Dear experts, We have a strange condition with our HiperDSP/ARC recently. When our customers connect using Windows 9x they could connect like usual. Browsing, email and other function is working properly. But when they use windows XP or windows 2000, they can not use browsing. At windows we detect an ESTABLISH connection with port 80, only the data not transfer to the computer (we indicate it from modem status). The above situation only happen when we use RADIUS authentication. When we use local profile, the windows XP connection working properly. Anyone have the same situation? -mna-
On Tuesday 16 December 2003 09:43 pm, Moh. Noor Al 'Azam wrote:
Dear experts,
We have a strange condition with our HiperDSP/ARC recently.
When our customers connect using Windows 9x they could connect like usual. Browsing, email and other function is working properly. But when they use windows XP or windows 2000, they can not use browsing. At windows we detect an ESTABLISH connection with port 80, only the data not transfer to the computer (we indicate it from modem status).
The above situation only happen when we use RADIUS authentication. When we use local profile, the windows XP connection working properly. You say the data doesn't transfer. Does that mean you have watched the session and see nothing or that the browser on the modem side sees nothing? If it only happens with RADIUS then you should check your reply attributes. Make sure your returning the proper IP/netmask if you are returning any at all. That if you are using filters you disble them until you figure this out. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115
You say the data doesn't transfer. Does that mean you have watched the session and see nothing or that the browser on the modem side sees nothing? Yes sir. I watched the modem status and it not reported any recieved data packets. Mean while I looked at "netstat -n 2" cmd windows, it reported ESTABLISED session.
If it only happens with RADIUS then you should check your reply attributes. Make sure your returning the proper IP/netmask if you are returning any at all. The strange is, it not happen on Windows 9x. I use Windows 98 SE and I don't get any dificulties. But my friend with Windows XP can not browsing to the most of site. So I think the RADIUS is find. I already tried with other RADIUS also (FreeRADIUS) and I get the same situation.
That if you are using filters you disble them until you figure this out. Actually, we have blocking packet from and to our customer (at modem interface site) for TCP and UDP port 135 - 139. It for blocking virus -like bluster. Here is the filter: HiPer>> show file filter.135 #filter IP: 010 AND tcp-dst-port >= 135; 020 REJECT tcp-dst-port <= 139; 030 AND udp-dst-port >= 135; 040 REJECT udp-dst-port <= 139; 050 AND tcp-src-port >= 135; 060 REJECT tcp-src-port <= 139; 070 AND udp-src-port >= 135; 080 REJECT udp-src-port <= 139;
Do you think this is the problem? If it true, why it anly happen at Windows 32 bit (like Windows XP)? and not at Windows 9x? -mna-
The strange is, it not happen on Windows 9x. I use Windows 98 SE and I don't get any dificulties. But my friend with Windows XP can not browsing to the most of site. So I think the RADIUS is find. I already tried with other RADIUS also (FreeRADIUS) and I get the same situation.
I agree it is strange. I think this has come up on the list before though. Check the archives.
That if you are using filters you disble them until you figure this out.
Actually, we have blocking packet from and to our customer (at modem interface site) for TCP and UDP port 135 - 139. It for blocking virus -like bluster. Here is the filter: HiPer>> show file filter.135 #filter IP: 010 AND tcp-dst-port >= 135; 020 REJECT tcp-dst-port <= 139; 030 AND udp-dst-port >= 135; 040 REJECT udp-dst-port <= 139; 050 AND tcp-src-port >= 135; 060 REJECT tcp-src-port <= 139; 070 AND udp-src-port >= 135; 080 REJECT udp-src-port <= 139;
Do you think this is the problem? If it true, why it anly happen at Windows 32 bit (like Windows XP)? and not at Windows 9x? When I have a problerm I try to get to the base level, get it working, then add stuff back in one at a time. Exactly what attributes are you replying from radius with?
-- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 915-695-6962 ext 115
Can you put here any radius authentication packet (access-accept)? You can do it on ARC: monitor radius. It will look like this one: --------------------------------------------------------------------- Source-IP Src-Port Destination-IP Dest-Port Id Packet-Type --------------------------------------------------------------------- x.x.x.x 1812 y.y.y.y 1645 182 Access-Accept --------------------------------------------------------------------- Time Stamp : 17-DEC-2003 17:03:01 --------------------------------------------------------------------- Framed-IP-Address : 255.255.255.254 Framed-IP-Netmask : 255.255.255.255 Framed-Protocol : PPP Service-Type : 2 Session-Timeout : 86400 Lewis Bergman wrote:
The strange is, it not happen on Windows 9x. I use Windows 98 SE and I don't get any dificulties. But my friend with Windows XP can not browsing to the most of site. So I think the RADIUS is find. I already tried with other RADIUS also (FreeRADIUS) and I get the same situation.
I agree it is strange. I think this has come up on the list before though. Check the archives.
That if you are using filters you disble them until you figure this out.
Actually, we have blocking packet from and to our customer (at modem interface site) for TCP and UDP port 135 - 139. It for blocking virus -like bluster. Here is the filter: HiPer>> show file filter.135 #filter IP: 010 AND tcp-dst-port >= 135; 020 REJECT tcp-dst-port <= 139; 030 AND udp-dst-port >= 135; 040 REJECT udp-dst-port <= 139; 050 AND tcp-src-port >= 135; 060 REJECT tcp-src-port <= 139; 070 AND udp-src-port >= 135; 080 REJECT udp-src-port <= 139;
Do you think this is the problem? If it true, why it anly happen at Windows 32 bit (like Windows XP)? and not at Windows 9x?
When I have a problerm I try to get to the base level, get it working, then add stuff back in one at a time. Exactly what attributes are you replying from radius with?
Below is the resul of Monitor RADIUS and show interface where I connect to the system: --------------------------------------------------------------------- Source-IP Src-Port Destination-IP Dest-Port Id Packet-Type --------------------------------------------------------------------- 202.154.4.104 1645 202.154.57.45 1645 5 Access-Request --------------------------------------------------------------------- User-Name : novi User-Password : xxxxxxxxxx NAS-IP-Address : 202.154.4.104 NAS-Port : 1798 Acct-Session-Id : 117768442 Interface-Index : 3054 Nas-Supports-Tags : 0 Service-Type : 2 Framed-Protocol : PPP Chassis-Call-Slot : 8 Chassis-Call-Span : 1 Chassis-Call-Channel : 6 Calling-Station-Id : 0315472663 Called-Station-Id : Initial-Connect-Rate : 1 NAS-Port-Type : 0 --------------------------------------------------------------------- Source-IP Src-Port Destination-IP Dest-Port Id Packet-Type --------------------------------------------------------------------- 202.154.57.45 1645 202.154.4.104 1645 5 Access-Accept --------------------------------------------------------------------- Framed-Compression : 1 Primary-DNS-Server : ca 9a 39 22 Secondary-DNS-Server : ca 9a 1 2 Framed-MTU : 576 Session-Timeout : 36000 Reply-Message : Auth ok. HiPer>> show interfaCE slot:8/mod:6 INTERFACE slot:8/mod:6 SETTINGS Description: GWC Modem Driver Type: RS232 Speed: 24000 High Speed: 0 Administrative Status: Up Operational Status: Up Link Up/Down Traps: DISABLED Promiscuous Mode: FALSE Connector Present: TRUE Filter Access: OFF Last Change: 0d 00:01:25 Input Filter: Output Filter: Host Type: SELECT Connection Type: NORMAL Port Type: LOGIN_NETWORK User Name: Access: TWO_WAY Dial Prefix: Init Script: USR_int TCP Port: 0 Protocol: PPP Prompt: \nlogin: Prompt Style: LOCAL Message: \nWelcome to 3Com Total Control HiPer ARC (TM)\nNetworks That Go The Distance (TM)\n Host Address: 0.0.0.0 Disable Authentication for call type: NONE Login Service: TELNET Call Type : NONE DNIS Authentication: DISABLED DNIS Authentication Time: BEFORE_ANSWER DNIS Authentication Type: DNIS Character Mode: NO_PARITY_EIGHT_BIT DNIS Authentication Timeout: 0 Prompt Delay: 0 seconds Prompt Timeout: 300 seconds Special Xon Xoff Flow Control DISABLED Use DNIS Authenticated Pool: DISABLED We have an idea to set the system to factory default first and then re-configure again to our setting. Do you have any comment about our planning? -mna- On Wednesday 17 December 2003 19:08, alex wrote:
Can you put here any radius authentication packet (access-accept)? You can do it on ARC: monitor radius.
It will look like this one: --------------------------------------------------------------------- Source-IP Src-Port Destination-IP Dest-Port Id Packet-Type --------------------------------------------------------------------- x.x.x.x 1812 y.y.y.y 1645 182 Access-Accept --------------------------------------------------------------------- Time Stamp : 17-DEC-2003 17:03:01 ---------------------------------------------------------------------
Framed-IP-Address : 255.255.255.254 Framed-IP-Netmask : 255.255.255.255 Framed-Protocol : PPP Service-Type : 2 Session-Timeout : 86400
Lewis Bergman wrote:
The strange is, it not happen on Windows 9x. I use Windows 98 SE and I don't get any dificulties. But my friend with Windows XP can not browsing to the most of site. So I think the RADIUS is find. I already tried with other RADIUS also (FreeRADIUS) and I get the same situation.
I agree it is strange. I think this has come up on the list before though. Check the archives.
That if you are using filters you disble them until you figure this out.
Actually, we have blocking packet from and to our customer (at modem interface site) for TCP and UDP port 135 - 139. It for blocking virus -like bluster. Here is the filter: HiPer>> show file filter.135 #filter IP: 010 AND tcp-dst-port >= 135; 020 REJECT tcp-dst-port <= 139; 030 AND udp-dst-port >= 135; 040 REJECT udp-dst-port <= 139; 050 AND tcp-src-port >= 135; 060 REJECT tcp-src-port <= 139; 070 AND udp-src-port >= 135; 080 REJECT udp-src-port <= 139;
Do you think this is the problem? If it true, why it anly happen at Windows 32 bit (like Windows XP)? and not at Windows 9x?
When I have a problerm I try to get to the base level, get it working, then add stuff back in one at a time. Exactly what attributes are you replying from radius with?
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
Why are you setting the framed-MTU? I'd look there first.
-----Original Message----- From: usr-tc-bounces+dcosby=infowest.com@mailman.xmission.com [mailto:usr-tc-bounces+dcosby=infowest.com@mailman.xmission.co m] On Behalf Of Moh. Noor Al 'Azam Sent: Wednesday, December 17, 2003 9:55 PM To: Discussion relating to the 3Com/US Robotics Total Control modem systems. Subject: Re: [USR-TC] HiperARC with WindowsXP Connection
Below is the resul of Monitor RADIUS and show interface where I connect to the system:
--------------------------------------------------------------------- Source-IP Src-Port Destination-IP Dest-Port Id Packet-Type --------------------------------------------------------------------- 202.154.4.104 1645 202.154.57.45 1645 5 Access-Request ---------------------------------------------------------------------
User-Name : novi User-Password : xxxxxxxxxx NAS-IP-Address : 202.154.4.104 NAS-Port : 1798 Acct-Session-Id : 117768442 Interface-Index : 3054 Nas-Supports-Tags : 0 Service-Type : 2 Framed-Protocol : PPP Chassis-Call-Slot : 8 Chassis-Call-Span : 1 Chassis-Call-Channel : 6 Calling-Station-Id : 0315472663 Called-Station-Id : Initial-Connect-Rate : 1 NAS-Port-Type : 0
--------------------------------------------------------------------- Source-IP Src-Port Destination-IP Dest-Port Id Packet-Type --------------------------------------------------------------------- 202.154.57.45 1645 202.154.4.104 1645 5 Access-Accept ---------------------------------------------------------------------
Framed-Compression : 1 Primary-DNS-Server : ca 9a 39 22 Secondary-DNS-Server : ca 9a 1 2 Framed-MTU : 576 Session-Timeout : 36000 Reply-Message : Auth ok.
HiPer>> show interfaCE slot:8/mod:6
INTERFACE slot:8/mod:6 SETTINGS Description: GWC Modem Driver Type: RS232 Speed: 24000 High Speed: 0 Administrative Status: Up Operational Status: Up Link Up/Down Traps: DISABLED Promiscuous Mode: FALSE Connector Present: TRUE Filter Access: OFF Last Change: 0d 00:01:25 Input Filter: Output Filter: Host Type: SELECT Connection Type: NORMAL Port Type: LOGIN_NETWORK User Name: Access: TWO_WAY Dial Prefix: Init Script: USR_int TCP Port: 0 Protocol: PPP Prompt: \nlogin: Prompt Style: LOCAL Message: \nWelcome to 3Com Total Control HiPer ARC (TM)\nNetworks That Go The Distance (TM)\n Host Address: 0.0.0.0 Disable Authentication for call type: NONE Login Service: TELNET Call Type : NONE DNIS Authentication: DISABLED DNIS Authentication Time: BEFORE_ANSWER DNIS Authentication Type: DNIS Character Mode: NO_PARITY_EIGHT_BIT DNIS Authentication Timeout: 0 Prompt Delay: 0 seconds Prompt Timeout: 300 seconds Special Xon Xoff Flow Control DISABLED Use DNIS Authenticated Pool: DISABLED
We have an idea to set the system to factory default first and then re-configure again to our setting. Do you have any comment about our planning?
-mna-
On Wednesday 17 December 2003 19:08, alex wrote:
Can you put here any radius authentication packet (access-accept)? You can do it on ARC: monitor radius.
It will look like this one:
---------------------------------------------------------------------
Source-IP Src-Port Destination-IP Dest-Port Id Packet-Type
---------------------------------------------------------------------
x.x.x.x 1812 y.y.y.y 1645 182 Access-Accept
---------------------------------------------------------------------
Time Stamp : 17-DEC-2003 17:03:01
---------------------------------------------------------------------
Framed-IP-Address : 255.255.255.254 Framed-IP-Netmask : 255.255.255.255 Framed-Protocol : PPP Service-Type : 2 Session-Timeout : 86400
Lewis Bergman wrote:
The strange is, it not happen on Windows 9x. I use
Windows 98 SE and I
don't get any dificulties. But my friend with Windows XP can not browsing to the most of site. So I think the RADIUS is find. I already tried with other RADIUS also (FreeRADIUS) and I get the same situation.
I agree it is strange. I think this has come up on the list before though. Check the archives.
That if you are using filters you disble them until you figure this out.
Actually, we have blocking packet from and to our customer (at modem interface site) for TCP and UDP port 135 - 139. It for blocking virus -like bluster. Here is the filter: HiPer>> show file filter.135 #filter IP: 010 AND tcp-dst-port >= 135; 020 REJECT tcp-dst-port <= 139; 030 AND udp-dst-port >= 135; 040 REJECT udp-dst-port <= 139; 050 AND tcp-src-port >= 135; 060 REJECT tcp-src-port <= 139; 070 AND udp-src-port >= 135; 080 REJECT udp-src-port <= 139;
Do you think this is the problem? If it true, why it anly happen at Windows 32 bit (like Windows XP)? and not at Windows 9x?
When I have a problerm I try to get to the base level, get it working, then add stuff back in one at a time. Exactly what attributes are you replying from radius with?
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
Randy and all expert, thanks a lot for your information. We've been set the MTU back to 1500 and Windows XP now can browsing again. My problem is solved. Only I have my own question: why Windows XP can not recieve the MTU 576? -mna- On Thursday 18 December 2003 12:37, Randy Cosby wrote:
Why are you setting the framed-MTU? I'd look there first.
-----Original Message----- From: usr-tc-bounces+dcosby=infowest.com@mailman.xmission.com [mailto:usr-tc-bounces+dcosby=infowest.com@mailman.xmission.co m] On Behalf Of Moh. Noor Al 'Azam Sent: Wednesday, December 17, 2003 9:55 PM To: Discussion relating to the 3Com/US Robotics Total Control modem systems. Subject: Re: [USR-TC] HiperARC with WindowsXP Connection
Below is the resul of Monitor RADIUS and show interface where I connect to the system:
--------------------------------------------------------------------- Source-IP Src-Port Destination-IP Dest-Port Id Packet-Type --------------------------------------------------------------------- 202.154.4.104 1645 202.154.57.45 1645 5 Access-Request ---------------------------------------------------------------------
User-Name : novi User-Password : xxxxxxxxxx NAS-IP-Address : 202.154.4.104 NAS-Port : 1798 Acct-Session-Id : 117768442 Interface-Index : 3054 Nas-Supports-Tags : 0 Service-Type : 2 Framed-Protocol : PPP Chassis-Call-Slot : 8 Chassis-Call-Span : 1 Chassis-Call-Channel : 6 Calling-Station-Id : 0315472663 Called-Station-Id : Initial-Connect-Rate : 1 NAS-Port-Type : 0
--------------------------------------------------------------------- Source-IP Src-Port Destination-IP Dest-Port Id Packet-Type --------------------------------------------------------------------- 202.154.57.45 1645 202.154.4.104 1645 5 Access-Accept ---------------------------------------------------------------------
Framed-Compression : 1 Primary-DNS-Server : ca 9a 39 22 Secondary-DNS-Server : ca 9a 1 2 Framed-MTU : 576 Session-Timeout : 36000 Reply-Message : Auth ok.
HiPer>> show interfaCE slot:8/mod:6
INTERFACE slot:8/mod:6 SETTINGS Description: GWC Modem Driver Type: RS232 Speed: 24000 High Speed: 0 Administrative Status: Up Operational Status: Up Link Up/Down Traps: DISABLED Promiscuous Mode: FALSE Connector Present: TRUE Filter Access: OFF Last Change: 0d 00:01:25 Input Filter: Output Filter: Host Type: SELECT Connection Type: NORMAL Port Type: LOGIN_NETWORK User Name: Access: TWO_WAY Dial Prefix: Init Script: USR_int TCP Port: 0 Protocol: PPP Prompt: \nlogin: Prompt Style: LOCAL Message: \nWelcome to 3Com Total Control HiPer ARC (TM)\nNetworks That Go The Distance (TM)\n Host Address: 0.0.0.0 Disable Authentication for call type: NONE Login Service: TELNET Call Type : NONE DNIS Authentication: DISABLED DNIS Authentication Time: BEFORE_ANSWER DNIS Authentication Type: DNIS Character Mode: NO_PARITY_EIGHT_BIT DNIS Authentication Timeout: 0 Prompt Delay: 0 seconds Prompt Timeout: 300 seconds Special Xon Xoff Flow Control DISABLED Use DNIS Authenticated Pool: DISABLED
We have an idea to set the system to factory default first and then re-configure again to our setting. Do you have any comment about our planning?
-mna-
On Wednesday 17 December 2003 19:08, alex wrote:
Can you put here any radius authentication packet (access-accept)? You can do it on ARC: monitor radius.
It will look like this one:
---------------------------------------------------------------------
Source-IP Src-Port Destination-IP Dest-Port Id
Packet-Type
---------------------------------------------------------------------
x.x.x.x 1812 y.y.y.y 1645 182 Access-Accept
---------------------------------------------------------------------
Time Stamp : 17-DEC-2003 17:03:01
---------------------------------------------------------------------
Framed-IP-Address : 255.255.255.254 Framed-IP-Netmask : 255.255.255.255 Framed-Protocol : PPP Service-Type : 2 Session-Timeout : 86400
Lewis Bergman wrote:
The strange is, it not happen on Windows 9x. I use
Windows 98 SE and I
don't get any dificulties. But my friend with Windows XP
can not browsing
to the most of site. So I think the RADIUS is find. I already tried with other RADIUS also (FreeRADIUS) and I
get the same
situation.
I agree it is strange. I think this has come up on the
list before though.
Check the archives.
That if you are using filters you disble them until you
figure this out.
Actually, we have blocking packet from and to our
customer (at modem
interface site) for TCP and UDP port 135 - 139. It for
blocking virus
-like bluster. Here is the filter: HiPer>> show file filter.135 #filter IP: 010 AND tcp-dst-port >= 135; 020 REJECT tcp-dst-port <= 139; 030 AND udp-dst-port >= 135; 040 REJECT udp-dst-port <= 139; 050 AND tcp-src-port >= 135; 060 REJECT tcp-src-port <= 139; 070 AND udp-src-port >= 135; 080 REJECT udp-src-port <= 139;
Do you think this is the problem? If it true, why it anly
happen at
Windows 32 bit (like Windows XP)? and not at Windows 9x?
When I have a problerm I try to get to the base level, get
it working,
then add stuff back in one at a time. Exactly what
attributes are you
replying from radius with?
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
participants (4)
-
alex -
Lewis Bergman -
Moh. Noor Al 'Azam -
Randy Cosby