> This really should be a DHCP option which points to the authentification
> server using ip addresses. This should be return to clients even
> if they don't request it. Web browers could have a hot-spot button that
> retrieves this option then connects using the value returned.
Unfortunately, t
Sounds like a great idea in theory but would require OS support or a
dual-hotspot setup that provided for both options until support was
expected.
Until such time it's simply unworkable.
That and as mentioned in my previous post, the setup we have *just
works* for users who don't have the perm
>
>
> In message <200912080332.nb83wkso037...@aurora.sol.net>, Joe Greco writes:
> > > IMHO there is no need for any sort of DNS redirection after user
> > > authentication has taken place.
> >
> > It may be hazardous even before user authentication has taken place.
> > Even given a very low TT
Yeah the iPhone changes were a bit of a pain, we had to build a second
iPhone specific version of our login page because the iPhone
"auto-login" feature won't allow more than 1 page to be loaded.
We would normally redirect users to the page they've originally
requested after they click the log
Jorge Amodio writes:
> I guess Cisco's 800's are out of the "Consumer Grade" price range, but
> any comments about v6 support on them and how they compare with other
> options.
Once you find the right IOS version they are working great. ;-)
I had to upgrade my router @home in order to use IPv6
Brandon Ewing writes:
> Can you comment on what version you got it to work on? I haven't futzed
> with it much, but with 12.4(24)T2, you can't put an ipv6 address directly on
> the wireless subinterface. I tried putting it on a BVI interface, but
> didn't have much luck.
Version 12.4(20)T1 wo
Hi All,
It would be appreciated if anyone using TC on Linux for shaping could please
help with an intermittent problem on an egress interface.
I'm seeing about ten per cent of packet loss for all classes at seemingly
quiet times and random parts of the day using about forty classes and
250Mbps. I
In message <20091208.101453.74674743.sth...@nethelp.no>, sth...@nethelp.no
writes:
> > This really should be a DHCP option which points to the authentification
> > server using ip addresses. This should be return to clients even
> > if they don't request it. Web browers could have a hot-spot bu
Won't say I'm an expert with TC, but anytime I see packet loss on an
interface I always check the interface itself...10% packet loss is
pretty much what you would get if there was a duplex problem. I always
try to hard set my interfaces on both the Linux machines and Switches.
Bret
Chris wro
In message <200912080939.nb89dixn090...@aurora.sol.net>, Joe Greco writes:
> >
> >
> > In message <200912080332.nb83wkso037...@aurora.sol.net>, Joe Greco writes:
> > > > IMHO there is no need for any sort of DNS redirection after user
> > > > authentication has taken place.
> > >
> > > It may
> Won't say I'm an expert with TC, but anytime I see packet loss on an
> interface I always check the interface itself...10% packet loss is
> pretty much what you would get if there was a duplex problem. I always
> try to hard set my interfaces on both the Linux machines and Switches.
Used to s
On 2009-12-08, at 15:01, sth...@nethelp.no wrote:
>> Won't say I'm an expert with TC, but anytime I see packet loss on an
>> interface I always check the interface itself...10% packet loss is
>> pretty much what you would get if there was a duplex problem. I always
>> try to hard set my interf
Thanks, Steiner and everyone for the input. It's good to see the list is
still as friendly as ever.
There are two paths I'm trying to get my head round after someone offlist
helpfully suggested putting cburst and burst on all classes.
My thoughts are that any dropped packets on the parent class i
On Dec 8, 2009, at 1:18 AM, Andrew Cox wrote:
> Sounds like a great idea in theory but would require OS support or a
> dual-hotspot setup that provided for both options until support was expected.
> Until such time it's simply unworkable.
>
> That and as mentioned in my previous post, the setup
The biggest problem with duplex had to do with 100mb.
Cisco (and a lot of other companies) decided in their infinite wisdom
that at 100mb if auto-negotiation fails, to use half duplex as the
default. So if you have both sides at auto, or both sides hard-set it's
all good. But if one side is hard-s
>
> I know what you're saying, but seriously, haven't we just repeated all
> the same mistakes in IPv6? And of course it'd be a nightmare to cover
> all the edge cases, this is why nobody tries to figure it out, so in
> the end we end up with many really cruddy hatchet jobs.
>
Not exactly
W
Owen DeLong wrote:
On Dec 8, 2009, at 1:18 AM, Andrew Cox wrote:
Sounds like a great idea in theory but would require OS support or a
dual-hotspot setup that provided for both options until support was expected.
Until such time it's simply unworkable.
That and as mentioned in my previous p
Owen DeLong wrote:
Almost all of these systems require you to call support to get a MAC
authentication Exception if you don't have a web browser on your
device. Most of them grant exceptions on a not to exceed 30 day
basis, too.
Alternatively it's possible to offer both web-based and pppoe
a
In a message written on Wed, Dec 09, 2009 at 01:52:49AM +1100, Mark Andrews
wrote:
> > What if I want to just use ssh?
>
> You still need to authenticate. It's better if we can reduce the
> amount of collateral damage required to authenticate. The interception
> is being done today because the
On Tue, 8 Dec 2009, Joe Abley wrote:
>
> I find there is a lot of hard-coded wisdom that hard-coded speed duplex
> are the way to avoid pain.
That was definitely true in the mid-to-late 1990s.
> The last time I saw anybody do a modern survey of switches, routers and
> hosts, however, it seemed li
Juniper SSL VPN FTW!
On Dec 7, 2009, at 9:48 PM, Steven Bellovin wrote:
>
> On Dec 7, 2009, at 6:00 PM, Jared Mauch wrote:
>
>>
>> On Dec 7, 2009, at 5:29 PM, John Levine wrote:
>>
Will be interesting to see if ISPs respond to a large scale thing like
this taking hold by blocking UDP
> The biggest problem with duplex had to do with 100mb.
>
> Cisco (and a lot of other companies) decided in their infinite wisdom
> that at 100mb if auto-negotiation fails, to use half duplex as the
> default.
No, that wasn't those companies deciding to do so in their infinite
wisdom. That was th
On 12/8/09 8:13 AM, Joe Abley wrote:
I've also heard people say that whatever you think about autoneg in
Fast Ethernet, on Gigabit and 10GE interfaces it's pretty much never
the right idea to turn autoneg off.
From my own experience, turning off auto negotiate can lead to unusual
behavior late
On Tue, 8 Dec 2009, Suresh Ramasubramanian wrote:
>
> As for a university smarthost getting blocked you'd probably need to
> look at one of two things -
Three :-)
> 1. Forwarding users on your campus - with mailboxes that accept a lot
> of spam and then forward it over to student / alumni AOL, Co
Absolutely #3 - far more of a threat than #1 and #2.
On Tue, Dec 8, 2009 at 10:09 PM, Tony Finch wrote:
> Three :-)
>
>> 1. Forwarding users on your campus - with mailboxes that accept a lot
>> of spam and then forward it over to student / alumni AOL, Comcast,
>> Yahoo etc accounts
>> 2. Spam gen
Steven Bellovin writes:
> It's why I run an ssh server on 443 somewhere -- and as needed, I
> ssh-tunnel http to a squid proxy, smtp, and as many IMAP/SSL connections
> as I really need...
me too, more or less. but steve, if we were only trying to build digital
infrastructure for people who kno
On 12/07/2009 09:39 PM, Mark Andrews wrote:
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CN
N)
With 24 million sma
> From my own experience, turning off auto negotiate can lead to unusual
> behavior later on
I too had this crop up in an unusual manner .. the hardware was HP with
Intel Pro 1000 on one side, and Cisco 65xx on the other. Neither side
saw errors, and (most) everything seemed to work .. however, o
> 3. Spammers abusing your webmail and/or remote message submission service
> using phished credentials.
>
I'll admit .. this has happened a few times too. Usually we see the
incoming phish attempt and configure an outbound block for RE: (same
subject) and it never fails .. we catch at least o
On Tue, Dec 8, 2009 at 7:18 AM, Matlock, Kenneth L wrote:
> These days at 1Gb+ Full-Duplex seems to be the 'default' for
> auto-negotiation failures.
>
Thankfully it's even more than a "seems to be" - it's written into the IEEE
spec that if duplex negotiation fails then the default is full duplex
On 2009-12-08, at 14:52, Mark Andrews wrote:
>> Why would "web browsers" have a hot-spot button?
>
> Because that would be a easy way to implement this sort of thing.
I once thought that PANA was the clean answer to this.
Now the PANA effort has concluded, and documents have been published, bu
On Tue, 8 Dec 2009, Michael Holstein wrote:
>
> > 3. Spammers abusing your webmail and/or remote message submission service
> > using phished credentials.
>
> I'll admit .. this has happened a few times too. Usually we see the
> incoming phish attempt and configure an outbound block for RE: (same
>
Any chance there's someone from Earthlink on nanog or anyone that has contact
information?
We have a large IP block that is being listed as dynamic by Earthlink's mail
servers causing mail to be returned and have gotten nowhere with the normal
procedures or the abuse mailbox at (866) 525-8194.
On Dec 8, 2009, at 7:25 AM, Andrew Cox wrote:
Owen DeLong wrote:
On Dec 8, 2009, at 1:18 AM, Andrew Cox wrote:
Sounds like a great idea in theory but would require OS support or
a dual-hotspot setup that provided for both options until support
was expected.
Until such time it's simply
On Tue, 8 Dec 2009 13:13:03 +
Chris wrote:
> Hi All,
>
> It would be appreciated if anyone using TC on Linux for shaping could please
> help with an intermittent problem on an egress interface.
Well, it's unbelievable, but almost 5 hours and 11 mails later not even
one of them has mentioned
On 9/12/2009, at 4:47 AM, Tony Finch wrote:
Autoneg is a required part of the gig E specification so you'd only be
causing yourself trouble by turning it off. (I don't know if it'll
also
break automatic MDI/MDI-X (crossover) configuration, for an example of
something that's nice to have.)
Y
Leo Bicknell wrote:
>
> Most of the hotels I have used don't actually require authentication.
> They require a click through indemnification agreement. No username,
> no password, no room number, just a "click here to accept our terms
> and conditions".
>
> I would much prefer this be added to t
On Dec 8, 2009, at 11:59 AM, Paul Vixie wrote:
> Steven Bellovin writes:
>
>> It's why I run an ssh server on 443 somewhere -- and as needed, I
>> ssh-tunnel http to a squid proxy, smtp, and as many IMAP/SSL connections
>> as I really need...
>
> me too, more or less. but steve, if we were on
> (Aside: my local library blocks everything but 80 and 443 outbound. I
> complained to the director; he cited "security". I tried explaining that I
> knew something about Internet security; he told me that the firm that had
> installed the system had "done most of the libraries in the county
On 12/08/2009 01:21 PM, Jorge Amodio wrote:
(Aside: my local library blocks everything but 80 and 443 outbound. I complained to the director; he cited
"security". I tried explaining that I knew something about Internet security; he told me that the
firm that had installed the system had "do
> Date: Tue, 8 Dec 2009 15:21:30 -0600
> From: Jorge Amodio
>
> Among the many wonderful things Internet has created in the past 2+
> decades, it gave birth to a countless number of "Internet Experts" ...
for example, some of us got a chance to witness the following. i've
removed all identifyin
On Tue, Dec 8, 2009 at 4:52 PM, Paul Vixie wrote:
> > Date: Tue, 8 Dec 2009 15:21:30 -0600
> > From: Jorge Amodio
> >
> > Among the many wonderful things Internet has created in the past 2+
> > decades, it gave birth to a countless number of "Internet Experts" ...
>
> for example, some of us got
On Sat, 5 Dec 2009, Chris Hills wrote:
>
> I maintain a list here [1], many of which are reachable with IPv6.
> [1] http://www.chaz6.com/files/resolv.conf
Not all of those are open resolvers, so I wonder what the cirteria for
listing are. I'm especially surprised to see the IPv6 addresses of
Cambr
On Tue, 8 Dec 2009, Joe Abley wrote:
>
> I once thought that PANA was the clean answer to this. Now the PANA
> effort has concluded, and documents have been published, but reading
> through them I can't tell whether PANA is in fact any kind of answer to
> this. It'd be nice if there was a hotspot a
Did you assume that I was insulting Steve ? not at all, and apologies Steve if
my comments were interpreted that way.
When I said "Internet Experts" I was referring to the ones that setup
the network
on his county library.
I agree 100% with Steve that we need a Good solution, both technical and
o
On 08/12/09 23:19, Tony Finch wrote:
> On Sat, 5 Dec 2009, Chris Hills wrote:
>>
>> I maintain a list here [1], many of which are reachable with IPv6.
>> [1] http://www.chaz6.com/files/resolv.conf
>
> Not all of those are open resolvers, so I wonder what the cirteria for
> listing are. I'm especia
All I can say to that is this:
?? ?? ? ?, ??? ? ??· ? ???
?? ?? ? ?? ?.
;-)
--
Leigh Porter
UK Broadband
-Original Message-
From: Paul Vixie [mailto:vi...@isc.org]
Sent: Tue 12/8/2009 9:52 PM
To: na...@merit.edu
Sub
On Wed, 9 Dec 2009, Mark Andrews wrote:
Having a DHCP option is better than the mess we have now. To go
further requires agreement on how to present terms, pricing etc.
in a standardised way.
I hate to sound like a broken record, but PPPOE has had that option for a
decade. Major operating sy
Their NOC has an unlisted number: +1 404-815-0770 x22277
-J
On Dec 8, 2009, at 11:42 AM, Ryan Gelobter wrote:
>
> Any chance there's someone from Earthlink on nanog or anyone that has contact
> information?
>
> We have a large IP block that is being listed as dynamic by Earthlink's mail
> se
On Tue, Dec 08, 2009 at 03:14:01PM +, Chris wrote:
> Thanks, Steiner and everyone for the input. It's good to see the list is
> still as friendly as ever.
>
> There are two paths I'm trying to get my head round after someone offlist
> helpfully suggested putting cburst and burst on all classes
On Tue, 8 Dec 2009, Jason Williams wrote:
On Dec 8, 2009, at 11:42 AM, Ryan Gelobter wrote:
Any chance there's someone from Earthlink on nanog or anyone that has contact
information?
Their NOC has an unlisted number: +1 404-815-0770 x22277
Not anymore, it would seem. NANOG Archives FTW.
Apologies to all on handheld devices. If you're not into BSD or Linux TC
operationally, skip this post. Due to my usual rambling narrative style
for "alternative" troubleshooting I was going to mail this direct to the
OP but I was persuaded AMBJ by a co-conspirator to post this to list in
full.
#
On Tue, Dec 8, 2009 at 5:14 PM, Chris wrote:
> Thanks, Steiner and everyone for the input. It's good to see the list is
> still as friendly as ever.
>
> There are two paths I'm trying to get my head round after someone offlist
> helpfully suggested putting cburst and burst on all classes.
>
> My t
On Wed, 2009-12-09 at 08:02 +0200, Bazy wrote:
> Hi Chris,
>
> Try setting txqueuelen to 1000 on the interfaces and see if you still
> get a lot of packet loss.
>
Yes, good point and well worth a try. Rereading Chris's post about
"250Mbps" and "forty queues", the "egress" could well be bumping
On Wed, 2009-12-09 at 06:38 +, gordon b slater wrote:
> If 1000 is too high for your kit try pushing it upwards gradually from
> the default of 100
meh! 6am+insomniac blues
for a Gigeth it's more likely to be 1000 already, so push it up to 1
in stages - you get the idea.
На Wed, 09 Dec 2009 06:38:31 +
gordon b slater написа:
> On Wed, 2009-12-09 at 08:02 +0200, Bazy wrote:
>
> > Hi Chris,
> >
> > Try setting txqueuelen to 1000 on the interfaces and see if you
> > still get a lot of packet loss.
> >
>
> Yes, good point and well worth a try. Rereading Chris
56 matches
Mail list logo
