[c-nsp] DHCP per user features

Charles Boening charlieb at calore.net
Wed Mar 6 18:38:21 EST 2019 

Captured portal might work.  

I'm not sure you will be able to do the custom RADIUS stuff like ACL and policies.  You can do framed-ip-address though for reservations.

Check out http://www.network1.net/products/dhcpatriot/

I think Infoblox has something as well.




-----Original Message-----
From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> On Behalf Of Maile Halatuituia
Sent: Wednesday, March 6, 2019 2:20 PM
To: Mike <mike-cisconsplist at tiedyenetworks.com>; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] DHCP per user features

EXTERNAL EMAIL - Use caution when opening attachments, clicking links, or sharing sensitive information.


Hi Mike
I hope someone would able to provide the clue as I am looking for the same thing as well.
At least my issue is how can I authenticate a DHCP client before ip address is being assigned, as in PPPoE ... I understand DHCP lack that but I hope someone would have some working clue.

-----Original Message-----
From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> On Behalf Of Mike
Sent: Thursday, 7 March 2019 10:08 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] DHCP per user features

Hello,


    I have ASR1000 and am terminating subscriber access PPPoE sessions on it. I am making a move twords supporting DHCP for subscriber access and I am trying to envision how to support the same subscriber features I am using under PPPoE.


    For PPPoE, the magic happens in radius. The three primary features I support are:

    Per-user firewall - a configurable packet filter choice (in practice, three choices - no, medium, or high filtering)

    Per-user rate limits - Policing to enforce upload/download speed limits

    Per-user ip assignment - assigning fixed ip address / subnets


    For a DHCP access model, I know I can do magic-foo with my dhcp server using option 82 or circuit-id arguments to select the right values. But these other two features (firewall and ratelimiting) I have no clue how to get this programmed in for the subscriber session. I have tried reading up on 'isg subscriber sessions' which seems to indicate it can do something with dhcp subscribers, but the documentation is really difficult and I find no real examples for same. It also states per-user firewall is not supported nor is policing.


    Any clues would be most appreciated....

Mike-





_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Confidentiality Notice: This email (including any attachment) is intended for internal use only. Any unauthorized use, dissemination or copying of the content is prohibited. If you are not the intended recipient and have received this e-mail in error, please notify the sender by email and delete this email and any attachment.
Confidentiality Notice: This email (including any attachment) is intended for internal use only. Any unauthorized use, dissemination or copying of the content is prohibited. If you are not the intended recipient and have received this e-mail in error, please notify the sender by email and delete this email and any attachment.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list