Got it

User authentication using information from Option 82 field on NE Highlighted

Latest reply: Dec 27, 2018 07:11:45 604 1 2 0 0

Hello everyone,

Today I will share with you how to deal with user authentication using information from the Option 82 field on NE.

Issue Description

The end-user (in this case ONT) sends a DHCP Discovery packet. Then the OLT (configured as DHCP snooping) receives the packet from ONT, adds an option82 (containing information about the ONT number and port number to which the ONT is connected), and then transmits it to the NE20 router by broadcast. The router receives package DHCP Discovery on the port on which the BRAS service is configured. The router is designed to perform end-user authentication. Router uses an external RADIUS server for this. When sending a query to the RADIUS server, the router should include information about the option82 in the authentication packet. The RADIUS server should authenticate the end-user based on information about the option82. After receiving information from the RADIUS server about the correct authorization of the end-user, the router sends a request to an external DHCP server to obtain the IP address for the end-user (here option 82 is no longer used). In terms of DHCP, the Router is configured as a DHCP relay.

For now, the RADIUS server authenticates end-users based on their MAC address. We want to change it so that authorization takes place using the information contained in option 82.

Solution

The solution is to configure the client-option82 command on the relay interface. The client-option82 command configures the NE20E to trust the access-line-id information (for a DHCP user) sent from the DHCP client.

http://support.huawei.com/hedex/hdx.do?docid=EDOC1100006715&id=client-option82_1&text=client-option82&lang=en

That is all I want to share with you! Thank you!


  • x
  • convention:

dagui
Created Dec 27, 2018 07:11:45

For now the RADIUS server authenticate end users based on their MAC address. We want to change it so that authorization takes place using the information contained in option 82.Can you provide a more detailed explanation?
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.