arris modems mta files and cisco cnr | docsis.org

You are here

arris modems mta files and cisco cnr

30 posts / 0 new
Last post
vanc3848
arris modems mta files and cisco cnr

We are using cisco cnr version 7 and have always used inneoquest compbination ta's and cable modems. We have gotten a batch of arris modems and our phone provider says we need to point them to there provisioning server use option 122 in the dhcp server.

I have added option 122 with the provisioning server ip address but the modems do not seem to take it. does anyone have a simple .cm policy file for arris modems I can see and has anyone used cisco's cnr to deploy arris modems and if so are you assigning the provisioning server attribute in the policy that the modem gets its private address or in the policy that hands out public address to clients. In the past the inneoquest modems grab a public ip address and that and that shows up assigned to the mta mac. I can get the arris modems to come online but their mta mac address does not request a public address. I am sure this is some simple setup issue. the telephone vendor says its simple but they don't know how to do it either.

kwesibrunee
First a few questions With

First a few questions

With the Arris modems are you using SIP or Packetcable (MGCP)? If your using SIP you have to upgrade/change the firmware on the modem before the MTA will try and come online.

does each modem have a fqdn name? Arris modems will not proceed to the MTA provisioning unless the modem has a fqdn

I would also reccomend calling Arris tech support, number on their website, they are generally very helpful and can show you all the little things to do to get their products working.

vanc3848
ansers and more questions

Yes its SIP and no they do not have fqdn's Any example Cisco CNR setups out there?

kwesibrunee
I don't have a sample but to

I don't have a sample but to add a FQDN to cisco cnr is trivial.....

if you are using the gui

on the client in question set the domain name to your domain and set the hostname to @use-macaddress

if you use the cli you can do the same thing though the syntax escapes me at the moment should be available online.

now when that client requests a lease it will give it the hostname and domain-name options which make up the FQDN.

do this for the modem and the MTA and you should be one step closer to getting them working.

vanc3848
thanks

the fqdn is simple enough, but its the option 122 and the provisioning server information that I am having trouble with. We have some intigrated innioquest modems and the modem portion comes online and than I see the mta-mac address get a public ip and then the phone works. The arris modem will come online but the mta-mac never hits the dhcp server for its public address. I am assuming this is where i need the option 122 and specific information to get it to try and light the mta. THe telephony vendor has provided me with the ip address of their provisioning server for it to download its telephony config, but I am pretty sure it needs the mta-mac online before that will work. I am afraid I don't really understand this process so I am not sure if I am asking the correct questions even.

kwesibrunee
there are a few steps to get

there are a few steps to get what you want done.

Please see my post Here this is dhcpd specific but the modem parts are relevant.

I would recommend getting in touch with Arris support, for several reasons, first to get their packetAce software makes working with configs for Arris modems and MTAs very Easy, also to get access to the newest SIP firmware they update every month or so and they inform you of updates, and lastly the arris modems have pretty decent troubleshooting tools for MTAs , but you may need Arris' help deciphering them.

1. First you need the Arris Modems to have the SIP firmware, they come with MGCP firmware from Arris you need to upgrade them before you can get any further. Firmware availble from Arris

2. Your modem config file needs the following snmp mib added to it

SnmpMibObject enterprises.4115.1.3.3.1.2.3.6.0 Integer 9 ;
this tells a SIP modem that it should use the GUPI method for provisioning which requests an MTA file in the form of mac_address_of_mta.bin and tells it to go ahead and DHCP.

3. DHCP wise you need the following options
a. for the modem you need option 122.1 MTA DHCP server and optionally 122.2 backup MTA DHCP server
b. for the MTA you need option 122.3 MTA provisiong Server and option 122.6 Kerberos Realm name this needs to the string "BASIC 1" (in DHCPd this needs to be in lv (length/value) so "BASIC 1" becomes "\005BASIC\0011\000" not sure if same is true of CNR) at a bare minimum. Additionally the MTA needs a fqdn or it will never accept a dhcp OFFER.

This should give you somewhere to go to get to the point where the MTA will come online.... let me know how it goes

vanc3848
thank you

that is great info and what I was looking for. I am currently struggling with arris to get a support id so I can get the files I need and then I will try and apply the info you provided. That was exactly what I was looking for.

vanc3848
almost have it need final push

I have the SIP firmware on the arris modem and it is requesting an address the CNR is assigning an address but the modem is not taking it.

It may be that the mta does not have an FQDN, i am giving the modem an FQDN in the cnr, but this may not be being sent to the mta. does anyone know how to do this in the cnr?

kwesibrunee
Lets find out what options

Lets find out what options are being sent to the MTA

navigate to the Webpage of the Arris Modem

Click on Advanced

Input the password of the day (determined with Arris PacketAce under tools)
if you don't have access to it here are the next 7 days of passwords

Date : Password of the Day
-----------------------------
08/28/09: 7TJ6Z6HJGY
08/29/09: 45036F3RRL
08/30/09: 4R5REOCJSJ
08/31/09: NUBBQWVQKL
09/01/09: I6HBPEY96J
09/02/09: NFP6UR8YO8
09/03/09: W776Z97SO9
09/04/09: 64Y3M53L2B

click on the DHCP tab

scroll to the bottom of the page and click on the MTA-DHCP link under DHCP Logs

you should have several entries on this page

Take a look at the top most purple section (purple sections are dhcp responses, the white sections are dhcp requests)

The MTA should be getting these Options with slightly different values of course

MTA_DHCP LOG 1
2009-8-27,10:53:12.0
Message Type (BOOTREQUEST=1, BOOTREPLY=2): 2
Hardware Address Type: 1
Hardware Address Length: 6
Hops: 0
Transaction ID: 2192
Seconds Elapsed: 0
Bootp Flags: 0
ciaddr: 10.1.111.231
yiaddr: 10.1.111.231
siaddr: 66.218.224.40
giaddr: 0.0.0.0
chaddr: 00.15.a2.04.73.1c
Host Name:
Filename:
Optional Parameters field (options) =
Option 53 (TLV): 35 01 05 (DHCP_ACK)
Option 54 (TLV): 36 04 42dae028
Option 51 (TLV): 33 04 00005460
Option 12 (TLV): 0c 12 6e6834393461383064333039353163333638
Option 15 (TLV): 0f 0f 6d74612e6361626c656d6f2e6e6574
Option 01 (TLV): 01 04 ffff8000
Option 03 (TLV): 03 04 0a010001
Option 02 (TLV): 02 04 ffffb9b0
Option 06 (TLV): 06 08 42daf50d42daf50a
Option 07 (TLV): 07 04 42dae028
Option 122 (TLV): 7a 25
Option 122 SubOption 01 (TLV): 01 04 42dae028
Option 122 SubOption 03 (TLV): 03 12 00036d7461076361626c656d6f036e657400

if your missing any of these options you need to adjust the appropriate policy in the CNR to give it the option, you might need to look up the dhcp option number to match it to what Cisco calls it, this can be found in the DHCP rfc.

Repeat until the options in your dhcp respone match the ones listed here.

you should be getting an IP properly at this point.

Let me know if you have any further trouble.....

Thanks,
Jason

vanc3848
her is a a log snippet

MTA_DHCP LOG 13
2009-8-31,18:19:19.0
Message Type (BOOTREQUEST=1, BOOTREPLY=2): 1
Hardware Address Type: 1
Hardware Address Length: 6
Hops: 0
Transaction ID: 89748912
Seconds Elapsed: 0
Bootp Flags: 0
ciaddr: 0.0.0.0
yiaddr: 0.0.0.0
siaddr: 0.0.0.0
giaddr: 0.0.0.0
chaddr: 00.15.cf.c6.c8.50
Host Name:
Filename:
Optional Parameters field (options) =
Option 53 (TLV): 35 01 01 (DHCP_DISCOVER)
Option 57 (TLV): 39 02 03d8
Option 43 (TLV): 2b 66 0204454d5441040f393641424e5334353734313231383405023034
060c362e312e363741542e534950070530362e323308030015cf0906544d363032470a194172
72697320496e7465726163746976652c204c2e4c2e432e1f060015cfc6c8502004000002a7
Option 60 (TLV): 3c 38 706b7463312e353a30353136303130313031303230313032303930
3130313043303130303044303130313130303130393132303230303037
Option 55 (TLV): 37 08 0c0f01030206077a
Option 61 (TLV): 3d 07 010015cfc6c850

kwesibrunee
thats the boot request i.e.

thats the boot request i.e. what the modem is sending to the DHCP server

Message Type (BOOTREQUEST=1, BOOTREPLY=2): 1

What is the BOOTREPLY showing should be the purple section

vanc3848
that was the purple section

That is the purple section, at present there are 17 alternating purple and white sections. they all say the same thing. there is no reply.

the server log shows the request and shows the reply and the debug mode on the modem shows it gets a reply it is just having trouble with option 12. which i tagged on to my last post. I am totally stumped.

kwesibrunee
okay then there should be a

okay then there should be a little bit of difference between the purple and white sections with regards to dhcp options however, lets start at the top

do you have CLI access to the CNR?

if so run the following commands and paste their output here insert mta mac address for [mac address]

client [mac address]

client-policy [mac address] listOptions

Then whatever policy you have assigned to the MTA

policy [policy name]

policy [policy name] listOptions

dending on how you have it setup may also need to do

scope-policy [scope MTA is in] listOptions

feel free to sanitize the output if need be.

vanc3848
info requested

here is the info from the cli. items to note are the mac is the cable modem mac not the mta mac. the mta's are using the public space that is shared with the general pc's. I don't put the mta's in as clients on the modems. for all i know that may be the problem here.

the policy that i enumerated is the policy that the mta is getting. I very much appreciate you taking the time to look at this stuff.

nrcmd> client 1,6,00:15:cf:c6:c8:4f
100 Ok
1,6,00:15:cf:c6:c8:4f:
action =
add-to-environment-dictionary =
authenticate-until =
client-class-name = upstream1
default-vpn =
domain-name = Headend
embedded-policy =
host-name = 0015cfc6c84f
over-limit-client-class-name =
override-vpn =
policy-name = arris-c4u4
selection-criteria =
unauthenticated-client-class-name =
user-defined =

nrcmd> client-policy 1,6,00:15:cf:c6:c8:4f listoptions
100 Ok

nrcmd> policy bundle2
100 Ok
BUNDLE2:
affinity-period =
allow-client-a-record-update = [default=disabled]
allow-dual-zone-dns-update = [default=disabled]
allow-lease-time-override = [default=disabled]
allow-non-temporary-addresses = [default=true]
allow-rapid-commit = [default=false]
allow-temporary-addresses = [default=true]
default-prefix-length = [default=64]
forward-dnsupdate =
forward-zone-name =
giaddr-as-server-id = [default=false]
grace-period = 5m
inhibit-all-renews = [default=false]
inhibit-renews-at-reboot = [default=false]
limitation-count =
offer-timeout = 2m
packet-file-name =
packet-server-name =
packet-siaddr =
permanent-leases = [default=disabled]
preferred-lifetime = [default=1w]
reconfigure = [default=allow]
reconfigure-via-relay = [default=false]
reverse-dnsupdate =
server-lease-time =
split-lease-times = [default=disabled]
unavailable-timeout = [default=24h]
use-client-id-for-reservations = [default=off]
v4-bootp-reply-options =
v4-reply-options =
v6-reply-options =
valid-lifetime = [default=2w]

nrcmd> policy bundle2 listoptions
100 Ok
15 domain-name (dhcp-config): stoweaccess.com
5 name-servers (dhcp-config): x.x.x.30,x.x.x.31
3 routers (dhcp-config): y.y.y.1
42 ntp-servers (dhcp-config): y.y.y.1
51 dhcp-lease-time (dhcp-config): 3d
2 time-offset (dhcp-config): -5h
7 log-servers (dhcp-config): 0.0.0.0
12 host-name (dhcp-config): @use-macaddress
6 domain-name-servers (dhcp-config): x.x.x.30,x.x.x.31

nrcmd> scope-policy customerpcs
100 Ok
scope-policy:customerpcs:
affinity-period =
allow-client-a-record-update = [default=disabled]
allow-dual-zone-dns-update = [default=disabled]
allow-lease-time-override = [default=disabled]
allow-non-temporary-addresses = [default=true]
allow-rapid-commit = [default=false]
allow-temporary-addresses = [default=true]
default-prefix-length = [default=64]
forward-dnsupdate =
forward-zone-name =
giaddr-as-server-id = [default=false]
grace-period = [default=5m]
inhibit-all-renews = [default=false]
inhibit-renews-at-reboot = [default=false]
limitation-count =
offer-timeout = [default=2m]
packet-file-name =
packet-server-name =
packet-siaddr =
permanent-leases = [default=disabled]
preferred-lifetime = [default=1w]
reconfigure = [default=allow]
reconfigure-via-relay = [default=false]
reverse-dnsupdate =
server-lease-time =
split-lease-times = [default=disabled]
unavailable-timeout = [default=24h]
use-client-id-for-reservations = [default=off]
v4-bootp-reply-options =
v4-reply-options =
v6-reply-options =
valid-lifetime = [default=2w]

kwesibrunee
Well if you are not putting

Well if you are not putting the MTA Mac address in then that is surely at least the beginning of your problem. I am assuming you are authorizing all clients behind authorized modems, if this is the case you have a few options.

1. Configure the system_default_policy (or whatever policy you use for clients) to hand out all the required options for MTAs, downside is it will spit these options out to all clients, but should not be a problem unless you have different IP space/settings for MTAs and clients.

2. Add the macs for the MTAs into the cnr as clients and create a policy with the appropriate options, downside is you have to build all the MTAs into your provisioning system

3. create a MTA policy with appropriate options and Use CNRs extension mechanism to determine if a client is an MTA (basically check option 60 for the string pktc1. or pktc2.) and dynamically assign the appropriate policy. Been a while since I wrote an extension for CNR but should be pretty straight forward. Disadvantage, would be that dhcprequests could take a tiny bit longer to process depending on how well coded your dhcp extension was.

4. if you indeed have cnr blanket authing all clients behind authorized modems, another more complex option would be to create a separate subnet for Arris modems (using tags to differentiate) and create a secondary scope to that modem scope for MTAs with the appropriate options specified in the scope-policy for MTAs

5. Arris modems have a proprietary provisioning method called single mac address, where it combines the Modem and MTA dhcp requests into one transaction, I have not used it but it may also be an option. (this requires some snmp settings in the modem config file, as well as the MTA config settings also in the modem config file PacketAce would be recommended for this one for sure, it even has a template with the starter options to get you started)

vanc3848
option 1

I tried option1, which is fine for us since all modems are registered modems, The mta does not take an ip address and that is where I am stumped. I may not be giving the modems the right options and in fact the modem is returning this line which to me is the stumper: PK DHCP: processReplyMsg(): Mandatory option 12.-1 not found (type=1794)

I have option 12 in my profile and its value is @use-macaddress. the cnr does see the dhcp reequest and allocates the public ip which the cmts puts in its mac table but the mta won't complete.

Can you give me the list of options I should have to make it work? Again thanks for the info arris tech support has decided its a cnr issue they they have stepped out of the problem. i see the requests and the replies in the logs. the only thing I have to go on is the modem's one error message that a mandatory option was not found.

I like the idea of your option #2, but if i add a selection tag to the scope that I use for customer devices then won't I have to account for customer PC's as well in the client list? I also think that I should be able to make option 1 work anyways.

kwesibrunee
For option 1 --- We need to

For option 1 --- We need to troubleshoot this option because this is not working

paste the output of the following from the cli

client-policy default listOptions

policy [system_default_policy or whatever policy your using] listOptions

scope-policy [name of scope the MTA is trying to pull an IP from] listOptions

the combination of the these three policies is what gets sent to each mta

you should have at a minimum these options

These options are mandatory for MTAs
option 1 subnet-mask
option 2 time-offset
option 3 routers
option 4 time-servers
option 6 dns-servers
option 7 log-servers
option 12 hostname
option 15 domain-name
option 122.3 For SIP modems this is the sser/switch they should be registering at
option 122.6 Should be the string BASIC.1

The Modem wants these options
option 1 subnet-mask
option 2 time-offset
option 3 routers
option 4 time-servers
option 7 log-servers
option 122.1 DHCP server for MTAs
option 122.2 Backup DHCP server for MTAs (optional)

if you were to use option 2 you would assigning a policy to each MTA i.e. ArrisMta with the above mentioned options sans routers and subnet, these should be set on the scope itself with a scope-policy [scopename] setOption routers [router] you don't need to tag each MTA indivually unless you need to assign a separate subnet for MTAS.

vanc3848
i think I found the problem, but it doesn't make sense

I have attached the output from the cli, and I know I am not passing option 122.3 or 122.6, but I am passing option 12. However I have a wireshark output of the dhcp request and offer from the mta and the offer does not have option 12. This is where I am stumped. I must either have some sort of configuration issue or a bug.

No. Time Source Destination Protocol Info
200 0.000763 z.z.z.162 x.x.x.1 DHCP DHCP Offer - Transaction ID 0x534f83c

Frame 200 (350 bytes on wire, 350 bytes captured)
Arrival Time: Sep 2, 2009 16:02:22.203979000
[Time delta from previous captured frame: 0.000763000 seconds]
[Time delta from previous displayed frame: 0.000763000 seconds]
[Time since reference or first frame: 69.950469000 seconds]
Frame Number: 200
Frame Length: 350 bytes
Capture Length: 350 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Dell_cd:86:fe (00:1c:23:cd:86:fe), Dst: HewlettP_49:d0:c0 (00:12:79:49:d0:c0)
Destination: HewlettP_49:d0:c0 (00:12:79:49:d0:c0)
Address: HewlettP_49:d0:c0 (00:12:79:49:d0:c0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Dell_cd:86:fe (00:1c:23:cd:86:fe)
Address: Dell_cd:86:fe (00:1c:23:cd:86:fe)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: z.z.z.162 (z.z.z.162), Dst: x.x.x.1 (x.x.x.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 336
Identification: 0x372a (14122)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x2387 [correct]
[Good: True]
[Bad : False]
Source: z.z.z.162 (z.z.z.162)
Destination: x.x.x.1 (x.x.x.1)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)
Source port: bootps (67)
Destination port: bootps (67)
Length: 316
Checksum: 0xd542 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Bootstrap Protocol
Message type: Boot Reply (2)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0x0534f83c
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: x.x.x.21 (x.x.x.21)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: x.x.x.1 (x.x.x.1)
Client MAC address: ArrisInt_c6:c8:50 (00:15:cf:c6:c8:50) <<<<<<<<<<<<<
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Offer
Option: (53) DHCP Message Type
Length: 1
Value: 02
Option: (t=54,l=4) Server Identifier = z.z.z.z
Option: (54) Server Identifier
Length: 4
Value: 411358A2
Option: (t=51,l=4) IP Address Lease Time = 3 days
Option: (51) IP Address Lease Time
Length: 4
Value: 0003F480
Option: (t=1,l=4) Subnet Mask = 255.255.252.0
Option: (1) Subnet Mask
Length: 4
Value: FFFFFC00
Option: (t=15,l=15) Domain Name = "blahblah.com"
Option: (15) Domain Name
Length: 15
Value: 73746F77656163636573732E636F6D
Option: (t=3,l=4) Router = y.y.y.1
Option: (3) Router
Length: 4
Value: 45360001
Option: (t=2,l=4) Time Offset = -5 hours
Option: (2) Time Offset
Length: 4
Value: FFFFB9B0
Option: (t=6,l=8) Domain Name Server
Option: (6) Domain Name Server
Length: 8
Value: 4113441E4113441F
IP Address: x.x.x.30
IP Address: x.x.x.31
Option: (t=7,l=4) Log Server = 0.0.0.0
Option: (7) Log Server
Length: 4
Value: 00000000
End Option
Padding

302 Not Found - client-policy default

nrcmd> policy default listoptions
100 Ok
51 dhcp-lease-time (dhcp-config): 1w

nrcmd> policy bundle2 listoptions
100 Ok
15 domain-name (dhcp-config): stoweaccess.com
5 name-servers (dhcp-config): y.y.y.30 y.y.y.31
3 routers (dhcp-config): x.x.x.1
42 ntp-servers (dhcp-config): x.x.x.1
51 dhcp-lease-time (dhcp-config): 3d
2 time-offset (dhcp-config): -5h
7 log-servers (dhcp-config): 0.0.0.0
12 host-name (dhcp-config): @use-macaddress
6 domain-name-servers (dhcp-config): y.y.y.30,y.y.y.31

nrcmd> scope-policy customerPCS
100 Ok
scope-policy:customerpcs:
affinity-period =
allow-client-a-record-update = [default=disabled]
allow-dual-zone-dns-update = [default=disabled]
allow-lease-time-override = [default=disabled]
allow-non-temporary-addresses = [default=true]
allow-rapid-commit = [default=false]
allow-temporary-addresses = [default=true]
default-prefix-length = [default=64]
forward-dnsupdate =
forward-zone-name =
giaddr-as-server-id = [default=false]
grace-period = [default=5m]
inhibit-all-renews = [default=false]
inhibit-renews-at-reboot = [default=false]
limitation-count =
offer-timeout = [default=2m]
packet-file-name =
packet-server-name =
packet-siaddr =
permanent-leases = [default=disabled]
preferred-lifetime = [default=1w]
reconfigure = [default=allow]
reconfigure-via-relay = [default=false]
reverse-dnsupdate =
server-lease-time =
split-lease-times = [default=disabled]
unavailable-timeout = [default=24h]
use-client-id-for-reservations = [default=off]
v4-bootp-reply-options =
v4-reply-options =
v6-reply-options =
valid-lifetime = [default=2w]

nrcmd> scope-policy customerPCS listoptions
100 Ok

kwesibrunee
The wire shark capture is

The wire shark capture is showing

option: (t=15,l=15) Domain Name = "blahblah.com"

but your cli output is showing

15 domain-name (dhcp-config): stoweaccess.com

they do not match, meaning this is not the policy that the MTA is being given, look thru your policies and find the one with blahblah.com in the domain name field and figure out why it is being given that policy instead of the one you are interested in.....

I also noticed that client-policy default was not found???? I am a little confused by this

do you have separate CNRS for modems and clients/MTAs or is it all in one? Do you put client entries in for each client/MTA or are they Authorized by default?

vanc3848
blahblah

oops i edited the output and replaced stoweaccess with blahblah, i just missed a place to sanitize the output. my default policy is empty and assigned to nothing.

my private space policy is for the modems and with client class processing enabled i then use other policy for each modem depending on the specific policy they need. the public space is not tied to any client class and is just handed out, but since they are behind a registered modem i don't worry about secuirty on that. I have actually opened up a tack case because the server is returning every option in the policy but host name and that makes no sense. hopefully cisco will figure it out. I will post what they tell me so everyone else can benefit too.

kwesibrunee
What is the setting for

What is the setting for hostname in the client-class? if you have it set to @use-macaddress there try not specifying it in the policy as well. I believe the way it works is if you specify it in the policy it overwrites the client-class one and the string @use-macaddress is not a valid hostname @ is an illegal char. Which would be why that is not being passed on to the MTA.

vanc3848
host-name

the setting for the cable modem policy is @use-macaddress and that works the arris says according to the manual the string @use-macaddress is supposed to put an x in front of the mac address and send that to the client.

You can specify the hostname that each client should adopt, using the Hostname (host-name) attribute of the client-class. This can be an absolute, valid DNS value to override the one included in the DHCP client request, or can be any of these:
•@host-name-option—The server uses whatever hostname option the client sent.
•@no-host-name-option—The server ignores the hostname that the client sends. If DNS name generation is in effect, the server uses a generated name, if set up as such for dynamic DNS updating.
•@use-macaddress—The server synthesizes a hostname from the client MAC address, hyphenates the octets, then adds an x at the front. For example, if a client MAC address is 1,6:00:d0:ba:d3:bd:3b, the synthesized hostname would be x1-6-00-d0-ba-d3-bd-3b.

that is from the manual. I am waiting to see what cisco says. hopefully they will have an answer.

vanc3848
I got it!!!

turns out according to cisco you cannot add option 12 to a policy it won't work. if you add a default client (called default) you can give it the @use-macaddress setting in the hostname line. Now the modem has taken the option 12, but does not seem to want to take the option 122.3 that is has blank nor does it show it taken 122.6 but I do show they were passed. so its more to work on, but at least its taking an address now.

MTA_DHCP LOG 2
2009-9-8,18:49:16.0
Message Type (BOOTREQUEST=1, BOOTREPLY=2): 2
Hardware Address Type: 1
Hardware Address Length: 6
Hops: 0
Transaction ID: 544361620
Seconds Elapsed: 0
Bootp Flags: 0
ciaddr: 0.0.0.0
yiaddr: y.z.0.21
siaddr: 0.0.0.0
giaddr: y.z.0.1
chaddr: 00.15.cf.c6.c8.50
Host Name:
Filename:
Optional Parameters field (options) =
Option 53 (TLV): 35 01 05 (DHCP_ACK)
Option 54 (TLV): 36 04 411358a2
Option 51 (TLV): 33 04 0003f480
Option 01 (TLV): 01 04 fffffc00
Option 05 (TLV): 05 08 4113441e4113441f
Option 15 (TLV): 0f 0f 73746f77656163636573732e636f6d
Option 03 (TLV): 03 04 45360001
Option 02 (TLV): 02 04 ffffb9b0
Option 06 (TLV): 06 08 4113441e4113441f
Option 07 (TLV): 07 04 00000000
Option 122 (TLV): 7a 12
Option 122 SubOption 03 (TLV): 03 05 0142fa7051
Option 122 SubOption 06 (TLV): 06 09 074241534943203100
Option 12 (TLV): 0c 16 78312d362d30302d31352d63662d63362d63382d3530

MTA FQDN x1-6-00-15-cf-c6-c8-50.stoweaccess.com DHCP - MTA IP Time Remaining
MTA IP Addr y.z.0.21/22 Lease: 3.0 days (258710 seconds)
Rebind: 2.6 days (226363 seconds)
MTA IP Gateway y.z.0.1 Renew: 1.5 days (129324 seconds)
MTA Boot file tftp://[0.0.0.0]/0015cfc6c850.bin

MTA DHCP OPTION 6:
Service Provider Network Primary DNS x.x.x.x
Service Provider Network Secondary DNS x.x.x.x

MTA PACKETCABLE OPTIONS:
SubOption Type 122
SubOption 3 Service Provider's SNMP Entity [0.0.0.0]
SubOption 6 Kerberos Realm Realm (FQDN)
SubOption 7 Authorization method (MTA should get TGT) FALSE
SubOption 8 Provisioning timer (minutes) 10
SubOption 9 Security Ticket Invalidation 0

vanc3848
what is your provisioning methat in your policy file

The policy file that I send to the mta has an snmp variable for the provisioning method. it is currently set to GupiMacMTA. what is yours set to?

kwesibrunee
The Same

The Same

vanc3848
this is what arris says now

Does this make any sense , i have been passing our snmp entitity or provisioning server as an ip address of x.x.x.x now they say it will only work as an fqdn this is there response. I cannot enter option 122.3 into cnr as an fqdn it only takes ip address.

Upon digging into the Packetcable specifications you have to have 122.3 in an FQDN format. I would suggest we set up a conference call with CISCO CNR support and perhaps work this in parallel to provide you with support.

8.1.2 Service Provider's Provisioning Entity Address (sub-option 3)

The Service Provider's Provisioning Entity Address is the network address of the provisioning server for a given voice service provider's network administrative domain.
The encoding of this sub-option is defined in [31]. This address MUST be configured as an FQDN only.
An FQDN value of 0.0.0.0 in suboption 3 of a valid MTA DHCP OFFER/ACK specifies that the MTA MUST
shutdown and not try to provision unless it is reinitialized by the CM. This is explained in step MTA2 of the provisioning flow process of Section 7.2. The Service Provider's Provisioning Entity Address component MUST be capable of accepting SNMP traps. Suboption 3 MUST be included in the DHCP OFFER to the MTA.

vanc3848
i think I found the answer

you have to put the provisioning server in the packet-siaddr field in the policy for the modem to know where to tftp its mta config file from. it does not actually use the ip address specified in option 122.3 if you don't specifiy it then it only tried to contact 0.0.0.0 for the file. This may be because our provisioning server is not on our network but provided by a third party. It also means that I am handing out this si-address to every client PC, but since they are probably not requesting it it shouldn't matter. So if anyone has arris modems and is using cisco's CNR and an external voip provider and can't figure out how to get them online I should be able to fill in some of the blanks.

vanc3848
I also get this from the arris modem

PK DB: MTA IP address is 0.0.0.0
PK DHCP: waitResponse(): Received response, verifying...
PK DHCP: processReplyMsg(): Mandatory option 12.-1 not found (type=1794)
PK DHCP: waitResponse(): handler ignored message
PK DHCP: msgQWait(): timeout
PK DHCP: waitResponse(): pk_dhcp_msgQWait() timeout
PK DHCP: waitResponse(): no acceptable response, returning to same state
PK DHCP: waitResponseRetry(): Attempt 3, timeout 6400
PK DHCP: waitResponse(): Sending DHCP REQUEST
PK DB: MTA IP address is 0.0.0.0
PK DHCP: waitResponse(): Received response, verifying...
PK DHCP: processReplyMsg(): Mandatory option 12.-1 not found (type=1794)

It just cycles through this error, I have option 12 in my client policy tied to the scope so I don't know what gives.

heyya
kwesibrunee, could you

kwesibrunee, could you please post passwords of the day for some following days? We have some trouble with SIP and message "MTA failConfigFileError" in the Status window on the emta's web interface and would like to know what's wrong.

Thanks!

EOL-tbowser
Success with CNR 6.2 and Arris EMTA TM502G

Placeholder for details, but the nutshell would be:

cpe-default-policy should have the following:

Option 2: Time Offset (-4h)
Option 15: Domain Name (yaddayadda.net)
Option 122:
Suboption 1 Primary DHCP Server (xx.xx.xx.69)
Suboption 6 Kerberos Realm (BASIC.1)
Option 7: Log Server (xx.xx.xx.85)

Packet-file-name: 0015a2xxxxxx.bin
Packet-siaddr: xx.xx.xx.69

Still beating on this in the dark, but I *think* the packet-file-name can be omitted, since the EMTA knows via the gupiMacMta SNMP entries in the .CM file to look for a MAC-matching .BIN file on the TFTP server.

Gentlemen, thank you for the insights!

Tim B.

Log in or register to post comments