FreeRADIUS DHCP service vs IP users control
Alan DeKok
aland at deployingradius.com
Tue Apr 15 03:16:15 CEST 2014
Rui Ribeiro wrote:
> We have noticed that at least in one of our equipments the users can
> gain access with a fixed-ip-address instead of one gotten via our
> DHCP-server.
That's how DHCP works. If the user doesn't do DHCP, he can use a
static IP of his choosing.
> Whilst my ISP experience suggest the enforcement of DHCP-only clients
> belongs to the hardware side, since FreeRadius also implements the DHCP
> service, I am curious wether someone managed to enforce this via
> FreeRadius configurations.
You can't enforce anything with DHCP. Like RADIUS, it just advises
the NAS. If the NAS (or the user) ignores DHCP or RADIUS, there's very
little you can do on the server.
What you *can* do is use RADIUS accounting packets to double-check
users IP addresses. If the address in the accounting packet was *not*
assigned by DHCP, then you can do something. Complain, issue email, etc.
And which open source DHCP server lets you write IPs into an SQL
database? Not ISC. FreeRADIUS. :)
That's why we added DHCP.
Alan DeKok.
More information about the Freeradius-Users
mailing list