On Fri, 11 Jan 2008, Tom Griffin wrote:
> Hello all,
>
> We have been experimenting with IPv6 on our network and are preparing for a
> potential campus-wide deployment, but have hit a snag when it comes to
> logging and traceability of user access.
>
> How are other institutions implementing AAA for IPv6 services, and does JANET
> have any recommendations as to how we can meet our obligations as set out in
> the AUP whilst using IPv6.
>
Any interface can have any number of IPv6 addresses, and under Windows
IPv6 privacy addresses are used by default, meaning that the IPv6
addresses change in time for the same machine.
At the moment with IPv4, we poll the router interfaces for all the campus
LANs pulling the arp entries into a database along with a timedate stamp.
Our discussions here at Uni. of Leeds (last monday actually - wierd
synchronicity there) suggested we are going to have to do something
similar, by pulling the neighbour discovery data. We've not done much
research, but I don't know the relevant SNMP MIB, or even if it's been
defined? Anyone know? We then have to wait for the manufacturers to
implement it! Of course we could do some TCL/Expect or perl/expect
hackery.
But it's a good timely question.
|