[rbak-nsp] CLIPS and DHCP
Alexandre Chapellon
a.chapellon at horoa.net
Wed Oct 12 07:33:53 EDT 2011
Le 12/10/2011 13:03, Arjan Van Der Oest a écrit :
> On 12 okt. 2011, at 11:42, Alexandre Chapellon wrote:
>
>> Wich leads me to the conclusion the subscriber should not access the
>> network anymore. Unfortuantely, on the CPE side, I can still ping
>> internet adresses and browse the web.
>> How comes? Is it because of CLIPS itself being connection-less? Is there
>> something special to send in the CoA request? Is there any alternative
>> to shut network access for a specific subscriber using CLIPS?
>
> Maybe a silly question, but did you prevent that subscriber from
> re-entering the network before CoA'ing him/her? When you send the CoA
> disconnect and have a ping running, do you see an interrupt in the
> replies?
>
Not that silly :)!
In fact no I didn't prevent the user from re-entering the network. But I
also didn't see any new authentication request following the CoA. The
next authentication happens when DHCP release expires (one hour for my
tests).
> --
> Met vriendelijke groet,
>
> Arjan van der Oest
> Senior Network Engineer / Security Officer
>
> Voiceworks BV - Editiestraat 29 - 1321 NG Almere
>
>
>
--
<http://www.horoa.net>
Alexandre Chapellon
Ingénierie des systèmes open sources et réseaux.
Follow me on twitter: @alxgomz <http://www.twitter.com/alxgomz>
More information about the redback-nsp
mailing list