Hello All,
I'm setting up a C3 with a Debian linux server and its dhcp server. I have cable modems on the C3 that will not get past the init(o) state. I believe that means that the cm cannot get a config file from the tftp server. my syslog shows this:
Jul 20 11:33:47 benchmark dhcpd: DHCPDISCOVER from 00:0a:73:f6:d8:77 via 10.5.1.2
Jul 20 11:33:48 benchmark dhcpd: DHCPOFFER on 10.5.1.4 to 00:0a:73:f6:d8:77 via 10.5.1.2
Jul 20 11:33:50 benchmark dhcpd: DHCPREQUEST for 10.5.1.4 (10.1.1.1) from 00:0a:73:f6:d8:77 via 10.5.1.2
Jul 20 11:33:50 benchmark dhcpd: DHCPACK on 10.5.1.4 to 00:0a:73:f6:d8:77 via 10.5.1.2
Here is my dhcp.conf file. BTW, I'm using ip routing and no bridging.
next-server 10.1.1.1;
ddns-update-style interim;
option broadcast-address 10.255.255.255;
option time-offset -18000;
option domain-name "benchmark.idsno.net";
option routers 10.1.1.1;
allow booting;
allow bootp;
option time-servers 10.1.1.1;
option ntp-servers 10.1.1.1;
option domain-name-servers 10.1.1.1;
#option domain-name-servers 209.130.136.2;
# option domain-name-servers 209.130.139.2;
option log-servers 10.1.1.1;
authoritative;
# Define option 122
option space docsis-mta;
option docsis-mta.dhcp-server-1 code 1 = ip-address;
option docsis-mta.dhcp-server-2 code 2 = ip-address;
option docsis-mta.provision-server code 3 = { integer 8, string };
option docsis-mta.as-req-as-rep-1 code 4 = { integer 32, integer 32, integer 32 };
option docsis-mta.as-req-as-rep-2 code 5 = { integer 32, integer 32, integer 32 };
option docsis-mta.krb-realm-name code 6 = string;
option docsis-mta.tgs-util code 7 = integer 8;
option docsis-mta.timer code 8 = integer 8;
option docsis-mta.ticket-ctrl-mask code 9 = integer 16;
option docsis-mta-pkt code 122 = encapsulate docsis-mta;
# Globally set option 122 settings just in case
option docsis-mta.dhcp-server-1 10.1.1.1;
option docsis-mta.provision-server 0 "\003benchmark\006idsno\003net\000";
option docsis-mta.krb-realm-name "\005BASIC\0011\000";
default-lease-time 86400;
max-lease-time 86400;
# Define a class for cable modems
# looks at the vendor-class-identifier for the string "docsis"
# spawn with option agent.remote-id; is used because the cmts is acting as a proxy for the dhcp request and if we used the mac it would be the CMTS mac not customer mac.
# only option 122 setting needed is dhcp-server-1 dhcp-server-2 is optional
# the modem config files are defined further down.
class "cm"
{
  match if substring(option vendor-class-identifier,0,6) = "docsis";
  vendor-option-space docsis-mta;
  default-lease-time 86400;
  max-lease-time 86400;
  option time-offset -18000;
  next-server 10.1.1.1;
  option tftp-server-name "benchmark.idsno.net";
  option time-servers 10.1.1.1;
  option log-servers 10.1.1.1;
  option domain-name "benchmark.idsno.net";
  ddns-updates off;
  option routers 10.1.1.1;
  option subnet-mask 255.255.255.0;
  option docsis-mta.dhcp-server-1 10.1.1.1;
}
class "mta"
{
  match if substring(option vendor-class-identifier,0,5) = "pktc1";
  default-lease-time 86400;
  max-lease-time 86400;
  min-lease-time 86400;
  option domain-name "benchmark.idsno.net";
  ddns-updates off;
  option subnet-mask 255.255.255.0;
  option routers 10.1.1.1;
  option log-servers 10.1.1.1;
  option time-servers 10.1.1.1;
  option tftp-server-name "10.1.1.1";
  next-server 10.1.1.1;
  option time-offset -18000;
  option host-name = host-decl-name;
  option docsis-mta.provision-server 0 "\003rh\006dbs\003cc\000";
  option docsis-mta.krb-realm-name "\005BASIC\0011\000";
}
class "cpe"
{
  match if(substring(option vendor-class-identifier,0,5) != "pktc1" and
           substring(option vendor-class-identifier,0,6) != "docsis");
}
shared-network "dbs"
{
  subnet 10.0.0.0 netmask 255.0.0.0
  {
    default-lease-time 86400;
    option subnet-mask 255.255.255.0;
    option routers 10.1.1.1;
    option broadcast-address 10.255.255.255;
    #cm pool
    pool
    {
      dynamic-bootp-lease-length 86400;
      range dynamic-bootp 10.5.1.3 10.5.1.254;
      next-server 10.1.1.1;
      allow members of "cm";
      deny members of "mta";
      deny members of "cpe";
    }
    #mta pool
    pool
    {
      dynamic-bootp-lease-length 86400;
      range dynamic-bootp 10.55.1.3 10.55.1.254;
      next-server 10.1.1.1;
      allow members of "mta";
      deny members of "cm";
      deny members of "cpe";
    }
    #cpe pool
    pool
    {
      dynamic-bootp-lease-length 86400;
      range dynamic-bootp 10.105.1.3 10.105.1.254;
      next-server 10.1.1.1;
      allow members of "cpe";
      deny members of "cm";
      deny members of "mta";
    }
}
  #The hosts start here in this file.
  include "/etc/dhcpd.include";
}
Any ideas??
 Thanks,
 emkowale
For the CM class you list the TFTP server(s) as follows
option tftp-server-name "benchmark.idsno.net";
next-server 10.1.1.1;
first question what does benchmark.idsno.net resolve to? Ideally you would want both next-server (bootp) and tftp-server (dhcp) set the same, some older modems use next server most however use tftp-server-name. Keep in mind also your modems are being given non-routeable IPs they will not be able to route to routeable TFTP servers unless they are on the same physical network, or you use some kind of NAT.
second how is the modem supposed to determine what benchmark.idsno.net resolves to, there are no name-servers defined for CM class? Why is the router listed as the global DNS server does it do dns too??? or is this just a sanitized version?
Thanks,
Jason
benchmark.idso.net resolves to 10.1.1.1 But, I've also tried setting the field to "10.1.1.1" with no luck. do use masquerading with Linux iptables. I have an Arris CMTS 1500 set up with this config and it works fine. The C3 is the only difference.
Thanks,
emkowale
if your using iptables make sure to load the tftp-conntrack module or it won't work.
Hi,
I can't find that on my system. Does in come in a package? How is it loaded? "modprobe tftp-conntrack"?
emkowale
I apologize the name of the module is ip_conntrack_tftp
and yes you load it by doing modprobe ip_conntrack_tftp
we use Centos (RHEL5) and it is built in on this os not sure on other Flavors of linux
Nope, that didn't do it. I'd me willing to pay a little to get this to work if you are interested.
emkowale
989-239-0446
I think I found the issue
You have the right broadcast address setup but you Can't have a 255.255.255.0 mask on a 10.5.x.x network and have it be able to communicate with a 10.1.1.1 gateway, that gateway is not in that subnet. change it to match the subnet declaration i.e.
subnet-mask 255.0.0.0;
which is why DHCP (broadcast) works but TFTP (unicast) does not.
just curious, why are you using bootp??? Why not just regular dhcp????
here is the changes in a new dhcp.conf file that is streamlined
ddns-update-style interim;
allow booting;
allow bootp;
authoritative;
# Define option 122
option space docsis-mta;
option docsis-mta.dhcp-server-1 code 1 = ip-address;
option docsis-mta.dhcp-server-2 code 2 = ip-address;
option docsis-mta.provision-server code 3 = { integer 8, string };
option docsis-mta.as-req-as-rep-1 code 4 = { integer 32, integer 32, integer 32 };
option docsis-mta.as-req-as-rep-2 code 5 = { integer 32, integer 32, integer 32 };
option docsis-mta.krb-realm-name code 6 = string;
option docsis-mta.tgs-util code 7 = integer 8;
option docsis-mta.timer code 8 = integer 8;
option docsis-mta.ticket-ctrl-mask code 9 = integer 16;
option docsis-mta-pkt code 122 = encapsulate docsis-mta;
# Globally set option 122 settings just in case
option docsis-mta.dhcp-server-1 10.1.1.1;
option docsis-mta.provision-server 0 "\003benchmark\006idsno\003net\000";
option docsis-mta.krb-realm-name "\005BASIC\0011\000";
default-lease-time 86400;
max-lease-time 86400;
# Define a class for cable modems
# looks at the vendor-class-identifier for the string "docsis"
# spawn with option agent.remote-id; is used because the cmts is acting as a proxy for the dhcp request and if we used the mac it would be the CMTS mac not customer mac.
# only option 122 setting needed is dhcp-server-1 dhcp-server-2 is optional
# the modem config files are defined further down.
class "cm"
{
match if substring(option vendor-class-identifier,0,6) = "docsis";
}
class "mta"
{
match if substring(option vendor-class-identifier,0,5) = "pktc1";
}
class "cpe"
{
match if(substring(option vendor-class-identifier,0,5) != "pktc1" and
substring(option vendor-class-identifier,0,6) != "docsis");
}
shared-network "dbs"
{
subnet 10.0.0.0 netmask 255.0.0.0
{
default-lease-time 86400;
option subnet-mask 255.0.0.0;
option routers 10.1.1.1;
option broadcast-address 10.255.255.255;
#cm pool
pool
{
vendor-option-space docsis-mta;
dynamic-bootp-lease-length 86400;
range dynamic-bootp 10.5.1.3 10.5.1.254;
next-server 10.1.1.1;
allow members of "cm";
deny members of "mta";
deny members of "cpe";
ption time-offset -18000;
next-server 10.1.1.1;
option tftp-server-name "10.1.1.1";
option time-servers 10.1.1.1;
option log-servers 10.1.1.1;
option domain-name "benchmark.idsno.net";
ddns-updates off;
option docsis-mta.dhcp-server-1 10.1.1.1;
}
#mta pool
pool
{
dynamic-bootp-lease-length 86400;
range dynamic-bootp 10.55.1.3 10.55.1.254;
next-server 10.1.1.1;
allow members of "mta";
deny members of "cm";
deny members of "cpe";
default-lease-time 86400;
max-lease-time 86400;
min-lease-time 86400;
option domain-name "benchmark.idsno.net";
ddns-updates off;
option log-servers 10.1.1.1;
option time-servers 10.1.1.1;
option tftp-server-name "10.1.1.1";
next-server 10.1.1.1;
option time-offset -18000;
option host-name = host-decl-name;
option docsis-mta.provision-server 0 "\003rh\006dbs\003cc\000";
option docsis-mta.krb-realm-name "\005BASIC\0011\000";
}
#cpe pool
pool
{
dynamic-bootp-lease-length 86400;
range dynamic-bootp 10.105.1.3 10.105.1.254;
next-server 10.1.1.1;
option domain-name-servers 10.1.1.1;
allow members of "cpe";
deny members of "cm";
deny members of "mta";
}
}
}
#The hosts start here in this file.
include "/etc/dhcpd.include";
I used the dhcp.conf file you put in there with the exception on the "ption" typo and it gives the same result. Your idea makes sense to me though. Believe it or not, I'm really pretty good at this stuff. It's just that sometimes your eyes get crossed and you need a second set of eyes. I have my paypal account ready for when you find me a solution tough. :)
emkowale
I have no doubt, your very good at what you do, kind of have to be to tackle the ugly stepchild of the networking world, that is docsis :D
One thing I noticed is missing from the dhcp.conf file is,
filename "ModemConfig.bin";
option bootfile-name "ModemConfig.bin";
you state the modem configs are defined further down, are these lines what you mean? If not could you post what you have there please?
I assume you mean this info is attached to each host entry?
I would reccomend doing it like this
group ServiceLevel {
filename "ServiceLevel.bin";
option bootfile-name "ServiceLevel.bin";
}
then in your host Declaration you do
host something {
hardware-address xx:xx:xx:xx:xx:xx;
group ServiceLevel;
}
makes it easier to make changes in the future, cuz you only have to change it one place instead of multiple.
Anyways, assuming that is right lets try the simple stuff.....
1. Can you use a TFTP client from a PC to tftp the files in question, preferably with a 10.x.x.x IP
in linux
tftp
connect 10.1.1.1
GET ModemConfig.bin
In windows
tftp -i 10.1.1.1 GET ModemConfig.bin
2. When the modem is in init(o) can you ping it from the tftp server? From the CMTS? Should be able to ping it from both.
3. Are permissions, filepath etc correct on include "/etc/dhcpd.include"; ?
I have found that most TFTP problems are routing issues, so double, triple check your routing on this CMTS.....
let me know how we are doing....