Ignore IP address range.

Jorge Pereira jpereira at freeradius.org
Wed Aug 11 02:17:15 CEST 2021


Well, the APIPA address is configured automatically by the client (e.g: OSX, Windows, Linux/NetworkManager)…. Not determined by the DHCP-Server.
Therefore if it is being forwarded and you can see that IP range during the post-auth{}, you could use the 

…
post-auth {
   …
   If (&Framed-IP-Address =~ /^169\.254\./) {
      update reply {
          &Framed-IP-Address !* ANY
      }
   }
   ...
}
….

--
Jorge Pereira
jpereira at freeradius.org




> On 10 Aug 2021, at 16:30, Pizu <pizpower at gmail.com> wrote:
> 
> Hi,
> 
> Apipa is an IP address range of the DHCP 169.254.0.0/16 when a DHCP fails
> to send an IP address to the client.
> 
> If a PC/laptop that is connected to a Cisco switch doesn't get an IP
> address from the DHCP, an IP address from apipa will be assigned
> automatically on the host. The Cisco will still forward the framed IP
> address to the radius and I want to ignore it, is it possible?
> 
> Thanks.
> 
> On Tue, 10 Aug 2021, 15:20 Alan DeKok, <aland at deployingradius.com> wrote:
> 
>> On Aug 10, 2021, at 7:39 AM, Pizu <pizpower at gmail.com> wrote:
>>> In my case I want to remove all the APIPA range from being sent to all
>>> firewalls.
>> 
>>  I don't know what that means.
>> 
>>  You're assuming that we're familiar with your current system.  We're not.
>> 
>>  Please explain what you're doing in detail.  What is coming in to the
>> server?  What part do you want modified?  What do you want the server to
>> reply with?
>> 
>>  Alan DeKok.
>> 
>> 
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list