[rbak-nsp] Static CLIPS with MAC authentication.

Илья Савин savin at orn.ru
Fri Apr 16 07:42:28 EDT 2010 

Hi, Denis!

Thanks for the answer.

> Actually there is no static clips in your config J.
>
> It is just binding of pvc using subscriber record....

It's like configuration example from User Manual:

Static CLIPS Circuit for a Single PVC
The following example shows how to configure a CLIPS static circuit on
a single PVC:
[local]Redback(config)#service multiple-contexts
[local]Redback(config)#context c1
[local]Redback(config-ctx)#interface i1 multibind
[local]Redback(config-if)#ip address 10.1.1.254/24
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#subscriber name s1
[local]Redback(config-sub)#ip address 10.1.1.1
[local]Redback(config-ctx)#exit
[local]Redback(config)#card ether-12-port 9
[local]Redback(config-card)#exit
[local]Redback(config)#port ethernet 9/1
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#service clips
[local]Redback(config-port)#clips pvc 1
[local]Redback(config-clips-pvc)#bind subscriber s1 at c1

> If you'd like to demultiplex incoming traffic based on MACs you then have only one option is dynamic clips (means DHCP).

I already have dynamic clips (dhcp) on other context. But I don't want
to use DHCP for some clients.

Is there any other way to make IP-MAC bindng?

WBR,
Ilya Savin.


16 apr 2010 г. 15:24 Denis Mikhaylovskiy
<denis.mikhaylovskiy at ericsson.com> wrote:
>
> Hey Ilya,
>
>
>
> Actually there is no static clips in your config J.
>
> It is just binding of pvc using subscriber record. But any way static clips as well as pvc binding doesn't demultiplex incoming traffic on per MAC, it does only on per source IP.
>
> If you'd like to demultiplex incoming traffic based on MACs you then have only one option is dynamic clips (means DHCP).
>
>
>
> P.S. You can run DHCP server on SmartEdge for instance.
>
>
>
>
>
> Hope it helps.
>
> /denis
>
> ________________________________
>
> From: redback-nsp-bounces at puck.nether.net [mailto:redback-nsp-bounces at puck.nether.net] On Behalf Of Илья Савин
> Sent: Friday, April 16, 2010 2:54 PM
> To: redback-nsp at puck.nether.net
> Subject: [rbak-nsp] Static CLIPS with MAC authentication.
>
>
>
> Hi.
>
> I am using static clips. Here is config:
>
> [static]Redback#sh conf
> Building configuration...
>
> Current configuration:
> !
> context static
> !
>  no ip domain-lookup
> !
>  interface lena multibind
>   ip address 80.76.187.1/24
> !
> subscriber name 00:0c:29:84:db:13
>    ip address 80.76.187.2
>    qos policy policing 1m_p
>    qos policy metering 1m_m
> !
>  ip route 0.0.0.0/0 context bgp
> !
> ...........
> port ethernet 2/3
>  no shutdown
>  encapsulation dot1q
>  dot1q pvc 8
>   bind subscriber 00:0c:29:84:db:13 at static
>   service clips
> !
> end
>
> So, host 80.76.187.2 gets access to the Internet with specified qos parameters. But MAC address, specified as subscriber's username, does not affect on anything. Host authenticated by IP address, not by MAC address.
>
> Can I authenticate subscribers by MAC address? Or at least bind MAC address to subscriber (for example, by MAC-ACL).
>
> WBR,
> Ilya Savin

More information about the redback-nsp mailing list