<div dir="ltr">b) was what I had in mind - keep it simple, with one task per machine :)</div><div class="gmail_extra"><br><div class="gmail_quote">On 24 August 2016 at 10:51, Philip Loenneker <span dir="ltr"><<a href="mailto:Philip.Loenneker@tasmanet.com.au" target="_blank">Philip.Loenneker@tasmanet.com.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="white" lang="EN-AU" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Your comment makes me wonder if I misunderstood – is the suggestion to:<u></u><u></u></span></p>
<p><u></u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><span>a)<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Have a new FreeRADIUS server as a DHCP server pointing to the existing FreeRADIUS server for AAA, or<u></u><u></u></span></p>
<p><u></u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><span>b)<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Use the Mikrotik DHCP server as we used to, but point it to a middleman FreeRADIUS server which proxies and rewrites the
request to the existing FreeRADIUS instance so that the Circuit-ID is the username<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">That second option sounds nice from the point of view that it would be doing a single task and not need any additional maintenance…
and our techs are already familiar with Mikrotik management including DHCP leases…<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"> AusNOG [mailto:<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">ausnog-bounces@lists.<wbr>ausnog.net</a>]
<b>On Behalf Of </b>Joseph Goldman<br>
<b>Sent:</b> Wednesday, 24 August 2016 10:43 AM</span></p><div><div class="h5"><br>
<b>To:</b> <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br>
<b>Subject:</b> Re: [AusNOG] DHCP server suitable for NBN<u></u><u></u></div></div><p></p>
</div>
</div><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">This was my thought, i've seen instances where a RADIUS 'proxy' is handy to do these kind of re-writes and other things. Should be very easy and simple (but a shout-out to Radiator, non-free though but very
flexible and scriptable)<u></u><u></u></p>
<div>
<p class="MsoNormal">On 24/08/16 10:39, Damien Gardner Jnr wrote:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">What about putting your own FreeRadius server in front of the vendor one, and pop together some quick functions to re-map the circuit ID into the username before passing the query on to the vendor FreeRadius? :)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On 24 August 2016 at 10:35, Philip Loenneker <<a href="mailto:Philip.Loenneker@tasmanet.com.au" target="_blank">Philip.Loenneker@tasmanet.<wbr>com.au</a>> wrote:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Hi Craig,</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I have looked at that option, but because FreeRADIUS is integrated with our customer management product,
the vendor would have to implement that change. I asked them about it, and they said it is not a priority because they see it as an edge case, not a common feature their customers are after.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span><u></u><u></u></p>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Regards,</span><u></u><u></u></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Philip Loenneker | Network Engineer</span></b><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#ed7d31">
| TasmaNet</span></b><u></u><u></u></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:gray">40-50 Innovation Drive, Dowsing Point, Tas 7010, Australia</span><u></u><u></u></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:gray">P: 03 6165 2542 | M: 0404 097 816</span><u></u><u></u></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><a href="mailto:philip.loenneker@tasmanet.com.au" target="_blank"><span style="color:#0563c1">philip.loenneker@tasmanet.com.<wbr>au</span></a></span><u></u><u></u></p>
<p class="MsoNormal"><u><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#ed7d31"><a href="http://www.tasmanet.com.au/" target="_blank"><span style="color:#0563c1">www.tasmanet.com.au</span></a></span></u><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span><u></u><u></u></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> AusNOG
[mailto:<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">ausnog-bounces@lists.<wbr>ausnog.net</a>]
<b>On Behalf Of </b>Craig Askings<br>
<b>Sent:</b> Wednesday, 24 August 2016 10:31 AM<br>
<b>To:</b> <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br>
<b>Subject:</b> Re: [AusNOG] DHCP server suitable for NBN</span><u></u><u></u></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">I've not tried it in that particular configuration, but Freeradius can act directly as a DHCP server.<u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On 24 Aug 2016, at 9:53 AM, Philip Loenneker <<a href="mailto:Philip.Loenneker@tasmanet.com.au" target="_blank">Philip.Loenneker@tasmanet.<wbr>com.au</a>> wrote:<u></u><u></u></p>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Hi all,</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">We have used a couple of different DHCP servers for NBN IPoE sessions over the last few years, all talking to a RADIUS
back end to look up the static IP address information based on circuit-ID (AVC). Initially we used a Mikrotik router, but with a change in RADIUS server we need the DHCP server to use the circuit-ID as the AAA username, and the Mikrotik only uses the MAC address.
I found that the DHCP server in our Cisco ASR could send the circuit-ID as the AAA username, but it has a “feature” where AAA-based DHCP sessions have a maximum life (defined by Cisco AVPair session-duration, which has to exist and can’t be zero) after which
the DHCP lease is forced to be released and has to be renewed from scratch. This causes a brief outage to the service while they have no IP address, and causes some of our clients to failover to an alternate connection. After a chat with Cisco, I was told
that it was by design and would not be changed or allowed to be overridden.</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Our RADIUS server is FreeRADIUS, but it’s integrated with a customer management system, and it doesn’t allow us to
use DEFAULT as the username and pick up the circuit-ID as an additional check.</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Does anyone have any suggestions of a DHCP server that leverages RADIUS and can use circuit-ID as the AAA username,
but is otherwise standard and allows unlimited renewals?</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Regards,</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Philip Loenneker | Network Engineer</span></b><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#ed7d31"> |
TasmaNet</span></b><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:gray">40-50 Innovation Drive, Dowsing Point, Tas 7010, Australia</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:gray">P: 03 6165 2542 | M: 0404 097 816</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Calibri",sans-serif"><a href="mailto:philip.loenneker@tasmanet.com.au" target="_blank"><span style="color:#0563c1">philip.loenneker@tasmanet.com.<wbr>au</span></a></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#ed7d31"><a href="http://www.tasmanet.com.au/" target="_blank"><span style="color:#0563c1">www.tasmanet.com.au</span></a></span></u><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">______________________________<wbr>_________________<br>
AusNOG mailing list<br>
</span><a href="mailto:AusNOG@lists.ausnog.net" target="_blank"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#954f72">AusNOG@lists.ausnog.net</span></a><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><br>
</span><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#954f72">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</span></a><u></u><u></u></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal">-- <u></u><u></u></p>
<div>
<div>
<p>Damien Gardner Jnr<br>
VK2TDG. Dip EE. GradIEAust<br>
<a href="mailto:rendrag@rendrag.net" target="_blank">rendrag@rendrag.net</a> - <a href="http://www.rendrag.net/" target="_blank">http://www.rendrag.net/</a><u><br>
</u>--<br>
We rode on the winds of the rising storm,<br>
We ran to the sounds of thunder.<br>
We danced among the lightning bolts,<br>
and tore the world asunder<u></u><u></u></p>
</div>
</div>
</div>
<p class="MsoNormal"><br>
<br>
<br>
<u></u><u></u></p>
<pre>______________________________<wbr>_________________<u></u><u></u></pre>
<pre>AusNOG mailing list<u></u><u></u></pre>
<pre><a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><u></u><u></u></pre>
<pre><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><u></u><u></u></pre>
</blockquote>
<p class="MsoNormal"><u></u> <u></u></p>
</div></div></div>
</div>
<br>______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">
<p>Damien Gardner Jnr<br>VK2TDG. Dip EE. GradIEAust<br><a href="mailto:rendrag@rendrag.net" target="_blank">rendrag@rendrag.net</a> - <span><a href="http://www.rendrag.net/" target="_blank">http://www.rendrag.net/</a><u><br></u></span>--<br>We rode on the winds of the rising storm,<br> We ran to the sounds of thunder.<br>We danced among the lightning bolts,<br> and tore the world asunder</p></div></div>
</div>