Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. NAS
12.3 for Cisco-NASes ( vas: Re: as5350 question )
horgi at mtu
Oct 27, 2003, 11:50 PM
Post #1 of 4 (1230 views)
Permalink
Yes, be carefull and do total tests.

it's possible not hit you, depend of your nas configurations and offered
services. but FYI and pay attentions:

yestarday I do testing 12.3(4.4a)M for targeting as DialUP NAS (as5400)
and found problem with PPP PAP authentifications/authorizations -
NAS do not ask radius server for permit connections.
Just accept any user with any password...
:(( or :))) depend of your side.

as additions here my watched DDTs for 12.3:
> > current interest:
> > CSCdu55093 ppp callback accept acknowledges callback-type none ( there is a fix in 12.3.3 )
> > CSCeb30519 Per-user configuration not applied for EXEC authenticated users ( there is a fix in 12.3.3 )
> >
> > Open/Resolved Caveats-Cisco IOS Release 12.3
> > CSCeb36413 E1/R2 call fails on 5400 and 5850 ( is fixed-in 12.3.3.8 )
> > CSCeb33490 E1R2: call not disconnected if call setup longer than alert-wait-tim ( is fixed-in 12.3.3.3 )
> > CSCec27278 Memory leak in hqf_rp_mlp_blt_setup ( is fixed-in 12.3.4.2 )
> > CSCec16800 Calling number digits are getting truncated ( is fixed-in 12.3.4.1 )
> > CSCeb59201 AAA accounting fails when redundant dial-peer in use ( is fixed-in 12.3.3.7 )
> > CSCec46798 Router crash while bring up and tear down sessions with traffic ( is fixed-in 12.3.5.2 )
> > CSCec18986 NAS fails to forward AAA author request to RADIUS server ( is fixed-in 12.3.4.2 )
> > CSCec01485 absolute timeout not active ( is fixed-in 12.3.4.3 )
> > CSCds57407 Dead Air when pre-authentication fails ( status Information Required )
> >
> > Resolved Caveats-Cisco IOS Release 12.2(2)XB
> > CSCdu24618 Non-operator induced line configuration change ( is fixed-in 12.2(2)XB06)
> > CSCdy79230 Acct-Session-ID incorrect for MS Callback session ( is fixed-in 12.2(2)XB08 )
> > CSCdy06029 Async callback with no-verify broken ( is fixed-in 12.2(2)XB08 )
> > CSCdz04349 User-name not included in accounting with nocallback-verify ( is fixed-in 12.2(2)XB11 )
> > CSCdw86345 IP address 255.255.255.254/255 assigned with interactive dialin ( is fixed-in 12.2(2)XB09 )
> > CSCdz38787 Acct-Session-ID incorrect for callback sess without aaa delay-start
> > CSCdx81130 MS callback server should not increase ID in Callback-Ack ( is fixed-in 12.2(2)XB07 )
> >

hope that help.


Good luck !
======================
Andrey Zimin | AVZ7-RIPE
MTU-Intel ISP
Moscow, Russia
======================



----- Original Message -----
From: "John McKinney" <johnm@wnconline.net>
To: "Internet Coordinator" <ncinet@nemontel.net>
Cc: <cisco-nas@puck.nether.net>
Sent: Monday, October 27, 2003 7:13 AM
Subject: Re: [cisco-nas] as5350 question


> On Sun, 26 Oct 2003, Internet Coordinator wrote:
> Greg,
> Thank you for the information. I may try to upgrade to 12.3. We
> are using c5350-is-mz.122-2.XB11.bin currently, should we expect any major
> problems with upgading?
>
Re: 12.3 for Cisco-NASes ( vas: Re: as5350 question ) [ In reply to ]
Aaron at cisco
Oct 28, 2003, 10:22 AM
Post #2 of 4 (1180 views)
Permalink
Hi Andrey,

> Yes, be carefull and do total tests.

> it's possible not hit you, depend of your nas configurations and offered
> services. but FYI and pay attentions:

> yestarday I do testing 12.3(4.4a)M for targeting as DialUP NAS (as5400)
> and found problem with PPP PAP authentifications/authorizations -
> NAS do not ask radius server for permit connections.
> Just accept any user with any password...
> :(( or :))) depend of your side.

Yes, that's a good one, isn't it - assuming that you have
"if-needed" configured, then this is:

CSCec54311
Internally found catastrophic defect: Resolved (R)
PPP authen bypassed by if-needed if autoselect during-login config

which is fixed in 12.3(3a) and 12.3(5.4) (and will be when
12.3(next)M appears on CCO.)

Aaron
Re: 12.3 for Cisco-NASes ( vas: Re: as5350 question ) [ In reply to ]
horgi at mtu
Oct 29, 2003, 2:45 AM
Post #3 of 4 (1173 views)
Permalink
Hi Aaron,

my comments inline.

> > yestarday I do testing 12.3(4.4a)M for targeting as DialUP NAS (as5400)
> > and found problem with PPP PAP authentifications/authorizations -
> > NAS do not ask radius server for permit connections.
> > Just accept any user with any password...
> > :(( or :))) depend of your side.
>
> Yes, that's a good one, isn't it - assuming that you have
> "if-needed" configured, then this is:
>
> CSCec54311
> Internally found catastrophic defect: Resolved (R)
> PPP authen bypassed by if-needed if autoselect during-login config
thanks, am alredy know. And same: CSCec36752 dupplicate?

sorry, we support two types of customer authentifications - terminal and PPP PAP.
also we have clear tcp, ms-callback, etc...
so, we must have autoselect and if-needed...
described in ddts workarround not for us.... :(((

> which is fixed in 12.3(3a) and 12.3(5.4) (and will be when
> 12.3(next)M appears on CCO.)
5.4 is differend train target in the future, next year?
not sure that have fixes of other DDTs and have new issues.

12.3(3a) fill of already known bugs, hit us.
our choice have fix under 4.4a - targeting for next CCO 12.3M.
hope it not have other critical issues for us and have integrated fix of this ddts
in short time...

also jfyi: i see 4.4a generate this message, when disconnect customer:
> Oct 27 18:53:55 APAS17.mtu.ru 187: Oct 27 18:54:43.434: %CSM-1-CSM_UNKNOWN_FAIL_CODE: Unknown fail code 37
> Oct 27 18:54:14 APAS17.mtu.ru 188: .Oct 27 18:55:04.056: %CSM-1-CSM_UNKNOWN_FAIL_CODE: Unknown fail code 37
> Oct 27 18:54:38 APAS17.mtu.ru 189: Oct 27 18:55:27.320: %CSM-1-CSM_UNKNOWN_FAIL_CODE: Unknown fail code 37
> Oct 27 18:54:57 APAS17.mtu.ru 190: Oct 27 18:55:47.047: %CSM-1-CSM_UNKNOWN_FAIL_CODE: Unknown fail code 37
enviroment is isdn pri net-5, np.8.8.1.spe
hope it's cosmetic, and hope in r2dtmf we do not hit any critical.

much thanks for your support and with best regards.

Good luck !
======================
Andrey Zimin | AVZ7-RIPE
MTU-Intel ISP
Moscow, Russia
======================
Re: 12.3 for Cisco-NASes ( vas: Re: as5350 question ) [ In reply to ]
Aaron at cisco
Oct 29, 2003, 9:49 AM
Post #4 of 4 (1181 views)
Permalink
> > > yestarday I do testing 12.3(4.4a)M for targeting as DialUP NAS (as5400)
> > > and found problem with PPP PAP authentifications/authorizations -
> > > NAS do not ask radius server for permit connections.
> > > Just accept any user with any password...
> > > :(( or :))) depend of your side.
> >
> > Yes, that's a good one, isn't it - assuming that you have
> > "if-needed" configured, then this is:
> >
> > CSCec54311
> > Internally found catastrophic defect: Resolved (R)
> > PPP authen bypassed by if-needed if autoselect during-login config

> thanks, am alredy know. And same: CSCec36752 dupplicate?

No, CSCec36752 is a separate DDTS (fixed in 12.3(3a) 12.3(4.4).)

> sorry, we support two types of customer authentifications - terminal and PPP PAP.
> also we have clear tcp, ms-callback, etc...
> so, we must have autoselect and if-needed...
> described in ddts workarround not for us.... :(((

Understood.

> > which is fixed in 12.3(3a) and 12.3(5.4) (and will be when
> > 12.3(next)M appears on CCO.)

> 5.4 is differend train target in the future, next year?
> not sure that have fixes of other DDTs and have new issues.

> 12.3(3a) fill of already known bugs, hit us.
> our choice have fix under 4.4a - targeting for next CCO 12.3M.
> hope it not have other critical issues for us and have integrated fix of this ddts
> in short time...

Yes, the CSCec54311 (and CSCec36752) fixes will be in the next
CCO release of 12.3M, which should be called 12.3(5) and should
be on CCO by 1 Dec 03.

> also jfyi: i see 4.4a generate this message, when disconnect customer:
> > Oct 27 18:53:55 APAS17.mtu.ru 187: Oct 27 18:54:43.434: %CSM-1-CSM_UNKNOWN_FAIL_CODE: Unknown fail code 37
> > Oct 27 18:54:14 APAS17.mtu.ru 188: .Oct 27 18:55:04.056: %CSM-1-CSM_UNKNOWN_FAIL_CODE: Unknown fail code 37
> > Oct 27 18:54:38 APAS17.mtu.ru 189: Oct 27 18:55:27.320: %CSM-1-CSM_UNKNOWN_FAIL_CODE: Unknown fail code 37
> > Oct 27 18:54:57 APAS17.mtu.ru 190: Oct 27 18:55:47.047: %CSM-1-CSM_UNKNOWN_FAIL_CODE: Unknown fail code 37
> enviroment is isdn pri net-5, np.8.8.1.spe
> hope it's cosmetic, and hope in r2dtmf we do not hit any critical.

Yeah, this is cosmetic (I think), CSCec33461. Fixed in 12.3(5.2); fix will
not be in 12.3(5).

Aaron

---

> much thanks for your support and with best regards.

> Good luck !
> ======================
> Andrey Zimin | AVZ7-RIPE
> MTU-Intel ISP
> Moscow, Russia
> ======================

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal