Dual stack hotspot/captive portal

Ben Jencks ben at bjencks.net
Thu Feb 24 05:39:23 CET 2011


On Feb 23, 2011, at 8:30 PM, Mikael Abrahamsson wrote:

> On Wed, 23 Feb 2011, Ben Jencks wrote:
> 
>> DHCPv6 is not an option; there are too many operating systems in wide use that have no support for it.
> 
> Long term I think this is the only way to go, though. Right now, I agree with you.
> 
> Otoh if you require DHCPv6 then non-windows users will either have to install it (can be done with OSX and Ubuntu for instance) or they won't get IPv6. This way you'll spread the use of DHCPv6.
> 
> Windows Vista and Win7 supports it just fine afaik, and my Ubuntu box does it as well after I just did "apt-get install wide-dhcpv6-client".

Another issue with relying on DHCPv6 for this particular application is that there is zero support for (stateful) DHCPv6 snooping or the associated IP filtering to ensure users only use addresses acquired through DHCPv6. Have any vendors even implemented this?

I think neighbor table scraping is the way to go; I was just hoping there would be something to correlate with it so I'm not dependent on one, somewhat hackish, source. I'm not actually doing the DHCPv4 snooping/enforcement (my switches are too old), but at least I can correlate the DHCPv4 leases with the ARP table to have a sanity check on the majority of people who aren't "cheating" and configuring static IPs.

-Ben


More information about the ipv6-ops mailing list