[rbak-nsp] CLIPS and DHCP

Alexandre Chapellon a.chapellon at horoa.net
Wed Oct 12 07:33:53 EDT 2011



Le 12/10/2011 13:03, Arjan Van Der Oest a écrit :
> On 12 okt. 2011, at 11:42, Alexandre Chapellon wrote:
>
>> Wich leads me to the conclusion the subscriber should not access the
>> network anymore. Unfortuantely, on the CPE side, I can still ping
>> internet adresses and browse the web.
>> How comes? Is it because of CLIPS itself being connection-less? Is there
>> something special to send in the CoA request? Is there any alternative
>> to shut network access for a specific subscriber using CLIPS?
>
> Maybe a silly question, but did you prevent that subscriber from 
> re-entering the network before CoA'ing him/her? When you send the CoA 
> disconnect and have a ping running, do you see an interrupt in the 
> replies?
>
Not that silly :)!
In fact no I didn't prevent the user from re-entering the network. But I 
also didn't see any new authentication request following the CoA. The 
next authentication happens when DHCP release expires (one hour for my 
tests).

> -- 
> Met vriendelijke groet,
>
> Arjan van der Oest
> Senior Network Engineer / Security Officer
>
> Voiceworks BV - Editiestraat 29 - 1321 NG Almere
>
>
>

-- 
<http://www.horoa.net>

Alexandre Chapellon

Ingénierie des systèmes open sources et réseaux.
Follow me on twitter: @alxgomz <http://www.twitter.com/alxgomz>



More information about the redback-nsp mailing list