If you don't use the "dialer in-band" directive in the config (Which makes the dialer a DDR interface), you do not need to set an idle timeout, and it does not default to 2 mins. It will only default to 2 mins if you specify "dialer in-band" and do not set a "dialer idle-timeout".
-Ronan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mike McCauley Sent: Wednesday, 06 March, 2002 16:39 To: [EMAIL PROTECTED] Subject: RE: (RADIATOR) Re: Fwd: Re: [Oz-ISP] AS5200's and IOS12.1 ---------- Forwarded Message ---------- Subject: BOUNCE [EMAIL PROTECTED]: Non-member submission from ["Robert Blayzor" <[EMAIL PROTECTED]>] Date: Wed, 6 Mar 2002 06:19:20 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] >From [EMAIL PROTECTED] Wed Mar 6 06:19:20 2002 Received: from mx0.inoc.net (mx0.inoc.net [64.246.130.30]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g26CJK319179 for <[EMAIL PROTECTED]>; Wed, 6 Mar 2002 06:19:20 -0600 Received: from nimbus (unverified [10.0.0.111]) by mx0.inoc.net (Vircom SMTPRS 5.2.204) with ESMTP id <[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>; Wed, 6 Mar 2002 08:51:14 -0500 Reply-To: <[EMAIL PROTECTED]> From: "Robert Blayzor" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: RE: (RADIATOR) Re: Fwd: Re: [Oz-ISP] AS5200's and IOS12.1 Date: Wed, 6 Mar 2002 08:51:13 -0500 Organization: INOC, LLC Message-ID: <00e601c1c515$fafe4f00$[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <[EMAIL PROTECTED]> We use the AS5300's almost exclusively here, we run IOS 12.1(x). The config info doesn't mean much below. The problem is that if you're using IOS and not using "virtual profiles" I believe the 5300's listen to what's hard set in the config as an idle-time on any dialer our group-async interface. If you don't specify the idle timeout, then I believe the default is some crazy value of 2 minutes (120 seconds). The best solution we've found is to use virtual profiles on the 5300, and max out the idle-timeout on any dialer or group-async interface. When doing that, the 5300's will always honor the RADIUS attributes for idle-timeout, etc. We've never had a problem with the 5300's just disconnecting people for idle-timeout if they were using it or not, and the access-list in the config below just denies any ICMP requests to or from any async device (modem). I surely don't see how that fixes the problem. Tips for the AS5300's and RADIUS: Enable virtual profiles: virtual-profile virtual-template 1 virtual-profile aaa Max out the idle-timeout of any interface. If you are running any routing protocols on the box, make sure you make dialer and group-async interfaces PASSIVE, or try not to include the scope in your OSPF range, etc. Otherwise you'll be sending routing messages to all your dialin users: router ospf 101 log-adjacency-changes area 0 authentication redistribute connected subnets route-map connected_filter redistribute static subnets passive-interface Dialer1 passive-interface Group-Async1 passive-interface Virtual-Template1 -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] My opinion is neither copyrighted nor trademarked, and it's price competitive. If you like, I'll trade for one of yours. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Hugh Irvine > Sent: Tuesday, March 05, 2002 11:42 PM > To: [EMAIL PROTECTED] > Subject: (RADIATOR) Re: Fwd: Re: [Oz-ISP] AS5200's and IOS12.1 > > > > Hello Everyone - > > Here is a note regarding a Cisco IOS radius problem. > > regards > > Hugh > > > ---------- Forwarded Message ---------- > > > > Subject: Re: [Oz-ISP] AS5200's and IOS12.1 > > Date: Wed, 6 Mar 2002 13:14:27 +1100 (EST) > > From: [EMAIL PROTECTED] > > To: [EMAIL PROTECTED] (Heath Jones) > > Cc: [EMAIL PROTECTED] > > > > This sounds very much like a problem we had when upgrading an AS5300 > > recently (it was actually from 12.0something to 12.2something)... > > Until we found the solution all dialup users were being disconnected > > according to their radius idle-timeout sessions, regardless of > > activity... > > > > The solution was that we had to actually specify an access-list for > > idle-timeouts (even if it was just 'let everything thru') > > as follows: > > Config Extract: > > ! > > interface Group-Async1 > > ip unnumbered FastEthernet0 > > encapsulation ppp > > no ip mroute-cache > > no logging event link-status > > dialer in-band > > dialer idle-timeout 2147483 > > dialer-group 1 > > async default routing > > async dynamic address > > async mode interactive > > peer default ip address pool default > > no fair-queue > > ppp authentication pap chap ms-chap > > ppp multilink > > group-range 1 240 > > ! > > access-list 101 deny icmp any any > > access-list 101 permit ip any any > > dialer-list 1 protocol ip list 101 > > ! > > > > This fixed it (and certainly wasn't necessary with the earlier IOS). > > > > hth, Peter Vaskess > > Netlink Connect > > > > > HAs anyone upgraded their 5200's to IOS 12.1 IP Plus? > > > > > > We're having a problem with the NAS's disconnecting > > user's for supposed > > > > "Idle-Timeout"s. The problem is that it doesn't matter > > whether the user > > > > is inactive or not they still get disconnected. > > > > > > I have spoken to a couple of people who have had this > > problem but as yet > > > > noone seems to know a viable solution. I'd be interested in any > > > recommendations people have. > > > > ---- > > email "unsubscribe aussie-isp" to [EMAIL PROTECTED] to > > be removed. > > > ------------------------------------------------------- > > -- > Mike McCauley [EMAIL PROTECTED] > Open System Consultants Pty. Ltd Unix, Perl, > Motif, C++, WWW > 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au > Phone +61 3 9598-0985 Fax +61 3 9598-0955 > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc > on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. ------------------------------------------------------- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.