I can get Nm Access to work:
NetworkAccess = 1
ClassOfService =
ClassId = 1
MaxDownstreamRate = 2048000
MaxUpstreamRate = 1024000
UpstreamChannelPriority = 7
MinUpstreamRate = 3044
MaxUpstreamBurst = 0
CoSPrivacyEnable = 0
SnmpMib = docsDevNmAccessIndex.1 1
SnmpMib = docsDevNmAccessIp.1 10.10.0.0
SnmpMib = docsDevNmAccessIpMask.1 255.255.0.0
SnmpMib = docsDevNmAccessCommunity.1 "*******"
SnmpMib = docsDevNmAccessControl.1 readWrite
SnmpMib = docsDevNmAccessInterfaces.1 hexstr: "@"
SnmpMib = docsDevNmAccessStatus.1 createAndGo
I can get LLC filters to work with Nm Access:
NetworkAccess = 1
ClassOfService =
ClassId = 1
MaxDownstreamRate = 2048000
MaxUpstreamRate = 1024000
UpstreamChannelPriority = 7
MinUpstreamRate = 3044
MaxUpstreamBurst = 0
CoSPrivacyEnable = 0
SnmpMib = docsDevNmAccessIndex.1 1
SnmpMib = docsDevNmAccessIp.1 10.10.0.0
SnmpMib = docsDevNmAccessIpMask.1 255.255.0.0
SnmpMib = docsDevNmAccessCommunity.1 "*******"
SnmpMib = docsDevNmAccessControl.1 readWrite
SnmpMib = docsDevNmAccessInterfaces.1 hexstr: "@"
SnmpMib = docsDevNmAccessStatus.1 createAndGo
SnmpMib = docsDevFilterLLCUnmatchedAction.0 discard
SnmpMib = docsDevFilterLLCIndex.2 2
SnmpMib = docsDevFilterLLCStatus.2 createAndGo
SnmpMib = docsDevFilterLLCIfIndex.2 1
SnmpMib = docsDevFilterLLCProtocolType.2 ethertype
SnmpMib = docsDevFilterLLCProtocol.2 2048
SnmpMib = docsDevFilterLLCIndex.3 2
SnmpMib = docsDevFilterLLCStatus.3 createAndGo
SnmpMib = docsDevFilterLLCIfIndex.3 1
SnmpMib = docsDevFilterLLCProtocolType.3 ethertype
SnmpMib = docsDevFilterLLCProtocol.3 2054
I can get a single IP filter to work all by itself:
NetworkAccess = 1
ClassOfService =
ClassId = 1
MaxDownstreamRate = 2048000
MaxUpstreamRate = 1024000
UpstreamChannelPriority = 7
MinUpstreamRate = 3044
MaxUpstreamBurst = 0
CoSPrivacyEnable = 0
SnmpMib = docsDevFilterIpDefault.0 accept
SnmpMib = docsDevFilterIpStatus.1 createAndGo
SnmpMib = docsDevFilterIpControl.1 discard
SnmpMib = docsDevFilterIpIfIndex.1 1
SnmpMib = docsDevFilterIpDirection.1 outbound
SnmpMib = docsDevFilterIpBroadcast.1 false
SnmpMib = docsDevFilterIpSaddr.1 0.0.0.0
SnmpMib = docsDevFilterIpSmask.1 0.0.0.0
SnmpMib = docsDevFilterIpDaddr.1 0.0.0.0
SnmpMib = docsDevFilterIpDmask.1 0.0.0.0
SnmpMib = docsDevFilterIpProtocol.1 6
SnmpMib = docsDevFilterIpSourcePortLow.1 25
SnmpMib = docsDevFilterIpSourcePortHigh.1 25
I CAN"T get Nm Access and LLC to work with an IP filter.......
NetworkAccess = 1
ClassOfService =
ClassId = 1
MaxDownstreamRate = 2048000
MaxUpstreamRate = 1024000
UpstreamChannelPriority = 7
MinUpstreamRate = 3044
MaxUpstreamBurst = 0
CoSPrivacyEnable = 0
SnmpMib = docsDevNmAccessIndex.1 1
SnmpMib = docsDevNmAccessIp.1 10.10.0.0
SnmpMib = docsDevNmAccessIpMask.1 255.255.0.0
SnmpMib = docsDevNmAccessCommunity.1 "*******"
SnmpMib = docsDevNmAccessControl.1 readWrite
SnmpMib = docsDevNmAccessInterfaces.1 hexstr: "@"
SnmpMib = docsDevNmAccessStatus.1 createAndGo
SnmpMib = docsDevFilterLLCUnmatchedAction.0 discard
SnmpMib = docsDevFilterLLCIndex.2 2
SnmpMib = docsDevFilterLLCStatus.2 createAndGo
SnmpMib = docsDevFilterLLCIfIndex.2 1
SnmpMib = docsDevFilterLLCProtocolType.2 ethertype
SnmpMib = docsDevFilterLLCProtocol.2 2048
SnmpMib = docsDevFilterLLCIndex.3 2
SnmpMib = docsDevFilterLLCStatus.3 createAndGo
SnmpMib = docsDevFilterLLCIfIndex.3 1
SnmpMib = docsDevFilterLLCProtocolType.3 ethertype
SnmpMib = docsDevFilterLLCProtocol.3 2054
SnmpMib = docsDevFilterIpDefault.0 accept
SnmpMib = docsDevFilterIpStatus.4 createAndGo
SnmpMib = docsDevFilterIpIfIndex.4 0
SnmpMib = docsDevFilterIpControl.4 discard
SnmpMib = docsDevFilterIpDirection.4 outbound
SnmpMib = docsDevFilterIpBroadcast.4 false
SnmpMib = docsDevFilterIpSaddr.4 0.0.0.0
SnmpMib = docsDevFilterIpSmask.4 0.0.0.0
SnmpMib = docsDevFilterIpDaddr.4 0.0.0.0
SnmpMib = docsDevFilterIpDmask.4 0.0.0.0
SnmpMib = docsDevFilterIpProtocol.4 6
SnmpMib = docsDevFilterIpSourcePortLow.4 25
SnmpMib = docsDevFilterIpSourcePortHigh.4 25
SnmpMib = docsDevFilterIpDestPortLow.4 0
SnmpMib = docsDevFilterIpDestPortHigh.4 65535
MaxCpeAllowed = 3
......OR with just two IP filters:
NetworkAccess = 1
ClassOfService =
ClassId = 1
MaxDownstreamRate = 2048000
MaxUpstreamRate = 1024000
UpstreamChannelPriority = 7
MinUpstreamRate = 3044
MaxUpstreamBurst = 0
CoSPrivacyEnable = 0
SnmpMib = docsDevFilterIpDefault.0 accept
SnmpMib = docsDevFilterIpStatus.1 createAndGo
SnmpMib = docsDevFilterIpControl.1 discard
SnmpMib = docsDevFilterIpIfIndex.1 0
SnmpMib = docsDevFilterIpDirection.1 outbound
SnmpMib = docsDevFilterIpBroadcast.1 false
SnmpMib = docsDevFilterIpSaddr.1 0.0.0.0
SnmpMib = docsDevFilterIpSmask.1 0.0.0.0
SnmpMib = docsDevFilterIpDaddr.1 0.0.0.0
SnmpMib = docsDevFilterIpDmask.1 0.0.0.0
SnmpMib = docsDevFilterIpProtocol.1 6
SnmpMib = docsDevFilterIpSourcePortLow.1 25
SnmpMib = docsDevFilterIpSourcePortHigh.1 25
SnmpMib = docsDevFilterIpDestPortLow.1 0
SnmpMib = docsDevFilterIpDestPortHigh.1 65535
SnmpMib = docsDevFilterIpStatus.2 createAndGo
SnmpMib = docsDevFilterIpControl.2 discard
SnmpMib = docsDevFilterIpIfIndex.2 0
SnmpMib = docsDevFilterIpDirection.2 both
SnmpMib = docsDevFilterIpBroadcast.2 false
SnmpMib = docsDevFilterIpSaddr.2 0.0.0.0
SnmpMib = docsDevFilterIpSmask.2 0.0.0.0
SnmpMib = docsDevFilterIpDaddr.2 0.0.0.0
SnmpMib = docsDevFilterIpDmask.2 0.0.0.0
SnmpMib = docsDevFilterIpProtocol.2 6
SnmpMib = docsDevFilterIpSourcePortLow.2 67
SnmpMib = docsDevFilterIpSourcePortHigh.2 69
SnmpMib = docsDevFilterIpDestPortLow.2 0
SnmpMib = docsDevFilterIpDestPortHigh.2 65535
MaxCpeAllowed = 3
I've tried with and without docsDevFilterIpIndex*.* included with no difference. I've tried reading the specifications for a clue and just end up with a headache. What am I missing? Something in the CMTS maybe? Has to be something very simple, I'm sure.
Nm access works fine. LLC works fine. Nm Access with LLC works fine. One Ip filter works fine all by itself...
Just can't seem to get past the following entries under any circumstances except for just the single IP filter scenario and don't really know how to sniff this out or where else to be looking for the solution to the problem.
SnmpMib = docsDevFilterIpStatus.* createAndGo
SnmpMib = docsDevFilterIpControl.* discard
Any additional help or guidance would be gratefully appreciated. I'm at my wits end and have way too many unfiltered modems on my network and adding more every day as we continue our transition to DOCSIS from the legacy LANcity platform.
Poge
yours looks very similar to
yours looks very similar to mine have you tried putting
SnmpMib = docsDevFilterIpDefault.0 accept
at the end of the file, that is only major difference between mine and yours.
Sure have.
I tried the one you provided as a working example in the other thread with no luck -- both copy/paste into PacketAce and constructed line by line from scratch with PacketAce.
Am I overlooking something in my uBR config, or maybe DHCPd, or maybe my iptables setup?
Not sure where to go from here or how to actually identify the error with Wireshark or similar method. Just not well versed enough with that stuff yet, and have more balls in the air and plates spinning on sticks trying to keep things afloat to barely even find my way out of a phone booth these days.
I'd certainly appreciate any and all suggestions toward additional assessment/t-shooting methods to try figuring this thing out.
It just doesn't make sense.
Poge
What is the goal of your
What is the goal of your filters as written they block all SMTP traffic and all DHCP traffic is this you goal or do you just want to prevent customers from running dhcp and smtp servers?
The goal is responsible
The goal is responsible network management by protecting customers from themselves and my network from irresponsible or malicious network activity in an IP, IP/ARP - only environment. Additional filters for NetBios and SNMP discovery will also be implemented once I figure out why these basic ones are not working in a butt-simple DOCSIS 1.0 modem config file.
Any suggestions? Did you ever get yours working?
Poge
Just bumping this back up to
Just bumping this back up to see if anyone else may be able to shed some light on the problem. Still haven't figured it out. And sorry, kwesibruni. For some reason I had you confused with emkowale who I recalled having a similar problem back in another thread maybe? (hence the asking if you got yours working question.) Didn't mean to come off like an a-hole or unappreciative. But boy am I getting frustrated!
FWIW, I do have Wireshark running on the ISC/DHCPd box. Doesn't seem to reveal anything besides continued attempts by the modem to download the config file. Anything particular I should be looking for there as a clue?
As usual, TIA for anyone's suggestions or direction.
Poge