We have a 3661 router that we Ras into and get authenticated to an external raduis server for the secure ID. Occasionally we get a user that all of a sudden will not work anymore he logins gets an ip address the gets kick out with a winsock error. IP's given out via an address Pool on the router. Our fix is to get them another username and all is working again. by the way user gets the SAME IP everytime they login.
My question is does the router hand out the ip by username, if so where can we clear that? When we retire a username does the ip stay with that username?
If the router does not hand out IP's via username how does it know to give the same person the same IP everytime?
If the ip address will be allocated via address pool on the router, the router should allocate the ip address based on availability and not by the username. So it will not allocate the same ip address all the time to a perticular user.
Have you seen that user is always getting the same ip address all the time? Means if user dialin and disconnect, again dialin after 1-2 hours, still gets the same ip address? That should not happen.
I assume that you have "dialer in-band" configured. Issue "sh dialer map" when that user connects and disconncts and see the dynamic dialer-map for that user gets cleared once that user dropped off or disconncted.
Yes user get the same IP that was given to them the first time they log in.
We do have the dialer in-band configured.
For some reason as was stated in my problem the user gets the same IP. Once in awhile we get a problem that they get disconnected after looging in getting a winsosk error like the IP has been corrupted? We give them another username and they worl again because they get a new ip address .
I did check the dialer map and did not see the problematic user there, so I am assuming that it releases it.
Looks to me that PC is the one which may be caching that ip address once they get that Winsosk error. Anyway if youget a report like that again now, do not change the username and ask the user to dialin with the same username and enable following debug and capture it for him
debug ppp negotiation
debug ppp authentication
debug aaa authentication
debug aaa authorization
Above debug will indicate that how the ip address negotiation is going on etc.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...