[rbak-nsp] CLIPS and DHCP

Christopher O'Shea casper.oshea at gmail.com
Wed Oct 12 23:06:31 EDT 2011


You can use Server groups, here an example


#sh config dhcp
Building configuration...

Current configuration:

!
 interface subscriber-01 multibind lastresort
  ip unnumbered lo3
  dhcp proxy 100 server-group DHCP1
!
context local
!
 dhcp relay option hostname
 dhcp relay server retries 10 timeout 3
 dhcp relay server 192.168.1.10
   server-group DHCP1
!
 dhcp relay server 192.168.1.15
   server-group DHCP1



Chris O'Shea



On Thu, Oct 13, 2011 at 10:05 AM, Alexandre Chapellon <a.chapellon at horoa.net
> wrote:

>
>
> Le 13/10/2011 01:02, Christopher O'Shea a écrit :
>
> Hi Alex,
>
> I seen this happen when you have manually bound the mulitbind interface to
> a port. As i think its related to how the multibind will only reply to ARP's
> (of the default gateway address) when bound to a circuit.
>
> Can you post the config.
>
>  Unfortunately not, as I told I do not adminiter the redback devices... I
> am just looking for some experiences like yours.
> I will forward your remarqs to the personns involved (which are not used ti
> use mailing lists I guess).
>
> Any idea concerning point 2?
>
> Bests regards
>
>
> Chris O'Shea
>
>
>
> On Wed, Oct 12, 2011 at 10:33 PM, Alexandre Chapellon <
> a.chapellon at horoa.net> wrote:
>
>>
>>
>> Le 12/10/2011 13:03, Arjan Van Der Oest a écrit :
>>
>>  On 12 okt. 2011, at 11:42, Alexandre Chapellon wrote:
>>>
>>>  Wich leads me to the conclusion the subscriber should not access the
>>>> network anymore. Unfortuantely, on the CPE side, I can still ping
>>>> internet adresses and browse the web.
>>>> How comes? Is it because of CLIPS itself being connection-less? Is there
>>>> something special to send in the CoA request? Is there any alternative
>>>> to shut network access for a specific subscriber using CLIPS?
>>>>
>>>
>>> Maybe a silly question, but did you prevent that subscriber from
>>> re-entering the network before CoA'ing him/her? When you send the CoA
>>> disconnect and have a ping running, do you see an interrupt in the replies?
>>>
>>>  Not that silly :)!
>> In fact no I didn't prevent the user from re-entering the network. But I
>> also didn't see any new authentication request following the CoA. The next
>> authentication happens when DHCP release expires (one hour for my tests).
>>
>>
>>  --
>>> Met vriendelijke groet,
>>>
>>> Arjan van der Oest
>>> Senior Network Engineer / Security Officer
>>>
>>> Voiceworks BV - Editiestraat 29 - 1321 NG Almere
>>>
>>>
>>>
>>>
>>   --
>> <http://www.horoa.net>
>>
>> Alexandre Chapellon
>>
>> Ingénierie des systèmes open sources et réseaux.
>> Follow me on twitter: @alxgomz <http://www.twitter.com/alxgomz>
>>
>> _______________________________________________
>> redback-nsp mailing list
>> redback-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/redback-nsp
>>
>
>
> --
>  <http://www.horoa.net>
>
> Alexandre Chapellon
>
> Ingénierie des systèmes open sources et réseaux.
> Follow me on twitter: @alxgomz <http://www.twitter.com/alxgomz>
>
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20111013/6965188a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: horoa_sig.png
Type: image/png
Size: 6693 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20111013/6965188a/attachment.png>


More information about the redback-nsp mailing list