[cisco-nas] dhcp "like" ppp aaa - maybe silly question ;-)
Tassos Chatzithomaoglou
achatz at forthnet.gr
Mon Nov 3 09:53:16 EST 2003
Aaron Leonard wrote:
>> Aaron Leonard wrote:
>
>
>> >> Is there a way to have username/password authentication/accounting
>> >> (with radius) when
>> >> using dhcp, just like normal ppp?
>> >
>> >
>> >> If yes, is there a way to have per-user (security, qos) attributes
>> >> applied through radius?
>> >
>> >
>> > Sounds like you're talking about 802.1X, or something like it, perhaps?
>> >
>> >
>> http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123limit/123x/123xa/gt_802_1.htm
>>
>> >
>> >
>> http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/3550scg/sw8021x.htm
>>
>> >
>
>
>> Quite interesting.....but 2 questions come to my mind:
>
>
>> 1. What encapsulation does virtual-template use?
>> 2. Is there a 802.1X accounting method?
>
>
>> >
>> > What exact physical topology connects these users to the network?
>> >
>
>
>> These users are terminated (RFC1483 Routing/Bridging) in a dslam and
>> until now they just
>> get an ip through dhcp. We're trying to find a way in order to make
>> them "behave" like ppp
>> users with username/password authentication/accounting, per-user
>> attributes/qos, like we
>> do in all our other users through our radius servers.
>
>
> Well, the right answer (I suppose you know this already) is
> to switch from RFC-1483 to PPPoA or PPPoE. I'm not sure what
> you can do with RFC-1483 ... maybe someone has some ideas?
>
I'm using RFC1483 and not PPPoX for this scenario, because we're using video multicasting
and we want to have 1 multicast stream per dslam. If we use PPPoX, then we'll have many
streams from the bras to the dslam, because the user ppp/ip will be terminated on the
bras. Of course there is the solution of an ip dslam and we are going to have a further
look at it.
> Aaron
>
--
***********************************
Chatzithomaoglou Anastasios
Network Design & Operations Center
FORTHnet S.A.
<achatz at forthnet.gr>
***********************************
More information about the cisco-nas
mailing list