DHCP with RADIUS MAC Authentication
John Hascall
john at iastate.edu
Fri Nov 27 19:39:06 UTC 2009
| We are an ISP providing access on many technologies (WiFi, Wimax, xDSL,
| FTTH...).
|
| In most cases we use PPPoE servers, but we have recently migrated some of
| our networks on an ISC DHCP server.
|
| Everything works great but I have to authenticate each CPE by MAC Address (I
| already have a RADIUS server working well) before offering a lease.
|
| I don't find any radius client for RedHat, CentOs or Fedora which could be
| able to do that...
|
| Is there any way to make this working?
| Julien TURELLO
> DHCP is not an authentication mechanism, as the MAC address can easily be
> spoofed. But if you're looking to hand out addresses to just those with
> certain MAC addresses (as presented, unverified, to your DHCP server), you
> can use no "host" statements along with a "deny unknown".
> Frank
I believe the OP is asking about something like this:
http://tools.ietf.org/html/draft-pruss-dhcp-auth-dsl-00
http://tools.ietf.org/html/draft-pruss-dhcp-auth-dsl-01
http://tools.ietf.org/html/draft-pruss-dhcp-auth-dsl-02
http://tools.ietf.org/html/draft-pruss-dhcp-auth-dsl-03
http://tools.ietf.org/html/draft-pruss-dhcp-auth-dsl-04
http://tools.ietf.org/html/draft-pruss-dhcp-auth-dsl-05
http://tools.ietf.org/html/draft-pruss-dhcp-auth-dsl-06
(the last one is the latest version)
but I have no idea what its current status is, and it certainly
isn't in any ISC DHCPD that I'm aware of.
John
-------------------------------------------------------------------------------
John Hascall, john at iastate.edu
Team Lead, NIADS (Network Infrastructure, Authentication & Directory Services)
IT Services, The Iowa State University of Science and Technology
More information about the dhcp-users
mailing list