Problem with ip pools
Hi, I'm using ip pools to manage my client ips from the radius side. Here's my conf: * users file : DEFAULT Service-Type == Framed-User, Pool-Name := main_pool Framed-Protocol = PPP, Framed-MTU = 576 * radiusd.conf file: ippool main_pool { range-start = 192.168.52.2 range-stop = 192.168.52.254 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex } Everything is working well for some days then my clients could not get anymore ips from the radius. I've found a way to correct this by deletinf the db.ip* files and restarting the radius but this is not *clean*. Is there a way to dump the content of the ippool database ? I want to understand how ips are freed from the pool because I think that there's a problem when a client disconnects. It seems that ips stay in the pool as used even if the client has disconnected. Thanks in advance for your help. Regargs, -- Sebastien Cantos [EMAIL PROTECTED] Network / System Manager Neopost DIVA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with ip pools
On Thu, 31 Mar 2005, Sbastien Cantos wrote: Hi, I'm using ip pools to manage my client ips from the radius side. Here's my conf: * users file : DEFAULT Service-Type == Framed-User, Pool-Name := main_pool Framed-Protocol = PPP, Framed-MTU = 576 * radiusd.conf file: ippool main_pool { range-start = 192.168.52.2 range-stop = 192.168.52.254 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex } Everything is working well for some days then my clients could not get anymore ips from the radius. I've found a way to correct this by deletinf the db.ip* files and restarting the radius but this is not *clean*. Is there a way to dump the content of the ippool database ? I want to understand how ips are freed from the pool because I think that there's a problem when a client disconnects. It seems that ips stay in the pool as used even if the client has disconnected. Thanks in advance for your help. There's rlm_ippool_tool which might help you in src/modules/rlm_ippool. rlm_ippool depends on accounting working ok. If it is not working then you might get into problems. The module *does* have a few more methods of finding out stale records and deleting them: 1. maximum-timeout directive. You can set that to the maximum session time expected in your network (if that can be calculated) in order to make sure no ip remains active for more time than maximum-timeout. 2. Each time an authentication request is performed from a nas ip/port pair which has already an ip allocated that ip is cleaned up. That means that as long as your ip pool is as large as your nas ports number it will be difficult to run out of available ip's. My suggestion is to make sure you don't run an old version of the module (older version did have problems) and to take a closer look at how well your accounting works. Regargs, -- Sebastien Cantos [EMAIL PROTECTED] Network / System Manager Neopost DIVA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf
RE: Problem with ip pools
Hi, The main_pool line in the accounting section of the radiusd.conf file was commented ... Maybe that was my mistake. Ok for the rlm_ippool_tool I'm gonna use it to see if my modification of radiusd.conf is working or not. I was not using accounting at all so I forgot about it but it seems that I will have to configure it well to get the ip_pool working. Thank for answering. Best regards, -- Sebastien Cantos [EMAIL PROTECTED] Network / System Manager Neopost DIVA -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Kostas Kalevras Envoy : jeudi 31 mars 2005 13:47 : freeradius-users@lists.freeradius.org Objet : Re: Problem with ip pools On Thu, 31 Mar 2005, Sbastien Cantos wrote: Hi, I'm using ip pools to manage my client ips from the radius side. Here's my conf: * users file : DEFAULT Service-Type == Framed-User, Pool-Name := main_pool Framed-Protocol = PPP, Framed-MTU = 576 * radiusd.conf file: ippool main_pool { range-start = 192.168.52.2 range-stop = 192.168.52.254 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex } Everything is working well for some days then my clients could not get anymore ips from the radius. I've found a way to correct this by deletinf the db.ip* files and restarting the radius but this is not *clean*. Is there a way to dump the content of the ippool database ? I want to understand how ips are freed from the pool because I think that there's a problem when a client disconnects. It seems that ips stay in the pool as used even if the client has disconnected. Thanks in advance for your help. There's rlm_ippool_tool which might help you in src/modules/rlm_ippool. rlm_ippool depends on accounting working ok. If it is not working then you might get into problems. The module *does* have a few more methods of finding out stale records and deleting them: 1. maximum-timeout directive. You can set that to the maximum session time expected in your network (if that can be calculated) in order to make sure no ip remains active for more time than maximum-timeout. 2. Each time an authentication request is performed from a nas ip/port pair which has already an ip allocated that ip is cleaned up. That means that as long as your ip pool is as large as your nas ports number it will be difficult to run out of available ip's. My suggestion is to make sure you don't run an old version of the module (older version did have problems) and to take a closer look at how well your accounting works. Regargs, -- Sebastien Cantos [EMAIL PROTECTED] Network / System Manager Neopost DIVA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Problem with ip pools
Still no luck. I made a connection, the disconnect but the IP it is always in the databases. I would like to understand if accounting is working well. Only thing I know is that files in [EMAIL PROTECTED]:/usr/local/var/log/radius/radacct/192.168.10.8 are being fullfiled. (192.168.10.8 is a cisco router which acts as a NAS forwarding NAS requests). [EMAIL PROTECTED]:/usr/local/var/log/radius/radacct/192.168.10.8# cat auth-detail-20050331 Packet-Type = Access-Request Thu Mar 31 14:31:55 2005 Framed-Protocol = PPP User-Name = masqued CHAP-Password = masqued NAS-Port-Type = Virtual NAS-Port = 135 Calling-Station-Id = masqued Called-Station-Id = masqued Service-Type = Framed-User NAS-IP-Address = 192.168.10.8 Client-IP-Address = 192.168.10.8 CHAP-Challenge = masqued [EMAIL PROTECTED]:/usr/local/var/log/radius/radacct/192.168.10.8# cat reply-detail-20050331 Packet-Type = Access-Accept Thu Mar 31 14:31:55 2005 Framed-Protocol = PPP Framed-MTU = 576 Framed-IP-Address = 192.168.52.79 Framed-IP-Netmask = 255.255.255.0 Does this means that accounting is working ? Regards, -- Sebastien Cantos [EMAIL PROTECTED] Network / System Manager Neopost DIVA -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Sébastien Cantos Envoyé : jeudi 31 mars 2005 14:26 À : freeradius-users@lists.freeradius.org Objet : RE: Problem with ip pools Hi, The main_pool line in the accounting section of the radiusd.conf file was commented ... Maybe that was my mistake. Ok for the rlm_ippool_tool I'm gonna use it to see if my modification of radiusd.conf is working or not. I was not using accounting at all so I forgot about it but it seems that I will have to configure it well to get the ip_pool working. Thank for answering. Best regards, -- Sebastien Cantos [EMAIL PROTECTED] Network / System Manager Neopost DIVA -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Kostas Kalevras Envoyé : jeudi 31 mars 2005 13:47 À : freeradius-users@lists.freeradius.org Objet : Re: Problem with ip pools On Thu, 31 Mar 2005, S?bastien Cantos wrote: Hi, I'm using ip pools to manage my client ips from the radius side. Here's my conf: * users file : DEFAULT Service-Type == Framed-User, Pool-Name := main_pool Framed-Protocol = PPP, Framed-MTU = 576 * radiusd.conf file: ippool main_pool { range-start = 192.168.52.2 range-stop = 192.168.52.254 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex } Everything is working well for some days then my clients could not get anymore ips from the radius. I've found a way to correct this by deletinf the db.ip* files and restarting the radius but this is not *clean*. Is there a way to dump the content of the ippool database ? I want to understand how ips are freed from the pool because I think that there's a problem when a client disconnects. It seems that ips stay in the pool as used even if the client has disconnected. Thanks in advance for your help. There's rlm_ippool_tool which might help you in src/modules/rlm_ippool. rlm_ippool depends on accounting working ok. If it is not working then you might get into problems. The module *does* have a few more methods of finding out stale records and deleting them: 1. maximum-timeout directive. You can set that to the maximum session time expected in your network (if that can be calculated) in order to make sure no ip remains active for more time than maximum-timeout. 2. Each time an authentication request is performed from a nas ip/port pair which has already an ip allocated that ip is cleaned up. That means that as long as your ip pool is as large as your nas ports number it will be difficult to run out of available ip's. My suggestion is to make sure you don't run an old version of the module (older version did have problems) and to take a closer look at how well your accounting works. Regargs, -- Sebastien Cantos [EMAIL PROTECTED] Network / System Manager Neopost DIVA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with ip pools
Sébastien Cantos [EMAIL PROTECTED] wrote: [EMAIL PROTECTED]:/usr/local/var/log/radius/radacct/192.168.10.8# cat reply-detail-20050331 Packet-Type = Access-Accept Does this means that accounting is working ? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html