Using DHCP for Radius on a Cable Modem Plant

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Aug 21 17:38:50 CEST 2015


> On Aug 21, 2015, at 11:29 AM, John Alcock <john at alcock.org> wrote:
> 
> Morning,
> 
> Has anyone use freeradius and the built-in dhcp server in freeradius for a
> small cable modem plant?
> 
> I am using LDAP for the authentication part and it works.
> 
> Radius just seems like a much cleaner solution.
> 
> So, the idea I have in mind is using freeradius for authentication and go
> ahead and use it for DHCP.  I will use a SQL database backend to keep track
> of users.

You mean leases, right?

> So, my question has to do with documentation.  Most of seems to be dealing
> with version 2, and the main page says.. hey.. do not use version 2 configs
> as a starting space.

There's an example DHCP server in v3.0.x too.
> 
> Also, documentation seems weak on the new DHCP options.

Look at the dictionaries for decodable options, and read the DHCP RFCs, you need to understand exactly how DHCP works to get FreeRADIUS working as a DHCP server.

You're just presented with the type of DHCP packet and a bunch of options that were included, you need to write the logic to deal with that and send back the correct response.

> The way I figure it, if I am going to complain about documentation or lack
> thereof, I just need to write some documentation and submit to the group.

Good attitude :)

> That being said, some directions in the right direction would help me get
> started. I have seen documentation on each of the separate items below, but
> not much in tieing it all together.
> 
> Platform will be Linux running a standard LAMP installation.
> 
> SQL database (mysql, postgress, I do not care) to keep track of
> information, specifically the MAC address which will be used for
> authentication.

So DHCP leases are only allocated if the device has performed RADIUS based authentication of some kind?

> DHCP? Should I use the DHCP built into Radius?  Or outside DHCP server.  I
> kind like the idea of allowing Radius handling it all.

Do you mean passing back IP addresses using Framed-IP-Address and having the NAS deal with allocating leases? Or do you mean setting up FreeRADIUS to speak DHCP and allocate leases?

If you have the option of passing back Framed-IP-Address it'll almost certainly scale better, because then the DHCP servers are distributed.  This is how the Alcatel service routers handle DHCP.

-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150821/c095fe84/attachment.sig>


More information about the Freeradius-Users mailing list