NAT for internet access working on some users and some not working (Pro edition)

Before posting something, READ the changelog, WATCH the videos, howto and provide following:
Your install is: Bare metal, ESXi, what CPU model, RAM, HD, what EVE version you have, output of the uname -a and any other info that might help us faster.

Moderator: mike

Post Reply
cluser
Posts: 6
Joined: Wed Jan 08, 2020 9:41 pm

NAT for internet access working on some users and some not working (Pro edition)

Post by cluser » Thu Jan 16, 2020 10:02 pm

Good evening EVE masters, so I have this question for the Pro edition 2.0.6-34-PRO, bare metal install

This behavior is weird, so I used the NAT cloud function to get out internet as described in latest cookbook page 158...

There is this simple interconnect with different users, different labs, all users have either editor or admin privileges, some get IP from 172.29.129.0/24 and can get out the internet just fine, some don't, I believed at first that only one user at a time could get NAT due to licensing restriction of some sort, but I had proof of concept that I could concurrently get internet connectivity through NAT with at least two users, then I shut down all their labs, ensured nothing else was logged in, built a cookie cutter NAT connection and attemped DHCP for one of the users that has been having troubles and DHCP interface is UP but remains unassigned, debiug reveals "Unknown DHCP problem", discover attempts show something like this:
/0
*Jan 16 21:43:00.043: Temp sub net mask: 0.0.0.0
*Jan 16 21:43:00.043: DHCP Lease server: 0.0.0.0, state: 3 Selecting
*Jan 16 21:43:00.043: DHCP transaction id: 25A6
*Jan 16 21:43:00.043: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
*Jan 16 21:43:00.043: Next timer fires after: 00:00:04
*Jan 16 21:43:00.043: Retry count: 3 Client-ID: cisco-0110.0001.0000-Gi0/0
*Jan 16 21:43:00.043: Client-ID hex dump: 636973636F2D303131302E303030312E
*Jan 16 21:43:00.044: 303030302D4769302F30
*Jan 16 21:43:00.044: Hostname: Router
*Jan 16 21:43:00.044: DHCP: SDiscover placed class-id option: 636973636F706E70
*Jan 16 21:43:00.045: DHCP: SDiscover: sending 305 byte length DHCP packet
*Jan 16 21:43:00.045: DHCP: SDiscover 305 bytes
*Jan 16 21:43:00.045: B'cast on GigabitEthernet0/0 interface from 0.0.0.
0
*Jan 16 21:43:04.043: DHCP: QScan: Timed out Selecting state%Unknown DHCP problem..
No allocation possible
*Jan 16 21:43:13.140: DHCP: Waiting for 15 seconds on interface GigabitEthernet0/0


Thanks in advanced,
You do not have the required permissions to view the files attached to this post.

cluser
Posts: 6
Joined: Wed Jan 08, 2020 9:41 pm

Re: NAT for internet access working on some users and some not working (Pro edition)

Post by cluser » Fri Jan 17, 2020 5:18 am

From nullblackhole:
Moderator EVE MASTER
7:31 PM
Login as the user having problem...build a new lab...deploy eve server docker (dont forget to check dhcp box)
and see if this works
7:34 PM
so build a fresh lab and deploy this and also a NAT cloud and connect together and see if it works

8:20 PM
Regarding the NAT issue... I created a Docker eve-gui server with dhcp enabled, but does not let me connect to it looks like connection to port 43339 is unresponsive

8:27 PM
Also... I just created a Docket eve-gui server in a "good" editor user profile, and works like a charm, it looks like these set of editor role users issues is beyond NAT, I also noticed that when I added a Fortinet node, when I create a connection to another node, that ethernet interface comes right up, but on the "broken" users, shows as down. with these exercises, I always ensure that I shutdown running labs so I do not exceed the user license limit.

10:12 PM
I did not see further response on my nat concern, (tried docker, no joy with the "bad" users, docker works fine with the users where a standard cisco router NAT cloud works), I will check to see if anyone posts any reply on the forum thread in a couple of days, thank you folks.

Uldis (UD)
Posts: 3365
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: NAT for internet access working on some users and some not working (Pro edition)

Post by Uldis (UD) » Sat Jan 18, 2020 12:07 pm

Please check if your vIOS router for diff users, in casre has not same MAC address !!!
As well User POD number must be in range 0-127

Uldis

cluser
Posts: 6
Joined: Wed Jan 08, 2020 9:41 pm

Re: NAT for internet access working on some users and some not working (Pro edition)

Post by cluser » Tue Jan 21, 2020 3:24 pm

Thanks Uldis,

It was the latter, User PODs above 127 having issues... not only NAT issues got fixed, but also Fortigate interface users not coming up.

Do you know if this max number of 127 users limitation is going to persist in EVE or it is by design?

Here's the scoop:

The organization for which I work for is evaluating the use of Eve Learning center edition for multiuser learning classes, I loaded over 250 user profile in EVE, most of these users were in the most limited "User" profile, where they are not allowed to edit labs, but some editor profiles leaked over the 127 number... this is setup to authenticate with Radius, therefore, this is why I loaded all these profiles, realistically our paid evaluation has been limited to very few editors and users, and I thought the license limitation was only for number of concurrent users, once the limit exceeded, the system would not let me use more, I never thought that the system would limit some functionality of the QEMU images base on the POD number.

Post Reply