DComTalk.com

Matt · Guest

Hi,
I have two AS5800 access servers. They seem to interpret Idle-Timeout
and Ascend-Idle-Limit as Session-Limit or something like that.

If I set the Idle-Timeout to 30 minutes, people seem to get kicked off
line after 30 minutes with a reason of "Idle-Timeout" even if they were
downloading a file.

Any thoughts?

My config for the groups and async is:

interface Group-Async0
no ip address
encapsulation slip
no group-range
!
interface Group-Async1
ip unnumbered FastEthernet0/1/0
ip access-group 105 in
ip access-group 105 out
encapsulation ppp
dialer in-band
dialer idle-timeout 0
async dynamic address
async dynamic routing
async mode interactive
peer default ip address pool pool0 pool1 pool2 pool3
compress mppc
ppp pfc remote ignore
ppp acfc remote ignore
ppp authentication chap pap
ppp multilink
group-range 1/6/00 1/11/143
!
interface Dialer1
ip unnumbered FastEthernet0/1/0
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer in-band
dialer idle-timeout 0
no peer default ip address
no fair-queue
ppp authentication chap pap
ppp multilink
!

Matt · Guest

Actually it seems like it IS working....
However, it seems like the AS5800 is not reset the idle timeout when
someone passes data!!! Any thoughts on this one?!?!

Matt wrote:

Aaron Leonard · Guest

If you want any traffic to be considered as interesting, and hence to
reset your idle timeout, then you would need to configure a dialer-group
on the relevant interface (which I presume is group-async1, as there is
no dialer rotary or dialer pool-member configured to bind it to dialer1),
which dialer-group should point to a dialer-list.

Cheers,

Aaron

--

~ Actually it seems like it IS working....
~ However, it seems like the AS5800 is not reset the idle timeout when
~ someone passes data!!! Any thoughts on this one?!?!
~
~
~ Matt wrote:
~ > Hi,
~ > I have two AS5800 access servers. They seem to interpret Idle-Timeout
~ > and Ascend-Idle-Limit as Session-Limit or something like that.
~ >
~ > If I set the Idle-Timeout to 30 minutes, people seem to get kicked off
~ > line after 30 minutes with a reason of "Idle-Timeout" even if they were
~ > downloading a file.
~ >
~ > Any thoughts?
~ >
~ >
~ > My config for the groups and async is:
~ >
~ > interface Group-Async0
~ > no ip address
~ > encapsulation slip
~ > no group-range
~ > !
~ > interface Group-Async1
~ > ip unnumbered FastEthernet0/1/0
~ > ip access-group 105 in
~ > ip access-group 105 out
~ > encapsulation ppp
~ > dialer in-band
~ > dialer idle-timeout 0
~ > async dynamic address
~ > async dynamic routing
~ > async mode interactive
~ > peer default ip address pool pool0 pool1 pool2 pool3
~ > compress mppc
~ > ppp pfc remote ignore
~ > ppp acfc remote ignore
~ > ppp authentication chap pap
~ > ppp multilink
~ > group-range 1/6/00 1/11/143
~ > !
~ > interface Dialer1
~ > ip unnumbered FastEthernet0/1/0
~ > encapsulation ppp
~ > no ip route-cache
~ > no ip mroute-cache
~ > dialer in-band
~ > dialer idle-timeout 0
~ > no peer default ip address
~ > no fair-queue
~ > ppp authentication chap pap
~ > ppp multilink
~ > !

Matt · Guest

Well,
The configuration on both of our access servers look exactly the same...
hrmmm =\

Matt wrote:

Matt · Guest

Aaron,
Thanks I'm about to check this out today, as it's working on one of our
AS5800's but not the other. How can I go about setting an amount of
data to be "interesting" so that just leaving mail open doesn't keep a
connection up?

Aaron Leonard wrote:

Aaron Leonard · Guest

On Mon, 05 Dec 2005 08:19:05 -0500, Matt <matth@nowhere.com> wrote:

~ Aaron,
~ Thanks I'm about to check this out today, as it's working on one of our
~ AS5800's but not the other. How can I go about setting an amount of
~ data to be "interesting" so that just leaving mail open doesn't keep a
~ connection up?

interface <blah>
dialer-group <woof>

dialer-list <woof> protocol ip list <baz>

access-list <baz> deny <stuff that's not interesting>
access-list <baz> permit <stuff that is interesting>

Btw, please be aware that IOS provides MANY MANY different places where
a dialin modem call can be configured and MANY MANY idle timers that may
or may not be applicable:

- async lines
- [group] async interfaces
- legacy dialer interface (dialer rotary)
- dialer profile interface
- virtual-template interface
- commands and timers downloaded from AAA (on virtual profile or on async)
- RPM template

Timers can include: line session-timeout, interface dialer timeouts,
interface PPP timeouts, and probably some stuff I'm forgetting.

Regards,

Aaron

---

~
~ Aaron Leonard wrote:
~ > If you want any traffic to be considered as interesting, and hence to
~ > reset your idle timeout, then you would need to configure a dialer-group
~ > on the relevant interface (which I presume is group-async1, as there is
~ > no dialer rotary or dialer pool-member configured to bind it to dialer1),
~ > which dialer-group should point to a dialer-list.
~ >
~ > Cheers,
~ >
~ > Aaron
~ >
~ > --
~ >
~ > ~ Actually it seems like it IS working....
~ > ~ However, it seems like the AS5800 is not reset the idle timeout when
~ > ~ someone passes data!!! Any thoughts on this one?!?!
~ > ~
~ > ~
~ > ~ Matt wrote:
~ > ~ > Hi,
~ > ~ > I have two AS5800 access servers. They seem to interpret Idle-Timeout
~ > ~ > and Ascend-Idle-Limit as Session-Limit or something like that.
~ > ~ >
~ > ~ > If I set the Idle-Timeout to 30 minutes, people seem to get kicked off
~ > ~ > line after 30 minutes with a reason of "Idle-Timeout" even if they were
~ > ~ > downloading a file.
~ > ~ >
~ > ~ > Any thoughts?
~ > ~ >
~ > ~ >
~ > ~ > My config for the groups and async is:
~ > ~ >
~ > ~ > interface Group-Async0
~ > ~ > no ip address
~ > ~ > encapsulation slip
~ > ~ > no group-range
~ > ~ > !
~ > ~ > interface Group-Async1
~ > ~ > ip unnumbered FastEthernet0/1/0
~ > ~ > ip access-group 105 in
~ > ~ > ip access-group 105 out
~ > ~ > encapsulation ppp
~ > ~ > dialer in-band
~ > ~ > dialer idle-timeout 0
~ > ~ > async dynamic address
~ > ~ > async dynamic routing
~ > ~ > async mode interactive
~ > ~ > peer default ip address pool pool0 pool1 pool2 pool3
~ > ~ > compress mppc
~ > ~ > ppp pfc remote ignore
~ > ~ > ppp acfc remote ignore
~ > ~ > ppp authentication chap pap
~ > ~ > ppp multilink
~ > ~ > group-range 1/6/00 1/11/143
~ > ~ > !
~ > ~ > interface Dialer1
~ > ~ > ip unnumbered FastEthernet0/1/0
~ > ~ > encapsulation ppp
~ > ~ > no ip route-cache
~ > ~ > no ip mroute-cache
~ > ~ > dialer in-band
~ > ~ > dialer idle-timeout 0
~ > ~ > no peer default ip address
~ > ~ > no fair-queue
~ > ~ > ppp authentication chap pap
~ > ~ > ppp multilink
~ > ~ > !
~ >

Matt · Guest

Aaron,

Matt · Guest

Won't putting in the access-list <baz> effectively prohibit any other
traffic? I basically want to set something like a kilobytes threshold
where if the person does not transfer xK in Xseconds the system says
they are idle.

Additionally, where would you recommend I configure idle-timeout? I
have two AS5800's. The idle-timeout works on one, but not on the other.
I just went through the configurations, and as far as I can tell they
are configuration exactly the same.

Aaron Leonard · Guest

~ Won't putting in the access-list <baz> effectively prohibit any other
~ traffic?

No, in the dialer-group -> dialer-list -> access-list scenario, the
access list is used ONLY to determine whether the given traffic
received/transmitted is "interesting" (i.e. warrants placing a new
call and/or keeping an active call up rather than dropping it.) This
access list has no effect on what traffic is forwarded given that a
link is already up.

~ I basically want to set something like a kilobytes threshold
~ where if the person does not transfer xK in Xseconds the system says
~ they are idle.

interface <blah>
dialer idle-timeout <Xseconds>
dialer load-threshold <n>
dialer-group <woof>
bandwidth <nK>

So: if Xseconds elapse where the amount of "interesting traffic" as
defined in <woof> is less than n/255 * nK, the call should drop.

~ Additionally, where would you recommend I configure idle-timeout? I
~ have two AS5800's. The idle-timeout works on one, but not on the other.
~ I just went through the configurations, and as far as I can tell they
~ are configuration exactly the same.

Too many variables here I'm afraid. The most general approach is to
configure stuff on a virtual-template and to have all the calls be
on virtual profiles (interface virtual-access<n>). However, vprofiles
only get interesting-traffic-based idle timers in 12.2(4)T and above,
so you should be running current 12.3 mainline to take advantage of this.

Assuming current 12.3M then, I'd do:

virtual-profile virtual-template 1
multilink virtual-template 1
no virtual-profile if-needed

interface virtual-template 1
encapsulation ppp
ppp timeout idle <nseconds>
ip idle-group <n> in|out

access-list 101 [ ... ]

The downside of using vprofiles is that they typically use more CPU than
physical B-channel or async interfaces, so if you are challenged CPU power
wise (as can be the case with an AS5800 with many many calls active), you
might want to reconsider.

Cheers,

Aaron

---

~ > interface <blah>
~ > dialer-group <woof>
~ >
~ > dialer-list <woof> protocol ip list <baz>
~ >
~ > access-list <baz> deny <stuff that's not interesting>
~ > access-list <baz> permit <stuff that is interesting>
~ >
~ > Btw, please be aware that IOS provides MANY MANY different places where
~ > a dialin modem call can be configured and MANY MANY idle timers that may
~ > or may not be applicable:
~ >
~ > - async lines
~ > - [group] async interfaces
~ > - legacy dialer interface (dialer rotary)
~ > - dialer profile interface
~ > - virtual-template interface
~ > - commands and timers downloaded from AAA (on virtual profile or on async)
~ > - RPM template
~ >
~ > Timers can include: line session-timeout, interface dialer timeouts,
~ > interface PPP timeouts, and probably some stuff I'm forgetting.

Matt · Guest

Aaron,
Thanks very much.... again very helpful.
And we are using Virtual-Templates.
While I can put the idle timeout IN the template... I'd like to be able
to use the Idle-Timeout attribute for Ascend/Cisco on my radius server
to be able to set it that way.. can I?

The original question was why is my access server not restarting the
customer's Idle-Timeout?... across 2 AS5800's configured identical (so
far as I can tell).. the one takes the Idle-Timeout and will reset it
when the customer pushes any traffic. On the other AS5800, the
idle-timeout just keeps counting down until the customer is disconnected
with an "Idle-Timeout" message.

Aaron Leonard · Guest

On Tue, 06 Dec 2005 15:08:02 -0500, Matt <matth@nowhere.com> wrote:

~ Aaron,
~ Thanks very much.... again very helpful.
~ And we are using Virtual-Templates.
~ While I can put the idle timeout IN the template... I'd like to be able
~ to use the Idle-Timeout attribute for Ascend/Cisco on my radius server
~ to be able to set it that way.. can I?

Um ... I guess so, don't know offhand.

In general you can probably use the cisco avpair lcp:interface-config:<blah>
(typed from dim memory, syntax only approximate) to push (most) any
config command out.

~
~ The original question was why is my access server not restarting the
~ customer's Idle-Timeout?... across 2 AS5800's configured identical (so
~ far as I can tell).. the one takes the Idle-Timeout and will reset it
~ when the customer pushes any traffic. On the other AS5800, the
~ idle-timeout just keeps counting down until the customer is disconnected
~ with an "Idle-Timeout" message.

Well, if they behave differently, there must be something different, eh?

Different IOS version? Different config (grab the configs and diff 'em?)
Different Radius server behavior? Different client behavior?

These kind of things can be rather complex to track down ... many debugs,
not all of them accessible to me from the top of my head, may need to be
invoked to track this down.

Cheers,

Aaron

	DComTalk.com Forum Index -> Cisco	All times are GMT
Page 1 of 1