Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
742
Views
10
Helpful
4
Replies

ip pools behavior, simultaneously login same username

harmkanters
Level 1
Level 1

‎11-29-2004 02:13 PM - edited ‎03-10-2019 01:54 PM

I notice that, the ip-pool system does not function properly when a username is used twice @ the same moment. the 2nd user gets the same ip address assigned & i see a : nas port re-used: message in the log. ACS 3.0 windows.

Can i get this to work ? how ? upgrade necessary ?

Labels:
0 Helpful
4 Replies 4

gfullage
Cisco Employee
Cisco Employee

‎11-29-2004 08:15 PM

ACS will assign unique IP addresses based on requests from a NAS with a unique port value. If the NAS, whatever it might be, is using the same port number in it's request to ACS, then ACS will assume that the NAS is asking for the same IP address again, and it will give that out. It will then also write a "NAS port re-used" error in its logs.

The NAS should be using unique port numbers in its requests, so if you can fix that then the problem with ACS will go away automatically.

There is a feature request with ACS (http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdu35333&Submit=Search) that was recently fixed in 3.2 which may get around your problem if you're using non-Cisco NAS's.

harmkanters
Level 1
Level 1
In response to gfullage

‎11-30-2004 12:42 AM

thanks for your input

Our radius client is an ericsson GPRS node.

I will upgrade to 3.3 today.

I will keep you informed

0 Helpful

harmkanters
Level 1
Level 1
In response to harmkanters

‎11-30-2004 09:57 AM

We upgraded to 3.3

We still see the message :"nas port re-used".

Do you know if the fix is also included in 3.3 ?

0 Helpful

gfullage
Cisco Employee
Cisco Employee
In response to harmkanters

‎11-30-2004 05:03 PM

Sorry, my apologies, I thought this change would be automatic but then wondered how on earth ACS would figure out different session if they have the same port number.

Researched the bug a bit more and what they did in 3.2 was add another option under each NAS. Go under the Netowrk Config section and click on the specific NAS, scroll down and you'll see a checkbox for "Replace RADIUS Port info with Username from this AAA Client". Check this, and ACS will then use the username rather than the port info for this NAS to define different sessions.

Having said that though, I don't think this is going to work for you because this relies on different usernames being used, which in your case it isn't. The bug seems to have been created (and fixed) for NAS's that don't include a NAS port in their requests at all, and so ACS can now use the username as the definer for each session. The caveat to this bug though is that usernames have to be unique, if the same user logs in they'll get assigned the same IP address out of the pool.

The crux of all this is that if you're using the same username on the same NAS, and that NAS is using the same port number, how is ACS supposed to know this is for different sessions?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents