This is what I do, unauthenticated DHCP. I like the fact our users can just plug in, or replace their router and have it run immediately without effort on their part.
On our side of that we limit one connection to one MAC, so if they plug in a switch instead of a router, they only get one IP from us and the rest just sit there. What I would like to do is what Digis/JAB sort of did, which is throw up a branded page when a change of MAC/ARP occurred and have the user click on “Register” or something like that. Then it would register that devices MAC with our system behind the scenes. I never actually saw this work automatically with DIGIS though, you always had to call it in. I could do that automatically with some sort of SNMP alert or polling of course, but I’m too lazy right now to do that. Like Spong Bob says, “Eventually…” From: Af [mailto:[email protected]] On Behalf Of Chuck McCown Sent: Thursday, May 28, 2015 12:36 PM To: [email protected] Subject: Re: [AFMUG] dhcpatriot I am trying to convince myself that this is not a good idea. I can’t seem to find a compelling reason to authenticate or limit leases. From: Simon Westlake<mailto:[email protected]> Sent: Thursday, May 28, 2015 12:33 PM To: [email protected]<mailto:[email protected]> Subject: Re: [AFMUG] dhcpatriot Or you could even just run wide open DHCP at that point if you don't care about authentication or limiting leases. On May 28, 2015 1:16 PM, "Chuck McCown" <[email protected]<mailto:[email protected]>> wrote: Yeah, trying to eliminate the user having to authenticate. We know the MAC of the fiber terminal. We have control over the DLS lines. We have to enable either the fiber or the phone for them to get service, in my mind that is plenty of authentication. Like to have a user plug and play with no extra steps. Like to not have any more databases. I really don’t care who the user is etc. If they can get service they are supposed to get service. From: Simon Westlake<mailto:[email protected]> Sent: Thursday, May 28, 2015 12:08 PM To: [email protected]<mailto:[email protected]> Subject: Re: [AFMUG] dhcpatriot You could probably do a really short DHCP lease on the initial walled garden IP, I don't know how short DHCP Patriot supports, but I would imagine the shortest would probably still be 60 seconds. On 5/28/2015 12:58 PM, Chuck McCown wrote: Be nice to make it so that a DSL modem/router could power up and just start working without any power cycling. From: Charles Boening<mailto:[email protected]> Sent: Thursday, May 28, 2015 11:28 AM To: [email protected]<mailto:[email protected]> Subject: Re: [AFMUG] dhcpatriot We have had a DHCPatriot system for about 5 years. We love it. It’s essentially a captive portal. When a user first connects, they get a private IP and policy routing forces them to the portal. When the user authenticates, the system uses a local user database or RADIUS to authenticate the them and if successful, ties the MAC address to a username. Now that the user is known, they reboot their device (or release/renew or wait a few minutes) and the system assigns an IP address from the authenticated address pool. Infoblox looks like it has a few more features (some DNS and IPAM stuff). If you’re in the market for something like the DHCPatriot system, I recommend getting a demo. __________________________________ Charles Boening Network Manager 800-858-2399<tel:800-858-2399> | Office [email protected]<mailto:[email protected]> www.cot.net<http://www.cot.net/> | Find us on Facebook<https://www.facebook.com/pages/Cal-Ore/205066716227707> __________________________________ Cal-Ore | Real. Local. Trusted. Professional. From: Af [mailto:[email protected]] On Behalf Of Simon Westlake Sent: Thursday, May 28, 2015 6:31 AM To: [email protected]<mailto:[email protected]> Subject: Re: [AFMUG] dhcpatriot I thought it was pretty interesting. Infoblox has a nice DHCP server too. On May 27, 2015 4:34 PM, "Chuck McCown" <[email protected]<mailto:[email protected]>> wrote: Anyone know anything about this product? http://www.network1.net/products/dhcpatriot/
