[AusNOG] DHCP server suitable for NBN

Damien Gardner Jnr rendrag at rendrag.net
Wed Aug 24 10:53:35 EST 2016


b) was what I had in mind - keep it simple, with one task per machine :)

On 24 August 2016 at 10:51, Philip Loenneker <
Philip.Loenneker at tasmanet.com.au> wrote:

> Your comment makes me wonder if I misunderstood – is the suggestion to:
>
> a)      Have a new FreeRADIUS server as a DHCP server pointing to the
> existing FreeRADIUS server for AAA, or
>
> b)      Use the Mikrotik DHCP server as we used to, but point it to a
> middleman FreeRADIUS server which proxies and rewrites the request to the
> existing FreeRADIUS instance so that the Circuit-ID is the username
>
>
>
> That second option sounds nice from the point of view that it would be
> doing a single task and not need any additional maintenance… and our techs
> are already familiar with Mikrotik management including DHCP leases…
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Joseph
> Goldman
> *Sent:* Wednesday, 24 August 2016 10:43 AM
>
> *To:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] DHCP server suitable for NBN
>
>
>
> This was my thought, i've seen instances where a RADIUS 'proxy' is handy
> to do these kind of re-writes and other things. Should be very easy and
> simple (but a shout-out to Radiator, non-free though but very flexible and
> scriptable)
>
> On 24/08/16 10:39, Damien Gardner Jnr wrote:
>
> What about putting your own FreeRadius server in front of the vendor one,
> and pop together some quick functions to re-map the circuit ID into the
> username before passing the query on to the vendor FreeRadius? :)
>
>
>
> On 24 August 2016 at 10:35, Philip Loenneker <Philip.Loenneker at tasmanet.
> com.au> wrote:
>
> Hi Craig,
>
>
>
> I have looked at that option, but because FreeRADIUS is integrated with
> our customer management product, the vendor would have to implement that
> change. I asked them about it, and they said it is not a priority because
> they see it as an edge case, not a common feature their customers are after.
>
>
>
> Regards,
>
> *Philip Loenneker | Network Engineer** | TasmaNet*
>
> 40-50 Innovation Drive, Dowsing Point, Tas 7010, Australia
>
> P: 03 6165 2542 | M: 0404 097 816
>
> philip.loenneker at tasmanet.com.au
>
> *www.tasmanet.com.au <http://www.tasmanet.com.au/>*
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Craig
> Askings
> *Sent:* Wednesday, 24 August 2016 10:31 AM
> *To:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] DHCP server suitable for NBN
>
>
>
> I've not tried it in that particular configuration, but Freeradius can act
> directly as a DHCP server.
>
>
>
>
>
> On 24 Aug 2016, at 9:53 AM, Philip Loenneker <Philip.Loenneker at tasmanet.
> com.au> wrote:
>
>
>
> Hi all,
>
>
>
> We have used a couple of different DHCP servers for NBN IPoE sessions over
> the last few years, all talking to a RADIUS back end to look up the static
> IP address information based on circuit-ID (AVC). Initially we used a
> Mikrotik router, but with a change in RADIUS server we need the DHCP server
> to use the circuit-ID as the AAA username, and the Mikrotik only uses the
> MAC address. I found that the DHCP server in our Cisco ASR could send the
> circuit-ID as the AAA username, but it has a “feature” where AAA-based DHCP
> sessions have a maximum life (defined by Cisco AVPair session-duration,
> which has to exist and can’t be zero) after which the DHCP lease is forced
> to be released and has to be renewed from scratch. This causes a brief
> outage to the service while they have no IP address, and causes some of our
> clients to failover to an alternate connection. After a chat with Cisco, I
> was told that it was by design and would not be changed or allowed to be
> overridden.
>
>
>
> Our RADIUS server is FreeRADIUS, but it’s integrated with a customer
> management system, and it doesn’t allow us to use DEFAULT as the username
> and pick up the circuit-ID as an additional check.
>
>
>
> Does anyone have any suggestions of a DHCP server that leverages RADIUS
> and can use circuit-ID as the AAA username, but is otherwise standard and
> allows unlimited renewals?
>
>
>
> Regards,
>
> *Philip Loenneker | Network Engineer** | TasmaNet*
>
> 40-50 Innovation Drive, Dowsing Point, Tas 7010, Australia
>
> P: 03 6165 2542 | M: 0404 097 816
>
> philip.loenneker at tasmanet.com.au
>
> *www.tasmanet.com.au <http://www.tasmanet.com.au/>*
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
>
>
> --
>
> Damien Gardner Jnr
> VK2TDG. Dip EE. GradIEAust
> rendrag at rendrag.net -  http://www.rendrag.net/
> --
> We rode on the winds of the rising storm,
>  We ran to the sounds of thunder.
> We danced among the lightning bolts,
>  and tore the world asunder
>
>
>
>
> _______________________________________________
>
> AusNOG mailing list
>
> AusNOG at lists.ausnog.net
>
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>


-- 

Damien Gardner Jnr
VK2TDG. Dip EE. GradIEAust
rendrag at rendrag.net -  http://www.rendrag.net/
--
We rode on the winds of the rising storm,
 We ran to the sounds of thunder.
We danced among the lightning bolts,
 and tore the world asunder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160824/fe1501c4/attachment.html>


More information about the AusNOG mailing list