[rbak-nsp] Unknown MAC on different VLANS

Georgi Genov linuxloader at gmail.com
Wed Mar 20 03:12:24 EDT 2013


         Hi ,
     For every session you have mac+vlan + all you need for the specific 
subscriber ( needed info for CoA processing ).
     When you have the subscriber active if the mac is unknown you may 
set to him redirect radius profile , here is the example redirect and 
active.

  radius service profile redirect
   parameter value redirect-url
   parameter value portal-ip
   parameter value portal-port 80
   parameter list tcp-port
   accounting in fwd captive-portal-redirect
   seq 10 attribute Forward-Policy in captive-portal-redirect
   seq 20 attribute HTTP-Redirect-url $redirect-url
   seq 30 attribute Service-Timeout 2147483647
   seq 50 attribute Dynamic-Policy-Filter "ip in forward dstip 
$portal-ip tcp dstport = $portal-port class portal fwd"
   seq 60 foreach tcp-port
   seq 70 attribute Dynamic-Policy-Filter "ip in forward tcp dstport = 
$tcp-port class redirect fwd"
   seq 80 attribute Filter-Id in captive-redirect
   seq 90 attribute Service-Interim-Accounting 900

  radius service profile active
   accounting in fwd internet-allow
   seq 10 attribute Forward-Policy in internet-allow
   seq 30 attribute Service-Timeout 2147483647
   seq 80 attribute Filter-Id in internet-allow
   seq 90 attribute Service-Interim-Accounting 1800

After he is landed on the redirect page via CoA you can do change of the 
radius service profile for the specific subscriber , not to redirect .
    Whit that kind of scenario you can do turbo button and much moire 
stuff .


On 19.3.2013 г. 18:12 ч., Łukasz Kopiszka wrote:
> Hi,
>
> My first problem with redirection unknown MAC 
> https://puck.nether.net/pipermail/redback-nsp/2013-February/001375.html was 
> solved.
>
> -------------------
>
> My new problem is with many VLANS on which they can appear unknown MAC.
>
> Background:
> 1) each building with clients has own vlan
> 2) client can be:
> 2a) known  then get public IP from db
> 2b) unknown then they are redirected to webpage for identyfication
>
> E.g. there are 100 buildings = 100 vlans
> with SE100 there is no problem:
>
> port ethernet 2/2
>  auto-negotiate force enable
>  no shutdown
>  medium-type copper
>  encapsulation dot1q
>  dot1q pvc 1 encapsulation multi
>   service clips dhcp context CLIPS
>  dot1q pvc 2 encapsulation multi
>   service clips dhcp context CLIPS
>  ....
>  dot1q pvc 100 encapsulation multi
>   service clips dhcp context CLIPS
> !
>
> and all known clients gets public IP from db.
>
> -------------------
>
> But how to solve problem with unknown clients which has been 
> redirected to ONE specific IP e.g.:
>  http-redirect profile UNKNOWN
>   url "http://192.168.0.254/"
> !
>
> Linux part:
> vconfig add eth0 1
> ifconfig eth0.1 192.168.0.254 netmask 255.255.255.0
>
> Everything works if there is ONE VLAN assigned to web server but I 
> need 100 vlans.
>
> But when I add next vlan connection to 192.168.0.254 failed
> vconfig add eth0 2
> ifconfig eth0.2 192.168.0.254 netmask 255.255.255.0
>
> -------------------
>
> My idea was to use REGEX and UNLANG to identify vlan from unknown 
> client then set redirection depending of VID to different subnets e.g.
>
> CLIPS:
>
>  http-redirect profile UNKNOWN-v1
>   url "http://192.168.0.254/"
> !
>  http-redirect profile UNKNOWN-v2
>   url "http://192.168.1.254/"
> !
>
> Linux part:
> vconfig add eth0 1
> ifconfig eth0.1 192.168.0.254 netmask 255.255.255.0
> vconfig add eth0 2
> ifconfig eth0.2 192.168.1.254 netmask 255.255.255.0
>
>
> Disadvantage:
> I have to add 100 x http-redirect, dhcp subnets, interface, etc. in 
> CLIPS configuration.
>
> Maybe I'm doing it wrong and there is another simpler way?
>



More information about the redback-nsp mailing list