[rbak-nsp] dhcp only on interface
Marcin Kuczera
marcin at leon.pl
Mon Aug 4 04:41:34 EDT 2008
>I take it these are IPoE subs, if you want to prevent a user creating a
>static IP on their machine and it being used, the problem is bigger than
>just the redback, what >about all the other subs making an ARP request and
>seeing the ARP response between themselves?
that's ok, I don't mind direct communication between subscribers. This is
value added service, so that they can use i.e. DC++ with the speed up to
100Mbit/s
without additional load on router's interface.
>I've no idea how your network is designed but I take it that your IPoE edge
>devices filter MAC such that only your redback interface can be seen?
As mentioned, I don't do that.
>Secured ARP will go some of this way but CLIPS is an entire solution built
>on supporing IPoE subs.
but then, as I'am not wrong - the communictaion is like
subscriber-redback-subscriber, and no subscriber-subscriber any more ?
>With CLIPS, each IPoE sub is treated as a proper redback sub, when a DHCP
>lease expires the sub is cut off and both ARP and MAC communication are cut
> >off.
this sound's nice, but still have a question - can I assign /22 mask for
subscribers ?
>But as I said above, your IPoE edge devices need appropriate securing.
this will be the next step, every subscriber's port will be secured.
Regards,
Marcin
More information about the redback-nsp
mailing list