[c-nsp] DHCP per user features
Maile Halatuituia
maile.halatuituia at tcc.to
Wed Mar 6 17:19:35 EST 2019
Hi Mike
I hope someone would able to provide the clue as I am looking for the same thing as well.
At least my issue is how can I authenticate a DHCP client before ip address is being assigned, as in PPPoE ... I understand DHCP lack that but I hope someone would have some working clue.
-----Original Message-----
From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> On Behalf Of Mike
Sent: Thursday, 7 March 2019 10:08 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] DHCP per user features
Hello,
I have ASR1000 and am terminating subscriber access PPPoE sessions on it. I am making a move twords supporting DHCP for subscriber access and I am trying to envision how to support the same subscriber features I am using under PPPoE.
For PPPoE, the magic happens in radius. The three primary features I support are:
Per-user firewall - a configurable packet filter choice (in practice, three choices - no, medium, or high filtering)
Per-user rate limits - Policing to enforce upload/download speed limits
Per-user ip assignment - assigning fixed ip address / subnets
For a DHCP access model, I know I can do magic-foo with my dhcp server using option 82 or circuit-id arguments to select the right values. But these other two features (firewall and ratelimiting) I have no clue how to get this programmed in for the subscriber session. I have tried reading up on 'isg subscriber sessions' which seems to indicate it can do something with dhcp subscribers, but the documentation is really difficult and I find no real examples for same. It also states per-user firewall is not supported nor is policing.
Any clues would be most appreciated....
Mike-
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Confidentiality Notice: This email (including any attachment) is intended for internal use only. Any unauthorized use, dissemination or copying of the content is prohibited. If you are not the intended recipient and have received this e-mail in error, please notify the sender by email and delete this email and any attachment.
Confidentiality Notice: This email (including any attachment) is intended for internal use only. Any unauthorized use, dissemination or copying of the content is prohibited. If you are not the intended recipient and have received this e-mail in error, please notify the sender by email and delete this email and any attachment.
More information about the cisco-nsp
mailing list