[rbak-nsp] dhcp only on interface
David Freedman
david.freedman at uk.clara.net
Sun Aug 3 16:36:34 EDT 2008
Ah, if that is the case then you definitely need CLIPS, secured ARP will not do this.
Can I just ask why exactly you /dont/ want to use CLIPS in this situation?
------------------------------------------------
David Freedman
Group Network Engineering
Claranet Limited
http://www.clara.net
-----Original Message-----
From: Frans Legdeur [mailto:frans at falco-networks.com]
Sent: Sun 8/3/2008 21:25
To: David Freedman; Marcin Kuczera; redback-nsp at puck.nether.net
Subject: Re: [rbak-nsp] dhcp only on interface
I believe this could be a bit more complicated, since the secured arp
command at the subscriber interface would make sure that the Redback answers
with its OWN mac address as being in the middle for any destination that the
subscriber tries to reach, after that the Redback has checked if this
destination is still available.
Next to that, it does all that David has explained, it will send the request
only through to the rightful owner of the address.
The secured arp thing worked well on the SMS platforms but got a bit strange
on the SE¹s in behavior.
It will do the job on any bridge based interface, with or without DHCP
enabled.
Now with DHCP, the lease that it serves back would update the ARP table, and
should clear it when the lease expires.
The point is that these are separated tables, although the lease got
expired, the ARP table is not.
What Marcin likes to achieve is that when the lease is expired, the
connection of that subscriber is dropped, and no communication is allowed
anymore, right?
The DHCP server should be able to do this but it sounds more like a job for
a clips controlled subscriber to me.
Kind regards,
Frans.
From: David Freedman <david.freedman at uk.clara.net>
Date: Sat, 2 Aug 2008 23:09:15 +0100
To: Marcin Kuczera <marcin at leon.pl>, <redback-nsp at puck.nether.net>
Subject: Re: [rbak-nsp] dhcp only on interface
Do you mean like, redback "secured arp" ?
"When secured ARP is enabled, ARP requests received on an interface are not
answered unless the request
comes from the circuit known to contain the requesting host. ARP requests
are sent by the interface only
on the circuit known to contain the target host, and are not flooded to all
circuits bound to an interface
"
I believe with this configured on an interface , no ARP requests are
answered unless the requesting host has made themselves known to the redback
(in your case , via DHCP)
------------------------------------------------
David Freedman
Group Network Engineering
Claranet Limited
http://www.clara.net
-----Original Message-----
From: redback-nsp-bounces at puck.nether.net on behalf of Marcin Kuczera
Sent: Sat 8/2/2008 21:33
To: redback-nsp at puck.nether.net
Subject: [rbak-nsp] dhcp only on interface
hello,
maybe some of you know the function of "replay only" on MikroTik.
This is something that allows for the communication only hosts who confirmed
their lease of address to DHCP server.
Others with the static IP configuration will not work.
Now, the question - is it possible to do it on RedBack ? (not CLIPS) ?
As far now I saw, that if I enable DHCP on interface and computers
fetch addresses from DHCP, the ARP entry looks like static.
However, dynamic ARP (static IP without DHCP) is still possible.
Is there any method to disable dynamic ARP on particular interface to
make it running what I mentioned about ?
If yes, any method to allow particular MAC/IP (static) to be mixed
with dynamic assignment ?
Regards,
Marcin
_______________________________________________
redback-nsp mailing list
redback-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/redback-nsp
_______________________________________________
redback-nsp mailing list
redback-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/redback-nsp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20080803/4255d1fd/attachment.html>
More information about the redback-nsp
mailing list