[AusNOG] DHCP server suitable for NBN

Joseph Goldman joe at apcs.com.au
Wed Aug 24 10:55:36 EST 2016 

My personal suggestion would be b), use your current termination router 
and server, send info as you need to off to the proxy, the proxy talks 
to the billing system after translating the options you need and replies 
back to the mikrotik with the values its expecting. So essentially its 
still authing /terminating with MAC but a server in the middle 
translates over to Circuit ID for the billing system.

On 24/08/16 10:51, Philip Loenneker wrote:
>
> Your comment makes me wonder if I misunderstood – is the suggestion to:
>
> a)Have a new FreeRADIUS server as a DHCP server pointing to the 
> existing FreeRADIUS server for AAA, or
>
> b)Use the Mikrotik DHCP server as we used to, but point it to a 
> middleman FreeRADIUS server which proxies and rewrites the request to 
> the existing FreeRADIUS instance so that the Circuit-ID is the username
>
> That second option sounds nice from the point of view that it would be 
> doing a single task and not need any additional maintenance… and our 
> techs are already familiar with Mikrotik management including DHCP leases…
>
> *From:*AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of 
> *Joseph Goldman
> *Sent:* Wednesday, 24 August 2016 10:43 AM
> *To:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] DHCP server suitable for NBN
>
> This was my thought, i've seen instances where a RADIUS 'proxy' is 
> handy to do these kind of re-writes and other things. Should be very 
> easy and simple (but a shout-out to Radiator, non-free though but very 
> flexible and scriptable)
>
> On 24/08/16 10:39, Damien Gardner Jnr wrote:
>
>     What about putting your own FreeRadius server in front of the
>     vendor one, and pop together some quick functions to re-map the
>     circuit ID into the username before passing the query on to the
>     vendor FreeRadius? :)
>
>     On 24 August 2016 at 10:35, Philip Loenneker
>     <Philip.Loenneker at tasmanet.com.au
>     <mailto:Philip.Loenneker at tasmanet.com.au>> wrote:
>
>         Hi Craig,
>
>         I have looked at that option, but because FreeRADIUS is
>         integrated with our customer management product, the vendor
>         would have to implement that change. I asked them about it,
>         and they said it is not a priority because they see it as an
>         edge case, not a common feature their customers are after.
>
>         Regards,
>
>         *Philip Loenneker | Network Engineer**| TasmaNet*
>
>         40-50 Innovation Drive, Dowsing Point, Tas 7010, Australia
>
>         P: 03 6165 2542 | M: 0404 097 816
>
>         philip.loenneker at tasmanet.com.au
>         <mailto:philip.loenneker at tasmanet.com.au>
>
>         _www.tasmanet.com.au <http://www.tasmanet.com.au/>_
>
>         *From:*AusNOG [mailto:ausnog-bounces at lists.ausnog.net
>         <mailto:ausnog-bounces at lists.ausnog.net>] *On Behalf Of *Craig
>         Askings
>         *Sent:* Wednesday, 24 August 2016 10:31 AM
>         *To:* ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
>         *Subject:* Re: [AusNOG] DHCP server suitable for NBN
>
>         I've not tried it in that particular configuration, but
>         Freeradius can act directly as a DHCP server.
>
>             On 24 Aug 2016, at 9:53 AM, Philip Loenneker
>             <Philip.Loenneker at tasmanet.com.au
>             <mailto:Philip.Loenneker at tasmanet.com.au>> wrote:
>
>             Hi all,
>
>             We have used a couple of different DHCP servers for NBN
>             IPoE sessions over the last few years, all talking to a
>             RADIUS back end to look up the static IP address
>             information based on circuit-ID (AVC). Initially we used a
>             Mikrotik router, but with a change in RADIUS server we
>             need the DHCP server to use the circuit-ID as the AAA
>             username, and the Mikrotik only uses the MAC address. I
>             found that the DHCP server in our Cisco ASR could send the
>             circuit-ID as the AAA username, but it has a “feature”
>             where AAA-based DHCP sessions have a maximum life (defined
>             by Cisco AVPair session-duration, which has to exist and
>             can’t be zero) after which the DHCP lease is forced to be
>             released and has to be renewed from scratch. This causes a
>             brief outage to the service while they have no IP address,
>             and causes some of our clients to failover to an alternate
>             connection. After a chat with Cisco, I was told that it
>             was by design and would not be changed or allowed to be
>             overridden.
>
>             Our RADIUS server is FreeRADIUS, but it’s integrated with
>             a customer management system, and it doesn’t allow us to
>             use DEFAULT as the username and pick up the circuit-ID as
>             an additional check.
>
>             Does anyone have any suggestions of a DHCP server that
>             leverages RADIUS and can use circuit-ID as the AAA
>             username, but is otherwise standard and allows unlimited
>             renewals?
>
>             Regards,
>
>             *Philip Loenneker | Network Engineer** | TasmaNet*
>
>             40-50 Innovation Drive, Dowsing Point, Tas 7010, Australia
>
>             P: 03 6165 2542 | M: 0404 097 816
>
>             philip.loenneker at tasmanet.com.au
>             <mailto:philip.loenneker at tasmanet.com.au>
>
>             _www.tasmanet.com.au <http://www.tasmanet.com.au/>_
>
>             _______________________________________________
>             AusNOG mailing list
>             AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>             http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>         _______________________________________________
>         AusNOG mailing list
>         AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>         http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
>     -- 
>
>     Damien Gardner Jnr
>     VK2TDG. Dip EE. GradIEAust
>     rendrag at rendrag.net <mailto:rendrag at rendrag.net> -
>     http://www.rendrag.net/_
>     _--
>     We rode on the winds of the rising storm,
>      We ran to the sounds of thunder.
>     We danced among the lightning bolts,
>      and tore the world asunder
>
>
>
>
>     _______________________________________________
>
>     AusNOG mailing list
>
>     AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>
>     http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160824/b7a8aecc/attachment.html>

More information about the AusNOG mailing list