Re: (usr-tc) Need help with IEA Next Hop
---------- Original Message ---------------------------------- From: Ronald Kushner <ron@glis.net> Reply-To: usr-tc@lists.xmission.com Date: Tue, 30 Nov 1999 04:01:24 -0500
Hmmm, I would think you need the IP address of your Xstop machine on a subnet on the TC Ethernet interface, otherwise the router will not know how to talk to it and send all traffic out the default route. I am using IEA in 4.1.59-6 without any problems, I'm in processing of switching my upstream ISP and it's turned out to be a very nice feature. I just bound two different class C addresses to the Ethernet adapter. Maybe mine is working because I didn't read the knowledge base and figured everything out on my own.
Ron, that sounded nice and logical, and believe me we tried that numerous times; however, we failed to try this again once we re-edited the radserv.scp file -- our mistake. Just FYI -- The KB article on this subject gives the following (erroneous) information: /* f. Change the second copy to match the following EXACTLY: Get-VPN-Neighbor: ;---------------- usersParam = UserRow.PW_VPN_Neighbor if(length(usersParam) > 0) Response.PW_VPN_Neighbor = NUM(usersParam) else if(length(thisGroup)>0) groupParam = GroupRow.PW_VPN_Neighbor if(length(groupParam) > 0) Response.PW_VPN_Neighbor = NUM(groupParam) endif endif endif */ NOTE: The above is wrong -- If we do what it shows above, it will not issue the next hop gateway and a 'show session user' would reveal IEA NEXT HOP GATEWAY IP ADDRESS: 0.0.0.192 After removing NUM() from groupParams and usersParams and restarting Radius, the next hop started working -- revealing IEA NEXT HOP GATEWAY IP ADDRESS: 192.168.10.1 -- Obviously an error in the information in the KB article. Thanks for your recommendation -- It was an oversight on our part and I'm glad I don't have to spend another moment on it! Mike Tindor - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Mike, Thanks for pointing that out. I'll get it fixed right away. Dominic On Tue, 30 Nov 1999, Mike Tindor wrote:
---------- Original Message ---------------------------------- From: Ronald Kushner <ron@glis.net> Reply-To: usr-tc@lists.xmission.com Date: Tue, 30 Nov 1999 04:01:24 -0500
Hmmm, I would think you need the IP address of your Xstop machine on a subnet on the TC Ethernet interface, otherwise the router will not know how to talk to it and send all traffic out the default route. I am using IEA in 4.1.59-6 without any problems, I'm in processing of switching my upstream ISP and it's turned out to be a very nice feature. I just bound two different class C addresses to the Ethernet adapter. Maybe mine is working because I didn't read the knowledge base and figured everything out on my own.
Ron, that sounded nice and logical, and believe me we tried that numerous times; however, we failed to try this again once we re-edited the radserv.scp file -- our mistake.
Just FYI -- The KB article on this subject gives the following (erroneous) information:
/* f. Change the second copy to match the following EXACTLY:
Get-VPN-Neighbor: ;---------------- usersParam = UserRow.PW_VPN_Neighbor if(length(usersParam) > 0) Response.PW_VPN_Neighbor = NUM(usersParam) else if(length(thisGroup)>0) groupParam = GroupRow.PW_VPN_Neighbor if(length(groupParam) > 0) Response.PW_VPN_Neighbor = NUM(groupParam) endif endif endif */
NOTE: The above is wrong -- If we do what it shows above, it will not issue the next hop gateway and a 'show session user' would reveal IEA NEXT HOP GATEWAY IP ADDRESS: 0.0.0.192
After removing NUM() from groupParams and usersParams and restarting Radius, the next hop started working -- revealing IEA NEXT HOP GATEWAY IP ADDRESS: 192.168.10.1 -- Obviously an error in the information in the KB article.
Thanks for your recommendation -- It was an oversight on our part and I'm glad I don't have to spend another moment on it!
Mike Tindor
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Mike Tindor wrote:
Just FYI -- The KB article on this subject gives the following (erroneous) information:
/* f. Change the second copy to match the following EXACTLY:
Get-VPN-Neighbor: ;---------------- usersParam = UserRow.PW_VPN_Neighbor if(length(usersParam) > 0) Response.PW_VPN_Neighbor = NUM(usersParam) else if(length(thisGroup)>0) groupParam = GroupRow.PW_VPN_Neighbor if(length(groupParam) > 0) Response.PW_VPN_Neighbor = NUM(groupParam) endif endif endif */
NOTE: The above is wrong -- If we do what it shows above, it will not issue the next hop gateway and a 'show session user' would reveal IEA NEXT HOP GATEWAY IP ADDRESS: 0.0.0.192
After removing NUM() from groupParams and usersParams and restarting Radius, the next hop started working -- revealing IEA NEXT HOP GATEWAY IP ADDRESS: 192.168.10.1 -- Obviously an error in the information in the KB article.
Thanks for your recommendation -- It was an oversight on our part and I'm glad I don't have to spend another moment on it!
Yeah, I never followed any article, I copied the code out of the radserv.scp that was used to pull the DNS numbers out of the database. Glad you got it working... -Ron GLISnet, Inc. +1 810/939.9885 - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
participants (3)
-
dciresi@defunct.ae.usr.com -
Mike Tindor -
Ronald Kushner