'Re: Redback and DSL'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       inet-access
Subject:    Re: Redback and DSL
From:       "Michael K. Smith" <mike () wackypackets ! com>
Date:       2001-01-31 6:13:04
[Download RAW message or body]

on 1/27/01 7:53 PM, Brian at signal@shreve.net wouldn't shut up about:

> 
> I am getting ready to setup some customers on a Redback SMS500, and had a
> few questions for those of you who have worked with these before.
> 
> I am trying to deploy the redback in such as way so that users cannot take
> any more ip's then they are assigned.  I am not talking about stopping
> them from using proxies, I am just talking about them not taking any more
> from a pool then I want them too.  I also don't want them to be able to
> take eachothers IP's.
> 

I would recommend using Radius authentication instead of assigning via DHCP,
but that's just me.  The nice thing is all the little accounting bits that
come along with it, plus you can shut off users from Radius by changing the
password field.

Here is a sample snippet from Radius:

sc4476  Password = "dsl"
        Service-Type = Framed,
        Framed-IP-Address = 192.168.1.4,
        Framed-IP-Netmask = 255.255.255.254

This would tell the Redback that user 'sc4476' gets 2 addresses, 4 and 5.
The circuit must be authenticated with a password "dsl".  So, you would have
something like this on the Redback.

Port atm 1/0

Atm pvc 0 100 prof adsl encapsulation bridged
Bind subscriber sc4476@local password dsl

The Redback knows to give that particular circuit only those two IP
addresses, thus preventing anyone else from taking them and, in turn,
preventing that user from taking any other IP's.

There are some other things you need to do, but that's the jist of it.  You
need to set up ip secured-arp on your interfaces (not ports) as well.  Find
out who your SE is and give them a call.  They'll get you set up in no time.

Mike
-------------------------------------------------------------------
Michael K. Smith     mike@wackypackets.com

"I can no longer sit back and allow Communist infiltration,
Communist indoctrination, Communist subversion and the
International Communist Conspiracy to sap and impurify all
of our precious bodily fluids." -- Jack D. Ripper

PGP Key: 92F3 3C34 34A2 6900 8F9C  9A35 6D2A D0A6 4846 3BE0
-------------------------------------------------------------------

-
List archives can be found at: <http://www.moongroup.com/inet.php>
Send 'unsubscribe' in the body to 'list-request@inet-access.net' to leave.
Eat sushi frequently.   inet@inet-access.net is the human contact address.

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic