<HTML>
<HEAD>
<TITLE>Re: [rbak-nsp] dhcp only on interface</TITLE>
</HEAD>
<BODY>
<FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>I believe this could be a bit more complicated, since the secured arp command at the subscriber interface would make sure that the Redback answers with its OWN mac address as being in the middle for any destination that the subscriber tries to reach, after that the Redback has checked if this destination is still available.<BR>
Next to that, it does all that David has explained, it will send the request only through to the rightful owner of the address.<BR>
<BR>
The secured arp thing worked well on the SMS platforms but got a bit strange on the SE’s in behavior.<BR>
It will do the job on any bridge based interface, with or without DHCP enabled.<BR>
<BR>
Now with DHCP, the lease that it serves back would update the ARP table, and should clear it when the lease expires.<BR>
The point is that these are separated tables, although the lease got expired, the ARP table is not.<BR>
<BR>
What Marcin likes to achieve is that when the lease is expired, the connection of that subscriber is dropped, and no communication is allowed anymore, right?<BR>
The DHCP server should be able to do this but it sounds more like a job for a clips controlled subscriber to me.<BR>
<BR>
Kind regards,<BR>
<BR>
Frans.<BR>
<BR>
<BR>
<HR ALIGN=CENTER SIZE="3" WIDTH="95%"><B>From: </B>David Freedman <<a href="david.freedman@uk.clara.net">david.freedman@uk.clara.net</a>><BR>
<B>Date: </B>Sat, 2 Aug 2008 23:09:15 +0100<BR>
<B>To: </B>Marcin Kuczera <<a href="marcin@leon.pl">marcin@leon.pl</a>>, <<a href="redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</a>><BR>
<B>Subject: </B>Re: [rbak-nsp] dhcp only on interface<BR>
<BR>
Do you mean like, redback "secured arp" ?<BR>
<BR>
"When secured ARP is enabled, ARP requests received on an interface are not answered unless the request<BR>
comes from the circuit known to contain the requesting host. ARP requests are sent by the interface only<BR>
on the circuit known to contain the target host, and are not flooded to all circuits bound to an interface<BR>
"<BR>
<BR>
I believe with this configured on an interface , no ARP requests are answered unless the requesting host has made themselves known to the redback (in your case , via DHCP)<BR>
<BR>
<BR>
<BR>
------------------------------------------------<BR>
David Freedman<BR>
Group Network Engineering<BR>
Claranet Limited<BR>
<a href="http://www.clara.net">http://www.clara.net</a><BR>
<BR>
<BR>
<BR>
-----Original Message-----<BR>
From: <a href="redback-nsp-bounces@puck.nether.net">redback-nsp-bounces@puck.nether.net</a> on behalf of Marcin Kuczera<BR>
Sent: Sat 8/2/2008 21:33<BR>
To: <a href="redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</a><BR>
Subject: [rbak-nsp] dhcp only on interface<BR>
<BR>
hello,<BR>
maybe some of you know the function of "replay only" on MikroTik.<BR>
This is something that allows for the communication only hosts who confirmed<BR>
their lease of address to DHCP server.<BR>
Others with the static IP configuration will not work.<BR>
<BR>
Now, the question - is it possible to do it on RedBack ? (not CLIPS) ?<BR>
As far now I saw, that if I enable DHCP on interface and computers<BR>
fetch addresses from DHCP, the ARP entry looks like static.<BR>
However, dynamic ARP (static IP without DHCP) is still possible.<BR>
<BR>
Is there any method to disable dynamic ARP on particular interface to<BR>
make it running what I mentioned about ?<BR>
<BR>
If yes, any method to allow particular MAC/IP (static) to be mixed<BR>
with dynamic assignment ?<BR>
<BR>
Regards,<BR>
Marcin<BR>
<BR>
_______________________________________________<BR>
redback-nsp mailing list<BR>
<a href="redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</a><BR>
<a href="https://puck.nether.net/mailman/listinfo/redback-nsp">https://puck.nether.net/mailman/listinfo/redback-nsp</a><BR>
<BR>
<BR>
<HR ALIGN=CENTER SIZE="3" WIDTH="95%"></SPAN></FONT><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:12pt'>_______________________________________________<BR>
redback-nsp mailing list<BR>
<a href="redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</a><BR>
<a href="https://puck.nether.net/mailman/listinfo/redback-nsp">https://puck.nether.net/mailman/listinfo/redback-nsp</a><BR>
</SPAN></FONT>
</BODY>
</HTML>