Le 14/10/2010 16:33, Nathan Vidican a écrit :
On Thu, Oct 14, 2010 at 9:16 AM, Jerome Herman<jher...@dichotomia.fr>wrote:
Le 13/10/2010 22:25, Elliot Finley a écrit :
we did this with DSL customers. But instead of using a unique gateway for
each Client, just use IP Unnumbered and proxy arp for your loopback
interface.
I was about to say that this solution seemed extremely sensitive to
spoofing. But I figured out that my solution was not necessarily better.
Looks like I will have to go for hardware solution after all...
I am currently checking on Cisco private vlan system. But I am not a big
fan of Cisco (Well to be perfectly honest I love the hardware...). Does
anyone know of an alternative ?
Jerome Herman
On Wed, Oct 13, 2010 at 9:02 AM, Jerome Herman<jher...@dichotomia.fr
wrote:
Hello,
Given the price (an tedious management) of layer 3 switches I was
thinking
about using modified DHCP to distribute addresses with a /32 netmask
(255.255.255.255)
The Idea : Create a cheap (and preferably not dirty) way to have client
isolation, without creating tons of vlan.
Pratictal overview : The DHCP server will be serving IP addresses and
gateways with a /32 mask.
Client1 would recieve IP adress of 241.0.0.1 with a netmask of
255.255.255.255 and a gateway of 240.0.0.1
Client2 would recieve IP adress of 241.0.0.2 with a netmask of
255.255.255.255 and a gateway of 240.0.0.2
Client3 would recieve IP adress of 241.0.0.3 with a netmask of
255.255.255.255 and a gateway of 240.0.0.3
etc.
Of course the gateway will have to have as many IP as there are clients
(Unless I am mistaken)
The questions :
- Is there something similar already existing ? It must not require any
configuration on the client side other than activating DHCP.
- Would this work ? I do not see why it would not, though I am a little
anxious about having tens of point to point connections going to the same
physical port.
- I could not find anything forbidding it in RFC2131, but then again I
might be wrong. Am I ?
- One problem remains that is solved by vlan isolation but not by DHCP
isolation : rogue DHCP servers. Any Idea to crush those ?
I hope it is not inappropriate to post this on this list. But it is an
interesting problem (I think).
Jerome Herman
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "
freebsd-questions-unsubscr...@freebsd.org"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "
freebsd-questions-unsubscr...@freebsd.org"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "
freebsd-questions-unsubscr...@freebsd.org"
Around here (Ontario, Canada) - almost all DSL providers use PPPoE... just a
thought, but might be a lot easier.
It is indeed a lot easier. Unfortunatly it cannot be used in this case.
Basically it is an hotel that is already wired in CAT.6. We ant the
clients to be able to connect through wire without resorting to routers
or DSL modem, with just DHCP set up.
The hotel is composed of 33 small residences connected with fiber. The
idea is to avoid the part where we buy 33 layer3 switches at 3000$ a piece.
Jerome Herman
--
Nathan Vidican
nat...@vidican.com
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
