* This is the VOP Radius mailing list * If they are not getting the interim packets from their upstream providers won't their radius server have the same ghosted user? Why any ISP would not support Interim packets is beyond me, unless they increase their revenue with hourly usage or double logins :)
Gary > * This is the VOP Radius mailing list * > We're talking about generating watchdog packets based on the user list on > their Radius Server FROM the Radius Server rather than the normal scenario > where the watchdog packet is generated based on the user list on the NAS > from the NAS. > > It is known that GP doesn't use watchdog packets on their network (between > their NAS and Radius Servers) but this doesn't mean they can't be created by > their Radius Servers to be sent to us. > > An example of this would be Slipstream Servers. I'm currently running a beta > version of their product that supports watchdog packets. Their standard > version didn't support them, I needed them (for many of the same reasons > stated here) and convinced them to add it (it took them less than a day btw) > and the functionality will be present in the next version. This really isn't > a huge thing we're asking for. > > Brad Johnson > Systems Administrator > Local Link Network Operations > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of [EMAIL PROTECTED] > Sent: Thursday, May 20, 2004 3:55 PM > To: [EMAIL PROTECTED] > Subject: [VOPRadius] "Ghost users causing simultaneous login limit exceeded" > (wholesale ports) > > * This is the VOP Radius mailing list * > Sure hardware matters. I don't want to single out GP because Cary is > absolutly right. But if your vendor is reselling someone else's NAS (Qwest, > UUNET, Level3...etc) then they have no ability to accurately send you a > packet saying that user is still connected. How would they know the user is > still connected? > > Session timeouts and callingstationid's are much easier for vendors to > support. It would be a much easier battle to win with whoever your provider > is. > > > > > > > > > Ok, your missing the point. Let me be clear. GP DOESN'T SEND WATCHDOG > PACKETS ... EVER. This is known to be true and confirmed by GP. > This thread has nothing to do with a specific NAS. Hardware doesn't matter. > It has to do with wanting GP to START sending watchdog packets so we can > control ghost users in OUR radius servers when they don't send or we don't > receive a radius stop packet (for whatever reason). > > I'm aware that watchdog packets are "normally" sent by a NAS but nothing > about GPs Radius Setup is "normal". Because of many variations of the same > issue, many here have ghost issues with GP and since most of us also have > several of our own NAS, the canned-response solution by GP (don't use port > limits) isn't realistic. > > A realistic solution is for GP to have their radius servers generate the > watchdog packets. Because we configure the GP Radius Servers as a NAS in our > Radius Servers, the ONLY place the watchdog packet can come from IS the GP > Radius Servers. > > Watchdog packets are small and stupid and sending them programmatically is > trivial. In a conversation today with one of their Radius Admins I asked for > this functionality and he gave me the canned response (no). Asking why got > me a general answer about him not being able to guarantee that all his NAS > support it, etc. and so I clarified what I wanted. When he realized what I > was asking for his tone changed and he said he would look into creating a > module to do just that. > > Brad Johnson > Systems Administrator > Local Link Network Operations > > ** > To leave this list, send an email to [EMAIL PROTECTED] > and put the word "LEAVE" in the BODY of the email. > > > ** > To leave this list, send an email to [EMAIL PROTECTED] > and put the word "LEAVE" in the BODY of the email. > ** To leave this list, send an email to [EMAIL PROTECTED] and put the word "LEAVE" in the BODY of the email.
