Problem with ip pools
Hi,
I'm using ip pools to manage my client ips from the radius side.
Here's my conf:
* users file :
DEFAULT Service-Type == Framed-User, Pool-Name := main_pool
Framed-Protocol = PPP,
Framed-MTU = 576
* radiusd.conf file:
ippool main_pool {
range-start = 192.168.52.2
range-stop = 192.168.52.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
}
Everything is working well for some days then my clients could not get
anymore ips from the radius. I've found a way to correct this by deletinf
the db.ip* files and restarting the radius but this is not *clean*.
Is there a way to dump the content of the ippool database ?
I want to understand how ips are freed from the pool because I think that
there's a problem when a client disconnects. It seems that ips stay in the
pool as used even if the client has disconnected.
Thanks in advance for your help.
Regargs,
--
Sebastien Cantos [EMAIL PROTECTED]
Network / System Manager
Neopost DIVA
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with ip pools
On Thu, 31 Mar 2005, Sbastien Cantos wrote:
Hi,
I'm using ip pools to manage my client ips from the radius side.
Here's my conf:
* users file :
DEFAULT Service-Type == Framed-User, Pool-Name := main_pool
Framed-Protocol = PPP,
Framed-MTU = 576
* radiusd.conf file:
ippool main_pool {
range-start = 192.168.52.2
range-stop = 192.168.52.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
}
Everything is working well for some days then my clients could not get
anymore ips from the radius. I've found a way to correct this by deletinf
the db.ip* files and restarting the radius but this is not *clean*.
Is there a way to dump the content of the ippool database ?
I want to understand how ips are freed from the pool because I think that
there's a problem when a client disconnects. It seems that ips stay in the
pool as used even if the client has disconnected.
Thanks in advance for your help.
There's rlm_ippool_tool which might help you in src/modules/rlm_ippool.
rlm_ippool depends on accounting working ok. If it is not working then you might
get into problems. The module *does* have a few more methods of finding out
stale records and deleting them:
1. maximum-timeout directive. You can set that to the maximum session time
expected in your network (if that can be calculated) in order to make sure no ip
remains active for more time than maximum-timeout.
2. Each time an authentication request is performed from a nas ip/port pair
which has already an ip allocated that ip is cleaned up. That means that as long
as your ip pool is as large as your nas ports number it will be difficult to run
out of available ip's.
My suggestion is to make sure you don't run an old version of the module (older
version did have problems) and to take a closer look at how well your accounting
works.
Regargs,
--
Sebastien Cantos [EMAIL PROTECTED]
Network / System Manager
Neopost DIVA
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
RE: Problem with ip pools
Hi,
The main_pool line in the accounting section of the radiusd.conf file was
commented ... Maybe that was my mistake.
Ok for the rlm_ippool_tool I'm gonna use it to see if my modification of
radiusd.conf is working or not. I was not using accounting at all so I forgot
about it but it seems that I will have to configure it well to get the ip_pool
working.
Thank for answering.
Best regards,
--
Sebastien Cantos [EMAIL PROTECTED]
Network / System Manager
Neopost DIVA
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la
part de Kostas Kalevras
Envoy : jeudi 31 mars 2005 13:47
: freeradius-users@lists.freeradius.org
Objet : Re: Problem with ip pools
On Thu, 31 Mar 2005, Sbastien Cantos wrote:
Hi,
I'm using ip pools to manage my client ips from the radius side.
Here's my conf:
* users file :
DEFAULT Service-Type == Framed-User, Pool-Name := main_pool
Framed-Protocol = PPP,
Framed-MTU = 576
* radiusd.conf file:
ippool main_pool {
range-start = 192.168.52.2
range-stop = 192.168.52.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
}
Everything is working well for some days then my clients
could not get
anymore ips from the radius. I've found a way to correct
this by deletinf
the db.ip* files and restarting the radius but this is not *clean*.
Is there a way to dump the content of the ippool database ?
I want to understand how ips are freed from the pool
because I think that
there's a problem when a client disconnects. It seems that
ips stay in the
pool as used even if the client has disconnected.
Thanks in advance for your help.
There's rlm_ippool_tool which might help you in
src/modules/rlm_ippool.
rlm_ippool depends on accounting working ok. If it is not
working then you might
get into problems. The module *does* have a few more methods
of finding out
stale records and deleting them:
1. maximum-timeout directive. You can set that to the maximum
session time
expected in your network (if that can be calculated) in order
to make sure no ip
remains active for more time than maximum-timeout.
2. Each time an authentication request is performed from a
nas ip/port pair
which has already an ip allocated that ip is cleaned up. That
means that as long
as your ip pool is as large as your nas ports number it will
be difficult to run
out of available ip's.
My suggestion is to make sure you don't run an old version of
the module (older
version did have problems) and to take a closer look at how
well your accounting
works.
Regargs,
--
Sebastien Cantos [EMAIL PROTECTED]
Network / System Manager
Neopost DIVA
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Problem with ip pools
Still no luck. I made a connection, the disconnect but the IP it is always
in the databases. I would like to understand if accounting is working well.
Only thing I know is that files in
[EMAIL PROTECTED]:/usr/local/var/log/radius/radacct/192.168.10.8 are being
fullfiled. (192.168.10.8 is a cisco router which acts as a NAS forwarding
NAS requests).
[EMAIL PROTECTED]:/usr/local/var/log/radius/radacct/192.168.10.8# cat
auth-detail-20050331
Packet-Type = Access-Request
Thu Mar 31 14:31:55 2005
Framed-Protocol = PPP
User-Name = masqued
CHAP-Password = masqued
NAS-Port-Type = Virtual
NAS-Port = 135
Calling-Station-Id = masqued
Called-Station-Id = masqued
Service-Type = Framed-User
NAS-IP-Address = 192.168.10.8
Client-IP-Address = 192.168.10.8
CHAP-Challenge = masqued
[EMAIL PROTECTED]:/usr/local/var/log/radius/radacct/192.168.10.8# cat
reply-detail-20050331
Packet-Type = Access-Accept
Thu Mar 31 14:31:55 2005
Framed-Protocol = PPP
Framed-MTU = 576
Framed-IP-Address = 192.168.52.79
Framed-IP-Netmask = 255.255.255.0
Does this means that accounting is working ?
Regards,
--
Sebastien Cantos [EMAIL PROTECTED]
Network / System Manager
Neopost DIVA
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la
part de Sébastien Cantos
Envoyé : jeudi 31 mars 2005 14:26
À : freeradius-users@lists.freeradius.org
Objet : RE: Problem with ip pools
Hi,
The main_pool line in the accounting section of the
radiusd.conf file was commented ... Maybe that was my mistake.
Ok for the rlm_ippool_tool I'm gonna use it to see if my
modification of radiusd.conf is working or not. I was not
using accounting at all so I forgot about it but it seems
that I will have to configure it well to get the ip_pool working.
Thank for answering.
Best regards,
--
Sebastien Cantos [EMAIL PROTECTED]
Network / System Manager
Neopost DIVA
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la
part de Kostas Kalevras
Envoyé : jeudi 31 mars 2005 13:47
À : freeradius-users@lists.freeradius.org
Objet : Re: Problem with ip pools
On Thu, 31 Mar 2005, S?bastien Cantos wrote:
Hi,
I'm using ip pools to manage my client ips from the radius side.
Here's my conf:
* users file :
DEFAULT Service-Type == Framed-User, Pool-Name := main_pool
Framed-Protocol = PPP,
Framed-MTU = 576
* radiusd.conf file:
ippool main_pool {
range-start = 192.168.52.2
range-stop = 192.168.52.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
}
Everything is working well for some days then my clients
could not get
anymore ips from the radius. I've found a way to correct
this by deletinf
the db.ip* files and restarting the radius but this is
not *clean*.
Is there a way to dump the content of the ippool database ?
I want to understand how ips are freed from the pool
because I think that
there's a problem when a client disconnects. It seems that
ips stay in the
pool as used even if the client has disconnected.
Thanks in advance for your help.
There's rlm_ippool_tool which might help you in
src/modules/rlm_ippool.
rlm_ippool depends on accounting working ok. If it is not
working then you might
get into problems. The module *does* have a few more methods
of finding out
stale records and deleting them:
1. maximum-timeout directive. You can set that to the maximum
session time
expected in your network (if that can be calculated) in order
to make sure no ip
remains active for more time than maximum-timeout.
2. Each time an authentication request is performed from a
nas ip/port pair
which has already an ip allocated that ip is cleaned up. That
means that as long
as your ip pool is as large as your nas ports number it will
be difficult to run
out of available ip's.
My suggestion is to make sure you don't run an old version of
the module (older
version did have problems) and to take a closer look at how
well your accounting
works.
Regargs,
--
Sebastien Cantos [EMAIL PROTECTED]
Network / System Manager
Neopost DIVA
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with ip pools
Sébastien Cantos [EMAIL PROTECTED] wrote: [EMAIL PROTECTED]:/usr/local/var/log/radius/radacct/192.168.10.8# cat reply-detail-20050331 Packet-Type = Access-Accept Does this means that accounting is working ? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
