP pool is the one thing in this changeover that remains constant :-)
Are you going to setup a routing protocol on the box? I'm not a big fan of setting up ip pools in the same subnet as the ethernet. I'd consider ospf instead of rip but it's really your choice. I'm thinking (but can't remember fully) that there's a statement like enable ip proxy_arp_all_dialin to get your ip pools routing when they're in the same subnet as the ether.
To be quite honest I don't know. I never had to set anything up routing-wise on the Netserver (for better or worse), but it's entirely possible that I'll need to do that on the ARC if "out of the box" it doesn't treat things the same.
Hope that helps.
Time will tell HEHE. Thanks! Cheers,
Mike <<<<<
Did the proxy_arp command fix your routing issues or not? When you are unable to ping customers, where does the traceroute die? Todd ----- Original Message ----- From: "Mike Cisar" <mcisar@iul.net> To: "'Discussion relating to the 3Com/US Robotics Total Controlmodemsystems.'" <usr-tc@mailman.xmission.com> Sent: Thursday, November 13, 2003 12:07 PM Subject: RE: [USR-TC] Hiper ARC setup assistance please
I didn't see a response to your ? so I thought I'd try to help a little.
Thanks :-)
First...I don't see why you have your NMC and arc on different subnets? Not really related to your customers not routing but seems to me could be a problem for you down the road.
I could easily move the ARC to (for example 1.1.1.135), our old setup always had the Netserver on the same subnet as the dialup pool so I was just trying to mirror that setup (don't ask me why I did it that way 10 years ago :-). If I move the ARC to be in the same subnet as the NMC... where would I tell the ARC that the gateway for the IP pool is at .225 (whereas the gateway for the ARC would then be at .129).
There are some other unusual choices of subnets but hey...run with it.
We have 3 separate subnets coming in from our upstream, one of 64 IP's and 2 of 32. All come in over the same ethernet, and each have a separate gateway IP). The block of 64 houses our lan (workstations, servers, etc), 32 for a block of virtual web servers and the other 32 is for the dialup pool.
What's the upstream router from the arc tell you when you issue a route statement for the dialup pool? If it's a cisco....show ip route 1.1.1.228 255.255.255.227
That I couldn't tell you :-) We are on an ethernet over fiber connection and don't have access to the ISP's router. All we got at our end for equipment is one pretty red cable coming out of the wall :-) For what it's worth, with the Netserver at .226 and the IP pool starting at .228 everything works just peachy... so unless the ARC is sending something upstream to screw up the routing (or not sending something upstream that the Netserver is) that part should be remaining the same (the IP pool is the one thing in this changeover that remains constant :-)
Are you going to setup a routing protocol on the box? I'm not a big fan of setting up ip pools in the same subnet as the ethernet. I'd consider ospf instead of rip but it's really your choice. I'm thinking (but can't remember fully) that there's a statement like enable ip proxy_arp_all_dialin to get your ip pools routing when they're in the same subnet as the ether.
To be quite honest I don't know. I never had to set anything up routing-wise on the Netserver (for better or worse), but it's entirely possible that I'll need to do that on the ARC if "out of the box" it doesn't treat things the same.
Hope that helps.
Time will tell HEHE. Thanks!
Cheers,
Mike <<<<<
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
Sorry...don't think I answered your other question:
where would I tell the ARC that the gateway for the IP pool is at .225 (whereas the gateway for the ARC would then be at .129).
I'm a little confused as to what you're asking but you don't setup a gateway for the ip pools, just a gateway for the arc. The pools are directly connected ;) Todd ----- Original Message ----- From: "Todd Bertolozzi" <todd.bertolozzi@voyager.net> To: "Discussion relating to the 3Com/US Robotics Total Control modemsystems." <usr-tc@mailman.xmission.com> Sent: Thursday, November 13, 2003 1:11 PM Subject: Re: [USR-TC] Hiper ARC setup assistance please
Did the proxy_arp command fix your routing issues or not? When you are unable to ping customers, where does the traceroute die?
Todd ----- Original Message ----- From: "Mike Cisar" <mcisar@iul.net> To: "'Discussion relating to the 3Com/US Robotics Total Controlmodemsystems.'" <usr-tc@mailman.xmission.com> Sent: Thursday, November 13, 2003 12:07 PM Subject: RE: [USR-TC] Hiper ARC setup assistance please
I didn't see a response to your ? so I thought I'd try to help a little.
Thanks :-)
First...I don't see why you have your NMC and arc on different subnets? Not really related to your customers not routing but seems to me could be a problem for you down the road.
I could easily move the ARC to (for example 1.1.1.135), our old setup always had the Netserver on the same subnet as the dialup pool so I was just trying to mirror that setup (don't ask me why I did it that way 10 years ago :-). If I move the ARC to be in the same subnet as the NMC... where would I tell the ARC that the gateway for the IP pool is at .225 (whereas the gateway for the ARC would then be at .129).
There are some other unusual choices of subnets but hey...run with it.
We have 3 separate subnets coming in from our upstream, one of 64 IP's and 2 of 32. All come in over the same ethernet, and each have a separate gateway IP). The block of 64 houses our lan (workstations, servers, etc), 32 for a block of virtual web servers and the other 32 is for the dialup pool.
What's the upstream router from the arc tell you when you issue a route statement for the dialup pool? If it's a cisco....show ip route 1.1.1.228 255.255.255.227
That I couldn't tell you :-) We are on an ethernet over fiber connection and don't have access to the ISP's router. All we got at our end for equipment is one pretty red cable coming out of the wall :-) For what it's worth, with the Netserver at .226 and the IP pool starting at .228 everything works just peachy... so unless the ARC is sending something upstream to screw up the routing (or not sending something upstream that the Netserver is) that part should be remaining the same (the IP pool is the one thing in this changeover that remains constant :-)
Are you going to setup a routing protocol on the box? I'm not a big fan of setting up ip pools in the same subnet as the ethernet. I'd consider ospf instead of rip but it's really your choice. I'm thinking (but can't remember fully) that there's a statement like enable ip proxy_arp_all_dialin to get your ip pools routing when they're in the same subnet as the ether.
To be quite honest I don't know. I never had to set anything up routing-wise on the Netserver (for better or worse), but it's entirely possible that I'll need to do that on the ARC if "out of the box" it doesn't treat things the same.
Hope that helps.
Time will tell HEHE. Thanks!
Cheers,
> Mike <<<<<
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
participants (2)
-
Mike Cisar -
Todd Bertolozzi