This page is for network support personnel responsible for "mobile" (open) network ports secured by KarlNet KarlBridge and KarlRouter hardware and Extreme Networks Summit switches. It lists the contacts and procedures for reporting problems with the secure web server and the authentication program used by end-users to authenticate and gain network access. Also see a summary of how it works and user information.
The web server is Microsoft Internet Information Server. The portlogin.aspx and portlogout.aspx (and newer optional netlogin.aspx) pages invoke the CGI program "noah.exe". A new instance of that program is launched for every login/logout, so there is no single "authentication server" that runs all the time. However, new for 2004 is an SNMP trap service that the Summit switches notify when a port is disconnected; that removes the ACLs for the address, eliminating a need for users to logout.
This service is offered to PSU campuses and departments on a conditional basis. Before deploying mobile ports that depend on it we ask that you tell us:
Server capacity has not been an issue, but we must be sure we have the capacity for new ports and increased load on the server.
We will test connectivity to your bridge. We will not debug problems with your bridge or its configuration.
The primary server and page is:
https://clc.its.psu.edu/portlogin.aspx
A backup server and page is at:
https://clc1.its.psu.edu/portlogin.aspx
Note the S after "http".
The same two machines run non-SSL servers. If users can connect to http://clc.its.psu.edu (no S after http), then the path to the machine is ok and the server is probably down.
Note that if the login program reports system errors to the user, it also sends e-mail to administrators, so it is not necessary to report these error messages.
If the SNMP set for the filter bypass does not receive a reply from the bridge(s) in 10 tries, the user is given this message. The error is also e-mailed as noted above.
In the case of a segment with multiple bridges, the message is:
Bridges at <name>: only x of y answered
The user may be ok if s/he are on the part of the segment protected by a bridge that did acknowledge the filter bypass.
Authorized persons can use the config page to see which bridge is not working.
If there is no answer from https://clc.its.psu.edu, please do the following:
If the server answers, but there is another problem logging in:
Please verify that the server really is down as described above, and it is not a network problem. Note that the web server is monitored continuously and outages are reported immediately to cell phones (if that mechanism is working). There are occasional deliberate outages to reboot the server after installing something or to upgrade hardware. Remember, your end users should know to try the backup server.
If you think the server is down, please contact the CLC Hotline.
New Fall 2005: we are developing a new database and web programs to access it to provide self-service for adding and changing device configurations. Configuration changes can still be done the old way (see below), or you and request that you are added to the authorization list for the new service.
To be given access to the new service at https://clc.its.psu.edu/MopAdmin/, send an email to us at admin at staff.win.psu.edu with your access account userid, what unit (department, college, or campus) you are with and what devices you administer.
Send email with configuration changes (new bridges, etc.) to admin at staff.win.psu.edu. Please do not email Brian or Chris directly. Entries should be in the form of:
| [Hazleton]
Bridge=146.186.xx.x (use Switch= for Extreme Networks switches) Prefix=146.186.xx IPLow=y IPHigh=z Password=xxxxxx Timeout=600 (optional; default is 1800 seconds) Pals=no (optional; default is NO) |
(no leading blanks) would be appreciated. Definitions of values:
Irrelevant now.
Several administrative programs are being replaced by a new system; part of that is working now; click here to try it. If you don't have access, send your userid and department or campus, to admin at staff.win.psu.edu requesting access to the MopAdmin application. Provide your access account userid, what unit (department, college, or campus) you are with and what devices you administer.
For Fall 2005, changes are moved to the private page at https://clc.its.psu.edu/MopAdmin -- go there.
| Date/Time | Module/
Version |
Description |
| 8/18/05 | Noah 2.1.1 | Eliminate .NET module that runs slowly on JAWS1 when called from unmanaged
code (a mystery). Everyone will see a 1.6 second speed improvement. Add text to message for error 16 for Extreme switches. Add information to exceptions logged for Extreme switches. |
| 6/15/05 | Server | Move clc.its.psu.edu to new hardware and OS Win Server 2003 w/ SP1. |
| 1/26/05 | NoahStats | Added code to restrict results to bridge(s) user is authorized for. |
| 5/14/04 | * | Did last change in migration to new web server address as described here. |
| 2/4/00 | * | Yes, there really were no outages or changes in 1999. There were some occasional network outages unrelated to the service, otherwise it has been perfect! |
| 11/16/98 15:36-18:52 | httpd | Server restarts and gets an internal error. Machine rebooted. Monitor apparently not working. |
| 3/3/98 to 3/5/98 | Backup server | NoahClean had removed all LoginList records, and Noah.exe program failed to handle missing file correctly. |
| 10/9/97 | NoahStats
1.0.31 |
Remove duplicate counting of invalid IP addresses. |
| 10/2/97 | >NoahStats | New program to present tables of logins by location |
| 9/29/97 | NoahWho> | New program to list LoginList records. |
| 9/29/97 | NoahClean | New program to remove records older than 24 hours from LoginList. |
| 9/29/97 | 1.2.11 | Change format of noah.bin (shorten bridge addresses to 15 bytes). |
| 9/25/97 14:31 | httpd | Same crash, apparently around 10:12; noticed by RBF at 14:31. We need a monitoring program. |
| 9/23/97 15:00 | config | Current configuration copied to Zephyr |
| 9/21/97 13:48 | httpd | Restarted (?) |
| 9/19/97 14:00 | 1.2.10 | Has multiple bridge support, put on Antares to be tested from DuBois. |
| 9/18/97 8:51 | httpd | Access violation |