[EXTERNAL] RE: Freeradius DHCP

Winfield, Alister Alister.Winfield at sky.uk
Mon Aug 12 08:42:33 CEST 2019


As with most AAA questions the answer is look to the session management device (BRAS, wifi controller etc etc). What is common is for the DHCP interop to actually create a RADIUS request to setup the sessions QoS etc and thus it's here you get to refuse to connect a device. That ASR 1000 certainly should do something like this. If you refuse the DHCP shouldn't happen anyway which is the best you can do really.

A.


On 12/08/2019, 02:24, "Freeradius-Users on behalf of Maile Halatuituia" <freeradius-users-bounces+alister.winfield=sky.uk at lists.freeradius.org on behalf of maile.halatuituia at tcc.to> wrote:

    Hi Alan
    Sorry I should have read more before I send the question.

    Actually I was referring to the PPPoE like Authentication and you have confirmed DHCP does not do the same.

    Any idea how I would achieve at least similar to PPPoE. I mean is it possible to authenticate DHCP clients before assigning the Address. I mean similar to what PPP does with Freeradius on PPPoE.


    -----Original Message-----
    From: Freeradius-Users <freeradius-users-bounces+maile.halatuituia=tcc.to at lists.freeradius.org> On Behalf Of Alan DeKok
    Sent: Monday, 12 August 2019 1:34 PM
    To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
    Subject: Re: Freeradius DHCP

    On Aug 11, 2019, at 4:34 PM, Maile Halatuituia <maile.halatuituia at tcc.to> wrote:
    > I am wondering if someone could provide links or detail for setting up Freeradius to do Authentication dor DHCP user.

      Do you mean MAC address authentication?

      The DHCPO protocol doesn't do authentication.

    >
    > My scenario is like this.
    >
    >
    > BRAS DHCP Server (Cisco ASR 1000) ---------- L2 Networks -------------- DHCP Relay Agent (Residential Gateway Router) ----------- WIFI or LAN Clients.
    >
    >            |
    >
    >            |
    >
    >   Freeradius Server

      Does the BRAS send RADIUS packets to the RADIUS server?

    >
    > With the Basic Setup i already have this Radius Packet sent from my BRAS to my Freeradius Server below
    >
    >        Acct-Session-Id = "00000014"
    >        Framed-IP-Address = x.x.x.x

      That's an accounting packet.  That isn't authentication.

      Alan DeKok.


    -
    List info/subscribe/unsubscribe? See https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=02%7C01%7Calister.winfield%40sky.uk%7C9f9d0b729334465fbcd708d71ec3daf8%7C68b865d5cf184b2b82a4a4eddb9c5237%7C0%7C0%7C637011698868089212&sdata=pasDevaVnrdP5q89eA2jKIv0sGcZt2itbcUVylAVEYc%3D&reserved=0
    Confidentiality Notice: This email (including any attachment) is intended for internal use only. Any unauthorized use, dissemination or copying of the content is prohibited. If you are not the intended recipient and have received this e-mail in error, please notify the sender by email and delete this email and any attachment.
    Confidentiality Notice: This email (including any attachment) is intended for internal use only. Any unauthorized use, dissemination or copying of the content is prohibited. If you are not the intended recipient and have received this e-mail in error, please notify the sender by email and delete this email and any attachment.

    -
    List info/subscribe/unsubscribe? See https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=02%7C01%7Calister.winfield%40sky.uk%7C9f9d0b729334465fbcd708d71ec3daf8%7C68b865d5cf184b2b82a4a4eddb9c5237%7C0%7C0%7C637011698868089212&sdata=pasDevaVnrdP5q89eA2jKIv0sGcZt2itbcUVylAVEYc%3D&reserved=0
    --------------------------------------------------------------------
    This email is from an external source. Please do not open attachments or click links from an unknown or suspicious origin. Phishing attempts can be reported by sending them to phishing at sky.uk as attachments. Thank you
    --------------------------------------------------------------------



Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky Limited and Sky International AG and are used under licence.

Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075), Sky Subscribers Services Limited (Registration No. 2340150) and Sky CP Limited (Registration No. 9513259) are direct or indirect subsidiaries of Sky Limited (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD



More information about the Freeradius-Users mailing list