Hi all,
I'm going to start work on the captive portal portion of my software for private cable operators. I'm looking for comments or feature requests. I'd like to find a way for it to look at the subscriber's cm mac address and allow anything connected to it to pass through if they are already in our database. Using the CPE info just begs the question, "What if they get a new computer or router?" I don't want to pay some to answer the phone and enter a new mac address. I'll make the software do the work.
It seems to me that this is similar to providing CPEs with public static IP addresses. There's a post in here somewhere about that. Many of you already use the software so if anything here sounds interesting or if you what this feature, Chime in. I think it would help us out. It's sort of like the hair club for men. I wrote the software, but I also use it in production.
emkowale
Writing an entire dhcp server, to support little used features seems a bit excessive. A captive portal can easily be built using dhcpd already, I have posted a howto elsewhere on the forums.
Using the same method, for the captive portal you can also authorize any client behind any authorized modem and either deny or capture any client behind an unauthorized client. Downside is it requires 2 dhcp servers one for the modems and one for the clients. We run both dhcp server on the same hardware using Xen without any trouble.
for example
CMTS (cisco 7246)
interface bundle 1
no ip address
!This is where Authorized modems go.
interface bundle 1.1
ip address 10.0.0.1 255.255.0.0
ip address 192.168.0.1 255.255.255.0 second
cable helper-address 172.16.0.1 modems
cable helper-address 172.16.0.2 clients
! This is where UnAuthorized modems go
interface bundle 1.2
ip address 10.1.0.1 255.255.0.0
ip address 192.168.1.1 255.255.255.0 second
cable helper-address 172.16.0.1 modems
cable helper-address 172.16.0.2 clients
Modem DHCP server
shared-network Modems {
# Authorized or known modems will pull from this subnet
subnet 10.0.0.0 netmask 255.255.0.0 {
pool {
range 10.0.0.2 10.0.255.254;
deny unknown-clients;
}
}
# UnAuthorized or unknown modems will pull from this subnet
subnet 10.1.0.0 netmask 255.255.0.0 {
pool {
range 10.1.0.2 10.1.255.254;
deny known-clients;
allow unknown-clients;
}
}
}
Client DHCP server
shared-network Authorized {
#Clients behind authorized modems will pull from this shared-network because
# the request will come from 10.0.0.1
subnet 10.0.0.0 netmask 255.255.0.0 {
}
# this is the subnet clients behind authorized modems will get.
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.2 192.168.0.254;
allow unknown-clients;
}
}
shared-network UnAuthorized {
#Clients behind unauthorized modems will pull from this shared-network because
# the request will come from 10.1.0.1
subnet 10.1.0.0 netmask 255.255.0.0 {
}
#this is where clients behind unauthorized modems get ips and thsi is where you put in the cpative portal stuff i.e. fake dns server
subnet 192.168.1.0 netmask 255.255.0.0 {
range 192.168.1.2 192.168.1.254;
allow unknown-clients;
}
}
My opinion on the public static ips is they should be manually assigned by the customer. We use to offer static ips and soon realized it was way too much trouble, now we only offer them to our business customers upon request, and we usually use something like an cisco 1841 with a docsis card to implement it so we dont have to worry about dhcp or cable trust commands.
You're better off using a Conditional Access Server to have your subscribers on a Captive Portal
Sebastian
sebastian@broadbandent.com
Hi,
Can someone explain to me reason for 2 dhcp servers?
This seems to be simple and easy way to get users in diffrent subnets.
KmN
This is a dhcpd thing
in dhcpd you cannot have the same subnet in two different shared-networks on the same server, while it is not a config error to do so, dhcpd will always use the first shared-network and never continue on o the second.
Now when i looked more deeply on shared networks on dhcp server i understand it.
KmN
Hi,
I've overcome the 2 DHCP server issue, I just can't seem to get aftfpd or tftpd to use the main IP and a virtual IP. Any ideas?
emkowale
Any one here can help me in setup of a captive portal that will run on cable internet subscibers? We're planning to introduce prepaid cable internet to our subscribers. Please help,
Thanks.