[rbak-nsp] CLIPS and DHCP option82
Илья Савин
savin at orn.ru
Thu Jul 16 02:38:15 EDT 2009
Hi.
I am using CLIPS with RADIUS authorization on SE100. Users authorized by
their MAC, switch MAC and switch port (from DHCP option82).
E.g. if SE100 received request from known MAC but from other switch/port -
user will be rejected.
So if one user sets in his network driver MAC of his neighbor - user will be
rejected.
But there is one bug: if SE100 received DHCP request from mismatched
switch/port when CLISP session for this MAC already active - SE100 does not
send authorization request to RADIUS and user will obtain IP settings from
active session.
So if user "A" turns off his PC (CLIPS session still active), than user "B"
sets in his network driver MAC of user "A" - user "B" "joins" CLISP session
of user "A" and will get traffic, prepaid by user "A".
Can anybody help me solve this problem?
WBR,
Ilya Savin.
More information about the redback-nsp
mailing list