[rbak-nsp] CLIPS and DHCP
Marcin Kuczera
marcin at leon.pl
Thu Oct 13 10:59:22 EDT 2011
Alexandre Chapellon wrote:
>
>
> Le 12/10/2011 13:03, Arjan Van Der Oest a écrit :
>> On 12 okt. 2011, at 11:42, Alexandre Chapellon wrote:
>>
>>> Wich leads me to the conclusion the subscriber should not access the
>>> network anymore. Unfortuantely, on the CPE side, I can still ping
>>> internet adresses and browse the web.
>>> How comes? Is it because of CLIPS itself being connection-less? Is there
>>> something special to send in the CoA request? Is there any alternative
>>> to shut network access for a specific subscriber using CLIPS?
>>
>> Maybe a silly question, but did you prevent that subscriber from
>> re-entering the network before CoA'ing him/her? When you send the CoA
>> disconnect and have a ping running, do you see an interrupt in the
>> replies?
>>
> Not that silly :)!
> In fact no I didn't prevent the user from re-entering the network. But I
> also didn't see any new authentication request following the CoA. The
> next authentication happens when DHCP release expires (one hour for my
> tests).
It looks, that on subscriber circuit you have:
service clips
bind interface (where ip interface for clips is running)
Can you drop us your dot1q pvc config and ip interface name ?
After disconnecting subscriber via CoA, what can you see when you do
show subscriber username 'MAC' ??
Regards,
Marcin
More information about the redback-nsp
mailing list