There were no answers so perhaps there are not many Alpha managers who use
Ascend for RAS.
The solution was found by the Ascend engineers after it had been escalated
up the ladder quite a way and is noted here for archive purposes.
There was a bug in version 6 of TAOS that masked the problem. The routing
required the radius netmask property to be 255.255.255.255 rather
than 255.255.255.0 ie the mask reflects broadcast status rather than its
class C origin. The version 6 software completely ignored the radius
netmask property and so masked the error in the radius configuration,
whereas the version 7 software handles it. Hence the problem.
When all the netmasks for the thousands of static entries were changed to
255.255.255.255 everything worked.
Stuart McKenzie
Original message
This is addressed to those managers who use Ascend boxes as their RAS
front-end. eg MAX 4000 or 6000 using TAOS.
This apparently only affects Alphas.
We are trying to upgrade to a version 7 load but it fails on any of the
Ascend boxes with the following routing problem:
If a user dials in to the box and is assigned a static IP address
by the Alpha running RADIUS, then the user effectively "nails up" the
whole of that class C subnet. For example if the user has 195.10.96.50
then he is correctly logged on to the front end and can see the mail
server on 195.10.105.2 and can browse anywhere but nobody can then see any
other 195.10.96 address including him. Traceroutes etc seem to suggest
that the Ascend box has declared via RIP or something else that ALL
addresses in that subnet go through it but they dont and they dont route
anyway.
The problem goes away for that subnet as soon as the user disconnects and
presumably the route established is torn down. It is not just one class C
any address nails up the corresponding 254 hosts addresses and makes them
non-reachable.
Has anybody come across this or if you have version 7 working can you let
us have a copy of the config with the passwords removed so we can see if
it is an additional config parameter which is in v7 but not v6?
Thankyou for taking the time.
stuart mckenzie
Received on Fri Apr 07 2000 - 13:36:59 NZST