Well, I don't know exactly how these DSL modems work, but generally the
only reason it's a bad idea is that:
A) For an end user to get a DHCP IP transparently, they are bridged into
the network (which is bad.) In my experience though, this problem has
been solved in most non-WISP networks (e.g. cable modems allow bridging
but block things like spanning tree/layer 2 traffic into the network). I
assume these DSL modems probably work the same way.
B) If you don't control the quantity of leases, what's to stop a
customer plugging in an infinite number of devices and exhausting your
DHCP pool? Again, normally controlled in a cable environment at least by
the modem limiting the number of leases that are allowed via a single
device. If the modem can do this, again, no problem.
C) If the user can buy a modem at the store, plug it in and get an IP,
then they can steal service. If you have to enable the lines.. then
again, not really an issue (as long as the lines don't accidentally stay
enabled after a user disconnects service.)
I can't really think of anything else major off the top of my head.
On 5/28/2015 1:35 PM, Chuck McCown wrote:
I am trying to convince myself that this is not a good idea. I can’t
seem to find a compelling reason to authenticate or limit leases.
*From:* Simon Westlake <mailto:[email protected]>
*Sent:* Thursday, May 28, 2015 12:33 PM
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: [AFMUG] dhcpatriot
Or you could even just run wide open DHCP at that point if you don't
care about authentication or limiting leases.
On May 28, 2015 1:16 PM, "Chuck McCown" <[email protected]
<mailto:[email protected]>> wrote:
Yeah, trying to eliminate the user having to authenticate. We
know the MAC of the fiber terminal. We have control over the DLS
lines. We have to enable either the fiber or the phone for them to
get service, in my mind that is plenty of authentication.
Like to have a user plug and play with no extra steps. Like to
not have any more databases. I really don’t care who the user is
etc. If they can get service they are supposed to get service.
*From:* Simon Westlake <mailto:[email protected]>
*Sent:* Thursday, May 28, 2015 12:08 PM
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: [AFMUG] dhcpatriot
You could probably do a really short DHCP lease on the initial
walled garden IP, I don't know how short DHCP Patriot supports,
but I would imagine the shortest would probably still be 60 seconds.
On 5/28/2015 12:58 PM, Chuck McCown wrote:
Be nice to make it so that a DSL modem/router could power up and
just start working without any power cycling.
*From:* Charles Boening <mailto:[email protected]>
*Sent:* Thursday, May 28, 2015 11:28 AM
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: [AFMUG] dhcpatriot
We have had a DHCPatriot system for about 5 years. We love it.
It’s essentially a captive portal. When a user first connects,
they get a private IP and policy routing forces them to the
portal. When the user authenticates, the system uses a local
user database or RADIUS to authenticate the them and if
successful, ties the MAC address to a username. Now that the
user is known, they reboot their device (or release/renew or wait
a few minutes) and the system assigns an IP address from the
authenticated address pool.
Infoblox looks like it has a few more features (some DNS and IPAM
stuff).
If you’re in the market for something like the DHCPatriot system,
I recommend getting a demo.
__________________________________
*Charles Boening*
/Network Manager/
800-858-2399 <tel:800-858-2399> | Office
[email protected] <mailto:[email protected]>
www.cot.net <http://www.cot.net/> | Find us on Facebook
<https://www.facebook.com/pages/Cal-Ore/205066716227707>
__________________________________
*Cal-Ore* | /Real. Local. Trusted. Professional./
*From:*Af [mailto:[email protected]] *On Behalf Of *Simon Westlake
*Sent:* Thursday, May 28, 2015 6:31 AM
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: [AFMUG] dhcpatriot
I thought it was pretty interesting. Infoblox has a nice DHCP
server too.
On May 27, 2015 4:34 PM, "Chuck McCown" <[email protected]
<mailto:[email protected]>> wrote:
Anyone know anything about this product?
http://www.network1.net/products/dhcpatriot/
