[rbak-nsp] Unknown MAC on different VLANS

Łukasz Kopiszka lukasz at alfa-system.pl
Tue Mar 19 11:39:17 EDT 2013


  Hi,

My first problem with redirection unknown MAC 
https://puck.nether.net/pipermail/redback-nsp/2013-February/001375.html 
was solved.

-------------------

My new problem is with many VLANS on which they can appear unknown MAC.

Background:
1) each building with clients has own vlan
2) client can be:
2a) known  then get public IP from db
2b) unknown then they are redirected to webpage for identyfication

E.g. there are 100 buildings = 100 vlans
with SE100 there is no problem:

port ethernet 2/2
  auto-negotiate force enable
  no shutdown
  medium-type copper
  encapsulation dot1q
  dot1q pvc 1 encapsulation multi
   service clips dhcp context CLIPS
  dot1q pvc 2 encapsulation multi
   service clips dhcp context CLIPS
  ....
  dot1q pvc 100 encapsulation multi
   service clips dhcp context CLIPS
!

and all known clients gets public IP from db.

-------------------

But how to solve problem with unknown clients which has been redirected 
to ONE specific IP e.g.:
  http-redirect profile UNKNOWN
   url "http://192.168.0.254/"
!

Linux part:
vconfig add eth0 1
ifconfig eth0.1 192.168.0.254 netmask 255.255.255.0

Everything works if there is ONE VLAN assigned to web server but I need 
100 vlans.

But when I add next vlan connection to 192.168.0.254 failed
vconfig add eth0 2
ifconfig eth0.2 192.168.0.254 netmask 255.255.255.0

-------------------

My idea was to use REGEX and UNLANG to identify vlan from unknown client 
then set redirection depending of VID to different subnets e.g.

CLIPS:

  http-redirect profile UNKNOWN-v1
   url "http://192.168.0.254/"
!
  http-redirect profile UNKNOWN-v2
   url "http://192.168.1.254/"
!

Linux part:
vconfig add eth0 1
ifconfig eth0.1 192.168.0.254 netmask 255.255.255.0
vconfig add eth0 2
ifconfig eth0.2 192.168.1.254 netmask 255.255.255.0


Disadvantage:
I have to add 100 x http-redirect, dhcp subnets, interface, etc. in 
CLIPS configuration.

Maybe I'm doing it wrong and there is another simpler way?


-- 
Pozdrawiam,
Łukasz Kopiszka
www.alfa-system.pl



More information about the redback-nsp mailing list