[rbak-nsp] clips "clear subscriber" and nak

Marcin Kuczera marcin at leon.pl
Fri Mar 27 12:37:48 EDT 2009


Frans Legdeur wrote:
> Hi Marcin,
> 
> As you know, the DHCP protocol needs to take action with a renew request of
> the lease from the client before it can answer the NAK.

ok, this is reasonable... I one would be able to send such message in 
broadcasted network, that could detach all computers from IP...

> Since this is half way the lease time, you can also play with the fact that
> the lease time for subscribers that are part of the unauthorized pool should
> be set as small as possible.
> With Redback that comes down to 5 minutes if I'm correct.

it's 15 minutes..
clips]RedBack_SE100(config-dhcp-subnet)#default-lease-time ?
   900..3153600  Configure time value
[clips]RedBack_SE100(config-dhcp-subnet)#maximum-lease-time ?
   900..3153600  Configure time value

> Using an external DHCP server, this can be set even smaller, so that your
> client will react each 30 seconds (or less) to see if the lease is still
> valid. This is only interesting for subscribers that need to get away from
> this area, due to authentication reasons.

we can't... because we use radius for IP assignment... so that internal 
dhcp server must be used.

> As far as I know, this is how I would try to solve the puzzle.

low lease time would be perfect if... it would be changed in SEOS..
but it's extremally hard to ask for any feature :( (lack of personnel ???)

Regards,
Marcin


More information about the redback-nsp mailing list