[rbak-nsp] context limitation on dot1q pvc with clips
Marcin Kuczera
marcin at leon.pl
Fri Jul 31 09:26:05 EDT 2009
hello,
is it possible to create some service filter, that will disallow
particular dynamic circuit from particular dot1q pvc to be binded with
context out of the list ?
let's say:
dot1q pvc 11 encapsulation multi
bind interface vlan11 clips
service clips dhcp context clips
in this case interface vlan11 in context clips is used for
authentication, but if radius reports - bind to interface "x" in context
"y" with IP address "z" - this will happen (tested).
I have an authorization based only on MAC address, so in this case if
someone steals other MAC from other dot1q pvc, then will be able to
attach to other context.
I know that this should be possible via radius, to take under
consideration circuit-ID of originator, and allow only particular
contexts from particular listo of circuits, but - can I do it on SEOS
level ???
Regards,
Marcin
More information about the redback-nsp
mailing list