Hi Mike
I hope someone would able to provide the clue as I am looking for the same
thing as well.
At least my issue is how can I authenticate a DHCP client before ip address is
being assigned, as in PPPoE ... I understand DHCP lack that but I hope someone
would have some working clue.
-----Original Message-----
From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> On Behalf Of Mike
Sent: Thursday, 7 March 2019 10:08 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] DHCP per user features
Hello,
I have ASR1000 and am terminating subscriber access PPPoE sessions on it. I
am making a move twords supporting DHCP for subscriber access and I am trying
to envision how to support the same subscriber features I am using under PPPoE.
For PPPoE, the magic happens in radius. The three primary features I
support are:
Per-user firewall - a configurable packet filter choice (in practice, three
choices - no, medium, or high filtering)
Per-user rate limits - Policing to enforce upload/download speed limits
Per-user ip assignment - assigning fixed ip address / subnets
For a DHCP access model, I know I can do magic-foo with my dhcp server
using option 82 or circuit-id arguments to select the right values. But these
other two features (firewall and ratelimiting) I have no clue how to get this
programmed in for the subscriber session. I have tried reading up on 'isg
subscriber sessions' which seems to indicate it can do something with dhcp
subscribers, but the documentation is really difficult and I find no real
examples for same. It also states per-user firewall is not supported nor is
policing.
Any clues would be most appreciated....
Mike-
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Confidentiality Notice: This email (including any attachment) is intended for
internal use only. Any unauthorized use, dissemination or copying of the
content is prohibited. If you are not the intended recipient and have received
this e-mail in error, please notify the sender by email and delete this email
and any attachment.
Confidentiality Notice: This email (including any attachment) is intended for
internal use only. Any unauthorized use, dissemination or copying of the
content is prohibited. If you are not the intended recipient and have received
this e-mail in error, please notify the sender by email and delete this email
and any attachment.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
