Go to the Penn State Home page

Go to the CLC Home page

Go to the ITS Home page
This site uses .Net links. Please use Text Only version for screen readers.  Text Only Printable Version    Secure Server Search CLC:   
   
  CLC Home
  News
  Labs
  Classrooms
  Assistive Technology
  Printing
  Disk Space
  Authentication
  Mobile Ports
  Verify Password
  Lab Admin Support
  Contacts
  About Us
  Search

KarlBridge Authentication Server
Problems, Administration and Contacts

Contents

Introduction

This page is for network support personnel responsible for "mobile" (open) network ports secured by KarlNet KarlBridge and KarlRouter hardware and Extreme Networks Summit switches.  It lists the contacts and procedures for reporting problems with the secure web server and the authentication program used by end-users to authenticate and gain network access.  Also see a summary of how it works and user information.

The web server is Microsoft Internet Information Server.  The portlogin.aspx and portlogout.aspx (and newer optional netlogin.aspx) pages invoke the CGI program "noah.exe".  A new instance of that program is launched for every login/logout, so there is no single "authentication server" that runs all the time.  However, new for 2004 is an SNMP trap service that the Summit switches notify when a port is disconnected; that removes the ACLs for the address, eliminating a need for users to logout.

Support

This service is offered to PSU campuses and departments on a conditional basis.  Before deploying mobile ports that depend on it we ask that you tell us:

Server capacity has not been an issue, but we must be sure we have the capacity for new ports and increased load on the server.

We will test connectivity to your bridge.  We will not debug problems with your bridge or its configuration.

Servers

The primary server and page is:
    https://clc.its.psu.edu/portlogin.aspx
A backup server and page is at:
    https://clc1.its.psu.edu/portlogin.aspx

Note the S after "http".

The same two machines run non-SSL servers.  If users can connect to http://clc.its.psu.edu (no S after http), then the path to the machine is ok and the server is probably down.

Problems

Note that if the login program reports system errors to the user, it also sends e-mail to administrators, so it is not necessary to report these error messages.

(1) Bridge at <name> <ip address> did not answer

If the SNMP set for the filter bypass does not receive a reply from the bridge(s) in 10 tries, the user is given this message.  The error is also e-mailed as noted above.

In the case of a segment with multiple bridges, the message is:

The user may be ok if s/he are on the part of the segment protected by a bridge that did acknowledge the filter bypass.

Authorized persons can use the config page to see which bridge is not working.

(2) Client Browser, No Reply

If there is no answer from https://clc.its.psu.edu, please do the following:

(3) Other Problems

If the server answers, but there is another problem logging in:

Contacts

Server Down

Please verify that the server really is down as described above, and it is not a network problem.  Note that the web server is monitored continuously and outages are reported immediately to cell phones (if that mechanism is working).  There are occasional deliberate outages to reboot the server after installing something or to upgrade hardware.  Remember, your end users should know to try the backup server.

If you think the server is down, please contact the CLC Hotline.

Configuration Changes

New Fall 2005: we are developing a new database and web programs to access it to provide self-service for adding and changing device configurations.   Configuration changes can still be done the old way (see below), or you and request that you are added to the authorization list for the new service.  

To be given access to the new service at https://clc.its.psu.edu/MopAdmin/, send an email to us at  admin at staff.win.psu.edu with your access account userid, what unit (department, college, or campus) you are with and what devices you administer.

Old Way

Send email with configuration changes (new bridges, etc.) to admin at staff.win.psu.edu.  Please do not email Brian or Chris directly.    Entries should be in the form of:

(no leading blanks) would be appreciated.   Definitions of values:

Server Files

Irrelevant now.

Administrative Programs

Several administrative programs are being replaced by a new system; part of that is working now; click here to try it. If you don't have access, send your userid and department or campus, to admin at staff.win.psu.edu requesting access to the MopAdmin application.  Provide your access account userid, what unit (department, college, or campus) you are with and what devices you administer.

Changes and Outages

For Fall 2005, changes are moved to the private page at https://clc.its.psu.edu/MopAdmin -- go there.

Date/Time Module/ 
 Version		 Description
8/18/05 Noah 2.1.1 Eliminate .NET module that runs slowly on JAWS1 when called from unmanaged code (a mystery).  Everyone will see a 1.6 second speed improvement.
Add text to message for error 16 for Extreme switches.
Add information to exceptions logged for Extreme switches.
6/15/05 Server Move clc.its.psu.edu to new hardware and OS Win Server 2003 w/ SP1.
1/26/05 NoahStats Added code to restrict results to bridge(s) user is authorized for.
5/14/04 * Did last change in migration to new web server address as described here.
2/4/00 * Yes, there really were no outages or changes in 1999.  There were some occasional network outages unrelated to the service, otherwise it has been perfect!
11/16/98 15:36-18:52 httpd Server restarts and gets an internal error.  Machine rebooted.  Monitor apparently not working.
3/3/98 to 3/5/98 Backup server NoahClean had removed all LoginList records, and Noah.exe program failed to handle missing file correctly.
10/9/97 NoahStats 
1.0.31		 Remove duplicate counting of invalid IP addresses.
10/2/97 >NoahStats New program to present tables of logins by location
9/29/97 NoahWho> New program to list LoginList records.
9/29/97 NoahClean New program to remove records older than 24 hours from LoginList.
9/29/97 1.2.11 Change format of noah.bin (shorten bridge addresses to 15 bytes).
9/25/97 14:31 httpd Same crash, apparently around 10:12; noticed by RBF at 14:31.  We need a monitoring program.
9/23/97 15:00 config Current configuration copied to Zephyr
9/21/97 13:48 httpd Restarted (?)
9/19/97 14:00 1.2.10 Has multiple bridge support, put on Antares to be tested from DuBois.
9/18/97 8:51 httpd Access violation